I think he’s saying that it’s dangerous to think that your messages are safe from being uploaded to other companies because even if your device protects you, the people that you message might be using devices that do not.
Ideally then you’d limit the amount of SMS messages you send at all, and use a secure messenger like Riot.im.
There is no such thing as 100% security and privacy but we should strive to achieve the best security and privacy that we can.
I'd bet he's implicitly expressing his concerns about SMS's vulnerabilities in terms of security, especially compared to other, more secure alternatives.
I don't think that's true? There are clearly users who are annoyed at being able to send insecure and possibly expensive SMS messages in their secure messaging app.
No. Send me an email, let me upload my ID, anything but SMS. SMS is completely insecure. Not only can it be passively sniffed along the way, not only can malicious actors intercept it without access, not only can pretty much any employee at my telco access it, not only can pretty much any employee at my telco get tricked into intercepting it, but by default (and therefore for the vast majority of users), it'll show up while the phone is locked!
>You would really trust any third party to intercept your sms messages?
Not OP but I trust Thunderbird on my PC to access my emails so why I could not also trust a Mozilla or other trustworthy company to access my messages on my phone where in my case the SMS is used by companies to send me notifications about billing , I am the type of person that will call someone(people in my group don't send SMS)
For everyone except the user who now has no privacy, is trivially hacked by SMS interception, can’t create multiple accounts (e.g., to segregate their activities on a chat platform), ... .
> Neither can tablets or computers normally send SMS messages
TextSecure is android-only, so I fail to see how this is an issue.
Also, (please, correct me if I'm wrong), they also require that you have an SMS-capable line to use it, so I fail to see how that limitation would matter.
I am not sure I follow your argument. If you are using it for private (ie encrypted) chats then you should not be using it for SMS... I think they have a good point when they say that having SMS there tricks less tech savvy people into think that those messages are secure as well when they are not.
That's an interesting point. Maybe an unlisted burner that you don't use for anything else could be your SMS backup number. At least that adds one small layer of security.
It's like being in an episode of The Wire just to stay semi-secure online ;-).
> We take seriously the security of any information stored on our servers and take all reasonable precautions to protect this information.
All reasonable precautions?
What's that supposed to mean?
You got internal policies in place that not all engineers are able to access these messages according to their contract?
This type of data should be e2e encrypted, pushbullet shouldn't even be able to decrypt it and messages should disappear from pushbullet servers as soon as the message is pushed to all devices.
I've been using pushbullet for years but now I'm considering disabling the sms sync feature, the privacy policy looks really shady and Google has all the right to call it out.
Ideally then you’d limit the amount of SMS messages you send at all, and use a secure messenger like Riot.im.
There is no such thing as 100% security and privacy but we should strive to achieve the best security and privacy that we can.
reply