[guardian-dev] Ciao TextSecure SMS

Drake Wilson drake at dasyatidae.net
Thu May 14 13:56:04 EDT 2015


Jacob Appelbaum wrote:
> Just as a side note - SMS is just slightly better than GCM. There are
> nearly no good Free Software options that only uses open protocols
> over open and free networks.

I hope I'm not derailing this too much---but I would like to call attention
to the big practical difference in the _identity_ model of these networks, as
I made a similar complaint on the TextSecure list.

The PSTN is maybe not as open a network as the Internet, but there is still
a lot of /de facto/ multi-provider interoperability, some regulation over
how this is handled (at least in the US), and a broad social expectation that
people can generally acquire telephone numbers and that it's hard for any
single provider to just declare that you don't exist.  AFAIK, WhatsApp and
the new TextSecure (and iMessage, and Telegram, and so forth) are all
centralized-identity networks: if the master computer says you don't have
a name/number, you don't have one and you can't talk to anyone.

So if there's ever a "since this was the only measure we could afford to
develop in time to stem a recent tide of weird TextSecure spam, all recently
registered users 'temporarily' have to link their Google account" or such...

So I sympathize somewhat with the ideas of SMS being finicky, technologically
problematic, not really that open, hard to make easy to use, leaking a lot of
metadata, etc., but that doesn't remove the scarier problems with the "obvious"
alternatives.  Using SMS as a fallback "authoritative" channel to bootstrap
other channels can be a nice approach so long as the fallback stays in place.

> All the best,
> Jacob

   ---> Drake Wilson



More information about the guardian-dev mailing list