Franz messaging app
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
-
@JaredBusch said in Franz messaging app:
@Ambarishrh said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
Someone mentioned this app here a while back and I tried it out.
Did not really like it. I should give it another try.
I liked the concept, but it missing AIM was a deal breaker for me. Still have a lot of friends/contacts on AIM.
eww, wtf.. down vote...
Not my choice. I've converted everyone I can to Telegram. It's really just a few stragglers I need to talk with.
They have SMS, but I'm hate typing long messages/conversations
on my phone.Same here, I've converted most.
I remember reading an article about Telegram security!
http://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
That article is misleading on a number of points. I recall reading it a couple months ago.
It had some good points on the encryption algorithm and something else. bit some otherpoints were simple user choice settings. and not understanding that pubic chat groups cannot be private because it has to have stuff on a server. duh.
A full on public chat has to have stuff on a server, sure, but group chat doesn't require that, at least nothing has to be in plain text.
-
@Ambarishrh said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
Someone mentioned this app here a while back and I tried it out.
Did not really like it. I should give it another try.
I liked the concept, but it missing AIM was a deal breaker for me. Still have a lot of friends/contacts on AIM.
eww, wtf.. down vote...
Not my choice. I've converted everyone I can to Telegram. It's really just a few stragglers I need to talk with.
They have SMS, but I'm hate typing long messages/conversations
on my phone.Same here, I've converted most.
I remember reading an article about Telegram security!
http://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
It's using a telephone number, it's not a secure app, period. Anyone using it as such when it's tied to a phone number is delusional.
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
-
@Dashrender said in Franz messaging app:
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
You can get control of anyone's Telegram if you control their phone number.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
Exactly. Hijack their phone number or their phone or their phone carrier (the last one is a lot harder) and you own their Telegram. It's not secure "to the person" it's semi-secure "to the number." A telephone number is not an identifier of a person, or even a device. It's an alias to a device, and can be controlled very separately from the device. You can't have security and phone numbers tied together - they are fundamentally incompatible.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
You can get control of anyone's Telegram if you control their phone number.
of course you can. and you can get control of anyone's account for anything if you have the thing used for credentials. typically just a username and password.
Your argument has no merit with only that criteria. it is trivial to get control of many forms of authentication.
-
Examples of ways to get Telegram control when you secure the phone device....
- Man in the middle cell phone intercept. This is far easier than you think and I know places that do it (and they do it to companies like Xerox and GE, so YOU are not immune and it does not require government clearance or anything.)
- Pull a SIM card out of a secured phone. It only takes a minute to control a Telegram account. YOu can get access before the person can shut off the phone number. And shutting it off is the only real answer - causing them to lose it forever, too.
-
@JaredBusch said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
You can get control of anyone's Telegram if you control their phone number.
of course you can. and you can get control of anyone's account for anything if you have the thing used for credentials. typically just a username and password.
Your argument has no merit with only that criteria. it is trivial to get control of many forms of authentication.
A telephone number is not authentication really, though. It's only an identifier. It's like getting control of someone's domain credentials when all you need is the username, not the password. The telephone number is not private or secret, it's public. So there is no authentication at all, in reality. It's not like a weak password situation.
-
@scottalanmiller said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
Someone mentioned this app here a while back and I tried it out.
Did not really like it. I should give it another try.
I liked the concept, but it missing AIM was a deal breaker for me. Still have a lot of friends/contacts on AIM.
eww, wtf.. down vote...
Not my choice. I've converted everyone I can to Telegram. It's really just a few stragglers I need to talk with.
They have SMS, but I'm hate typing long messages/conversations
on my phone.Same here, I've converted most.
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
-
But a lot of that implies physical access.
That's like saying you can overcome 2FA if you can just get access to the person's phone or 2FA authenticator.
-
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
-
@scottalanmiller said in Franz messaging app:
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
So what was the reason for the switch from Whatsapp to Telegram?
-
@BRRABill said in Franz messaging app:
But a lot of that implies physical access.
Physical access is the low hanging fruit. NO need for something harder since the easiest path is so accessible.
-
@Ambarishrh said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
So what was the reason for the switch from Whatsapp to Telegram?
Ease of use. WhatsApp lacks or lacked desktop integration making it so awful that I would not use it. I use Telegram from my desktop. Why anyone wants something tied to their phone numbers I have no idea. But so many people that I talk to demand that weird device-centric communications like this be done that I had to do something to not be tied down to SMS like they wanted me to be. Telegram is the best of a bad set of ideas.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Because the PC ties to your phone.
If I got your SIM card, even if your phone is destroyed, I get your Telegram and you lose it. It's that simple.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
I've had my PC lock out because my phone was off once, too. They might have removed that, but it at least used to check in from time to time (maybe when the app updates?)
-
@JaredBusch that's true, if I only had one install remaining, and I lost that install, I would not be able to regain access without the phone, but I never claimed I could either.