Hello Arelor!

** On Monday 20.12.21 - 18:20, Arelor wrote to TheCivvie:

I have migrated my family over to Signal Messenger. They
keep their Facebooks but if they want to find me online
they are going to have to play with my rules.

I am not even a hardcore Signal fan. It is just the best
thing they are going to be able to use.

And they wouldn't even try email? Session/Deltachat interfaces
look the same on smartphones.

--
../|ug

--- OpenXP 5.0.50
* Origin: (} Pointy McPointface (618:250/1.9)

Re: I have migrated my family over to Signal Messenger.
By: August Abolins to Arelor on Mon Dec 20 2021 11:00 pm

Hello Arelor!

** On Monday 20.12.21 - 18:20, Arelor wrote to TheCivvie:

I have migrated my family over to Signal Messenger. They
keep their Facebooks but if they want to find me online
they are going to have to play with my rules.

I am not even a hardcore Signal fan. It is just the best
thing they are going to be able to use.

And they wouldn't even try email? Session/Deltachat interfaces
look the same on smartphones.

--
../|ug

My family makes extensive use of email, but email is for something else.

Also, I was talking about Signal, not Session :-)

I won't use my main email accoutns on a smartphone because I don't trust smartphones.
Most of my email accounts I consider to deserve a high level of security because they
are used for registering to web services, banking services and the like. I don't think
consumer-grade smartphone operating systems are safe enough for managing such things.

For starters, I don't trust the vendors. The security of the whole stack is leaky and
it shows (you may configure a certain proxy for the system, only for some applicaiton
to ignore it and try to connect by its own means, for example). And the whole thing
gets EOLed before poor people like us discards the hardware which means we are likely
to end up running unsuported systems. So, not a great deal for email

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

Hello Arelor!

** On Wednesday 22.12.21 - 20:04, Arelor wrote to August Abolins:

I am not even a hardcore Signal fan. It is just the best
thing they are going to be able to use.

And they wouldn't even try email? Session/Deltachat interfaces
look the same on smartphones.

My family makes extensive use of email, but email is for
something else.

Not sure what "email is for something else" means.. but I guess
it's a family thing.

Also, I was talking about Signal, not Session :-)

True. My bad. I believe I sent you email about my fait
accompli. I have no idea how I mixed up Session with Signal.

I won't use my main email accoutns on a smartphone because
I don't trust smartphones.Most of my email accounts I
consider to deserve a high level of security because they
are used for registering to web services, banking services
and the like. I don't think consumer-grade smartphone
operating systems are safe enough for managing such things.

Give DeltaChat a test run. It uses one's existing email
service and does not rely on 3rd-party systems like Telegram,
nor like Session. The public keys are exchanged in the
Autocrpyt header sections.

For starters, I don't trust the vendors. The security of
the whole stack is leaky and it shows (you may configure a
certain proxy for the system, only for some applicaiton to
ignore it and try to connect by its own means, for
example). And the whole thing gets EOLed before poor people
like us discards the hardware which means we are likely to
end up running unsuported systems. So, not a great deal for
email

DeltaChat doesn't seem to have that problem (EOL, unsupported,
etc..) Everything is self-contained using one's own existing
email servers.

--
../|ug

--- OpenXP 5.0.50
* Origin: (} Pointy McPointface (618:250/1.9)

Re: I have migrated my family over to Signal Messenger.
By: August Abolins to Arelor on Fri Dec 24 2021 09:09 pm

DeltaChat doesn't seem to have that problem (EOL, unsupported,
etc..) Everything is self-contained using one's own existing
email servers.

Well, what I mean is that you may end up running a supported, secure version of DeltaChat on a phone with an obsolete, insecure baseband. Or an obsolete, insecure Android version.

Or a supported, insecure Android version (after all, Google has root access to your phone if you have any Google Service enabled).

If I have to give DeltaChat the password for one of my email accounts, then Android may access the email credentials. I find it unaceptable because email accounts are used for many non-communication critical activities - such as password recovery for online banking.

Ic'd work if I used DeltaChat with an email account which I used for nothing important. For example, an email account created specifically for using DeltaChat over it. I would not consider it safe, but damage would be contained in case of compromise.

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

Hello Arelor!

** On Saturday 25.12.21 - 07:03, Arelor wrote to August Abolins:

DeltaChat doesn't seem to have that problem (EOL,
unsupported, etc..) Everything is self-contained using
one's own existing email servers.

Well, what I mean is that you may end up running a
supported, secure version of DeltaChat on a phone with an
obsolete, insecure baseband. Or an obsolete, insecure
Android version.

Yeah.. but if the content is encapsulated in a PGP BLOCK, then
what's the worry?

Or a supported, insecure Android version (after all, Google
has root access to your phone if you have any Google
Service enabled).

The rooting part sounds confusing. Can't you change the root
credentials so that only you have access?

If I have to give DeltaChat the password for one of my
email accounts, then Android may access the email
credentials. I find it unaceptable because email accounts
are used for many non-communication critical activities -
such as password recovery for online banking.

Yes.. that aspect of DeltaChat had me worried. You really have
to trust the app that it won't broadcast the login credentials
outside your knowledge. But the code is open-source, and
surely the skeptics have analysed it for any untoward
potential?

I|o'd work if I used DeltaChat with an email account which
I used for nothing important. For example, an email account
created specifically for using DeltaChat over it. I would
not consider it safe, but damage would be contained in case
of compromise.

Having played with DeltaChat a bit myself (exporting the public
key for someone to use in their OpenGPG keyring), I see that it
would be best to use it with its own dedicated email account
inorder to avoid multiple keys for the same email address.
--
../|ug

--- OpenXP 5.0.50
* Origin: (} Pointy McPointface (618:250/1.9)

Re: I have migrated my family over to Signal Messenger.
By: August Abolins to Arelor on Sat Dec 25 2021 04:02 pm

The rooting part sounds confusing. Can't you change the root
credentials so that only you have access?

That is a difficult question.

If you want Google Services you need to have Google?'s framework installed. Such framework has full access to everything in the phone with few exceptions (baseband and SIM card comes to mind).

Google Play can install anything. If it can install anything, it can access anything. Contents stored in memory, such as decoded OpenPGP material; contents stored in the filesystem, such as OpenPGP keys.

They can put whatever they want in the next Android update and the framework may download it and install it, no questions asked.

You can flash the shit out of the phone and use an image that is not ridden with Google stuff. The drawbacks of doing so is that many applications won't work if Google's frameworks are not present, and that flashing the phone is not supported by vendors more often than not. At this point, people creates frameworks that make it look like Google is present on the phone so applications can work without actual Google presence. At this point, you are in hacker territory.

Give up all Warranty Anybody who Herein Enters


--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)