Is TextSecure only for SMS messages, or does it use the internet? I'm asking because of the need to send text messages abroad (at a reasonable price). Also, is there a desktop client for TextSecure? I would love something like WhatsApp -- but secure and with a desktop client.
XMPP + OTR will do what you want. I asked moxie the same question re the internet vs text, but he hasn't replied yet. As far as I'm aware it uses text for insecure stuff, and I think for initial key exchange to start the ratchet then uses the internet for secure messaging. Its quite user friendly. No desktop client, and the messages are of ephemeral so keep that in mind and see whether that's okay for your use case (it is for mine).
Sadly, it was probably too technical for most potential users to be swayed much by it.
We need focused talking points, e.g. the fact that the NSA and other governments vacuum up all your data, and that TextSecure represents the first step toward a future in which it's very difficult for governments to do that. Whereas with Telegram, it's just as easy for them to access your conversations as it is for them to bypass SSL. Governments can and will do so. That's what users are concerned about; that's what they care about. Telegram has no defense against that argument due to their protocol's inherent vulnerability to this form of attack. Therefore it's the single most important point for to stress to any potential user.
Yet it's getting lost in the noise. Actually, I haven't seen it mentioned very much at all. Someone should do a writeup calling attention to it.
I am selling fire-proof safes. These are designed to protect your documents and valuables from thieves and from fire and other events.
The normal way people set up tests is to put some documents and valuables in a box and actually try to break it (MythBusters style, bringing out cool machinery and trying different ways). For fire resistance, there is a rating system (https://en.wikipedia.org/wiki/Fire-resistance_rating) and a standard way to test.
The Telegram proposition is: we are going to place the safe in Fort Knox. If you can't break the safe that is in Fort Knox, then clearly our safe is secure.
The Article rebuttal: to break the safe, you have to break into Fort Knox. And for all intents and purposes that's not going to happen. You could have put a cardboard box and no one could tell the difference because of how you structured the test.
an article that succinctly conveys to potential users why Telegram is snakeoil and why TextSecure is the real deal
There is no way to convey this with better rhetoric because the proof is in the technical detail, the party that is wrong can just ramp theirs rhetoric up too. If you don't dig into that detail, it just becomes a he said/she said argument that no observers can judge on merit. Those discussion relies on the participants to be knowledgeable, and politely acknowledge when they're out of their depth technically or just plain wrong. But there is nothing to enforce that, see any Hacker News discussion about something that isn't web development or devops.
I used a simple substitution cipher. Please indicate, without guessing every combination, which one is correct. For convenience, the letters z,c,o,m are not substituted.
Talking down to people helps nobody. If I were a random potential user and read what you wrote, my reaction would not be polite, and I would probably feel polarized against your recommendation out of spite.
The problem isn't that potential users are lacking anything. It's that nobody on our side of the table has communicated clearly and succinctly. https://news.ycombinator.com/item?id=6941007
I'm not talking down, it's clear that the commenter hadn't understood the article. And there really is no shame in that.
Further, your linked comment seems to be exactly what they're complaining about - Textmate good, Telegram bad. It doesn't explain why and why turns out to be quite hard to explain succinctly.
With all respect, crypto (and broken crypto) is wrt difficult to explain in a user friendly way to a lay person without just ignoring the technical details. Once you do that, it really is just "fuck telegram use snapchat", which doesn't help anyone... I am going to give it a bash tomorrow to try and write the article you are after. Good technical writing practice :)
What makes the Article here not sufficient from your perspective?
Oh, wow, and people complain about Telegram team's attitude. Don't be so vulnerable, please. Take the critics easy.
As for the article, it's well written, but most of the points had been answered in Telegram FAQ or comments on HN. And yet they come up again and again. Not all, most.
>> Oh, wow, and people complain about Telegram team's attitude. Don't be so vulnerable, please. Take the critics easy.
I'm not sure what you mean by this as I'm not the author, so you haven't criticised anything I've said.
>> As for the article, it's well written, but most of the points had been answered in Telegram FAQ or comments on HN. And yet they come up again and again. Not all, most.
Not adequately, hence the well written deconstruction by the post author.
I'm going to echo what I've seen in another post - you appear to be a Telegram cheerleader with a brand new account, are you associated with them at all?
> I'm going to echo what I've seen in another post - you appear to be a Telegram cheerleader with a brand new account, are you associated with them at all?
Discussions on HN about Telegram were mentioned on several Russian sites (e.g. [1]). No wonder that some persons decided to pitch in.
I think Telegram "cheerleaders" are here because Telegram backer Pavel Durov (paveldurov on HN) is very well known in Russia. He is the founder of one of most popular social networks in Russia, vk.com. He is a (local?) celebrity and he has fans. Imagine Mark Zuckerberg backing Telegram.