[liberationtech] Suggestions on low-tech, free secure mobile messaging app

Louis Suárez-Potts luispo at gmail.com
Sun Mar 10 14:32:28 PDT 2013 

On 13-03-10, at 17:25 , Jesse Young <youngj at cs.stanford.edu> wrote:

> Hi Louis,
> 
> Telerivet is based on SMS, and while we do our best to transmit and store messages securely, it isn't intended to be used as a highly-secure messaging app. If you are looking for guaranteed end-to-end privacy, anything based on SMS is not a great option because the mobile networks could see your messages. Also, with Telerivet, messages are transmitted and stored on Telerivet's servers, and our code is closed-source.
> 

Yes, I know; however, was hoping that, as you point out below, there could be an option to use Telerivet in some combination with other apps; that was one reason I pointed people to the Stackoverflow page. 

(I didn't know, but ought to have guessed, that you were on this list. Thanks for replying as you have and explaining the situation further. We have, btw, spoken via Skype not too long ago. )


> However, in situations where end-users don't have internet access (or installing an app on each phone isn't feasible), and where you don't need end-to-end cryptographic privacy guarantees, Telerivet may be a good option.
> 
> (I'm the lead developer of Telerivet)
> 
> -Jesse

-louis

> 
> On Sun, Mar 10, 2013 at 1:54 PM, Louis Suárez-Potts <luispo at gmail.com> wrote:
> Sorry about the top post, but have you looked at Telerivet? <http://www.telerivet.com> It's active most in East Africa but the founders and company are located… near Stanford, California.
> 
> Stackoverflow has a good summary and discussion:
> http://stackoverflow.com/questions/11291196/android-as-an-sms-gateway-for-integration-with-web-application
> 
> -louis
> 
> 
> On 13-03-10, at 12:29 , Nathan of Guardian <nathan at guardianproject.info> wrote:
> 
> > On 03/09/2013 04:17 PM, Alex Comninos wrote:
> >> 1> Request opinions on the security of WhatsApp and Viber (I understand the
> >> security of the previous has been discussed extensively on Libtech)
> >
> > They have reasonable network security from the app to the server (basic
> > HTTPS / SSL), but NOT end-to-end security between you and the person you
> > are communicating with. It is also unclear how well they validate their
> > server's SSL certificate, so it might be possible for that traffic to be
> > broken by a man-in-the-middle attack.
> >
> > Storage of message data locally on the device is in a relatively
> > standard manner with all/most messages being logged by default, meaning
> > it your message history can be easily extracted if the device is
> > physically compromised, and possibly also by malware on the device
> > (especially in the case of a rooted Android device).
> >
> >> 2> Request suggestions on secure mobile messaging apps. These apps s hould
> >> not just run on Android and iPhone devices, but should also run on the most
> >> basic and cheapest of internet enabled phones (feature phones or dumb
> >> internet enabled phones, particularly Nokia and older versions of Symbian).
> >> These apps must also be free and easy to use.
> >
> > Security on older Nokia and Symbian phones is a tricky subject,
> > especially when you want interoperable security with Android and iPhone.
> >
> > There were some Java/J2ME "crypto SMS" implementations around in the
> > past, but these have not been maintained. There definitely isn't
> > something interoperable with open-standards like Off-the-Record
> > Encryption, as far as I know. Based on some work towards a Blackberry
> > OTR app, it seems like the necessary Java libraries for strong
> > cryptography on J2ME
> >
> > The best that I can offer is Gibberbot, our app for Android, that can
> > work just fine on really, really cheap Android phones (<$50 USD), and
> > also works with ChatSecure on iPhone, and Pidgin desktop chat on
> > Windows, Linux, and Adium on Mac. It also can work on slower networks
> > like EDGE.
> >
> > https://guardianproject.info/howto/chatsecurely/
> >
> > Best of luck finding a solution that address all of your needs, and let
> > us know how it goes. I am sorry we can't provide better support for
> > these more limited devices.
> >
> > Best,
> > Nathan
> >
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list