I would like to know how the aspect of the security layer, privacy of the tmtp protocol works. So, recently, I read some reports or experiences about the security layer of tmtp. And I would like to know if the reports or experiences shown here make sense.
I'm confused to understand how the tmtp protocol works, maybe I don't have much knowledge in networks or network protocols. I say that I'm confused, because I didn't find relevant information about the doubts I have here. Note: I plan to someday use the tmtp protocol for a use case.
Perhaps the security information is not enough to understand the security aspect of tmtp yet. I believe my question can help many users. If someone can answer my questions, I would be happy for any answer.
The purpose of my question being related to the report or experience I leave here is to bring useful information to anyone interested in the mnm protocol. I say this because I don't want you all to think that such a report or experience told here serves only as an empty or baseless criticism.
I would like to say that I have a genuine doubt to understand how things work, why they work and why they are important or not.
I searched the internet for everything I could find about reports or experiences with tmtp and found this one.
report and experience
"SMS is really any more secure than email with TLS. phone provider can read it as well, same as email providers when the emails are not encrypted.
Also you just need one malicious app on your phone that has the sms reading permission, or sometimes an attacker just needs one call to your tel-co provider to convince them to send them a replacement sim card which they can use to read all your sms and steal all your accounts that are foolish enough to consider SMS a second factor.
So no SMS is not really more secure or private than email with TLS transport encryption between providers (which is standard these days).
Now about tmtp, if you read their site you will notice that it’s completely different from email architecture wise. It’s not compatible with email the way POP and JMAP are. Also the companies can directly collect the user’s ip address (and thus also their rough location), because users connect directly to the companies server. Also TMTP is for business <-> customer, not for normal usage from what I can tell."
general questions
Does this report or experience make sense?
How is tmtp protocol better than email with tls?
Is the tmtp network protocol an alternative to the smtp network protocol or is it similar to the smtp network protocol?
Why cant tmtp be compatible with JMAP and POP?
Is there any way to add pop and jmap compatibility to tmtp?
Is the tmtp network protocol only for business? or could it be used for end users too?
Can companies directly collect user's IP address and approximate location with tmtp?
Is it possible to use things like proxy, vpn, tor in tmtp to avoid approximate location?
What are tmtp security recommendations for better use?
TMTP is more secure than email? if yes, why?
What are the use cases that tmtp could not or should not be used?
Is tmtp similar to IRC network protocol?
tmtp is a non-realtime chat?
how does tmtp prevent things like spam?
what are the pros and cons of tmtp?
Is it necessary to use Things like email use PGP: Pretty Good Privacy, for encrypting messages in tmtp?
what are the algorithms used to encrypt messages in tmtp?
If anyone can answer one or more questions. I will be happy, for any answer.
networkimprov
commented
1 year ago
Hello everyone!
disclaimer
report and experience
general questions
If anyone can answer one or more questions. I will be happy, for any answer.