TextSecure nuking encrypted SMS? WTF?!

[SecUpwN]

Dear @moxie0, the first thing I do before having breakfast is having a coffee and reading the current security news. Today, this article on Heise Security was the worst news of the day: Are you honestly thinking that SMS are going to be replaced by data connections in the future and are thus thinking that nuking the offline SMS encryption feature (as discussed in #1737) is necessesary? Are you FUCKING serious? Excuse my cursing, but I simply cannot believe you seriously decided that!

Up until this point I've been a huge fan of the Whisper Systems products - be it RedPhone, TextSecure or anything else. I've been recommending TextSecure to all of my friends, recommended them to full erase WhatsApp, explained how to connect through TextSecure, even fiddled with their phones until it worked - and now you are blatantly coming along saying that it's "too much work and confusion" connecting people through exchanging keys? I really hope that mentioned article is wrong and all this is not true.

Please rethink your decision. If TextSecure will nuke offline SMS encryption (which always was the reason why people like me and my friends used it), I'm going to fully eliminate TextSecure and replace it with a smarter choice. And I will not only do that for my own phone, but for every phone if brought TextSecure to. To be honest, even thinking about it hurts! But deep within myself I simply cannot support a Project who eliminates its upmost important feature! Have you ever thought of the fact that there are countries out there who lack data connections due to poverty or war (and probably will continue to do so for the next few decades)? What about the people living in supressed countries with supressing governments?

I very much loved TextSecure, and while writing this, I still do. In the name of all security-enthusiasts and people ou there wondering how to continue or which App to switch to, I am asking you to NOT just close this Issue, but rather have a grown-up discussion here, which hopefully leads you to the conclusion that offline SMS encryption is really important to keep.

THANK YOU for listening to the community and not just what the "trends" are going to be.

[moxie0]

Please read the discussion thread on the mailing list, and then feel free to join in the discussion there.

[SecUpwN]

@moxie0, sad to see you closing this without directly pointing me to it. Please paste a link here!

[markum]

I am not so emotional about it, because I just started using Textsecure, but I must say, I agree. Removing the encrypted SMS functionality is a bad decision. It is one part of what makes Textsecure so attractive. I would strongly urge you to reconsider.

[moxie0]

@SecUpwN, the link to the mailing list is right in the README.md: https://lists.riseup.net/www/info/whispersystems

The thread is "UX / Usability Issues and Thinking of the Future."

[SecUpwN]

Then let me ask you why such discussion has to take place in a "closed" discussion and not here on GitHub, where actual development takes place. I don't see the point in registering just for reading the discussion. Hence, my (our) question remains: Is that your final decision or might your consideration change, @moxie0? I'm seriously thinking of replacing TextSecure ASAP, which hurts a lot!

[moxie0]

A mailing list specifically dedicated to discussing the future of TextSecure, which anyone can post to or read, and which is prominently displayed on the GitHub README.md is a "closed" forum? The point is that this bug tracker is not a discussion forum; we redirect all discussion there, and even ask that you propose PRs there before submitting them here (see CONTRIBUTING.md).

Consider that you are reacting to a news story written about a single off-hand comment I made in a single issue on a bug tracker, without having read any of the back story or thoughtful discussion that went into this.

Are you honestly thinking that SMS are going to be replaced by data connections in the future and are thus thinking that nuking the offline SMS encryption feature (as discussed in #1737) is necessesary?

Yes, we are considering phasing out support for encrypted SMS. One of the big lessons we've learned in this project is that it's not possible to seamlessly layer an encryption protocol on top of a transport that wasn't designed for it. We will never be able to make encrypted SMS seamless. Never. And it is really holding us back. But that's just one reason.

even fiddled with their phones until it worked

This is a big part of the problem.

Have you ever thought of the fact that there are countries out there who lack data connections due to poverty or war (and probably will continue to do so for the next few decades)?

The data supports the opposite conclusion. For the most part, the global south is hungry for overlay services that they can use instead of SMS, precisely because SMS is so expensive in those places. It's common for people in the US and Europe to assume that SMS is the accessible option for people in the global south, but it's primarily just US and parts of Europe that have affordable/unlimited SMS plans. Just look at the places where market penetration of overlay services like WhatsApp have been the highest.

There are certainly some places where data is not accessible, but those are also mostly places where smartphones are equally inaccessible.

What about the people living in supressed countries with supressing governments?

Again, this is exactly what I'm thinking. Metadata can be dangerous for people in dangerous places, and there is absolutely nothing worse than SMS for leaking metadata.

It is impossible for us to do worse than SMS. Even if the TextSecure server nodes operated by Open Whisper Systems were physically hosted in the lobby of the NSA's building, it wouldn't be worse than the telcos. At least then the state-run telcos in Saudi, Iran, Bahrain, Belarus, China, Iran, Egypt, Cuba, etc... wouldn't have direct access to the metadata of TextSecure users in those countries.

Many people other than myself have chimed into this discussion. I encourage you to read through it and participate on the mailing list.

[SecUpwN]

@moxie0, thanks for the link and making it clear to participate there. Point is, I always respected WhisperSystems for sticking to the core killer-features it had in TextSecure. WIth even talking about erasing the best feature of TextSecure, your company makes a strong turn the other way around for me. The most difficult and confusing part is NOT to exchange keys, but rather to convince friends and other people to use TextSecure and not some other shitty Messenger out there. Do you know what the reason was that finally convinced me to ditch WhatsApp and switch to TextSecure? It was this awesome comparison: Fighting DISHFIRE: The State of Mobile, Cross-Platform, Encrypted Messaging. What would @jlund say to this?

With TextSecure lacking SMS encryption, there's no point for me in continuing to use it. I don't get why you and your company even think about killing that feature if this project is open-source in the first place. What exactly is holding you back? The reasoning that the future will provide more data connections and that SMS continue to submit metadata might be a valid point, but SMS is are not going to vanish within the next 10 years, nor will I ever switch on my data connection when wanting to write to someone OFFLINE.

Last question: Is your decision to erase encrypted SMS a final one, or is there still a chance to keep it?

[jlund]

Hey, SecUpwN. Thank you for the kind words. It makes me happy to hear that the comparison was helpful.

I'm actually in complete and total agreement with Moxie on this issue. At the time that I wrote the "Fighting DISHFIRE" article I saw TextSecure's exclusive use of SMS/MMS as its single biggest liability. In fact, "Use the data channel instead of SMS/MMS" is one of the bullet points at the beginning of the essay where I describe what I see as the most important features of the ideal messaging platform. I end the article with the phrase "SMS is dead, long live privacy." That's really the way that I feel.

After TextSecure 2.0 was released, people became wildly more positive when I introduced them to the application than they were when SMS and MMS were the only available transport layers. Push messages are faster, more reliable, more secure, and initiated automatically. My friends and family ask me fewer questions, find the entire process to be dramatically less confusing, no longer see the user interface as intimidating, and almost immediately stopped wondering if we "had to keep using this." They actually really like using it now, whereas before TextSecure was something they used only because they love me very much.

The reason for this is pretty simple: SMS and MMS are horrible protocols that do not have any future whatsoever. Their decline will be rapid, and severe. The process has already begun. SMS and MMS don't even get the basics right. You cannot send a long message over SMS without it getting split into pieces and annoyingly delivered out of order, and MMS picture messages look absolutely terrible. There's no way to fix these issues; they are endemic to the protocols.

Meanwhile, the world is moving on. Applications like WhatsApp and Facebook Messenger that aren't saddled with the baggage of these antiquated standards are rapidly including incredibly nice media sharing features that their users truly love. The next version of iOS is going to support a wide array of new iMessage functionality, including voice messages and one-touch location sharing. There's no way for SMS and MMS to reliably support features like this. Any application that doggedly clings to the fading embers of these dying protocols is practically guaranteeing their own irrelevance.

I want encrypted messaging to become ubiquitous, and this cannot happen unless encrypted messaging applications are able to support the features that people care about. TextSecure 2.0 was a massive leap in every possible category: UI, feature set, performance, protocol, and security. It simultaneously became more usable while introducing a beautiful new ratchet and numerous state-of-the-art encryption features. I want future releases of TextSecure and Signal to be equally revolutionary, but encrypted SMS threatens to become an unwieldy burden that holds them back. No feature is more confusing for average users than SMS key exchanges and SMS fallback. Neither feature will work with the upcoming iOS and browser clients either. It's truly a dead end of a transport layer.

So far all of these SMS/MMS criticisms exist outside the realm of security, and once you factor that into the mix it only looks worse for SMS and MMS. They leak all possible metadata 100% of the time to thousands of cellular carriers worldwide. The two protocols are therefore absolutely disastrous when it comes to the security of user's personal information. It's tempting to view SMS and MMS as "OFFLINE" protocols, but the truth is that they too have servers and are very much online and connected--only these servers are run by the industry that has the very worst track record in the history of the world when it comes to protecting the integrity of their user's privacy. I personally don't think there is anything nefarious going on in Google Play Services at all, but even if it were a full-blown rootkit I would still feel dramatically better about having it on my phone than I would about routing my messages through the telcos. I am not joking when I say that.

Fortunately, that's not the choice. WebSockets will enable non-Google users to run TextSecure and Signal on Android in the absence of SMS, and without leaking metadata everywhere.

I could go on and on about this, but I feel like I have already written too much. Here's the short version: I can't wait for SMS and MMS to die, not only in TextSecure, but everywhere. It cannot happen quickly enough in my opinion.

[SecUpwN]

@jlund, hats off to your very thorough explanation, which is almost as well-written like your article. Perhaps you should write another public article on SMS and MMS dying? There are some facts that I don't understand and that seem out of place for me - maybe you can elaborate on these in short words?

• What exactly makes you so sure SMS and MMS are going to die? More importantly: When?
• How is SMS and MMS going to die? Will phones only have data connections one day?
• If phones will only feature data connections one day, will that mean voice will die, too?

When looking at the way I personally communicate, I must honestly say that I'm communicating much more through SMS (not MMS) than through the online data channel. It might be afact that SMS and MMS have terrible protocols and are unsafe, but I simply don't see that they are going to die just because data plans are increasing. At least not within the next 20+ years. And that is in fact the very reason why I enjoy TextSecure so much at the moment: Because it does something to encrypt the message (even though this might be holding back development) and also offline on my phone in case it get's lost. @jlund, you don't have to place a long answer here now, I'd just like to know what you think aboiut the above stated points. After that, I'll see and wait how TextSecure evolves. If it really kicks out encrypted SMS before SMS dies itself, I'll kick my beloved TextSecure as well. Simple as that.

[mejo-]

Hello everybody,

I followed the discussions about future of textsecure and encrypted SMS both on github and on the riseup mailinglist. Thanks to everybody involved for sharing your arguments, and especially to the textsecure developers for this invaluable software. I appreciate your style to set trends ("Skate for where the puck is going, not where it is now, and all that").

I understand your arguments against keeping support for encrypted SMS/MMS (protocol issues, slows progression of textsecure features). Still, I would like to raise a few thoughts in favour of keeping support for encrypted SMS/MMS communication. In my eyes, encrypted SMS is still a killer feature of ts and dropping it alltogether (right now) would be a step back instead of forward.

1/ If I got Moxie right[1], then support for SMS/MMS protocol in future textsecure releases is indisputable, at least for the forseeable future. Instead, you just want to drop support for encrypted SMS. I understand this argument the way that you don't question the importance of SMS communication right now. People still use it a lot - at least to my knowledge in Europe, northern and southern Africa (don't know about central africa) and the Middle East. So regardless how flawed the protocol is, there's still a need to support it if you head for providing the one communication app for smartphones instead of being just one of several alternatives for ›instant‹ messaging over the web.

2/ Nevertheless, SMS/MMS protocol is a show-stopper for providing more extended communication features. The protocols are somewhat 'sedate' and slow down textsecure feature progression. See jlunds comment at [2].

3/ If you don't want to drop SMS/MMS support completely right now (which I hope is true), then you'll have to seperate feature support for different protocols (SMS/MMS vs. data/push/websockets) anyway. Honestly, that's already true for the present: textsecure groups work only when subscribed to the data channel.

4/ While SMS/MMS protocols might be flawed, people will not stop to use it just because of this fact. I agree with SecUpwN [3] that SMS will be continued to be used for the next years. If this assumption is true, then end-to-end-encrypted content with leaked metadata (you're right with your criticism here) is still much, much better than completely unencrypted communication (don't make perfect the enemy of good).

5/ As conclusion of all the points raised above, I humbly ask you to reconsider your decision to drop support for encrypted SMS. Instead I recommend to seperate support for encrypted SMS, make it less obvious in the GUI and use data channel as default everywhere (which is already the case). But please keep the important feature to communicate encrypted through SMS for situations where you or your counterpart don't have a data connection available.

I hope that my arguments are comprehensible - I'm not a native english speaker. In the case of questions or lack of clarity, don't hesitate to ask me :)

Kind regards, jonas

[1] https://lists.riseup.net/www/arc/whispersystems/2014-06/msg00062.html [2] https://github.com/WhisperSystems/TextSecure/issues/1762#issuecomment-50569992 [3] https://github.com/WhisperSystems/TextSecure/issues/1762#issuecomment-50591853

[mejo-]

I agree with Jonas and others. If TextSecure drops support for encrypted SMS/MMS, as much as a pain as they are, it just becomes another online messaging app at that point, which is two steps from useless for anyone without an always-reliable internet connection.

I use encrypted SMS and MMS on TextSecure frequently, and I live in the US (where internet is widespread). Losing that capability would not only be inconvenient, it would also be highly frustrating in situations when communication is necessary but internet connectivity simply isn't possible.

-Alex On Jul 30, 2014 5:05 AM, "jonas" jonas@freesources.org wrote:

Hello everybody,

I followed the discussions about future of textsecure and encrypted SMS both on github and on the riseup mailinglist. Thanks to everybody involved for sharing your arguments, and especially to the textsecure developers for this invaluable software. I appreciate your style to set trends ("Skate for where the puck is going, not where it is now, and all that").

I understand your arguments against keeping support for encrypted SMS/MMS (protocol issues, slows progression of textsecure features). Still, I would like to raise a few thoughts in favour of keeping support for encrypted SMS/MMS communication. In my eyes, encrypted SMS is still a killer feature of ts and dropping it alltogether (right now) would be a step back instead of forward.

1/ If I got Moxie right[1], then support for SMS/MMS protocol in future textsecure releases is indisputable, at least for the forseeable future. Instead, you just want to drop support for encrypted SMS. I understand this argument the way that you don't question the importance of SMS communication right now. People still use it a lot - at least to my knowledge in Europe, northern and southern Africa (don't know about central africa) and the Middle East. So regardless how flawed the protocol is, there's still a need to support it if you head for providing the one communication app for smartphones instead of being just one of several alternatives for ›instant‹ messaging over the web.

2/ Nevertheless, SMS/MMS protocol is a show-stopper for providing more extended communication features. The protocols are somewhat 'sedate' and slow down textsecure feature progression. See jlunds comment at [2].

3/ If you don't want to drop SMS/MMS support completely right now (which I hope is true), then you'll have to seperate feature support for different protocols (SMS/MMS vs. data/push/websockets) anyway. Honestly, that's already true for the present: textsecure groups work only when subscribed to the data channel.

4/ While SMS/MMS protocols might be flawed, people will not stop to use it just because of this fact. I agree with SecUpwN [3] that SMS will be continued to be used for the next years. If this assumption is true, then end-to-end-encrypted content with leaked metadata (you're right with your criticism here) is still much, much better than completely unencrypted communication (don't make perfect the enemy of good).

5/ As conclusion of all the points raised above, I humbly ask you to reconsider your decision to drop support for encrypted SMS. Instead I recommend to seperate support for encrypted SMS, make it less obvious in the GUI and use data channel as default everywhere (which is already the case). But please keep the important feature to communicate encrypted through SMS for situations where you or your counterpart don't have a data connection available.

I hope that my arguments are comprehensible - I'm not a native english speaker. In the case of questions or lack of clarity, don't hesitate to ask me :)

Kind regards, jonas

[1] https://lists.riseup.net/www/arc/whispersystems/2014-06/msg00062.html [2] https://github.com/WhisperSystems/TextSecure/issues/1762#issuecomment- 50569992 [3] https://github.com/WhisperSystems/TextSecure/issues/1762#issuecomment- 50591853

[mejo-]

Something to note, is that for the foreseeable future iOS will not be able to support encrypted or unencrypted SMS as we can't receive SMS within an external to Apple application. The lack of SMS support will be endemic to the iOS and other non-Android clients so no matter the future of TextSecure Android this is a reality for TextSecure as a whole. As such, when we scale to the globe, you will only be able to send encrypted SMS to a smallish subset of your contacts, so even a fork that ran on the same server would be subject to this reality, albeit in the far-ish future. This ends up being confusing, but certainly something that could be dealt with. To me support for encrypted SMS makes the most sense in a separate app, or not at all. As the contribution base to the code is relatively small (send PRs) it may be forced to be one over the other. The weight of technical debt associated with MMS/SMS is immense.

On Wed, Jul 30, 2014 at 5:01 PM, Alex Huelsebusch alex@xodc.us wrote:

I agree with Jonas and others. If TextSecure drops support for encrypted SMS/MMS, as much as a pain as they are, it just becomes another online messaging app at that point, which is two steps from useless for anyone without an always-reliable internet connection.

I use encrypted SMS and MMS on TextSecure frequently, and I live in the US (where internet is widespread). Losing that capability would not only be inconvenient, it would also be highly frustrating in situations when communication is necessary but internet connectivity simply isn't possible.

-Alex On Jul 30, 2014 5:05 AM, "jonas" jonas@freesources.org wrote:

Hello everybody,

I followed the discussions about future of textsecure and encrypted SMS both on github and on the riseup mailinglist. Thanks to everybody involved for sharing your arguments, and especially to the textsecure developers for this invaluable software. I appreciate your style to set trends ("Skate for where the puck is going, not where it is now, and all that").

I understand your arguments against keeping support for encrypted SMS/MMS (protocol issues, slows progression of textsecure features). Still, I would like to raise a few thoughts in favour of keeping support for encrypted SMS/MMS communication. In my eyes, encrypted SMS is still a killer feature of ts and dropping it alltogether (right now) would be a step back instead of forward.

1/ If I got Moxie right[1], then support for SMS/MMS protocol in future textsecure releases is indisputable, at least for the forseeable future. Instead, you just want to drop support for encrypted SMS. I understand this argument the way that you don't question the importance of SMS communication right now. People still use it a lot - at least to my knowledge in Europe, northern and southern Africa (don't know about central africa) and the Middle East. So regardless how flawed the protocol is, there's still a need to support it if you head for providing the one communication app for smartphones instead of being just one of several alternatives for ›instant‹ messaging over the web.

2/ Nevertheless, SMS/MMS protocol is a show-stopper for providing more extended communication features. The protocols are somewhat 'sedate' and slow down textsecure feature progression. See jlunds comment at [2].

3/ If you don't want to drop SMS/MMS support completely right now (which I hope is true), then you'll have to seperate feature support for different protocols (SMS/MMS vs. data/push/websockets) anyway. Honestly, that's already true for the present: textsecure groups work only when subscribed to the data channel.

4/ While SMS/MMS protocols might be flawed, people will not stop to use it just because of this fact. I agree with SecUpwN [3] that SMS will be continued to be used for the next years. If this assumption is true, then end-to-end-encrypted content with leaked metadata (you're right with your criticism here) is still much, much better than completely unencrypted communication (don't make perfect the enemy of good).

5/ As conclusion of all the points raised above, I humbly ask you to reconsider your decision to drop support for encrypted SMS. Instead I recommend to seperate support for encrypted SMS, make it less obvious in the GUI and use data channel as default everywhere (which is already the case). But please keep the important feature to communicate encrypted through SMS for situations where you or your counterpart don't have a data connection available.

I hope that my arguments are comprehensible - I'm not a native english speaker. In the case of questions or lack of clarity, don't hesitate to ask me :)

Kind regards, jonas

[1] https://lists.riseup.net/www/arc/whispersystems/2014-06/msg00062.html [2] https://github.com/WhisperSystems/TextSecure/ issues/1762#issuecomment-50569992 [3] https://github.com/WhisperSystems/TextSecure/ issues/1762#issuecomment-50591853

Christine Corbett Moran christine.corbett@gmail.com Physics @ ICS.uzh.ch // Zurich: +41 79 962 4499 Dev @ http://circleof6app.com // Boston: +1 (617) 398-0452 Dev @ https://whispersystems.org // SF: +1 (415) 670 9629 www.christinecorbettmoran.com

[mejo-]

Splitting this app in two apps is IMHO more confusing and unusable than maintenance one single and usable app like the current version of TextSecure.

Jabber: sederic@jabber.jneureuther.de PGP-Key-ID: B5738743

[mejo-]

so you have, in the future TextSecure ecosystem including browsers, iOS devices, desktop clients, satellites, robots, flying cars (hey it's the future!)

either 1 or (2 and optionally 3)

1. encrypted SMS (only usable Android to Android clients, a subset of users) within Signal
2. no encrypted SMS within Signal, usable by all clients.
3. encrypted SMS (only usable Android to Android clients) within a separate app, optionally for Android only, optionally with a different user base

C

On Wed, Jul 30, 2014 at 5:19 PM, Sebastian Endres < sebastian.endres@online.de> wrote:

Splitting this app in two apps is IMHO more confusing and unusable than maintenance one single and usable app like the current version of TextSecure.

Jabber: sederic@jabber.jneureuther.de PGP-Key-ID: B5738743

Christine Corbett Moran christine.corbett@gmail.com Physics @ ICS.uzh.ch // Zurich: +41 79 962 4499 Dev @ http://circleof6app.com // Boston: +1 (617) 398-0452 Dev @ https://whispersystems.org // SF: +1 (415) 670 9629 www.christinecorbettmoran.com

[SecUpwN]

@mejo-, thank you so much for continuing the vote to keep encrypted SMS. Since @moxie0 already closed this Issue, I guess he is not open for discussion here any longer. Instead, you should continue to join the discussion on RiseUp. As much as I hope WhisperSystems will not drop this awesome feature (and continue development on it), I am already on my way of checking out other Messengers to avoid a "nasty surprise" with a new version of TextSecure coming out and lacking this so beloved necessity.

[Wikinaut]

@SecUpwN … or fork it.

[SecUpwN]

@Wikinaut, I'm sure this makes sense. But I prefer staying with the official source.. for now.

[apmon]

Regarding metadata and what is worse (SMS or data) depends on your use case and who you want to hide it from. If I were in Syria and wanted to overthrow the government, then sure, having the meta data stored in "the lobby of the NSA" would be better than at a Syrian telco. However, if I were e.g. a legitimate busyness in China worried about economic espionage by the French, British or US intelligence services, I'd rather have the metadata stored by the Chinese telco than on a Google server.

So which transport is best for one depends on the use and there are legit use cases for either transport. Given that textsecure is the only option for encrypted SMS, loosing that feature would be a real blow to those who actually need it and not just do it because it is cool. And those who really need it can live with a little bit of complexity.

[E3V3A]

Very informative discussion. Thanks!

[SecUpwN]

@mejo- and @smarek, it appears that with yesterdays update TextSecure finally has no encryption any longer. Here is their official statement. This leaves all people without GooglePlay Services vulnerable since TextSecure is virtually useless for them. I filed a last attempt to complain with #2723, but it was closed quickly. Question: Which App do you use now? I am monitoring the Secure Messaging Scorecard.

[moxie0]

And here I was hoping that your "last attempt to complain" would actually be your last attempt.