[PLUG] asking advice on secure texting application

Mike C. mconnors1 at gmail.com
Fri Dec 27 20:33:34 UTC 2019


"He encouraged me to be less judgemental about the broad diversity of messaging
applications. Look for it!"

Are you and him saying there aren't significant enough differences between
apps and that researchers and the public are mostly splitting hairs over
preferred features?

My 2 biggest frustrations can really be applied to most any piece of
software.

1. Lack of true interoperability and vender / platform lock-in.  It used to
be that I could login to Chrome at the library and use Cryptocat and then
Signal.

2. Feature bloat. A lightweight secure text app  with out any voice, video,
emoji garbage.

On Fri, Dec 27, 2019, 5:02 AM Russell Senior <russell at personaltelco.net>
wrote:

> https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10565.html
>
> On Fri, Dec 27, 2019 at 4:55 AM Russell Senior <russell at personaltelco.net>
> wrote:
>
> > Interesting talk by Will Scott at 36c3 a few minutes ago called "What's
> > left for private messaging?", which talks about a lot of the issues
> > regarding desired properties in messaging systems. I watched it live, but
> > it should be available to watch later at some point in the next few days.
> > He encouraged me to be less judgemental about the broad diversity of
> > messaging applications. Look for it!
> >
> > On Wed, Dec 25, 2019 at 10:47 PM Daniel Johnson <teknotus at gmail.com>
> > wrote:
> >
> >> My friend who works in tech security industry uses "Wire" to message me.
> >>
> >> On Wed, Dec 25, 2019, 10:36 AM Mike C. <mconnors1 at gmail.com> wrote:
> >>
> >> > On Sat, 16 Nov 2019 13:13, logical american wrote:
> >> > > I just recently found out that my Signal Messaging Application on my
> >> > > Apple Iphone has been compromised.
> >> >
> >> >
> >> > > Yikes!  Sorry I missed this earlier.  This is very concerning.
> Could
> >> you
> >> > > please elaborate?  How did you detect this?  What happened to the
> >> other
> >> > > apps when they were compromised?
> >> > >
> >> >
> >> > The OP was over a month ago now. Not sure how I missed it either as
> that
> >> > type of post always gets my attention.
> >> >
> >> > I'm also interested in more details. I'm a bit suspect of an actual
> >> > compromise of the Signal app itself as opposed to the device itself
> >> being
> >> > affected by malware.
> >> >
> >> >  A quick Google search on the topic resulted in one case of a
> >> > compromised non-official Signal app that was distributed via some
> Secure
> >> > Android web site and not via Google Play store.
> >> >
> >> > If you are interested in cryptography applications, then it is safe to
> >> > > assume you know about Bruce Schneier.  His Crypto-Gram mail list has
> >> been
> >> > > a source of value knowledge about just these types of issues over
> the
> >> > past
> >> > > 15 years.
> >> >
> >> >
> >> > Thank you for this. I just checked it out and he seems to cover the
> >> gambit.
> >> > I read a post about NordVPN being breached via leaked encryption keys,
> >> 20
> >> > MONTHS AGO and the
> >> > company just disclosed this to the public!
> >> >
> >> > And you also know that Signal is the standard; I'm not aware of any
> >> > > alternative product that is as good with the same feature profile.
> >> > >
> >> >
> >> > WhatsApp uses the same protocol as Signal but it's owned by Facebook
> >> now so
> >> > who knows what they're doing to it.
> >> >
> >> > Telegram has been highly criticized for its security flaws. It doesn't
> >> do
> >> > end-to-end encryption by default and it's really developed and
> marketed
> >> as
> >> > a more "secure" collaboration tool like Slack rather than a simple
> >> secure
> >> > text app.
> >> >
> >> > Threema is a pretty good option. Developed by Swiss company with the
> >> > benefit of the highly regarded Swiss privacy laws. The code isn't open
> >> > source but they do publish yearly public transparency reports
> >> >
> >> > Surespot is new to me but looks like it might be the best option. It's
> >> open
> >> > source and it seems to be a just a lightweight secure text app.
> >> > https://www.surespot.me/
> >> >
> >> > Happy Holidays!
> >> >
> >> > -- Mike
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > >
> >> > > I noticed a while ago you asked a similar question about secure
> >> e-mail.
> >> > > Did you find what you were looking for?
> >> > >
> >> > > --
> >> > > PRD
> >> > >
> >> > _______________________________________________
> >> > PLUG mailing list
> >> > PLUG at pdxlinux.org
> >> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >> >
> >> _______________________________________________
> >> PLUG mailing list
> >> PLUG at pdxlinux.org
> >> http://lists.pdxlinux.org/mailman/listinfo/plug
> >>
> >
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list