most people see messaging apps like Signal, WhatsApp and other third party apps for personal use only.
In Europe, businesses, especially small businesses often use WhatsApp, to the point of putting its logo next to their phone number on signs. I wonder what creates the perception where you are that messaging apps are for personal use, not business.
I’m not surprised they could. I’ve worked on things that send SMS messages and I’m aware that carriers filter for spam and scams (perhaps not as effectively as one might hope).
I’m surprised to hear of messages being blocked for mere profanity.
Anyway, SMS sucks, default to something else and fall back to SMS as a last resort. Gently encourage your contacts to use Signal.
I have no doubt about the part where iPhone fans waste no opportunity to tell someone else they should get an iPhone. It’s the other side of the argument that falls flat: Alice receives video from Charlie that’s perfectly fine, but Bob’s iPhone sends a pixelated mess, and Bob says the iPhone is better?
Interest in RCS is recent - newer than iMessage, which launched in 2011. RCS with Google’s proprietary extensions is just another proprietary messaging app, and I am not particularly excited about it.
even so far as “patch” a fix that was created to make it possible for their customers to communicate securely with Android users.
There’s no shortage of options for doing that. What Apple wants is tight control over all of its walled gardens, which should be no surprise given the company’s history. They’re very good at making it appear as if decisions made to increase their profits are aligned with the interests of users. It’s probably even true that someone would have exploited the technique Beeper Mini was using to send spam if Apple hadn’t closed it.
Major privacy issues that come to mind include:
- App store lock-in on iOS combined with terms incompatible with the GPL mean that some of the most privacy-respecting software cannot be distributed for Apple’s mobile devices.
- Apple proposed, but ultimately did not implement client-side scanning for end-to-end encrypted cloud storage. That such a thing even made it to the public proposal stage shows either incompetence (unlikely) or a lack of serious commitment to privacy (more likely). Apple’s proposal may have emboldened EU regulators who are trying to mandate client-side scanning for encrypted chat apps.
- Browser engine lock-in on iOS means hardened third-party browsers are unavailable.
- The popularity of Apple’s platform-exclusive iMessage service in the USA may be hindering adoption of cross-platform encrypted messaging. On the other hand, without it perhaps most of its current users would use SMS, which is obviously worse.
would the government be able to find out that I own the anonymous e-sim on it if my other sim in my phone is another provider not silent-link
Yes. They can almost certainly tie the hardware ID (IMEI) of your phone to your identity through your non-anonymous service provider, and probably do through mass surveillance programs. Whether that’s a security problem for you depends on what you’re doing with it; surely you aren’t using SMS, standard phone calls, or unencrypted messaging services for anything you really want to keep private.
If you want phone service that will resist targeted surveillance by local authorities, even routinely turning on the cellular modem where you live, work, or study is a risk. This article detailing one person’s approach to securing a phone was posted to Lemmy today and should give you a clue about the possible threat models.
If you’re signed in to a Google account on an Android device with Google Play Services installed, a VPN will not hide your location from Google because the device has several ways to determine your location other than your IP address. You might be able to disable Google’s location services permissions on the device, and if you’re just going for a casual privacy upgrade, that should give you one.
If you really don’t want Google knowing where you are, you probably can’t use a phone with Google Play Services on it, as it integrates itself fairly deeply into the OS and can’t necessarily be trusted to follow the permissions model in the future, even if it can be shown to do so today. Avoiding that means installing a third-party Android build on your phone. Note that a lot of third-party apps rely on Google services, and while an open source substitute exists, it’s not always a smooth experience.
Browsing most websites is E2EE. When it’s not, that isn’t something a phone carrier or ISP can fix because they don’t control the web server. The traffic will be in the clear between the ISP and the server.
For secure messaging without a third-party app, phone carriers in the USA seem to be pretty onboard with Google RCS, though I think I’d recommend anyone who’s serious about security use Signal instead.
You seem to be asking for telephone calls and SMS messages to be end-to-end encrypted. The underlying technologies were not designed with encryption in mind, so the only way for it to work would be for all the participants in a conversation to use an additional software layer. That was the method used by TextSecure.
The authors of TextSecure eventually figured out that a purpose-built Internet-based messaging protocol would be a better transport layer for secure messaging. If you’re interested enough in secure messaging to be asking this question, you may be familiar with TextSecure’s successor.
As for why a carrier wouldn’t do this, I’ll ask the inverse: why would they put in the effort when anyone who cares about secure communication just uses an encrypted messaging app?
There may be some other comments being unfair. People shouldn’t complain about free software someone else gives to them falling short of perfection, but we should be careful about granting random apps root permissions.
Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more
I think it’s more like two:
- If an app granted root privileges is compromised, the damage it can cause is much greater
- The bootloader has to be unlocked for most approaches to gaining root; I consider it a design flaw that it isn’t easier for users to add signing keys and re-lock the bootloader
F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices
This is another very binary statement about security. The article addresses a number of design issues with F-Droid and concludes that most users are better off getting apps from Google Play. I don’t disagree with the design complaints in theory, but in practice it doesn’t hold up. I’ve seen people get malware from Google Play and read a number of documented cases. I have never heard of malware in the official F-Droid repository.
I’m reminded of comparing Windows to Linux 20 years ago. In theory, Windows had a more sophisticated permissions model and more reliable logging, making it potentially more secure. In practice, it took significant care to keep a Windows desktop clean, while Linux was very unlikely to be compromised.
Of course someone with high-value secrets on their device or who’s likely to be directly targeted by sophisticated threats should probably take a more conservative approach, install very few apps, and consider a hardened ROM like GrapheneOS.
I’m not complaining. I’m asking for some evidence this app is trustworthy.
Security is not binary. Having root can be bad for security, but it doesn’t have to be especially if you’re careful about what apps you grant root to, which is the point of my original comment. Having root can also be a security benefit because it offers more opportunities for detecting and blocking harmful and privacy-invasive apps, as this app does (if it’s trustworthy).
I don’t think F-Droid with the official repositories is a negative for security either; I suspect it’s less likely to contain outright malware than Google Play, and I’m sure the average app on F-Droid is less likely to be privacy-invasive. Adding random repositories suggested by strangers on the internet can be a different story, and asking who can vouch for the one suggested in this thread seems like a reasonable mitigation to me.
It’s reasonable for an app like this to need root, but also reasonable for everyone to ask for third-party verification of anything they’re granting administrative access to their devices.
Izzydroid’s security policy appears to be primarily based around automated scans that enumerate badness, and has far fewer users than the official F-Droid repository making it less likely that problems will be noticed, reported, and acted on.
Is there more reputation information about this app available?
Quite a few people I know ranging in age from 20s to 40s do. There isn’t really a replacement with its defining characteristics:
- One-to-many blog-like posts
- Mostly for interactions between people who actually know each other
- Most people have an account and at least occasionally check it
It’s that last point nothing else can match. If I post something to Facebook, most people I know have a chance of seeing it. Five people I actually know follow me on Mastodon.
There’s a lot of value for online communities in pseudonymous reputation.
If somebody writes something that I’m tempted to respond to, but I think might be a troll, I can look at their profile and make a much better decision. If I’m a moderator and I need to decide between a warning and a ban, a look at their profile often tells me whether a warning will be productive. If I’m thinking about doing some kind of trade or transaction, I can see if they have a reputation to lose by cheating me.
Fortunately, it’s easy to have multiple pseudonymous accounts on something like Lemmy if you don’t want those identities overlapping.
I want the answer to be Matrix. I think decentralization and federation are important to the future of internet services to avoid single points of failure, and Matrix seems to take E2EE seriously. So far, I’ve found Matrix to be slow and unreliable, with some of my private conversations having as many messages “unable to decrypt” as successfully delivered.
So the answer isn’t Matrix yet, though I hope it will be in the future. The answer, as most comments have already said is Signal.
I have been using Signal for years and have not noticed it getting worse. Instead, I’ve noticed that it’s much more reliable about timely notifications than it was a few years ago.
I never much cared about it being able to do SMS or not. I got used to the idea that it was necessary to have multiple apps to talk to everyone in the early 2000s PC instant messenger era; there were some multi-service apps, but that was never a stable situation.
Everyone has a limited about of time, ability to learn, and executive function. It’s rational to be lazy about things that aren’t important to your well-being or interests.
That said, there does seem to be an issue where people are getting overly habituated to instant gratification and constant stimulation. Many valuable things don’t work that way.
What I hate about the person’s reply is that its not specific. There’s no opportunity for a counter argument or alternative option if the reason for not wanting to use something is that it “sucks”.
“I tried Signal five years ago and it was unreliable” would be a good justification, and there’s a good counter: its better now.
It seems like at least some people view apps that come preinstalled on their phone differently from other apps, but I’m not sure why.