A sad loss for security
Whisper systems wrote the very useful TextSecure app for Android. It had a great feature of encrypting text messages, a standard communication modality in much of the world and one I rely on often. I have previously suggested it is a good tool.
The last “update” removed the ability to establish new encrypted chats over SMS and, it appears, the next will remove the function entirely. For me, this change substantially reduces the utility of the app.
Reading their arguments for doing so, I find myself disagreeing with their justifications. I understand there was some complexity in establishing encrypted SMS, but frankly initiating a one-time key exchange was about as easy as encrypted communication gets. That iOS users can’t play along is pretty irrelevant: iOS isn’t exactly the platform for secure communications anyway, you carry iOS devices when you want to impress people with your brand awareness, not get things done. That people occasionally end up with a conversation that is half-encrypted seems annoying but hardly all that problematic. The person that uninstalled the app will try to send messages in the clear, not the person who is still running it and a partial session. I can see the annoyance, but not any security leak.
I think the final result is somewhat dangerous. The first incarnation used SMS as the starting point, and once a secure communications were established, if available, coms moved transparently to the data channel. If not, it stayed with SMS. As I work in a place where data service is frequently disabled, this was the most reliable non-voice communication protocol.
Now SMS is unencrypted and data-mode communication is encrypted. You have to remember which is which and that is dangerous.
If they don’t restore encrypted SMS functionality, I will switch back to the standard SMS app, which is insecure SMS only and so not confusing and use chat secure or xabber for encrypted data communications so the difference is clear. You’re probably going to run a jabber-based chat tool anyway chat secure’s Tor integration makes it a better choice for data-mode chat while text secure no longer does anything particularly useful over the default app for SMS-mode nor anything particularly unique for data mode.
Category: Cell phones • Security
- Recent Posts
- TB 128 is coming. Lock your doors and hide your wife.2024 September 04
- Goodbye, Tortuga.2024 April 25
- A one page home/new tab page with random pictures, time, and weather2024 April 11
- Putting ccache on a backed RAM disk to speed compiles2024 March 16
- Audio File Analysis With Sox2024 February 07
- Manually Update Time Zone Data on Android 102023 October 31
- Autodictating to self using Whisper to preserve privacy2023 August 17
- Projecting Qubit Realizations to the Cryptopocalpyse Date2023 August 04
- AI PSYOPS are changing strategic messaging2023 July 29
- Convert A Slideshow/Presentation into HTML 5 Video2023 July 23
- Categories
- Links
- Search
- Archives
- Post History