[liberationtech] Suggestions on low-tech, free secure mobile messaging app

Chris R Albon chris.albon at gmail.com
Sun Mar 10 16:41:51 PDT 2013 

Hey Louis,  

Others have done a good job making suggestions, particularly Jesse regarding the issues around SMS. Not to pile on but FrontlineSMS has published a guide on concerns around SMS. Given your focus on low tech options, it might be of interest.

Link: http://www.frontlinesms.com/user-resources/user-guide-data-integrity/

I am the Director of Governance Project at FrontlineSMS.  

Cheers!

Chris R. Albon
ChrisRAlbon.com (http://ChrisRAlbon.com)



On Sunday, March 10, 2013 at 5:25 PM, Jesse Young wrote:

> Hi Louis,
>  
> Telerivet is based on SMS, and while we do our best to transmit and store messages securely, it isn't intended to be used as a highly-secure messaging app. If you are looking for guaranteed end-to-end privacy, anything based on SMS is not a great option because the mobile networks could see your messages. Also, with Telerivet, messages are transmitted and stored on Telerivet's servers, and our code is closed-source.  
>  
> However, in situations where end-users don't have internet access (or installing an app on each phone isn't feasible), and where you don't need end-to-end cryptographic privacy guarantees, Telerivet may be a good option.  
>  
> (I'm the lead developer of Telerivet)
>  
> -Jesse
>  
> On Sun, Mar 10, 2013 at 1:54 PM, Louis Suárez-Potts <luispo at gmail.com (mailto:luispo at gmail.com)> wrote:
> > Sorry about the top post, but have you looked at Telerivet? <http://www.telerivet.com> It's active most in East Africa but the founders and company are located… near Stanford, California.
> >  
> > Stackoverflow has a good summary and discussion:
> > http://stackoverflow.com/questions/11291196/android-as-an-sms-gateway-for-integration-with-web-application
> >  
> > -louis
> >  
> >  
> > On 13-03-10, at 12:29 , Nathan of Guardian <nathan at guardianproject.info (mailto:nathan at guardianproject.info)> wrote:
> >  
> > > On 03/09/2013 04:17 PM, Alex Comninos wrote:
> > >> 1> Request opinions on the security of WhatsApp and Viber (I understand the
> > >> security of the previous has been discussed extensively on Libtech)
> > >
> > > They have reasonable network security from the app to the server (basic
> > > HTTPS / SSL), but NOT end-to-end security between you and the person you
> > > are communicating with. It is also unclear how well they validate their
> > > server's SSL certificate, so it might be possible for that traffic to be
> > > broken by a man-in-the-middle attack.
> > >
> > > Storage of message data locally on the device is in a relatively
> > > standard manner with all/most messages being logged by default, meaning
> > > it your message history can be easily extracted if the device is
> > > physically compromised, and possibly also by malware on the device
> > > (especially in the case of a rooted Android device).
> > >
> > >> 2> Request suggestions on secure mobile messaging apps. These apps s hould
> > >> not just run on Android and iPhone devices, but should also run on the most
> > >> basic and cheapest of internet enabled phones (feature phones or dumb
> > >> internet enabled phones, particularly Nokia and older versions of Symbian).
> > >> These apps must also be free and easy to use.
> > >
> > > Security on older Nokia and Symbian phones is a tricky subject,
> > > especially when you want interoperable security with Android and iPhone.
> > >
> > > There were some Java/J2ME "crypto SMS" implementations around in the
> > > past, but these have not been maintained. There definitely isn't
> > > something interoperable with open-standards like Off-the-Record
> > > Encryption, as far as I know. Based on some work towards a Blackberry
> > > OTR app, it seems like the necessary Java libraries for strong
> > > cryptography on J2ME
> > >
> > > The best that I can offer is Gibberbot, our app for Android, that can
> > > work just fine on really, really cheap Android phones (<$50 USD), and
> > > also works with ChatSecure on iPhone, and Pidgin desktop chat on
> > > Windows, Linux, and Adium on Mac. It also can work on slower networks
> > > like EDGE.
> > >
> > > https://guardianproject.info/howto/chatsecurely/
> > >
> > > Best of luck finding a solution that address all of your needs, and let
> > > us know how it goes. I am sorry we can't provide better support for
> > > these more limited devices.
> > >
> > > Best,
> > > Nathan
> > >
> > >
> > >
> > > --
> > > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu (mailto:companys at stanford.edu) or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >  
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu (mailto:companys at stanford.edu) or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>  
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130310/0e50bfde/attachment.html>

More information about the liberationtech mailing list