Franz messaging app
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
-
@scottalanmiller said in Franz messaging app:
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
So what was the reason for the switch from Whatsapp to Telegram?
-
@BRRABill said in Franz messaging app:
But a lot of that implies physical access.
Physical access is the low hanging fruit. NO need for something harder since the easiest path is so accessible.
-
@Ambarishrh said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
So what was the reason for the switch from Whatsapp to Telegram?
Ease of use. WhatsApp lacks or lacked desktop integration making it so awful that I would not use it. I use Telegram from my desktop. Why anyone wants something tied to their phone numbers I have no idea. But so many people that I talk to demand that weird device-centric communications like this be done that I had to do something to not be tied down to SMS like they wanted me to be. Telegram is the best of a bad set of ideas.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Because the PC ties to your phone.
If I got your SIM card, even if your phone is destroyed, I get your Telegram and you lose it. It's that simple.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
I've had my PC lock out because my phone was off once, too. They might have removed that, but it at least used to check in from time to time (maybe when the app updates?)
-
@JaredBusch that's true, if I only had one install remaining, and I lost that install, I would not be able to regain access without the phone, but I never claimed I could either.
-
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
-
@Dashrender said in Franz messaging app:
@JaredBusch that's true, if I only had one install remaining, and I lost that install, I would not be able to regain access without the phone, but I never claimed I could either.
But you implied it. If you knew that this was true, you'd know why owning the phone owns your account.
-
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system. -
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
-
There is another Telegram problem that Americans often forget....
Lose your phone number for whatever reason (often because the phone was temporary or you didn't pay your bill) and whoever gets your phone number next becomes "you" to your Telegram friends. Instantly, automatically. Doesn't require hacking or effort. It can happen ON ACCIDENT.
-
@Dashrender said in Franz messaging app:
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system.Have you not seen my thread on texting Nearly everyone.
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
I did this while in Europe. My US SIM card was out of my phone most of that trip, yet telegram worked just fine, both on my phone (with a different number) and on my laptop.
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
Only true in a meaningless way. It might stop at any time (as I pointed out has happened) and only works until the phone does something else. The phone number owns the account, the PC only gets it until something happens. It's like cached creds that someone else can revoke anytime.
-
@Dashrender said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
I did this while in Europe. My US SIM card was out of my phone most of that trip, yet telegram worked just fine, both on my phone (with a different number) and on my laptop.
Again and again... not relevant.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system.Have you not seen my thread on texting Nearly everyone.
that's not the same thing at all - but I do recall that discussion. It's NOT that someone demanded a phone number based app, it's that people demanded to the the native app that's on every phone in the US - there's a huge difference.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
Only true in a meaningless way. It might stop at any time (as I pointed out has happened) and only works until the phone does something else. The phone number owns the account, the PC only gets it until something happens. It's like cached creds that someone else can revoke anytime.
I will grant you these things about how the account can become borked.
-
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.