Franz messaging app
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system.Have you not seen my thread on texting Nearly everyone.
that's not the same thing at all - but I do recall that discussion. It's NOT that someone demanded a phone number based app, it's that people demanded to the the native app that's on every phone in the US - there's a huge difference.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
Only true in a meaningless way. It might stop at any time (as I pointed out has happened) and only works until the phone does something else. The phone number owns the account, the PC only gets it until something happens. It's like cached creds that someone else can revoke anytime.
I will grant you these things about how the account can become borked.
-
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
-
@scottalanmiller said in Franz messaging app:
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
No I'm not - if anyone is, it's you claiming that I am. I fully understand that there is no security, I'll scroll this thread is see if I actually said that Telegram is secure...
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system.Have you not seen my thread on texting Nearly everyone.
that's not the same thing at all - but I do recall that discussion. It's NOT that someone demanded a phone number based app, it's that people demanded to the the native app that's on every phone in the US - there's a huge difference.
It's kind of the same. They made a demand that only had one answer. If you wanted to be tied to phone numbers, you could state it in that way knowing that that was the only possible answer. Things that use accounts that are something beyond phone numbers don't exist on every phone.
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
No I'm not - if anyone is, it's you claiming that I am. I fully understand that there is no security, I'll scroll this thread is see if I actually said that Telegram is secure...
If that is true, why would you bring up that you can get it to "keep working" before it gets hijacked? What was the relevance to that statement?
-
The one thing that I do like about Telegram (no, it's not a security feature) is the message you get when you sign up a new device.
IE: I installed it on my phone, and bam... It was happy. I said, "Oh, Windows version!" And installed it on my Windows. I got a Telegram message on my phone with a code to punch in on my Windows device.
Now I want it on my tablet... I get that same security message on my Phone and my Windows Desktop...
When somebody connects another device to your Telegram account, assuming you have at least one device that is still connected, you should know about it.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
No I'm not - if anyone is, it's you claiming that I am. I fully understand that there is no security, I'll scroll this thread is see if I actually said that Telegram is secure...
If that is true, why would you bring up that you can get it to "keep working" before it gets hijacked? What was the relevance to that statement?
to simply state that Telegram does not require a phone after the account is setup, that was all - nothing more, nothing less. I certainly did know when making that post that the phone number controller could do anything they want, because it was what gain one access to the account, but that doesn't mean it's still not functional.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
This is the statement that it stemmed from... the authentication is 100% on the phone. All of that "it keeps working" stuff is confusing because that's just a cache of this authentication. Whether the phone must be on or not doesn't matter, what matters is that the instant the phone number is compromised, the Telegram is, too.
-
Apparently now, you can set up a password for your Telegram account as well, so that no one will be able to add a new device to your account without the password as well as the PIN sent as a Telegram message.
(Settings -> Enable two step verification) -
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
No I'm not - if anyone is, it's you claiming that I am. I fully understand that there is no security, I'll scroll this thread is see if I actually said that Telegram is secure...
If that is true, why would you bring up that you can get it to "keep working" before it gets hijacked? What was the relevance to that statement?
to simply state that Telegram does not require a phone after the account is setup, that was all - nothing more, nothing less. I certainly did know when making that post that the phone number controller could do anything they want, because it was what gain one access to the account, but that doesn't mean it's still not functional.
It means it is not reliably functional. It might work for months, or for seconds. That's at the discretion of the phone.
-
@dafyre said in Franz messaging app:
Apparently now, you can set up a password for your Telegram account as well, so that no one will be able to add a new device to your account without the password as well as the PIN sent as a Telegram message.
(Settings -> Enable two step verification)At least they are moving in the right direction. But they are starting from a really stupid, flawed starting point.
-
Thanks, I didn't think I said it was secure.
-
@dafyre said in Franz messaging app:
Apparently now, you can set up a password for your Telegram account as well, so that no one will be able to add a new device to your account without the password as well as the PIN sent as a Telegram message.
(Settings -> Enable two step verification)Huh - well, as Scott said, until they remove the ability for the phone number alone to take over the account, it still doesn't have much if any real security.
-
Secure messaging score card from EFF
-
@Dashrender said in Franz messaging app:
@dafyre said in Franz messaging app:
Apparently now, you can set up a password for your Telegram account as well, so that no one will be able to add a new device to your account without the password as well as the PIN sent as a Telegram message.
(Settings -> Enable two step verification)Huh - well, as Scott said, until they remove the ability for the phone number alone to take over the account, it still doesn't have much if any real security.
With the Two-Step enabled, they cannot take over the account with just the phone number. They also have to have the Password that you set up to allow it.
-
@dafyre said in Franz messaging app:
@Dashrender said in Franz messaging app:
@dafyre said in Franz messaging app:
Apparently now, you can set up a password for your Telegram account as well, so that no one will be able to add a new device to your account without the password as well as the PIN sent as a Telegram message.
(Settings -> Enable two step verification)Huh - well, as Scott said, until they remove the ability for the phone number alone to take over the account, it still doesn't have much if any real security.
With the Two-Step enabled, they cannot take over the account with just the phone number. They also have to have the Password that you set up to allow it.
Interesting, so the account could be lost forever if you lose that password?
-
@Dashrender said in Franz messaging app:
@dafyre said in Franz messaging app:
@Dashrender said in Franz messaging app:
@dafyre said in Franz messaging app:
Apparently now, you can set up a password for your Telegram account as well, so that no one will be able to add a new device to your account without the password as well as the PIN sent as a Telegram message.
(Settings -> Enable two step verification)Huh - well, as Scott said, until they remove the ability for the phone number alone to take over the account, it still doesn't have much if any real security.
With the Two-Step enabled, they cannot take over the account with just the phone number. They also have to have the Password that you set up to allow it.
Interesting, so the account could be lost forever if you lose that password?
It links to an email address so you can go through recovery procedures. I'm testing it out now.
-
@Dashrender said in Franz messaging app:
@dafyre said in Franz messaging app:
@Dashrender said in Franz messaging app:
@dafyre said in Franz messaging app:
Apparently now, you can set up a password for your Telegram account as well, so that no one will be able to add a new device to your account without the password as well as the PIN sent as a Telegram message.
(Settings -> Enable two step verification)Huh - well, as Scott said, until they remove the ability for the phone number alone to take over the account, it still doesn't have much if any real security.
With the Two-Step enabled, they cannot take over the account with just the phone number. They also have to have the Password that you set up to allow it.
Interesting, so the account could be lost forever if you lose that password?
Yup, if you lose that OR lose the phone number. Which is "good" for security of access, bad for security of data.
-
Recovery seems to work.