Silence (https://silence.im) is a fork of Signal that communicates via encrypted SMS messages (with a fallback to plaintext so you can use it with non-Silence users)
Disclaimer: I am one of the main devs.
There is Silence for Android: https://silence.im/ which uses SMS which is a fork of Signal
Note that it is not on the play store in america (but it is in at least some countries) but americans can get it off f-droid.
You could also use PGP in your SMS or something too (but I recommend Silence since PGP does not use forward secrecy).
https://ricochet.im if you both have access to PCs, setup Tor to use bridges
Use Signal with Tor on phones, again with bridges
If he only has access to SMS & no internet, then use Silence: https://silence.im/
Please note that untraceable can mean a lot. Tor helps protect metadata, but not entirely. All of the apps I mentioned besides Ricochet are encrypted but still leave metadata (Ricochet does too but not very much).
Anywhere information can be stored, it can be encrypted. Signal used to encrypt SMS/MMS before it moved to its own Internet service, but a fork called Silence still does this
No it uses the 'Signal protocol' and TextSecure is basically the old (post-2015) name for the Signal app back when it used SMS/MMS.
Silence was a fork of if that attempted to keep the dream of 'Signal over SMS' alive:
I wouldn't be surprised, since it's apparently still possible to do with SMS?
I'd think the additional capabilities of RCS could help make this protocol even better, but I'm not an expert.
​
If the RCS API exists exactly like the SMS/MMS API exists, why wouldn't Signal use it? They use SMS/MMS...
> The company tells me it would be happy to work with any company to work on compatibility.
https://www.theverge.com/2020/11/19/21574451/android-rcs-encryption-message-end-to-end-beta
I said "used to", I'm aware Signal took it out. TextSecure became Signal and when that feature was taken out, SMSSecure (now Silence) was forked. You can use it now if you want.
> message
What kind of?
Answering your main question first.
SMS is not secure. When you send an SMS, it is first received by the carrier, it is stored in their network until it bounces to the network tower closest to the recipient, then it is delivered to the recipient. It isn't encrypted, it can be read and spoofed(doesn't really happen to regular people).
The only way to send SMS securely (encrypted) is using a SMS app like Silence. The app needs to be on the device on both parties, (sender and receiver). It encrypts your SMS on your device and then sent to the carrier, the recipient receives an encrypted message. This can be decrypted on in the app, so receiver needs to receive it in that app to read it.
Silence app is a fork of Signal, it was forked when Signal removed the functionality of sending encrypted SMSes as they are still not 100% secure and Signal didn't want to keep supporting a feature knowing it can't be secured 100%
Signal messages on the other hand are encrypted so is secure, they are not SMS messages but messages sent via internet (data message). They are encrypted on both ends. Signal for Android has a nifty feature in which if the recipient doesn't have the Signal app it will send a SMS instead (not secure), and it tells you its sending a SMS instead. This makes sure that the message is delivered, so on an Android phone you can use Signal app to send Signal messages as well as a SMS.
Now answering your second question, yes cross platform secure messaging is possible but not via SMS by a message through one of the apps like Signal, Telegram, WhatsApp etc which provide end-to-end encryption. Obviously both parties need to have the same app to communicate.
> https://silence.im which doesn't collect any data whatsoever.
Your carrier can still see all the metadata. Only messages content is encrypted and this only for other Silence users too.
Hi everybody ! I'm using Signal since TextSecure and I love this app but what about GMS (the biggest problem IMO) ? (Even encrypted, why should my messages transit in Google's servers ? I don't like this idea :-( ) Does someone here use Silence ? It's a Signal's fork but even the encrypted messages are sent by GSM and you can send encrypted and unencrypted messages by SMS even when there's no 3G or 4G available. I think, this makes Silence a little better than Signal.
Signal. It is an open source, free software message encryption app. It is the most trusted encrypted messaging app in the game right now.
There is also Silence, which uses the same encryption protocol and is based on the same code - but encrypts over SMS, so it doesn't require mobile data, in case you have a shitty data connection or are otherwise out of range.
I may be misunderstanding you.. Are you looking to encrypt your SMS messages?
If so, You can use Silence.
It's FOSS and available on FDroid.
Naturally, both parties, sender and recipient must be using it. I've used it for several years and it works well.
That's really odd. But now I'm having problems registering for RCS so I've given up on it entirely. I've switched to this app. Maybe Google will eventually make the registration process less tortuous.
You can use Silence to send SMS/MMS messages to anyone. The recipient will also need to have the same app installed if you want your SMS/MMS messages to be end-to-end encrypted. This limits Silence's usability to about half the mobile population, because the app is currently only available on Android. Also, the end-to-end encrypted SMS/MMS messages will still leak metadata to your mobile provider. I would only use it with contacts who I know have an Android phone, have the app installed, and do not have a mobile data connection. With everyone else, it's safer to use Signal.
Even if you turn on Pushbullet's "end-to-end encryption", your cell phone provider and anyone who can intercept your SMS messages will still be able to read your messages.
Here is the blog post from 2015 that announced the addition of end-to-end encryption to Pushbullet. In it, they explain that the end-to-end encryption in Pushbullet has to be turned on manually by creating a password and entering that password on each of your devices separately, and that the encryption only protects the contents of your messages when they are transmitted between your own devices. Pushbullet's "end-to-end encryption" is only designed to hide the contents of your SMS messages from the Pushbullet servers while the messages are forwarded from your computer to your phone and vice versa. The mobile app on your phone decrypts the messages that it receives from your computer and then sends them to the intended recipients as regular, unencrypted SMS messages.
If you want to send SMS messages that are actually end-to-end encrypted, I suggest using Silence. Note that it is only available on Android and both you and your contact need to install the app in order for your SMS messages to be end-to-end encrypted.
Check out Silence. It's basically a fork of TextSecure/Signal, with any feature that needs mobile data removed, and with the SMS encryption features restored.
It does depend on the sender and receiver both using Silence, but it doesn't depend on any sort of Signal-style centralized server, and it's GPLv3. No registration needed, no risk of the app vanishing because the developer closed it off.
I am not an expert, either. You are right in that everything can be snooped with the right equipment, but usually, transmissions are now encrypted. The encryption algortithms, when they are outdated, can make a transmission more vulnerable. If there are known methods to break the encryption, organizations and experts should switch to still relevant encryption algorithms. Here is where many organizations fail to deliver.
These OS I mentioned are monthly updated with bugfixes and security patches. You should use End to End encryption if you want privacy in your communications. Things like SMS are widely known for being poorly secured, it is easy to snoop into SMS/MMS communications. But, if you and the recipient of your messages use an app like Silence (https://git.silence.dev/Silence/Silence-Android) you can protect your conversation to a certain level. You can consult their FAQ to get a better idea (https://silence.im/faq/).
+1Silence
However both need to have de app https://silence.im/faq/
>Does the recipient have to install Silence?
> To start a secure session, Silence must be installed on both sides. You can still chat with your friends that do not have Silence installed, but this will be via unencrypted messages, like any other SMS/MMS app.
I would say Signal if you want to send messages through internet canal.
Otherwise, if you really want to use SMS canal, you can use Silence.
I don't use it but it worth to take a look
It encrypts the SMS (but not with PGP).
Thanks for this list. It is quite handy.
Although I have a question regarding it.
Is there any reason why Silence app was not included in the list as sms alternative? It seems it has encryption, although that requires both parties to have the app installed. It is a community driven app and is sometimes even advised as a simpler, sms-only alternative to Signal. I am not affiliated in any way with it, I am just simply curios.
Fair enough, just bear in mind that nation state actors like GCHQ are known to collect all unencrypted communications as was revealed under the snowden leaks (using dragnet etc). So the threat model is a choice between FB knowing your metadata (and possibly the content of the messages) or nation states knowing the contents. Our choices are wild.
Signal doesn't encrypt SMS. You'll need to use something like https://silence.im for that.
Yeah, you're right about emails, and about the alternatives. We're all making choices within our limitations. I'd want anarchists to know it that it pays to have a realistic sense of the risks of a given medium versus another so you can make an informed choice and not a costly, avoidable oopsie. (And, of course, to understand that some oopsies are just unavoidable, and you have to conscientious about weighing the risks of anything you put out versus the benefits.)
(I still do think I'm right about the Signal SMS thing. Every time I can find SMS in Signal, even on the interface itself when you're about to send one, it's prefixed by "insecure." SMS isn't a synonym for text message, it's its own service that Signal only acts as an interface for, should you choose to enable that. Regular Signal messages between two Signal users, you're right, are very secure and I try to make it the only way I communicate with people I know now. I don't want to split hairs but I don't want to give people a false sense of security if they're ever in a situation to make a quick judgement. Silence.im claims to encrypt SMS but I've never heard of them until now.)
I haven't spent much time researching alternative SMS/MMS apps, to be honest. Based on your earlier comment about wanting to securely share things like financial receipts with family members, I'm guessing that you're looking for something that wouldn't reveal the contents of your messages to third-parties on the wire, like your mobile provider. For that, you would need an app that provides end-to-end encryption between you and your contacts.
AFAIK, there is no universal standard for end-to-end encrypted SMS/MMS messaging. So whichever app you choose, you will most likely need to convince your contacts to install the same app in order for the conversation to actually be end-to-end encrypted. I know that Silence supports end-to-end encrypted SMS/MMS messaging if both you and your contacts use it, but unfortunately, it's only available on Android and doesn't have a desktop app. Pulse would be great, but it only offers end-to-end encryption between your own devices, not between you and your contacts.
It could almost be easier to convince the contacts that you want to communicate with securely to install Signal so that you could send each other end-to-end encrypted Signal messages instead of SMS/MMS messages. Then your messages would also show up on desktop (unless you run into a bug like OP).
Google is a key contributor to RCS, but it's a carrier standard, so there is basically no possibility native support of E2E encryption would be part of the standard.
I hope that as RCS becomes the universal replacement for SMS, and when the Android API comes out, a standard open source E2E layer emerges for integration into 3rd party texting apps, like Silence.im but for RCS.
It's not impossible that (Google) Messages could add this too, similar to Allo's Incogneto Mode. But it's definitely not going to happen while they are struggling to get the standard adopted at all.
In the meantime, I would use Signal for cross-platform E2E chat needs.
Hopefully something like https://silence.im/ is adapted to work with RCS and adopted by various clients, but there's no realistic possibility of any carrier ever doing E2E directly.
Governments demand legal warrants should work (at a minimum) and carriers are uniquely dependant on public spectrum highly regulated by Governments.
No chance of E2E encryption being part of the GSMA RCS standard because it's a spec for carriers.
I hope once Google creates a Android API for RCS, Silence SMS can be upgraded to RCS and various texting apps add the open source code.
Not impossible that Google would do something similar with Android Messages similar to Allo incognito mode, but IDK.
By a 3rd party app, it seems very possible once the API is released (with Android R?). Signal created an end to end SMS/MMS encryption protocol TextSecure, but they abandoned it. It was forked to an app called Silence.
Native support won't happen for a non-technical reason. Carriers operate by the grace of licensing spectrum controlled by the government. They are not going to rock the boat with E2E that resists legal warrants, etc.
It is not E2E, but at least RCS is encrypted to the server. SMS has no encryption.
Try Silence which is an open-source fork for Signal with only SMS/MMS encryption.
There's also Riot, Wire, Ricochet, Conversations, Kontalk, Tox, Jami and Gajim if you're curious about other software (depending on your needs).
I'm sorry then. But why should i use signal even when you need to implement your phone number into their server. and not use https://silence.im which doesn't collect any data whatsoever.
Use Silence for sending for e2e encrypted SMS (receiver must also have installed on their device). It can also encrypts your SMS stored on the device. Available on Play Store and F-Droid (don't know about Apple).
Ive got friends and family on Telegram, so thats convenient for me.
I would have preferred to use Silence for SMS https://silence.im but im used to adding it after the fact.
I would hope they consider Firefox's android port for their browser. Mozilla lost a lot of marketshare when Mobile browsing exploded and their mission is in line with what Eelo is trying to do.
If you're looking for something that works with no Gapps (Google Framework), give Silence a try.
If you're looking for something that uses data plan rather than SMS, give Tox a try. Works great over wifi and it cross-platform too.
> Signal is multiplatform
It isn't. There is not desktop program for GNU/Linux, and other plataforms (*BDS) and some phones OS (like the 3 guys in the world that have Windows Phone)
> Will the Android app do sms too?
Try silence.im
I believe Silence is a fork of Signal (or a fork of the older Signal when it did have the capability to encrypt SMS).
If Silence is set to your default SMS app, it will transparently encrypt SMS to other Silence users. Signal can run alongside it for your Signal contacts. Of course, Silence (nor any other app) can hide the metadata from the phone companies which must use it to transmit the message.
Yes, voice calls are also encrypted. However since the voice calls server for Signal is no longer open source, there's no way to actually verify this.
It's also worth mentioning that if you still would like encrypted SMS, there's Silence, but your recipient has to also have Silence, which is only on Android.
There's an updated fork of the old Signal-precursor TextSecure app called Silence (formerly called SMSSecure, name changed due to legal issues), available on F-Droid. It's basically TextSecure with the SMS encryption features restored, and anything that depends on mobile data removed.
Silence encrypts messages while still using SMS / MMS as transport, but isn't on this list. TextSecure (the predecessor to Signal) used to, but dropped it.
Also, I think the main issue with iMessage is that the user has very little indication that some messages are being sent cleartext. The text bubbles are different colors, but most people just think that means iPhone vs Android phone.