[liberationtech] Will this work, or just hype?

Sat Feb 12 19:27:58 PST 2011

All,

Ian, I completely agree. I denote these type of solutions more like 
"text messaging security for cheating" as that is really the level of 
security you obtain by it.

Anyhow who claims they can really delete text messages from phones 
securely are not very honest. ALL text message solutions use a basic 
infrastructure created by large corporations and in any region where you 
want activism that infrastructure is own by the bad elements you want to 
get rid of, influence or lobby.

There is unfortunately NO 100% secure version of text messaging. Working 
with that as a premise is dangerous and untrue to your end users.

Best,

Erik
--------------------------------------------
http://www.sundelof.com

Ian Young wrote:
> It took me a lot of digging to find even a hint of a technical 
> explanation, but buried in the FAQ is this:
> Q: What if I send a TigerText to someone who does not have TigerText 
> installed??
> A: The user will receive a message from TigerText that encourages them 
> to install the application...
>
> So they're going with the DRM-style approach, which is exactly as 
> secure as it always has been. This isn't to say that the service 
> doesn't have some utility; it protects you against a benign but 
> careless recipient losing their phone and exposing embarrassing 
> correspondence from you. And implemented right, it could protect you 
> against eavesdropping (assuming you trust TigerText themselves). But 
> selling a service on hype like "self-destructing text messages" 
> without any discussion of the limitations is disingenuous and 
> dangerous. To piggyback on the other discussion, outlandish claims 
> like these are a great argument for teaching security fundamentals to 
> non-security-minded people.
>
> Ian
>
> On Sat, Feb 12, 2011 at 1:28 PM, Yosem Companys <companys at stanford.edu 
> <mailto:companys at stanford.edu>> wrote:
> >
> > This Text Message Will Self Destruct In 60 Seconds
> >
> > By Mike Melanson / February 11, 2011 2:34 PM
> >
> > The self-destructing message, whether a piece of paper that 
> mystically disintegrates at the appropriate moment or the microfiche 
> that goes up in a poof of smoke, is a staple of any spy movie and a 
> childhood wish of my own. TigerText, a private SMS app, has made my 
> childhood dream a reality.
> >
> > The company, which has had a free app available, has brought this 
> spy-novel feature to the enterprise with this week's release of an 
> enterprise app.
> >
> > According to TechCrunch, the app lets users determine when and how 
> the messages are deleted.
> >
> > As we reported last year, TigerText's mobile apps allows users to 
> send text messages or photos that can then be deleted off both the 
> sender's and receiver's phone after a selected period of time. Once a 
> sender selects the message lifespan (from 1 minute up to 30 days), 
> expired messages are not only deleted from both phones, but are not 
> stored on any server and they cannot be retrieved once expired. Users 
> can also select a "Delete on Read" option, which will delete the text 
> 60 seconds after the recipient opens the message.
> >
> > The latest version of the app caters to businesses by allowing users 
> to perform a one-time login to authenticate with the company. 
> TigerText describes the app as "a cross-platform collaboration tool 
> for your organization that allows you to deploy your own private, 
> secure mobile network where your employees can safely communicate on 
> their existing mobile devices within your company."
> >
> > "Text messaging, just like email, can be used against your 
> organization," writes the company on its website. "If the messages no 
> longer exist, there is no risk of data breach or exposure."
> >
> > The app is available on iOS, Android and Blackberry platforms and 
> administrators can manage user settings from the Web. It enters an 
> increasingly crowded space, with apps 
> like Kik,Beluga and GroupMe entering the free message game, but this 
> one has that special spin for the security-minded.
> >
> > From what we can tell, however, the app is missing one huge feature 
> - the little whisp of smoke, wafting out the crack of your phone case 
> whenever a message is deleted.
> >
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu 
> <mailto:liberationtech at lists.stanford.edu>
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you 
> click above) next to "would you like to receive list mail batched in a 
> daily digest?"
> >
> > You will need the user name and password you receive from the list 
> moderator in monthly reminders.
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> > Please don't forget to follow us on 
> http://twitter.com/#!/Liberationtech 
> <http://twitter.com/#%21/Liberationtech>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>
> You will need the user name and password you receive from the list moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110212/718aa58f/attachment.html>