[liberationtech] Will this work, or just hype?

Leslie Wu lwu135 at gmail.com
Sun Feb 13 20:30:24 PST 2011 

I talked to someone who I think was the CTO of TigerText at Health 2.0 in SF
last quarter (they wanted our mobile health startup to use their technology)
and my impression was that the messaging was sent encrypted via the mobile
application and thus "secure SMS" really means SMS-like communication
through a mobile application (text messaging as a channel is not used, and
thus messaging is not stored as text messages IIRC).

That said, this definitely serves a need on the Health 2.0 side of things
due to the interpretation of HIPAA policies, and perhaps calls for an open
source equivalent that would be then available for Android / iPhone / mobile
web devices with graceful degradation to less secure text messaging.

~Leslie Wu, CS PhD[candidate]
http://graphics.stanford.edu/~lwu2/

On Sat, Feb 12, 2011 at 7:27 PM, Erik Sundelof <erik at sundelof.com> wrote:

>  All,
>
> Ian, I completely agree. I denote these type of solutions more like "text
> messaging security for cheating" as that is really the level of security you
> obtain by it.
>
> Anyhow who claims they can really delete text messages from phones securely
> are not very honest. ALL text message solutions use a basic infrastructure
> created by large corporations and in any region where you want activism that
> infrastructure is own by the bad elements you want to get rid of, influence
> or lobby.
>
> There is unfortunately NO 100% secure version of text messaging. Working
> with that as a premise is dangerous and untrue to your end users.
>
> Best,
>
> Erik
> --------------------------------------------
> http://www.sundelof.com
>
>
> Ian Young wrote:
>
> It took me a lot of digging to find even a hint of a technical explanation,
> but buried in the FAQ is this:
> Q: What if I send a TigerText to someone who does not have TigerText
> installed??
> A: The user will receive a message from TigerText that encourages them to
> install the application...
>
> So they're going with the DRM-style approach, which is exactly as secure as
> it always has been. This isn't to say that the service doesn't have some
> utility; it protects you against a benign but careless recipient losing
> their phone and exposing embarrassing correspondence from you. And
> implemented right, it could protect you against eavesdropping (assuming you
> trust TigerText themselves). But selling a service on hype like
> "self-destructing text messages" without any discussion of the limitations
> is disingenuous and dangerous. To piggyback on the other discussion,
> outlandish claims like these are a great argument for teaching security
> fundamentals to non-security-minded people.
>
> Ian
>
> On Sat, Feb 12, 2011 at 1:28 PM, Yosem Companys <companys at stanford.edu>
> wrote:
> >
> > This Text Message Will Self Destruct In 60 Seconds
> >
> > By Mike Melanson / February 11, 2011 2:34 PM
> >
> > The self-destructing message, whether a piece of paper that mystically
> disintegrates at the appropriate moment or the microfiche that goes up in a
> poof of smoke, is a staple of any spy movie and a childhood wish of my
> own. TigerText, a private SMS app, has made my childhood dream a reality.
> >
> > The company, which has had a free app available, has brought this
> spy-novel feature to the enterprise with this week's release of an
> enterprise app.
> >
> > According to TechCrunch, the app lets users determine when and how the
> messages are deleted.
> >
> > As we reported last year, TigerText's mobile apps allows users to send
> text messages or photos that can then be deleted off both the sender's and
> receiver's phone after a selected period of time. Once a sender selects the
> message lifespan (from 1 minute up to 30 days), expired messages are not
> only deleted from both phones, but are not stored on any server and they
> cannot be retrieved once expired. Users can also select a "Delete on Read"
> option, which will delete the text 60 seconds after the recipient opens the
> message.
> >
> > The latest version of the app caters to businesses by allowing users to
> perform a one-time login to authenticate with the company. TigerText
> describes the app as "a cross-platform collaboration tool for your
> organization that allows you to deploy your own private, secure mobile
> network where your employees can safely communicate on their existing mobile
> devices within your company."
> >
> > "Text messaging, just like email, can be used against your organization,"
> writes the company on its website. "If the messages no longer exist, there
> is no risk of data breach or exposure."
> >
> > The app is available on iOS, Android and Blackberry platforms and
> administrators can manage user settings from the Web. It enters an
> increasingly crowded space, with apps like Kik,Beluga and GroupMe entering
> the free message game, but this one has that special spin for the
> security-minded.
> >
> > From what we can tell, however, the app is missing one huge feature - the
> little whisp of smoke, wafting out the crack of your phone case whenever a
> message is deleted.
> >
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
> >
> > You will need the user name and password you receive from the list
> moderator in monthly reminders.
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
> ------------------------------
>
> _______________________________________________
> liberationtech mailing listliberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>
> You will need the user name and password you receive from the list moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110213/2451d193/attachment.html>

More information about the liberationtech mailing list