Franz messaging app
-
@Dashrender said in Franz messaging app:
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
You can get control of anyone's Telegram if you control their phone number.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
Exactly. Hijack their phone number or their phone or their phone carrier (the last one is a lot harder) and you own their Telegram. It's not secure "to the person" it's semi-secure "to the number." A telephone number is not an identifier of a person, or even a device. It's an alias to a device, and can be controlled very separately from the device. You can't have security and phone numbers tied together - they are fundamentally incompatible.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
You can get control of anyone's Telegram if you control their phone number.
of course you can. and you can get control of anyone's account for anything if you have the thing used for credentials. typically just a username and password.
Your argument has no merit with only that criteria. it is trivial to get control of many forms of authentication.
-
Examples of ways to get Telegram control when you secure the phone device....
- Man in the middle cell phone intercept. This is far easier than you think and I know places that do it (and they do it to companies like Xerox and GE, so YOU are not immune and it does not require government clearance or anything.)
- Pull a SIM card out of a secured phone. It only takes a minute to control a Telegram account. YOu can get access before the person can shut off the phone number. And shutting it off is the only real answer - causing them to lose it forever, too.
-
@JaredBusch said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
You can get control of anyone's Telegram if you control their phone number.
of course you can. and you can get control of anyone's account for anything if you have the thing used for credentials. typically just a username and password.
Your argument has no merit with only that criteria. it is trivial to get control of many forms of authentication.
A telephone number is not authentication really, though. It's only an identifier. It's like getting control of someone's domain credentials when all you need is the username, not the password. The telephone number is not private or secret, it's public. So there is no authentication at all, in reality. It's not like a weak password situation.
-
@scottalanmiller said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@BRRABill said in Franz messaging app:
@JaredBusch said in Franz messaging app:
Someone mentioned this app here a while back and I tried it out.
Did not really like it. I should give it another try.
I liked the concept, but it missing AIM was a deal breaker for me. Still have a lot of friends/contacts on AIM.
eww, wtf.. down vote...
Not my choice. I've converted everyone I can to Telegram. It's really just a few stragglers I need to talk with.
They have SMS, but I'm hate typing long messages/conversations
on my phone.Same here, I've converted most.
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
-
But a lot of that implies physical access.
That's like saying you can overcome 2FA if you can just get access to the person's phone or 2FA authenticator.
-
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
-
@scottalanmiller said in Franz messaging app:
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
So what was the reason for the switch from Whatsapp to Telegram?
-
@BRRABill said in Franz messaging app:
But a lot of that implies physical access.
Physical access is the low hanging fruit. NO need for something harder since the easiest path is so accessible.
-
@Ambarishrh said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Ambarishrh said in Franz messaging app:
Bit confused, the discussion is now how Telegram and such are not secure and yet i can see that you've converted all to Telegram! Am i understanding this right?
You are making a big assumption... that we are doing it for security reasons. That's the mistake.
So what was the reason for the switch from Whatsapp to Telegram?
Ease of use. WhatsApp lacks or lacked desktop integration making it so awful that I would not use it. I use Telegram from my desktop. Why anyone wants something tied to their phone numbers I have no idea. But so many people that I talk to demand that weird device-centric communications like this be done that I had to do something to not be tied down to SMS like they wanted me to be. Telegram is the best of a bad set of ideas.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Because the PC ties to your phone.
If I got your SIM card, even if your phone is destroyed, I get your Telegram and you lose it. It's that simple.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
I've had my PC lock out because my phone was off once, too. They might have removed that, but it at least used to check in from time to time (maybe when the app updates?)
-
@JaredBusch that's true, if I only had one install remaining, and I lost that install, I would not be able to regain access without the phone, but I never claimed I could either.
-
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
-
@Dashrender said in Franz messaging app:
@JaredBusch that's true, if I only had one install remaining, and I lost that install, I would not be able to regain access without the phone, but I never claimed I could either.
But you implied it. If you knew that this was true, you'd know why owning the phone owns your account.
-
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system. -
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.