ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Signal Group Chat

    Water Closet
    9
    84
    1859
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bigbear
      bigbear last edited by bigbear

      If anyone has Signal or wants to install it, feel free to invite me and I will add everyone to a group chat, that way everyone can find each other without sharing their phone numbers.

      EDIT: Signal Group Chat sucks compared to Telegram Group Chat. No comparison so join Telegram and feel free to add me (937) 281-8000

      1 Reply Last reply Reply Quote 0
      • Mike Davis
        Mike Davis last edited by

        I officially feel like the middle aged guy that doesn't know all the latest apps the kids are using. Is this from signal.org?

        NerdyDad bigbear 2 Replies Last reply Reply Quote 0
        • NerdyDad
          NerdyDad @Mike Davis last edited by

          @mike-davis said in Signal Group Chat:

          I officially feel like the middle aged guy that doesn't know all the latest apps the kids are using. Is this from signal.org?

          That's the one.

          1 Reply Last reply Reply Quote 0
          • bigbear
            bigbear @Mike Davis last edited by bigbear

            @mike-davis said in Signal Group Chat:

            I officially feel like the middle aged guy that doesn't know all the latest apps the kids are using. Is this from signal.org?

            Correct. Just out of complete coincidence, I started Signal.org originally and it’s entirely a separate project. Last summer (2016) Open Whisper Systems bought Signal.org and rights to the mark.

            So I am not affiliated with Signal.org today. You can read about the original project here...

            https://www.theverge.com/2014/3/24/5542504/building-a-cell-network-for-the-zombie-apocalypse

            1 Reply Last reply Reply Quote 0
            • Dashrender
              Dashrender last edited by

              Not thrilled they are bootstrapping connections via phone numbers!

              As scott has mentioned before.. phone numbers are entirely to easy to spoof, they can change because of moves or any reason (granted number mobility has reduced this a lot).

              I would have much rather seen this use email addresses.

              stacksofplates 1 Reply Last reply Reply Quote 1
              • stacksofplates
                stacksofplates @Dashrender last edited by

                @dashrender said in Signal Group Chat:

                Not thrilled they are bootstrapping connections via phone numbers!

                As scott has mentioned before.. phone numbers are entirely to easy to spoof, they can change because of moves or any reason (granted number mobility has reduced this a lot).

                I would have much rather seen this use email addresses.

                Email addresses are just as easy to “spoof”. I don’t see a difference in that area.

                Dashrender 1 Reply Last reply Reply Quote 0
                • Dashrender
                  Dashrender @stacksofplates last edited by

                  @stacksofplates said in Signal Group Chat:

                  @dashrender said in Signal Group Chat:

                  Not thrilled they are bootstrapping connections via phone numbers!

                  As scott has mentioned before.. phone numbers are entirely to easy to spoof, they can change because of moves or any reason (granted number mobility has reduced this a lot).

                  I would have much rather seen this use email addresses.

                  Email addresses are just as easy to “spoof”. I don’t see a difference in that area.

                  eh? How do you spoof an email? unless you have the credentials for the email account, you can't gain access to that. But the phone system has shown how easily SS7 can be broken to intercept phone calls and text messages intended for the true person, but instead come to an attacker. That's why 2FA should not use SMS messages as a factor.

                  JaredBusch stacksofplates 2 Replies Last reply Reply Quote 0
                  • JaredBusch
                    JaredBusch @Dashrender last edited by

                    @dashrender said in Signal Group Chat:

                    @stacksofplates said in Signal Group Chat:

                    @dashrender said in Signal Group Chat:

                    Not thrilled they are bootstrapping connections via phone numbers!

                    As scott has mentioned before.. phone numbers are entirely to easy to spoof, they can change because of moves or any reason (granted number mobility has reduced this a lot).

                    I would have much rather seen this use email addresses.

                    Email addresses are just as easy to “spoof”. I don’t see a difference in that area.

                    eh? How do you spoof an email? unless you have the credentials for the email account, you can't gain access to that. But the phone system has shown how easily SS7 can be broken to intercept phone calls and text messages intended for the true person, but instead come to an attacker. That's why 2FA should not use SMS messages as a factor.

                    Did you serious just say that?

                    1 Reply Last reply Reply Quote 0
                    • Dashrender
                      Dashrender last edited by Dashrender

                      Hey, If I'm misunderstanding something, please correct me. Though I will toss in, if email is flying in the clear, then it would be possible for someone to intercept it, and all the folly that goes with it.

                      JaredBusch stacksofplates 2 Replies Last reply Reply Quote 0
                      • stacksofplates
                        stacksofplates @Dashrender last edited by

                        @dashrender said in Signal Group Chat:

                        @stacksofplates said in Signal Group Chat:

                        @dashrender said in Signal Group Chat:

                        Not thrilled they are bootstrapping connections via phone numbers!

                        As scott has mentioned before.. phone numbers are entirely to easy to spoof, they can change because of moves or any reason (granted number mobility has reduced this a lot).

                        I would have much rather seen this use email addresses.

                        Email addresses are just as easy to “spoof”. I don’t see a difference in that area.

                        eh? How do you spoof an email? unless you have the credentials for the email account, you can't gain access to that. But the phone system has shown how easily SS7 can be broken to intercept phone calls and text messages intended for the true person, but instead come to an attacker. That's why 2FA should not use SMS messages as a factor.

                        Sure if you're not using VoIP. However I'd argue that the work it takes to leverage that is the same amount of work it takes to gain access to an email address. It also prevents things like generic bots from creating accounts.

                        scottalanmiller 1 Reply Last reply Reply Quote 0
                        • JaredBusch
                          JaredBusch @Dashrender last edited by JaredBusch

                          @dashrender said in Signal Group Chat:

                          Hey, If I'm misunderstanding something, please correct me.

                          Exactly how hard is to to get someone’s email account versus hacking the phone network?

                          Dashrender 1 Reply Last reply Reply Quote 0
                          • Dashrender
                            Dashrender @JaredBusch last edited by

                            @jaredbusch said in Signal Group Chat:

                            @dashrender said in Signal Group Chat:

                            Hey, If I'm misunderstanding something, please correct me.

                            Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                            I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                            stacksofplates 1 Reply Last reply Reply Quote 0
                            • stacksofplates
                              stacksofplates @Dashrender last edited by

                              @dashrender said in Signal Group Chat:

                              Hey, If I'm misunderstanding something, please correct me. Though I will toss in, if email is flying in the clear, then it would be possible for someone to intercept it, and all the folly that goes with it.

                              You don't need to "intercept" anything. 1- those are one time codes. They would have to be able to register their app before you and you would notice that. 2 - all you have to do is convince the email provider you are the other person (which also works for phone but that was my point).

                              1 Reply Last reply Reply Quote 0
                              • stacksofplates
                                stacksofplates @Dashrender last edited by

                                @dashrender said in Signal Group Chat:

                                @jaredbusch said in Signal Group Chat:

                                @dashrender said in Signal Group Chat:

                                Hey, If I'm misunderstanding something, please correct me.

                                Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                                I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                                You can receive a phone call. It doesn't have to be SMS.

                                stacksofplates Dashrender 2 Replies Last reply Reply Quote 0
                                • stacksofplates
                                  stacksofplates @stacksofplates last edited by

                                  @stacksofplates said in Signal Group Chat:

                                  @dashrender said in Signal Group Chat:

                                  @jaredbusch said in Signal Group Chat:

                                  @dashrender said in Signal Group Chat:

                                  Hey, If I'm misunderstanding something, please correct me.

                                  Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                                  I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                                  You can receive a phone call. It doesn't have to be SMS.

                                  And again, that doesn't change the fact that it's a one time code. You would notice immediately if someone registered the code before you. What good does intercepting it do?

                                  Dashrender 1 Reply Last reply Reply Quote 0
                                  • Dashrender
                                    Dashrender @stacksofplates last edited by

                                    @stacksofplates said in Signal Group Chat:

                                    @dashrender said in Signal Group Chat:

                                    @jaredbusch said in Signal Group Chat:

                                    @dashrender said in Signal Group Chat:

                                    Hey, If I'm misunderstanding something, please correct me.

                                    Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                                    I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                                    You can receive a phone call. It doesn't have to be SMS.

                                    yeah yeah - you guys are saying that since this is a near real time setup, it's less of an issue... sure, there is that, but from a pure security situation, it's still not good.

                                    stacksofplates 1 Reply Last reply Reply Quote 0
                                    • Dashrender
                                      Dashrender @stacksofplates last edited by

                                      @stacksofplates said in Signal Group Chat:

                                      @stacksofplates said in Signal Group Chat:

                                      @dashrender said in Signal Group Chat:

                                      @jaredbusch said in Signal Group Chat:

                                      @dashrender said in Signal Group Chat:

                                      Hey, If I'm misunderstanding something, please correct me.

                                      Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                                      I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                                      You can receive a phone call. It doesn't have to be SMS.

                                      And again, that doesn't change the fact that it's a one time code. You would notice immediately if someone registered the code before you. What good does intercepting it do?

                                      would you? would a normal person? It seems like a normal person would say - huh, it's broke, fuck it.. I'll use something else.

                                      stacksofplates 1 Reply Last reply Reply Quote 0
                                      • stacksofplates
                                        stacksofplates @Dashrender last edited by

                                        @dashrender said in Signal Group Chat:

                                        @stacksofplates said in Signal Group Chat:

                                        @dashrender said in Signal Group Chat:

                                        @jaredbusch said in Signal Group Chat:

                                        @dashrender said in Signal Group Chat:

                                        Hey, If I'm misunderstanding something, please correct me.

                                        Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                                        I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                                        You can receive a phone call. It doesn't have to be SMS.

                                        yeah yeah - you guys are saying that since this is a near real time setup, it's less of an issue... sure, there is that, but from a pure security situation, it's still not good.

                                        I'm saying it's just as bad either way. Email accounts are attacked ALL of the time.

                                        Dashrender scottalanmiller 2 Replies Last reply Reply Quote 0
                                        • Dashrender
                                          Dashrender @stacksofplates last edited by

                                          @stacksofplates said in Signal Group Chat:

                                          @dashrender said in Signal Group Chat:

                                          @stacksofplates said in Signal Group Chat:

                                          @dashrender said in Signal Group Chat:

                                          @jaredbusch said in Signal Group Chat:

                                          @dashrender said in Signal Group Chat:

                                          Hey, If I'm misunderstanding something, please correct me.

                                          Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                                          I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                                          You can receive a phone call. It doesn't have to be SMS.

                                          yeah yeah - you guys are saying that since this is a near real time setup, it's less of an issue... sure, there is that, but from a pure security situation, it's still not good.

                                          I'm saying it's just as bad either way. Email accounts are attacked ALL of the time.

                                          But short of either a breach to the email hoster or figuring out the password, email is much more difficult to breach than the phone system (according to reports - I don't have first hand knowledge) for skilled hackers.

                                          stacksofplates 1 Reply Last reply Reply Quote 0
                                          • stacksofplates
                                            stacksofplates @Dashrender last edited by

                                            @dashrender said in Signal Group Chat:

                                            @stacksofplates said in Signal Group Chat:

                                            @stacksofplates said in Signal Group Chat:

                                            @dashrender said in Signal Group Chat:

                                            @jaredbusch said in Signal Group Chat:

                                            @dashrender said in Signal Group Chat:

                                            Hey, If I'm misunderstanding something, please correct me.

                                            Exactly how hard is to to get someone’s email Fred’s versus hacking the phone network?

                                            I couldn't tell you - but when NIST goes so far as to tell people to stop using SMS for 2FA, that tells you just how bad it must be.

                                            You can receive a phone call. It doesn't have to be SMS.

                                            And again, that doesn't change the fact that it's a one time code. You would notice immediately if someone registered the code before you. What good does intercepting it do?

                                            would you? would a normal person? It seems like a normal person would say - huh, it's broke, fuck it.. I'll use something else.

                                            So you've introduced this magical person that is using a chat app because of it's security, but would just not notice that the code they just received doesn't work.

                                            And if they get a message saying they've already used this code, that's a pretty dead giveaway.

                                            Dashrender 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post