Privacy WIN! Apple & Android Unite for Secure Messaging
(peertube.wtf)
from meldrik@lemmy.wtf to privacy@lemmy.ml on 15 Mar 2025 18:21
https://lemmy.wtf/post/18097557
from meldrik@lemmy.wtf to privacy@lemmy.ml on 15 Mar 2025 18:21
https://lemmy.wtf/post/18097557
threaded - newest
Privacy win? RCS itself does not support E2EE. Google developed a proprietary extension for RCS to include their “E2EE”.
Looks like that might be changing gsma.com/…/rcs-encryption-a-leap-towards-secure-a…
I can sort of see why it’s not been a priority for them. Outside of the US nobody uses SMS or the built in text apps. I just went through my phone and I haven’t had a text message that wasn’t business related since July.
Which is for the best, since SMS is insecure.
A better example to show that SMS’ are insecure are the Signalling system 7 protocols.
While it is possible to incerpte SMS, phone calls and 2FA (kinda scary…) it comes with a high cost (14k) and some technical skills.
However, if you are a vulnerable target, just don’t use SMS or any smartphone. Geotracking is also possible !
It was honestly surprising to learn that SMS/RCS/iMessage is the most common way to send messages in the US, as it hasn’t been that way in the UK for over a decade now.
For better or worse, folks in the UK & EU all switched to apps like WhatsApp, Messenger, Viber, etc. due to better features and free international calls.
It seems like RCS is finally mature enough to compete, but good luck getting folks to move back.
Why are meta products so popular in Europe?
WhatsApp wasn’t a Meta product when it originally took off; Meta didn’t even exist at the time. WhatsApp was bought by Facebook in 2014, and already had hundreds of millions of users at the time.
Outside the US, most carriers charged per text message, but basic data wasn’t usage-billed. You could send as many Whatsapp messages as you wanted.
It seems like where I live, RCS is not supported on all carriers (not on mine) - but most importantly, not on all phones. The one carrier that has it says it only works on certain Samsungs (I guess also Google Pixel, but they are not officially sold, even if not unpopular). So even though they’re not paid separately like SMS, I don’t think anyone would be switching to it from Whatsapp or Telegram.
Yeah but unfortunately there’s a metric f*** ton of them using WhatsApp.
I had some! It’s the rescue services warning you that the ice is starting to break and you shouldn’t walk on it.
I use QKSMS regularly and I’m not in the US
As long Google keep it proprietary, you have to assume it’s not good for privacy. Google lies about privacy all of the time. It’s barely been two months since the last time they were found guilty. This is how they operate. It’s just a business expense.
It’s not proprietary, it’s an open standard from the GSMA. Stop spreading this nonsense.
Google’s default implementation IS proprietary, so while the spec isn’t, the mass-adopted deployment is. Google is in the middle, unless you use a different app (if that’s even possible, I don’t know as I don’t Android).
Plenty of apps on Android are great replacements for centralised services we’ve gotten used to, and can be installed from another source like fdroid, like clients for Telegram, Matrix, Lemmy, Mastodon, Mattermost etc. As they weren’t installed via Google Play, they can’t use Google’s notification service and instead use local alternatives.
They do not allow that, but yeah, it’s just their OS which only allows access to the relevant system interface for their own app. Apple doesn’t let you send SMS with third-party apps either for example.
Though admittedly, Google is putting proprietary extensions on top of it in their client, and they are apparently running a lot of carriers’ RCS endpoints, and using their servers when the carrier doesn’t support it at all. Which is fair, but imo does not make RCS itself inherently proprietary.
(However this is also to some extent warranted, since carriers were and still are dragging their feet a lot implementing it despite RCS being a required part of 5G carrier services IIRC^1^. This seems to me like another IPv6 situation.)
This claims to work on a rooted Android phone (or one where you have control over the system image), and the underlying library is platform-independent so you could use it to implement RCS for a Linux or other phone: github.com/Hirohumi/RustyRcs. I haven’t tested it though since I also don’t Android (anymore).
^1^ Though maybe that was just for 5G standalone, which no carrier is doing yet anyway.
Nobody wins, this is marketing trying to be news
bingo yeah. signal and others have always existed.
when google and apple are involved, i doubt we can count on it being “a win for privacy”, at best a sidegrade because secure messengers already exist.
They treat this as if e2ee was the privacy grail but it’s only marketing to fool people believing they’re protected.
The actual contents of the messages aren’t as important for privacy. It’s the Metadata and a ton of other measures rhay signal implements in their family of protocols.
Talking about e2ee and call it private shows ignorance in what privacy entails.
Good enough to protect against your bank verification codes from being intercepted, as long as the bank also uses RCS’s Encryption to send the message.
I assumed that when it comes to SMS 2FA, simswapping is a threat much bigger than interception of the contents…
Exactly and if you have to use stock android or iOS to get this feature you are agreeing to so much intrusions into privacy that it’s sort of moot.
They probably have a separare copy encrypted by keys under their control, but if verification codes text messages also use RCS Encryption, at least its harder for people to hack bank accounts.
We had this in XMPP a decade ago & they could have readopted the open standard instead of creating a new one. There is no track record of them not bending the rules to benefit just them anyhow—but this time it was developed exclusively by the tech giants which is absolutely for their benefit with nestled enclaves to meet the bare minimum requirements while still building the garden’s walls higher. Cabal-ass behavior.
XMPP is very much a valid option nowadays too! Much easier and lighter to host than Matrix, too. I use it with my mom - Conversations is just as easy to use as Whatsapp, and maybe more pleasant.
Cheogram has a better featureset on Android in my experience. Movim has quite a lot of features & good performance for a web app—which covers the folks that “don’t want to install any new apps” (generally the right skepticism, but really most F-Droid ones are safer with less worry), or platforms without good clients. The biggest pushback I have heard was bad iOS clients—but being a self-hostable service with almost exclusively free software clients, it should be of no surprise any iOS dev is lackluster, being an entirely closed platform, anti-GPL, & with a hefty fee just to list an application.
Of course you can’t use it without being part of a huge tech duopoly so yay and it doesn’t work without googles proprietary messaging app.
Despite SMS not being secure I’m determined to stop using WhatsApp and haven’t installed it on my new phone. My old phone has WhatsApp business with an auto reply saying to contact me on signal or send a text. Granted I don’t have a huge contacts list but 4 people have started using Signal and the rest send a text, so this is good news in my book.
Remind me again when there is a FOSS application for RCS messaging
media.tenor.com/…/jenn-jenn-robbins.gif
That’s not a privacy win for anyone. What this is is a marketing win for Crapple and Google.