TextSecure is an open source messaging app with strong security features
The past days have been filled with news about new email or text messaging service that promise better privacy and security than traditional email and messaging applications.
TextSecure ticks all the right boxes and offers features that most comparable solutions don't. First of all, it is completely open source which means that you can download and build the app from source, or audit the source to make sure it is secure and there is nothing fishy going on.
That's however not the only difference to applications such as WhatsApp. The newest version of the app uses end-to-end encryption that supports message-level forward secrecy and deniability guarantees.
What that means? It would go too far to go into details here, so only this much: instead of always using the same public key to encrypt data, peers in a conversation negotiate secrets that are used instead. These are ephemeral, so that recording the traffic that is exchanged won't help listeners compromise the data in the future.
Deniability on the other hand means that recipients can verify that a message was sent from a particular contact, but that they cannot prove that to anyone else.
Protection does not end here though. All messages that are sent or received with TextSecure are stored in an encrypted database.
The application uses a mixed mode of operation by default. What this means is that it will use end-to-end encryption automatically if sender and recipient are using the TextSecure app.
If the recipient does not, a push message is sent instead, but only if you have verified your phone number at one point in time. Push messages offer better privacy and you are not billed for sending those messages. If push is not available for whatever reason, the app falls back to standard SMS instead.
This can be disabled in the options, so that only end-to-end encryption is used and nothing else.
The messaging application supports one on one conversations, and group chats which use the same level of encryption.
Secure messages are indicated by a padlock icon in the conversation window. Here you can also distinguish easily between secure messages that you have sent -- padlock icon again -- and regular messages that show a message icon instead.
It is furthermore possible to verify keys while you are in a secure conversation. Just select Secure Session Options > Verify Recipient Identity to do so. If you are in the same physical location, you can use QR code scanning to speed up the verification process.
The first time you run TextSecure you are asked to create a password. This password is used to encrypt all secret information, and it is recommended to select a strong one here. You can configure the app to remember the password for as long as it is running, or only for a select period of time. This password cannot be recovered if it is lost.
The password is also used to encrypt all text messages on the local device. The only message part that is not encrypted is the destination information.
Messages can be backed up and imported on another device, and also quickly deleted if you so desire.
TextSecure Private Messenger is already available for Android devices, while a compatible iOS version will be released in the near future.
Closing Words
TextSecure ticks all the right boxes. It is open source and thus fully verifiable. It offers end-to-end encryption, encrypts all messages, uses advanced encryption and security concepts for improved privacy and security, and can fall back to regular messaging if that is desired.
While it is currently only available for Android, it will soon be available for iOS devices and desktop systems.
Advertisement
Thanks for the tip Martin.
It is for these kinds of posts that I follow GHacks.
What’s up with the generic comment, are you a bot?
2G?
Where on the planet is that still in use? I was forced to give up using my RAZRV3 years ago because 2G was phased out by AT&T.
Everywhere 3G has been turned off and you don’t have LTE coverage, and believe me there are many developed countries where this is the case and if it weren’t for 2G you wouldn’t even be able to make a phone call.
Maybe I missed it, but I don’t believe tha term “2G” is in the article. Perhaps you are referring to “AGM G2”??
@Martin
Your website has gone insane.
When I the post button I then saw my comment posted on a different article page. When I opened this article again, it is here.
@Tachy @Martin Brinkmann
” Your website has gone insane. ”
Same here. Has happened several times.
@Tachy,
@Martin P.,
For over two weeks now,
I’ve been seeing “Comments” posted by subscribers appearing in different, unrelated articles.
https://www.ghacks.net/windows-11-update-stuck-fixed-for-good/#comment-4572991
https://www.ghacks.net/windows-11-update-stuck-fixed-for-good/#comment-4572951
For the time being,
it would be better to specify the “article name and URL” at the beginning of the post.
@tachy a lot of non-phone devices with a sim in them rely on 2G, at least here in europe.
Usually things reporting usage or errors/alarms on something remote that does not get day to day inspection in person. They are out there in vast numbers doing important work. Reliable, good range. The low datarate is no problem at all in those cases.
3G is gone or on its last legs everywhere, but this stuff still has too much use to cancel.
Anyhow, interesting that they would put that in. I can see the point if you suspect a hostile 2G environment (amateur eavesdroppers with laptop, ranging up to professional grade MITM fake towers while “strangely” not getting the stronger crypto voip 4G because it is being jammed, and back down to something as old ‘stingray’ devices fallen into the wrong hands).
But does this also mean that they have handled and rolled out a fix for that nasty 4G ‘pwn by broadcast’ problem you reported earlier this year? I had 4G disabled due to that, on the off chance that some of the local criminals would buy some cheap chinese gear, download a working exploit and probe every phone in range all over town in the hope of getting into phones of the police.
>”While most may never be attacked in stingrays, it is still recommended to disable 2G cellular connections, especially since it does not have any downsides.”
The downside would be losing connectivity. I spend a lot of time way out in the countryside where there’s often no service or almost none. My network allows 2G, and I need it sometimes. I have an option on the phone to disable 2G, I may do that when I’m in the city and I have good 5G connectivity, but not out in the country.
I would imagine that the stingray exploits, like most of the bad things in this world, are probably things you will run into in the crowded big cities.
I stopped using it in a mobile (Wi-Fi line) environment, so I’m almost ignorant of the actual situation,
But the recent reality in Japan makes me realize that “the infrastructure of the web is nothing more than a papier-mâché fiction”.
https://www.ghacks.net/2023/08/17/google-chrome-to-enable-https-first-by-default-for-all-users/#comment-4572402
It is already beyond the scope of what an individual can do.
What we should be aware of is the reality that “governments and those in power want to control the world through the Web”, and efforts to counter (resist and prevent) such ambitions are necessary.
Why do you want people to disable the privacy features? Hmmmmm?
Now You: do you plan to keep the Ads privacy features enabled?
I’d like to tell you, but apparently if you make a post critical of Google, you get censored. * [Editor: removed, just try to bring your opinion across without attacking anyone]
@Martin
You website is still psychotic. Comments attach to random stories.
@Martin please do fix the comments, it’s completely insane commenting here! :[
@Martin
The comments are seriously messed up on gHacks now. These comments are mixed with the article at the below URL.
https://www.ghacks.net/2023/08/18/android-how-to-disable-2g-cellular-connections-to-improve-security/
And comments on other articles are from as far back as 2010.
What does this article has anything to do with all the comments on this article? LOL I think this Websuite is ran by ChatGPT. every article is messed up. Some older comments from 2015 shown up in recant articles, LOL
The picture captioned “Clearing the Android Auto’s cache might resolve the issue” is from Apple Carplay ;)
How about other things that matter:
Drop survival?
Screen toughness?
Degree of water and dust protection?