Daniel Martí:
> On Thu, May 14, 2015 at 17:32:02 +0000, Jacob Appelbaum wrote:
>> TextSecure is Free Software with a non-free dependency for signaling.
>> My understanding is that WebSockets is the future for TextSecure and
>> Signal, which is perhaps partially deployed? I guess that the GCM and
>> Apple push are both not working out very well for
>> Signal/TextSecure/Redphone users. So good news on that front: they're
>> ditching the non-free notification component soon, I think.
>
> I've also heard that, hopefully they can move on to a free software
> stack at some point.
>
>> That isn't entirely accurate - I have used it on a device without the
>> play store but with GCM. That isn't commonly deployed but it functions
>> entirely without a google account and without a bunch of google apps.
>> It requires exactly one google service for GCM functionality.
>
> Well, even though not requiring an account is a plus, requiring non-free
> software to run on the device is still bad.
>
>> TextSecure isn't in F-Droid for a bunch of very reasonable reasons
>> that Moxie outlined. Regardless of what anyone calls it - both are
>> freely licensed. F-Droid isn't quite feature complete with the Play
>> store in some important areas, which is sad and lucky us: it is
>> improving over time thanks to the hard work of F-Droid developers!
>
> Yes, TextSecure is not in F-Droid for a whole bunch of reasons. His
> reasons are that we don't have some features, ours are that his app
> would require heavy patching to be free software, for example.
>
> I honestly don't agree with all of his demands either. He requested that
> we force users to run the latest version of his app, that we remove
> older builds or that we provide an analytics service much like the one
> provided by Google Play.
>
> Some others are legitimate, like the signing. That is being worked on
> and at the moment it's deployed for some apps with the cooperation of
> the respecting upstream devs.
>
>> However WhatsApp isn't Free Software as far as I understand, which was
>> the original point of my message. So even if WhatsApp is otherwise
>> identical in usability and security claims, we'd have no way to verify
>> that it was true without source code, reverse engineering or well,
>> blind faith.
>
> I'll give you that TextSecure is partially free software, but IMHO
> that's as good as saying it's not. Even though the black box it contains
> may not make the crypto system and secure messaging less secure, I would
> still not call it free software.
Daniel is correct here. TextSecure is NOT free software, but it is built
using mostly free software. It cannot function without a non-free library to
access GCM. Check the build.gradle:
compile 'com.google.android.gms:play-services:6.1.71'
That jar provides access to GCM. It is not free software, and TextSecure is
non-functional without GCM.
>> Just as a side note - SMS is just slightly better than GCM. There are
>> nearly no good Free Software options that only uses open protocols
>> over open and free networks.
>
> I actually heard SMS is worse, and that this is why Moxie dropped its
> support in TextSecure.
SMS is terrible, leaks all over the place. Though I haven't looked in depth
into GCM, given Google's track record for deploying HTTPS, it seems highly
likely that GCM is a lot better than SMS. But that's not saying a whole lot.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: [email protected]
