Discussion:
Can we remove the SMS feature completely?
(too old to reply)
Thejesh GN
2015-04-01 12:33:44 UTC
Permalink
Raw Message
Since the secure SMS option is removed. To reduce the confusion, can we
remove insecure SMS option too?

Also remove the ability to capture incoming SMS and storing it. This will
make it a clear that TextSecure is data based messaging App only and has
nothing to do with SMS.


This will help users who use TextSecure but don't follow any discussion
here or on GH


https://github.com/WhisperSystems/TextSecure/issues/2848


Thej
--
Thejesh GN *⏚* ಀೇಜೇಶ್ ಜಿ.ಎಚ್
http://thejeshgn.com
GPG ID : 0xBFFC8DD3C06DD6B0
Steffen Märcker
2015-04-01 12:36:50 UTC
Permalink
Raw Message
Don't! In my opinion integrating SMS/MMS functionality is one of TS's main
strength. I really don't want to bother with different messaging clients
for different protocols.

Best, Steffen
Post by Thejesh GN
Since the secure SMS option is removed. To reduce the confusion, can we
remove insecure SMS option too?
Also remove the ability to capture incoming SMS and storing it. This will
make it a clear that TextSecure is data based messaging App only and has
nothing to do with SMS.
This will help users who use TextSecure but don't follow any discussion
here or on GH
https://github.com/WhisperSystems/TextSecure/issues/2848
Thej
--
Thejesh GN *⏚* ತೇಜೇಶ್ ಜಿ.ಎನ್
http://thejeshgn.com
GPG ID : 0xBFFC8DD3C06DD6B0
David Niehues
2015-04-01 12:41:35 UTC
Permalink
Raw Message
Steffen is totally right! It's worse enough, that support for encrypted
sms was removes due to
compatability issues with ios and the caused user experience issues.

Having one app for sms and encrypted communication is a big plus of
TextSecure!
Don't! In my opinion integrating SMS/MMS functionality is one of TS's main strength. I
really don't want to bother with different messaging clients for
different protocols.
Best, Steffen
Post by Thejesh GN
Since the secure SMS option is removed. To reduce the confusion, can we
remove insecure SMS option too?
Also remove the ability to capture incoming SMS and storing it. This will
make it a clear that TextSecure is data based messaging App only and has
nothing to do with SMS.
This will help users who use TextSecure but don't follow any discussion
here or on GH
https://github.com/WhisperSystems/TextSecure/issues/2848
Thej
--
Thejesh GN *⏚* ತೇಜೇಶ್ ಜಿ.ಎನ್
http://thejeshgn.com
GPG ID : 0xBFFC8DD3C06DD6B0
Bryan Phelps
2015-04-01 13:11:58 UTC
Permalink
Raw Message
Agreed, keep sms support. I do think it needs to be more clear on when a message is encrypted and when it's not though. At times I hit send without knowing if it's going to use the encrypted data channel or plain text sms.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steffen is totally right! It's worse enough, that support for encrypted
sms was removes due to
compatability issues with ios and the caused user experience issues.
Having one app for sms and encrypted communication is a big plus of
TextSecure!
Post by Steffen Märcker
Don't! In my opinion integrating SMS/MMS functionality is one of TS's
main strength. I
really don't want to bother with different messaging clients for
different protocols.
Post by Steffen Märcker
Best, Steffen
Post by Thejesh GN
Since the secure SMS option is removed. To reduce the confusion, can
we
Post by Steffen Märcker
Post by Thejesh GN
remove insecure SMS option too?
Also remove the ability to capture incoming SMS and storing it. This
will
Post by Steffen Märcker
Post by Thejesh GN
make it a clear that TextSecure is data based messaging App only and
has
Post by Steffen Märcker
Post by Thejesh GN
nothing to do with SMS.
This will help users who use TextSecure but don't follow any
discussion
Post by Steffen Märcker
Post by Thejesh GN
here or on GH
https://github.com/WhisperSystems/TextSecure/issues/2848
Thej
--
Thejesh GN *⏚* ಀೇಜೇಶ್ ಜಿ.ಎಚ್
http://thejeshgn.com
GPG ID : 0xBFFC8DD3C06DD6B0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJVG+d/AAoJEIKREOBxQtaiKekIAI57GtcC8u5GAI6O7h1bQop6
xFw/oY3+lCzPcP4OIUl+YblsEwE/iyL+WDNIyTVW+O6hK2PDTzN16AcmV3C5emqD
aGhbowtyfcTZSPHNhRTuLhxMMYiUP7mNRsEBaEWBNXS094piZHDUX9kRV0lq8Ddr
aKw2eWLydgNXTVxOaUqsAKey7kOYwivHT4p5RLBhVKtbEAK2TrgpZFBG7Wi6q8AO
Od7P/LB7Ygh1llrOWghtljwPaWsbamAVLnIuE9Au9Vi7oklEfmqxU0ZwypDtKgWg
SUYlcQdveDN20t9xHxEtHZC0yAY+sapqZlFlwPllwlGDAVKbXeFSb/8FrzPuaTY=
=xeaq
-----END PGP SIGNATURE-----
--Bryan Phelps
ReggX
2015-04-01 12:42:43 UTC
Permalink
Raw Message
Strongly disagree.

I like Textsecure's ability to to send and, more importantly, receive sms
and store them in encrypted form.

All my TS contacts use data and all my normal contacts use sms. Splitting
them up would mean having to use multiple apps again, which is undesirable.
Matej Kovacic
2015-04-01 13:02:40 UTC
Permalink
Raw Message
Hi,
Post by ReggX
I like Textsecure's ability to to send and, more importantly, receive
sms and store them in encrypted form.
Storing SMS' in encrypted form is important feature, I agree.

However, how would that interfere with users who would like to use
SMSSecure or some other app for encrypted SMS'es?


Regards,

M.
ReggX
2015-04-01 13:09:28 UTC
Permalink
Raw Message
Sms functionality can already be disabled manually in the settings, if you
don't want to use it.
Post by Matej Kovacic
Hi,
Post by ReggX
I like Textsecure's ability to to send and, more importantly, receive
sms and store them in encrypted form.
Storing SMS' in encrypted form is important feature, I agree.
However, how would that interfere with users who would like to use
SMSSecure or some other app for encrypted SMS'es?
Regards,
M.
Moxie Marlinspike
2015-04-01 14:55:46 UTC
Permalink
Raw Message
Everyone can rest assured, we have no plans to do this. I'm pretty
committed to an integrated messenger.

- moxie
Post by Thejesh GN
Since the secure SMS option is removed. To reduce the confusion, can we
remove insecure SMS option too?
Also remove the ability to capture incoming SMS and storing it. This
will make it a clear that TextSecure is data based messaging App only
and has nothing to do with SMS.
This will help users who use TextSecure but don't follow any discussion
here or on GH
https://github.com/WhisperSystems/TextSecure/issues/2848
Thej
--
Thejesh GN *⏚* ತೇಜೇಶ್ ಜಿ.ಎನ್
http://thejeshgn.com
GPG ID : 0xBFFC8DD3C06DD6B0
--
http://www.thoughtcrime.org
David Gessel
2015-06-10 19:26:10 UTC
Permalink
Raw Message
Personally, I really think TextSecure should remove the SMS feature completely. There's a real security risk created because the app is promoted as a "secure" messenger, but there's no way to secure SMS.

Having mixed mode at least provided clues that there was secure and insecure messaging in the same app, and whether that sometimes confused people or not, it was an indicator that there was something going on and if you didn't understand what, ask.

Now you get effortless "secured" (aside from centralized metadata) over-the-top communication and, within the same app equally effortless insecure SMS, all under the xxxxSecure banner. That just seems misleading to me.

Part of the argument against SMS was that it was an obsolete protocol. But it is still the most popular, by far, and likely to remain so for the foreseeable future. It was really cool having a tool that made that communication medium secure. I got a lot of people to migrate to text secure just for that feature. It's been a serious pain in the ass to get them all to uninstall it and move to securecom, and I have no where near the penetration I used to. People are understandably wary after having been abandoned once. Plus, I have to share some of the concerns about Securecom - they seem to be creating a commercial service on WhisperSystem's work. I respect that they've made what I think is a far more justifiable decisions regarding SMS, but the commercial aspects worry me.

I took at face value claims that texting was dying in the 1st world, and only elected to point out from direct experience that TextSecure was abandoning the security of the people I work with in places like Iraq and Afghanistan, where I had direct data supporting the centrality of texting. I pointed out that most people in such places, even smart phone owners, don't have expensive data plans, but texting is free or cheap and comes with basic service, which most people do have. They do data on Wifi and voice/texting on the cellular network. It was argued that this is dying and that data plans are cheaper and driving out voice, an argument that seemed superficially plausible.

Turns out that was a little too trusting: kids text more than adults, more than they use over the top messaging, more on smartphones than feature phones. The claims of texting's demise appear premature.

http://techcrunch.com/2015/06/08/messaging-app-jott-is-blowing-up-among-junior-high-and-high-schoolers/

It'd be cool if one of the secure text forks embraced peer-to-peer or mesh messaging. I really like Serval, and it's gotten me out of some coms jams, but it isn't as easy or bullet proof to set up as SMSSecure. Graceful degrade to bluetooth or wifi direct would be kind of awesome.




-------- Original Message --------
Subject: Re: [whispersystems] Can we remove the SMS feature completely?
From: Moxie Marlinspike <***@thoughtcrime.org>
To: ***@lists.riseup.net
Date: Wed Apr 01 2015 17:55:46 GMT+0300 (Arabic Standard Time)
Post by Moxie Marlinspike
Everyone can rest assured, we have no plans to do this. I'm pretty
committed to an integrated messenger.
- moxie
Post by Thejesh GN
Since the secure SMS option is removed. To reduce the confusion, can we
remove insecure SMS option too?
Also remove the ability to capture incoming SMS and storing it. This
will make it a clear that TextSecure is data based messaging App only
and has nothing to do with SMS.
This will help users who use TextSecure but don't follow any discussion
here or on GH
https://github.com/WhisperSystems/TextSecure/issues/2848
Thej
--
Thejesh GN *⏚* ತೇಜೇಶ್ ಜಿ.ಎನ್
http://thejeshgn.com
GPG ID : 0xBFFC8DD3C06DD6B0
Johan Wevers
2015-06-10 21:50:00 UTC
Permalink
Raw Message
Post by David Gessel
Personally, I really think TextSecure should remove the SMS feature completely.
Yes, I agree. While Iiked the unified approach, now that they have
abandoned encrypted sms they should leave the space for other apps
Post by David Gessel
and move to securecom,
Securecom seems to be dead on development. SMSSecure also cloned
TextSecure and removed all push messaging. I think they are more
trustworthy, their repo at Github is also much more alive and they don't
try to hide that the code came from TextSecure like securecom does. It
will even coexist with TextSecure on the same device unlike securecom.
Post by David Gessel
and I have no where near the penetration I used to.
SMSSecure encrypted sms messages can be decrypted by Textsecure 2.6.4 or
lower.
--
Met vriendelijke groet,

Johan Wevers
Bryan
2015-06-10 22:14:22 UTC
Permalink
Raw Message
Personally I see where you're coming from, but I love having all my messages in a central location. If I get a secure message it's blue, otherwise it's green. The lock icon also identifies which is which. I'd hate to have to use two apps for messages. In fact, if textsecure stopped supporting sms all together I'd probably just drop it. I don't want a separate app that only a limited number of contacts use. I want everything in one place.

- --Bryan

On June 10, 2015 4:50:00 PM CDT, Johan Wevers <***@xs4all.nl> wrote:
| On 10-06-2015 21:26, David Gessel wrote:
|
| > Personally, I really think TextSecure should remove the SMS feature
| completely.
|
| Yes, I agree. While Iiked the unified approach, now that they have
| abandoned encrypted sms they should leave the space for other apps
|
| > and move to securecom,
|
| Securecom seems to be dead on development. SMSSecure also cloned
| TextSecure and removed all push messaging. I think they are more
| trustworthy, their repo at Github is also much more alive and they
| don't
| try to hide that the code came from TextSecure like securecom does. It
| will even coexist with TextSecure on the same device unlike securecom.
|
| > and I have no where near the penetration I used to.
|
| SMSSecure encrypted sms messages can be decrypted by Textsecure 2.6.4
| or
| lower.
|
| --
| Met vriendelijke groet,
|
| Johan Wevers
Alice Riot
2015-06-10 22:46:25 UTC
Permalink
Raw Message
Speaking from my experience in trying to get activists and other (usually) non
tech-savvy folks to secure their communications, I think it's generally harder
to sell someone on increasing the number of applications they need to use.

In my mind, the unified inbox for mobile messaging that TextSecure bring to
android is a big help in this regard - it's easy to explain to people (texts
are as normal, plus secure messaging for other TS users) and I think it enables
everyday users to evangelize the platform more.

I think how textsecure works now is a good balance: if you want to use
a different SMS app you can set a different default app - so if you want to put
in the effort to use a secure SMS app you can, and users for whom that is too
much friction will have a sane default.
--
~*~ alice ~*~
PGP fingerprint: 43D1 4BEF 39F7 4027 B02A DC4D 3D47 670F 4226 9A83
Steffen Märcker
2015-06-11 12:25:47 UTC
Permalink
Raw Message
I wholeheartedly agree. Serving as SMS client is one of the best and
unique features of TextSecure and _the_ selling point to convince other to
use it. Being "just another messenger" is exactly the reason why most of
my iOS friends didn't give Signal even a try.

2Ct, Steffen
Post by Alice Riot
Speaking from my experience in trying to get activists and other (usually) non
tech-savvy folks to secure their communications, I think it's generally harder
to sell someone on increasing the number of applications they need to use.
In my mind, the unified inbox for mobile messaging that TextSecure bring to
android is a big help in this regard - it's easy to explain to people (texts
are as normal, plus secure messaging for other TS users) and I think it enables
everyday users to evangelize the platform more.
I think how textsecure works now is a good balance: if you want to use
a different SMS app you can set a different default app - so if you want to put
in the effort to use a secure SMS app you can, and users for whom that is too
much friction will have a sane default.
m***@gmx.de
2015-06-11 13:04:46 UTC
Permalink
Raw Message
Post by Steffen Märcker
I wholeheartedly agree. Serving as SMS client is one of the best and
unique features of TextSecure and _the_ selling point to convince other
to use it. Being "just another messenger" is exactly the reason why most
of my iOS friends didn't give Signal even a try.
Couldn't have said it better.
Richard
2015-06-11 13:45:23 UTC
Permalink
Raw Message
Agreed! on the ground we have teams of non-technical users adopting TS
en-masse, and everyone is making it their default SMS client. I've found
it actually causes early adopters to become evangelists and help support
others to adopt it mostly because they are less and less comfortable
with receiving unencrypted comms, which is made all the more obvious by
the locked/unlocked icon. Instead of people asking "whats your number"
at meetings, their first question is "do you have TS or Signal?" lol!
Makes my job a lot easier :)
Post by m***@gmx.de
Post by Steffen Märcker
I wholeheartedly agree. Serving as SMS client is one of the best and
unique features of TextSecure and _the_ selling point to convince other
to use it. Being "just another messenger" is exactly the reason why most
of my iOS friends didn't give Signal even a try.
Couldn't have said it better.
TWfromSWD
2015-06-11 15:48:02 UTC
Permalink
Raw Message
I totally agree! I really like that I don't have to mess with other
Clients and can manage all my Messages in one App. I think, that is one
of many Advantages of TextSecure.
Post by m***@gmx.de
Post by Steffen Märcker
I wholeheartedly agree. Serving as SMS client is one of the best and
unique features of TextSecure and _the_ selling point to convince other
to use it. Being "just another messenger" is exactly the reason why most
of my iOS friends didn't give Signal even a try.
Couldn't have said it better.
Diogo
2015-06-21 18:53:46 UTC
Permalink
Raw Message
Hello,

I am not going to try to convince anyone about dropping or not SMS
feature. SMS is indeed a good feature since TS does disk encryption to
it on your personal phone.

The point to me is that when we deal with non-tech people, people who
don't care about encryption, the unencrypted follow-ups leaks your
conversation to whatever phone company.

One of the advantages of dropping SMS was a better handle of messages
when uninstalling TS. Nowadays, the same bug persists and sometimes,
this varies from user to user, even if both users are using TS, users
can leak conversation by SMS.

Please, some people have real concerns about it and need to be heard and
to have a serious conversation about this.

We are not trying to troll as some people over the list suggested. This
is not about if we like or not SMS feature.

Of course everybody would love it if it was reasonable. Since TS
dropped. We need a better solution. Maybe to have some constraints like:

- If you are talking through SMS channel, you should be able to reply
only over SMS.

- If you are talking through encrypted data channel, you should be able
to reply only over encrypted data channel.

That would avoid the unencrypted follow-ups and conversation leaks for now.

Once again, I would like to have a serious, non-troll, conversation
about it.

Thanks and keep up the good work.

Diogo
it WAS the advantage of textsecure, by removing the encrypted sms
feature they made me "mess" around with two apps.
having "secure" in its name, it implies that also the messages are
secure (also sms) which simply are not.
my personal opionion is, bring back the encrypted sms feature or drop
the sms feature completly.
but its only an opionion and i don't really care, i dropped textsecure
and switched to smssecure.
really happy they made a fork.
just my 2cts.
Post by TWfromSWD
I totally agree! I really like that I don't have to mess with other
Clients and can manage all my Messages in one App. I think, that is one
of many Advantages of TextSecure.
Post by m***@gmx.de
Post by Steffen Märcker
I wholeheartedly agree. Serving as SMS client is one of the best and
unique features of TextSecure and _the_ selling point to convince other
to use it. Being "just another messenger" is exactly the reason why most
of my iOS friends didn't give Signal even a try.
Couldn't have said it better.
Bryan
2015-06-21 21:54:21 UTC
Permalink
Raw Message
The issue with that is then users could have two separate threads going with the same contact. One via sms and one over the encrypted data channel. If you want to talk about confusing a user that would do it. One thread is only sms and one is encrypted data. Even I would often mistakenly use the unencrypted thread even though I prefer the encrypted channel whenever possible.

--Bryan

On June 21, 2015 1:53:46 PM CDT, Diogo <***@riseup.net> wrote:
| Hello,
|
| I am not going to try to convince anyone about dropping or not SMS
| feature. SMS is indeed a good feature since TS does disk encryption to
| it on your personal phone.
|
| The point to me is that when we deal with non-tech people, people who
| don't care about encryption, the unencrypted follow-ups leaks your
| conversation to whatever phone company.
|
| One of the advantages of dropping SMS was a better handle of messages
| when uninstalling TS. Nowadays, the same bug persists and sometimes,
| this varies from user to user, even if both users are using TS, users
| can leak conversation by SMS.
|
| Please, some people have real concerns about it and need to be heard
| and
| to have a serious conversation about this.
|
| We are not trying to troll as some people over the list suggested.
| This
| is not about if we like or not SMS feature.
|
| Of course everybody would love it if it was reasonable. Since TS
| dropped. We need a better solution. Maybe to have some constraints
| like:
|
| - If you are talking through SMS channel, you should be able to reply
| only over SMS.
|
| - If you are talking through encrypted data channel, you should be
| able
| to reply only over encrypted data channel.
|
| That would avoid the unencrypted follow-ups and conversation leaks for
| now.
|
| Once again, I would like to have a serious, non-troll, conversation
| about it.
|
| Thanks and keep up the good work.
|
| Diogo
|
|
| On 12-06-2015 06:53, ***@consistency.at wrote:
| > it WAS the advantage of textsecure, by removing the encrypted sms
| > feature they made me "mess" around with two apps.
| >
| > having "secure" in its name, it implies that also the messages are
| > secure (also sms) which simply are not.
| >
| > my personal opionion is, bring back the encrypted sms feature or
| drop
| > the sms feature completly.
| >
| > but its only an opionion and i don't really care, i dropped
| textsecure
| > and switched to smssecure.
| >
| > really happy they made a fork.
| >
| > just my 2cts.
| >
| >
| > On 11/06/2015 17:48, TWfromSWD wrote:
| >> I totally agree! I really like that I don't have to mess with other
| >> Clients and can manage all my Messages in one App. I think, that is
| one
| >> of many Advantages of TextSecure.
| >>
| >> Am 11.06.2015 um 15:04 schrieb ***@gmx.de:
| >>> On 11.06.2015 14:25, Steffen MÀrcker wrote:
| >>>> I wholeheartedly agree. Serving as SMS client is one of the best
| and
| >>>> unique features of TextSecure and _the_ selling point to convince
| other
| >>>> to use it. Being "just another messenger" is exactly the reason
| why most
| >>>> of my iOS friends didn't give Signal even a try.
| >>> Couldn't have said it better.
| >>>
| >>>
| >>
| >
| >
| >
| >
Diogo
2015-06-22 00:24:31 UTC
Permalink
Raw Message
Indeed, that is one of the problems of telegram. People often use
unencrypted thread and think they are 'safe'.

Still, have a one direction encrypted and on the opposite direction
unencrypted does *not* solve the problem.

I think the best way to avoid this is to have one thread and users have
to agree on using the same channel. This does not have to be necessarily
as difficult as otr. I could be much more simple.

Diogo
Post by Bryan
The issue with that is then users could have two separate threads going
with the same contact. One via sms and one over the encrypted data
channel. If you want to talk about confusing a user that would do it.
One thread is only sms and one is encrypted data. Even I would often
mistakenly use the unencrypted thread even though I prefer the encrypted
channel whenever possible.
--Bryan
Hello,
I am not going to try to convince anyone about dropping or not SMS
feature. SMS is indeed a good feature since TS does disk encryption to
it on your personal phone.
The point to me is that when we deal with non-tech people, people who
don't care about encryption, the unencrypted follow-ups leaks your
conversation to whatever phone company.
One of the advantages of dropping SMS was a better handle of messages
when uninstalling TS. Nowadays, the same bug persists and sometimes,
this varies from user to user, even if both users are using TS, users
can leak conversation by SMS.
Please, some people have real concerns about it and need to be heard and
to have a serious conversation about this.
We are not trying to troll as some people over the list suggested. This
is not about if we like or not SMS feature.
Of course everybody would love it if it was
reasonable. Since TS
- If you are talking through SMS channel, you should be able to reply
only over SMS.
- If you are talking through encrypted data channel, you should be able
to reply only over encrypted data channel.
That would avoid the unencrypted follow-ups and conversation leaks for now.
Once again, I would like to have a serious, non-troll, conversation
about it.
Thanks and keep up the good work.
Diogo
it WAS the advantage of textsecure, by removing the encrypted sms
feature they made me "mess" around with two apps.
having "secure" in its name, it implies that also the messages are
secure (also sms) which simply are not.
my personal opionion is, bring back the encrypted sms feature or drop
the sms feature completly.
but its only an opionion and i don't really care, i dropped textsecure
and switched to smssecure.
really happy they made a fork.
just my 2cts.
I totally agree! I really like that I don't have to mess with other
Clients and can manage all my Messages in one App. I think,
that is one
of many Advantages of TextSecure.
I wholeheartedly agree. Serving as SMS client is one
of the best and
unique features of TextSecure and _the_ selling
point to convince other
to use it. Being "just another messenger" is exactly
the reason why most
of my iOS friends didn't give Signal even a try.
Couldn't have said it better.
Matej Kovacic
2015-06-10 23:20:34 UTC
Permalink
Raw Message
Hi,
Post by Bryan
Personally I see where you're coming from, but I love having all
my messages in a central location. If I get a secure message it's
blue, otherwise it's green. The lock icon also identifies which is
which.
It is true. And if the other party is using TextSecure/Signal,
encrypted message will be sent automatically. So you do not need to
wonder which of your contacts have TextSecure and which does not.

Regards,

M.
- --
PGP Fingerprint: D241 F62F 8FB7 8E1B 1944 5D71 0A53 196C D360 BBE2
PGP Key:
http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x0A53196CD360BBE2
Loading...