[tor-talk] TIMB vs TextSecure

Ted Smith tedks at riseup.net
Sat Mar 1 18:12:59 UTC 2014

On Sat, 2014-03-01 at 09:07 +0100, Felix Eckhofer wrote:
> Hey.
> Am 01.03.2014 08:23, schrieb Gordon Morehouse:
> > With the news hitting some tech sites about TIMB, I went digging
> > around briefly to find the reasoning for rolling something anew rather
> > than backing e.g. TextSecure. (I know there are serious questions
> > about the security of Telegram.)
> > 
> > I'm sure there is a good reason, but what is it?
> Using Tor gives you a few properties that no other instant messaging 
> solution can currently provide.
>   - The IM server can not learn your IP.
>   - A network observer can not learn that you are using IM (just that you 
> are using Tor).
>   - You cannot block the IM service without blocking Tor.
> Furthermore, there are (in my opinion) still some serious problems with 
> TextSecure, most importantly:
>   - Only phone numbers as identifiers.
>   - Sends your address book to the server in full (hashed, but that 
> doesn't mean anything for phone numbers). No opt-out if you want to use 
> the push transport.
>   - Requires Google Play to be installed and uses GCM for notifications.
> Though moxie has plans to address these problems, they currently exist.

These aren't "problems" -- TextSecure was designed to address a
different use case than Tor.

TextSecure is a drop-in replacement for the Android text messaging app,
and only incorporated data-channel messaging because it's impossible to
write custom text message clients on iOS, as far as I can tell.

For text messaging, anonymity in the Tor sense doesn't make sense. Phone
numbers are the only identifier you have for obvious reasons.

If you to be anonymous, TextSecure obviously isn't for you, but SMS
messaging also isn't for you. ChatSecure exists in the mobile space for
exactly this purpose.

If you want to be able to passively upgrade the security of a
communications channel nearly all people use, TextSecure is the right

I think a lot of Moxie Marlinspike's approach to security is laid out in
this Defcon talk: https://www.youtube.com/watch?v=eG0KrT6pBPk

Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140301/1d0761f2/attachment.sig>

More information about the tor-talk mailing list