Interesting talk by Will Scott at 36c3 a few minutes ago called "What's left for private messaging?", which talks about a lot of the issues regarding desired properties in messaging systems. I watched it live, but it should be available to watch later at some point in the next few days. He encouraged me to be less judgemental about the broad diversity of messaging applications. Look for it!
On Wed, Dec 25, 2019 at 10:47 PM Daniel Johnson <[email protected]> wrote: > My friend who works in tech security industry uses "Wire" to message me. > > On Wed, Dec 25, 2019, 10:36 AM Mike C. <[email protected]> wrote: > > > On Sat, 16 Nov 2019 13:13, logical american wrote: > > > I just recently found out that my Signal Messaging Application on my > > > Apple Iphone has been compromised. > > > > > > > Yikes! Sorry I missed this earlier. This is very concerning. Could > you > > > please elaborate? How did you detect this? What happened to the other > > > apps when they were compromised? > > > > > > > The OP was over a month ago now. Not sure how I missed it either as that > > type of post always gets my attention. > > > > I'm also interested in more details. I'm a bit suspect of an actual > > compromise of the Signal app itself as opposed to the device itself being > > affected by malware. > > > > A quick Google search on the topic resulted in one case of a > > compromised non-official Signal app that was distributed via some Secure > > Android web site and not via Google Play store. > > > > If you are interested in cryptography applications, then it is safe to > > > assume you know about Bruce Schneier. His Crypto-Gram mail list has > been > > > a source of value knowledge about just these types of issues over the > > past > > > 15 years. > > > > > > Thank you for this. I just checked it out and he seems to cover the > gambit. > > I read a post about NordVPN being breached via leaked encryption keys, 20 > > MONTHS AGO and the > > company just disclosed this to the public! > > > > And you also know that Signal is the standard; I'm not aware of any > > > alternative product that is as good with the same feature profile. > > > > > > > WhatsApp uses the same protocol as Signal but it's owned by Facebook now > so > > who knows what they're doing to it. > > > > Telegram has been highly criticized for its security flaws. It doesn't do > > end-to-end encryption by default and it's really developed and marketed > as > > a more "secure" collaboration tool like Slack rather than a simple secure > > text app. > > > > Threema is a pretty good option. Developed by Swiss company with the > > benefit of the highly regarded Swiss privacy laws. The code isn't open > > source but they do publish yearly public transparency reports > > > > Surespot is new to me but looks like it might be the best option. It's > open > > source and it seems to be a just a lightweight secure text app. > > https://www.surespot.me/ > > > > Happy Holidays! > > > > -- Mike > > > > > > > > > > > > > > > > I noticed a while ago you asked a similar question about secure e-mail. > > > Did you find what you were looking for? > > > > > > -- > > > PRD > > > > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
