On 5/14/15, Drake Wilson <[email protected]> wrote: > Jacob Appelbaum wrote: >> Just as a side note - SMS is just slightly better than GCM. There are >> nearly no good Free Software options that only uses open protocols >> over open and free networks. > > I hope I'm not derailing this too much---but I would like to call attention > to the big practical difference in the _identity_ model of these networks, > as > I made a similar complaint on the TextSecure list.
I totally agree that the identity model is problematic. > > The PSTN is maybe not as open a network as the Internet, but there is still > a lot of /de facto/ multi-provider interoperability, some regulation over > how this is handled (at least in the US), and a broad social expectation > that > people can generally acquire telephone numbers and that it's hard for any > single provider to just declare that you don't exist. That is exactly how some of the targeted interception works, I think. Unless something has changed, number portability databases are used as part of call diversion for wiretapping, etc. > AFAIK, WhatsApp and > the new TextSecure (and iMessage, and Telegram, and so forth) are all > centralized-identity networks: if the master computer says you don't have > a name/number, you don't have one and you can't talk to anyone. That just means you have to make a new account or get a new device - not that you can't talk, no? > > So if there's ever a "since this was the only measure we could afford to > develop in time to stem a recent tide of weird TextSecure spam, all > recently > registered users 'temporarily' have to link their Google account" or > such... How is that different from my phone provider doing the same thing? Or charging me crazy expensive rates for unencrypted services? > > So I sympathize somewhat with the ideas of SMS being finicky, > technologically > problematic, not really that open, hard to make easy to use, leaking a lot > of > metadata, etc., but that doesn't remove the scarier problems with the > "obvious" > alternatives. Using SMS as a fallback "authoritative" channel to bootstrap > other channels can be a nice approach so long as the fallback stays in > place. > I'm confused - Redphone, Signal and Textsecure all use SMS for that exact reason, no? And as a result, it is actually not so fantastic, ironically enough... All the best, Jacob _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
