networkimprov / mnm

mnm implements TMTP protocol. Let Internet sites message members directly, instead of unreliable, insecure email. Contributors welcome! (Server)
https://mnmnotmail.org
Mozilla Public License 2.0
227 stars 10 forks source link

FAQ: general security/privacy issues #20

Closed ghost closed 1 year ago

ghost commented 1 year ago

Hello everyone!

disclaimer

report and experience

"SMS is really any more secure than email with TLS. phone provider can read it as well, same as email providers when the emails are not encrypted.

Also you just need one malicious app on your phone that has the sms reading permission, or sometimes an attacker just needs one call to your tel-co provider to convince them to send them a replacement sim card which they can use to read all your sms and steal all your accounts that are foolish enough to consider SMS a second factor.

So no SMS is not really more secure or private than email with TLS transport encryption between providers (which is standard these days).

Now about tmtp, if you read their site you will notice that it’s completely different from email architecture wise. It’s not compatible with email the way POP and JMAP are. Also the companies can directly collect the user’s ip address (and thus also their rough location), because users connect directly to the companies server. Also TMTP is for business <-> customer, not for normal usage from what I can tell."

general questions

  1. Does this report or experience make sense?
  2. How is tmtp protocol better than email with tls?
  3. Is the tmtp network protocol an alternative to the smtp network protocol or is it similar to the smtp network protocol?
  4. Why cant tmtp be compatible with JMAP and POP?
  5. Is there any way to add pop and jmap compatibility to tmtp?
  6. Is the tmtp network protocol only for business? or could it be used for end users too?
  7. Can companies directly collect user's IP address and approximate location with tmtp?
  8. Is it possible to use things like proxy, vpn, tor in tmtp to avoid approximate location?
  9. What are tmtp security recommendations for better use?
  10. TMTP is more secure than email? if yes, why?
  11. What are the use cases that tmtp could not or should not be used?
  12. Is tmtp similar to IRC network protocol?
  13. tmtp is a non-realtime chat?
  14. how does tmtp prevent things like spam?
  15. what are the pros and cons of tmtp?
  16. Is it necessary to use Things like email use PGP: Pretty Good Privacy, for encrypting messages in tmtp?
  17. what are the algorithms used to encrypt messages in tmtp?

If anyone can answer one or more questions. I will be happy, for any answer.

networkimprov commented 1 year ago

Closed for post & ghost.