[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TIMB vs TextSecure

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TIMB vs TextSecure
From: Ted Smith <tedks@xxxxxxxxxx>
Date: Sat, 01 Mar 2014 13:12:59 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 01 Mar 2014 13:27:39 -0500
In-reply-to: <6b18864e10f27fc2da5491350c243e35@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <53118ADD.8040705@xxxxxxxxxxxx> <6b18864e10f27fc2da5491350c243e35@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sat, 2014-03-01 at 09:07 +0100, Felix Eckhofer wrote:
> Hey.
> 
> Am 01.03.2014 08:23, schrieb Gordon Morehouse:
> > With the news hitting some tech sites about TIMB, I went digging
> > around briefly to find the reasoning for rolling something anew rather
> > than backing e.g. TextSecure. (I know there are serious questions
> > about the security of Telegram.)
> > 
> > I'm sure there is a good reason, but what is it?
> 
> Using Tor gives you a few properties that no other instant messaging 
> solution can currently provide.
> 
>   - The IM server can not learn your IP.
>   - A network observer can not learn that you are using IM (just that you 
> are using Tor).
>   - You cannot block the IM service without blocking Tor.
> 
> Furthermore, there are (in my opinion) still some serious problems with 
> TextSecure, most importantly:
> 
>   - Only phone numbers as identifiers.
>   - Sends your address book to the server in full (hashed, but that 
> doesn't mean anything for phone numbers). No opt-out if you want to use 
> the push transport.
>   - Requires Google Play to be installed and uses GCM for notifications.
> 
> Though moxie has plans to address these problems, they currently exist.

These aren't "problems" -- TextSecure was designed to address a
different use case than Tor.

TextSecure is a drop-in replacement for the Android text messaging app,
and only incorporated data-channel messaging because it's impossible to
write custom text message clients on iOS, as far as I can tell.

For text messaging, anonymity in the Tor sense doesn't make sense. Phone
numbers are the only identifier you have for obvious reasons.

If you to be anonymous, TextSecure obviously isn't for you, but SMS
messaging also isn't for you. ChatSecure exists in the mobile space for
exactly this purpose.

If you want to be able to passively upgrade the security of a
communications channel nearly all people use, TextSecure is the right
tool.

I think a lot of Moxie Marlinspike's approach to security is laid out in
this Defcon talk: https://www.youtube.com/watch?v=eG0KrT6pBPk

-- 
Sent from Ubuntu

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] TIMB vs TextSecure
  - From: Felix Eckhofer
- Re: [tor-talk] TIMB vs TextSecure
  - From: Moritz Bartl

References:
- [tor-talk] TIMB vs TextSecure
  - From: Gordon Morehouse
- Re: [tor-talk] TIMB vs TextSecure
  - From: Felix Eckhofer

Prev by Author: [tor-talk] Tor and Hamachi IP conflict
Next by Author: Re: [tor-talk] [tor-relays] Is Kaspersky right to be concerned?
Previous by thread: Re: [tor-talk] TIMB vs TextSecure
Next by thread: Re: [tor-talk] TIMB vs TextSecure
Index(es):
- Author
- Thread