Related
Google just launched an enormous volley in the war of the data kings. Facebook and Google have been gearing up for war for a long time now, and Facebook’s alliance with Microsoft and Bing was practically an act of war. Now, Google is fighting back, albeit subtly. They changed their terms of service ever so slightly, but in a way that hurts Facebook in a big way.
According to TechCrunch, the ToS now requires reciprocity for anyone using the Google Contacts API to grab contact information from Google users. This means that whenever Facebook uses a Google API call to get contact data from a Google account, which is exactly what happens when new users are asked if they want to import their contact data from Google, Facebook will be required to give the user’s Facebook contact information back to Google. Facebook has never given their contact information out, and it’s highly unlikely that they will all of a sudden change this practice. It also affects the entire Google portion of their vaunted Open Graph, restricting a lot of information from Facebook’s data mining operation.
The only other option for Facebook at this point is to take away the Google importing functionality and hope for the best. Somehow, though, the idea of the biggest social network in the world backing off so easily doesn’t seem likely. It will be interesting to see what happens if they lawyer up and argue the legality of the new reciprocity clause.
In a statement, a Google spokesperson highlighted that this isn’t a greedy push for data.
It’s important that when we automate the transfer of contacts to another service, users have some certainty that the new service meets a baseline standard of data portability. We hope that reciprocity will be an important step towards creating a world of true data liberation–and that this move will encourage other websites to allow users to automate the export of their contacts as well.
It sounds less like a greedy grab for data, and more like an attempt to enforce an open data portability standard on the web, but neither one will sit well with many companies using the Contacts API. Facebook would rather have control over potentially sensitive information, and release it to select contractual partners, than start adopting Google’s open data portability standard. Google is sacrificing a level of openness to enforce open standards on other companies, but this is first and foremost a move on Facebook, and you can bet Facebook won’t take it lightly.
http://techcrunch.com/2010/11/04/facebook-google-contacts/
what will this mean for us people who import contact info from facebook
I want to know what the fu(k this actually means. Since we can link Facebook contacts with our Google contacts. I hope this doesn't lead to Facebook leaving android.
Sent From My HTC Evo 4G Using Tapa Talk Pro!
google and facebook contact sync'ing
How does facebook allow you to collect contacts and save them off to say your PC.. sure you can sync your phone with limits but you are not able to say export them to Outlook.
If you I have been looking for the last few months.
Dear fellow members,
Just to inform you about Dropbox privacy policy because I know that a lot of you rely on Dropbox (info received via Twitter today): Dropbox issue
Feel free to comment but most likely, to delete your Dropbox account if you feel like you've been fouled.
f.
Yes, I read about this and was rather angered by it..... But.... the service is so slick and useful, cancelling my usage would be like cutting off my nose to spite my face. I'll just continue to use it for non-sensitive data only.
The fact is, we need to be careful about the data we store in any cloud-based service - they all seem vulnerable. Even Android itself can't be trusted: http://www.bbc.co.uk/news/technology-13422308
Plus you did seriously think the files on servers were really inaccessible for anyone having complete access to databases and filesystem ? If that wouldn't be possible, then the system wouldn't be able to work at all.
Im still unconvinced about Cloud Storage. Yes it can be convenient, but Id rather have full control over my data and where it actually is.
Ill be saving my sensitve data on local off line storage i.e. external HDD's.
Yeah have never stored anything sensitive to Dropbox but the consept is nice and our data ain't that secure anyways nowadays
it has it's ups and down. But using dropbox to store you entire business on, dont know, maybe its not smart. But it can be very useful if you have some files you share with people outside your company, which you dont want to grant access to your server.
I was never in the illusion dropbox couldnt be accessed by hacking or anything, but this easily by employees of dropbox itself :S.
In dropbox, I store things like lyrics for my band, guitar scores or similar. Things where I don't care who looks at them. Nothing else.
For me, every cloud storage is basically open as a postcard.
Just my 2 cents...
is there any similar software as titanium media sync which can store my data (photos etc) on alterntive services? E.g. other cloud services or own ftp ?
I've been using SugarSync. Anyone have information on them and how they operate? Seems that cloud storage is a mixed bag at best. Users should always be cautious about what they put up there. However, if law enforcement has a valid warrant, I understand how a company would be required to comply.
Starting February 1st 2013, Windows Phone users won't be able to create full Gmail accounts on Windows Phone. Does Microsoft have a plan?
This afternoon Google has announced the discontinuation of their support of Exchange ActiveSync (EAS aka the standard for many who use email) after January 30th 2013. The question you may be wondering is, how does it affect Windows Phone?
More here from Windows Phone Central http://www.wpcentral.com/google-drops-exchange-activesync-what-s-it-mean-windows-phone
Is this going to affect you ? I sync email, contacts and calendar from google so will this be shut off to existing users who are already setup at the end of January ?
I don't really want to move all my gmail stuff which is work related to microsoft, and I also don't want to give up my 820 so this has thrown a spanner in the works for me.
This means:
1. If you already have your Gmail account set up as a Exchange ActiveSync account on February 1st, it will continue to work for you.
2. If you try to add a new Gmail account (or delete your existing one and try to re-add it, or get a new phone/device/tablet) after February 1st, you will no longer be able to connect it as an Exchange ActiveSync account, which means no tasks, calendar, and contacts.
3. Calendar sync has already been disabled, so if you try to add a Gmail account and sync your Calendar to your phone as of yesterday, it will no longer sync your Calendar.
4. You can still connect your Gmail e-mail using IMAP or POP3, so mail will continue to function after February 1st. Though you may have to recreate your account so that it works properly.
5. This affects any device that uses Exchange ActiveSync as a way to sync information through Google. So not just Windows Phone, but Microsoft Outlook, some older Nokia and Sony devices, other random devices/phones.
Ah thanks
Sent from my RM-825_eu_euro1_217 using Board Express
If you are using Google Apps and hosting a custom domain, nothing should change for you. As far as I know, even Calendar sync still works. However, Google Apps no longer offers a free version, that happened about two weeks ago, most likely in preparation for killing off EAS.
A few months ago this would have really irked me, but when I decided to try Outlook.com, it won me over. More importantly, thanks to Microsoft's free Live Domains hosting service, I've moved all my private, custom domains over to use Outlook.com as the default provider.
It's a safe bet that Microsoft will never discontinue support for Exchange Activesync, so I'm actually really happy. Plus, the deep integration with SkyDrive and other MS services means, simply enough, that I don't really give a **** what Google does anymore. I don't use their mediocre online office tools, nor their Drive service, nor their excellent but ultimately irrelevant in the face of Nokia, maps service. On top of that, the TubePro app for WP8 is far superior to the Google provided Youtube app on iOS or Android, so again, I'm not at all worried.
Windows phone 8 doesn't *need* Google.
jasongw said:
A few months ago this would have really irked me, but when I decided to try Outlook.com, it won me over. More importantly, thanks to Microsoft's free Live Domains hosting service, I've moved all my private, custom domains over to use Outlook.com as the default provider.
It's a safe bet that Microsoft will never discontinue support for Exchange Activesync, so I'm actually really happy. Plus, the deep integration with SkyDrive and other MS services means, simply enough, that I don't really give a **** what Google does anymore. I don't use their mediocre online office tools, nor their Drive service, nor their excellent but ultimately irrelevant in the face of Nokia, maps service. On top of that, the TubePro app for WP8 is far superior to the Google provided Youtube app on iOS or Android, so again, I'm not at all worried.
Windows phone 8 doesn't *need* Google.
Click to expand...
Click to collapse
OOH, wow, I didn't know they offered that for free, I was about to buy an exchange email thru rackspace! Might have to give that a go.
jasongw said:
A few months ago this would have really irked me, but when I decided to try Outlook.com, it won me over. More importantly, thanks to Microsoft's free Live Domains hosting service, I've moved all my private, custom domains over to use Outlook.com as the default provider.
It's a safe bet that Microsoft will never discontinue support for Exchange Activesync, so I'm actually really happy. Plus, the deep integration with SkyDrive and other MS services means, simply enough, that I don't really give a **** what Google does anymore. I don't use their mediocre online office tools, nor their Drive service, nor their excellent but ultimately irrelevant in the face of Nokia, maps service. On top of that, the TubePro app for WP8 is far superior to the Google provided Youtube app on iOS or Android, so again, I'm not at all worried.
Windows phone 8 doesn't *need* Google.
Click to expand...
Click to collapse
Could I please ask something about the Live Domains thing. What sort of control do you get on top of a normal Outlook.com account? Can you switch off ads like with a Google Apps account? I have a free Apps account right now and not sure whether to pay for it or move to an Outlook.com account and switch my domain over to Microsoft.
Http://domains.live.com to sign up.
What you get when you setup your domains for the Outlook.com servers, which is fairly simple (it involves proving domain ownership via DNS TXT record creation, and assigning new MX records to point to Microsoft's servers), is basic but robust. You can't turn off ads, but what you can do is create as many free email accounts as you want. Each is an official "Microsoft Account," which means of course that you get the same access to SkyDrive, office web apps, People (for contacts), Calendar, and so on, all wrapped in the sexy new UI. As the admin, you do have access to delete these user accounts, so ideally you won't be a **** to those you give accounts to .
If you want, you can also give away free email accounts on your domains. The first 500 are automatic and free, after that you have to ask them to up your limit, but it's still free (not sure if there's an upper limit, but it's something I'd like to test .
The Outlook.com UI of course offers gobs of advanced filtering options that are user manageable.
Screenshot of the main Control Panel UI attached. There are several more pages of options I didn't show because of course they have personal data, but suffice to say there are a fair few options. Plus, you can do co-branding if you want, which is slick in and of itself.
Now that I think of it...I need to set something up for that
The Jones said:
Could I please ask something about the Live Domains thing. What sort of control do you get on top of a normal Outlook.com account? Can you switch off ads like with a Google Apps account? I have a free Apps account right now and not sure whether to pay for it or move to an Outlook.com account and switch my domain over to Microsoft.
Click to expand...
Click to collapse
Awesome reply. Thanks.
Sent from my RM-825_eu_euro1_217 using Board Express
Google will be removing Google sync support for WP. They called it "Winter Cleaning".
So Google contacts and Calender sync will not be available.
I say, if Google is rejecting WP, then Why doesn't Microsoft STOP Android OEMs from using Microsoft's PATENTS. Those Patents for which Android OEMs need to pay to Microsoft for every Android device they sale.
Sent from my GT-S5570 using xda app-developers app
Apourv said:
Google will be removing Google sync support for WP. They called it "Winter Cleaning".
So Google contacts and Calender sync will not be available.
I say, if Google is rejecting WP, then Why doesn't Microsoft STOP Android OEMs from using Microsoft's PATENTS. Those Patents for which Android OEMs need to pay to Microsoft for every Android device they sale.
Sent from my GT-S5570 using xda app-developers app
Click to expand...
Click to collapse
because that there is more income than all of windows phone
Win.
Inviato dal mio ST26i con Tapatalk 2
Hate it when companies stop providing features just to push themselves and make other services/companies look bad.
Google's been a **** to Microsoft for a while now. Google pushes the abysmal mobile site that works on my ancient Nokia 5200, instead of the nice version to iOS and Android, to WinPhone7, the Youtube app is ridiculous, no maps. I bet Microsoft is a **** to Google too, but this whole thing sucks.
So then Microsoft goes around and doesn't give Google+ any love (Google+ is still trying to force me to use it, but I wont have any of it.)
Google's increasingly getting on my nerves and being more and more pushy, like a stalker. Reading my mail to push me ads, saving my searches to push me ads, it's just pissing me off. It's been consistently useless for all except domain name searching (For eg. if I want to find the official site for a product). Bing needs to up it's game so I can move to an alternative.
Apple is a master at this game too - they don't want to improve their touch APIs for WebKit, or make it open. They wont show any love to Microsoft's alternative touch API which even Chrome and Firefox people are supporting.
I'm trolling google everyday by using adblock.
Yeah, in 2013 ppl still don't know that such a tool exists...ffs
mcosmin222 said:
I'm trolling google everyday by using adblock.
Click to expand...
Click to collapse
that's a big 10-4....
As far as "reading my email" goes, anyone that isn't encrypting their emails is fooling themselves if there is any belief it is private, at any point along the intraweeb.
To support google's ecosystem, which MS will have to if they want to be competitive, they will need to adopt CalDAV and CardDAV, which is no bad thing because it gives us consumers choice.
The days of pushing proprietary technologies are, thankfully, over.
But how are consumers affected by these kind of technologies? It is not as obvious as using WP over android, or the other way around.
Microsoft exchange is still used by the overwhelming majority of people on this planet. Pretty much every single email service, apart from the one provided by Google and some business specific emails, uses this system. Almost every single email user on the planet has another email address than google.
Google is just afraid of microsoft cutting their services, that's all.
As a email user of this planet, I could not care less what technology lies behind my email address. It could MS exchange, it could be google's new framework. I don't care. And why? because the end result is basically the same: I can check my email address.
On the other hand, dropping support of such services disrupts my ability to check my email from my WP, for example. Now what? I don't see any benefit from that, only more tiresome things to do. Will I see Windows Phone as the problem? Hell no!. Google will be my problem. Will I drop google services? very likely.
Just as a side-note, the only google service is use is their search, because bing is nowhere near as powerful in my region.
mcosmin222 said:
But how are consumers affected by these kind of technologies? It is not as obvious as using WP over android, or the other way around.
Microsoft exchange is still used by the overwhelming majority of people on this planet. Pretty much every single email service, apart from the one provided by Google and some business specific emails, uses this system. Almost every single email user on the planet has another email address than google.
Click to expand...
Click to collapse
Eh, no. This is completely wrong. Exchange is but no means used by 'the overwhelming majority of people'. In business maybe, consumers no way.
Google have over 425 million users on gmail, Yahoo over 310 million and most people use either IMAP or POP3. Very, very few consumers are willing to pay for exchange.
uuh. You;re right, I was thinking about something else lol.
anyway
You said...
To support google's ecosystem, which MS will have to if they want to be competitive, they will need to adopt CalDAV and CardDAV, which is no bad thing because it gives us consumers choice.
Click to expand...
Click to collapse
How is this favoring the customers? My point is, if google is doing something to break what it is working, how will this be beneficial for users?
Hello,
my AdMob account has been disabled since this morning however, I have a slight suggestion where I might have violated the policies. I have read too much negative opinions about this ad network, not to mention that I have only ONE opportunity to send them an appeal email. So not only have I lost about 500$ but I dont have any chance to reinstantiate my account either. Though I dont admit the violation, the possibility that I get my account back equals zero and I dont want to bother writing the e-mail. So my question: is it legal to set up a new admob acc with another existing gmail account with the same paypal address, same name etc? So I could create a new admob id for every app I have and replace the ids with the new ones. Is it proper? Or will they shut me down again? The only thing that I found related to this, that I will never able to use the shut down admob account again.
Thank you in advance!
AdMob account disabled - no explanation
caoladder said:
Hello,
my AdMob account has been disabled since this morning however, I have a slight suggestion where I might have violated the policies. I have read too much negative opinions about this ad network, not to mention that I have only ONE opportunity to send them an appeal email. So not only have I lost about 500$ but I dont have any chance to reinstantiate my account either. Though I dont admit the violation, the possibility that I get my account back equals zero and I dont want to bother writing the e-mail. So my question: is it legal to set up a new admob acc with another existing gmail account with the same paypal address, same name etc? So I could create a new admob id for every app I have and replace the ids with the new ones. Is it proper? Or will they shut me down again? The only thing that I found related to this, that I will never able to use the shut down admob account again.
Thank you in advance!
Click to expand...
Click to collapse
My account was also disabled without explanation 3 weeks ago after 2 years of activity. I didn't change anything with my applications and didn't violate policies.
Few days before, my earnings went up beacuse application was presented on TV. I guess that was the trigger to disable my account.
I sent an appeal mail three times but didn't receive reply. I'm so dissapointed because not only that they won't pay my earnings, but I also had some money left for advertising which I can't access now. I don't know how to call that but STEALING!
I wouldn't bother to set up new AdMob account because they would certainly shut it down again. I already switched to the new network.
stu9 said:
My account was also disabled without explanation 3 weeks ago after 2 years of activity. I didn't change anything with my applications and didn't violate policies.
Few days before, my earnings went up beacuse application was presented on TV. I guess that was the trigger to disable my account.
I sent an appeal mail three times but didn't receive reply. I'm so dissapointed because not only that they won't pay my earnings, but I also had some money left for advertising which I can't access now. I don't know how to call that but STEALING!
I wouldn't bother to set up new AdMob account because they would certainly shut it down again. I already switched to the new network.
Click to expand...
Click to collapse
What happens to my Google Developer account, if my Admob Publisher account gets banned? Do they ban Google developer account also?
Me too had the same problem
I have been publishing ads from Admob for few years now.
Although performance is not good as last year, when it comes to generating income, it still is the best mobile ad networks out there.
Not so best on other aspects of a healthy business relationship! Today they have closed my publisher account. When I try to login I get below message
“Your account has been disabled for invalid activity or repeated policy violations. Some examples include recurring manual clicks or impressions, violation of our content policies which can be found here, robots, automated click and impression generating tools, third-party services that generate clicks or impressions such as pay-to-click, pay-to-surf, autosurf, and click-exchange programs, or any deceptive software.”
There is no other explanation, contact or email from Admob regarding the reason. I don’t know what wasn’t right with my site that caused my account to be closed.
As I’ve said I’ve been with them long time and as a sane person I would never jeopardise income coming from Admob with fake clicks. The only thing I think of is possible some adult content on my site. My site is community site and it is almost impossible to moderate content fast enough. I’ve to rely on automated check and reports from other users.
This shows how valuable we publishers are to Admob and Google. They just dismiss you even though you have been loyal to them long time.
I felt sad, I shouldn’t. This is business and putting all of your eggs in one basket makes you vulnerable!
Take my advice and never ever rely on one company! One day they might stab you at the back!
Share your exprience if you had your Adsense / Admob publisher account was disabled. Tweet this post or your exprience!
RabbileGames said:
I have been publishing ads from Admob for few years now.
Although performance is not good as last year, when it comes to generating income, it still is the best mobile ad networks out there.
Not so best on other aspects of a healthy business relationship! Today they have closed my publisher account. When I try to login I get below message
“Your account has been disabled for invalid activity or repeated policy violations. Some examples include recurring manual clicks or impressions, violation of our content policies which can be found here, robots, automated click and impression generating tools, third-party services that generate clicks or impressions such as pay-to-click, pay-to-surf, autosurf, and click-exchange programs, or any deceptive software.”
There is no other explanation, contact or email from Admob regarding the reason. I don’t know what wasn’t right with my site that caused my account to be closed.
As I’ve said I’ve been with them long time and as a sane person I would never jeopardise income coming from Admob with fake clicks. The only thing I think of is possible some adult content on my site. My site is community site and it is almost impossible to moderate content fast enough. I’ve to rely on automated check and reports from other users.
This shows how valuable we publishers are to Admob and Google. They just dismiss you even though you have been loyal to them long time.
I felt sad, I shouldn’t. This is business and putting all of your eggs in one basket makes you vulnerable!
Take my advice and never ever rely on one company! One day they might stab you at the back!
Share your exprience if you had your Adsense / Admob publisher account was disabled. Tweet this post or your exprience!
Click to expand...
Click to collapse
They will eventually reply to your email if you send it to AdMob support. This is the explanation that I finally received:
Your account was disabled for violating AdMob's terms and conditions in a way that's treated as spam
Click to expand...
Click to collapse
I don't know what is Google's definition of spam but my application or anything related to it is definitely not spam.
At least they returned me advertising funds which I didn't spent. I'm now using notification ads from Leadbolt and was started to earn five more times than with Admob but now with this new Google content policy unfortunately it won't last too long
Can i use same publisher id for multiple app?
Sent from my GT-I9300 using xda premium
hisee said:
Can i use same publisher id for multiple app?
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
Yes
Sent from my LT18i using xda premium
Account Google developer
Hello
In my account I have 3 suspended apps, by miracle I'm still operational.
If I create a new account, like in your description, new pc, new credit card etc ...
1) I transfer only 5 apps, those where I earn more, and close the old account.
I would be clean again with zero suspension, correct?
2) In the passage of these apps, there is the danger that they find a problem and I close the account?
3) If they close the account, I also lose money from the payment of the previous month that should make me day 21?
Until the day 21 I'm not doing anything, not even an update, but as I understand if they check for any reason they can close the account, then wait for me to pay this month and then I try to create a new account, I transfer my app where I gain and close the old forever.
If I close the developer account, can I use the same admob account for the new developer account?
Thank you!
Yes, it is possible.
caoladder said:
Hello,
my AdMob account has been disabled since this morning however, I have a slight suggestion where I might have violated the policies. I have read too much negative opinions about this ad network, not to mention that I have only ONE opportunity to send them an appeal email. So not only have I lost about 500$ but I dont have any chance to reinstantiate my account either. Though I dont admit the violation, the possibility that I get my account back equals zero and I dont want to bother writing the e-mail. So my question: is it legal to set up a new admob acc with another existing gmail account with the same paypal address, same name etc? So I could create a new admob id for every app I have and replace the ids with the new ones. Is it proper? Or will they shut me down again? The only thing that I found related to this, that I will never able to use the shut down admob account again.
Thank you in advance!
Click to expand...
Click to collapse
Yes, you can create a new Admob account, but please ensure to resolve the policy violation or else the new account may also be blocked.
https://whispersystems.org/blog/cyanogen-integration/
The client logic is contained in a CyanogenMod system app called WhisperPush, which the system hands outgoing SMS messages to for optional delivery. The Cyanogen team runs their own TextSecure server for WhisperPush clients, which federates with the Open WhisperSystems TextSecure server, so that both clients can exchange messages with each-other seamlessly. All of the code involved throughout the entire stack is fully Open Source.
"All of the code involved throughout the entire stack is fully Open Source."
So any possibility of seeing this in omnirom?
SHAWDAH said:
https://whispersystems.org/blog/cyanogen-integration/
The client logic is contained in a CyanogenMod system app called WhisperPush, which the system hands outgoing SMS messages to for optional delivery. The Cyanogen team runs their own TextSecure server for WhisperPush clients, which federates with the Open WhisperSystems TextSecure server, so that both clients can exchange messages with each-other seamlessly. All of the code involved throughout the entire stack is fully Open Source.
"All of the code involved throughout the entire stack is fully Open Source."
So any possibility of seeing this in omnirom?
Click to expand...
Click to collapse
Hmm.
1) All of it would have to get reviewed for security. I know pulser has looked at some of CM's other solutions and found vulnerabilities.
2) Since it sounds like it needs some server infrastructure, it would take some time and planning before we could get it up and running.
TextSecure definitely looked interesting until seeing that it requires gapps.
wkwkwk said:
TextSecure definitely looked interesting until seeing that it requires gapps.
Click to expand...
Click to collapse
Yea its stupid, he partially justifies it here https://github.com/WhisperSystems/TextSecure/issues/127
He also said this
"If you want alternatives to things like GCM, you have to either build them or help the people that are. I would love to use a different push service, but they don't exist.
Likewise, if we want an alternative to Play, we have to build it. What exists now (f-droid) has a centralized trust model, so we're building something else."
Entropy512 said:
2) Since it sounds like it needs some server infrastructure, it would take some time and planning before we could get it up and running.
Click to expand...
Click to collapse
For whatever it is worth, Moxie Marlinspike has said that Open WhisperSystems has a TextSecure server that they will let other ROMs use. Sadly I am unable to link, but /r/Android/comments/1shejv/as_of_today_cyanogenmod_is_integrating/cdxlnck should give you the info and context you're after. I hope that helps alleviate some concerns, or at least makes this somewhat more doable--I would love to see this adopted much more widely!
I just wish they could add return receipt functionality, and fall back to SMS if data delivery doesn't provide one in a reasonable time frame.
palpitations said:
For whatever it is worth, Moxie Marlinspike has said that Open WhisperSystems has a TextSecure server that they will let other ROMs use. Sadly I am unable to link, but /r/Android/comments/1shejv/as_of_today_cyanogenmod_is_integrating/cdxlnck should give you the info and context you're after. I hope that helps alleviate some concerns, or at least makes this somewhat more doable--I would love to see this adopted much more widely!
I just wish they could add return receipt functionality, and fall back to SMS if data delivery doesn't provide one in a reasonable time frame.
Click to expand...
Click to collapse
Ok, that's useful.
I'll let pulser do final judgement on this. He's our resident tinfoilhatter.
I got myself a tinfoil wide-brim to match my duster...
I'll have to get a 4.4 capable phone in the future so I can get OMni.
Entropy512 said:
Ok, that's useful.
I'll let pulser do final judgement on this. He's our resident tinfoilhatter.
Click to expand...
Click to collapse
Resident tinfoil hat responding to duty...
The issue I've seen with this system (and I must say, it is good that work is done on this, and I commend that it has been done) is the implementation.
Once again, a solution has been made, which is smart, has good features, but is crippled in the security area, due to making things "easy to use".
The specific issue is that, from what I can see, at least right now, there is no way to tell if a message is going to be sent encrypted or unencrypted. It's no good knowing AFTER the fact - you need to know before it is sent how it will be sent.
Additionally, if you are using encryption, from what I can see, the message is actually sent over the internet. This means there is a central repository of users stored on a server somewhere. That is centralisation, centralisation is bad... As I raised back at the time, there are side-information risks.
While the new implementation may well eliminate some of these, I am not convinced this system provides the level of anonymity that some may desire. My worry is that since the original idea was conceived, where a user's phone number being available to CM was not seen as a concern, that any solution has been architected without considering every aspect of security.
Securing correspondence via SMS would be very nice to have done properly. But this is simply a "hook", that takes what you *think* is an SMS, and sends it over the internet. There are plenty of people in the world (particularly developing nations), where they have poor, or limited, access to the internet. SMS can be a lifeline for them.
There are also many places (some incredibly large), which regularly and routinely block internet services they disagree with (not at all looking at China here...) - it is important that any system works worldwide, and is resistent to easy "blocking".
I would personally prefer to see the actual messages sent over SMS... That means if you have no internet connection, you can still send the SMS. And you can do so ENCRYPTED, rather than unencrypted.
At the end of the day though, until you can tell 100% whether something will be sent encrypted or unencrypted, you can't trust a system. The server operator may also gain useful metadata in this case (though not ideal, your carrier already gets metadata for SMS).
Tl;dr, it looks nice, but we need to look at everything here, and consider that not everyone has internet access all the time. After key-exchange is complete (I would like offline key exchange via NFC and QRcode (on the screen) as well, for in-person identity verification), we need to ensure that a user can securely communicate without internet connectivity.
Until then, this is just a smaller rival to iMessage. And hey, maybe that's a good thing... But for my money, it's not a secure SMS system...
Thoughts welcomed.
pulser_g2 said:
Resident tinfoil hat responding to duty...
The issue I've seen with this system (and I must say, it is good that work is done on this, and I commend that it has been done) is the implementation.
Click to expand...
Click to collapse
Great criticism Pulser but surely this system (even with its flaws) is better than traditional SMS, where everything you send and receive is logged by your carrier?
slashslashslash said:
Great criticism Pulser but surely this system (even with its flaws) is better than traditional SMS, where everything you send and receive is logged by your carrier?
Click to expand...
Click to collapse
The thing is, since everything is sent via the Internet, there are plenty of other existing ways to send encrypted messages over the Internet where *you can be sure the message is encrypted*.
Pulser touched on my initial concern (which I held off on voicing until he chipped in) - To determine whether to send a cleartext SMS or send the SMS via an Internet message, the app needs to know whether the recipient is "enabled" with this service. There are two ways to do this:
1) The sender explicitly configures the app to say that recipient Y is capable of receiving encrypted SMS
2) The app does some form of peer-to-peer negotiation
3) The app sends data associating your phone number with an account on another service to a centralized server. This appears to be what CM's solution is doing. Which is kind of silly - This is an app for extremely privacy-conscious people, that is enabling widespread data collection of mappings between a users' phone number and other accounts.
Stay away from this app and developer, who in my view, has been compromised. In the latest release (which I compiled about an hour ago), he removed the ability of the user to regenerate identity key. In the last couple of releases, the app would crash unless you allow it to use the internet. He also introduced Google Cloud Pushing services, which means that everyone who is using textsecure will be recorded in centralized Google/Nsa database. That is if you compiled the app from the source. If you download the app from the store, you wouldn't be able to use it at all without Google account and GSF. Having GSF defeats any encryption as every keystroke is recorded and regularly submitted Home (Google/NSA). Stay away and look for alternatives. I am checking Tinfoil sms app.
optimumpro said:
Stay away from this app and developer, who in my view, has been compromised. In the latest release (which I compiled about an hour ago), he removed the ability of the user to regenerate identity key. In the last couple of releases, the app would crash unless you allow it to use the internet. He also introduced Google Cloud Pushing services, which means that everyone who is using textsecure will be recorded in centralized Google/Nsa database. That is if you compiled the app from the source. If you download the app from the store, you wouldn't be able to use it at all without Google account and GSF. Having GSF defeats any encryption as every keystroke is recorded and regularly submitted Home (Google/NSA). Stay away and look for alternatives. I am checking Tinfoil sms app.
Click to expand...
Click to collapse
Stop spreading this your uninformed opinion everywhere.
I answered each and every one of your "arguments" in your original thread:
http://forum.xda-developers.com/showpost.php?p=51818980&postcount=10