back to article Marlinspike brings end-to-end crypto texts to iOS

Privacy bods can snub Cupertino's iMessage and instead encrypt their Apple iTexts using Moxie Marlinspike's Signal 2.0, released for iOS today. The latest version from the dreadlocked crypto fancier and Co will slap end-to-end encryption on text messages using the TextSecure protocol sent between Signal 2.0 clients. Encrypted …

  1. amanfromMars 1 Silver badge

    ????????

    Is anyone having trouble finding the app for free download on App Store?

    1. adnim Silver badge

      Re: ????????

      I don't do Apple

      does this help?

      https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8#

    2. Dazzz

      Re: ????????

      Nope

    3. Anonymous Coward
      Anonymous Coward

      Re: ????????

      I already had Signal installed, so I got the update first thing this morning. Its full title in the App Store is "Signal - Private Messenger" - look for a sky-blue icon with a speech-bubble inside. (ISTR some updated apps take a few hours to percolate through the system, so you may want to wait a little, just to make sure.)

  2. adnim Silver badge
    Big Brother

    So...

    how long before using this becomes illegal and Moxie is arrested for aiding terrorists?

    1. Tom Chiverton 1

      Re: So...

      It already is "information likely to be of use"

  3. Anonymous Coward
    Anonymous Coward

    Blimey

    This is actually almost enough to make me convert to iOS.

    Has there been any external verification on how the encryption has been implemented? (Or do we need to wait for Snowden II to announce that Moxie has been rubber hosed by the NSA into implementing backdoors galore?)

    1. Anonymous Coward
      Facepalm

      Re: Blimey

      Blimey indeed, you don't need to convert yourself to iOS, it will be available in other platforms as well...

    2. Richard Boyce

      re: wow!

      Signal is compatible with its siblings RedPhone and TextSecure on Android, and those two are about to be combined into one app. So, if you currently use Android, you're ready to go.

      The software is published, so there will be plenty of scrutiny of the security.

      .

      1. Anonymous Coward
        Anonymous Coward

        Re: re: wow!

        The software is published, so there will be plenty of scrutiny of the security.

        This is an assumption lots of people make but more than occasionally turns out to be incorrect.

        The option is there for everyone or anyone to scrutinise it - however people being people tend to assume someone else will do it.........

        (And before I get berated, I dont have the skills to do it myself anyway)

    3. DougS Silver badge

      Re: Blimey

      If end to end message encryption is enough to make you convert to iOS, you should convert. iMessage encrypts everything end to end using a key generated independently by the two devices. Apple cannot read the messages, and would have to redesign iMessage to do so.

      A few cavets, however... Obviously iMessage only works for communication with other iOS users, you would need some sort of app like this to communicate with Android/WP users and they would have to use the same app. Messages you send to iOS users that fall back to SMS for whatever reason are sent in the clear across the cell network. Pretty sure there's a way to disable SMS fallback though. Finally, if you sync your messages to iCloud I believe Apple could read them off the server, they aren't encrypted specific to your device/account so while they're encrypted in transit and on disk in iCloud, it is using keys Apple controls. If you backup using iTunes you can encrypt the backup on your local disk with a password you select, a bit less convenient but more secure.

      1. fpx
        Devil

        Re: Blimey

        "iMessage encrypts everything end to end using a key generated independently by the two devices. Apple cannot read the messages, and would have to redesign iMessage to do so."

        That's what you think. But in the absence for iMessage's source code, you must trust Apple that it doesn't leak the key to a third party or deliberately weakens it. And of course Apple has the option of slipping in a future upgrade with those features, personalized to a few persons of interest.

        If Signal is open source, you can (in theory) review the (current) code that it does not leak. Then they need a trusted build infrastructure so that everybody can (in theory) validate that the app that you download from the store is built from the source code that you've seen, and you can check (in theory) that each time you run the app, it hasn't been tampered with.

        As you can see, there's lot's of caveats. It's good to see that someone's trying.

  4. DougS Silver badge

    iMessage already encrypts end to end!

    The only value this brings to iOS users is the ability to end to end encryption when communicating with other users of this app who aren't iOS users.

    The "catch" with iMessage encryption is if you sync your Messages with iCloud, while they are encrypted in flight and at rest, as I understand it Apple could read the there because that process doesn't use your device key. I've remained an iCloud refusenik because I want the data stored on iCloud to be encrypted with a key I control and so far as I know that's still not the case. So I do my backups via iTunes as it is encrypted on disk with a key I control.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020