Saying goodbye to encrypted SMS/MMS (opens in new tab)

(whispersystems.org)

162 pointshormesis11y ago76 comments

76 comments

  We don’t want the state-run telcos in Saudi, Iran, Bahrain,
  Belarus, China, Egypt, Cuba, USA, etc… to have direct access
  to the metadata of TextSecure users in those countries or
  anywhere else.

Sad to see that the 'land of the free' has become bundled (in a relatively short period of time) into a category of oppressive states that have little or no respect for the privacy of its citizens.

proveanegative11y ago

I read this bundling as a deliberate rhetorical/political move. You could have bundled the US with other surveillance-happy Western nations such as Australia or the UK, which as far as I understand do not behave in a qualitatively different manner.

dredmorbius11y ago

Not only do the UK, Australia, or Canada and New Zealand for that matter, not behave qualitatively differently, but as the "Five Eyes" surveillance states, they'll spy on one another's citizens (and occasionally their own) for one another, effectively gutting any legislative prohibitions on domestic surveillance.

https://plus.google.com/u/0/104092656004159577193/posts/2ncB...

Tipped off to me by SoftwareMaven here at HN: https://news.ycombinator.com/item?id=9077061

(Links are described in more detail in my G+ post above)

http://www.theguardian.com/world/2013/nov/20/us-uk-secret-de...

http://www.theguardian.com/world/2013/dec/02/revealed-austra...

http://www.theguardian.com/politics/2013/jun/10/nsa-offers-i...

http://uk.reuters.com/article/2013/06/21/uk-usa-security-bri...

1 more reply

harry811y ago

And I guess there's a school of thought that from this perspective Australia and the UK are different countries in name only and are following US policy as dictated? True or not it's reasonable rhetoric I guess.

colechristensen11y ago

It seems pretty clear that more or less every advanced country should be included on that list.

America needs a new constitutional amendment to address what the 4th Amendment means in the 21st century.

dhimes11y ago

I think you are seeing what it means to those in power- and those are the folks who would draw it up. It would be quite a remarkable revolution to put normal citizens in the legislature to rewrite the laws. I'm not sure my country can handle that. Too much funny laugh-track stuff on TV.

blfr11y ago

Do people really think that having your texts read is comparably oppressive to living in Belarus?

alsdifu311y ago

No one said that except you. Nice rhetorical strategy. Moxie said 'state-run telcos'. Which is accurate.

1 more reply

stormbrew11y ago

I hope this also eventually means moving away from using phone numbers as the sole mechanism for identity. While it is and was useful to build up a meaningful userbase and resist spammers, it also hinders a lot of useful usage patterns.

jackbravo11y ago

Lack of GCM was one of their primary reasons for not providing an APK for TextSecure for users who don't use Google Play (like users with CyanogenMod).

- https://github.com/WhisperSystems/TextSecure/issues/127 - http://support.whispersystems.org/customer/portal/articles/1...

Hopefully that option will be available soon.

mike_hearn11y ago

They will still rely on GCM for the wakeup event so I don't see why it'd make any difference. Presumably the plan is that TextSecure will store the messages and when the app is open, it will build its own connection to the TextSecure servers until the app shuts down. But eliminating GCM entirely would mean the app must run all the time, understand how to handle the NAT timeouts and the servers would need to handle millions of simultaneous TCP connections - a tall order.

This is especially true because GCM is treated specially by lots of telcos and they won't time out GCM sessions automatically. TextSecure wouldn't benefit from that.

y0ghur7_xxx11y ago

whatsapp and fb messenger work perfectly without google play services installed. whatsapp even manages to update itself. i see no reason why TextSecure could not do it. It's an app that is focused on privacy, and as such should work without closed source software from the largest data collector in the world installed on the phone.

1 more reply

zmanian11y ago

It's been interesting to see the decline in GCM performance since the launch of Textsecure v2 in 2013. Dropped and delayed Textsecure messages have gone from rare to routine in the Bay Area. At 31c3, I learned the WispherPush has been near unusable for many Europeans from the get go.

Looking forward to dropping the GCM requirement.

It's cognitively dissonant not to read GCM not as Galois Counter Mode in a crypto discussion.

ericfontaine11y ago

I'm one of those people who used to use text secure, but didn't like installing google or cyanogenmon on my phone. So I would always have to self compile, but gave up recently cause I don't have any friends to text secure with :(

jlebar11y ago

"We don’t want the state-run telcos in Saudi, Iran, Bahrain, Belarus, China, Egypt, Cuba, USA, etc… to have direct access to the metadata of TextSecure users in those countries or anywhere else."

I <3 Moxie.

mike_hearn11y ago

The flip side is that identifying all users running TextSecure will get a lot easier, I presume. Previously telcos saw encrypted SMS (sometimes) and connections to GCM. Now they will see connections to TextSecure.

dredmorbius11y ago

There are possible ways to mask that, though they'd likely still draw attention.

Assuming that any given endpoint was already a surveillance target, the advantage here is that the traffic cannot be used (or is less readily used) to determine contacts -- who's talking to whom.

harry811y ago

More reason to use it and encourage your friends to use it while you still don't really need to.

orblivion11y ago

I'm curious how GCM is much better? Granted Google isn't a state actor, but it's still a major corp.

chinathrow11y ago

Google surely does not fall into the category of a state actor but has been widely reported as part of PRISM. Go figure.

616c11y ago

You will like him more if you read why Saudi is the first one in that list.

dewey11y ago

In case anyone else is looking for the story: http://www.thoughtcrime.org/blog/saudi-surveillance/

doublec11y ago

That's unfortunate. Encrypted SMS/MMS has been my primary use for TextSecure.

For contacts that have intermittent or expensive data connections, especially while roaming, the ability to use SMS was a selling point vs other messaging systems.

Telco's in my country record and store SMS data for a period and knowing this data was encrypted and unreadable by them was another useful feature of TextSecure.

6d0debc07111y ago

How much data is this actually likely to use? Effectively plain text data doesn't seem like it should be expensive. Even with something like .odt you're looking at a few KB a 'page.'

mortenlarsen11y ago

There are other concerns than just the amount of KB transfered. When connectivity is poor SMS is much more likely to work than data (2G/3G/4G). AFAIK. GCM is not a "true" push service, it just provide an API that makes it seem like one. Battery use is much higher for data, especially when you are in a location with bad connectivity. Some people prefer disabling data when they don't need it, for the reasons above and for other reasons.

1 more reply

Certhas11y ago

Yeah, but you need to then configure your phone to make sure only TextSecure uses roaming. If anyone knows an effective way of doing this (that is not manually disabling everything else) I would love to hear it.

igravious11y ago

Perhaps not call the app TextSecure then?

I think Moxie is a total dude but wasn't SMS encryption the Unique Selling Point of TextSecure? It was the reason I installed the app and go through the inconvenience of typing a very long string into the app every time the app restarts.

I undertsand the logic of what Moxie is saying, if that's the case then the conclusion should be, "We need to shut down the entire app", not "We got to switch off encryption"

moxie11y ago

It will still be possible to send encrypted messages, just over the internet rather than over SMS. This has been the default mode of operation for a while now, we're just disabling the old SMS mode that has been lingering for the past few years.

classicsnoot11y ago

I know you are busy, and even if you get this i assume you won't respond, but i am tired of sending email to support@whisper. Why can i not get group messages from iPhone users when wifi is turned on? I have sent my logs, emailed, and talked with at least two of the Inner Circle, and no fix works. I bring it up here because you are degrading/destroying one of the biggest reasons i use (and relentlessly flog) your product. You can look through the emails; i love you guys and i want to support what you do. But the fact that the shit a)just does not work and b) is now going to leave me (and others) exposed makes the feel extremely sad.

igravious11y ago

Was away from HN and didn't see your reply Moxie.

I get that SMS leaks metadata. It's like email in that respect, isn't it?. And we still want to encrypt email. Is it so much of a burden for you people to carry the SMS encryption code? Maybe a fund-raising drive to keep it financed and included?

AlyssaRowan11y ago

The next version is called Signal, so there you go.

The reasons make sense - SMS as a transport is almost unworkable, there's a lot of crap involved with MMS bugs that it would be good to rip out, and it can never be compatible with iOS.

A replacement for GCM/push/etc for wakeup would be nice - I wonder what that would look like? - but it'll do for now.

jugbee11y ago

Well that's disappointing. I have worked hard inviting my friends to textsecure, i used to tell them: "Textsecure is just a simple text messaging app but with encryption, why not to change your default one to this, what do you have to lose, you still can message all the others." Now, however, it's not going to be a simple text messaging app anymore, but just another Whatsapp + real crypto. Which is going to make wayyyy harder to convince new friends to switch. I can already hear them saying "why do i need this? it does use data, and i have facebook messenger, viber and whatsapp where all of my other friends are. Why do have to download this too for you alone"

shawn-furyan11y ago

TextSecure is getting rid of ENCRYPTED SMS/MMS, not SMS/MMS capability all together. So from a lay-person's perspective, I don't see what the major change is. They can still use TextSecure as their texting app, while occasionally being able to communicate securely with contacts that also use TextSecure Protocol clients. SMS/MMS just isn't being used as a secure transport anymore.

jugbee11y ago

"occasionally being able to communicate securely with contacts that also use TextSecure Protocol clients."

"Occasionally" is not what I desire. Being abroad and not being able to use data due to huge roaming fees leaves me vulnerable something like 80-90days a year. Leaking metadata is still better than leaking the contents which is why I'm feeling rather skeptical about this decision

3 more replies

drdaeman11y ago

If we'd drop "Secure" from "TextSecure", from a lay-person perspective there are quite a lot of appealing alternatives for an SMS/MMS texting app.

drdaeman11y ago

For me, an year ago, TextSecure's primary selling point was that it wasn't reinventing the wheel, but was layering above the already existing network. Something very resembling how one installs an OTR plugin for their XMPP client, except for being an app (since, unfortunately, I have yet to see an mobile messaging app with a sane plugin system).

I've perceived their own proprietary data transport as progressive enhancement that enables to cut the costs, not as a primary option. I.e. SMS transport being the core option, not a fallback. Personally, haven't bothered to use data transport at all - it was unable to handle multiple identities anyway.

Sadly, I was mistaken.

tasn11y ago

Their protocol and implementations are fully open source. https://github.com/WhisperSystems

drdaeman11y ago

So?

I use the term "proprietary" in sense that it's their own unique protocol that nobody else uses. (Don't tell me about their interop with CM, its partnership, not federation.) Or you know some alternative compatible SMS apps that use libaxolotl or Axolotl protocol? I don't. Would love to hear there are some.

1 more reply

aftbit11y ago

I'm disappointed that TextSecure is moving from one of the last deployed federated platforms (SMS) to their own closed transport. :(

blfr11y ago

The plan is to move towards a federated structure of their own. I think right now CyanogenMod operates its own TextSecure servers.

pgeorgi11y ago

Not sure if "federated because ITU members can hook up their own processing" is federated in any meaningful way.

dredmorbius11y ago

If the system used SMS proxied by TextSecure, that would have at least avoided net-of-endpoint pen trace. You'd know who TextSecure's customers were, and could probably use time-based analysis to see who is likely to be talking to whom (a steady stream of non-content messages would otherwise have to be used to mask significant messages).

The context analysis sideband leakage is the big win here for a data-based approach.

dredmorbius11y ago

Well: their own infrastructure over data transport rather than SMS/MMS

zobzu11y ago

its been kind of nice to have textsecure as an option when internet is not available (which sadly happens a lot especially for travelers...)

I understand the decision is, again, for the greater good, but I can't help to think it's going to leave a hole.

caf11y ago

That's a good point - I've been travelling places where I've had roaming SMS but not data.

jbk11y ago

> its been kind of nice to have textsecure as an option when internet is not available (which sadly happens a lot especially for travelers...)

Yes, this was also one of my main use of TS, and also in the subway, where Data is limited... Else, I could use Whatsapp, with ZRTP...

jugbee11y ago

aggree 100%. Now all the features why I have downloaded textsecure back in the day, was to have strong crypto while traveling abroad (which is rather frequent), not to hide my metadata

guelo11y ago

That makes no sense because SMS-compatibility is the trojan horse to get adoption. Without SMS it's just another messaging app with huge network-effect adoption challenges.

marssaxman11y ago

You can still send unencrypted SMS messages to people who don't use TextSecure. You can still send encrypted messages to people who do use TextSecure. All you lose is the ability to send encrypted SMS messages to people who are already using TextSecure; instead you must send messages through the Internet.

clsec11y ago

Well, as of this morning (after updating to v2.6) all I am able to do with my one other TS contact is send unsecured SMS. No encrypted SMS nor encrypted push. Frustrating to say the least!

I have been struggling for over a year now to get this one contact and I to have a smooth & reliable secure channel. Sometimes it works great and others times it just doesn't exist. And I usually have to jump through all kinds of hoops to get it to work again. Which makes it nearly impossible for me to recommend TS to others who are a little less technical than my one TS contact and myself.

I really want this to work smoothly, Moxie, I really do! If it does, then I can recommend it to everyone.

edit: spelling

edit2: Moxie has quickly replied to my issue on github and will be pushing v2.6.1 soon.

MBlume11y ago

The app will still be capable of plaintext sms. encrypted messages just won't use sms as a transport layer

yen22311y ago

That bit about how the rest of the world isn't clamouring for more SMS? It's very true where I came from. The reason WhatsApp got so huge was because it was one of the first apps that allowed you to completely forgo SMS in favour of a 3g-backed messaging service, which was hell of a lot cheaper.

What I'm trying to say is, very few people here care about SMS compatibility.

ForHackernews11y ago

I hope this distinction is called out effectively in the UI. It would be a real disaster if people thought they were sending secure SMS, when actually they were using plaintext, or got confused between which are SMS messages and which are TextSecure messages.

jhgg11y ago

It is. secure messages are blue (and the send button has a lock on it), text messages are green. Similar to how iOS does iMessage/SMS messages.

zentrus11y ago

Very disappointing. In various parts of the world, data is not always available and SMS is. :(

justin6611y ago

iOS does not have APIs that allow us to programatically send/receive SMS messages

Wait... what?

kalleboo11y ago

Correct. The only API for sending SMS is to open a prefilled, system-controlled "compose new message" modal. https://developer.apple.com/library/ios/documentation/UserEx...

jtchang11y ago

Sounds like a good move. SMS was not really meant to be a data delivery mechanism. In fact it was more of an afterthought that we can even send messages through SMS.

classicsnoot11y ago

I guess I thought of TextSecure as a service I used to encrypt my messages.

Does anyone have recommendations for a service that will encrypt my messages?

Johnny_Brahms11y ago

How about Textsecure? Unless you specifically want to use SMS or MMS as the transport, your messages are still very much encrypted.

classicsnoot11y ago

...so the answer is "nothing" then. Seems like a niche that needs filling; some service that encrypts your shit, regardless of transport medium.

tP5n11y ago

textsecure is a service that will encrypt your messages (to yourself and chosen others), imesssage is a service that will encrypt your messages (to apple), telegram is a service that sometimes encrypts your messages ... etc. pp.

none of the services encrypt your sms anymore, though.

j / k navigate · click thread line to collapse

76 comments

junto11y ago

  We don’t want the state-run telcos in Saudi, Iran, Bahrain,
  Belarus, China, Egypt, Cuba, USA, etc… to have direct access
  to the metadata of TextSecure users in those countries or
  anywhere else.

Sad to see that the 'land of the free' has become bundled (in a relatively short period of time) into a category of oppressive states that have little or no respect for the privacy of its citizens.

proveanegative11y ago

dredmorbius11y ago

https://plus.google.com/u/0/104092656004159577193/posts/2ncB...

Tipped off to me by SoftwareMaven here at HN: https://news.ycombinator.com/item?id=9077061

(Links are described in more detail in my G+ post above)

http://www.theguardian.com/world/2013/nov/20/us-uk-secret-de...

http://www.theguardian.com/world/2013/dec/02/revealed-austra...

http://www.theguardian.com/politics/2013/jun/10/nsa-offers-i...

http://uk.reuters.com/article/2013/06/21/uk-usa-security-bri...

1 more reply

harry811y ago

colechristensen11y ago

It seems pretty clear that more or less every advanced country should be included on that list.

America needs a new constitutional amendment to address what the 4th Amendment means in the 21st century.

dhimes11y ago

blfr11y ago

Do people really think that having your texts read is comparably oppressive to living in Belarus?

alsdifu311y ago

No one said that except you. Nice rhetorical strategy. Moxie said 'state-run telcos'. Which is accurate.

1 more reply

stormbrew11y ago

jackbravo11y ago

Lack of GCM was one of their primary reasons for not providing an APK for TextSecure for users who don't use Google Play (like users with CyanogenMod).

- https://github.com/WhisperSystems/TextSecure/issues/127 - http://support.whispersystems.org/customer/portal/articles/1...

Hopefully that option will be available soon.

mike_hearn11y ago

This is especially true because GCM is treated specially by lots of telcos and they won't time out GCM sessions automatically. TextSecure wouldn't benefit from that.

y0ghur7_xxx11y ago

1 more reply

zmanian11y ago

Looking forward to dropping the GCM requirement.

It's cognitively dissonant not to read GCM not as Galois Counter Mode in a crypto discussion.

ericfontaine11y ago

jlebar11y ago

"We don’t want the state-run telcos in Saudi, Iran, Bahrain, Belarus, China, Egypt, Cuba, USA, etc… to have direct access to the metadata of TextSecure users in those countries or anywhere else."

I <3 Moxie.

mike_hearn11y ago

dredmorbius11y ago

There are possible ways to mask that, though they'd likely still draw attention.

Assuming that any given endpoint was already a surveillance target, the advantage here is that the traffic cannot be used (or is less readily used) to determine contacts -- who's talking to whom.

harry811y ago

More reason to use it and encourage your friends to use it while you still don't really need to.

orblivion11y ago

I'm curious how GCM is much better? Granted Google isn't a state actor, but it's still a major corp.

chinathrow11y ago

Google surely does not fall into the category of a state actor but has been widely reported as part of PRISM. Go figure.

616c11y ago

You will like him more if you read why Saudi is the first one in that list.

dewey11y ago

In case anyone else is looking for the story: http://www.thoughtcrime.org/blog/saudi-surveillance/

doublec11y ago

That's unfortunate. Encrypted SMS/MMS has been my primary use for TextSecure.

For contacts that have intermittent or expensive data connections, especially while roaming, the ability to use SMS was a selling point vs other messaging systems.

Telco's in my country record and store SMS data for a period and knowing this data was encrypted and unreadable by them was another useful feature of TextSecure.

6d0debc07111y ago

How much data is this actually likely to use? Effectively plain text data doesn't seem like it should be expensive. Even with something like .odt you're looking at a few KB a 'page.'

mortenlarsen11y ago

1 more reply

Certhas11y ago

igravious11y ago

Perhaps not call the app TextSecure then?

I undertsand the logic of what Moxie is saying, if that's the case then the conclusion should be, "We need to shut down the entire app", not "We got to switch off encryption"

moxie11y ago

classicsnoot11y ago

igravious11y ago

Was away from HN and didn't see your reply Moxie.

AlyssaRowan11y ago

The next version is called Signal, so there you go.

The reasons make sense - SMS as a transport is almost unworkable, there's a lot of crap involved with MMS bugs that it would be good to rip out, and it can never be compatible with iOS.

A replacement for GCM/push/etc for wakeup would be nice - I wonder what that would look like? - but it'll do for now.

jugbee11y ago

shawn-furyan11y ago

jugbee11y ago

"occasionally being able to communicate securely with contacts that also use TextSecure Protocol clients."

3 more replies

drdaeman11y ago

If we'd drop "Secure" from "TextSecure", from a lay-person perspective there are quite a lot of appealing alternatives for an SMS/MMS texting app.

drdaeman11y ago

Sadly, I was mistaken.

tasn11y ago

Their protocol and implementations are fully open source. https://github.com/WhisperSystems

drdaeman11y ago

So?

1 more reply

aftbit11y ago

I'm disappointed that TextSecure is moving from one of the last deployed federated platforms (SMS) to their own closed transport. :(

blfr11y ago

The plan is to move towards a federated structure of their own. I think right now CyanogenMod operates its own TextSecure servers.

pgeorgi11y ago

Not sure if "federated because ITU members can hook up their own processing" is federated in any meaningful way.

dredmorbius11y ago

The context analysis sideband leakage is the big win here for a data-based approach.

dredmorbius11y ago

Well: their own infrastructure over data transport rather than SMS/MMS

zobzu11y ago

its been kind of nice to have textsecure as an option when internet is not available (which sadly happens a lot especially for travelers...)

I understand the decision is, again, for the greater good, but I can't help to think it's going to leave a hole.

caf11y ago

That's a good point - I've been travelling places where I've had roaming SMS but not data.

jbk11y ago

> its been kind of nice to have textsecure as an option when internet is not available (which sadly happens a lot especially for travelers...)

Yes, this was also one of my main use of TS, and also in the subway, where Data is limited... Else, I could use Whatsapp, with ZRTP...

jugbee11y ago

aggree 100%. Now all the features why I have downloaded textsecure back in the day, was to have strong crypto while traveling abroad (which is rather frequent), not to hide my metadata

guelo11y ago

That makes no sense because SMS-compatibility is the trojan horse to get adoption. Without SMS it's just another messaging app with huge network-effect adoption challenges.

marssaxman11y ago

clsec11y ago

Well, as of this morning (after updating to v2.6) all I am able to do with my one other TS contact is send unsecured SMS. No encrypted SMS nor encrypted push. Frustrating to say the least!

I really want this to work smoothly, Moxie, I really do! If it does, then I can recommend it to everyone.

edit: spelling

edit2: Moxie has quickly replied to my issue on github and will be pushing v2.6.1 soon.

MBlume11y ago

The app will still be capable of plaintext sms. encrypted messages just won't use sms as a transport layer

yen22311y ago

What I'm trying to say is, very few people here care about SMS compatibility.

ForHackernews11y ago

jhgg11y ago

It is. secure messages are blue (and the send button has a lock on it), text messages are green. Similar to how iOS does iMessage/SMS messages.

zentrus11y ago

Very disappointing. In various parts of the world, data is not always available and SMS is. :(

justin6611y ago

iOS does not have APIs that allow us to programatically send/receive SMS messages

Wait... what?

kalleboo11y ago

Correct. The only API for sending SMS is to open a prefilled, system-controlled "compose new message" modal. https://developer.apple.com/library/ios/documentation/UserEx...

jtchang11y ago

Sounds like a good move. SMS was not really meant to be a data delivery mechanism. In fact it was more of an afterthought that we can even send messages through SMS.

classicsnoot11y ago

I guess I thought of TextSecure as a service I used to encrypt my messages.

Does anyone have recommendations for a service that will encrypt my messages?

Johnny_Brahms11y ago

How about Textsecure? Unless you specifically want to use SMS or MMS as the transport, your messages are still very much encrypted.

classicsnoot11y ago

...so the answer is "nothing" then. Seems like a niche that needs filling; some service that encrypts your shit, regardless of transport medium.

tP5n11y ago

none of the services encrypt your sms anymore, though.

j / k navigate · click thread line to collapse