Closed punnie closed 9 years ago
d-3-n
commented
10 years ago @grooverboy "Use SMS if push doesn't work's not what he has described above. What he has described is the how TS currently works. Difference is that TS only checks sender's situation, and doesn't care about receiver's one.
oiceberg
commented
10 years ago @moxie0, maybe it be simple to say you'd like to "get rid of encrypted SMS support in the Android client as well. The world is moving towards data-based messaging, and SMS really limits our abilities", when you're from a world where data-based messaging is greater than SMS world. TextSecure is the only free software that allows the exchange of encrypted SMS.
When you say that "I'd prefer to remove SMS entirely rather than add more complexity", why don't subtract complexity? The algorithm followed by TS for sending SMS is much more complex than necessary. This thing of TS's A.I. choosing when sending SMS is absolutely unnecessary. IMHO much better would the sender has the option to choose itself what channel to use. Decrease the complexity is being requested, not increase.
I admire the work that you have developed and personally admire you. Even I'm a big promoter of TextSecure in Brazil. Anyway, I really would like the TS continue being an excellent software for sending encrypted SMS easilly, without that unclear trick to disconnect data before send the message to it be a SMS.
ei8fdb
commented
10 years ago On 24 May 2014, at 23:25, Moxie Marlinspike notifications@github.com wrote:
I actually think it's pretty simple: it tries to send a data message, and if it can't it sends an SMS. If you want, you can configure it not to send an SMS, or to ask you before sending the SMS.
To the extent that this is "complicated," it's that people want it to be complicated: they want it to send an SMS if the other person is not connected to data, or retry, or send an SMS if you've received an SMS within some timeout period. Or know that you're only connected to data on Tuesdays, or whatever. Personally, I'd prefer to remove SMS entirely rather than add more complexity, but those same people still won't be satisfied.
I think you’re being a bit unfair there Moxie. People want (and in some cases need) the push messaging but are unable to benefit from it.
What people want it to be is mirroring how they understand SMS (since that’s what it started out as) to work.
The majority of people have an idea of what happens when they send an SMS:
The user understands what different scenarios are possible.
It’s a model they have built due to (possibly) decades of using SMS.
If TextSecure is going to change that, it will cause them issues and, more than likely, affect user adoption.
Originally my personal opinion was I was against splitting TS into two applications (one for SMS and one for push messaging) as I thought it will also affect user adoption. This would require users to remember which of their contacts use what - secure push or SMS.
The user wants to communicate. That’s it. We can’t forget this.
If doing it securely requires extra steps, or requires them to think harder especially in a difficult situation, they will choose the insecure route. It’s proven.
However, if unified (horrible word...) encrypted SMS and push messaging is not possible in a single TS, then maybe they should be split ala SMS and WhatsApp, Telegram, etc..
If the case of the proposed iOS TS app not being able to read SMS, is it possible for the message originator to be made aware?
“Bob is using iOS and can’t receive encrypted SMS. We are sending him a push message. He’ll get it when he has a data connection"
(Obviously, not that wordy…but that idea)
As someone else mentioned people are slightly confused with how TS operates. I certainly am.
I think most people are more than willing to watch TS grow into and better and better application (as it will)
It also needs to allow them to fulfil their goal, which is to communicate with the people they want to communicate with, in a way that is acceptable to them.
I’ve tried for the past 3 week to get my sister (who uses iOS) to switch to ChatSecure and use Jabber. It works great when she has Internet and the app is open. Background delivery is not so hot.
Currently, my only alternative with her is Telegram. Again there is the extra step she will need to do, check if she has Internet connection, when she decides to send me a Telegram message.
If not, she then has to switch back to the unencrypted SMS client.
It would be f*^king awesome if it were possible to do it all in the one application, or even two which have been developed by you guys.
I hope none of this is taken in the wrong way. You guys are doing excellent work.
I just worry if TextSecure it to be taken to the general public and not just “smartphone rich western world” you need to be understanding of people’s real situations.
Thanks, Bernard
ei8fdb
commented
10 years ago On 24 May 2014, at 23:43, bungabunga notifications@github.com wrote:
sadly, SMS communication will remain the most robust way of quickly and surely getting information to people for some time in the future. so, why also not the most private way?
Absolutely.
while i know that this SMS/data issue is really giving you grey hair, please just consider the reality that we're living in and the need we have.
This. WhisperSystems are doing excellent USER centred design which just happens to be secure and privacy aware. Usable and secure!
Take that crypto people who say it’s not possible!
Seriously though, bungabunga (if that is your real name!) is right - we need to consider the large percentage of the world who are just getting cheap Huawei smartphones for the first time.
Data plans are improving in these parts of the world, but nothing near the (supposedly) always-on data connectivity of western world.
It would be a shame for them to continue to rely on insecure SMS run by a national mobile operator under the control of the government.
ei8fdb
commented
10 years ago On 24 May 2014, at 23:58, bungabunga notifications@github.com wrote:
but at this very point i think you're wrong. non-geeks would always think SMS fallback means "if she's 'offline' then she'll get it via SMS".
While I disagree with the wording you’ve used, the sentiment is totally correct.
One option to gather evidence: ask your users. Create a survey and send it around the Twitters/forums and ask people to send it to people who they know use TextSecure.
In there have some qualifying questions to get the right demographic of non-technical experts to answer.
moxie0
commented
10 years ago @bungabunga:
but at this very point i think you're wrong. non-geeks would always think SMS fallback means "if she's 'offline' then she'll get it via SMS".
This is difficult to implement. Worse, we're not going to be able to send encrypted SMS messages to iPhone users, so the UX will never be consistent. The users will have to know whether the person they're messaging uses an iPhone or not in order for them to set their expectation for what's supposed to happen.
@leandrosalvador:
when you're from a world where data-based messaging is greater than SMS world
There is very little consensus about this. Some say that SMS is the "cheap" option for most of the world, while others say that most of the world wants a data option because SMS is so expensive. I'm not sure if there's any objective measure, but I do know that WhatsApp has more users than any SMS app, that they push more messages per day than any telco, and that most of their users are not in the US. This makes me think that data is the future, not just for the global north, but for the global south as well.
IMHO much better would the sender has the option to choose itself what channel to use
That's a possibility.
@bernardATdiymut:
The user wants to communicate. That’s it. We can’t forget this.
I think it's slightly more complicated that. Users really do care about how their messages are delivered: the number one complaint in the app store for a while was that people were inadvertantly being charged money for sending SMS messages, when they thought they were sending data messages.
The UX that you outline is pretty complicated. Remember that there is no space for tooltips, dialogs, explanations, etc. We need to be thinking in terms of minimalist icons and colors. If people think TextSecure is too confusing today, this would put them into a coma.
d-3-n
commented
10 years ago @moxie0 "IMHO much better would the sender has the option to choose itself what channel to use"
Looking forward to the possibility. That would enable me for example to make some assumptions about is my friend/a colleague out of office, what in his country usually means no data connection, and give me ability to send sms. Or when I see in didn't receive any response, I could give it another try with sms. What's app may work well, and most users may be out side of the US, but that are still 'well developed' countries, or cities from Western Europe, or Asia. Also most of that people will not even consider TS, no matter how simple /good etc it is.
bungabunga
commented
10 years ago @moxie0:
This is difficult to implement. Worse, we're not going to be able to send encrypted SMS messages to iPhone users, so the UX will never be consistent. The users will have to know whether the person they're messaging uses an iPhone or not in order for them to set their expectation for what's supposed to happen.
i totally see your point. hm... what if we change the perspective of what is what in TextSecure a little bit...
A. what we have now:
B. your suggestion to make it clearer (because people don't really know what 'push' means):
C. different perspective on messages to avoid UI confusion:
so, with C. we only have two categories - TextSecure = encrypted (whatever the channel) or SMS/MMS = unencrypted, and all the "magic" is still happening in the backgroud:
so the sender will not need to know/care if the receiver is on iOS or Android, he would just know that TextSecure means encrypted and that both sides need to have TextSecure app installed to communicate privately. and after installing TextSecure on his phone, he'd get warning to opt-out SMS/MMS fallback to avoid additional charges.
but the the SMS/MMS-fallback timeout is still desired with this scenario.
oiceberg
commented
10 years ago @moxie, thanks for your response! WhatsApp has that logic in which we write dozens of posts knowing that they will only be delivered when (i) I get online to send and (ii) when my friend comes online to receive. The dynamics of WA is faster, almost a real time online super fast chat. SMS has that other logic in which we write synthetic posts, less "frenetic" mode, focusing on immediate delivery, almost like a short but very fast telegram which is independent of data coverage. Newbies know this and, from this differences, choose to send out a WA or a SMS. When much of humanity be using 4G and get 24/7 online, then SMS will be really nonsense. Until there, SMS is the only one technology that ensures immediately deliver a message. Without the advancements made by TS's crypto, SMS messages would again be insecure. Again, thanks for listening and for all your effort! =)
georg-h
commented
10 years ago @bungabunga I guess this might be still to complex.
as @moxie0 said that this could a possibility...
"IMHO much better would the sender has the option to choose itself what channel to use"
That's a possibility.
I would remove the fallback functionality and let the user set his preferences at 3 different level:
1. for the app in general: all 3 choices (push [data|whisper see https://github.com/WhisperSystems/TextSecure/issues/1139] | encrypted sms | unencrypted sms )
note to unencrypted sms as choice: I guess there might be people that have (currently) more contacts outside the TextSecure world so this would prevent them from setting most of their conversions to an exceptional choice (see below)
2. for each contact/conversation (same choices as above)
3. for each message (as manual fallback) similiar to https://github.com/WhisperSystems/TextSecure/pull/1116
special cases:
Example 1: I want to use Textsecure preferential as WA-alternative so I select push as preference for the application. As I know that Bob doesn't have a data plan I set his conversation to preference un-encrypted SMS. When Bob starts using TS TS will offer me to level up to encrypted SMS .
Example 2: One lives in Brazil where SMS is cheap and data expensive: He selects unencrypted SMS or encrypted SMS as preference for the app depending on how many contacts using TextSecure he has. When TS recognizes a TS client on the other side it will offer to switch to encrypted SMS. For conversations with contacts outside Brazil he might select Push as preference.
So all variations are posible and it's just up to the user to decide what he prefers. TS supports the user if some channels aren't available due iOS or if he could switch to a more secure channel.
this could solve: https://github.com/WhisperSystems/TextSecure/issues/1527 https://github.com/WhisperSystems/TextSecure/issues/845 https://github.com/WhisperSystems/TextSecure/issues/1253 https://github.com/WhisperSystems/TextSecure/issues/1376 https://github.com/WhisperSystems/TextSecure/issues/919 and maybe some others too
jocelynthode
commented
10 years ago Yeah this one too maybe : https://github.com/WhisperSystems/TextSecure/issues/1441
fawkesley
commented
10 years ago Fascinating discussion. I personally support @moxie0's view of removing SMS altogether to simplify many aspects such as group chat and sending images (which only work on PUSH).
I'm struggling to explain the two channels to my non-tech family - why the different colours, why do some things work some times and not others. They totally grasp the idea of having a data connection, but it's very weird for them that it can work (differently) on two channels.
For the benefit of the masses (who already understand the need for a data connection in WhatsApp, Facebook chat, Email, etc) I think it simple & consistent should win in the end.
Going one step at a time, it seems to me the core of the problem at the moment is the uncertainty of not having "delivered" feedback while on PUSH. Implementing that would relieve a lot of the pain felt currently, I think.
Keep up the good work everyone.
oiceberg
commented
10 years ago @paulfurley, certainly remove the SMS from TextSecure is a great alternative for those who do not need to use SMS. When everyone in the world be using 4G and, consequently, with the data channel activated 24/7, will not really make any sense to any reasonable person send a SMS (then a jurassic technology). Until then, unfortunately SMS will still remain the most reliable and deliverable channel.
There is no problem with SMS at TS nowadays, except for the fact that it is impossible to send a SMS if the mobile is with the data channel online. The other face of the same problem, is that it is impossible to send (pending) a DATA if the mobile is with the data channel offline. In addition, there is the question about only SMS have delivered feedback, but DATA don't.
DavidNiehues
commented
10 years ago I agree with @leandrosalvador. Removing SMS from TS would make TextSecure for me (and I think many others) less attractive. I just have a few people in my circle of friends using TS (even though I'm always trying to convince others to use it). Therefore, if SMS would be removed from TS it would be just one more alternative messenger. In the moment it's a great replacement for the default SMS-app. Furthermore it's a good point in discussions with my family and friends, why they should use TS.
I agree that there has to be done something to enhance the usability and that removing SMS would make it much easier. But I think it would make TS much less attractive from a perspective of functionality. I would at least leave the option to use TS for SMS, even though it would be disabled by default.
oiceberg
commented
10 years ago Besides, IMHO, while SMS client, the TextSecure has no competitors in the apps' market and is highly competitive, inclusive, because it offers the possibility to exchange normal and encrypted SMS. While messenger, as everyone knows, the TextSecure has strong competitors like WhatsApp, Telegram, Facebook Messenger, Hangouts, etc. In the world of encrypted SMS TextSecure sails alone and wins stroke, which makes this entryway probably the best interface to put TextSecure in the cell of regular users, maybe as default SMS app.
peti
commented
10 years ago I keep the data channel disabled as much as I can simply because I don't want to give my phone the opportunity to leak sensitive information 24/7!
nanocat-net
commented
10 years ago On 10 Jun 2014, at 23:26, Peter Simons notifications@github.com wrote:
I keep the data channel disabled as much as I can simply because I don't want to give my phone the opportunity to leak sensitive information 24/7!
Damn good advice, that.
Nick
MiyagiSan
commented
9 years ago TextSecure is a tool for communicating privately over the communications channels it supports - be it data or SMS/MMS. Those channels have different characteristics and it is difficult to cater to the expectations of those uninformed of the differences between the two channels.
I don't think dumping SMS is an optimal solution. What about [superficially] separating SMS from the IM/VoIP (thinking ahead to Signal) by default?. The TextSecure app can define indepent actitivities, each with their own icons in the app drawer. One activity would essentially be the secure SMS client replacement, another the secure IM client a la WhatsApp/iMessage. It mimics what most users are familiar with but, since it is a single application, we can make harder things possible for the more discerning user.
Now, both apps (independent activities really) can have settings that allow power users to:
And I think the BBM/WhatsApp-like indicator for sent/received/read status of messages is needed (with option to opt out of sending read receipts globally/per-contact/group too).
DavidNiehues
commented
9 years ago Sorry, but according to the development idiology "there are no power users". See contributing.md . Therefore we will need to find another solution.
Concerning the delivery receipts. It is in work. There is already the pull request #1745 implementing it. Even though there hasn't been any progression since the 2nd of august (according to the pr).
MiyagiSan
commented
9 years ago Thanks. Hadn't read that document. I have now.
MODIFICATION OF PREVIOUS COMMENT:
TextSecure is a tool for communicating privately over the communications channels it supports - be it data or SMS/MMS. Those channels have different characteristics and it is difficult to cater to the expectations of those uninformed of the differences between the two channels.
I don't think dumping SMS is an optimal solution. What about [superficially] separating SMS from the IM/VoIP (thinking ahead to Signal) by default?. The TextSecure app can define indepent actitivities, each with their own icons in the app drawer. One activity would essentially be the secure SMS client replacement, another the secure IM client a la WhatsApp/iMessage.
This separation of concerns mimics what most users are already familiar with but, since it is a single application, we can make the experience better for all users by choosing sensible default behaviour.
Now, the question of channel fallback behaviour is moot as both apps (independent activities really) essentially represent a single channel and users have no expectation of fallback behaviour.
This solution depends on the availability of the BBM/WhatsApp-like indicator for sent/received/read status of messages (with the option to opt out of TS sending read receipts for messages globally/per-contact/per-contact-group). The message status allows users to make informed decisions about when/if to resend messages on another channel - a long-press on pending messages could offer the option to resend on another channel.
paulmcauley
commented
9 years ago Moxie, I think you are trying make it unnecessarily complicated with the iOS obsession. Would an easy solution, for the iOS issue of not being able to encrypt SMS messages, not simply be to set a flag in the directory stating that encrypted SMS is not supported for the user if they register on an iOS device? Re-register on an Android device and the flag is unset again. This then is handled automatically in fallback-mode with a confirmation to send an unencrypted SMS to an iOS user.
Remember also that iOS has minuscule (and dropping) phone market share in most countries outside the USA. Transparent SMS replacement is far more key to global market adoption than iOS support ever will be. You should not sabotage the potential of such an excellent project just due to Apple's inferior OS. This could be seen as transitional, and if Apple gets enough complaints over time, and more developer freedom is granted, then this could be eventually removed, or nevertheless made redundant as IP data networks become dominant in several decades to come (and yes, it will take DECADES for this to happen as it is a pipe-dream to think that people like elderly relatives who just want a phone for calling and texting will have data tariffs; many people also rely on data-unfriendly 2G networks to get any signal at all).
paulmcauley
commented
9 years ago ... as for some of my more lengthly general thoughts which largely repeat which some others have said ("my 2 cents" as you Americans would call it)...
Without proper SMS-fallback I see no point in using TextSecure at all. I have just removed it from 5 of my relatives' phones after many complaints concerning unreceived messages with immediate urgency, and even I was surprised that this did not work as I assumed it was advertised as a transparent SMS replacement. Remember, data access is not reliable with many people relying on 2G networks, and most of my relatives do not have data plans and use smartphone data only on Wi-Fi. Unlike in the USA, in most of the rest of the world SMS is expected to be reliable and does not cost to receive, and non-Wifi data is generally more expensive for users on basic phone tarrifs like my elderly relatives who only really use the phone for calls and texts. Even those people who do use WhatsApp etc. still have the hassle of having to know when to use it (only with specific contacts and many use it only when at home on WiFi) and when to use SMS. I thought TextSecure removed that hassle (obviously not) and is why I mistakenly recommended it over Telegram etc., and if you removed SMS support you would be sabotaging the whole project in a very short-sighted manner. There is simply no point in having encryption if it adds the hassle of having to confusingly use multiple messaging applications for different people. (which most of the lazy masses won't bother having, giving you even less point for secure messaging if you have no-one to send a message to in the first place!) Separating the app into two, as some have suggested above, removes the only unique selling point that [I thought] TextSecure [could have] had to propel it to ubiquity.
Moxie, you said it yourself, the solution IS extremely simple: "I actually think it's pretty simple: it tries to send a data message, and if it can't it sends an SMS. If you want, you can configure it not to send an SMS, or to ask you before sending the SMS."
As is the iOS problem: see my post above.
This isn't complicated for non-techy people to understand at all. All you need to tell them to sell it is "if both users have a data connection then it lets you send messages for free, otherwise it sends an SMS automagically, without needing to care which application you use or who you are sending to". "Added security" should be emphasised to non-techy people in this TRANSITIONAL period only as a side-benefit. They get the added benefit of added security most of the time without caring (and frankly, the truth is most people don't care about encryption or if their messages are being intercepted, but encryption much of the time is better for them than none at all), and as adoption increases and mobile networks are upgraded in the decades to come it naturally becomes universal. Only the more security-concious minority of us will be interested in knowing what the padlocks mean in this transition-period, but us more security-concious are also the people who make the recommendations to others.
I would far rather WhisperPush/TextSecure became a universal messaging solution, than Google Hangouts, but it seems likely that the latter non-secure solution in dominant Google control is what will happen if the full potential early market advantage for SMS replacement is not capitalised upon.
MiyagiSan
commented
9 years ago Without proper SMS-fallback I see no point in using TextSecure at all.
This kind of statement is overly dramatic. TextSecure's value - even if the SMS and data channels are entirely separate - is the ability to keep the content of messages private.
I have just removed it from 5 of my relatives' phones after many complaints concerning unreceived messages with immediate urgency, and even I was surprised that this did not work as I assumed it was advertised as a transparent SMS replacement.
If @moxie0 had released TextSecure v2 as described in my second comment (i.e. explicitly with no SMS fallback so you had no such expectation), would you have had the problems you described? If yes, how?
Even those people who do use WhatsApp etc. still have the hassle of having to know when to use it (only with specific contacts and many use it only when at home on WiFi) and when to use SMS. I thought TextSecure removed that hassle (obviously not) and is why I mistakenly recommended it over Telegram etc., and if you removed SMS support you would be sabotaging the whole project in a very short-sighted manner.
How would Telegram have handled this better? It has extremely questionable encryption and no SMS support.
Recommending TextSecure over Telegram is not a mistake (as long as both apps work as advertised).
There is simply no point in having encryption if it adds the hassle of having to confusingly use multiple messaging applications for different people. (which most of the lazy masses won't bother having, giving you even less point for secure messaging if you have no-one to send a message to in the first place!) Separating the app into two, as some have suggested above, removes the only unique selling point that [I thought] TextSecure [could have] had to propel it to ubiquity.
The point of encryption is privacy. If you send a message via SMS or data channel, TextSecure can ensure either is encrypted. Job done - your text is secured. SMS fallback is a convenience.
The superficial separation into two apps is useful even if SMS fallback is properly implemented.
I would far rather WhisperPush/TextSecure became a universal messaging solution, than Google Hangouts, but it seems likely that the latter non-secure solution in dominant Google control is what will happen if the full potential early market advantage for SMS replacement is not capitalised upon.
TextSecure without SMS would be a retrograde step because SMS message content needs privacy protection too. But we shouldn't forget that SMS fallback is but a convenience.
For the record, I would rather have SMS-fallback as described in my 2014-09-26 post. My later post simply recognises that @moxie0 is TextSecure's benevolent dictator and can't be ignored. Better a solution that keeps SMS support in TextSecure than not have SMS at all.
oiceberg
commented
9 years ago Buddies, it's less a technical choice than a political choice. For those who SMS is not useful, it's normal be ok with the alternative of not support encrypted SMS. This is an English spoken community, and I don't imagine that we here are representative of the world, specially the African, South American, East Europe and Asia citizens who uses cell phones. It's acceptable to whose has 3G and 4G in abundance, has a perception about SMS different of who lives in places where SMS is the main way. Political choice, not technical. Regards!
(Enviado via Linux Android.)
MiyagiSan
commented
9 years ago Buddies, it's less a technical choice than a political choice.
Yes it is mostly political. Hence my comment about O ditador benevolente...
If a pull request for SMS fallback is produced, he (i.e. @moxie0) still gets to decide whether to accept and merge it.
paulmcauley
commented
9 years ago Without proper SMS-fallback I see no point in using TextSecure at all.
This kind of statement is overly dramatic. TextSecure's value - even if the SMS and data channels are entirely separate - is the ability to keep the content of messages private.
My use of the word "I" was referring to mainly my personal usage, rather than my opinion of an all-encompassing universal statement that an IM client would be completely useless to all. I see no use case for a mere IM client for my own personal usage, nor for many other people. IM is less useful as you require the other person to be online, which is fine for urban-dwelling teenagers and hipsters, but with most other people there isn't a chance of getting them to communicate in this way. SMS can be used in cases more urgent than email, and less urgent than a phone call, but still essentially guarantees the delivery of the message. Combine it with free SMS tarrifs or IP-based messaging as we are requesting is done properly here, then you can dynamically adapt between a less-urgent SMS-type less urgent usage and more instant conversation-like usage depending upon how quickly you receive a reply.
Having said that, on most of the cheaper tariffs most people around the world don't actually get free SMS messages, but use it primarily because it is reliable and can be used with less immediacy -- this is what Moxie is ignoring in his interpretation of WhatsApp statistics -- if you get messaging for free then you naturally send more messages, but make it reliable and without the need for immediacy/data access and even more will be sent.
Therefore, given I personally don't have a big use case for a mere IM client, there would have been nothing that would have enticed either TextSecure or Telegram to me, and nothing which makes one distinguishable from the other.
If @moxie0 had released TextSecure v2 as described in my second comment (i.e. explicitly with no SMS fallback so you had no such expectation), would you have had the problems you described? If yes, how?
If @moxie0 had released TextSecure v2 as described in my second comment (i.e. explicitly with no SMS fallback so you had no such expectation), would you have had the problems you described? If yes, how?
Yes. As described above, I simply wouldn't use it (or any of its equivalents) at all. People I know don't want the hassle of needing to know when they have a data connection or not. They simply won't use something that doesn't have reliable 24/7 communication, especially in the less urban areas which my acquaintances live and in which I commute through.
How would Telegram have handled this better? It has extremely questionable encryption and no SMS support.
Recommending TextSecure over Telegram is not a mistake (as long as both apps work as advertised).
Telegram wouldn't have handled this any better, and actually wouldn't have used it either. There is little that would make TextSecure stand out to me to use it above the other. In fact, given how I now know that TextSecure misleads over this SMS issue then indeed that makes it less desirable. If you want to push universal secure messaging then you need market adoption, and if there is no killer feature that makes TextSecure stand out above and beyond the competition to be noticeable then that dream of universal standardised security will remain nothing more than fantasy.
The point of encryption is privacy. If you send a message via SMS or data channel, TextSecure can ensure either is encrypted. Job done - your text is secured. SMS fallback is a convenience.
Yes, that is useful, but not as much if its reliability and convenience prevents adoption and the critical mass needed for far better and more universal privacy. In fact, a low market adoption may reduce your privacy by making your innocent-but-private communication look more suspicious to a surveillance agency.
paulmcauley
commented
9 years ago Buddies, it's less a technical choice than a political choice. For those who SMS is not useful, it's normal be ok with the alternative of not support encrypted SMS. This is an English spoken community, and I don't imagine that we here are representative of the world, specially the African, South American, East Europe and Asia citizens who uses cell phones. It's acceptable to whose has 3G and 4G in abundance, has a perception about SMS different of who lives in places where SMS is the main way. Political choice, not technical. Regards! (Enviado via Linux Android.)
Yes, it is political, but I don't think it is so much in the national / international way in which you imply.
Rather, I would see this as more of an urban vs. rural difference in outlook. I don't know much about Moxie, but see he has San Francisco on his profile. It reminds me more of similar criticisms levelled at Bay Area Google-employees with constant data connections on their transit to their workplace at Mountain View, designing "cloud"-only access to their services (e.g. Google Drive instead of storage expansion in phones, early versions of ChromeOS without offline applications) to suit their own personal lifestyles, forgetting to look outside the Bay Area tech-employee hipster bubble.
Personally am in the UK, which is an English-speaking country with high population density with 3G HSPA+ in most towns and 4G LTE being rolled out to larger cities more than many other countries. I have HSPA+ access at my suburban home, but if I commute to essentially anywhere else, for much of the journey my signal will drop back to an unreliable 2G GSM/GPRS/EDGE signal making constant data connections infeasible. I am not even in the habit of having "mobile data" turned on in my Android phone's data settings, as for most of my commuting it is pointless; I have a small data allowance on my pre-pay tariff, yet do not feel that in my circumstances it is a worthwhile investment for me to have a more comprehensive data tariff. Most people I know use mobile data even less than I do, with many in the habit of having mobile data just turned off always and only using their more smartphone features while at home on WiFi.
Heck, even if I went to one of the most connected places on earth like to the centre of London, I would still lose mobile signal commuting on the London underground! Last time I took a trip to San Francsco (nice city Moxie!) I remember there being underground/subway sections on the BART, and remember taking a trip to Half Moon Bay and Napa Valley where my signal dropped down to unreliable 2G too! Given the vast expanse of the USA, this is hardly uncommon, and doubt the Bay Area bubble is particularly representative of our US-American friends either.
MiyagiSan
commented
9 years ago My use of the word "I" was referring to mainly my personal usage, rather than my opinion of an all-encompassing universal statement that an IM client would be completely useless to all.
OK. My bad. It seems many other people don't consider the privacy that Texsecure's encryption affords to be it's killer feature.
If @moxie0 had released TextSecure v2 as described in my second comment (i.e. explicitly with no SMS fallback so you had no such expectation), would you have had the problems you described? If yes, how?
Yes. As described above, I simply wouldn't use it (or any of its equivalents) at all. People I know don't want the hassle of needing to know when they have a data connection or not. They simply won't use something that doesn't have reliable 24/7 communication, especially in the less urban areas which my acquaintances live and in which I commute through.
This, I don't understand.
My second comment described a version of TextSecure with [superficially] separate apps for SMS and data. Using the SMS app would have mimicked what you were already doing with TextSecure v1.
One simply ignores the IM app if it serves no purpose for one's use case.
Telegram wouldn't have handled this any better, and actually wouldn't have used it either. There is little that would make TextSecure stand out to me to use it above the other.
Not even better encryption versus Telegram's snake oil?
paulmcauley
commented
9 years ago Yes. As described above, I simply wouldn't use it (or any of its equivalents) at all. People I know don't want the hassle of needing to know when they have a data connection or not. They simply won't use something that doesn't have reliable 24/7 communication, especially in the less urban areas which my acquaintances live and in which I commute through.
This, I don't understand.
My second comment described a version of TextSecure with [superficially] separate apps for SMS and data. Using the SMS app would have mimicked what you were already doing with TextSecure v1.
One simply ignores the IM app if it serves no purpose for one's use case.
Yes, I think free (gratis) IP-based messaging is actually the killer feature for more people than "security" ever will be -- that is the harsh truth. That includes myself, and I want gratis messaging instead of having to pay for SMS, especially since even to get security I would also have to convince other people to use it too even for that slight security benefit -- so few others will install it that the benefit of excellent encryption is minuscule for the average joe! I primarily WANT the graits IP-based messaging, but if it is not also reliable like SMS, and requires me (and every acquaintance I know) to think about who has it installed and who hasn't, then to me and many others it is more hassle than it is worth. Tell my technophobic happy-go-lucky nothing-to-hide acquaintances that you can get FREE (gratis) messages in the same app as for your SMS, and no more hassle or complication when communicating with anyone who doesn't install it, then the dumb masses will jump on it and have the extra security forced on them as a bonus. Though, as I've said already, time is of the essence here -- if another sans-encryption messaging app does good universal SMS/IP integration better, then the dumb couldn't-care-less-about-how-it-works masses will make it dominate; this is why I think this issue should be the No 1 priority for TextSecure, as most people out there will simply not go out of their way for "security".
Not even better encryption versus Telegram's snake oil?
As I have said already, I'm not that impressed by Telegram either. It has the same hassle factor of having to convince other people to use it, the added hassle of having to think who is using Telegram and who is not before sending a message, and the same added hassle of poor reliability with both parties having to have an IP-based data connection at that instant. The benefits of TextSecure over this are so minimal at present, and suffer from so many of the same flaws, that I might as well just stick to using normal SMS.
MiyagiSan
commented
9 years ago Yes, I think free (gratis) IP-based messaging is actually the killer feature for more people than "security" ever will be -- that is the harsh truth.
Sadly, I have to concede this point.
Diapolo
commented
9 years ago Sorry, but for me (and a friend of mine) THE killer feature is, that this supports end-to-end encrypted SMS + encrypted local storage. I don't even use TextSecure over data! It would be disturbing, if that feature get's removed.
fawkesley
commented
9 years ago I've (narrowly) convinced friends and family to stick with TextSecure by getting them to turn off PUSH so we're all using SMS only. It's predictable, reliable and frankly pretty awesome like this. (Except that now it nags us all to turn on PUSH every time we reboot)
I said previously that we should drop SMS. After reading the extensive discussion I believe the better solution is to split the app.
devurandom
commented
9 years ago I said previously that we should drop SMS. After reading the extensive discussion I believe the better solution is to split the app.
The arrival of Signal for Android might be a good time for this.
However, I do like the ability of TextSecure to fallback to SMS in case of connection loss. With arrival of message receipts this could become actually usable (as it would give a clear indication whether the message can currently be send via data or not), and just needs a little bit of UI work (see e.g. #2015).
Diapolo
commented
9 years ago If this looses SMS encryption it's rendered another worthless app for me... sad but true.
paulmcauley
commented
9 years ago However, I do like the ability of TextSecure to fallback to SMS in case of connection loss. With arrival of message receipts this could become actually usable (as it would give a clear indication whether the message can currently be send via data or not), and just needs a little bit of UI work (see e.g. #2015).
Exactly. Splitting the app would be simply admitting that the developers are not competent enough to be capable of getting PUSH and SMS to work together seamlessly. Given what they have accomplished so far, I find that hard to believe, and would simply be a disappointing destruction of all potential that this app ever had, almost as if the developers didn't want it to be adopted by the mass market (though I'm sure the mass market not adopting it would be preferable to certain surveillance agencies).
If you combine properly and seamlessly the cost-effectiveness of PUSH with fall-back reliability and standards-compliant backwards-compatibility of SMS then you have a winning solution that has mass-market potential. Leave out any part of that equation and you won't disrupt what is out there already in the slightest. Encryption alone will never sell to the masses -- some of you encryption geeks may be happy in communicating in this way only with yourselves (and maybe a few others that you had to aggressively pester into converting, remembering who you converted and who you did not) but I am not, and find that a depressing lack of ambition.
Tried this with a friend:
Shouldn't the SMS fallback be kicking in in this type of situations? Is this expected behaviour? Wouldn't it be better if TextSecure noticed friend is offline and prompted me if I wanted to send an (presumably) instant SMS instead?
Cheers.