Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Suggestions on low-tech, free secure mobile messaging app

Jesse Young youngj at cs.stanford.edu
Sun Mar 10 14:25:03 PDT 2013


Hi Louis,

Telerivet is based on SMS, and while we do our best to transmit and store
messages securely, it isn't intended to be used as a highly-secure
messaging app. If you are looking for guaranteed end-to-end privacy,
anything based on SMS is not a great option because the mobile networks
could see your messages. Also, with Telerivet, messages are transmitted and
stored on Telerivet's servers, and our code is closed-source.

However, in situations where end-users don't have internet access (or
installing an app on each phone isn't feasible), and where you don't need
end-to-end cryptographic privacy guarantees, Telerivet may be a good option.

(I'm the lead developer of Telerivet)

-Jesse

On Sun, Mar 10, 2013 at 1:54 PM, Louis Suárez-Potts <luispo at gmail.com>wrote:

> Sorry about the top post, but have you looked at Telerivet? <
> http://www.telerivet.com> It's active most in East Africa but the
> founders and company are located… near Stanford, California.
>
> Stackoverflow has a good summary and discussion:
>
> http://stackoverflow.com/questions/11291196/android-as-an-sms-gateway-for-integration-with-web-application
>
> -louis
>
>
> On 13-03-10, at 12:29 , Nathan of Guardian <nathan at guardianproject.info>
> wrote:
>
> > On 03/09/2013 04:17 PM, Alex Comninos wrote:
> >> 1> Request opinions on the security of WhatsApp and Viber (I understand
> the
> >> security of the previous has been discussed extensively on Libtech)
> >
> > They have reasonable network security from the app to the server (basic
> > HTTPS / SSL), but NOT end-to-end security between you and the person you
> > are communicating with. It is also unclear how well they validate their
> > server's SSL certificate, so it might be possible for that traffic to be
> > broken by a man-in-the-middle attack.
> >
> > Storage of message data locally on the device is in a relatively
> > standard manner with all/most messages being logged by default, meaning
> > it your message history can be easily extracted if the device is
> > physically compromised, and possibly also by malware on the device
> > (especially in the case of a rooted Android device).
> >
> >> 2> Request suggestions on secure mobile messaging apps. These apps s
> hould
> >> not just run on Android and iPhone devices, but should also run on the
> most
> >> basic and cheapest of internet enabled phones (feature phones or dumb
> >> internet enabled phones, particularly Nokia and older versions of
> Symbian).
> >> These apps must also be free and easy to use.
> >
> > Security on older Nokia and Symbian phones is a tricky subject,
> > especially when you want interoperable security with Android and iPhone.
> >
> > There were some Java/J2ME "crypto SMS" implementations around in the
> > past, but these have not been maintained. There definitely isn't
> > something interoperable with open-standards like Off-the-Record
> > Encryption, as far as I know. Based on some work towards a Blackberry
> > OTR app, it seems like the necessary Java libraries for strong
> > cryptography on J2ME
> >
> > The best that I can offer is Gibberbot, our app for Android, that can
> > work just fine on really, really cheap Android phones (<$50 USD), and
> > also works with ChatSecure on iPhone, and Pidgin desktop chat on
> > Windows, Linux, and Adium on Mac. It also can work on slower networks
> > like EDGE.
> >
> > https://guardianproject.info/howto/chatsecurely/
> >
> > Best of luck finding a solution that address all of your needs, and let
> > us know how it goes. I am sorry we can't provide better support for
> > these more limited devices.
> >
> > Best,
> > Nathan
> >
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130310/602ac316/attachment.html>


More information about the liberationtech mailing list