Secure SMS - Steve Saunders Goldwing Forums

 2Likes
  • 1 Post By AZgl1800
  • 1 Post By Rudy
 
LinkBack Thread Tools
post #1 of 8 (permalink) Old 02-17-2019, 05:06 PM Thread Starter
Keeper of the Bookmarks / Moderator
 
AZgl1800's Avatar
 
Join Date: Oct 2006
Location: Oologah, Indian Territory, USA...
Year: 2002
Make: Honda
Model: GL1800 Hot Rod Yellow
Posts: 56,618
Garage
Secure SMS

Check into Threema, it was suggested to me by Rudy


https://threema.ch/en


https://threema.ch/en/faq


If you already has a friend's ph# in your contact list, once you are verified, it will show that friend has Threema.

~ John
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


What is the Forum Index?

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


Download it here:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
AZgl1800 is online now  
Sponsored Links
Advertisement
 
post #2 of 8 (permalink) Old 02-18-2019, 05:49 AM
Monkey with a Football
 
Rudy's Avatar
 
Join Date: May 2005
Location: With VPN, anywhere
Model: Linux, Firewalls & VPNs
Posts: 19,229
Garage
Yep, been using it for years.
It's great to have truly free speech again.
I know a lot of people use Signal but I prefer to avoid the mainstream products assuming the non-mainstream products are verified secure and don't attract as much attention from those who would try to circumvent it.
Just remember, to be truly secure, BOTH ends should delete message history after controversial chats.

Rudy

“...and the rabid dog they gave me
wasn't too much fun”
Rudy is offline  
post #3 of 8 (permalink) Old 02-18-2019, 10:19 AM Thread Starter
Keeper of the Bookmarks / Moderator
 
AZgl1800's Avatar
 
Join Date: Oct 2006
Location: Oologah, Indian Territory, USA...
Year: 2002
Make: Honda
Model: GL1800 Hot Rod Yellow
Posts: 56,618
Garage
Just talking with you Rudy, is controversial
AzHonda likes this.

~ John
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


What is the Forum Index?

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


Download it here:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
AZgl1800 is online now  
Sponsored Links
Advertisement
 
post #4 of 8 (permalink) Old 02-18-2019, 10:37 AM
Monkey with a Football
 
Rudy's Avatar
 
Join Date: May 2005
Location: With VPN, anywhere
Model: Linux, Firewalls & VPNs
Posts: 19,229
Garage
Always has been pretty much.
AzHonda likes this.

Rudy

“...and the rabid dog they gave me
wasn't too much fun”
Rudy is offline  
post #5 of 8 (permalink) Old 02-20-2019, 01:34 AM
Junior Member
 
AzHonda's Avatar
 
Join Date: Jan 2019
Location: Phx, AZ
Year: 2006
Make: Honda
Model: GL1800
Posts: 92
Quote:
Originally Posted by Rudy View Post
Yep, been using it for years.
It's great to have truly free speech again.
I know a lot of people use Signal but I prefer to avoid the mainstream products assuming the non-mainstream products are verified secure and don't attract as much attention from those who would try to circumvent it.
Just remember, to be truly secure, BOTH ends should delete message history after controversial chats.


Yeah that sounds good.



I hear "Whats app " and poss Signal are bad , or at least apps that Use Signal the wrong way. Here is excerpts from Steve Gibson ....


We did a podcast on the Signal app, whereas I have said a number of times, as I was reading through the detailed protocol spec, I remember thinking initially, boy, this thing is overdesigned. And then, as I got into the details more, I realized why the bullet point features that were mentioned at the beginning were there, and I came away with a lot of respect for the Signal protocol. The problem is it's still up to the implementer to deal with some of the details. And at least WhatsApp has failed in one way to handle some of this.




This came to light on the 10th, which was, what, last Thursday. An Amazon employee, Abby Fuller, tweeted: "Logged into WhatsApp with a new phone number today and the message history from the previous number's owner was right there. This doesn't seem right." And apparently there was - I don't know how many people followed her. The news got out. It drew some attention to her tweets. She followed up with additional tweets. She said: "Now I'm wondering how many other times it's happened. Like does whoever has my old number now have my WhatsApp history?" And she also tweeted in response to others: "Yes, it was a new device. No, it wasn't second-hand. It was not a second-hand SIM. Yes, I'm sure they weren't my messages or groups that I was added to. Yes, they were in plaintext. I'm sure it's my new phone number. It was not restored from a backup."
Okay. So we know what happened. The apparent leakage of someone else's WhatsApp messaging stream into Abby's phone should raise privacy concerns. As we know, WhatsApp uses our phone number as our authentication in lieu of username and password. The argument has been that WhatsApp only sends to that number, and so our phone is our authenticating device. So the fact that it just uses our phone and our phone number is not a vulnerability. But what exactly happens when phone numbers change hands? It's clear from an online FAQ that WhatsApp is aware of this issue. The problem is that its users aren't aware, and WhatsApp has made everything so simple and automatic that it's difficult to then ask users to pay attention to something that's far from obvious because its security implications have been deliberately hidden in order to make this system easy to use.
On their FAQ, I've got a link to it in the show notes for anyone who's interested, they have a subject, "Changing phone numbers and/or phones," and then the subhead "Changing your WhatsApp phone number. Before you stop using a particular phone number, you should migrate your WhatsApp account to the new number. For a simple way to do this, use our Change Number feature. By using this feature, you'll be able to migrate your account information, including your profile information, as well as your groups."
They say: "Make sure your contacts delete your old number from their phone's address book and input your new number, as it is a common practice for mobile providers to recycle numbers. You should expect that your former number will be reassigned." In other words, this is a complete failure of the privacy guarantees that WhatsApp is promoting as a consequence of the fact that it's phone number tied, yet people are not necessarily tied to their phone numbers when they change. So Abby's tweets indicated that the chat history she received on her new phone was "not full, but definitely actual threads/DM conversations," she said elsewhere.
So we know that WhatsApp doesn't archive messaging on their servers, but we also know that - and really WhatsApp is Signal because it's the Signal protocol. And this is something that we explained and covered when I talked about the Signal protocol on our podcast of that name. We know that undelivered messages will persist in encrypted form for up to 45 days. The other problem is that once a device's SIM and phone number have been used to establish the local device's encryption keys, the SIM can be removed. Yet that device, now absent any cellular telephony, can continue to use the encryption keys it still has, until such time as the phone number associated with its absent SIM becomes assigned to some other WhatsApp user.
So that means the binding, the real-time binding between the phone number and WhatsApp encryption is weak. I mean, there is no real-time binding. It's a first-use establishment.

So this is the way WhatsApp operates. Oh, it also trusts new encryption keys broadcasted by a contact and uses them to automatically reencrypt undelivered messages and send them to the recipient without informing or leaving an opportunity for the sender to verify the recipient. Again, it's doing a lot of things behind the scenes so that it just works. Unfortunately, we're seeing a perfect example of how this could be broken. And of course this brings us back to my number one complaint about ease of use versus security and privacy tradeoffs, which we inevitably encounter anytime someone else manages our keys for us.

This made me go back and visit Threema. I haven't looked at the Threema website for a while. And I've always liked them because they keep this in the hands of their users. Yes, there's a little more setup in the beginning. You are asked to do - you remember that Threema's the one that has the green, yellow, and red sort of stoplight signal for the level of authentication of the other person's keys that you have achieved. So, yes, a little more setup. Also it's not free. It's a few dollars in order to purchase this.


You know, windows didn't get that bad over night! It took fifteen years of careful development!

Last edited by AzHonda; 02-26-2019 at 06:24 AM.
AzHonda is offline  
post #6 of 8 (permalink) Old 02-20-2019, 01:50 AM
Junior Member
 
AzHonda's Avatar
 
Join Date: Jan 2019
Location: Phx, AZ
Year: 2006
Make: Honda
Model: GL1800
Posts: 92
from threema website , finally Ithink I have an analogy to share with friends.


Why you should care about privacy even if you have “nothing to hide”

You’re sitting in a coffee shop, talking to a friend. Suddenly, the waiter shows up, asks for your phone numbers, and wants to know who else you’re friends with and what you’re talking about.



Do you provide the requested information? Would you provide the information if, in turn, you wouldn’t have to pay the bill? Is it safe to assume that you have something to hide if you don’t enter into this deal?
Internet users who disclose their privacy in order to access free online services often do so on the grounds of having “nothing to hide”. However, as closer inspection reveals, this position is untenable. Having nothing to hide might be a desirable state of affairs, but it doesn’t entail that it’s safe to disclose one’s privacy.

If you don’t feel comfortable providing the requested information to the waiter, that doesn’t mean you have something to hide. It simply means you wish to preserve the privacy you rightfully deserve. Maybe you’re discussing something mundane, like the weather, but you think it’s none of the waiter’s business. Also, you don’t know what the waiter might do with the obtained information and why he’s keen on acquiring it in the first place.


If you do not carelessly disclose personal information to strangers in real life, you probably shouldn’t provide the same information to online services, either. By combining several data points, it’s easy to draw a detailed picture of you; one which reveals far more than each data point would on its own – and one that could reveal more about you than you would imagine.


Basically when i talk privacy to folks they look at me as if I was one of those prepper types .

and in reality I have nothing against preppers , but a little on that note I feel if it gets to that its no use going on.


But threema lays this out perfectly. My challenge is getting folks to use it. I can see myself handing out google play cards with $$ tokens .

You know, windows didn't get that bad over night! It took fifteen years of careful development!
AzHonda is offline  
post #7 of 8 (permalink) Old 02-20-2019, 07:13 AM
Monkey with a Football
 
Rudy's Avatar
 
Join Date: May 2005
Location: With VPN, anywhere
Model: Linux, Firewalls & VPNs
Posts: 19,229
Garage
and remember kids... don't forget to use full time VPN, at home and while travelling. On all your devices.
It can be really cheap but avoid any of the free VPNs out there. VPN hosting is about trust and you can't trust the free ones.
I have gotten monthly at under $3/mo and Lifetime Premium subscriptions from between $29 to $79 one time forever depending on the host and grabbing short term offers.
Once you use a VPN, turning it off will make you will feel like you are driving with out a seatbelt and essentially, you are.

Rudy

“...and the rabid dog they gave me
wasn't too much fun”
Rudy is offline  
post #8 of 8 (permalink) Old 02-20-2019, 07:39 AM
Monkey with a Football
 
Rudy's Avatar
 
Join Date: May 2005
Location: With VPN, anywhere
Model: Linux, Firewalls & VPNs
Posts: 19,229
Garage
Quote:
Originally Posted by AzHonda View Post
My challenge is getting folks to use it. I can see myself handing out google play cards with $$ tokens .
The goal is not to get everyone on it for me. The goal is to have an alternative method to communicate with a few friends and trusted types.

It's like having a secure phone. You don't use it for all calls. Just those where you feel privacy might be helpful.

I hear ya though. I tried to get family on it and some installed it and never use it. Others use it occasionally. But is's nice to be discussing something and being able to say, lets continue this conversation on Threema. No reason to share everything you say with your ISP and every switch on the internet.

Like posting here for example...

Rudy

“...and the rabid dog they gave me
wasn't too much fun”
Rudy is offline  
Reply

  Steve Saunders Goldwing Forums > Forums > Computer Talk

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Steve Saunders Goldwing Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to send a SMS Text Message to cell phones by Email from your computer. Hodgy Miscellaneous Forum 4 02-07-2016 10:46 AM
You request secure parking and..... twinsbampy General Motorcycle Discussion Forum 14 12-01-2007 10:59 PM
Morse Code is Faster than SMS Texting AZgl1800 Miscellaneous Forum 3 03-25-2007 05:37 AM
Don't matter if the computer is secure AZgl1800 Miscellaneous Forum 2 03-12-2007 12:36 PM
ZoneAlarm® Secure Wireless Router AZgl1800 Miscellaneous Forum 8 02-10-2007 09:00 PM

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome