I used TextSecure as my text client exclusively for about the last 6 months and it worked great except for 3 things: group messages and MMS. Something changed recently that prevented any MMS from showing up and it kept offering for me to configure the proxy settings. I looked briefly for the correct settings but there don't seem to be any for Verizon on their list. Group messages just didn't seem to work the way the do in the normal Android client. Texting worked flawlessly though it's sort of chicken and egg - no one I know used it so none of my communication was encrypted in transit.<p>Oh and the third thing: my SO thought I was borderline paranoid/crazy/hiding something for even installing it.
I am really looking forward to TextSecure for iOS. I hope I am wrong on this one, but from the text on their Website Heml.is doesn't seem to be too eager to open source their code after release.<p>I don't know any details about whispersystems (except that moxie marlinspike is with them) but I sure do hope they can provide a well designed cross platform messaging app completely open source (which I don't think exists yet)
Here's cyanogenmod's side of the announcement:
<a href="http://www.cyanogenmod.org/blog/whisperpush-secure-messaging-integration" rel="nofollow">http://www.cyanogenmod.org/blog/whisperpush-secure-messaging...</a>
Awesome, I've been waiting for this. Now CyanogenMod should be the most secure OS out there against snooping, even compared to Google's own Android. Too bad Google isn't taking steps to offer end-to-end encrypted communication for Android devices.
In case anyone else is wondering: if sender and recipient use CM or TextSecure, the encrypted messages are not sent via GSM SMS. The transport uses Procotol Buffers, HTTP and Google Cloud Messaging/Apple Push Notifications.
This looks awesome and definitely makes me lean more towards an Android OS for a future phone.<p>This is not a dig, but because the SMS system is SO transparent a user may not be able to tell which of their messages / contacts allow encrypted traffic (based on the screenshot in the post). I might add a lock or some other mechanism to indicate which messages are secured.
This is truly great work by Moxie, CyanogenMod devs and everyone else who may have contributed to this project. Kudos guys/gals!<p>One important implementation detail question that comes to mind is "How does the system detect and fix the issue of key exchange errors?"<p>While using the TextSecure app from the Play store, I've experienced a situation twice where a key exchange would have to be re-initiated manually after a friend and I got out of sync (he was receiving my messages garbled in TextSecure). I imagine it's possible for this to happen in the built-in Cyanogenmod version, and I don't see any documentation specifically addressing it. Without visual notification of a "secured" connection, the user could end up inadvertently sending plain-text messages.
Can someone explain how the keying system works? What is the secret information a user needs to decrypt messages addressed to them? What prevents a 3rd party from decrypting those messages? What is the 'key'?
This is how I always thought Google would eventually implement an iMessage-like protocol. By taking the last step before sending the SMS out, and checking to see if the recipient is also part of the service, and sending it over the service instead of through the open. Love it, just hope my HTC One S will still work with a nightly. ;P
Doesn't the fact that mobile phones have an extra closed-source baseband OS that can control the phone on a lower level than the secondary OS (Android) make any attempt at securing the secondary OS pointless? I mean, the baseband might have a keylogger and send all your data to your provider anyway...
I really like the "Disable passphrase" option.<p>Having to enter that all the time made this a dealbreaker with my wife last time. I figure just encrypt the handset and that'll be good enough.
I'm currently working on an application similar to this, but with a small physical device you plug into the bottom of your phone where all the encryption is done, so there is no central software you can break into, it's all done physically, disconnected. You communicate the decryption keys to the parties in person. We want to make this a little device you can attach to a key chain and plug into the bottom of your phone whenever you need encryption. Our app interfaces with the dongle and you can use it to encrypt/decrypt any files really.<p>Is this a retarded idea or is there a use for this?
I did not read anything about what current users may need to do. I've been using TextSecure for some time now and _just_ got a phone that was worthy of putting CyanogenMod on.<p>So I did.<p>Did my eyes gloss over the details or is there some method of importing current TS databases I may need to know about?