Ruslan · Sunday, 31 October - 13:42 edit
Ruslan · Sunday, 31 October - 13:42 edit
All three big US carriers will be switched to Android Messages as default for RCS Chat, just Apple remains for supporting E2EE RCS
Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Tuesday, 20 July - 14:19
Beginning next year, Verizon will join AT&T and T-Mobile in preloading Android Messages as the default texting app on all Android phones it sells. It’s the final step for making RCS Chat — the next-gen standard designed to replace SMS — the default experience for Android. In the US, that only leaves one large cohort that will not use RCS as a default SMS replacement: iPhone users.
So yes, Apple has iMessages, but only on Apple so that is of zero use in any situation where you have friends, colleagues or family on Android (it's a real world out here). For anything to replace SMS, it needs to be completely cross-platform and able to be the default messaging app. Google supposedly has no plans either to try to introduce a messaging app that supports RCS on the iPhone.
End-to-end encrypted RCS Chat messaging is now available for more users in Google Messages
Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Wednesday, 16 June - 09:00
Google began rolling out end-to-end encryption at the end of last year for select Google Messages beta users who have enabled Chat, Google’s implementation of RCS. End-to-end encryption ensures that conversations stay encrypted from when they leave your smartphone, to when they arrive at the other end. There is no server-side decryption, meaning that data can’t be collected in the middle from the servers that pass your messages along. This is a selling point of many texting applications like Signal as it’s a major step towards ensuring the privacy of a user, and now it’s finally rolling out to more users who use Google Messages.
Of course, until either RCS (Rich Communications Services) or iMessage is available across both Android and iOS, neither will be a solution to universal messaging or replacing SMS. Ironically, as I understand it, both depend on Tim Apple! RCS needs to be a standard independent of just Google alone as we've seen how many times Google changes its mind over messaging apps, and having iMessage controlled by a single company is also not a universal solution.
Year of the OX: OpenPGP for XMPP
debacle · pubsub.movim.eu / berlin-xmpp-meetup · Monday, 1 February, 2021 - 02:02 edit
In February 2021, this month, starts the year of the ox. At Berlin XMPP meetup, we will celebrate the new year with an introductionary talk about "XEP-0373: OpenPGP for XMPP" and "XEP-0374: OpenPGP for XMPP Instant Messaging" and the panel of experts:
- DebXWoody (implementor of OX in Profanity)
- defanor (implementor of OX in rexmpp)
- Florian (co-author of the OX standards)
- lovetox (implementor of OX for Gajim)
- Paul (implementor of OX in Smack)
When? Wednesday, 2021-02-10 18:00 CET (always 2ⁿᵈ Wednesday of every month)
Where? Online, via our MUC (xmpp:firstname.lastname@example.org?join). A Jitsi video conference will be announced there.
See you then!
Amid pressure, Zoom will end-to-end encrypt all calls, free or paid
news.movim.eu / ArsTechnica · Wednesday, 17 June, 2020 - 18:14
Under pressure from privacy and human rights advocates, Zoom said on Wednesday that it will make end-to-end encryption available to both paying and non-paying users of its video conferencing service.
Previously, Zoom said it would provide end-to-end encryption to paying customers and a less-robust form of encryption, known as transit encryption, to non-paying customers. Zoom said the two-tier offering would allow law enforcement to regulate illicit content coming from users who don’t have accounts and, hence, are harder to track. Paying users, by contrast, had more traceability and, hence, were less likely to use the platform for illegal purposes.
Critics in privacy and human rights circles said the Zoom plans threatened to make privacy a premium feature rather than something that’s available by default. The critics called on Zoom to provide the same protections for all users.
Things I don't like with OMEMO as it is today
debacle · Tuesday, 13 November, 2018 - 19:21 edit · 2 minutes
I use OMEMO every day, because I prefer end-to-end encrypted messaging for many purposes. OMEMO is much better than OTR, and it works well enough to be useful. But OMEMO has a number of usability issues, that should be addressed by the IM and XMPP community at some point.
- It relates to devices instead of users. I don't want to know, whether my contacts own a new device, nor should they care when I do.
- Forward secrecy is a good thing for TLS. But when used for messaging, I cannot decrypt my old messages stored on the server in all cases. Also, it makes key escrow impossible, which is a killer for using it in business.
- Deniability. I want verifiable signatures instead. Maybe I want to conclude a contract via XMPP? For deniability I would use an anonymous account in the first place.
- OMEMO does not encrypt the complete stanza, but only the textual part of a message.
- It does not work with local, serverless messaging. I don't use this feature a lot, but still, encryption should work with it, too.
- OMEMO seems to be pretty complex, which makes implementation relatively hard. In fact, bugs related to OMEMO are still frequent in some clients.
- I already have an OpenPGP key, that is trusted (and occasionally signed) by many. Why not re-use it for IM purposes?
- (added 2019-02-15) This is an amendment to the first point: If we accept the concept of keys per device, at least improve the management. The keys should have a label, e.g. "mobile" or "PC at work", to be less confusing. Or why not automatically cross-sign keys from all devices?
Some of the points can be addressed in later OMEMO versions, but some points seem to be woven into the fabric. Fortunately, I see the light at the end of the tunnel (and I hope it is not the oncoming train): OX or "OpenPGP for XMPP". I hope, that it will heal all my OMEMO aches:
The only thing, I do not like is synchronising of encrypted private keys using PEP, which involves storing it on the server, only secured by the PGP passphrase and the "backup code", generated by the device. But nobody forces me to use the backup feature and I assume, that it can be blocked by admins who feel uneasy about it. Also, OpenPGP seems to have a higher per message overhead than OMEMO. This is probably unavoidable.
Edit: Correction about OX private key encryption, thanks to lovetox!
Edit: Add point about OMEMO complexity and errors, thanks to Holger!