[liberationtech] Suggestions on low-tech, free secure mobile messaging app

Louis Suárez-Potts luispo at gmail.com
Sun Mar 10 18:19:51 PDT 2013 

Hi Chris, et al.,

On 13-03-10, at 19:41 , Chris R Albon <chris.albon at gmail.com> wrote:

> Hey Louis,
> 
> Others have done a good job making suggestions, particularly Jesse regarding the issues around SMS. Not to pile on but FrontlineSMS has published a guide on concerns around SMS. Given your focus on low tech options, it might be of interest.

Indeed, it is, and even more so now that you directly pointed me to it. I had originally posted b/c I knew about Telerivet and liked the company, tech., and model. I had done some research on low-tech and communication systems (LTCS?) but I really appreciate your intervention here. It's useful.

I particularly like the section in your About page:

"We believe in giving people ownership of the tools they need to change their world for the better. Our textable \o/ logo represents a person with their arms outstretched – a manifestation of our mission to empower people to use their own ingenuity to craft solutions and create positive change in their own communities using mobile technology."

Quite.

The nice & good thing about open source is that it can do what your copy states: empower. The more difficult point, as you probably know, is moving people to the realization that, yes, they can indeed do X with these tools—perhaps the major step toward any degree of empowerment. 


> 
> Link: http://www.frontlinesms.com/user-resources/user-guide-data-integrity/
> 
> I am the Director of Governance Project at FrontlineSMS.
> 
> Cheers!
> 
> Chris R. Albon
> ChrisRAlbon.com

Thanks
Louis
(Former Community Manager, OpenOffice.org, now on PMC for Apache OpenOffice.)


> On Sunday, March 10, 2013 at 5:25 PM, Jesse Young wrote:
> 
>> Hi Louis,
>> 
>> Telerivet is based on SMS, and while we do our best to transmit and store messages securely, it isn't intended to be used as a highly-secure messaging app. If you are looking for guaranteed end-to-end privacy, anything based on SMS is not a great option because the mobile networks could see your messages. Also, with Telerivet, messages are transmitted and stored on Telerivet's servers, and our code is closed-source.
>> 
>> However, in situations where end-users don't have internet access (or installing an app on each phone isn't feasible), and where you don't need end-to-end cryptographic privacy guarantees, Telerivet may be a good option.
>> 
>> (I'm the lead developer of Telerivet)
>> 
>> -Jesse
>> 
>> On Sun, Mar 10, 2013 at 1:54 PM, Louis Suárez-Potts <luispo at gmail.com> wrote:
>>> Sorry about the top post, but have you looked at Telerivet? <http://www.telerivet.com> It's active most in East Africa but the founders and company are located… near Stanford, California.
>>> 
>>> Stackoverflow has a good summary and discussion:
>>> http://stackoverflow.com/questions/11291196/android-as-an-sms-gateway-for-integration-with-web-application
>>> 
>>> -louis
>>> 
>>> 
>>> On 13-03-10, at 12:29 , Nathan of Guardian <nathan at guardianproject.info> wrote:
>>> 
>>> > On 03/09/2013 04:17 PM, Alex Comninos wrote:
>>> >> 1> Request opinions on the security of WhatsApp and Viber (I understand the
>>> >> security of the previous has been discussed extensively on Libtech)
>>> >
>>> > They have reasonable network security from the app to the server (basic
>>> > HTTPS / SSL), but NOT end-to-end security between you and the person you
>>> > are communicating with. It is also unclear how well they validate their
>>> > server's SSL certificate, so it might be possible for that traffic to be
>>> > broken by a man-in-the-middle attack.
>>> >
>>> > Storage of message data locally on the device is in a relatively
>>> > standard manner with all/most messages being logged by default, meaning
>>> > it your message history can be easily extracted if the device is
>>> > physically compromised, and possibly also by malware on the device
>>> > (especially in the case of a rooted Android device).
>>> >
>>> >> 2> Request suggestions on secure mobile messaging apps. These apps s hould
>>> >> not just run on Android and iPhone devices, but should also run on the most
>>> >> basic and cheapest of internet enabled phones (feature phones or dumb
>>> >> internet enabled phones, particularly Nokia and older versions of Symbian).
>>> >> These apps must also be free and easy to use.
>>> >
>>> > Security on older Nokia and Symbian phones is a tricky subject,
>>> > especially when you want interoperable security with Android and iPhone.
>>> >
>>> > There were some Java/J2ME "crypto SMS" implementations around in the
>>> > past, but these have not been maintained. There definitely isn't
>>> > something interoperable with open-standards like Off-the-Record
>>> > Encryption, as far as I know. Based on some work towards a Blackberry
>>> > OTR app, it seems like the necessary Java libraries for strong
>>> > cryptography on J2ME
>>> >
>>> > The best that I can offer is Gibberbot, our app for Android, that can
>>> > work just fine on really, really cheap Android phones (<$50 USD), and
>>> > also works with ChatSecure on iPhone, and Pidgin desktop chat on
>>> > Windows, Linux, and Adium on Mac. It also can work on slower networks
>>> > like EDGE.
>>> >
>>> > https://guardianproject.info/howto/chatsecurely/
>>> >
>>> > Best of luck finding a solution that address all of your needs, and let
>>> > us know how it goes. I am sorry we can't provide better support for
>>> > these more limited devices.
>>> >
>>> > Best,
>>> > Nathan
>>> >
>>> >
>>> >
>>> > --
>>> > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> 
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list