[PLUG] asking advice on secure texting application
Russell Senior
russell at personaltelco.net
Fri Dec 27 13:02:12 UTC 2019
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10565.html
On Fri, Dec 27, 2019 at 4:55 AM Russell Senior <russell at personaltelco.net>
wrote:
> Interesting talk by Will Scott at 36c3 a few minutes ago called "What's
> left for private messaging?", which talks about a lot of the issues
> regarding desired properties in messaging systems. I watched it live, but
> it should be available to watch later at some point in the next few days.
> He encouraged me to be less judgemental about the broad diversity of
> messaging applications. Look for it!
>
> On Wed, Dec 25, 2019 at 10:47 PM Daniel Johnson <teknotus at gmail.com>
> wrote:
>
>> My friend who works in tech security industry uses "Wire" to message me.
>>
>> On Wed, Dec 25, 2019, 10:36 AM Mike C. <mconnors1 at gmail.com> wrote:
>>
>> > On Sat, 16 Nov 2019 13:13, logical american wrote:
>> > > I just recently found out that my Signal Messaging Application on my
>> > > Apple Iphone has been compromised.
>> >
>> >
>> > > Yikes! Sorry I missed this earlier. This is very concerning. Could
>> you
>> > > please elaborate? How did you detect this? What happened to the
>> other
>> > > apps when they were compromised?
>> > >
>> >
>> > The OP was over a month ago now. Not sure how I missed it either as that
>> > type of post always gets my attention.
>> >
>> > I'm also interested in more details. I'm a bit suspect of an actual
>> > compromise of the Signal app itself as opposed to the device itself
>> being
>> > affected by malware.
>> >
>> > A quick Google search on the topic resulted in one case of a
>> > compromised non-official Signal app that was distributed via some Secure
>> > Android web site and not via Google Play store.
>> >
>> > If you are interested in cryptography applications, then it is safe to
>> > > assume you know about Bruce Schneier. His Crypto-Gram mail list has
>> been
>> > > a source of value knowledge about just these types of issues over the
>> > past
>> > > 15 years.
>> >
>> >
>> > Thank you for this. I just checked it out and he seems to cover the
>> gambit.
>> > I read a post about NordVPN being breached via leaked encryption keys,
>> 20
>> > MONTHS AGO and the
>> > company just disclosed this to the public!
>> >
>> > And you also know that Signal is the standard; I'm not aware of any
>> > > alternative product that is as good with the same feature profile.
>> > >
>> >
>> > WhatsApp uses the same protocol as Signal but it's owned by Facebook
>> now so
>> > who knows what they're doing to it.
>> >
>> > Telegram has been highly criticized for its security flaws. It doesn't
>> do
>> > end-to-end encryption by default and it's really developed and marketed
>> as
>> > a more "secure" collaboration tool like Slack rather than a simple
>> secure
>> > text app.
>> >
>> > Threema is a pretty good option. Developed by Swiss company with the
>> > benefit of the highly regarded Swiss privacy laws. The code isn't open
>> > source but they do publish yearly public transparency reports
>> >
>> > Surespot is new to me but looks like it might be the best option. It's
>> open
>> > source and it seems to be a just a lightweight secure text app.
>> > https://www.surespot.me/
>> >
>> > Happy Holidays!
>> >
>> > -- Mike
>> >
>> >
>> >
>> >
>> >
>> > >
>> > > I noticed a while ago you asked a similar question about secure
>> e-mail.
>> > > Did you find what you were looking for?
>> > >
>> > > --
>> > > PRD
>> > >
>> > _______________________________________________
>> > PLUG mailing list
>> > PLUG at pdxlinux.org
>> > http://lists.pdxlinux.org/mailman/listinfo/plug
>> >
>> _______________________________________________
>> PLUG mailing list
>> PLUG at pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
>
More information about the PLUG
mailing list