This app was mentioned in 709 comments, with an average of 7.00 upvotes
Whatsapp is owned by fucking Facebook. Nobody should use it for anything.
Use Signal.
Shamelessly plugging Signal (android, ios).
It works great, has basically all the features of hangouts/imessage/messenger, and is open source, secure and audited.
Everyone should be using this. It's a gift to mankind.
My friend group has had no problems transitioning to it (edit: well ok, the non-techies moaned about a new app but came around)
I'm enjoying using signal as my new texting app. Encrypted texts and calls to other signal users. The app handles messaging much like imessage. People who don't have the app get regular sms and it automatically switches when it can.
Not a gallery app, but I think Signal (Android, iOS) would be great for this. Built in camera, conversations are encrypted end-to-end, as well as at rest if you set a passphrase for the app. A bonus is end-to-end encrypted messages all the time, not just for photos. Encrypted voice/video calls are also supported.
The other bonus is that because all the photos are encrypted at rest within Signal, no other apps are going to be able to access them, period (unless of course you decide to export the photos to your camera roll).
I know this isn't the gallery app you were looking for, but I think it's going to be your most private/secure option.
I can't wait to be downvoted to oblivion by the Google Duo fans, but I would suggest Signal:
https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=ro
Signal Private Messenger by Open Whisper Systems.
Open source software, peer reviewd, has end-to-end encryption, offers private messaging and private calling.
Check it out.
I'd gladly pay $1 or even $10 if it wasnt part of facebook and didnt store my data.
Hope more people leave whatsapp and come on board to Signal
It is too bad that they didn't mention Signal which is by far the best encrypted messenging and voice chat app right now, imo.
It flawlessly integrates with your text messages, so if one of your contacts has the app your messeges are now encrypted.
Signal by Open Whisper Systems for messaging. It's like iMessage for Android and also has encrypted calls. Handles regular sms but sends encrypted messages to friends who also use it. Also lets you send audio and video files up to 100mb. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and there's an addon for Chromium / Chrome in beta.
Everyone should be using this as their default sms app.
Signal Private Messenger was released this week for Android, complementing its iOS companion.
What is it? Signal is on one hand an excellent SMS client (material design, quick reply, color-assigned contacts), but also a private IM service. So you can send normal SMS messages to contacts without the app, or Signal messages to those who do have it.
What's so great about it? It's iMessage for Android! Like Hangouts and iMessage, it sends messages over WiFi or cellular data, so you can still send texts without cellular reception. The kicker for me is that it runs on the TextSecure protocol, so all messages are encrypted and private. If you care, Edward Snowden approves.
If the recipient doesn't have Signal, the text will send as regular SMS.
Other cool features: private phone calls with other Signal users, and an upcoming Chrome companion app to text from the desktop.
The Challenge The drawback of course is getting other people to use it, which is partly why I'm writing this post. The app works great, but the primary feature of messages over data only works if other people have the app. Check it out and give it a spin, I really think this should be the next big thing in text communications.
Private, secure, instant messaging // SMS support // Material design
OP I'd really appreciate a shout out to Signal / TextSecure. It is a valid choice for SMS replacement even if you have nobody on your contact list who uses Signal for secure messaging.
It has no ads and is 100% open source (including server side components) and is 100% open specifications (Whatsapp has reportedly implemented the TextSecure protocol within its walled garden). I think it is the single best messaging platform out there today.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
It'd be nice to see support for free and open source development in general.
SMS app. It's open source and utilisies 256 bit end to end encryption between users. The most secure way to text. Get everyone to get it.
Signal. It's a nice lightweight app that uses material design. You also have the ability to send encrypted SMS/MMS to others who use the app. HD voice calling is free too! https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Beautiful little sms app, lightweight and pretty, turns on end to end encryption by default when you text other Signal users
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal. SMS with folks who don't have the app, secure private chat with those that do. Recommended by the EFF.
Signal looks pretty slick now. Readers, if you haven't tried it yet please give it a try:
On Android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
and iOS: https://itunes.apple.com/app/signal-private-messenger/id874139669
Signal or Wire. Wire's got a bit more polish on it, so you might try that. (I usually use Wire with my wife; I've got a Samsung Galaxy S5 running LineageOS version of Android; she's got an iPhone 6.)
Edit: Both Wire & Signal also have desktop clients (Windows, Linux, Mac) as well as Android & iOS apps.
Both are also free, open-source, and secure/encrypted - where these last two things are – I think – rather important.
Every time WhatsApp is down I use the opportunity to tell people about Signal.
It's nice that the most popular messaging application is E2EE (end-to-end encrypted), but Facebook can still harvest the metadata and contact networks.
Signal is actually working on private contact discovery, which is pretty cool both technically and privacy-wise!
You should assume they can see everything, same as any other ISP.
Use encrypted browsing. Use encrypted texts (i.e. Signal). That is how you protect your privacy. Not by trusting a company's privacy policy.
> Everything we do is open source and anyone is free to verify or examine the code for each release. Reproducible builds and other readily accessible binary comparisons make it possible to ensure the code we distribute is what is actually running on user’s devices.
They'll just target app publishers instead. They just have to issue Google with TAN (because they probably already have the infrastructure to do this) or TCN saying "You will replace the signed APK org.thoughtcrime.securesms with our own APK, that you will sign, and provide it specifically to user XYZ only" and bypass the issue all together. Hand-waving this attack vector by saying users can compile their own builds and side-load them or compare with official is pointless if the vast majority of users are obtaining this software via this channel and aren't verifying it beyond that.
Signal private messenger is sort of iMessage for Android : it will send SMS messages but if the other person has Signal as well, it switches to a secure private message , just like iMessage
For you: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
For her: https://itunes.apple.com/ca/app/signal-private-messenger/id874139669
Signal Private Messenger. It encrypts your data. You can communicate with other people that use different apps so it replaced my default text app. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
"Using Signal, you can communicate instantly while avoiding SMS fees, create groups so that you can chat in real time with all your friends at once, and share media or attachments all with complete privacy. The server never has access to any of your communication and never stores any of your data."
Signal - Secure encrypted texting/voice and video chat. Dump any text app you are using and switch to this immediately.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
This is correct. You wouldn't know. Install signal. If you are experiencing ongoing paranoid delusions you should seek psychiatric help.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Edward Snowden preporuča Signal.
Koristis inace ko sms program, a ak netko ima isto signal onda su free poruke i fully encrypted.
It is actually the same app, previously it was named TextSecure (for texting), and redphone (for calls), but now they are merged in a single app called Signal. Here's a link from the playstore: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
OK as someone who used textra quite a bit lately, is there a way to display a time stamp on each message that goes out and comes in? I didn't see them and I need that frequently for dealing with things for work.
I've switched over to signal and I really like it but miss the color/customization options.
Edit: Thanks guys! Damn no idea how I managed to miss that one.
Telegram is using weak, homemade crypto.
You should use Signal instead.
>A practical cryptanalysis of the Telegram messaging protocol, master's thesis by Jakob Jakobsen, September 2015
If you are looking for a secure messaging app, Textsecure is a secure messaging app suggested by Snowden himself.
OK, so everyone already knows about SIGNAL.
It's being almost ubiquitously recommended as the ethical alternative to Whatsapp with open source e2e encryption.
I still want to recommend it to people like me, who KNOW this but nonetheless, previously stuck to Telegram because they tried Signal a year or two ago and didn't like it because of Telegram's superior UI/UX/more professional logo.
I've finally tried Signal for the 2nd time when I read that it received chat wallpaper support with the latest update -- and I am happy to report it's great now.
It has dark mode, wallpaper support and you can adjust chat colors. You can honestly make the app look pretty great.
On top of that, with everyone switching I personally have more contacts on Signal now than I ever had on Telegram.
I know it's been preached as nauseum on this sub, but I still encourage everyone to get on board with Signal and if you like it, donate a few dollars to the foundation.
I don't think this is the official Signal app.
Make sure you're getting your app from the app store and that it's by OpenWhisperSystems
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Totally forgot.
For an SMS client, use Signal as it also doubles as a rich message service for other signal users.
No it doesn't. Android Messages is SMS/MMS only, which doesn't support encryption.
I don't use it myself but the most recommended messaging app with encryption is Signal. Note that no matter what app you use, you'll need to get the people you message to switch to the same app if you want your messages encrypted.
I don't own an iphone, but the way I understood it was that it uses phone numbers saved in your contacts. If the contact also is running an ios device, then it will send over data. If they're on android or something else, it sends a regular SMS.
Signal does this and is available for ios and android. It also has calling and encrypts the messages or calls if both people are using Signal.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
Please correct me if I'm wrong. Like I said, I don't have an iphone and haven't used imessage.
I think why imessage gets talked about so much is that it's there by default on iphones. I think it would be difficult to get every device manufacturer plus every carrier to not put their own SMS app as the default for android.
I've been really enjoying Signal. I haven't tested out the encrypted messaging feature yet but as far as an SMS app goes, it's great. Clean, quick and easy to use.
Signal is generally considered the most secure messaging app. They also have an android app. That being said, if work owns the device, they also own what is one the device. Tread cautiously.
TextSecure doubles as the most trusted messenger out there right now if your contact has it too or uses an app called "signal" if he is on an iPhone.
Hijacking top comment to say that everyone should be using Signal. Texts are encrypted end-to-end, so carriers can't pull bullshit like this because they don't know what you're talking about.
iphone: https://itunes.apple.com/us/app/signal-private-messenger/id874139669
I use Signal. It's encrypted messaging and it has SMS fallback. It's everything I need. It's also faster than Messenger (Google default) https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I think this is a good thing. I always wanted secure messaging on the stock SMS app to work but it never has for me. WhisperPush co. also makes the Signal Private Messaging SMS app. Which operates very well as a daily/replacement SMS app, but will add end-to-end encryption when you text anyone who also has the app.
I just installed signal. Supposed to be encrypted messaging if you both have the app, other wise it uses your normal sms
Edit: Link
I really wish more people I knew used Signal (on iOS) or TextSecure (on Android).
Not sure if it can replace the native SMS app on iOS, but I use it in place of the usual messenger on Android.
My two brothers and cousin and I have already found an alternative place for our persistent group chat. Encrypted, too! Android app called Signal.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Granted the default messaging apps on Android aren't encrypted, but if you're worried about it you could just use something like this.
Your data is mined and shared, Apple or Google.
Also you dropped this, better go buy a new one. Iphones phones are fairly decent, so are Android phones. "Nothing works" is blatantly wrong and you know it, both types of phones have issues but if they just plain didn't work then they wouldn't sell.
Bullshit, these alternatives are way better:
Agreed. My device has a PIN already, a PIN is needed to boot, too. A messenger behind another authentication makes it inconvenient.
This isn't my bank account, and it's a daily driver. If the user wants it accessible, and they already have device level security, don't get in their way.
Edit: Review bomb them. Maybe they'll pay attention to that.
Signal's developers have two publishing channels on the Google Play Store: a regular channel and an unstable beta channel. I'm guessing that the thing that's on APKMirror was copied from the beta channel.
Seconding the Signal recommendation. I use Hangouts for most things, but I am trying to bring more of my friends into Signal.
I use Signal. Apart from its secure instant messaging service, I consider it a very good SMS client and set it as my default. You can mark an SMS as read or quick reply from the notification.
I think Signal does most of what you want. I'm not sure about video chatting, I've never tried that, but as long as both of you have the app installed texts/pictures should be encrypted. For the non-tech savvy, it works just like any other messenger, including sending texts to people who don't use the app (although those won't be encrypted).
As for Linux/Windows, they have a Chrome app that's currently in open beta. You can request admittance and try it out. Since it's a Chrome app, it should run on any OS that can run Chrome (Linux/Mac/Windows).
Signal is the best one. Recommended by Edward Snowden and Bruce Schneier.
Here's a blog post for those of you who don't want to read the full report http://blog.quarkslab.com/security-assessment-of-instant-messaging-app-chatsecure-when-privacy-matters.html
They are taking steps to the right direction, but it's still pretty far away from TextSecure/Signal.
We should all start using Signal app. It's equivalent to Whatsapp feature wise, but with strong encryption and it does not record metadata. Please spread this among friends and family, using word of mouth. Before we know it the whole world is using proper communication channels!
This needs to be higher.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I'm slowly getting everyone in my life to start using signal for everything because of shit like this.
Not because we have anything to hide, but to help mask people that have a legitimate need for privacy.
Vetted open-source, end-to-end encrypted. Very inconvenient. How are you planning on being able to intercept the data, seeing as the program is already out there and available to compile to anyone?
I tried doing something similar without using this particular hardware. It's quite easy to see plain text passwords, but since Gmail, Yahoo, Facebook, and other popular services are encrypted, I couldn't see anything.
It's possible to create a "fake" encrypted Facebook site* to intercept encrypted passwords, but the browser will give a very big warning that the certificate is invalid. State-sponsored hackers can go around this, but normal script kiddies can't, unless the user typed http://facebook.com (instead of https) or if the user is an idiot who ignores the browser warning.
Also, a noisy neighbor who is playing loud Youtube music on WiFi can be silenced by continuously deauthenticating their laptop. =)
As for intercepting calls and SMS, I haven't tried it yet, but I do use Signal Private Messenger in case someone wants to send encrypted SMS.
* man in the middle
Can we all just switch to Signal? It's exactly what Allo should have been without the stupid design choices.
It's encrypted whenever you are talking with another signal user. So its fulfilling another promise that Google failed to keep.
It's open source, it has group chats and calling. I believe it merges chats just like how hangouts used to do.
You can also link it to another device using a QR code aka their desktop app. Seeing as it is Open source both for the desktop client and for the Android app you can easily have different versions built. Like a WP version or something along those lines. Why are we wanting Google to do this when its Infront of our eyes. This whole time.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I've been using Signal, created by Whisper Systems.
Privacy focussed, Snowden approved, etc. etc. etc....
It's pretty good - encrypted end-to-end when sent by data, still able to SMS those that don't have it.
Can do private calls also.
See when message delivered, see when message sent. Seamless integration wth android. No Ads. Open Source.
Love it.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Is this open source? Does it use end to end encryption? You can't just say it is "the most secure message app" with out explaining why it is secure.
I would argue that Signal Private Messenger for android is a more secure messaging app.
Signal. Free. Open source. No bloat. Good design. Encrypts messages between other Signal users. Regular sms for everyone else.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Whatsapp supports calling over the internet. I assume you'll get one of those "unlimited mobile internet for a month" sort of deals anyways, right? (Watch out though: they're usually limited nonetheless: after something like 20GB you'll usually have your traffic assigned a lower priority which results in a lot lower speeds).
If you mind the NSA, GCHQ, DGSE and co listening in, maybe use signal (that one supports voice calls as well and has proper end to end encryption) instead of Whatsapp. Links for signal: Android, iPhone
While many use Hangouts as the default Android SMS/texting application, I would recommend using something more secure like TextSecure. It's also available for Iphones as Signal.
TextSecure from Open Whisper Systems. It's the only app Edward Snowden has explicitly mentioned as being effective against the NSA (afaik) and The Wallstreet Journal did a write up about the author a while ago.
Link to app
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Link to story
No other client really works with it. You can use Frost which is an open source Facebook wrapper that focuses on privacy, or you could ask her to switch to Signal (apologies for no F-Droid link). If you're tech savvy, you could spin up an XMPP or Matrix server and have her use that (you then own 100% of the data).
Right, but Archive.org's Wayback Machine shows that the Android app already had 10M+ installs on January 5, the day before WhatsApp informed their users about the upcoming changes to their terms and privacy policy. The Play Store only shows the number of installs in batches of 1+, 10+, 50+, 100+ million etc., so it's safe to assume that Signal's tweet is really referring to the increase in installs that has now happened after January 6.
not finding it. however since i have it i can open it on play store. wonder if Google took it down because of the copycat?
what happens when you use this share link?
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I like Signal Private Messenger, https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms at the Google Play Store, or on the iOS App Store for your Apple devices. Also; end-to-end encryption of your messages.
Signal is an extremely secure messaging app (end-to-end encryption, no central servers except for address books, minimal logging etc) that is used by some people in politics.
No. We get billed proportional to usage and per phone on the air. Voicemail access is quota exempt.
My suggestion is to install Signal Private Messenger and request your dad do as well. Internet calls are free (as in beer) when both ends are on Wi-Fi; when on LTE paying per MB is cheaper than per min. Signal Messenger has two significant advantages over regular calls: end-to-end encryption and use of the cutting edge Opus codec. Opus sounds even better than regular "HD Voice" and can compensate for variable Internet connection quality. The disadvantage is that Internet calling can be less reliable if your Wi-Fi & home Internet connection is sub-par or local LTE is weak or congested.
La bonne alternative à Telegram, c'est Signal, en plus c'est open source
I opted out of Instagram and Snapchat around 2 years ago. The two apps seemed like a constant piss battle of who is happiest among my friends.
Around a year back I opted out of Facebook and Whatsapp in successive months.
At first, I felt disconnected but used e-mails, google+, and skype till I stumbled across Signal Private Messenger. I made some of my friends join the app and today I have 30 friends using the app. It's very secure and has no features for status, profile pic, blue tick, and last seen. I'm very much satisfied with it.
Do I regret my decision? Absolutely not. I feel so much better since leaving Facebook and I certainly don't see myself joining it back in the future. These social media apps give us an illusion of happiness; it's almost always about showcasing your best features to your "friends" while actively hiding away from your flaws. Nobody is as happy as their social accounts tell us about them.
PS: My personal opinion is that Facebook news feed is the most unhealthy platform when it comes to mental health related issues. They're so full of shit. I'm so glad I don't have to see that shit anymore.
I really like Signal. It handles SMS as well as its own instant messaging. If you can get anyone you know to switch to Signal IM, even better.
This would be an exercise in futility, don't even bother.
There are many more reasons why this is a complete waste of time but those should suffice.
Essentially secure email requires the entire infrastructure of email to be rebuilt with security in mind.
Hope is not lost though.
We have tools like Signal, Telegram, WhatsApp and even Facebook Messenger is offering end to end encryption options for communications. I would suggest checking out Signal but supposedly Facebook hired the Signal team to consult on their implementation for messenger. Of course, it's proprietary so we have no idea really.
And this is why everyone needs to install and use Signal. There's no excuse not to. In a perfect world with perfect governments we wouldn't have to. But we don't live in that world. If you value your privacy you have to make an effort to protect it.
If you don't click this, you don't have the right to complain.
Allo is not meant to be a private messaging app. There are many others that are already made and quite useful (Signal). Allo is meant to be a showcase of Google's AI capabilities, and as such has a few shortcomings as a messenger (no web UI, only one device, etc.) Sure, you have the option to run incognito chats which uses the same algorithms as Signal, but then you can't get the benefit of the AI, which naturally means that that will not be your default mode of operation. This makes it perfectly reasonable as an app and as a product for users that know exactly what they are getting. Of course your data that you use it with will have to be analyzed in order to develop and improve the AI. That's how Machine Learning works. So if you expect to write privately with someone about secret matters that you don't want any other party knowing anything about- your best option is Signal (or talking 1-to-1 at the back of some shady joint), and you have that option! If, on the other hand you'd like to explore what the latest in AI tech can give you, why not try out Allo? I honestly don't get all the complaining and the noise and the clickbait title. "No matter what?" You betcha I'm gonna try it out and use it where it makes sense.
Have you tried the Signal app? It sends SMS if they don't have Signal. If they do have Signal, it sends an encrypted message. To the end user, it behaves just like iMessage but it has strong encryption and works flawlessly on iOS and Android. The app works really well.
You could give Signal a try. It's an app that you can use to send SMS and MMS to your friends.
The cool thing about it is that if someone else has Signal on their phone too, your texts switch from SMS to an encrypted data message. People concerned about government spying or companies selling user data like Signal because it's a secure messaging app.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Another popular app is Textra. It's not encrypted like Signal but it has more customization.
To an extent same, but there are relatively easy ways like Signal to make mass surveillance harder by adopting end-to-end encryption.
Oh? What did you try? My impression was that Ubuntu Studio was decent.
Yeah, they unified everything. All apps are now called Signal for all platforms and are capable of both texting and calls.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Personally, I use Signal. It does end-to-end encrypted voice and text messaging. It's also open source; several security specialists have evaluated their code and concluded that it is, indeed, reasonably secure.
Oh, yeah. And it's free. It's maintained by a grant- and donation-supported nonprofit whose goal is to encourage the use of high-quality encryption in communications.
Maybe now is the time to convince everyone I know to use Signal Private Messenger. I am so sick of Google ignoring Hangouts. It's a great service, but their mobile app needs a serious makeover. If they are now directing people to Messenger for SMS, that probably means SMS functionality will be ripped from the application completely before too long.
Sigh.
Signal is called TextSecure on Android. Everyone should move from WhatsApp to it.
More info: https://whispersystems.org/
For Android you might like TextSecure - it is designed to encrypt your messages so server operators can't read messages, has preferences relating to notification privacy, can be locked so no one can recover the messages without the passphrase, and is Open Source so anyone can review the source code to verify it is secure.
It is probably a good starting point, but I would suggest if you don't like it trying out a few apps to see what meets your needs.
Low level: Fyi, phone calls and text messages have no privacy whatsoever. So, I'm not too surprised about that. If you want actual privacy, Signal would be highly recommended. it's recommended by PrivacyTools.io, and it's E2E encrypted.
Medium Level: Have you tried running an antivirus scan thru the built-in Android AV, Kaspersky and Malwarebytes? Second, have you reviewed your app permissions? Which ones have access to the mic, camera, location, etc? Review that, and also, can you figure out at what time you gave someone the opportunity to install spyware/spouseware? Did your PIN code get compromised by someone looking over your shoulder? When you first got your phone, did you open it and set it up yourself? Or did you leave your unlocked phone alone with someone with enough time to install malicious apps on it?
High Level: If you're still not certain, you could check to see if your phone is rooted (Fyi, it shouldn't be rooted/jailbreaked) and you could also download NoRootFirewall to see which apps are sending/receiving data. Also, as a helpful tip, don't use your phone number for 2FA (again, phone numbers/sim cards can easily be copied and are unsafe), use an app like Authy instead, for 2FA. Another thing to note is, does anyone else other than you have access to your Google/Apple account? Review your logins/active sections, security settings, and maybe decide changing your account passwords/Phone PINs?
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US Signal I've heard is also a pretty good private messaging app so long as the other person you're messaging has it too.
>Silvanovich said the bug was fixed today. Signal for Android version 4.48.13 was released earlier on GitHub, but this release doesn't appear to have reached the Google Play Store, where the last update dates back to September 28, 2019
Last line of the article is most important. If you cant wait for the Play Store you can update via github.
You can just use a different texting app. You can download one from the Play Store. For example, Signal.
Also, no, the ability to reply to a text from a notification is not LG specific. That feature is called Direct Reply and it was added to Android by Google in version 7.0 (Nougat).
Connecting disconnecting, or showing no internet access? Or both? Could you please install WiFi Monitor and check if it happens while switching from 2.4 to 5Ghz?
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
If it does, feel free to star my issue: https://issuetracker.google.com/issues/139069902
Edit: I have a 2XL, btw
Thanks for that save.
So yes, definitely anyone looking to join the group, just PM me your phone number after downloading and installing Signal (iOS version here, android version here). It works similarly to WhatsApp or various other messaging applications, but uses encryption and is generally quite secure. While it does use data, it uses very minimal amounts of it.
> a different messaging app like Textra
Or Signal Private Messenger, which handles SMS seamlessly, but between users of the Signal app enables end-to-end encryption (including encrypted VOIP/video calling).
Signal messenger by whisper systems is free and open source and recommended by Edward Snowden.
Their home page with information and desktop client downloads.
you can start using (and convince the people around you) to start using something like Signal, which provides E2E encryption, and is otherwise pretty robust, features wise as well.
Signal:
iOS: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Android: https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
Settings => Privacy:
Settings => Notifications:
Signal: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
As a bonus it uses an encrypted protocol and that's its main use, but that should be negligible battery-wise and it is otherwise pretty simple, minimal and lightweight app. If it is set as the default SMS app, it can be used for SMS too: it will fallback to SMS if the recipient does not have Signal.
Another suggestion: https://conversations.im - but I've never used it. Play has only the paid version, free version is available on F-Droid.
Tired of this kind of thing?
If you aren't using Firefox, do so.
Install these Firefox addons: Disconnect, uBlock Origin, Random Agent Spoofer, Self-Destructing Cookies, and HTTPS Everywhere. Note that Self-Destructing Cookies will sign you out of everything when you install it. You'll have to log back in every time unless you whitelist the site.
Set your default search engine to DuckDuckGo. When you need Google, add "!sp" before your DuckDuckGo searches to send your searches through StartPage, which acts as a Proxy to Google. You'll get Google's results with none of the tracking.
Start using TextSecure and RedPhone if you're on Android, or Signal if you're on iOS. Signal can exchange messages with TextSecure users and phone calls with RedPhone users. "But what about other private messenger apps?" No. use TextSecure and Signal, and get your friends to use them too.
Critical: Learn how to do passwords properly. I don't care about your special "password algorithm" or whatever for remembering passwords on different sites. If the password came from your head, it's wrong.
Use a VPN service. Cryptostorm is a good choice. Here is a good list with more. The provider can still technically see your traffic, but these all claim to not keep logs. Compare with your ISP, who readily admits to logging everything you visit and sharing it with advertisers.
Doing just the above will substantially reduce your trackability, but will not totally protect you. Continuing from here gets more nuanced, but is incredibly worthwhile if you value your privacy or take issue with living in a society that relies so heavily on surveillance.
Check out Privacytools.io for an extensive list of privacy resources, including VPNs, browser extensions, encryption tools, and more.
Take a look at the Electronic Frontier Foundation's Surveillance Self-Defense for primers, tutorials, and guides on how to enhance your privacy online.
For that matter, learn about the Electronic Frontier Foundation.
Join a local Cryptoparty to learn how to use electronic privacy tools and to meet other people who are enthusiastic about fighting mass surveillance and other invasions of privacy. (Disclaimer: I run a local Cryptoparty.)
Use the Tor Browser Bundle. Make sure you read the warnings so you'll know how to not screw up your anonymity. Tor works better when more people use it, for a multitude of reasons. You are promoting freedom simply by using the Tor Browser.
Feeling more adventurous, needing more security, or wanting more privacy? The Tor Browser Bundle is great, but is only as safe as the operating system it's running on. Tails is a Linux-based distribution that routes all traffic for the whole OS through Tor, which means that your browsing will be anonymous, even if something exploits the browser and breaks out into your OS. Again, this is entirely dependent upon using it correctly.
Switch to Linux.
Join us over in /r/privacy for more resources.
edit: Thanks for the gold! If anyone else feels like expressing gratitude, please donate to any of these projects or orgs mentioned in this post. Many of them need money pretty badly.
Think end to end encryption should be on by default? Get Signal. Avavailable for iOS and Android. It's like iMessage for Android, handles regular sms but sends encrypted messages to friends who also use it. So even if none of your friends have it now you can just use it as your default sms app. There's a Chrome/Chromium app for desktop. Read about the security here. And it's Free Software.
It's made by Open Whisper Systems, who made the Signal protocol and who you can thank for end to end encryption in Facebook, Whatsapp and Google's Allo.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technologist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Here's a comparison between Signal, Whatsapp and Allo. https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/
And some security tips for Signal https://theintercept.com/2016/07/02/security-tips-every-signal-user-should-know/
Telegram isn't secure. Use Signal if you want a proper secure messenger. It's Free Software (source here) and you can get it for Android, iOS and desktop.
Even WhatsApp is better than Telegram as it uses end to end encryption by default.
http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-telegram-right-now/
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there. > > Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. > > This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
Some russian activists Telegram account got hacked giving them access to all previous messages: https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
Pavel himself admits security isn't a priority here https://twitter.com/durov/status/678305311921410048 in response to this:
Thomas H. Ptacek
> https://twitter.com/Snowden/status/678274362609426432 > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
Edward Snowden
> https://twitter.com/Snowden/status/678274362609426432 > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> https://twitter.com/Snowden/status/678274362609426432 > To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
Moxie Marlinspike > https://twitter.com/moxie/status/678219238394298372 > It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> https://twitter.com/moxie/status/678277776391077888 > If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> https://twitter.com/moxie/status/678309008789258240 > For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach. > > Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
Time to start using Signal from Open Whisper Systems
Everyone should install Signal for their calls and messages. Works on Android and iOS, there's also a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Je ne peux que rappeler l'excellent signal qui est libre, chiffré et geré par une structure à but non lucratif
I prefer free software. Am I missing any notable apps?
Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and a browser addon is on its way.
Firefox with uBlock Origin (to block ads and malware sites) and HTTPS-Everywhere as addons.
Orbot with Orfox (beta) for browsing with privacy.
Slide for Reddit still in beta, some crashes but it's getting there.
OsmAnd Maps & Navigation uses OpenStreetMap data. Consider supporting the project by getting the paid version.
VLC for video.
Amaze as file manager.
Tinfoil for Facebook. There's a fork called Metal for Facebook and Twitter but the developer hasn't released the source yet so I'm avoiding that for now.
Opengur for Imgur.
You might be using <any other SMS app>, but instead you should be using Signal:
Honorable mention goes to Whatsapp which implements the same Signal protocol for E2E messaging over data.
TextSecure by Open Whisper Systems. Tell your friends with iPhone to use Signal.
It's like iMessage for Android. Works as a regular sms app for those without it and send encrypted messages to those who do have it. Also has quick reply and direct photo capture. There's really no reason not to install it even if you don't know anyone else who has it yet. Free software (GPLv3). From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Wall Street Journal recently had a good article about it
http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
Also seems to have been the only sms app that wasn't vulnerable to automatic triggering of the Stagefright bug
> Supposedly the vulnerability is in stagefright, which is the Android framework responsible for audio/video encoding/decoding and playback. TextSecure doesn't do any pre-processing of received audio/video messages, so it seems unlikely that a vulnerability in stagefright could be triggered simply by sending audio/video to a TextSecure user.
https://lists.riseup.net/www/arc/whispersystems/2015-07/msg00084.html
For any interested developers, they're currently paying almost $50 for accepted pull request.
https://github.com/WhisperSystems/TextSecure#contributing-code
Signal Private Messenger is good. Lots of features. End to end encryption and msg over WiFi
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I use Signal. Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's Free Software (GPLv3).
It's sort of like iMessage for Android. It handles sms so it doesn't feel like a separate app but if both have it you're sending encrypted messages using data instead. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
Some nice features besides keeping your messages and calls private are quick reply, group messaging, muting conversations, sending audio and video files up to 100mb and sending your location.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Signal is the direct replacement for the original whatsapp.
Edit: links https://signal.org/
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
https://itunes.apple.com/gb/app/signal-private-messenger/id874139669
Signal: Effectively an Open Source iMessage for Android (and iOS). A drop-in replacement for Android Messages (with SMS support). On top of that communication with other Signal users (message/voice/video) is using WiFi/data and end-to-end encryption. Also supports group messages. Very simple setup and configuration.
VolumeSlider: A volume button replacement. Lets you slide your finger across the edge of the screen to adjust the volume (system/ringtone/notification/alarm). A small in-app purchase will let you configure up to four gestures (two on the left edge and two on the right). Also now has experimental support for adjusting display brightness.
Pepe DNS Changer: My no-root solution to blocking ads. I like this better than DNS66, and other ad-blocking apps, because of its simplicity. I just configured it to use Adguard's DNS servers (176.103.130.130 and 176.103.130.131). Doesn't automatically activate on boot, so I have to do that manually. Uses the on-device VPN service (like other apps) to do its thing.
Simple Radio: Probably my most used app, next after my reddit app. Just a simple Internet radio app really. The in-app purchase removes the ads, and that is worth doing in my opinion. Also has sleep timer support, for turning off the radio, if you use it to fall asleep.
Chan Burauza: A decent, good looking (after you change the theme) app for browsing 4chan, 8chan, 420chan, and Lainchan imageboards. Not sure I'm really gonna use it much, but I found it by chance and it seems pretty good, compared to other related apps. So if you're looking for an alternative to your current chan app, you should at least give this a try.
Phew, for a moment there I thought it was signal, the encrypted messaging app. Thank fuck its just twitter bullshit
Nate Cardozo from EFF had this to say:
> @durov @csoghoian @WIRED @iRowan Also as @alexstamos points out, we @EFF do NOT evaluate implementation. Only baseline "did you even try."
https://twitter.com/ncardozo/status/582264054275657728
> @durov @csoghoian @WIRED @iRowan @alexstamos @EFF Also, it's clear that "did you even try?" answer is NO for Telegram's defaults.
https://twitter.com/ncardozo/status/582264644598919168
Want secure messaging? Use Signal. Available for Android and iOS. There's a Chrome/Chromium app for desktop that's in beta.
Just went through my phone there. Descriptions, sites, and app/play store links included.
The Signal Private Messenger application is amazing, provably secure mobile messaging. The WhisperSystems teams code is used by WhatsApp now, although I am unsure how well implemented the WhatsApp version is.
See it as free, un-eavesdroppable calls and texts basically anywhere on the planet with an internet connection. There is even a desktop version!
Signal - iOS App Store
Signal - Android Play Store
--
SnoopSnitch from SRLabs effectively acts as an intrusion detection system of sorts for your cellular baseband, notifying you if it detects things like IMSI catchers (stingrays) and other attacks on your phone designed to violate your privacy.
SnoopSnitch - Android Play Store
--
Pry-Fi is an application (requires root) that helps you avoid tracking based on your phones wireless MAC address. A lot of stores try track customers based on their mobiles MAC address, so what Pry-Fi does is spoof it to avoid tracking. It also has a much ruder, aggressive mode, where it pretends to be loads of devices to ruin tracking data analytics :)
--
Wigle WiFi is a collaborative, crowdsourced, wireless mapping application. You set it up, let it run in the background when exploring new places (it does consume some battery, so I usually only run it when going somewhere new), and it generates data linking wireless hotspots to geolocations. You can then download this data to your own computer and look at it with Google Earth or whatever if you want, or simply upload it to the Wigle servers so everyone can benefit from the data you collected about the Wireless networks around.
Spread the word. Everyone protesting should be carrying:
Also refer to this: https://pbs.twimg.com/media/EZfk_KXVAAAPTOx?format=jpg&name=medium.
Good advice. Here's some more.
Use free software instead of proprietary whenever possible.
Signal by Open Whisper Systems for encrypted messaging and calls.
Use strong passwords and don't reuse them. Best thing is to use a password manager (make sure it's Free Software instead of proprietary, like). That way you don't have to remember many passwords, just one. Use Diceware to make it a good one.
Keepass2Android is a good password manager. You can use it with KeePassX for desktop.
If you're a GNU/Linux user and comfortable with the command line, I'd recommend pass with Password Store (you need to use this with OpenKeyChain)
Make sure to turn on 2-step verification on Google and use Google Authenticator.
Firefox with the following add-ons uBlock Origin, HTTPS-Everywhere, and Decentraleyes.
On the desktop version Privacy Badger is also a must, but it doesn't work on mobile. None of the add-ons mentioned require any effort, you just install and forget about them.
I'm doing my best to convince people to use Signal. Works like a normal messenger but is encrypted.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
As currently implemented WhatsApp is completely secure.
What the Australian government is asking for (and won't get) is for the entire architecture to be changed so that rather than having end to end encryption, the messages will be sent to the server encrypted, re-encrypted for the recipient and then sent on.
The plain-text transition in the middle will give governments the ability to intercept the transmissions by simply asking Facebook etc for a copy.
The underlying tech in WhatsApp was originally designed for and implemented in Signal, available for free for both iOS and Android, I highly recommend it.
Stick to free software as much as possible.
Use Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and a browser addon is on its way.
Firefox with uBlock Origin (to block ads and malware sites) and HTTPS-Everywhere as addons.
Orbot with Orfox (beta) for browsing with privacy.
Slide for Reddit still in beta, some crashes but it's getting there.
OsmAnd Maps & Navigation uses OpenStreetMap data. Consider supporting the project by getting the paid version.
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
https://twitter.com/moxie/status/678219238394298372
https://twitter.com/Snowden/status/678274362609426432
Whatsapp uses the Signal Protocol now, and is end to end encrypted by default, so it's more secure than Telegram. Don't like Whatsapp for some reason? Use Signal itself. Available for iOS and Android. There's also a Chrome/Chromium app in beta for desktop.
Signal. Works on Android and iOS, there's also a Chrome/Chromium addon that's in beta.
On Android it's like iMessage. Sends regular sms to those without it and sends encrypted messages to contacts using it. So even if you don't know anyone else who has it yet there's no reason not to use it as it's a great sms app as well. iOS doesn't let other apps handle sms though so it just sends encrypted messages. And it's free software (GPLv3).
Spread the word.
Every protester should be carrying:
Refer to this image: https://pbs.twimg.com/media/EZfk_KXVAAAPTOx?format=jpg&name=medium
An image version of this list, for use on social media platforms, can be found here: https://imgur.com/gallery/eAz0u23
​
If they de-escalate, you de-escalate.
To answer the last sentence in the article. Use TextSecure and Signal by Open Whisper Systems. Not a single app mentioned in the article will keep your messages private.
On Android it's like iMessage. Works as a regular sms app for those without it and sends encrypted messages to those who do have it. So there's no reason not to use this even if you don't know anyone else who has it yet. iOS doesn't let other apps handle sms but the same goes for any other app so not a big deal. And it's free software (GPLv3). From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Wall Street Journal recently had a good article about it
http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
Also seems to have been the only sms app that wasn't vulnerable to automatic triggering of the Stagefright bug
> Supposedly the vulnerability is in stagefright, which is the Android framework responsible for audio/video encoding/decoding and playback. TextSecure doesn't do any pre-processing of received audio/video messages, so it seems unlikely that a vulnerability in stagefright could be triggered simply by sending audio/video to a TextSecure user.
https://lists.riseup.net/www/arc/whispersystems/2015-07/msg00084.html
For any interested developers, they're currently paying almost $50 for accepted pull request.
https://github.com/WhisperSystems/TextSecure#contributing-code
Spread the word.
Every protester should be carrying:
Refer to this image: https://pbs.twimg.com/media/EZfk_KXVAAAPTOx?format=jpg&name=medium
An image version of this list, for use on social media platforms, can be found here: https://imgur.com/gallery/EkYDT62
​
If they de-escalate, you de-escalate.
Which is why we should all switch to Signal and tell facebook to shove it
Use Signal if you think your messages and calls should be private. Available for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta. Read about the security here.
You can use it as your sms app on Android, so it's great even if none of your friends have it right now. Recommended by Edward Snowden and Bruce Schneier.
Telegram isn't even end to end encrypted by default, keeps your messages accessible on their servers, server software is proprietary, and it has homemade crypto.
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
> Meanwhile, Apple and Google are currently rolling out user-friendly end-to-end encryption for their customers, many of whom have demanded greater privacy protections — especially following Snowden’s disclosures.
Can someone tell me what this is about?
Speaking of end-to-end encryption, everyone should use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Wall Street Journal had a story
http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
Just a warning to anyone considering using this app. It is closed source and hence unauditable. While messages may be encrypted client-side, your only guarantee that clear-text copy is not also sent to the intermediary server and logged is the developers word.
Privacy where you must trust an unaccountable third-party is not real privacy.
TextSecure (Android) and Signal (iOS) are open source alternatives that are interoperable with one-another and do both one-on-one and group text messages, as well as sending files (photos or whatever).
As an added bonus, if you're using TextSecure it can be set to replace your default text messaging app, doing clear-text SMS messages to contacts without a compatible app, but upgrading to encrypted messages via data for those who do, which saves you needing to check multiple applications for mesages. Sadly, this particular functionality simply can't be done on iOS as Apple prohibit third party applications from replacing built-in functions.
As for encrypted voice calls, on iOS this is integrated into Signal. On Android, it's a separate app called RedPhone, which is of course compatible with the encrypted calling in Signal.
Some important caveats: While you can be confident that the content of your calls/texts is confidential when using either of these apps (unless, of course, you're sending traditional SMS messages in TextSecure), limited metadata is revealed:
Sadly, there are not really any mobile instant messaging apps that obscure metadata in addition to content, just yet. If you're on a real computer, Ricochet accomplishes this, however there are no mobile implementations yet.
For asynchronous messaging (i.e. like email), BitMessage obscures both content and metadata. There is an Android app, Bitseal in the works, but it is still in beta, hence you will need to join the G+ community and opt-in to the beta channel for it to be available in the play store (this link won't work unless you've done the above).
Everyone should be using Signal on their iPhones or the android equivalent TextSecure and RedPhone.
Edit: Links
TextSecure (Android)
RedPhone (Android - phone calls)
Posting on your comment for visibility. Everyone should use Signal. It's open source, uses end-to-end encryption, and is endorsed by Edward Snowden.
Edit: I forgot to mention that Signal uses perfect forward secrecy, which is a major plus. OTR is the only other common and secure messaging protocol implementing PFS that springs to mind.
Signal. Its sms implementation just works and you can have true e2e encryption with an auditable, open source app.
I'd recommend Signal instead of Hangouts. It's available for Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's Free Software (GPLv3).
It's sort of like iMessage for Android. It handles sms so it doesn't feel like a separate app but if both have it you're sending encrypted messages using data instead. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
And yes, it does have end to end encrypted group chats.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
WhatsApp, like Instagram, is Facebook owned trash & shouldn't be used by anyone.
Signal is free & better IMO.
I'd just like to interject here. Have you heard of SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN SIGNAL BY OPEN WHISPER SYSTEMS ENDORSED BY EDWARD SNOWDEN?
Spread the word. Everyone protesting should be carrying:
Also refer to this: https://pbs.twimg.com/media/EZfk_KXVAAAPTOx?format=jpg&name=medium.
Textsecure is probably the best bet right now. The protocol is open and seems sound. The only thing that bothers me is that Google can access metadata because they use their push functionality. So Google can see who you contacted when, but not what you said. Also they do not offer Binaries outside of the play store. Their reasoning is that users always should have the most current version, but still it sounds fishy, especially since they do not accept Textsecure on F-Droid.
Threema is also quite popular for some reason. It became popular after WhatsApp was bought by Facebook. But it fails the basic requirement everyone should have for cryptographic systems: It's not open source, so might be backdoored or just sloppily implemented and nobody would know.
Telegram is open source but their business uses scammy tactics like unfair "crypto-contests" rigged in such a way that they are unlikely to lose, even if the app is vulnerable.
Feelin good about having switched to Signal
Have you looked at Signal by Open Whisper Systems? It has those as well.
It's like iMessage for Android, handles regular sms but sends encrypted messages to friends who also use it. Free Software and recommended by Edward Snowden and Bruce Schneier.
Check out Signal
This is likely due to weak passwords or bad implementation. If you're the top priority of the NSA sure they'll get to you one way or another (not by breaking PGP), but mass surveillance is definitely something we can stop.
Blackberry should be avoided though.
> Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday. “We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”
http://fedscoop.com/blackberry-taking-balanced-approach-to-encryption-lawful-intercept
Use Signal for secure calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
a VM won't help with the NSA, but it will make it much harder for windows to grab your data. Technically any system is compromised if the host is compromised, but windows needs to collect in bulk from everyone. It's unlikely they will be able to do fancy memory attacks automatically to grab your data. So using virtualbox on windows with a linux + vpn guest is good for everything but the gov.
Remember, the CISA bill is about getting businesses to give the gov data. Don't let MS have your shit and it gets harder. Same principal with VPNs, at the very least it makes it harder because everyone needs to be cracked.
Also shout out to:
Use Signal by Open Whisper Systems. You can get it for Android and iOS so far, but they're also working on a browser addon.
On Android it's like iMessage. Works as a regular sms app for those without it and sends encrypted messages to those who do have it. So even if you don't know anyone else who has it yet there's no reason not to use it as it's a great sms app as well. iOS doesn't let other apps handle sms but the same goes for any other app so not a big deal. And it's free software (GPLv3).
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
I second Signal.
For secure instant messaging, use cryptocat. It's the program Edward Snowden used to communicate with journalists while in hiding.
For secure texting, use signal. That's the same encryption used by Whatsapp but in a much more lightweight app.
In the past, I'd have recommended riseup.net for secure email, but sources indicate it has been compromised, and at any rate they've switched to an invite system.
Here is a good site for creating temporary throwaway email addresses. All messages are deleted after one hour, with administrative logs deleted every 24 hours. Do keep in mind that it is not an encrypted service, and that anyone who knows the domain can access the inbox. It's best to used this service to send and receive contact info for those other two methods of communication up top rather than to actually use it for communication.
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
https://twitter.com/moxie/status/678219238394298372
https://twitter.com/Snowden/status/678274362609426432
Also it uses homemade encryption and the server is proprietary.
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
Want secure messaging?
Best option:
Signal. Avavailable for iOS and Android. There's a Chrome/Chromium app for desktop that's in beta.
Second best:
Conversations is an XMPP-client for Android with support for OMEMO (based on Axolotl from Signal). There's an experimental plugin for Gajim for desktop.
Use Open WhisperSystems apps instead. TextSecure for Android and Signal for iOS.
Telegram isn't very good. To quote Moxie
> I'm a Signal/TextSecure contributor. There's been a lot of controversy over the Telegram encryption protocol, and any cryptographer that looks at it cringes. > > > Beyond doubts with the protocol itself, I think the more important consideration is that most people never use it. Telegram is not encrypted by default. Users have to create a special "secret chat" with contacts that is ephemeral, and some Telegram clients don't even support that mode. Last I checked, there was no way to have group "secret chats" in any client at all. > > > The result is an unfortunate situation where many users seem to think that Telegram is somehow secure by default, when it definitely isn't. Telegram even stores plaintext copies of everyone's entire message history on the server for multi-device sync.
XMPP or the even older Jabber (1998) with PGP/OpenPG/GPG.
RetroShare (PC only)
This is one of the reasons I try to stick to free software apps.
Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and a browser addon is on its way.
Firefox with uBlock Origin (to block ads and malware sites) and HTTPS-Everywhere as addons.
Amaze as file manager.
Opengur for Imgur.
Slide for Reddit still in beta, some crashes but it's getting there.
Tinfoil for Facebook. There's a fork called Metal for Facebook and Twitter but the developer hasn't released the source yet.
OsmAnd Maps & Navigation uses OpenStreetMap data.
VLC for video.
Signal by Open Whisper Systems.
It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier, and it's free software (GPLv3).
Slide for Reddit, also free software.
people need to use signal
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Hey guys, here are some notes and links from this episode! A friend and I started a project where we post show notes for each episode, check it out: joenotes.com
More from Moxie Marlinspike:
Show Notes:
People Mentioned:
Companies and Products:
Basics:
~~Google Search~~ StartPage /DuckDuckGo
~~Chrome~~ Firefox inclusive AddOns: uBlockOrigin / NoScript / HttpsEverywhere / PrivacySettings)
~~Gmail~~ ProtonMail OR Tutanota (or posteo)
Delete Facebook Permanently while downloading a copy of your data prior deletion.
Delete permanently GiogleAccount In case you don't need GoogleDrive etc. Anymore. Also take a look at https://myactivity.google.com to see how much they have about you already.
Think end to end encryption should be on by default? Get Signal. Avavailable for iOS and Android. It's like iMessage for Android, handles regular sms but sends encrypted messages to friends who also use it. So even if none of your friends have it now you can just use it as your default sms app. There's a Chrome/Chromium app for desktop. Read about the security here. And it's Free Software.
It's made by Open Whisper Systems, who made the Signal protocol and who you can thank for end to end encryption in Facebook, Whatsapp and Google's Allo.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technologist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Here's a comparison between Signal, Whatsapp and Allo. https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/
And some security tips for Signal https://theintercept.com/2016/07/02/security-tips-every-signal-user-should-know/
Avoid Blackberry.
> Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday. “We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”
http://fedscoop.com/blackberry-taking-balanced-approach-to-encryption-lawful-intercept
Want secure calls and messages? Use Signal. Available for Android and iOS. There's a Chrome/Chromium app for desktop.
Nice try NSA. do not use closed-source proprietary software people. Use Signal, [TextSecure], ChatSecure, CSipSimple+Ostel, Xabber, Conversations,
Use free software instead of proprietary whenever possible.
Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone as well, and there's an addon for Chromium / Chrome in beta.
Use strong passwords and don't reuse them. Best thing is to use a password manager (make sure it's free software). That way you don't have to remember many passwords, just one. Use Diceware to make it a good one.
Keepass2Android is a good password manager.
If you're a GNU/Linux user and comfortable with the command line, I'd recommend pass with Password Store (you need to use this with OpenKeyChain).
Make sure to turn on 2-step verification on Google and use Google Authenticator.
OpenKeyChain " OpenKeychain stores and manages your keys, and those of the people you communicate with, on your Android. It also helps you find others’ keys online, and interchange keys by touching devices. But its most frequent use is in using those keys to encrypt and decrypt messages."
Firefox with the following add-ons uBlock Origin, HTTPS-Everywhere, and Decentraleyes.
On the desktop version Privacy Badger is also a must, but it doesn't work on mobile. None of the add-ons mentioned require any effort, you just install and forget about them.
Orbot with Orfox (beta) for browsing with privacy.
OsmAnd Maps & Navigation uses OpenStreetMap data. Consider supporting the project by getting the paid version.
Tinfoil for Facebook. Wrapper for the Facebook mobile site, if you use Facebook. There's a fork called Metal for Facebook and Twitter but the developer hasn't released the source yet so I'm avoiding that for now.
Telegram isn't secure. You should use Signal instead, heres the link for iOS and Android.
http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-telegram-right-now/
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there. > > Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. > > This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
With Telegram end-to-end encryption is off by default. "Secret chats" only works if both are online at the same time and you can't use group chats or desktop client. So the majority of all messages sent are not end-to-end encrypted and also kept accessible on Telegrams servers. Compare that to Signal and Whatsapp where messages are always end to end encrypted and don't store your messages at all. Also your friend doesn't need to be online and you get encrypted group chats and desktop client.
Some russian activists Telegram account got hacked giving them access to all previous messages: https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
Pavel himself admits security isn't a priority here https://twitter.com/durov/status/678305311921410048 in response to this:
Thomas H. Ptacek
> https://twitter.com/Snowden/status/678274362609426432 > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
Edward Snowden
> https://twitter.com/Snowden/status/678274362609426432 > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> https://twitter.com/Snowden/status/678274362609426432 > To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
Moxie Marlinspike > https://twitter.com/moxie/status/678219238394298372 > It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> https://twitter.com/moxie/status/678277776391077888 > If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> https://twitter.com/moxie/status/678309008789258240 > For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach. > > Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
Signal renders those old IMSI catchers useless
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
https://itunes.apple.com/ca/app/signal-private-messenger/id874139669?mt=8
Every intl airport in Canada is running an IMSI catcher too. If you have a certain Qualcomm chipset you can use SnoopSnitch to detect when GSM encryption is off meaning you just got MITM tower'd https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch&hl=en
Skype isn't secure, there's no end to end encryption.
Use Jitsi on desktop. For mobile, use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS. Redphone is the app that handles calls on Android, but it will soon be integrated into TextSecure. No desktop client yet but they're working on it.
Wall Street Journal had a good article http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
Librem 5 is a phone that, if I'm correct, has open source hardware so you could check for yourself to see there are no backdoors.
LineageOS is an open source distribution of android. All phones normally have a version that is made by the phone manufacturers that all have backdoors and are filled with bloatware. So by installing LineageOS you get a standard version of android without all the crap.
Gapps is what you would need to install if you want to use the Google play store and/or most of the games and apps.
It basically stands for Google Apps. It's a package you install on top of lineageOS to get all the Google stuff on it like the play store and lots of frameworks used by apps, but also a ton of crap capable of spying on stuff you do on your phone.
F-droid is an open source appstore filled with open source software you can install on your phone.
Signal is a free open source encrypted messenger app that is super easy to use. It fully encrypts your communication with anyone you talk to as long as they have signal too,if they don't it will use SMS instead that is not encrypted but it will warn you if you're about to do so.
I suggest using AnySoftKeyboard as your keyboard app. It's open source and doesn't send your key presses anywhere. Almost all other ones do and everything you type is being send to a company that made the app. Therefore having any government be able to get that data with a warrant.
If you have any other questions, let me know. I hope this helped you a little bit :)
Everyone should switch to Signal! https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Your Pixel has its locally stored data encrypted by default. Its a feature of the OS and its enabled by default. I'm not aware of any other disk encryption software for android.
If you want a messaging client that has encryption you have several choices. You can use programs like Signal or Telegram for example. You can even use BBM if you trust Blackberry.
Use Signal for messaging.
Use strong passwords and don't reuse them. Best thing is to use a password manager (make sure it's free software). That way you don't have to remember many passwords, just one. Use Diceware to make it a good one.
Keepass2Android is a good password manager.
If you're a GNU/Linux user and comfortable with the command line, I'd recommend pass with Password Store (you need to use this with OpenKeyChain).
Make sure to turn on 2-step verification on Google and use Google Authenticator.
OpenKeyChain " OpenKeychain stores and manages your keys, and those of the people you communicate with, on your Android. It also helps you find others’ keys online, and interchange keys by touching devices. But its most frequent use is in using those keys to encrypt and decrypt messages."
Firefox with the following add-ons uBlock Origin, HTTPS-Everywhere, and Decentraleyes.
On the desktop version Privacy Badger is also a must, but it doesn't work on mobile. None of the add-ons mentioned require any effort, you just install and forget about them.
Orbot with Orfox (beta) for browsing with privacy.
Using Free Software instead of proprietary is usually a good idea. You don't gain anything from installing those apps from F-Droid though, you're better off not allowing installation of third party apps.
Also see Snowdens advice on reclaiming your privacy.
https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/
The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.]
You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.]
Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]
The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that.
One more reason to use something like Signal.
I prefer TextSecure.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
The apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Out of context, most people here would assume you mean another signal
Excellent advice.
I would recommend Signal by Open Whisper Systems.
> "Signal was designed specifically for mobile devices, using a jitter buffer tuned to the characteristics of mobile networks, and using push notifications to preserve battery life while still remaining responsive. Signal is also Free and Open Source Software, allowing anyone to audit the code for correctness or help contribute improvements."
Android - Google Play Store: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
iOS: https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
NO, they really don't mean Telegram.
Telegram
doesn't use crypto by default
the crypto they use is "homegrown" which is a bad thing, because it is really difficult to securely implement encryption, and the telegram devs aren't crypto experts
Telegram uses "Snakeoil" tactics to distract from their shortcomings
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
https://security.stackexchange.com/questions/49782/is-telegram-secure
http://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest
Snowden called them out for some of it, he reccomends to use Signal btw (as does Bruce Schneier, which is probably among the top five cryptographers out there).
Don't use Telegram people, use Signal, it's free (in both meanings of the word) and also has encrypted calls over Wifi.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal. Works on Android and iOS, there's also a Chrome/Chromium addon that's in beta.
On Android it's like iMessage. Sends regular sms to those without it and sends encrypted messages to contacts using it. If your friends are using Android it won't feel like an extra app. iOS doesn't let other apps handle sms though so it just sends encrypted messages. And it's free software (GPLv3).
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Use signal for voice and text conversations ^please?
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
As a counterpoint, I'd like people to consider Signal (formerly TextSecure) https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
All of these are free software.
Signal by Open Whisper Systems for messaging. It's like iMessage for Android. Handles regular sms but sends encrypted messages to friends who also use it. Recommended by Edward Snowden and Bruce Schneier. It's available for iPhone and desktop (as a Chrome/Chromium addon).
Firefox with uBlock Origin (to block ads and malware sites) and HTTPS-Everywhere as addons.
Orbot with Orfox (beta) for browsing with privacy.
Slide for Reddit still in beta. Used to crash a but haven't had any problems lately.
Amaze as file manager.
For those wanting to ditch e-mail, here are the services I have switched to that are easier than PGP and e-mail for most people.
XMPP + Off-The-Record - I use pidgen and chatsecure as clients. You can run this over Facebook or Google accounts to make it easier to convince friends/family to use it. I have switched all of my close friends to this.
Textsecure - Not really a good replacement for e-mail, but for the ones who can't understand option 1 in my family I just installed this. They don't even know its there or what it is. My messages are at least encrypted to them now.
Bitmessage - I have pretty much moved to this for 'e-mail'. Works well. For anything super secretive I still encrypt it with PGP first and then send it. I am waiting for this to be audited and studied a bit more, although I am sure its fine.
Pond - This is pretty new and haven't tested it. Looks promising.
Since the NSA leaks, I have all but completely dropped e-mail. I still use it for registering on websites and such. I even still send the occasional PGP encrypted mail, but I prefer these other options now. XMPP + OTR is easy, more secure, and deniable. Something GPG/PGP doesn't offer. Move to that for secure communications for now.
My advice would be to first focus on low effort solutions. Install the apps by by Open Whisper Systems. TextSecure for Android and Signal for iOS. Signal is TextSecure+Redphone, not just for calling, and Redphone will be integrated into TextSecure soon. Those are the best tools we have for secure communication on phones. Ask the people you communicate with the most to install that as well. For Android this is easy as TextSecure replaces their SMS app, sending regular SMS to those without TextSecure and encrypted messages to those who do. There's really no good reason not to install it, and everyone reading this should do it.
This doesn't solve all your problems but it's the most bang for buck.
Install the apps by by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Then start reading https://ssd.eff.org/
I'd like to recommend Signal to all American protestors who want to communicate with encrypted chats. Don't let up. Fuck the Police. Black Lives Matter.
Also, read this. - Pixel 4 users should consider the iPhone stuff on face unlock. Use a pin instead.
Use Google Photos and enable sync over mobile data, so that videos and pictures you took are safe in the cloud even if your phone gets smashed.
Consider Google Maps for sharing your location with loved ones.
Or here's a bunch more suggestions. - included an "I'm getting arrested" app to quickly notify family members.
Learn about the ACLU justice apps here.
Signal ftw
Hopefully this will migrate more user towards signal.
Link: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Signal has a Chrome app that works well enough and you get the added bonus of mobile apps (Android / iOS).
Does the link not work for you? Here's the post that I was linking to.
Telegram isn't secure. Whatsapp still uses end-to-end encryption for all your messages, unlike Telegram. You should recommend Signal instead, heres the link for iOS and Android. Open Whisper Systems who made Signal were also hired to implement the Signal Protocol for Whatsapp, Google Allo and Facebook Messenger.
http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-telegram-right-now/
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there. > > Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. > > This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
With Telegram end-to-end encryption is off by default. "Secret chats" only works if both are online at the same time and you can't use group chats or desktop client. So the majority of all messages sent are not end-to-end encrypted and also kept accessible on Telegrams servers. Compare that to Signal and Whatsapp where messages are always end to end encrypted and don't store your messages at all. Also your friend doesn't need to be online and you get encrypted group chats and desktop client.
Some russian activists Telegram account got hacked giving them access to all previous messages: https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
Pavel himself admits security isn't a priority here https://twitter.com/durov/status/678305311921410048 in response to this:
Thomas H. Ptacek
> https://twitter.com/Snowden/status/678274362609426432 > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
Edward Snowden
> https://twitter.com/Snowden/status/678274362609426432 > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> https://twitter.com/Snowden/status/678274362609426432 > To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
Moxie Marlinspike > https://twitter.com/moxie/status/678219238394298372 > It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> https://twitter.com/moxie/status/678277776391077888 > If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> https://twitter.com/moxie/status/678309008789258240 > For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach. > > Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
> Still, is there any point in taking these precautions
Yes.
Some more tips from Snowden.
https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/
The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.]
You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.]
Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]
The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that.
Install Signal in its place:
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Use Signal by Open Whisper Systems as your default sms app.
https://github.com/WhisperSystems/Signal-Android/issues/3817
TextSecure by Open Whisper Systems seems to have been safe all along.
> Supposedly the vulnerability is in stagefright, which is the Android framework responsible for audio/video encoding/decoding and playback. TextSecure doesn't do any pre-processing of received audio/video messages, so it seems unlikely that a vulnerability in stagefright could be triggered simply by sending audio/video to a TextSecure user.
https://lists.riseup.net/www/arc/whispersystems/2015-07/msg00084.html
For those new to TextSecure
http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
Signal is your friend. Android link
Alternativen:
Signal (Play Store / App Store)
Hoccer (Play Store / App Store)
Bei Hoccer braucht man keine Telefonnummer angeben und kann Kontakte per QR-Code und Kamera hinzufügen.
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
https://twitter.com/moxie/status/678219238394298372
https://twitter.com/Snowden/status/678274362609426432
Whatsapp uses the Signal Protocol now, and is end to end encrypted by default, so it's more secure than Telegram. Don't like Whatsapp for some reason? Use Signal itself. Available for iOS and Android. There's also a Chrome/Chromium app in beta for desktop.
Signal. Avavailable for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta. Read about the security here.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technologist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Even better. Signal.
No. What is your threat model?
You can encrypt your messages with Signal by Open Whisper Systems
You can browse anonymously with Orbot and Orfox (beta). Or at least gain some privacy/security by browsing with Firefox with the following add-ons uBlock Origin, HTTPS-Everywhere, and Decentraleyes.
You can avoid proprietary apps and use free software.
But a mobile phone is a tracking device http://www.networkworld.com/article/2200967/software/cell-phones-are--stalin-s-dream---says-free-software-movement-founder.html
Remember to send install link! https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Thanks for sharing. Great message and I actually liked it so much that I translated it into german. I've made some chances (biggest one: adding a tl;dr and some minor translation things) but if anyone needs the translation
---
Kurzzusammenfassung: Die Meta-Daten von Facebook und allen Tochterunternehmen von Facebook Inc. werden zusammen gelegt. Und es gibt keine Möglichkeit sich der Weiterleitung der Daten zu entziehen.
Whatsapp stellt Nutzern ein Ultimatum: https://www.linux-magazin.de/news/whatsapp-stellt-nutzern-ein-ultimatum/
Aus diesem Grund lösche ich meinen WhatsApp-Account und wechsel zu "Signal". Wenn dich dieser Zwang genau so stört, wechsle mit mir zusammen zu "Signal". Die App ist super leicht zu bedienen und bietet ähnliche Funktionen wie WhatsApp.
Installation aus dem Google play store: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Installation aus dem Apple store: https://apps.apple.com/us/app/signal-private-messenger/id874139669
Installation über die Signal Webseite: https://signal.org/install
Hey,
Entschuldigung für diese lange Nachricht, aber wenn du einige Minuten Zeit hast, bitte ich dich sie einfach zu lesen.
In den letzten Jahren stand Facebook Inc. immer wieder in der Kritik. Sei es der Cambridge Analytica Skanal, die Rolle die das soziale Netzwerk in der internationalen Politik und bei Wahlen einnimmt, das "Nicht löschen" von Hate Speech, ihre Aufweichung der Privatsphäre oder die negativen psychologischen Auswirkungen, die die Benutzung ihrer Dienste mit sich bringen. Aus einigen dieser Gründe habe ich kein aktive Facebook oder Instagram Konto. Ich blieb absichtlich außerhalb der Facebook Inc.-Filterblase. Mit einer Ausnahme: "WhatsApp"
Vor kurzem wurden allerdings die "Nutzungs- und Datenschutzbestimmungen" dieser App aktualisiert. Dadurch werden alle Metadaten mit Facebook Inc. geteilt. Das heißt auch wenn du nur WhatsApp nutzt, hat Facebook Inc. in Zukunft Zugriff auf deine Kontaktlisten, deinen Standort, deine Nutzungsdauer der App, mit wem du sprichst und vielen anderen Dingen. Dadurch hat Facebook Inc. die Möglichkeit ein Profil von dir anzulegen und dieses für die bewusste Manipulation deiner Umwelt durch individualisierte Werbung zu nutzen. Wenn du dieser Änderung nicht zustimmen willst, dann darfst du WhatsApp (oder jeden anderen Dienst von Facebook Inc.) nicht mehr weiter nutzen.
Whatsapp stellt Nutzern ein Ultimatum: https://www.linux-magazin.de/news/whatsapp-stellt-nutzern-ein-ultimatum/
"WhatsApp updates its Terms and Privacy Policy to mandate data-sharing with Facebook" https://www.xda-developers.com/whatsapp-updates-terms-privacy-policy-mandate-data-sharing-facebook/
Wenn man die Menschen fragt, warum sie WhatsApp nutzen, ist die häufigste Begründung: "Weil es jeder tut". Dieser Ouroboros (Eine Schlange, die sich selbst in den Schwanz beißt) bringt ein gewaltiges Problem mit sich. Da niemand von WhatsApp wechseln will, da alle Freunde und Verwandte dort sind, kann Facebook Inc. tun und lassen was will. (Demnächst zeigen sie vielleicht individualisierte Werbung in deinen persönlichen Chats.) Ich persönlich finde das allerdings sehr schade, da Facebook Inc. in meinen Augen eine unethische Firma ist.
"Facebook: Unethical, untrustworthy, and now downright harmful" https://www.zdnet.com/article/facebook-unethical-untrustworthy-and-now-downright-harmful/
"A timeline of Facebook's privacy issues — and its responses" https://www.nbcnews.com/tech/social-media/timeline-facebook-s-privacy-issues-its-responses-n859651
"Is Facebook unethical by design? A great case study on digital ethics, power, responsibility and regulation" https://www.futuristgerd.com/2019/02/is-facebook-unethical-by-design-a-case-study-on-digital-ethics-power-responsibility-and-regulation/
Deswegen habe ich mich dazu entschieden WhatsApp noch solange weiter zu nutzen, wie es geht, aber auch eine Alternative zu installieren und sobald einer meiner Kontakte ebenfalls wechselt, ihn nur noch über die Alternative zu kontaktieren.
Meine Alternative ist "Signal", eine wesentlich sichere und vertrauenswürdiger App, die WhatsApp im Aussehen und Funktionsumfang ähnelt. "Siganl" sammelt und verarbeitet keine Daten von dir (mit Ausnahme wann du die App installiert hast https://signal.org/blog/looking-back-as-the-world-moves-forward/). Die "Signal-Foundation" ist eine Non-Profit Organisation und haben es sich zum Ziel gemacht "to develop open source privacy technology that protects free expression and enables secure global communication. As more and more of our lives happen online, data protection and privacy are critical." (https://signal.org/blog/signal-foundation/).
Einen Vergleich beider Apps findest du hier: https://www.wired.co.uk/article/signal-vs-whatsapp
Wenn dich dieser Zwang genau so stört, wechsle mit mir zusammen zu "Signal". Die App ist super leicht zu bedienen und bietet ähnliche Funktionen wie WhatsApp.
Installation aus dem Google play store: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Installation aus dem Apple store: https://apps.apple.com/us/app/signal-private-messenger/id874139669
Installation über die Signal Webseite: https://signal.org/install
Switched to signal as my messaging app as soon as I read this.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Everyone should be using Signal.
Meh. Yah if you care about privacy, use Signal
Signal Messenger, which uses OpenWhisper
Telegram isn't secure. If you want a secure messenger use Signal. Available for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta. If you don't want to use GApps in the future you can check out Libre-Signal but it probably won't be as good.
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
http://thoughtcrime.org/blog/telegram-crypto-challenge/
https://security.stackexchange.com/questions/49782/is-telegram-secure
https://eprint.iacr.org/2015/1177.pdf
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
Signal lets you do this.
Signal Private Messenger is pretty good
This is why you use Signal available for Android and iOS. This is a fully open source (client and server side) software whose code Whatsapp says they implemented.
It's made by Openwhisper Systems
The Play Store URL has "thoughtcrime" in it: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Why not use TextSecure / Signal by Open Whisper Systems instead? If you're using Android it handles regular sms as well so you don't have to switch apps when you want to talk about something sensitive, all your communication with your wife will be private all the time.
Unlike Threema it's free software (GPLv3) so the source code is available, and it doesn't cost anything. Also it's recommended by these people:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
I'm sure we'd all love to have/see your notes once you're all done.
FSF and EFF have definitely helped to push me left over the years until I ended up here. This is particularly true in regards to copyright, IP, etc (and I work in film/tv to top it all off).
Anyway, you need to consider your audience before we can help here - something it seems like you're already acutely aware of. If these are tech savvy people, then dig into what sets FOSS apart from open source and closed alternatives. Dig into the nitty gritty history and explain why I get yelled at every time I say linux instead of GNU/Linux.
If these are not tech savvy people, ease them into why not having control of their stuff is potentially a bad idea and why (easily usable) FOSS is a better option. Use lots of analogies such as the difference between "licensing" a car you bought and actually owning it and being allowed to tinker and repair it yourself. In my experience, analogies are the most important part of explaining tech to non-tech people.
While you're at it, get everyone on Signal/TextSecure!
So what kind of audience is this?
Only Android-to-Android, though. As of Apr 30, WhatsApp messages from or to iPhones are still without E2E encryption.
In the meantime, I recommend using Signal on iOS and TextSecure on Android.
I just want to let every Android user here know about easy, auto-encrypted communication with their phones.
Firstly, there's Off-The-Record (OTR) messaging. It's available in:
TextSecure (for SMS messages)
Xabber (for Facebook chat, and any other XMPP chat). Just a side note here: You can use Pidgin (Windows download here) and Pidgin-otr-plugin (Windows download here), for encrypted Facebook chat using OTR on your PC. And yes, you can use OTR to communicate from a PC to a phone.
Now, for electronic communications outside of messaging:
You can install RedPhone alongside your normal phone app to have encrypted phone calls. Just dial their number with Redphone for the call to be encrypted.
For Tor: install Orbot and Orweb, and just use Orweb whenever you want to browse through Tor. Super easy.
You can use APG and K-9 Mail for encrypted email, but many of you probably don't use email these days to communicate with friends and dealers.
Also, yes, the person you are trying to contact through one of these apps also needs the same app to be able to communicate back.
From now on, I will start switching to Signal (it is a messaging app like whatsapp but better) and it has security which is miles better (signal.org/blog/looking-back-as-the-world-moves-forward) Signal is a nonprofit company, it can’t be purchased by facebook or any company (it brings most of its money through donations) and they do this to develop a privacy technology that makes us talk whatever we want with it not being any body/company’s business (signal.org/blog/signal-foundation)
Signal vs Whatsapp: http://wired.co.uk/article/signal-vs-whatsapp
Hope everybody switches from whatsapp to an alternative like telegram/signal because it isn’t so nice that strangers know most of what we do on WhatsApp
“I can’t because everyone uses whatsapp” signal is now the most downloaded app on the app store here in lebanon and in others like france, germany, Austria, switzerland, and others
It is so easy to switch and if you have a problem please contact me
Signal for android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms Signal for iOS: https://apps.apple.com/us/app/signal-private-messenger/id874139669 Signal for PC/Mac: http://signal.org/install
I recommend Signal
Switch your SMS app to signal (https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
In settings > chats and media, there's an option to trim all conversations.
I use Signal, which does just that. But you have to trust the end point, which you wouldn't on a company owned device.
SignalSignal
Not of that one exactly, but Signal is a great open-source messenger that is basically like WhatsApp (WhatsApp uses the same encryption as them, except that Signal doesn't have any known backdoors and is open-source): https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Along with the newly discovered backdoor, there are other issues with WhatsApp:
>When you first set up WhatsApp, you’re encouraged, but not required, to share your phone’s contact list with the app. This helps the WhatsApp service connect you with other users quickly and easily. A WhatsApp spokesperson confirmed to me that the company retains contact list data, which means that WhatsApp could also hand over your contact list in response to a government request.
>[...]
>Signal’s privacy policy is short and concise. Unlike WhatsApp, Signal doesn’t store any message metadata. Cryptographer and Open Whisper Systems founder Moxie Marlinspike told me that the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second.
>Signal users must share their contact list with the app in order to find other users — in WhatsApp, this is optional but recommended. But Signal doesn’t directly send your contact list to the server. Instead, it uses what’s known as a cryptographic hash function to obfuscate phone numbers before sending them to the server. (It also truncates the hashed phone numbers, if we’re being precise about things.) The server responds with the contacts that you have in common and then immediately discards the query
https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/
I can only recommend Signal, been using it for about 2 years now, and it's just as easy to use as WhatsApp. Contacts are connected automatically and it can also be set to your default SMS app, which may also store your SMS encrypted.
Closed source implementacija ma i najbolje enkripcije ne znači nikakvu sigurnost kad ne znaš kako se zapravo barata ključevima. Ovo može biti backdoorano bez da to itko zna (a budući da je Facebook vlasnik WhatsAppa, vjerojatno i jest).
Ako Facebook ima back door u ovo, onda i državne agencije imaju back door. A kako je to vrlo lijepo rezidentni luđak za informacijsku sigurnost John McAfee rekao: "Pristup resursima neke državne agencije kriminalcima je moguć jednostavnim mitom nekom uhljebu."
Tko hoće kvalitetnu zamjenu za SMS i ostale messengere, najtoplije mu preporučam Open Whisper Systems i njihov messenger Signal (iOS / Android / desktop).
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
https://twitter.com/moxie/status/678219238394298372
https://twitter.com/Snowden/status/678274362609426432
Whatsapp uses the Signal Protocol now, and is end to end encrypted by default, so it's more secure than Telegram. Don't like Whatsapp for some reason? Use Signal itself. Available for iOS and Android. There's also a Chrome/Chromium app in beta for desktop.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
There's a browser addon too.
Use Signal by Open Whisper Systems as your default sms app. As an added bonus you get encrypted calls and messages if your friends also use it.
https://github.com/WhisperSystems/Signal-Android/issues/3817
As far as I know Signal was the only sms app that wasn't vulnerable to Stagefright, even before the bug was announced. That's the nice thing about using apps where security is a priority.
> why does it need "Device & app history", which includes access to my (Chrome) browsing history, or my call log?
This is a result of Android's silly permission system. The only permission it has from that list is READ_LOGS, which it needs for call log access for the RedPhone integration, and that permission is grouped under device & app history. If you drill down into the permissions (or click "view permissions" from the play store webpage) you'll see that it only lists "read sensitive log data". It doesn't have access to browser history.
I posted this elsewhere but it posting here too:
Signal looks pretty good to me. Its open source and it seems that some heavy development is happening on all the fronts ios, android, chrome extension, and the server itself.
For those curious about securing their communications, Whisper Systems publishes numerous simple-to-use strong-encryption-powered communications applications, such as Signal for iOS and for Android platforms. They also publish Private Calling for iOS and Android.
These applications prevent communications from being eavesdropped upon in transit, which causes law enforcement to have to go through whatever legal or extralegal process they have available to directly wiretap and search the device you're using (usually that would require a warrant, issued by a judge).
If desired, manually verifying the key fingerprints used by others is straightforward, and the systems generate and handle their own keys.
For those wondering about TextSecure by Open Whisper Systems
> Supposedly the vulnerability is in stagefright, which is the Android framework responsible for audio/video encoding/decoding and playback. TextSecure doesn't do any pre-processing of received audio/video messages, so it seems unlikely that a vulnerability in stagefright could be triggered simply by sending audio/video to a TextSecure user.
https://lists.riseup.net/www/arc/whispersystems/2015-07/msg00084.html
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Current version is 5.10.8 (not beta)
just use Signal.
>Itsestäni se tuntuu enemmän tältä.
Rätinä linjalla oli joskus 50 vuotta sitten merkki siitä että joku kuunteli välissä. Tänä päivänä "näppituntuma" digitaaliseen salakuunteluun on about sama kuin vertailisi saman standardin mukaisten, 100€ ja 100 000€ HDMI-kaapeleiden kuvanlaatua hifikaupassa (aivan sama onko kaapelin häiriö desibeli sinne tai tänne jos aikasarjan tuottamat, virheenkorjausta seuraavat bitit ovat identtisiä).
Salakuuntelun mahdollisuus selviää speksejä tuijottamalla ja speksit verifioimalla. Eli jos WhatsApp on kätkenyt sovellukseen takaportin, sitä ei ole laillista selvittää (kts vastaukseni alla). WhatsAppia on kuitenkin ilmeisesti kehitetty pitkään samassa konttorissa kuin Signaliakin, eli devaajat ovat Signalin kehittäjien kuten Moxien kanssa päivittäin tekemisissä. Voisi kuvitella että Moxie on suht kärryillä siitä mitä koodissa tapahtuu, mutta tästä on mahdoton varmistua.
Lähde toimitloille on Google Play sivu jossa osoitteeksi on merkattu 650 Castro Street, Suite 120-414, Mountain View, California 94041-2055
, sama kuin WhatsApp:n entinen osoite.
Jos kaivaa vähän speksejä Signal protokollasta niin avaintenvaihto on tosiaan, Diffie-Hellman. Klassinen MITM onnistuu toki jos käyttäjät eivät kytke turvallisuusilmoituksia päälle ja tarkista turvakoodeja. Turvallisuusilmoitusten pois päältä oleminen on suoranainen skandaali jolta mainstream-tietoturvayhteisö tuntuu ummistaneen silmänsä.
Vaihtoehtoja on siis kolme:
Blokkaamaton varoitus näyttää ainoastaan viestin puhekuplien välissä että "salausavain vaihtui". Blokkaava varoitus estää uusien viestien lähettämisen ja vastaanottamisen kun avain vaihtuu, kunnes käyttäjä hyväksyy uuden avaimen (ja mielellään varmistaa sen heti perään, tai ainakin mahdollisimman pian).
Kun WhatsAppin asetus on kytketty päälle (Asetukset -> Tili -> Turvallisuus -> Näytä turvallisuusilmoitukset tjsp), klassinen MITM voidaan sen jälkeen havaita vertaamalla turvanumeroita tökkäämällä keskustelussa käyttäjän nimeä, valitsemalla "Salaus", ja tarkistamalla että molemmilla näkyy sama numerosarja. Numerosarja näkyy nykyisin mukavasti desimaaleina eli se on nopea lukea puhelimessa. Huomattavasti turvallisempi ja nopeampi tapa on kuitenkin silloin kun näkee kasvotusten se, että tökkää numerosarjan alta "Skannaa koodi" ja skannaa QR-koodin. Riittää että toinen skannaa QR-koodin. Jos turvanumerot on oikein, viestejäsi ei lueta jos
1) WhatsAppissa ei ole takaporttia joka tekee turvanumeroista silmänlumetta 2) NSA / Supo pakkokeinolain puitteissa ei etähakkeroi älypuhelintasi. Snowden sanoi asian hyvin: Älypuhelimen voi hakkeroida yhdellä tekstarilla. 3) Kvanttitietokone ei murra WhatsAppin salausta
Ok, here’s all the apps I’ve collected so far
Aimsicd
AndOPT
AnotherMonitor
Application Info
Brave
CryptoPass
DuckDuckGo
F-Droid
Firefox Focus
Hide Apps
K9 Mail
Net Guard
Net Monitor
ObscuraCam
Open Keychain
OpenVPN
Orbot
Orfox
PEP (Pretty Easy Privacy)
ProtonMail
ProtonVPN
Ripple
Signal
Silence
Surespot
XPrivacy (root)
Yalp Store
If you were looking for links
Try using Signal instead https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
> lack of anything better.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=fi
> If what you said was true you wouldn't be able to get Signal on FDroid. (Noise)
Signal is not on F-Droid.
> That's incorrect, the Signal client for Android and iOS are 100% FOSS.
It is not 100% FOSS if it has Google Play Services blobs, as GPS blobs are proprietary, not FOSS. One of the reasons why it is not allowed on F-Droid. Though Moxie, the creator refuses to have it anywhere but in the Play Store, until recently this year. Moxie now provides the app on their website, which is pretty hidden and calls it the DANGER ZONE... because 'https://signal.org/android' goes directly to the Play Store, you have to have the direct link to that apk page. Moxie refuses to put it on F-Droid due to not trusting signature verification from F-Droid. Another reason why Moxie does not want people to download it everywhere else, is because Moxie wants to actually see how many users download Signal, and F-Droid doesn't track (it was in one of the issues on GitHub).
> That's incorrect, Signal has been designed to work perfectly without Google Play Services.
But the app still has those blobs inside it's code. The only way to register the app is to not have Google Play Services or MicroG installed on the phone. If you have MicroG installed, it'll give an error during registration, you can install it after though. Moxie probably won't have this fixed because he doesn't really care for the users who don't use Google Play Services as much. It took him FOREVER to agree to have it be able to not use Google Play Services. Issue from 2013, and did not give any other options until 2017 March 13. People kept pestering Moxie by creating issue after issue after issue on GitHub to get him to do this. And yes, if the app detects that you don't have Google Play Services, it'll fallback to web sockets instead of GCM. Why not just make the app not use GCM at all to get Google off of the app? Just need to remove those blobs and it'll be all good, since it can run without GCM & GPS. An app about privacy & security but uses Google...
> That's also incorrect, you can choose to run Signal on it's own and not use it as your default SMS client.
Sorry, I meant that you can run Signal on it's own, AND have it be an SMS/MMS fallback if you want to.
More info in the forums that helped push Moxie to release outside of Google Play, but he is still against people downloading it from the website.
Also, the app forces you to register your phone number too... so Idk if it's considered private.
There was LibreSignal, a true FOSS version, but it was abandoned.
Edit: Grammar & spelling
Yes, Signal
Signal ticks most (if not all) of those boxes.
You could try Signal.
Join the Signal master race!
Telegram isn't secure. Use Signal if you want a secure messenger. It's Free Software (source here) and you can get it for Android, iOS and desktop.
http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-telegram-right-now/
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there. > > Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. > > This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
Some russian activists Telegram account got hacked giving them access to all previous messages: https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
Pavel himself admits security isn't a priority here https://twitter.com/durov/status/678305311921410048 in response to this:
Thomas H. Ptacek
> https://twitter.com/Snowden/status/678274362609426432 > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
Edward Snowden
> https://twitter.com/Snowden/status/678274362609426432 > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> https://twitter.com/Snowden/status/678274362609426432 > To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
Moxie Marlinspike > https://twitter.com/moxie/status/678219238394298372 > It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> https://twitter.com/moxie/status/678277776391077888 > If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> https://twitter.com/moxie/status/678309008789258240 > For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach. > > Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
If you guys are concerned about privacy, check out Signal.
You mean something like this: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
https://twitter.com/moxie/status/678219238394298372
https://twitter.com/Snowden/status/678274362609426432
Whatsapp uses the Signal Protocol now, and is end to end encrypted by default, so it's more secure than Telegram. Don't like Whatsapp for some reason? Use Signal itself. Available for iOS and Android. There's also a Chrome/Chromium app in beta for desktop.
Signal's latest (Android) update was March 31, 2016, so there is a lag: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Use free software instead of proprietary whenever possible. Don't allow installation of third party apps. Buy Nexus next time if you don't have one now, so you get updates (including security updates).
Signal by Open Whisper Systems for encrypted messaging and calls.
Use strong passwords and don't reuse them. Best thing is to use a password manager (make sure it's Free Software instead of proprietary, like). That way you don't have to remember many passwords, just one. Use Diceware to make it a good one.
Keepass2Android is a good password manager. You can use it with KeePassX for desktop.
If you're a GNU/Linux user and comfortable with the command line, I'd recommend pass with Password Store (you need to use this with OpenKeyChain)
Make sure to turn on 2-step verification on Google and use Google Authenticator.
Firefox with the following add-ons uBlock Origin, HTTPS-Everywhere, and Decentraleyes.
On the desktop version Privacy Badger is also a must, but it doesn't work on mobile. None of the add-ons mentioned require any effort, you just install and forget about them.
Want secure messaging?
Best option:
Signal. Avavailable for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta.
Second best:
Conversations is an XMPP-client for Android with support for OMEMO (based on Axolotl from Signal). There's an experimental plugin for Gajim for desktop.
Telegram is unsafe.
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
http://thoughtcrime.org/blog/telegram-crypto-challenge/
https://security.stackexchange.com/questions/49782/is-telegram-secure
https://eprint.iacr.org/2015/1177.pdf
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
Use Signal if you think your messages and calls should be private. Available for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta. Read about the security here.
You can use it as your sms app on Android, so it's great even if none of your friends have it right now. Recommended by Edward Snowden and Bruce Schneier.
Use Signal for secure calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Blackberry should be avoided.
> Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday. “We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”
http://fedscoop.com/blackberry-taking-balanced-approach-to-encryption-lawful-intercept
See Snowdens advice on reclaiming your privacy.
https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/
The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.]
You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.]
Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]
The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that.
> The worst offenders are the messaging apps like WhatsApp and TextSecure. They have huge lists of permissions that allow them to rip everything off your phone.
It's called Signal now, and it's free software so you don't have to assume anything. See http://support.whispersystems.org/hc/en-us/articles/212535858-What-are-all-these-permissions- for an explanation of all the permissions used. Check the source code yourself if you don't trust Moxie or these guys:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Private messaging. Your cert is worth nothing privacy-wise. You're trusting a third party to guarantee the integrity of your PGP public key. You'll want to start verifying the public keys of your peers in person. PGP isn't the current recommendation for encrypted messaging. I highly recommend you switch to messaging over clients that use OTR-protocol between computers and to Axolotl protocol (Namely, TextSecure / Signal apps) when using smartphones for communication.
~~If you're against this and want to follow the lead of our minister for communications:~~ ~~Grab the app wickr~~ or maybe not...
Here are some links others provided for secure communications:
also there's prism break which is truly excellent, specifically on instant messaging
Or even better, TextSecue. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Like TextSecure?
> temporary texts like SnapChat or any number of end-to-end encrypted messaging apps?
Snapchat is not secure or even encrypted. Most name brand messaging apps (or programs) are not secure either (refer to the other link).
If your looking for a truly secure method of communication you should ditch the cell phone. If you must use a cellphone then use an app like secure text for the android or signal for the iPhone (the iPhone is far more secure than the android). However, keep in mind that maintaining opsec with a phone is very difficult and requires a great deal of discipline. I don't have the time to write out all the precautions necessary to take when using a phone, but trust me there are many.
Personally, I would suggest using a computer purchased from criagslist w/ cash for secure communication. The computer should have an HDD not an SSD since HDD is older and better understood. If your looking for synchronous communication (like IM where both parties are online), I would recommend pidgin w/ OTR wiki. On the other hand, if you prefer asynchronous communication (like email where both parties do not have to be online together) you shouldn't even consider email; instead stick with pond.
edit: added a word and period.
Oh sorry, Missed the encrypted part. The only encrypted one I know is textsecure but no idea what it's like for features.
You are looking for TextSecure.
Did someone say not leaving a trace? You mean like a live system created by the makers of TOR?
Ah, decoding hashes. There's an app for that! (<More than that actually!) Matter of fact, there's even a live system built for (limited) cracking of hashes!
Designing malware? That's quite the commitment! Choose a programming language (I've heard Assembly is good for malware design, though a bitch to learn) and look up the mechanics of some of the worst malware created, their origins, their creators and their purposes. (Remember, history repeats itself--never think that a virus and its meaning are obsolete because of its age!) Get an idea of how malware works, follow some feeds, find some forums, and never forget that even something as simple as a Wikipedia entry can help you gain insight into the jargon of the elusive hacking community.
Now, if you're looking for tools, you might have to go some dirty places. Places where you can retain complete anonymity. Places like the deep web! Only accessible through anonymization browsers like TOR, it's where all of the Earth's scum goes to meet. Sounds jolly, eh? disclaimer: the deep web is a very dangerous place. I do not encourage going to it. But in reference to doing things discretely (and hosting discrete servers), I thought I'd include this.
But the deep web is for things that are blatantly illegal and destructive. If you're hacking for positive purposes, you can always put every effective vulnerability tester, cracker, sniffer, mapper etc. on the planet into the most advanced operating hacking operating system on the planet and call it "penetration testing"! And download it for free! Legally!
Too scared for the deep web, but want to dabble in anonymous chans, mailing lists, and just awesome sites without breaking laws? Great! I suggest checking out bitmessage, (which includes its own chans scattered in various places and even a subreddit), various sites like hak5, Hacker News, Hacktivismo, and Darknet, and of course just talking with people with similar interests is always a good (though sometimes risky with people you don't personally know) route.
Wait though! You can't just talk about things like hacking and semi-legal things without raising a few eyebrows (especially if you're looking for doing some truly evil things)! If you've had your ears open, you know that the government is monitoring us more than ever before. (ever. like ever.) So, wanna talk with your homies without raising suspicion(or leaving any legible trace)? ENCRYPT EVERYTHING! From emails to instant messaging to texting to phone calls to IM across devices to files and folders! Honestly though, you don't really need to encrypt everything you're doing if you aren't doing anything malicious, but it's always good to have these tools on hand if you're going to be talking with people who prefer privacy.
When you speak of how to debug malware, things like reverse engineering (finding how code works by breaking the warranty(not applicable to malware of course)and finding the source code) aren't my territory but you can always virtualize a disposable operating system (called a virtual machine) and run the malware within it to observe its effects. If you're looking for legitimate tutorials and such, go to sites like Lifehacker(yes, seriously) and HowToGeek for simple things and other forums like the ones listed above for the more complicated ones. (Validity speculation regarding searches for clickbait topics can usually be settled by searching on Lifehacker or HTG, i.e. Lifehacker isn't gonna bullshit you on the top 10 Linux distros, they're nice; HTG is comprised of, well, geeks; and of course Hak5 is a hivemind of enthusiasts.)
Good luck!
r/signal/
Everyone should be using Signal.
Signal for iOS: https://apps.apple.com/us/app/signal-private-messenger/id874139669
Signal for Android (the best package name): https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal for desktop: https://signal.org/download/
I would urge you to use GrapheneOS if you want more/most privacy. The downside is that it only supports Google Pixel devices. There is also CalyxOS, which aims to provide a middle ground between privacy and usability. It also supports the Xiaomi A2, but support for that is running out this month because of no more manufacturer support.
GrapheneOS is working on making the Google Play Store and Google Play Services work as regular apps, rather than system apps, for the people who really can't do without an app that requires it.
Some privacy respecting alternatives for apps you might use:
Other recommendations I have are:
I hope this was of use to at least one person out there. Currently taking back your privacy comes with a too high barrier already, having to give up many conveniences being only part of it, so I hope I was able to lower the barrier a little bit by giving you some privacy respecting alternatives to commonly used apps.
Part2:
"WhatsApp gives users and ultimatum: Share data with Facebook or stop using the App" https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/
"WhatsApp updates its Terms and Privacy Policy to mandate data-sharing with Facebook" https://www.xda-developers.com/whatsapp-updates-terms-privacy-policy-mandate-data-sharing-facebook/
If you asked a person why they use WhatsApp they'd tell you it's because everyone else does. It's convenient. This is circular and self perpetuating: everyone is using WhatsApp because everyone is using it. This creates a problem: no one will use an alternative because they won't find their friends and family using the alternative, and they will still be receiving messages over WhatsApp. This is regardless of the quality and advantages of the alternative. Obviously this is great for Facebook/WhatsApp, it means Facebook can do almost anything they want and you'll keep using it (WhatsApp at least) because you don't want to be inconvenienced (Imagine ads when you open the app, or even in your personal chats, would that be too far for you? What will you use then?). And this is bad, because Facebook is harmful and is an unethical company.
"Facebook: Unethical, untrustworthy, and now downright harmful" https://www.zdnet.com/article/facebook-unethical-untrustworthy-and-now-downright-harmful/
"A timeline of Facebook's privacy issues — and its responses" https://www.nbcnews.com/tech/social-media/timeline-facebook-s-privacy-issues-its-responses-n859651
"Is Facebook unethical by design? A great case study on digital ethics, power, responsibility and regulation" https://www.futuristgerd.com/2019/02/is-facebook-unethical-by-design-a-case-study-on-digital-ethics-power-responsibility-and-regulation/
To me the solution seems to be this: keep WhatsApp but also install an alternative, when you see a friend/family member also has the alternative then message them there instead, and keep recommending the change to the alternative to your other contacts. This will cause a steady migration, and hopefully we will soon be free of every Facebook product.
I will now be in the process of moving over to a different messaging application, called "Signal", which is a much more secure alternative that looks and feels similar to WhatsApp and has the same functionality. Signal does not collect and store any of your data, except for when you installed the application (https://signal.org/blog/looking-back-as-the-world-moves-forward/). The Signal Foundation is a non-profit, and they state that their goal is "to develop open source privacy technology that protects free expression and enables secure global communication. As more and more of our lives happen online, data protection and privacy are critical." (https://signal.org/blog/signal-foundation/)
A comparison of the applications: https://www.wired.co.uk/article/signal-vs-whatsapp
If anyone else shares these concerns I would very much welcome our chats moving to Signal. Signal is super easy to use, very similar to WhatsApp, and you can be up and running in under 2 mins if you download it from the App Store.
"I use WhatsApp because everyone uses WhatsApp." Can we change that?
Install from Google play store: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Install from Apple store: https://apps.apple.com/us/app/signal-private-messenger/id874139669
Install from Signal website: https://signal.org/install
i'm sorry for laughing because I understand this is serious but I really want to give you a high five for spawnpoint. that is genius, Im gonna start using that one now LOL
onto your actual post: if the sorry excuse for the guy on your team doesn't believe it or is shit at his job i'd start recording stuff and when you have enough i'd walk right into a police station. or a lawyers office and tell them they can have a majority of the winnings. Once you have recordings (multiple) and screen shots they really can't hide behind "he said- she said" because you have EVIDENCE.
​
follow up from the last point: If a bank account is not possible ask if the employer can pay you cash and get a lockbox and keep it in your car but that means your keys will have to be on you at all times and you can never forget to lock your car.
I'm not entirely sure about how else to help but I hope someone else from this sub can help further!
​
there might be more at this specific link that can help you
​
Good luck and stay safe!
Have you considered Signal? It's free, you can have as many people as you want in a messaging group, and it's secure.
https://apps.apple.com/us/app/signal-private-messenger/id874139669
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
I use Signal. It allows this.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US
New phone number
​
https://support.signal.org/hc/en-us/articles/360007062012-New-Number-or-New-Phone
I cannot recommend Signal highly enough.
What about Signal. Open source, has a ton of security focused features and what whatsapp steals it's code from.
Use Signal Private Messenger instead.
If we are really just talking basis stuff:
~~Google Search~~ StartPage /DuckDuckGo
~~Chrome~~ Firefox inclusive AddOns: uBlockOrigin / NoScript / SmartHTTPS-revived / PrivacySettings)
~~Gmail~~ ProtonMail / Tutanota
Delete Facebook Permanently while downloading a copy of your data prior deletion.
I really tried to narrow it down to five basic things even a regular Windows10 user can do. If someone decides to leave Gmail and GoogleSearch behind, of course I would also recommend to permanently delete the Google Account but maybe the person still has to use GoogleDrive or other services for his work so who knows. Same goes with deleting Instagramor Twitter.
I don't want to be credited:)
Communication:
Internet:
Work:
Usability:
Travel:
Misc:
Just opened my Messages app (I use Signal by default). Holy crap, so many missed messages......... that explains a lot. :(
Signal is open source, just copy it, put Google sticker over it and you will have E2E IM with SMS fallback and E2E encrypted video and voice calls in one compact app with super simple UI, then build on this, not sure how hard is this to do overnight
Oh, my mistake, Signal definitely does this (I just checked). And And VZW SMS app does as well.
Some advise: http://acisni.com/protect-cell-phone-against-spy-software/
Also use something like Signal (Apple/Andriod ) that prevents the Cell Account holder from reading you SMSs
Edit: For those unfortunately that need to be extra paranoid: get a old/refurbished phone ($40-$50 range) and use it over wifi only to do stuff like email and chat, you can even make calls with google voice . Keep the phone hidden and secure. If it's found, Deny all knowledge and remotely wipe it.
I think we use the same cell phone company. I never had a problem with them while I was deployed, but I didn't change my plan. I didn't call home using a regular phone call, though. I used Signal or Whatsapp, which let you call over data. Even on their slow international roaming data, it was still a decent call. If he's in a country where app or video calling is blocked (like I was), Signal will circumvent that restriction.
On a side note, if your husband is on a military base, he should be able to use a DSN phone to call a stateside operator, who can then forward the call to you. Someone should have the DSN number over there where he is. You can also use calling cards on DSN phones (dial the 800-number without the 1 at the beginning, I believe). Those are sold at the PX and Shoppette.
Depending on what country your husband is in, he might also be better off getting a SIM card from a local provider instead of using your stateside provider. Many people in my unit bought prepaid SIM cards that you could top up at the PX or Shoppette.
Personally, I would pursue a refund for at least the months that you paid the $15 for, since they told you the phone calls would be included. You're probably not entitled to any compensation for the months after that, since you kept calling him even after you canceled. If you bug them enough (or threaten to leave), they might give you one anyway. (I've heard that the cancellation departments have much more power to do that than standard customer service folks.)
Signal - it is the best app for video, call, and text. It uses end to end encryption. It was designed to be very easy to use. It works on phone and desktop. Also, it is free.
> I'd like to take this time to let you know that you can use signal messenger. > On your Android device, you can even make it your default texting app, and use it like imessenger. > While nothing is perfect, by using signal and encouraging others to use it as well, it will become that much harder to read private messages, and now, even audio calls.
Signal is excellent. Everyone should use it. [Here's a link to the wiki article about it.](https://en.wikipedia.org/wiki/Signal_(software\))
Signal on Google Play
Signal on iTunes Store
Here's the developer's homepage. Their home page prominently features endorsements for Signal from Edward Snowden, Laura Poitras, Bruce Schneier and Matthew Green.
Everyone should use [Signal Private Messenger.](https://en.wikipedia.org/wiki/Signal_(software\))
Signal on Google Play
Signal on iTunes Store
Here's the developer's homepage. Their home page prominently features endorsements for Signal from Edward Snowden, Laura Poitras, Bruce Schneier and Matthew Green.
Signal is the goto approved encrypted chat app these days. No SMS fallback though, be aware of that.
[Wikipedia entry with some more information about it](https://en.wikipedia.org/wiki/Signal_(software\))
And to clarify: in end to end encrypted chats your data is worthless to anyone not the receipient
So a glitch like this might loose part of a message, but you'd never receive a wrong one and yours could definitely not be read by anyone other than the receipient
I just use ChatSecure but i found some similar apps. i stayed away from Facebook, Instagram, Whatsapp, Skype....
Signal Private Messenger (Free) – Android, iOS
Secure, free and easy to use, Signal Private Messenger is my favorite secure texting app overall. And while it’s simpler, it has plenty of features that power users will appreciate. That includes the ability to set up encrypted groups for private conversations with your entire work team. And while most secure messaging apps require both parties to be using the same application for encryption to work, Signal Private Messenger sets itself apart by working with standard SMS text messages, as well as SMS picture messages.
play store: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
apk: http://choilieng.com/apk-on-pc/org.thoughtcrime.securesms.apk
ChatSecure: this is one of the most secure messaging services around. The app uses open-source, publicly auditable encryption libraries to keep your private business messages private. It’s really flexible, letting you choose between connecting via your existing Google account, or creating a new account on a public XMPP server. Users who want even stronger security can connect to ChatSecure from their own private server. And unlike with many rival apps, ChatSecure doesn’t require your phone number of any other personal data to get started.
https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im
apk here: http://choilieng.com/apk-on-pc/info.guardianproject.otr.app.im.apk
Gliph
Gliph is a secure messaging service that you can use on all of your computing devices. When you're on the go, use the iOS or Android app on your smartphone. When you're at the office, use the Gliph desktop app so you can send and receive messages using a mouse and keyboard. Another key feature is "Real Delete," which lets you permanently delete a message from both the sending and receiving device, as well as the Gliph server, whenever you choose. You can also attach a pseudonym to your main account at any time, so you can use a screen name for personal chatting and switch back to your real name for professional communications.
https://play.google.com/store/apps/details?id=ph.gli.android
apk here: http://choilieng.com/apk-on-pc/ph.gli.android.apk
Wickr Me: this is a secure messaging app that lets you set an "expiration date" for every message you send. That way, you don't have to worry about a third party inadvertently reading private communications that are left on a contact's smartphone. Meanwhile, the app features end-to-end encryption for all messages, and it lets you remove metadata from individual messages, such as the time it was sent, as well as geo-location data.
https://play.google.com/store/apps/details?id=com.mywickr.wickr2 apk here: http://choilieng.com/apk-on-pc/com.mywickr.wickr2.apk
Signal does exactly that. Has end to end encryption to other users of the app, and has a great appearance too. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Off-topic, but the default Motorola SMS app is pretty awful. I'd recommend something like Signal. It looks great, and it supports encryption!
Whenever an app or software get bought out, its the beginning of the end.
>It said that in addition to appointment information and delivery notifications, it would also allow "marketing" messages.
>"Messages you may receive containing marketing could include an offer for something that might interest you," the company said.
Thats why adblock software is so unpopular and nobody uses it. /s
I'll stick with Signal (until it gets bought out too)
Signal, here's the link for iOS and Android.
https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/
By the way, here are the two apps I recommended for texting: Signal: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
and
Google Messenger: https://play.google.com/store/apps/details?id=com.google.android.apps.messaging&hl=en
Telegram isn't secure. Whatsapp still uses end-to-end encryption for all your messages, unlike Telegram. You should recommend Signal instead, heres the link for iOS and Android. Open Whisper Systems who made Signal were also hired to implement the Signal Protocol for Whatsapp, Google Allo and Facebook Messenger.
http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-telegram-right-now/
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there. > > Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. > > This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
With Telegram end-to-end encryption is off by default. "Secret chats" only works if both are online at the same time and you can't use group chats or desktop client. So the majority of all messages sent are not end-to-end encrypted and also kept accessible on Telegrams servers. Compare that to Signal and Whatsapp where messages are always end to end encrypted and don't store your messages at all. Also your friend doesn't need to be online and you get encrypted group chats and desktop client.
Some russian activists Telegram account got hacked giving them access to all previous messages: https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
Pavel himself admits security isn't a priority here https://twitter.com/durov/status/678305311921410048 in response to this:
Thomas H. Ptacek
> https://twitter.com/Snowden/status/678274362609426432 > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
Edward Snowden
> https://twitter.com/Snowden/status/678274362609426432 > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> https://twitter.com/Snowden/status/678274362609426432 > To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
Moxie Marlinspike > https://twitter.com/moxie/status/678219238394298372 > It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> https://twitter.com/moxie/status/678277776391077888 > If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> https://twitter.com/moxie/status/678309008789258240 > For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach. > > Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
A great reason to start using Signal, my Aussie friends :D
Ne pas raconter sa vie de façon très détaillée sur les réseaux sociaux, ni sur d'autres sites d'ailleurs.
Utiliser une appli qui chiffre automatiquement les appels telephoniques : https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Utiliser le navigateur web TOR : https://www.torproject.org/
You mentioned signal. This really is the best group messaging app out there. It does most of what you mention but not all. It does have a desktop client that does sync but is still in beta and doesn't look the best.
I have been using it a while and really find it to be the best imessage like app out there.
As someone who's never used iMessage... what's the difference between that, and say something like Signal?
Your first link is broken FYI. I'll add Signal Private Messenger to that list as well (recommended by Snowden himself):
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
This story is a gross violation of privacy.
Actually, it might not be. Something I hadn't thought about is that someone could get into your Telegram account with nothing but your SIM card and your 4-digit passcode(you authenticate via your phone number and a 4-digit code - no password). Other than that, Telegram does offer end-to-end encryption. And the UI is a little better than Wickr, imo.
Doing a bit more research, I came across Signal(iTunes App Store, Google Play Store) by Whisper Systems. If you check their website, they have an endorsement from Edward Snowden. I'll be checking this one out, myself.
>Use anything by Open Whisper Systems. - Edward Snowden
But yeah, they basically all do the same kind of thing. Any of these will be a lot better than using plain SMS, iMessage, or phone calls. Signal allows for encrypted VOIP calls, apparently. That might be a useful feature for someone who actually wants to speak anonymously.
I've been happy with Signal: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Use Signal by Open Whisper Systems as your default sms app. As an added bonus you get encrypted calls and messages if your friends also use it.
https://github.com/WhisperSystems/Signal-Android/issues/3817
As far as I know Signal was the only sms app that wasn't vulnerable to Stagefright, even before the bug was announced. That's the nice thing about using apps where security is a priority.
Ich hoffe ja, das sich Signal / Signal (iOS) durchsetzt.
Signal ist im Gegensatz zu Threma Open-Source und kostenlos.
I have not used this app before, but I would recommend using Signal Messenger. This doesn't totally answer your question, but Signal is a encryption-first messaging system that is highly regarded among security-minded Android users.
If you know about CyanogenMod's SMS encryption, "Whisper Push" - this is from the exact same company,Open Whisper Systems.
I would definitely check it out, plus it even has a desktop client.
If you want true end-to-end encryption, use Signal private messenger. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
many other messaging apps provide encryption (like hangouts) but the keys are still owned & generated by the company, not the user.
I see. Signal now supports encrypted phone calls! I use it for that and it's great, in addition to being used for encrypted text messaging. Snowden uses Signal and recommends it: https://twitter.com/Snowden/status/661313394906161152
[1] Signal for iPhone/iOS: https://itunes.apple.com/us/app/signal-private-messenger/id874139669
[2] Signal for Android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Dann rate ich mal weiter Antworten: sichere Kommunikation (Chat und Telefonie) für jedermann gibt’s mit Signal für iOS und Android. Und hier sind ein paar gute Artikel von Micah Lee (Snowden-Vertrauter) zu den Themen Passphrases, Laptop-Verschlüsselung, sicher chatten, und VMs zur Schadensbegrenzung bei Sicherheitsproblemen.
If you want an app that cares about your privacy then you should use Signal.
>Whatsapp will integrate the open-source software Textsecure, created by privacy-focused non-profit Open Whisper Systems, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device.
I remember when this happened, seems like a big deal. Now open whisper has combined secure text and voice into one app, Signal.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Here's a real encrypted messaging app. It's what Snowden uses. Source
The purpose is to protect other people by creating noise, protect other people (if you have direct contact with an activist) and make it very, very expensive and hard for the NSA to collect data on a massive scale.
>For me this becomes a balance between the effort and complexity of adding on and maintaining these systems v. the degree of protection provided for others. I'm not sure if that balance weighs in favor of protection and added effort right now.
That is a very good point. A lot of this can be very intimidating, especially for 'casual' internet users (don't mean that in a negative way). It is probably the largest obstacle the privacy movement has to overcome, and honestly I don't know if it can. :(
Either way, there are some very easy things you can do on your own. You can:
Use the 'Disconnect', 'ublock orgin' and 'HTTPS Everywhere' add-ons.
You can think about using one of the encrypted email services for very private or personal emails.
You can not use Google (For me this was 10X more daunting than any of the really technical stuff, and it was a lot easier than I thought)
You can make the IOS or Android](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms) app Signal your default text app, and encourage your friends to use it. It works all on its own with no set up, and automatically encrypts/decrypts messages sent to other users using signal as their default app. People who don't use it just receive a regular SMS message. Of all the message apps I use, this has the best UI in my opinion.
You can (and should, because it makes your life so easy) use a password manager like the ones recommended (but I use lastpass and it's random password generator. Don't hate. Best one IMO) and use two factor authentication on your important accounts.
All that would do a lot (I added the password part just to protect you though, it's good protocol) and would maybe just take 30 minutes? Other than that, just staying informed is what everyone in the privacy movement wants. It's very easy to ignore or forget that almost literally all of our data is being collected in various PRISM programs leaked by Edward Snowden.
I still have facebook, still play Civ V on steam, still call my mom using skype if I am overseas (she can barely turn on a computer, so she gets a pass). So you don't have to make huge changes. Just small lifestyle choices. (but if you are involved in any activist activity, this guide is not comprehensive enough)
This is probably due to weak passwords or bad implementation. If you're the top priority of the NSA sure they'll get to you one way or another (not by breaking PGP), but mass surveillance is definitely something we can stop.
Blackberry should be avoided though.
> Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday. “We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”
http://fedscoop.com/blackberry-taking-balanced-approach-to-encryption-lawful-intercept
Use Signal for secure calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Ed ha falle su falle dal lato della sicurezza. Whatsapp non credo sia messa meglio. L'unica app del genere estremamente sicura è Signal della Open Whisper Systems.
http://www.theregister.co.uk/2015/11/23/homebrew_crypto_in_telegram_app/
https://security.stackexchange.com/questions/49782/is-telegram-secure
> Naja, dafür waren ja die Leute von OpenWhisperSystems da.
Waren sie denn überhaupt da und haben am Code gearbeitet? Soweit ich weiß haben sie nur mit der Implementation der crypto-Teile geholfen.
>Natürlich hat man nie 100%ige Sicherheit, aber die kann man bei OpenSource (wenn falsch implementiert) auch nicht haben, da ja auf dem Server andere Software laufen kann.
Open source ist der einzige Weg um wiederholte unabhängige Audits vorzunehmen, es wird nichts verheimlicht, jeder kann es sich anschauen.
>Siehe Telegram
Telegram sollte man sowieso nicht nutzen, wenn man Sicherheit sucht. Die Crypto ist hausgemacht und genau das nicht zu machen ist die erste Regel der Kryptographie.
Yeah its for CDMA. I recently switched to a different messaging client called signal. Everything works great with it. I can send and receive pictures and group messaging works well.
I dont know if signal will work for you but it works great for me and a couple other people on ting with MMS issues.
I'm running the current CM 12.1 nightly on my sprint S3 on the ting network. I would recommend upgrading to CM 12.1 at least.
Here are some links of what I would flash:
The only issue is that MMS doesn't work with google messenger or the stock messaging apps. I discovered that signal is the only thing that actually works 100% of the time.
My data works great with this setup.
"How to make modern communication more personal and private?"
Easy, use Signal instead of proprietary niche messenger apps that claim to give you privacy but don't.
I recommend signal.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Here's the article about it. Whatsapp integrated code from TextSecure, which is available for Android and iOS both. It's also fully open source and security audited.
Either way this goes, it's going to be a win for personal privacy.
With everything the NSA does, even the french government had the 'benefit' of legal spying on all communication 4 months before the attacks but they couldn't prevent it and it turns out the terrorists were just using dumb phones and regular text messages.
Meanwhile, what the spying is actually used for is to keep ministers in check and spying on trade partners.
The 'encryption benefits terrorists' is bald faced lie and they're attacking the very foundations of democracy by using their spy tools to gather blackmail info on ministers and other supposed allies.
I hope your court eventually comes to its senses and I hope the people realise what they're really after.
Hell, even the US can't stop terrorist attacks with all their spying, their secret courts even found that information gathered this way didn't even contribute to uncovering any plots, let alone stopping any. Besides all that, it was ruled unconstitutional by judges who had access to NSA secrets to review.
Encryption is freedom. Anyone trying to undermine it is trying to take absolute control and power for themselves.
Imagine how powerful it is to have blackmail on every politician in power?
It's an encrypted sms client. With material design :D
Typing AES-256 by hand into my cell phone? Ain't nobody got time fo' dat.
I know yo ass better be talkin' 'bout Signal.
> it would need to be unencrypted (at google servers) before the recipient can access it
Basically this. Even if the information was encrypted on your device, it would need to be decrypted at some point to allow someone/anyone (even someone with a flip phone) to view the message.
How Apple provides secure messaging is by going through the iMessage network among other iPhone users. Google has something similar with Hangouts but it's adoption rate is far lower and even then you have to select Hangouts and not SMS when contacting other Android folks.
A potential solution is to have everyone you want secure;y message to use an app like Signal. It's multi-platform and apparently Edward Snowden endorses it for secure communications. Sign up is easy and uses your existing phone number.
That's true, I do. I'm sure there are literally millions like me. At the least, 1 - 5 million
Quem faz questão de segurança e privacidade pode usar o Signal.
Signal is an encrypted messaging app. Works well and has Material Design.
Textsecure - I have enough friends who use the service that it's worth making it my primary msging app.
I really wish more people I knew used Signal (on iOS) or TextSecure (on Android).
https://itunes.apple.com/us/app/signal-private-messenger/id874139669 https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Not sure if it can replace the native SMS app on iOS, but I use it in place of the usual messenger on Android.
for Android users: TextSecure
Take a look at TextSecure and if you want end to end encryption on calls, take a look at RedPhone.
No end to end encryption is unacceptable in 2015. Everyone should use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Free software, made by people who know what they're doing and recommended by Snowden.
Wall Street Journal had a good article http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Wall Street Journal had a good article about it http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
It's called TextSecure for Android and Signal for iOS.
Edit: He also created an encrypted VoIP app called RedPhone for Android. AFAIK Signal also handles VoIP for iOS.
Depending on your specific needs TextSecure could be a good app for you, it offers end-to-end encryption on all messages between users of the app, and can even replace your main texting app, which adds delivery receipt function to your normal texts.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
De meilleures alternatives :
Développé par Open Whisper System :
Développé par The Guardian Project :
L'avantage de ChatSecure qui en fait l'application la plus sécurisée pour moi est le fait de pouvoir choisir son propre serveur XMPP (alors que celui de TextSecure est centralisé), et de pouvoir utiliser l'application en passant par Tor.
TL;DR: ChatSecure > TextSecure/Signal >>>>>>>>>>>>>> le reste.
There's also an Android client, but it's named TextSecure.
More info at https://www.whispersystems.org/#encrypted_texts
There's a Google Summer of Code proposal to add support for Axolotl encryption (as used by TextSecure & Signal). Hopefully someone will implement it.
TextSecure: Basic and simple. Open source and free software.
It automatically encrypts your texts end-to-end (and sends them over data) if the other person also uses TextSecure.
That doesn't capture active users though (and also is way higher than 40M in the Google Play store)
I suggest rating the Signal app and leaving a comment in the Google Play store:
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
It's the only way really to provide feedback.
There aren't many ways to get Signal to listen to user feedback. However, one way is by rating and leaving a comment for the Signal app in the Google Play store:
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I disagree strongly with removing SMS as an option for the many reasons that have already been brought up.
I wanted to point out though that the misconceptions on signal not encrypting SMS messages can largely be attributed to the description on the app in the appstore.
It says "Signal’s advanced privacy-preserving technology is always enabled, so you can focus on sharing the moments that matter with the people who matter to you."
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Perhaps they should spend some time to make sure they're marketing is accurate rather than blaming user misconceptions on the features.
Yeah should have been more specific with Google Meet. Signal is an end-to-end encrypted open source chat client.
Use Signal Messaging app. It is the most secure message app on all platforms, secure communication is the primary purpose of the Signal Foundation.
No need to return the phone, just install Signal Messenger https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&gl=us
Don't be afriad to use privacy apps like Signal and Duckduckgo. Having an extra layer of security does help keep malicious folks away.
Signal is free and quite secure. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Or setup your own matrix instance (e.g. with a Synapse container) and run your own server. https://github.com/matrix-org/synapse
Element-Web is a nice client for the matrix protocol. It's available as an app and can run on desktops with Electron. https://matrix.org/docs/projects/client/element
If you regularly get texts from unknown numbers, odds are good that this is legitimately somebody who has something to say to you, but doesn't want to say it over SMS.
However, just in case there is some sort of trickery going on with that link, you might want to go directly to the Play Store if you choose to install Signal (check that you're looking at an app with 100,000,000+ installs, in case I'm trying to send you a dodgy link).
Maybe try installing signal app first. If you don't know it, it's about the most secure, private and independent communications platform right now. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
try to use signal instead.
if you don't how to set signal as default messages app: https://youtu.be/C28CC3JAGJI
This is very important. Please use Signal!
https://apps.apple.com/us/app/signal-private-messenger/id874139669
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US&gl=US
You can make Signal your SMS standard app.
I am on signal , please join here : https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_IN&gl=US
Install != MAU.
Whereas Signal has over 500Million installs in the Google Play Store. ->False, 50 Million https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
All in all, the zeitgeist is putting Matrix at the centre of multiple answers. And it showed, with a 65% growth of users in the network since the beginning of 2021 - up to 43M. https://element.io/blog/2021-its-been-a-busy-year-for-element/
Signal 40 M https://www.businessofapps.com/data/signal-statistics/
Everyone I know uses Signal.
It's basically WhatsApp but not owned by Facebook. With the constant threat from Facebook of combining WhatsApp with Facebook and Instagram Messenger that would result in WhatsApp no longer being end to end encrypted, and all your messages being available for Facebook to scrape for data, alternatives are becoming more popular.
Signal was actually created by the same guy that created WhatsApp but, regretting his decision to sell to Facebook, it now remains completely independent. Like Wikipedia, it's entirely funded by donations, and has no incentive to use adverts or to remove end to end encryption for the sake of scaping data.
The user interface is very similar and it shares the same features as WhatsApp.
TL/DR: It's WhatsApp but not owned by Facebook
Download here:
Any chance it will be able to run Signal? It's the main thing keeping me back from getting it as daily driver
I use signal. It's end to end encrypted and will fall back to SMS if the other person doesn't have signal. 90% of the people I text on a day to day basis have signal now.
Also works for voice and video calls.
Meh, alternatives exist that aren't owned and contolled by Facebook.
Check out Signal
> And what the fuck with telephones , I can't never understand shit people are saying on these things , it sounds like a Borg assimilating lil' Wayne half the time. Can we bring back phones where the voices coming out are consistently intelligible.
Today's phones have butt for voice quality.
There is a way to fix it. On Android or Apple phones, install the "Signal Private Messenger" app. It lets you send messages to people who use it, or to people who don't. When you call them, you get a high quality Internet engineered voice call, instead of a crappy cell phone call.
https://apps.apple.com/us/app/signal-private-messenger/id874139669
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US&gl=US
As long as your Internet connection is okay, Signal voice quality is way better than phone calls.
Tell your friends.
Mods deleted this as a stand-alone post.
This is a reminder, in light of the current discussion surrounding privacy and encryption, that under certain circumstances your iMessages can be read by Apple or by the government.
> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
This means that if you enable both iCloud backup and iCloud iMessage all of your iMessages can be decrypted and read by anyone. TO BE CLEAR, Apple WILL share your decryption key with the authorities in response to subpoena.
This is an example: https://i.imgur.com/stMWX1P.jpg
In this example, all of my Message activity is encrypted using a key derived from my device passcode and uploaded to iCloud. That encryption happens on-device. It is stored in iCloud encrypted.
Because iCloud backup is turned off, in this example, that key is NOT part of my iCloud backup (which I don’t have) and therefore is NOT stored on Apple servers. If someone, including Apple, were to look at my Messages stored on iCloud all they would see is encrypted garbage.
If you were to turn on iCloud backup, and leave the iMessage toggle on, Apple and the government would be able to read all of your iMessages, despite claims that they are “end-to-end” encrypted.
Everyone should be using Signal.
Signal for iOS: https://apps.apple.com/us/app/signal-private-messenger/id874139669
Signal for Android (the best package name): https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal for desktop: https://signal.org/download/
What is Signal? The basics of the most secure messaging app.
Signal - Private Messenger
https://apps.apple.com/us/app/signal-private-messenger/id874139669
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en\_CA&gl=US
You should consider using Signal Messenger. Offers e2e sms and encrypted voice calling. Open source, free to use and not a product of Big Brother Google.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal Private Messenger | 4.4 rating | Free | 50,000,000+ downloads | Search manually
> Millions of people use Signal every day for free and instantaneous communication anywhere in the world. Send and receive high-fidelity messages, participate in HD voice/video calls, and explore a growing set of new features that ...
|Feedback|PunyDev|Lonerzboy|
Retour sur ma petite expérience de desintallation de whatsapp.
Quand j'ai décidé que j'allais supprimer zuck de mon téléphone (je n'utilise ni FB ni insta), 2 mois avant j'ai adopté cette 'tactique' qui a merveilleusement fonctionné pour ma part.
Dès que quelqu'un m'adressait un message sur whatsapp, je copiais collait le message suivant :
"Hello, je ne suis plus disponible sur whatsapp. Néanmoins,tu peux me contacter sur Signal ( https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms) ou Télégram ( https://play.google.com/store/apps/details?id=org.telegram.messenger)."
Je m'y suis tenu en faisant comme si c'était un message automatisé.
Au bout de 2 mois tous mes contacts avaient installé l'un des deux au moins et j'ai viré whatsapp.
I understand that. I thought the same as you too, but just realized Google RCS is just too buggy.
I have been moving many of my friends over to Signal. Signal not only supports SMS/MMS fallback, it can also be your default texting program and its chat features are far superior to Google RCS, and its completely private and encrypted. If you can get your friends and family to install Signal, you will have a MUCH better chat and text experience
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US&gl=US.
Ever heard of Signal? Open source, end to end encrypted messenger and whatsapp alternative.
It still has tons of features, but no tracking or ads in the middle of your fucking video call.
⚠️ This is an automated message ⚠️
நான் இப்போது தற்காலிகமாக மட்டுமே வாட்ஸ்அப்பைப் பயன்படுத்துகிறேன். I only use WhatsApp temporarily now.
நான் சிக்னல் வழியாக தொடர்பு கொள்ள விரும்புகிறேன். I prefer to communicate via Signal.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
மாற்றாக, கீழேயுள்ள முறைகள் மூலம் நீங்கள் என்னை அணுகலாம்: Alternatively, you can reach me via:
Telegram https://t.me/username
I use this as an SMS auto-reply:
>Hello. My SMS notifications have been disabled and I have moved all communication to the Signal encrypted messaging app.
>
>It is an open-source app developed by the non-profit Signal Foundation that allows you to send end-to-end encrypted text, picture, and video messages, as well as make encrypted voice and video calls.
>
>The only data they collect is the date and time of registration and the last date you used the app.
>
>You can register with your phone number and message or call me there.
>
>Android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
>
>iPhone: https://apps.apple.com/gb/app/signal-private-messenger/id874139669
I was able to get the setup up and running using one of the recent Android branch (v5.14) inline with the outdated Server code (v0.93--3.21). Majority of the functionalities from my build works seamlessly and close to par with the official signal app. I could tell the e2e encryption technique is wall solid as expected but the caveat I noticed is that some API links on the android source points to some unavailable endpoints, probably some of their most recent features like animated sticker APIs and some others.
From my overall usage building the latest client source and old server code on github, I can say its End-to-end encryption is still intact... It seems nothing really changed on that angle except we need to confirm what's cooking on their most recent server update. How long are they gonna hide that?
I just leave this hereb(Signal): https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal allows voice messages, and one could reply to, or simply follow up, the voice message with it's transcription
Marzia Check SIGNAL
It’s available on playstore
>Telegram is a Royale with cheese, large fries, a McFlurry, and apple pie.
ahahaha..so what is signal then?
>I am reading about RedPhone, a product of Signal, or maybe it is a part of Signal. Is there any public notes about how many people use this service?
There haven't been any RedPhone users since March 2017. RedPhone started as a stand-alone calling app on Android:
In 2015, Signal's developers discontinued the stand-alone RedPhone app after merging the code into their TextSecure messaging app, which they then renamed as Signal:
In March 2017, they replaced RedPhone with a combination of WebRTC and the Signal Protocol:
>I am studying a potential attack on the private contact discovery as documented at https://signal.org/blog/contact-discovery/. But my approach is dependent on the approximate number of participants registered in the system.
Signal now uses the contact discovery mechanism documented here:
Signal's developers have not released any information about the total number of Signal users, other than that the user base is growing. According to the Play Store, the Android app alone has been downloaded over 10 million times. In February 2020, Brian Acton said that "another 40 percent of the app's users are on iOS."
very unfortunate many people do not use signal more secured app. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Weitere Quellen:
Keiner dieser Quellen schreibt allerdings wie das ganze Umzusetzen ist? Die koennen ja Verschluesselungen nicht einfach verbieten^^ also muss da ja etwas Softwareseitig/Hardwareseitig passieren.
NTV schreibt
> Dass nun auch die Nachrichtendienste den Staatstrojaner einsetzen dürfen sollen
Was danach klingt, dass sich die Messengerdienste das selber aussuchen koennen, oder? Warum also sollte WA, Telegram oder sonstiges das einfach einbauen? Problem hierbei ist allerdings, dass es closed source ist, von daher, wechselt sowieso zu Signal
I think Signal can be useful for you https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
It should be there, shared image quality. Do you have the latest version of the Samsung Messages App installed?
Signal can send either a SMS, a RCS message or a Signal message. Sounds about what you're looking for.
It is also very privacy focused. Like Snowden uses it privacy focused.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
>4 of my 124 contacts
By the way, it's 5 now. 25% increase in userbase, yeah :D
Signal is great in my opinion.
If you are not on an iPhone you can use Signal Private Messager app. Actually you can us it on iPhone as well but it has some screwball problems with Messanger or what ever Apple's messaging app is called. You can also set messages to disappear on your phone and if you and all your friends are using signal it will disappear on their phone as well. If you delete Signal or delete a text it is gone forever.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I'll just leave this right here.
Android link. Interestingly enough, iOS has 2x less downloads, but android itself is nearly 10x more popular than iOS, so it seems like this app is not very popular on android.
Signal Private Messenger
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Version 4.66.5
Whenever I send a photo or gif I am unable to type text unless I close the conversation and reopen.
Not sure if app related or Gboard related.
In HK they have started to switch to using signal - better secure messaging app
And switch to something else, for example signal.
Signal. Encrypted Text ^^^Android
It's not exactly what you're looking for, but I always recommend Signal to someone who's looking for an Android SMS app. It's a great open-source project from a non-profit. If it's Signal to Signal contacts, it's secure. Our government uses it for internal messaging.
Signal ftw. WhatsApp is owned by Facebook which concerns some people.
https://signal.org/en/
Android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
iPhone: https://apps.apple.com/ca/app/signal-private-messenger/id874139669
Blackberry: Android sideload from https://signal.org/android/apk/
Windows Phone: ha. Ha ha.
Signal comes with SMS, it's all around better and more secure.
Signal is the best.
Signal. For Android... https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms Also see post below... https://www.reddit.com/r/privacytoolsIO/comments/g9zff0/why_everyone_should_be_using_signal_instead_of/
Signal app. It's cross-platform. End-to-end encrypted. REALLY secure. You'll like it!
https://apps.apple.com/us/app/signal-private-messenger/id874139669
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_GB
I think Signal Private Messenger is best. Even Snowden recommends it
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Have you tried Signal? It's the golden standard when it comes to security and encryption. It's always worked well for me.
Signal is your best bet.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
I highly recommend Signal.
Signal is overall awesome as a messaging app!
<em>we came from the earth, but we belong to the sky</em>
1) They sell wine in cans. This has implications for my productivity.
2) I woke up in Tanis' bed this morning. I stayed the night with them again, the first time when I've had work the next morning. Waking up in their bed, their voice the first thing I hear, their skin the first thing I feel, their lips the first thing I taste...And then going to work right after? It's almost better than staying in late with them. I get to take that little moment with me through my day.
I sat down to write a bit ago, cracked a can of wine (see #1, above), got a couple pages in and stopped to compose a long, sappy message to Tanis. I had a mind to repeat it here, but they just texted me back and we use Signal (because of course I do, it's the only messaging app endorsed by Edward Snowden) and they can see when I read their messages and a couple cans later I think I've passed the Ballmer peak and no longer have confidence in my ability to communicate sensibly with them.
They met my friends Monday night. I was very nervous abotu this, but it went well. Yesterday afternoon I was hanging out with Mitun dna his girdlfriend and they told me they've never seen me this happy, and that they're glad I'm-
fuck I can't do this. I'm sorry dog, I'm having a hrd time stringing thoughts together, this fucking wine-in-a-can thing is a step too far dear god look hhat our careless hands hath wrought
read byron and read nietzsche (liek really read nietzsche) and read camus and maybe read a little wittgenstein and then listen to Alan Watts and then havbe a Chopin chaser and just fucking be homie
try using Signal as your texting app. should be the safest of third-party apps.
Can you let me know if the Signal app works? :)
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_CA
Signal, it has end to end encryption, option to have self destroying messages/pictures.. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
You can try Signal.
I would recommend Signal, though. It's Edward Snowden approved.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal works, which is great.
Here are some open source options for you.
Emerald dialer as your phone app.
Simple Contacts Pro for contacts
Silence or Signal for sms. I am using Silence for my basic sms needs.
It is literally the first result when searching the Play Store for "signal."
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Check out Signal. it's an end-to-end encrypted client that will automatically encrypt the message if the recipient is using signal. If not, it get send out via normal SMS and represents an unsecured communication with an unlocked padlock symbol. You can password protect your entire Signal Client requiring a fingerprint or pin to access anything in the client. I highly suggest you check it out.
​
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en_US
SIGNAL. SIGNAL. SIGNAL. E2E encrypted, completely secure, and it has a great UI. This is the best messenger.
Downloading Signal and using it regularly is the least we can do.
I'd recommend installing the Signal app as a replacement for stock android messaging. It does SMS/MMS as well as any other app, but also supports data-channel messaging between Signal users, so you can send full-resolution pictures to your friends. It's also got secure crypto, but for most people that's a secondary concern.
Maybe what you need is the package name, i.e. "org.thoughtcrime.securesms"? (see Signal's Play Store URL: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
This is actually for the best. The sacrifices of our decent leaders will open the eyes of the common folk to the dangers of the shitty WhatsApp and, more importantly, the intentions of our vile netas like Amit Shah who spied on an innocent woman using the fucking Anti Terrorism Squad. I predict a 10,000% increase in use of Signal in India.
Shameless plug for Signal (iOS and Android). It's a free and open-source version of WhatsApp that is run by community donations (and not a for-profit company that will eventually sell your data to make more money).
They use end-to-end encryption, Perfect Forward Secrecy, they don't store messages on their servers permanently (only as a means of transmitting them to the recipient device) and you can use a fake phone number to set it up.
Fuck WhatsApp, it's shit.
Is it fully updated? With updated Carrier Services too?
Might need to delete the app cache/data for it.
I've had no issues with mine. But if you must switch Signal is a good option. It has SMS/MMS.
Direct link to the app. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Free and privacy conscious alternatives:
SMS: Signal or Silence or QKSMS
Browser: Firefox or Firefox Focus or Bromite or Fennec
Phone: Signal
Contacts: Simple Contacts
Media Player: MPV
Camera App: Open Camera
Gallery: Camera Roll or Simple Gallery
YouTube: NewPipe or YouTube Vanced
Crypto Portfolio: Delta
Calendar: Etar or Simple Calendar
Maps: MAPS.ME or HERE WeGo or OsmAnd
Reddit: Slide
What exactly are you trying to do? Have you checked out Signal? That may cover your requirements.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
If you want truly private text messaging, I recommend using Signal, Wire, or something like that.
Firefox Send does the job and then some. If you want a messenger, then Signal, you'll both need the app though.
Firefox Send does the job and then some. If you want a messenger, then Signal, you'll both need the app though.
I'm also with Fido with an unlocked phone. Gave up on RCS too and picked up Signal instead. Same concept as RCS (except that you need to explicitly add it), but it also has the added bonus of end to end encryption. Which is something we will likely never have with Google.
I am late to this conversation, but I posed the question of HIPAA compliance to the people @ Signal. I've posted their reply to me below.
Obviously, you need to run it through lawyers at your institution, but it seems as if Signal may be HIPAA compliant and not need a BAA because it fits the conduit exception. I've asked a CIO about it, and he still felt like he wanted a BAA to be signed, but I think its intriguing to say the least.
​
>Masha Kolenkina (Signal Support)
>
>Feb 5, 22:58 MST
>
>
>
>There is no formal Business Associates Agreement document. Based on the definitions provided here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/businessassociates.html, Signal Protocol is probably compliant, but I do not have full knowledge of all the regulations. However, the service Signal app provides is probably not optimal for your use case.
>
>I am not a lawyer, you will want to do your own research.
>
>Here is some more information regarding a BAA which many HIPAA conscious users may be interested in:
>
>Signal's client source code is publicly available for audit here: https://github.com/signalapp. You can also review that for your own purposes.
>
>Signal does not have readable access to any encrypted messages sent over the server. It is not possible to disclose messages between you and your contact. The only information that is seen, if someone is monitoring your internet traffic, is the first day you registered with Signal, that you are contacting our servers, and when you are contacting our servers.
>
>
>
>Additionally, Signal can be used for business communication or social communication. There are no backups of your conversation history and we do not keep a copy of this either. You will not be able to request information either. For example, check out this post: https://signal.org/bigbrother/
>
>Also to let you know, it appears as if Signal may be a conduit exception to the BA rule (http://www.hhs.gov/hipaa/for-professionals/faq/2077/can-a-csp-be-considered-to-be-a-conduit-like-the-postal-service-and-therefore-not-a-business%20associate-that-must-comply-with-the-hipaa-rules/index.html#_edn1). "This allows companies that only move your protected health information from one place to another to perform this service without taking on a BA relationship with you." From my interpretation, Signal is transmission only.
>
>Specifically, you can think of Signal servers as bridges used to send your private messages to your contacts. Messages wait on the bridge until your contacts' devices are online to receive your encrypted message. We do not have a copy of your messages. Messages are only decrypted on the end points --- the points receiving/sending the message. Only the end points have the messages once it is delivered. Only the end points can ever decrypt the messages. Only the endpoints store the messages. We can not hear or see your conversations and no one else can either. Basically, the bridge is akin to a postal system, which holds the material until it can be delivered, but after it is delivered there is no information or knowledge of the delivery.
>
>Signal sends hashed phone numbers for contact discovery. Names are never transmitted, and the information is not stored on our servers. Again, what traffic will be seen to outside parties, if they are monitoring your internet traffic, is that you are contacting our servers, and when you contact our servers. In summary, you are not anonymous.
>
>To reiterate, we cannot hear your conversations or see your messages, and no one else can either.
>
>On iOS you will need to have an passcode set on your iPhone and need to use that. There is no separate passcode lock for Signal on iOS. The use of a iPhone passcode includes encryption. Signal Android users can enable a passcode on his/her device and separately on Signal.
>
>You will need your clients/supervisees to install Signal on their iPhone or Android phones. You can share download links to official versions of Signal:
>
>For Android at the Google Play Store here: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
>
>For iOS at the Apple App Store here: https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
>
>Note that Signal Android users can use the app to send SMS/MMs, but SMS/MMS goes through the mobile plan and is insecure. All iOS messaging is private as iOS is not allowed to handle SMS/MMS. All Desktop communication is private.
>
>More information is also available at https://signal.org/. See also support pages get started on Signal Android, or get started on Signal iOS.
​
I experienced this problem... But with an LG phone... Couldn't figure out how to fix it and somebody suggested I started using this encrypted texting app Called Signal and it solved all my problems.
I'd recommend Signal.
WhatsApp uses the protocol of Signal, so you get WhatsApp-like messaging, BUT you can also send text messages in the SAME chat! So you have a seamless texting and "online messaging" experience.
Linkme: Signal Private Messenger.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Homepage: https://www.whispersystems.org/#encrypted_texts
Source code: https://github.com/WhisperSystems/Signal-Android
Consider using the free, open source Signal app for encrypted communications.
Switch to Signal for all messaging.
Try getting your contacts to use Signal or Whatsapp.
Sorry. I deleted the guide a while back. If you want to read it, I linked the guide.
I'm not sure what you're talking about or why you're brining up our lord and savior... Or why you sound so salty. Calm down.
A simple Google search yields plenty of third party messaging apps. Here's the first one that came up: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
It's a text app. If you and someone else use it, texts are private. I'm sure the description can explain it better. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
yes true, but you could use Signal to send it encrypted.
Message Application ba sa Android? Try Signal
Use a VPN(windscribe is good). Preferably stay off home WiFi at all times, turn off Bluetooth, location services, anything that you could possibly transfer data over. I wouldn't be too worried about what he can see when you're just browsing the web. If it's a possibility at all he has installed something on your phone I would suggest factory resetting it. Then get a cheap smartphone on your own plan and keep it hidden(never ever connect this phone to your Wi-Fi at home he will be able to see that you connected a new device and go looking.). If you are looking to privately contact someone with absolutely no possible way of him intercepting look into the app Signal after factory resetting your phone.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
My final suggestion is to video tape him when he's saying that he can see what you're doing and attempting to mentally torment you. Not only is he admitting guilt, it's only going to make you look better when it comes to your word vs his in the divorce. Mentally tormenting people like this is a huge red flag for mental illness.
Signal - encrypted messaging app.
Only works if both users share pub keys, otherwise it works typically.
Get Pocket - offline webpage app.
Signal, especially if you're concerned about privacy. It's been great as my texting app though.
Well let's survey what you mean/what are your goals...
Do you want your communication to be encrypted? Do you want your communication to be completely anonymous? Do you want your communication to be inter operational with traditional phone systems?
If the answer to all of those things is yes? Give up now, because you're not getting it. It's just an impossible thing, because this system (the phone system) is set up the way it is in part to give the people in charge (think phone companies/government) the power to control it; so you have to be okay with prioritizing some things over others. The first thing I suggest you do is familiarize yourself with the laws in your country/target country/where your communications will flow.
For my purposes, I'll assume you're an American. The most relevant laws are the Communications Act of 1934, Communications Assistance for Law Enforcement Act of 1994, and the Telecommunications act of 1996 - these things mandate that phone companies put in place the infrastructure for monitoring calls, record certain data, and permit certain type of technical implementations (think standards).
Back to your question, if you want to have your calls encrypted, that's easy through the use of Signal - but that's not the only app out there and certainly shouldn't be the one you use just because I recommend it.
Now, if you want to prioritize anonymity, most certainly the solution is utilizing a VOIP system through TOR. You can read up more about this elsewhere, but I'll tell you that our federal friends are really good at identifying/recording traffic like this.
Now if you want to be able to call just any old phone with little setup and the most anonymity possible -- I think your solution is to put on a bulky jacket, a baseball cap, some white gloves, and go to a local payphone on a bike. You'll expose your location (think city/state) and possibly even the phone you called from, but you'll remain relatively anonymous.
great idea, here's a list of gapps I found that could be a starting point for such a list (source: Open GApps):
Having never installed gapps myself, I'm not sure which gapps people usually install on their ROMs, and which ones people usually try to replace if they don't install them
Signal Private Messenger sends and receives to and from other Signal users via data (WiFi/Cell Data), but can send/receive SMS messages if the other user doesn't have Signal installed.
It's also end-to-end encrypted (edit: when both parties are using it) and there's no complicated special setup process or anything.
Also, it's endorsed by Edward Snowden.
I use it and almost all my friends do too. It was pretty easy to get them on board when I showed them how it ran on my phone. It's simple, quick, and does the job well.
Yep! :)
If you are on IOS: https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
If you are on Android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
And even better if you are on Android, use the FDroid store for a FOSS version which doesn't rely on Google Play Services. This FOSS version is a fork and is maintained by the CopperHead OS team (makes a hardened android OS for security applications) and is called "Noise": https://encrypt-the-planet.com/noise-a-signal-messenger-fork/
Finally, below is a link to their website. It's trustworthy as the app and its crypto are open source and developed by a well-regarded developer, Moxie Merlinspike, and even endorsed by Edward Snowden.
EDIT: Fixed link.
Use Signal to encrypt all of your text and voice. https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
It's Signal specifically, and it's pretty much the only app that does this in my experience. Definitely been making sure the sync is off and even waiting a minute or so before leaving the android settings page where that toggle is, only to find it re-enabled a day or so later. Unfortunately there's nothing in the app's settings menu related to it so I'm stuck outright denying it contact access via android settings app permissions page.
Only thought is it's related to the permission it requests called "Toggle sync on and off" but unfortunately that's not revocable in android.
Tor is not end-to-end encrypted, instead it encrypts the moving data from node to node. Now VPN is entirely a different mechanism that encrypts your data from your device to VPN server (which you can't really trust).
This, using Tor is enough though (if you can bear the latency it comes with).
On top of that, you can use services that offers end-to-end encryption, for e.g., Mailfence for emails, Signal for messaging.
Signal (messenger) is my solution here. But sadly still not enough friends on it to leave other messengers behind.
Thanks mate. Are you planning on adding support for Signal by Open Whisper Systems
Never mind. It works.
no hope left.... And I think it's good for PGP on the whole - as there shouldn't be that sort of 'powerful' bruteforcer - that can crack PGP encoded messages.
Though for ease-of-use (for the next time) - you can use services that offers end-to-end encryption, for e.g., Mailfence for emails, Signal for messaging.
Signal does both. Use it as a better SMS app until you get enough of your circle of friends on to use it as the most secure data messaging app
At least in my circles, a lot of people use Signal (25-30 contacts), it is bound to your phone number, so you will instantly see who in you contact list has it installed.
Why is nobody using signal? It's almost the same as messenger but your texts are encrypted. Sounds like a no-brainer for me.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Signal has a browser client that syncs with mobile.
You might want to give Signal (https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en) a shot. It have a Chrome extension that allows you to message from your browser. Not necessary to use, but it is also available on iOS.
I think it was a problem with the app I was using. I tried it from Signal Private Messenger. I just tried it from Gmail and it worked.
Thank you so much for the quick response and the video was really helpful.
Honestly, I can't stand it. It has so much bloat and the "connected devices" that's supposed to allow your messages to be delivered to other devices didn't work half the time.
I also use Signal as my SMS client and convert everyone I can to its encrypted messaging.
Definitely don't cheat on the weed, man. You'll need a messaging app and a dialer that allows you to do that.
I suggest you ask your provider to switch to signal which still uses your phone number but use data instead of your sms.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Then you could disable notifications for that app in particular.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal sends messages over WiFi as data. Also if your sending to someone else using Signal then your messages are encrypted.
I recommend Signal from Open Whisper Systems. The app and protocol are free open source software and it offers private, encrypted communications.
Textra is ad-supported
Whatsapp es closed source tmb.
Telegram: https://core.telegram.org/techfaq#q-why-did-you-go-for-a-custom-protocol
El unico open source encriptado y bueno es el signal (https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
Thanks, I don't use actual texting though haha. I use Signal with that person, so its not exactly texting, but encrypted messaging. Still works the same way as texting, and you CAN use SMS from the app, but I don't think Textalyzer would work in my case.
Anyone else use Signal? I've never owned an iPhone or even used iMessage but from what I understand Signal is pretty close. You can set it as your default SMS app and if someone doesn't have the app it just sends normal SMS. If someone does have the app, it sends a secure message seamlessly.
It's more security focused and open source unlike iMessage and Whatsapp and I believe the only thing it stores on its servers is your phone number so the app can determine whether to send secure or normal SMS.
Links here:
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Well, the whole "SMS integration" is basically what it needs -- that's what would effectively make it "Google's iMessage." Without SMS integration Allo is DOA.
If you're unfamiliar with iMessage, that's Apple's default texting app, but if you're messaging other iMessage users (ie, other iPhones) it sends messages as e2e encrypted messages that are readable on all your Apple devices (ie, you can respond from your Macbook). With iOS 10 it added additional features that Allo has touted (like stickers and other silly junk). (EDIT: As an aside, this is how Signal -- which Allo's E2E encryption is based on -- works on Android, including SMS integration.)
This, in my opinion, is the functionality that Allo needs to be successful. This goes hand in hand with the idea of "messenger unification," which I think is absolutely necessary but Google seems to be adamant about shooting themselves in the foot over, again and again.
They're making a replacement for Hangouts but also ensuring everyone that Hangouts isn't going anywhere? What sense does that make? The better message would be, "here's how we're transitioning from Hangouts to Allo/Duo."
Just download Signal? It's checked all of those boxes for quite some time now. It's also open source.
e: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
It isn't all that difficult, you know to quit WhatsApp. I mean how does it make you feel getting equipped with knowledge like this thanks to the internet and then looking at Mark Zuckerburg threatening the very same internet and fooling all of us by saying he wants to "bring connectivity". He's a perfect example of a modern day corporate bully. His arrogance is banked on our denial to change. It isn't unimaginable at all, to quit WhatsApp, Facebook and Instagram(He owns all thee). I used to invest a lot of time in Facebook and Whatsapp until I couldn't sleep at night because I couldn't come to terms with myself after coming across everything he does. It has been well over 6 months since I got off Facebook, 4 months since I deleted WhatsApp and over a year since I deleted Instagram. I guess it just takes time to find something better.
PS: I suggest you use Signal Private Messenger
Check out Signal
Yes the feature is it setting but I don't know if it will for Fi messages but you can give it a shot.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal, here's the link for iOS and Android.
https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/
Telegram isn't secure. Whatsapp still uses end-to-end encryption for all your messages, unlike Telegram. The best alternative if you care about privacy is Signal, heres the link for iOS and Android. Open Whisper Systems who made Signal were also hired to implement the Signal Protocol for Whatsapp, Google Allo and Facebook Messenger.
http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-telegram-right-now/
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there. > > Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. > > This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
With Telegram end-to-end encryption is off by default. "Secret chats" only works if both are online at the same time and you can't use group chats or desktop client. So the majority of all messages sent are not end-to-end encrypted and also kept accessible on Telegrams servers. Compare that to Signal and Whatsapp where messages are always end to end encrypted and don't store your messages at all. Also your friend doesn't need to be online and you get encrypted group chats and desktop client.
Some russian activists Telegram account got hacked giving them access to all previous messages: https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
Pavel himself admits security isn't a priority here https://twitter.com/durov/status/678305311921410048 in response to this:
Thomas H. Ptacek
> https://twitter.com/Snowden/status/678274362609426432 > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
Edward Snowden
> https://twitter.com/Snowden/status/678274362609426432 > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> https://twitter.com/Snowden/status/678274362609426432 > To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
Moxie Marlinspike > https://twitter.com/moxie/status/678219238394298372 > It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> https://twitter.com/moxie/status/678277776391077888 > If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> https://twitter.com/moxie/status/678309008789258240 > For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach. > > Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
Here's what I was linking to:
Telegram isn't secure. Whatsapp still uses end-to-end encryption for all your messages, unlike Telegram. You should recommend Signal instead, heres the link for iOS and Android. Open Whisper Systems who made Signal were also hired to implement the Signal Protocol for Whatsapp, Google Allo and Facebook Messenger.
http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-telegram-right-now/
> Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there. > > Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. > > This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
With Telegram end-to-end encryption is off by default. "Secret chats" only works if both are online at the same time and you can't use group chats or desktop client. So the majority of all messages sent are not end-to-end encrypted and also kept accessible on Telegrams servers. Compare that to Signal and Whatsapp where messages are always end to end encrypted and don't store your messages at all. Also your friend doesn't need to be online and you get encrypted group chats and desktop client.
Some russian activists Telegram account got hacked giving them access to all previous messages: https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
Pavel himself admits security isn't a priority here https://twitter.com/durov/status/678305311921410048 in response to this:
Thomas H. Ptacek
> https://twitter.com/Snowden/status/678274362609426432 > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
Edward Snowden
> https://twitter.com/Snowden/status/678274362609426432 > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
> https://twitter.com/Snowden/status/678274362609426432 > To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it's "stored."
Moxie Marlinspike > https://twitter.com/moxie/status/678219238394298372 > It's just how Telegram works and is self-documented to work: Only their marketing copy suggests otherwise.
> https://twitter.com/moxie/status/678277776391077888 > If you're on an iPhone, they also send a plaintext copy of every msg you receive to Apple's servers. So not even in transit.
> https://twitter.com/moxie/status/678309008789258240 > For iOS push notification previews. They didn't do the work to make them privacy preserving.
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist. > > The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes.
https://eprint.iacr.org/2015/1177
And the conclusion here:
> Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach. > > Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
A bit late, but a great time to start using Signal, my Aussie friends. :D
Also the iOS version
Isn't this idea like signal (https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms )? If the person you are messaging has the app, use the app's service to send the message. If not fallback to sms?
Facebook stores messages indefinitely on their servers, AFAIK there's no way to remove them even if you delete them or delete your account. The same is probably true for twitter.
>Few months ago I made the mistake of talking about drugs and Deepweb over social media messages. I know big mistake you don't have to tell me.
If you are a drug user and not a dealer, you have nothing to worry about from messages alone. LE don't have the time to arrest every single person who talks about drugs or darknet markets on the internet.
If you value your privacy, use end-to-end encryption for your messages. I recommend using signal (iOS, android)
Using Signal, you can communicate instantly while avoiding SMS fees,
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
You might try installing Signal for Android and setting it as your default messaging application. It works well.
Not gonna join but how anonymous is this ? Never used Telegram, heard only bad things about it's encryption n stuff unlike Signal which has end to end encryption and doesn't store your conversation logs on their servers.
<strong>Signal Private Messenger</strong> - Free - Rating: 87/100 - Search for "Palabre News" on the <strong>Play Store</strong>.
Looks like a Signal clone?
The dad selling GPS trackers could mean he's a genious with them, or just a salesman. Every phone has a GPS tracker in it, so it's just a matter of tracking it.
As for messaging I suggest this app for android or (their Apple version) (which Edward Snowden actually endorses lol) to ensure you can communicate with each other privately. It can stop a lot of programs from seeing messages, but if she gets hold of his physical phone, it won't do much use (unless you delete them).
If it's an Android phone, the easiest way is to go onto Google Play, look at the installed programs and google any that you don't know, or look like they might track it.
On my phone I personally have put the Cerberus app on it. Which allows me to turn it on/off remotely, record video or audio, take photos, read phone numbers, track it and all sorts of other stuff remotely. Yes, if I left my phone in your house, I could use it as a recording device for audio/video/photographs.
If they don't have it in google play, then look through the application manager for any suspicious programs.
If he has an iPhone a lot of stuff is natively doable to track it, but there are programs like Cerberus on it that allow people to go through it remotely like they had it in front of them.
As for other apps you might like, PixelKnot allows you to write a message, then hide it in a photo that both of you need to know the password to unlock (plus both have PixelKnot). It's done by The Guardian Project, who I think are pretty good with free open source privacy apps.
Phone security isn't that hard, but having your own phone, with a password lock, different passwords to all your accounts (I use Lastpass to do a majority of my passwords with 2 factor authentication) that you don't share with people, will generally protect you from what most mums and dads (or partners) would be able to do to snoop.
Also, in case you didn't know, it's dead easy to record snapchats and do screen shots of pictures, so remember that when sending sexy stuff. Also, if you question him on the programs, if he is recording those snaps, then he might not want to show you what he has on it. The big one seems to be Casper which allows you to download and record all snapchat videos and photos, but if you're not careful will get your snapchat account banned. So if he has had to change his snapchat account on more than one occasion you might have reason to be worried.
The biggest and easiest way to record snapchats is to load the story, go into airplane mode, then screen shot the snaps as you go through, then force quit it and it doesn't notify the other person you have taken a screen shot.
So just be careful about those pics you send him. If you really have to send him boobs, or your vagina, don't have your face or distinguishing marks in the pics.
As for the dog, we know that's bullshit and it's up to him to put his big boy pants if he wants to bring it. Sounds like she got it specifically so she could use that excuse.
Any questions about your phone stuff, let me know as it's a hobby of mine (phone and app security).
> It's a modified version of Whatsapp
What the fuck? It's a whole different software/service with similar functionality.
> with greatly improved encryption
Though WhatsApp is a closed-source software so you can never be sure it doesn't do anything malicious.
Signal (for iOS) is a more secure alternative encryption-wise, but it has its flaws as well.
> not that there's anything wrong with that to begin with
When it's used metaphorically, it describes a pretty pathetic behaviour. Whether or not there's anything wrong with being pathetic is up to you to decide.
> and people would claim that Signal had been hacked and wasn't secure
People that use an unofficial program that contains malware and blame anyone other than the creator of that program or themselves should cleanse the gene pool by ceasing to exist.
It's just an excuse for, as I've said before, a vendor lock-in.
They can do whatever the fuck they want, but there's a reason, their userbase is only 2x times bigger than that of a single XMPP client: Xabber, Cisco Jabber, maybe there's something else I do not know about what all the cool kids use. And 100 times smaller than that of Telegram.
Signal
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
OK, not built in but otherwise pretty much the same.
In most of the world, people don't use SMS anyway though, but of course that's meaningless if your friends and family do.
>If you're worried about Facebook not reading your messages, don't worry about that. WhatsApp currently has the best encryption you can get in a instant messaging service.
False. Signal has the best encryption out of all the messenging services.
> It's not perfect, but it's definitely a ton better than the competition.
Its not better than Signal
>Facebook no longer holds the keys, you can be safe.
You're right, they just own WhatsApp and have no interest in collecting the data of 1 billion users, surely they won't spy on you in the future, assuming they aren't already.
WhatsApp still leaks a fuckton of metadata.
WhatsApp is still closed source.
Signal is still the ONLY secure messaging service.
>If you don't use it because fuck facebook, that's not a valid reason
Facebooks entire mission as a company is to destroy online privacy. If you think WhatsApp is secure, then stop reading their press releases.
Signal
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal is an encrypted messenger made my open whisper systems. It is on android, iOS, and has a desktop app through chrome. However I am much more partial to firefox, so would rather just have a desktop application similar to telegram.
open whisper systems: https://whispersystems.org/ signal for android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms signal for iOS: https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8 there github: https://github.com/whispersystems
> "Building on the renowned immediacy, reliability and security inherent to BBM, the new release provides unmatched level of privacy and control to BBM users without any subscription fees," said Matthew Talbot, SVP, BBM at BlackBerry. "Keeping control over the messages and content that they share, BBM users can be ensured that what they share is always theirs to control."
Really?
> Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday. “We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”
http://fedscoop.com/blackberry-taking-balanced-approach-to-encryption-lawful-intercept
Use Signal if you think your messages and calls should be private. Available for iOS and Android. There's a Chrome/Chromium app in beta for desktop. Read about the security here.
If you want an end-to-end encrypted messaging solution, you could try Signal. That also has a Chrome client (which is much less awful than a couple of months ago) although that is still in closed Beta IIRC.
Edit: I'm aware this isn't a complete replacement for PB but I find it less hassle sometimes and it is secure.
Use Signal by Open Whisper Systems as your default sms app. As an added bonus you get encrypted calls and messages if your friends also use it.
https://github.com/WhisperSystems/Signal-Android/issues/3817
As far as I know Signal was the only sms app that wasn't vulnerable to Stagefright, even before the bug was announced. That's the nice thing about using apps where security is a priority.
Signal by Whisper Systems is more secure.
TL;DR: Use Signal by Whisper Systems
> Pavel Durov, founder of secure messaging app Telegram
Telegram isn't secure. If you want a secure messenger use Signal. Available for iOS and Android. There's a Chrome/Chromium addon for desktop that's in beta.
> Thomas H. Ptacek > > By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER.
> Edward Snowden > > I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe.
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
http://thoughtcrime.org/blog/telegram-crypto-challenge/
https://security.stackexchange.com/questions/49782/is-telegram-secure
https://eprint.iacr.org/2015/1177.pdf
https://twitter.com/tqbf/status/678065993587945472
https://twitter.com/Snowden/status/678271881242374144
That's what I was going to ask about. /u/Castrox, does Signal work?
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
I got enough of my frequently texted friends to switch to Signal to use it and I really like it
My preferred SMS application is Signal. If you are texting someone with the same app, the conversation is encrypted. Plus it has Material Design.
Use Signal for calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
To quote Moxie (who made Signal)
> Here's the situation: people hem and haw about Telegram's cryptography, but what we should really be talking about is that Telegram is not using end to end encryption by default. Telegram stores your entire plaintext message history server-side. There is nothing worse when it comes to privacy, but it's very easy to write slick clients when they're just views onto the server and all the logic happens there.
Optional security is dumb. How about doing end to end encryption by default and giving people the option to turn it off for when they absolutely don't want the contents of their messages to be private? Silly when you think about it like that right?
Their server software is proprietary and the source isn't available.
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
http://thoughtcrime.org/blog/telegram-crypto-challenge/
https://security.stackexchange.com/questions/49782/is-telegram-secure
https://eprint.iacr.org/2015/1177.pdf
https://twitter.com/Snowden/status/678271881242374144
The obvious answer is that they were followed.
Blackberry should be avoided though.
> Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday. “We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”
http://fedscoop.com/blackberry-taking-balanced-approach-to-encryption-lawful-intercept
Use Signal for secure calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technologist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
If they're smart they'd use Signal.
Use Signal for calls and messages on Android and iOS. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
> Signal is also free and based on a business model that doesn't require eventually being able to interfere with your privacy and mine your data.
(quoted from HN discussion)
My solution to this was to use the Chrome/Chromium addon (in beta) for Signal. As an added bonus I get secure messaging. Works on Android and iOS. It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, which makes it really easy to convince people to use it. And it's Free Software (GPLv3).
It only works if your contacts also use Signal though. I have almost all my contacts using Signal but if you're not able to convince your friends and family it won't be a solution for you.
Gotcha. Chatsecure definitely works. Signal is heavily recommended here too.
>Soweit ich weiß haben sie nur mit der Implementation der crypto-Teile geholfen.
Dann haben Sie doch am Code gearbeitet
>Open source ist der einzige Weg um wiederholte unabhängige Audits vorzunehmen, es wird nichts verheimlicht, jeder kann es sich anschauen.
ich bin wahrscheinlich der erste der nach Open-Source schreit, aber man kann nicht leugnen, dass man keine Garantie hat die richtige Software läuft bei denen auf dem Server. Bei E2E hat man weniger das Problem, aber auch da hat man ohne deterministic builds kein Wissen ob überhaupt die richtige Software später auf dem Gerät läuft.
>Signal für Android oder iOS oder geh zum Fick raus.
Ja klar Signal ist super und auch viel besser als WhatsApp, nur jemand nutzt es
De todos modos la opción superior es Signal.
Tools you can use to disrupt surveillance. How to be safer with all your online activities.
Use Signal messenger on your Android phone and iPhone
Use Tor Browser https://www.torproject.org/projects/torbrowser.html.en
Pay with cash
Check out Signal, it's like iMessage for Android. If your friend doesn't have it you send regular sms, if both are using it you send encrypted data messages.
It's also available on iOS, but since Apple doesn't allow other apps to handle sms it only sends encrypted messages. Same thing with the desktop client that's in beta.
Recommended by Bruce Schneier and Edward Snowden.
Signal looks pretty good to me. Its open source and it seems that some heavy development is happening on all the fronts ios, android, chrome extension, and the server itself.
I have installed it, and sent invite to my friends, still waiting for some of them to try it out with me.
Well how complicated is installing an app on your and any accomplices phone and verifying a few keys in person? Trivial in my eyes. Mass communication surveillance is completely useless and only hurt people with "nothing to hide"
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
What does work is good old policework and having some willing informants. Buuut no, mass infringing on private communication is much more effective! s
If you're paranoid, use the text secure app.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
that's not a very useful suggestion since it doesn't exist and there isn't an AI capable of doing this in the near future. More useful would be the reddit copy-pasta with all the links to open source security software. At the very least, try this for text and phone. They make iOS apps as well.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Everyone should use Signal by Open Whisper Systems. You can get it for Android and iOS so far, but they're also working on a browser addon.
On Android it's like iMessage. Works as a regular sms app for those without it and sends encrypted messages to those who do have it. So even if you don't know anyone else who has it yet there's no reason not to use it as it's a great sms app as well. iOS doesn't let other apps handle sms though so it just sends encrypted messages. And it's free software (GPLv3).
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
Yea, on iOS it is called Signal and includes both Redphone and TextSecure in one application.
https://itunes.apple.com/us/app/signal-private-messenger/id874139669
All of which are developed by
Telegram is not secure.
Use this instead:
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
The fairly recent axolotl ratchet protocol implementation was done poorly in WhatsApp, possibly on purpose. WhatsApp is also closed source, which means you have to trust everything they say 100%. Regarding the trust, well, Facebook owns WhatsApp and they want to use WhatsApp to replace their messenger. How do you think Facebook will make money? Finally, "The Fappening" didn't happen all at once, it happened over time, with some big scores here and there. The massive collection of nudes were taken through various unsecure apps and some cloud servers that people commonly use, like Kik, SnapChat, WhatsApp, and other common ones. As for the cloud servers, since I mentioned it, Apple iCloud and Microsoft OneDrive.
Much of what the others have replied with is true as well.
Some may recommend TextSecure/RedPhone for Android and Signal for iOS. They are by the same group and work together. They're good enough as long as you and your friends use them. You should also set a password to locally encrypt the texts. TextSecure implements the axolotl ratchet protocol properly, unlike WhatsApp.
I also recommend Tox, but you need to use Tor or a VPN with it because of the decentralized BitTorrent way it works. Tox supports messaging, voice, and video. Basically, it's like Skype, but open source and encrypted with all your data on your device or computer, instead of on some cloud servers.
Nee, dan gebruik je TextSecure en RedPhone voor Android of Signal voor iOS. Allemaal opensource en van Open Whisper Systems.
Yes, unless you use end to end encryption your messages aren't private. Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Free software, made by people who know what they're doing and recommended by Snowden.
Wall Street Journal had a good article http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
Yes but for that you need end to end encryption. That's the only thing that works, so changing operators is useless.
Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS. Redphone is the app that handles calls on Android, but it will soon be integrated into TextSecure.
Wall Street Journal had a good article http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
The apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Wall Street Journal had a good article about it http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
You really ought to just use TextSecure.
>2.) With TextSecure now coming standard on CM (as I understand it), if I remove all GAPPS and Google functionality, will TextSecure no longer work due to it's reliance upon Google Play?
TextSecure is an advanced end-to-end encryption protocol as well as a free and open-source encrypted instant messaging application for Android which uses that protocol.
CyanogenMod doesn't come with the TextSecure application, but with the TextSecure encryption protocol as an opt-in feature. It's contained in a system app called WhisperPush. The TextSecure application (which is distributed through Google Play) requires GAPPS, but the WhisperPush system app that comes with CyanogenMod doesn't require GAPPS.
If you want to enable the TextSecure encryption protocol on CyanogenMod, you need to open WhisperPush and register your phone number with the Cyanogen team's server. The Cyanogen team runs their own server for WhisperPush clients, which federates with Open Whisper Systems' server so that users who have registered through WhisperPush can exchange end-to-end encrypted push messages with each other and with users who have registered with Open Whisper Systems' server through TextSecure or Signal .
Sources:
https://whispersystems.org/blog/cyanogen-integration/
https://en.wikipedia.org/wiki/TextSecure
Textsecure is another cool alternative. It'll handle SMS and is fully open source and has material design.
It also give you the ability to send encrypted messages over your data connection and wifi.
The best secure messenger right now (yes, better than Telegram and all the others)
On iOS it's called Signal which also has eencrypted calls (over wifi and data connection), they'll merge this on Android too in the future.
Both can be found on the Open Whisper Systems website
No one has mentioned TextSecure as an SMS app replacement? Secure, transparent end-to-end encryption for your texts. It just works, and it's so easy that even my mother uses it.
Encrypted messaging that works in the background so on your end, it looks like regular SMS. The drawback is that both people need it so it only works with other OPO users that have it enabled. And other people that use TextSecure.
Bir saniye, Signal uygulamasını kullandığı için mi yargılanıyor? Bildiğin uydurma bir gerekçe ya bu. Whatsapp'tan bir farkı yok ki. Hatta Whatsapp ilk başta şifresizdi sonra Signal protokolünü kullanmaya başladı. Şimdi bana ByLock da uydurma bir gerekçe olarak öne sürülmüş olabilir gibime gelmeye başladı.
Signal. Does absolutely everything you're looking for plus give you Access to end to end encryption for your chat/call/videos if your contact use Signal toi
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
Signal. It uses Open Whisper Systems encryption. Handles sms/MMS, has better encryption when you and person you are texting both use signal, self-destructing messages, gif support, and more.
Just install Signal. It has SMS integration.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Yes: Signal by Whisper Systems
Signal by WhisperSystems allows you to encrypt/password protect the application and also lets you mute individual conversations or block the contact
Telegram isn't secure. Use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS.
Wall Street Journal had a good article about it http://www.wsj.com/articles/moxie-marlinspike-the-coder-who-encrypted-your-texts-1436486274
I do have a Facebook only because my last employer asked for one (for some reason it was a job requirement). However I don't use any form of Social Media, and completely block it.
Now when it comes to communication apps, I've substituted WhatsApp for Signal (Android version IOS version). It can be rather dodgy when it comes to connection, but I still find it pretty good.
How about when this happens we delete it from our phones after copy-pasting our contacts "I don't want facebook indexing my conversations with you, and neither should you. We are all hoping to Signal next, see you there! (link)"?
Changes come at a price and we're somehow at fault here too.
lol he has an iPhone, doesn't he?
First of all, read this https://www.torproject.org/download/download.html.en#Warning
> Is it safe to also browse this sites in tor while viewing illegal sites (with all scripts disabled) or can my unique pattern of 10-15 same sites leave a sort of fingerprint since they definitely have me on record of visiting these 10-15 sites while using regular web browser?
This shouldn't be a problem.
> If I access these videos using tor with scripts allowed how anonymous am I really?
There's a risk that you won't be anonymous and it's not recommended. That said if you don't use Tor there's a guarantee that you won't be anonymous. In my opinion it's still better to use Tor Browser with scripts allowed than not using it at all, but I'd be interested to know if anyone disagrees with this.
> More importantly, IF I use tor with scripts allowed for pron, THEN forbid all scripts, THEN exit tor completely, THEN reopen new tor session AM I as safe as before for browsing political content or has my security been compromised by browsing for porn with script allowed previous session.
Most likely you'll be ok, but if you want to be sure you should use https://tails.boum.org/ when allowing scripts.
I would also recommend that you use the apps by Open Whisper Systems. TextSecure for Android and Signal for iOS. Ask your friends and family to do the same. On Android it handles sms as well so it works just like a regular sms app when sending messages to people who don't have it, and if your friend does have it the messages are encrypted. You can change the settings to delete older messages as well which might be a good idea.
E' bastato creare una lista broadcast in whatsapp e avvisare tutti i miei contatti che stavo migrando su Signal ( https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms ... c'è anche per iOS dovesse servirti) che è un alternativa gratuita, open source e molto più sicura (googla ed informati se non mi credi). Ora, in un mondo in cui la gente è capace di creare un ca__o di gruppo whatsapp per ogni singola stron_ata, credo che CHIUNQUE sia in grado di fare quello che ho fatto io ... quindi dove sarebbe la cazzata? Io non so se e quanto scopi, non mi interessa, ma quello che so per certo, perchè me ne hai dato una prova lampante, è che prima di scrivere non rifletti, tantomeno provi ad informarti un attimino su un argomento che evidentemente NON conosci.
It's called sms 'delivery report', it's a feature baked into sms but not necessarily sms applications.
I don't know your device or the app you use for sms messages, but I can offer you a suggestion that'll work on ios and Android.
Settings > SMS and MMS > SMS delivery reports (Enabled)
I'd highly recommend this app, it's got all the features I've needed from a messaging app plus it allows for end to end encryption to other Signal users.
Downvoted because you did not do any research.
You're better off staying with Whatsapp than switching to Telegram. But use Signal for calls and messages on Android and iOS if you care about privacy. There's a Chrome/Chromium addon that's in beta. And it's free software (GPLv3).
It's sort of like iMessage for Android. The app also handles sms so it doesn't feel like a separate app, even if none of your friends have it today there's no reason not to keep it installed. iOS doesn't let other apps handle sms though so it just sends encrypted messages.
From the website:
> Use anything by Open Whisper Systems.
Edward Snowden, Whistleblower and privacy advocate
> Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.
Laura Poitras, Oscar winning filmmaker and journalist
> I am regularly impressed with the thought and care put into both the security and the usability of this app. It's my first choice for an encrypted conversation.
Bruce Schneier, internationally renowned security technolgist
> After reading the code, I literally discovered a line of drool running down my face. It’s really nice.
Matt Green, Cryptographer, Johns Hopkins University
To quote Moxie (who made Signal) on Telegram.
> Here's the situation: people hem and haw about Telegram's cryptography, but what we should really be talking about is that Telegram is not using end to end encryption by default. Telegram stores your entire plaintext message history server-side. There is nothing worse when it comes to privacy, but it's very easy to write slick clients when they're just views onto the server and all the logic happens there.
Optional security is dumb. How about doing end to end encryption by default and giving people the option to turn it off for when they absolutely don't want the contents of their messages to be private? Silly when you think about it like that right?
Their server software is proprietary and the source isn't available. Also see the last three twitter links if you don't want to go through all links.
http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
http://thoughtcrime.org/blog/telegram-crypto-challenge/
https://security.stackexchange.com/questions/49782/is-telegram-secure
https://eprint.iacr.org/2015/1177.pdf
https://twitter.com/Snowden/status/678271881242374144