Related
Source: pocketnow.com
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As Chuong reported earlier today, a handful of tech reviewers have gotten to spend a couple of weeks with a Windows Phone 7 prototype devices made by Samsung called the Taylor. Overall the sentiment towards Windows Phone 7 is positive: reviewers agree that the operating system is generally well thought out, that it performs very well (with nearly no lag when jumping around the operating system), and that it has the potential to be a true contender in the mobile platform space.
After digging through several of these reviews, it's clear that there are a handful of features still missing from Windows Phone 7, some of which will be addressed by the time the platform launches this fall, but many of which will not. Here's a list:
- No Twitter integration
- No copy and paste
- No third-party multitasking
- No Flash, Silverlight, or HTML5 support in the browser
- No dedicated YouTube application
- No robust document editing capabilities in Office
- No way to stop Facebook contacts from mixing with global contacts
- No global email inbox
- No threaded email
- No organization of the full program list (it's alphabetical)
- No way of knowing if a long press is available
- No universal search
Some of these aren't too big of a deal and are very specific to use case scenarios that not everyone will experience (like adding multiple email accounts to a phone, etc). But some of the big ones like the lack of multitasking and Twitter integration could provide a reason for potential buyers to go with another smartphone platform.
ATHiEST said:
- No way to stop Facebook contacts from mixing with global contacts
Click to expand...
Click to collapse
You can do it relatively easily if you don't use Facebook directly but via Live, I think.
My 2 cents:
- No Twitter integration
Stupid when Facebook is there
- No copy and paste
Discussed so many times yet still unbelievable.
- No third-party multitasking
May be in the future?
- No Flash, Silverlight, or HTML5 support in the browser
Very bad indeed.
- No dedicated YouTube application
Will be I believe.
- No robust document editing capabilities in Office
Crazy.
- No way to stop Facebook contacts from mixing with global contacts
That will be a really annoying thing. What if I DON'T have Facebook??!!
- No global email inbox
??
- No threaded email
I don't care.
- No organization of the full program list (it's alphabetical)
Again a stupid, strange step BACKWARDS
- No way of knowing if a long press is available
Hmmm....
- No universal search
Awesome :-(
To sum it up, well....
I have to touch it of course.
But comparing this to WM 6.5 I see the main change will be interface itself.
Regarding functionality - so many things missing as hell.
yup, W7 is looking like a bag of sh*t
ATHiEST said:
- No Twitter integration
Click to expand...
Click to collapse
There's already several Twitter apps for WP7 - The notification system allows seamlessly integration.
ATHiEST said:
- No copy and paste
Click to expand...
Click to collapse
Read the 2000 other threads on this -- c&p is pointless, and not needed. I'm tired of repeating the arguments in every bloody thread.
ATHiEST said:
- No third-party multitasking
Click to expand...
Click to collapse
Same as above.
ATHiEST said:
- No Flash, Silverlight, or HTML5 support in the browser
Click to expand...
Click to collapse
Wrong. No HTML5 support, mainly because it's still a draft.
ATHiEST said:
- No dedicated YouTube application
Click to expand...
Click to collapse
Write one, or let Google do that. I don't think Google would like Microsoft to write one for sure.
ATHiEST said:
- No robust document editing capabilities in Office
Click to expand...
Click to collapse
Invalid. Better Office integration than any other phone on the market.
ATHiEST said:
- No way to stop Facebook contacts from mixing with global contacts
Click to expand...
Click to collapse
Invalid, as there's no public phones out, you can't know this, thus it's a lie.
ATHiEST said:
- No global email inbox
Click to expand...
Click to collapse
Wrong
ATHiEST said:
- No threaded email
Click to expand...
Click to collapse
The email application ain't done yet, where's your proof?
ATHiEST said:
- No organization of the full program list (it's alphabetical)
Click to expand...
Click to collapse
Use the search-button
ATHiEST said:
- No way of knowing if a long press is available
Click to expand...
Click to collapse
Neither is on any other phone in the world.
ATHiEST said:
- No universal search
Click to expand...
Click to collapse
Uniform search-api and seach-button support for all applications. Universal makes little sense.
ATHiEST said:
Some of these aren't too big of a deal and are very specific to use case scenarios that not everyone will experience (like adding multiple email accounts to a phone, etc). But some of the big ones like the lack of multitasking and Twitter integration could provide a reason for potential buyers to go with another smartphone platform.
Click to expand...
Click to collapse
Multitasking is the LEAST important problem. When do you fools start realizing this?
And again, Twitter is just yet-another-application. Android and iPhone don't have Twitter support either, there's just 20 different Twitter apps for each platform.
@Windcape
As well as you have great valid points,
I must say that this of your sentence:
"c&p is pointless, and not needed. I'm tired of repeating the arguments in every bloody thread."
Where did you get that?!
It's a CRUICAL feature on any device.
Maybe you're this person who don't use it, maybe you never do
any serious stuff on your device, but why do you spread here such a false and pointlesss information?! It's the same as you'd say that a phone doesn't need a speaker.
It's the basic function, present on any mobile OS since 2000,
and also supported even by those who wanted to omit it and tell people they know better.
It's a BASIC function with any txt work, whether it's office, mail.
Man, how hard is it to get it? Or what false logic brought you to this senseless conclusion?
I hope you'll never be responsible for any serious development with such false statements.
No, it's not a crucial feature. The navigation-handlers allows for much better transitions than using c&p.
A smartphone is not a PC -- People use it differently, and copy&paste doesn't make sense. A lot of you might think it's easy to implement for text, and partially is (WP7 only supports Unicode, there's your first challenge), but for random objects (images, binary, etc.) it's a completely other story.
Instead of just repeating yet another "omg no copy&paste", then perhaps read some of the lengthy discussions about the subject, instead of believing in it in blind faith.
I would ask the relevant user groups, and have their reaction. Nerds who think they need c&p, but actually never use it, are not a relevant user group. Ask people who got a iPhone or Android if they uses copy&paste often, or if they missed it on previous versions of the iPhone. They'll probably say no.
Hell, where I need it most is in my browser, and Android's default browser have such terrible support, that it doesn't work anyway. I'd rather have a navigation-handler auto-converting emails to click-to-open-email-application links.
This argument is getting tiresome. Can we move on to something else? Like complaining about lack of socket APIs and SL4 support?
Windcape - some of those are legit. There is no way to downselect your FB friends, no threaded email, and no unified/global email inbox. See the many reviews for evidence. While it's not quite done, it's pretty darn close. They have to give the OEMs lead time in order to be able to manufacture devices with the RTM code on it.
But to the OP et al, see this post on WMPowerUsers which echos my sentiments very closely. Basically, calm down... take a deep breath.
Windcape said:
No, it's not a crucial feature. The navigation-handlers allows for much better transitions than using c&p.
A smartphone is not a PC -- People use it differently, and copy&paste doesn't make sense. A lot of you might think it's easy to implement for text, and partially is (WP7 only supports Unicode, there's your first challenge), but for random objects (images, binary, etc.) it's a completely other story.
Instead of just repeating yet another "omg no copy&paste", then perhaps read some of the lengthy discussions about the subject, instead of believing in it in blind faith.
I would ask the relevant user groups, and have their reaction. Nerds who think they need c&p, but actually never use it, are not a relevant user group. Ask people who got a iPhone or Android if they uses copy&paste often, or if they missed it on previous versions of the iPhone. They'll probably say no.
Hell, where I need it most is in my browser, and Android's default browser have such terrible support, that it doesn't work anyway. I'd rather have a navigation-handler auto-converting emails to click-to-open-email-application links.
This argument is getting tiresome. Can we move on to something else? Like complaining about lack of socket APIs and SL4 support?
Click to expand...
Click to collapse
Listen, are you reading with comprehension?!
Who gave you the right to call me nerd huh?
I think you're rather nerd who doesn't really speak on the topic.
Don't tell me or anybody else how we actually use our devices!
How do you know? Have we met?
You're incompetent troll, like somebody else stated in other thread.
Maybe go to other forums instead of telling complete lies here.
Also your sentence:
"I'd rather have a navigation-handler auto-converting emails to click-to-open-email-application links."
Has NOTHING to do with work on txt!
Please move away from here with your "maybe" and "probably".
If it's actually based on hands-on reviews, then I'll agree it might be considered a problem.
The thing is, half of the articles out there complaining about the phone, is basing it off data from Feburary/March, or unlocked emulators -- both I consider highly invalid.
And I'm calm, I'm just annoyed we got 50 threads with focus on multitasking and c&p, which is the most irrelevant problems there is from a developer perspective.
I find it much bigger issues that the phone only support Unicode, don't have socket APIs yet (because it runs SL2/SL3, and not SL4). And a few other things here and there which is vital to application development.
People keep nitpicking about the least important issues, which sadly removes focus from the important problems.
doministry said:
Listen, are you reading with comprehension?!
Who gave you the right to call me nerd huh?
Click to expand...
Click to collapse
We're posting on a forum for mobile hackers, that means we're nerds
doministry said:
Don't tell me or anybody else how we actually use our devices! How do you know? Have we met?
Click to expand...
Click to collapse
It's more likely that technical interested people focus on more technical features.
Most people who buy a iPhone 4 don't buy it because it can do copy&paste, but because it looks awesome, and have a fantastic screen (Retina Display).
doministry said:
"I'd rather have a navigation-handler auto-converting emails to click-to-open-email-application links."
Has NOTHING to do with work on txt!
Click to expand...
Click to collapse
It have everything to do with regular phone use. Copying links, email addresses and phone numbers.
The phone isn't meant to be a Blackberry replacement, or a notepad replacement for editing Excel spreadsheets on the run.
One last thing:
You can implement copy&paste internally in your application. It's just c&p data between applications that's not supported.
I guess that helps a lot for your office/spreadsheeting edition, no?
ATHiEST said:
- No Twitter integration
- No copy and paste
- No third-party multitasking
- No Flash, Silverlight, or HTML5 support in the browser
- No dedicated YouTube application
- No robust document editing capabilities in Office
- No way to stop Facebook contacts from mixing with global contacts
- No global email inbox
- No threaded email
- No organization of the full program list (it's alphabetical)
- No way of knowing if a long press is available
- No universal search
Click to expand...
Click to collapse
- Twitter will be back working with Windows Live soon. Twitter changed their APIs a month or two ago, and Microsoft need to update things to make it work again.
- Copy and Paste is coming in a future update
- Multitasking is also planned to be out in a future update
- Flash is coming in a few months after launch, Silverlight we don't know about
- We may see a YouTube app come from Google after launch, if not flash will work in the browser so that's all good
- As a start, the Office tools on Windows Phone 7 are good for basic editing, and collaboration. More features may come, but I do question if you need much more really, with such a small screen.
- We know when adding a Google account, you can choose to add all or only some of these options: Contacts, Calendar, Email. It is possible facebook integration can be done in the same way, but I don't use facebook, so I am not too fussed. However thanks to the Quick Jump List controls, you can click the letter in the blue box, and choose a letter to find your contact. Or even press the search button to find a contact.
- I actually prefer the idea of having a separation between my Live Mail and Outlook Email inboxes, and is a great way to maintain your work life balance if you are using the Phone for work, and personal uses. You do have a combined calendar, which does make sense, because you only have on schedule at a time
- Threaded mail, or conversation view, will be coming, you should know this as Outlook and Hotmail now support it.
- This one I agree with, I would like a button appear below the arrow on the left, to switch to flat list, category, favourites, or alphabetical sorting, using the Quick Jump Lists.
- Well, this is a trial and error thing, you don't get told when you have a right click menu available, there is no indicator, you just expect it and find it for yourself.
- If the Hub/App doesn't have internal search, the search button will pull up bing. In future dev tools, they will provide an API to override the search button as you can the back button presently. Patience, my friend, Patience!
Windcape said:
c&p is pointless, and not needed. I'm tired of repeating the arguments in every bloody thread.
Click to expand...
Click to collapse
Windcape said:
Write one, or let Google do that. I don't think Google would like Microsoft to write one for sure.
Click to expand...
Click to collapse
Actually, these two statements contradict each other somewhat. By far the two most often reasons for me to watch a video on Youtube are a) watching embedded videos on web sites and b) getting a link in an email. Now, pray tell, how am I going to watch those videos in a third party application in a sandboxed environment without a way to open a URL directly in this application or without an ability to copy and paste this URL there? Let's say on many web sites I can search for the video if it's properly named, but what about this link in an email? Am I supposed to memorize it and type into the app? Or maybe write it down on a piece of paper?
I would certainly prefer it if links to videos opened directly in this Youtube app (or better yet, a standalone flash/video/html5/whatever player), that would be a "smartlinking" scenario that I would prefer to c&p. But that's not available either. C&P may be a kludge, but in the less than perfect world we live in those are often needed.
Windcape said:
And again, Twitter is just yet-another-application. Android and iPhone don't have Twitter support either, there's just 20 different Twitter apps for each platform.
Click to expand...
Click to collapse
Now let's be consistent please. If we like the way data from multiple sources is integrated in WP7, a Twitter app isn't a perfect solution.
Twitter will be there though. It will be supported in Windows Live or separately. It's missing temporarily in the current version as Twitter changed their API or something like that.
@Windcape
Are you a tard??
a) I didn't write the review so stop quoting me as if I wrote the list and the trying to contradict me.
b) Dont need copy and paste? are you on crack? You must be because I can see endless list or reasons why its a MUST!
c) The review is NOT from a emulator its a HANDS ON review of a prototype phone!
Also people remember this isnt a list of what will NOT be in WP7, its basically a round up of features currently still not in WP7, OBVIOUSLY its not finished and will have more to come.
Either way I still think the OS looks like sh*t, But the flashaholic in me will still end up flashing it to my HD2 when/if its ported.
a) It's easier to quote you to respond to the points. Why is that a problem? Wasn't the whole point with quoting the important points of the article to turn them into a discussion?
b) No, and there's little reason to be rude.
c) O'rly
vangrieg said:
Now, pray tell, how am I going to watch those videos in a third party application in a sandboxed environment without a way to open a URL directly in this application
Click to expand...
Click to collapse
A 3rd party application will be able to register a navigation handler so you can open youtube links in a youtube application if necessary. Just like Skype plugin for PC browsers today.
vangrieg said:
but what about this link in an email? Am I supposed to memorize it and type into the app?
Click to expand...
Click to collapse
Navigation handlers will also apply to emails.
Basically you'll just have to click it. Much easier than copy, change application, paste, and activate it.
vangrieg said:
that would be a "smartlinking" scenario that I would prefer to c&p. But that's not available either.
Click to expand...
Click to collapse
Yes it is? That's how it's intended to be, and why Microsoft don't consider c&p a priority atm.
vangrieg said:
Now let's be consistent please. If we like the way data from multiple sources is integrated in WP7, a Twitter app isn't a perfect solution.
Twitter will be there though. It will be supported in Windows Live or separately. It's missing temporarily in the current version as Twitter changed their API or something like that.
Click to expand...
Click to collapse
Well, on the "other" mobile platforms Twitter is just yet-another-application. If Microsoft integrates it in Windows Live, it's just better than the others.
It's not a loss either way.
Windcape said:
A 3rd party application will be able to register a navigation handler so you can open youtube links in a youtube application if necessary. Just like Skype plugin for PC browsers today.
Click to expand...
Click to collapse
That would solve the problem indeed, but could you provide a source for this information? This is the first time I hear about a way for a third party application to meddle with IE/mail client behavior in WP7, and when I asked Brandon Watson he said nothing like that would be possible.
Dude, there is a edit button, no need to keep double posting. Oh and YES "rly", read the topic.
btw, what about copy and pasting files?, or even blocks of txt's like in a document or web page for example or am I missing something here, that seems a pretty simple but integral part of windows to me, ffs this isnt apple its windows.
Applications have access to the internet, and files on the internet, it just cannot run in the background or access local files outside of its own local isolated storage. (unless there is a task, launcher, or chooser available to apps)
Native Twitter feeds will be coming soon, Windows Live had it until Twitter changed some APIs, and it will be brought back.
Microsoft have not said Copy & Paste is not a priority, only that in order to get the phone out in time for an Autumn/Winter release, and that it will be coming soon.
anyone else a tester for limewire? sign up on their site they emailed me right back. seems ok sofar evo 2.2
Looks like a great thread for the aps forum.
i'm not a tester, the development forum is probably not the palce for this post. I personlally dont use [email protected] programs as they are infested with spyware, viruses and fake files. Newsgroups all the way, still has some but much much less.
slvrprelude said:
anyone else a tester for limewire? sign up on their site they emailed me right back. seems ok sofar evo 2.2
Click to expand...
Click to collapse
I signed up days ago but they havent contacted me at all. Can you share the apk with me?
Holy crap! People still use Limewire aka the most viruses on the internets?
SolsticeZero said:
Holy crap! People still use Limewire aka the most viruses on the internets?
Click to expand...
Click to collapse
Yeah, I usually end up yelling "DEAR GOD - DON'T YOU LOVE YOURSELF?" at them in my best Jon Pinette voice.
SolsticeZero said:
Holy crap! People still use Limewire aka the most viruses on the internets?
Click to expand...
Click to collapse
It only has viruses for the people that don't know what their doing. But such is true with any aspect of the internet. This is why I have a job in tech support because people will always be dumb enough to click on just about anything and open the floodgates to infect their computers.
if anyone wants the apk just msg me. io have it on my evo 2.2 and my moment 2.1 and runs great really.. just not many people on there yet. also yea if you are dumb you can get viruses from going to google. people that know how to use computes really shouldnt worry about too many problems. also its should stay in the development cause its trying to develop the features and this shows that we can totally open these things up for some wicked stuff.
Unknownforce said:
It only has viruses for the people that don't know what their doing. But such is true with any aspect of the internet. This is why I have a job in tech support because people will always be dumb enough to click on just about anything and open the floodgates to infect their computers.
Click to expand...
Click to collapse
It has viruses for everyone however if you know what you are doing you can weed out about 95% of them this is true (i mean come on i thought all mp3s were 5kbs and made you go to a web page to "acquire a license" first.). this doesn't mean you aren't at risk of getting particularly clever virus or spyware no matter how much you know.
still like i said much better ways then P2P. though i haven't found a decent newsgroup program for android yet.
Besides the fact that this is in the wrong section, I'll post the newest apk link here: http://dl.frostwire.com/android/0.3.10/frostwire.apk
edit: added new link with updated version on 08/31/10
Sent from my PC36100 using Tapatalk
Newest Link :
http://dl.frostwire.com/android/0.4.3/frostwire.apk
FrostWire developers here
Hi, just joined xda developers (can't believe we didn't do it before)
anyways, you're all welcome to help us test our next release, it's been a while since 0.4.x, we're now about to release 1.0.6 and we've fixed a lot.
You can download and test the 1.0.6 release candidate 1 here
dl.frostwire.com/android/fresh/frostwire.1.0.6.rc1.apk
This release includes the following fixes:
FrostWire 1.0.6 - APR/03/2013
- Faster search results. Search architecture revised and improved.
- Includes search results from archive.org, which indexes millions
of public domain and creative commons works from all over the
internet.
- Reduces CPU and battery consumption up to 84%.
- FrostWire won't disable screen locking during audio playback.
It's now up to the user to set longer auto-locking timeouts if
they want to use FrostWire as an audio player in their vehicles.
- UI fix, media player screen is correctly updated if a song starts
while the screen was locked.
- Updated icons and graphics.
- Improved mime type detection.
- Supports WebM video search results.
- Updated UPnP cling libraries for better Wi-Fi sharing discovery.
- Multiple crashes and freezes fixed.
- Opens .torrent files from urls and from any file browser.
- Faster hashing and checking of ongoing and finished torrent downloads.
- Fixes a crash when sharing files from third party apps like FileKicker
which pass filepath uris instead of android provider uris.
- Fixes double audio playback issue with third party media playing apps.
- Fixes bug where the app would force close and restart on phones without SD cards.
- Fixes bug on Android 4.x where finished document downloads wouldn't appear under
documents.
- Avoids crash caused by AdMobSDK and WebView's cache being null.
You can follow live code progress on github.com/frostwire/frostwire-android/commits/master, hackers are most welcome to send pull requests.
I generally don't care so much about not being able to:
1. transfer sms and contacts TO sim
2. sync doc, txt, and pdf files, offline, through Zune
3. sync flac or divx files
4. make an offline backup of contacts or of the whole phone configuration
5. create new accent colors
6. toggle wifi/gps/3g data/bluetooth with a single tap from the home screen
7. dictate sms or other speech orders in my native language
etc...
All of the above limitations (and some more) can be tolerable at some degree because of WP7 general superiority in other levels.
BUT...
I'm really pissed off with Microsoft...They have totally abandoned open market phones...First, we had a major error with Mango for LG update, that forced some people to flash a new official rom in order to get it. I never got a tethering update for my open LG and now I don't even get the latest official 7740 update. I don't f$%^ care about carriers. I bought an officially OPEN device and I demand support, or else they can stop selling us illusions...
Muvolt said:
I generally don't care so much about not being able to:
1. transfer sms and contacts TO sim
2. sync doc, txt, and pdf files, offline, through Zune
3. sync flac or divx files
4. make an offline backup of contacts or of the whole phone configuration
5. create new accent colors
6. toggle wifi/gps/3g data/bluetooth with a single tap from the home screen
7. dictate sms or other speech orders in my native language
etc...
All of the above limitations (and some more) can be tolerable at some degree because of WP7 general superiority in other levels.
BUT...
I'm really pissed off with Microsoft...They have totally abandoned open market phones...First, we had a major error with Mango for LG update, that forced some people to flash a new official rom in order to get it. I never got a tethering update for my open LG and now I don't even get the latest official 7740 update. I don't f$%^ care about carriers. I bought an officially OPEN device and I demand support, or else they can stop selling us illusions...
Click to expand...
Click to collapse
Blame your OEM, not Microsoft for not getting tethering. They are the ones delivering the proper drivers needed for tethering to be enabled. The feature is already built in in Mango. Concerning 7740 you're right. But it has been released when? Yesterday? No update so far has reached all users at the same time. It has always taken a few weeks until every single Windows Phone user out there received an update. Knowing that 7740 won't change much, I personally do not really care about when I will receive it.
So far I didn´t get the latest 7740 update either, but I installed it manually with cab sender.
The official 7740 update you can download here:
http://forum.xda-developers.com/showthread.php?t=1306415
contable said:
So far I didn´t get the latest 7740 update either, but I installed it manually with cab sender.
The official 7740 update you can download here:
http://forum.xda-developers.com/showthread.php?t=1306415
Click to expand...
Click to collapse
It doesn't fix the keyboard disappearing issue, so it's pretty much useless. This is by far the biggest annoyance for me right now. Keyboard disappears 10+ times when i'm typing a SMS. And in some apps you can't bring back the keyboard by touching the input box. I have to copy/paste and try again.
dkp1977 said:
Blame your OEM, not Microsoft for not getting tethering. They are the ones delivering the proper drivers needed for tethering to be enabled. The feature is already built in in Mango. Concerning 7740 you're right. But it has been released when? Yesterday? No update so far has reached all users at the same time. It has always taken a few weeks until every single Windows Phone user out there received an update. Knowing that 7740 won't change much, I personally do not really care about when I will receive it.
Click to expand...
Click to collapse
You are right here, but this wouldn't have happened if Microsoft had put strict rules around its ecosystem. It's unacceptable for such a unified quality concept to have basic specs like tethering, managed almost randomly (at will) by the OEMs without Microsoft's supervision. LG has released the firmware for branded phones (so, there is no arguing here that they couldn't have released it because of hardware restrictions) and totally rejected all of those people who have open phones. WHO controls this type of marketing anarchy around one of the most innovative, popular products of the world?
I'm shocked by this management attitude, because I'm a Microsoft customer for over 18 years and I know very well that they are aces in product support. As I mentioned earlier, ιn my first post, this is not the only fault Ι've been through and I'm looking forward to see this company measuring its actions with responsibility and care but, right now I'm totally disappointed.
contable said:
So far I didn´t get the latest 7740 update either, but I installed it manually with cab sender.
The official 7740 update you can download here:
http://forum.xda-developers.com/showthread.php?t=1306415
Click to expand...
Click to collapse
is cab sender only for htc? says I need zune wmdu 4.8.2134
contable said:
So far I didn´t get the latest 7740 update either, but I installed it manually with cab sender.
The official 7740 update you can download here:
http://forum.xda-developers.com/showthread.php?t=1306415
Click to expand...
Click to collapse
Thanks a lot for this info!
2 threads about the same thing....?
Bla Bla Bla... Close thread, waste of space.
norgan said:
Bla Bla Bla... Close thread, waste of space.
Click to expand...
Click to collapse
It's a general WP7 discussion place and you should be more polite sir.
Dr.8820 said:
2 threads about the same thing....?
Click to expand...
Click to collapse
I have made one in the specific LG e900 forum as well, because I use an open LG device, so, the discussion exists in two places to be seen by people who have as well as those who don't have an LG device, but they do have an open device with similar problems.
Muvolt said:
I have made one in the specific LG e900 forum as well, because I use an open LG device, so, the discussion exists in two places to be seen by people who have as well as those who don't have an LG device, but they do have an open device with similar problems.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1352887
That would be post number three then... Sometimes i dont understand why there is all this hate on this board. Isnt this supposed to be where people come together to innovate and find new ways to use their devices? Not to complain about what they have without contributing anything...
I was referring to this thread, about 10 down from this one...but carry on, I thought it was groundhog's day.
http://forum.xda-developers.com/showthread.php?t=1352887
contable said:
So far I didn´t get the latest 7740 update either, but I installed it manually with cab sender.
The official 7740 update you can download here:
http://forum.xda-developers.com/showthread.php?t=1306415
Click to expand...
Click to collapse
Can you help me with this? I tried the instructions carefully but it doesn't work says No Update files
The problem? No money because wp not selling so no updates.... microsoft dont work for free....
Sent from my GT-I9000 using XDA App
i don't understand this thread. is there any actual evidence that they're abandoning open market phones?
Some of us use Textsecure as replacement for Stock SMS app. Textsecure provides encryption for your SMS. However, my recommendation is: stay away or at least don't update to 2.X... versions.
The developer has introduced Google Cloud Messaging, which means that even if your sms are secure, the fact you are using the app will be recorded in Google Centralized database. In addition, he removed the ability of the user to regenerate new identity key. In last couple of releases, he forced the user to allow the app to contact the internet (otherwise, the app would crash). That is even if you compile the app from sources, which I did a couple of hours ago. If you download the app from Store, you can't even use it without Google account and GSF, the latter will record your every keystroke including the password used to encrypt the messages. In further addition, the app is only available through Googleplay and the developer is actively resisting third party distribution. If that is not enough, you should know that Whisper systems is owned by Twitter, which is a red flag in of itself. The code is growing larger and is more difficult to examine for back door purposes.
My advice: stay away from this development, which in my view is compromised...
Edit. In January of this year, the developer left Twitter. Interestingly, he is still working on Textsecure and it is published under Whisper, which is Twitter. About the same time, all those things described above started to happen. Also interesting is that the developer was put on federal watch list and was continuously harrased by various agencies when flying. So, I wouldn't be surprised to learn that his new employer is the previous harraser...
All more reasons to stay away from this app.
optimumpro said:
Some of us use Textsecure as replacement for Stock SMS app. Textsecure provides encryption for your SMS. However, my recommendation is: stay away or at least don't update to 2.X... versions.
The developer has introduced Google Cloud Messaging, which means that even if your sms are secure, the fact you are using the app will be recorded in Google Centralized database. In addition, he removed the ability of the user to regenerate new identity key. In last couple of releases, he forced the user to allow the app to contact the internet (otherwise, the app would crash). That is even if you compile the app from sources, which I did a couple of hours ago. If you download the app from Store, you can't even use it without Google account and GSF, the latter will record your every keystroke including the password used to encrypt the messages. In further addition, the app is only available through Googleplay and the developer is actively resisting third party distribution. If that is not enough, you should know that Whisper systems is owned by Twitter, which is a red flag in of itself. The code is growing larger and is more difficult to examine for back door purposes.
My advice: stay away from this development, which in my view is compromised...
Edit. In January of this year, the developer left Twitter. Interestingly, he is still working on Textsecure and it is published under Whisper, which is Twitter. About the same time, all those things described above started to happen. Also interesting is that the developer was put on federal watch list and was continuously harrased by various agencies when flying. So, I wouldn't be surprised to learn that his new employer is the previous harraser...
All more reasons to stay away from this app.
Click to expand...
Click to collapse
And here is some more fresh evidence. Today I posted this info on Cyanogen site related to Textsecure Push for CM.
http://www.cyanogenmod.org/blog/whisperpush-secure-messaging-integration
The site says it is neither censored no monitored. Within 5 minutes, the post has disappeared... . So, stay away from this app as the development has been compromised. In my view, of course...
You have no clue what youre talking about.
Corndude said:
You have no clue what youre talking about.
Click to expand...
Click to collapse
Thanks, pal... for a very, very thorough, thoughtful and factual argument.
Edit: by the way, what does no gapps project have to do with textsecure being compromised?
Thanks for the heads up. Something is really amiss, and I won't want to directly experience it. I'm staying away from TextSecure for sure.
abdelazeez said:
Thanks for the heads up. Something is really amiss, and I won't want to directly experience it. I'm staying away from TextSecure for sure.
Click to expand...
Click to collapse
Most messenger apps today work with Google Push Notifications, seems to be no problem for people there. Funny that it is here. As for SMS, I would never use that through another app. Besides, the phone carrier companies save those probably too, whats so different with that you said ? Text Secure is a very nice app I think. Right now people on iOS don't have that app yet, which makes it hard to establish in mixed system userbases among people. But I hope that will change.
Besides, most people here probably use Twitter. Funny to complain about something that might be related to Twitter then, isn't it ?
Wolfseye
wpkwolfseye said:
Most messenger apps today work with Google Push Notifications, seems to be no problem for people there. Funny that it is here. As for SMS, I would never use that through another app. Besides, the phone carrier companies save those probably too, whats so different with that you said ? Text Secure is a very nice app I think. Right now people on iOS don't have that app yet, which makes it hard to establish in mixed system userbases among people. But I hope that will change.
Besides, most people here probably use Twitter. Funny to complain about something that might be related to Twitter then, isn't it ?
Wolfseye
Click to expand...
Click to collapse
The difference is that Textsecure/Whisperpush/CMpush tell you your SMS are encrypted. If they are indeed encrypted and there are no backdoors, your carrier (and others) can only get encrypted SMS (good luck to them trying to decipher). All other SMS apps are in plain text. In my view earlier versions of Textsecure are indeed secure. Starting from version 2.X, we no longer know that considering all the facts I mentioned in the OP.
You should really get your facts straight. Twitter bought Whisper Systems in 2011, mainly to get Moxie and the other Whisper Systems folks to work for them.
Moxie went on to lead Twitters security team. Twitter allowed them a month or so after they aquired Whisper Systems to open source their apps TextSecure and RedPhone. In January 2013 Moxie left Twitter and started Open Whisper Systems with a few others. They took the newly open sourced apps and developed them further.
This is also covered in their FAQ.
You can see all of their code on GitHub.
And if you don't have GAPPS installed, you will simply get a message that you won't be able to use push messages and that's it. Several friends of mine use it for SMS only, with Xprivacy restricting the internet access. It doesn't crash or anything.
If you experience this, you may either have a problem with your build or it's a bug specific to your device/Android version.
Moxie also wrote exactly why he doesn't want TextSecure to be released via F-Droid: for security reasons. They use central signing, which may very well compromise the update channel.
The whole discussion can be found in the most infamous thread in their GitHub: #127
lindworm said:
You should really get your facts straight. Twitter bought Whisper Systems in 2011, mainly to get Moxie and the other Whisper Systems folks to work for them.
Moxie went on to lead Twitters security team. Twitter allowed them a month or so after they aquired Whisper Systems to open source their apps TextSecure and RedPhone. In January 2013 Moxie left Twitter and started Open Whisper Systems with a few others. They took the newly open sourced apps and developed them further.
This is also covered ir FAQ.
You can see all of their code on GitHub.
And if you don't have GAPPS installed, you will simply get a message that you won't be able to use push messages and that's it. Several friends of mine use it for SMS only, with Xprivacy restricting the internet access. It doesn't crash or anything.
If you experience this, you may either have a problem with your build or it's a bug specific to your device/Android version.
Moxie also wrote exactly why he doesn't want TextSecure to be released via F-Droid: for security reasons. They use central signing, which may very well compromise the update channel.
The whole discussion can be found in the most infamous thread in their GitHub: #127
Click to expand...
Click to collapse
Which fact did I not get straight? You can't get the app anywhere other than from Googleplay and for Googleplay you need GSF, which records your every keystroke. And by the way, try to restrict getnetworkinfo in internet settings in Xprivacy and the app will crash as soon as you try to open a conversation (checked on several devices). And why was it necessary to prevent users from generating new identity key? Why not have an app available on Whisper's github, as many devs do. And by the way, I asked the same questions on github and f-droid threads and in response got a suggestion to build an equivalent of Google's GCM, so then Moxie would stop using Google.
optimumpro said:
Which fact did I not get straight? You can't get the app anywhere other than from Googleplay and for Googleplay you need GSF, which records your every keystroke. And by the way, try to restrict getnetworkinfo in internet settings in Xprivacy and the app will crash as soon as you try to open a conversation (checked on several devices). And why was it necessary to prevent users from generating new identity key? Why not have an app available on Whisper's github, as many devs do. And by the way, I asked the same questions on github and f-droid threads and in response got a suggestion to build an equivalent of Google's GCM, so then Moxie would stop using Google.
Click to expand...
Click to collapse
You are not even trying to learn/understand why things are done the way they are done, but instead chose to blast an open source project by a security expert who has spoken at defcon various times and who is on a national security list and gets severely hassled by the TSA every time he tries to travel because of his involvement with secure communication projects.
You don't show the slightest form of objectiveness either. The truth content of what you are writing varies between "flat out wrong" and "there is a reason for how they do it that way, which you either didn't care to research or willingly ignored".
1. You can sideload the apk either from http://apps.evozi.com/apk-downloader/ or any of the dozens of sites that mirror packages from the app store.
They do not provide apks because it is a security risk: there is no automated upgrade channel from where a user can get a new version which may fix serious security flaws.
Everybody who is able to compile from source however should understand the importance of updating regularly and can do so on his/her own.
Moxie stated all of that in the github ticket I linked to.
2. GSF doesn't record your keystrokes.
3. If you had bothered to look it up, getNetworkInfo returns if a certain interface (like wifi) is used for internet.
This leaks no interesting information whatsoever. And it especially doesn't mean that TextSecure doesn't work without internet, because this permission does not give an app internet access. Xprivacy actually expects this behaviour by apps, that's why those fields are by default not restricted even if you restrict internet access of an app.
The program crashes without this, because it expects to get a needed value returned, which you chose to block. This is not something they willingly built in, to stop you from using it without Google Play.
If you can't manage the complexity of the permissions, you should use a simple firewall like AFwall+ to restrict internet access.
4. This was probably removed because it doesn't add any significant security and adds clutter to the user interface, because average users have no idea what it's for. The identity keys you are talking about are long term identity keys. TextSecure uses different keys in every message and actually uses the most secure protocol I know of. It has excellent forward secrecy, future secrecy and deniability. More so than OTR, which it is derived from.
You can learn more about that in their blog:
https://whispersystems.org/blog/simplifying-otr-deniability/
https://whispersystems.org/blog/asynchronous-security/
https://whispersystems.org/blog/advanced-ratcheting/
5. You asked them to not use the only free world wide push network that has contracts with all major providers to not kill idle TCP connections.
Moxie always answered that they would love to use something else, but none exists. And that they don't have the resources to build a push network themselves.
This is all in the comments to https://whispersystems.org/blog/the-new-textsecure/ and on ycombinator:
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfxhm?context=3
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfrv0?context=3
They are however working on using emails as identifiers and websockets as an alternative to GCM. Websockets are already implemented on the server side and people are working on the client side.
Right now you can use encrypted SMS without GCM, no problem at all. If you want to use it over the internet, you can help to speed up the websocket development:
https://github.com/WhisperSystems/TextSecure/issues/1000
lindworm said:
You are not even trying to learn/understand why things are done the way they are done, but instead chose to blast an open source project by a security expert who has spoken at defcon various times and who is on a national security list and gets severely hassled by the TSA every time he tries to travel because of his involvement with secure communication projects.
You don't show the slightest form of objectiveness either. The truth content of what you are writing varies between "flat out wrong" and "there is a reason for how they do it that way, which you either didn't care to research or willingly ignored".
1. You can sideload the apk either from http://apps.evozi.com/apk-downloader/ or any of the dozens of sites that mirror packages from the app store.
They do not provide apks because it is a security risk: there is no automated upgrade channel from where a user can get a new version which may fix serious security flaws.
Everybody who is able to compile from source however should understand the importance of updating regularly and can do so on his/her own.
Moxie stated all of that in the github ticket I linked to.
2. GSF doesn't record your keystrokes.
3. If you had bothered to look it up, getNetworkInfo returns if a certain interface (like wifi) is used for internet.
This leaks no interesting information whatsoever. And it especially doesn't mean that TextSecure doesn't work without internet, because this permission does not give an app internet access. Xprivacy actually expects this behaviour by apps, that's why those fields are by default not restricted even if you restrict internet access of an app.
The program crashes without this, because it expects to get a needed value returned, which you chose to block. This is not something they willingly built in, to stop you from using it without Google Play.
If you can't manage the complexity of the permissions, you should use a simple firewall like AFwall+ to restrict internet access.
4. This was probably removed because it doesn't add any significant security and adds clutter to the user interface, because average users have no idea what it's for. The identity keys you are talking about are long term identity keys. TextSecure uses different keys in every message and actually uses the most secure protocol I know of. It has excellent forward secrecy, future secrecy and deniability. More so than OTR, which it is derived from.
You can learn more about that in their blog:
https://whispersystems.org/blog/simplifying-otr-deniability/
https://whispersystems.org/blog/asynchronous-security/
https://whispersystems.org/blog/advanced-ratcheting/
5. You asked them to not use the only free world wide push network that has contracts with all major providers to not kill idle TCP connections.
Moxie always answered that they would love to use something else, but none exists. And that they don't have the resources to build a push network themselves.
This is all in the comments to https://whispersystems.org/blog/the-new-textsecure/ and on ycombinator:
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfxhm?context=3
https://pay.reddit.com/r/Android/co..._cyanogenmod_is_integrating/cdyfrv0?context=3
They are however working on using emails as identifiers and websockets as an alternative to GCM. Websockets are already implemented on the server side and people are working on the client side.
Right now you can use encrypted SMS without GCM, no problem at all. If you want to use it over the internet, you can help to speed up the websocket development:
https://github.com/WhisperSystems/TextSecure/issues/1000
Click to expand...
Click to collapse
Your original statement was that I got my facts wrong. Since you have not cited any instance where I came up with a wrong fact, I will address your opinions.
Number one: you say GSF does not record keystrokes. How do you know? Have you seen the source (which is closed)? If you did, you work for Google and then everything you say is propaganda that has zero factual value. If you don't, then you are just speculating. You pick whichever is worse. If you use Google proprietary blobs, your device is totally open and there is no security measure/app on earth that is effective against this. That GSF phones home at regular intervals and transmits data there is a known fact. You can use encryption from Mars and yet it won't work because raw data (before encryption) is open to Google. As another user noted, having GSF and other closed source apps is like having a lock installed on your house door and not knowing who has access to it besides you.
Number two: inability to generate new identity key: It was there for a reason, the same way PGP or GPG keys have the ability to be limited in time, revoked or regenerated. It is a good security standard and removing it represents weakening. Clutter? LOL. A regular user wouldn't even be able to find it. Certainly, it does not pop up anywhere, one has to find it.
Number three: Sideload or compiling: a regular user will do neither, he/she will simply download the app from the market, which means he has to have Google blobs. Or you are suggesting that users should download the app from the market and then remove GSF and other Googleapps? LOL again.
As I said earlier, Moxie's argument that allowing third party apps on your device is a greater security risk than having closed source blobs is wrong and grand BS (especially coming from someone who is considered a security expert). It is security through obscurity, which is no security at all. The value of his open source project is completely defeated by having closed source blobs by a known private branch of known three letter agencies.
Now, these are facts. Let's get to opinions. I think that this deliberate weakening of security (again coming from a security expert) is a strong indication that development and/or developer has been compromised. And that is why I recommend to stay away from this app. But that is just my opinion, which is nonetheless based on facts.
optimumpro said:
Your original statement was that I got my facts wrong. Since you have not cited any instance where I came up with a wrong fact, I will address your opinions.
Click to expand...
Click to collapse
Do you even read what I write?
If that is not enough, you should know that Whisper systems is owned by Twitter, which is a red flag in of itself.
Click to expand...
Click to collapse
As I explained he does now work there any more.
You seem to have noticed that too:
Edit. In January of this year, the developer left Twitter. Interestingly, he is still working on Textsecure and it is published under Whisper, which is Twitter.
Click to expand...
Click to collapse
Are you kidding me? How the flying **** did you get to this conclusion? The company that was bought by twitter was Whisper Systems.
They are publishing the new source under Open Whisper Systems. (none of those was ever called Whisper)
See the difference? They also state this here: http://support.whispersystems.org/customer/portal/articles/1474591-is-textsecure-owned-by-twitter-
And here is some more fresh evidence. Today I posted this info on Cyanogen site related to Textsecure Push for CM.
http://www.cyanogenmod.org/blog/whis...ng-integration
The site says it is neither censored no monitored. Within 5 minutes, the post has disappeared... . So, stay away from this app as the development has been compromised. In my view, of course...
Click to expand...
Click to collapse
So you are saying CyanogenMod is part of this grand conspiracy of yours? Come on...
GSF, which records your every keystroke.
Click to expand...
Click to collapse
Number one: you say GSF does not record keystrokes. How do you know? Have you seen the source (which is closed)? If you did, you work for Google and then everything you say is propaganda that has zero factual value. If you don't, then you are just speculating. You pick whichever is worse. If you use Google proprietary blobs, your device is totally open and there is no security measure/app on earth that is effective against this. That GSF phones home at regular intervals and transmits data there is a known fact. You can use encryption from Mars and yet it won't work because raw data (before encryption) is open to Google. As another user noted, having GSF and other closed source apps is like having a lock installed on your house door and not knowing who has access to it besides you.
Click to expand...
Click to collapse
It's a binary blob and it sends data to google, but you have no proof whatsoever if it records keystrokes. You can know if you want to tough. Decompile it and analyze it. I don't like binary blobs, but you can't just say they do something without having any proof. I may not be able to guarantee that they don't do something, because I have not personally decompiled and analyzed every bit of it, but until you have and have proof that it does do something you can't just claim it does.
Number two: inability to generate new identity key: It was there for a reason, the same way PGP or GPG keys have the ability to be limited in time, revoked or regenerated. It is a good security standard and removing it represents weakening. Clutter? LOL. A regular user wouldn't even be able to find it. Certainly, it does not pop up anywhere, one has to find it.
Click to expand...
Click to collapse
It is not something the average user should have access to, for several reasons. The TextSecure V2 protocol is NOT comparable with PGP/GPG because it has forward secrecy and deniability. The keys that are actually used to encrypt a message are not static as with PGP.
They are derived from the original keys and are changed with every message. No need to change them after X days/months/years.
Even if one key is intercepted, you would only be able to decrypt one message and not every message as it is the case with PGP.
If you get a new key, all your contacts get alerts that your key changed and that somebody may be listening in. That's not something the average user should be exposed to. If you think for whatever reason that you really want to do this, back up your conversations, uninstall TextSecure, install it again, import the backup and you have your new key.
Number three: Sideload or compiling: a regular user will do neither, he/she will simply download the app from the market, which means he has to have Google blobs. Or you are suggesting that users should download the app from the market and then remove GSF and other Googleapps? LOL again.
As I said earlier, Moxie's argument that allowing third party apps on your device is a greater security risk than having closed source blobs is wrong and grand BS (especially coming from someone who is considered a security expert). It is security through obscurity, which is no security at all. The value of his open source project is completely defeated by having closed source blobs by a known private branch of known three letter agencies.
Click to expand...
Click to collapse
Every average user has the google blobs, because they are preinstalled on nearly every phone and it's nearly unusable without them. This app is supposed to make encryption available to the masses.
Google may be undermined by your beloved three letter agencies, but it's not one of them. This is not to hide from them.
You have your threat model wrong.
No app alone can ever protect you from those agencies. They have hundreds of 0days for every platform and will simply own your Android, open source or not.
And this is not what TextSecure tries to do. They protect the content of every conversation with extremely strong encryption, no matter what the transport is. This does protect you from dragnet surveillance. But they can not protect you from someone who targets you and is willing to spend hundreds of thousands or millions to break into your operating systems.
If the NSA really wants you they get you, period. But TextSecure protects you from theives, cyber criminals and nearly everybody else who wants to read your messages.
You say you think the encrypted SMS mode was safe? With this your provider (and thus your government and every agency that wants it) has all the metadata. Who sent something to whom etc.
Google on the other hand has actually LESS meta data, because your phone sends the message to the TextSecure server, which relays the message to GCM. GCM then delivers the message. Because everything is encrypted none of the servers get contact data. But google only gets the receiver, not the sender. Your provider gets everything.
A global passive adversary may still do time corellation attacks, by listening who sends something when and who receives something at this time. After some sessions it's pretty clear who is talking to whom. It doesn't matter if Google is evil or not in this case. They get the metadata if they want to.
If you want protection against something like this take a look at pond, or meet i person: https://github.com/agl/pond
Now, these are facts. Let's get to opinions. I think that this deliberate weakening of security (again coming from a security expert) is a strong indication that development and/or developer has been compromised. And that is why I recommend to stay away from this app. But that is just my opinion, which is nonetheless based on facts.
Click to expand...
Click to collapse
As I explained there is no weakening whatsoever. Even if you consider google the adversary, they get less meta data than your SMS provider.
You can use this exactly as before without the google blobs if you want to.
They are actively working on a way to get away from the play store and GCM by building their own distribution method (which is finished, but not yet released, see #127 in their github) and implementing Websockets (server works, client is on the way).
Before you start slamming something you should really understand how it works, or ask if you understood it correctly.
lindworm said:
Do you even read what I write?
As I explained he does now work there any more.
You seem to have noticed that too:
Are you kidding me? How the flying **** did you get to this conclusion? The company that was bought by twitter was Whisper Systems.
They are publishing the new source under Open Whisper Systems. (none of those was ever called Whisper)
See the difference? They also state this here: http://support.whispersystems.org/customer/portal/articles/1474591-is-textsecure-owned-by-twitter-
So you are saying CyanogenMod is part of this grand conspiracy of yours? Come on...
It's a binary blob and it sends data to google, but you have no proof whatsoever if it records keystrokes. You can know if you want to tough. Decompile it and analyze it. I don't like binary blobs, but you can't just say they do something without having any proof. I may not be able to guarantee that they don't do something, because I have not personally decompiled and analyzed every bit of it, but until you have and have proof that it does do something you can't just claim it does.
It is not something the average user should have access to, for several reasons. The TextSecure V2 protocol is NOT comparable with PGP/GPG because it has forward secrecy and deniability. The keys that are actually used to encrypt a message are not static as with PGP.
They are derived from the original keys and are changed with every message. No need to change them after X days/months/years.
Even if one key is intercepted, you would only be able to decrypt one message and not every message as it is the case with PGP.
If you get a new key, all your contacts get alerts that your key changed and that somebody may be listening in. That's not something the average user should be exposed to. If you think for whatever reason that you really want to do this, back up your conversations, uninstall TextSecure, install it again, import the backup and you have your new key.
Every average user has the google blobs, because they are preinstalled on nearly every phone and it's nearly unusable without them. This app is supposed to make encryption available to the masses.
Google may be undermined by your beloved three letter agencies, but it's not one of them. This is not to hide from them.
You have your threat model wrong.
No app alone can ever protect you from those agencies. They have hundreds of 0days for every platform and will simply own your Android, open source or not.
And this is not what TextSecure tries to do. They protect the content of every conversation with extremely strong encryption, no matter what the transport is. This does protect you from dragnet surveillance. But they can not protect you from someone who targets you and is willing to spend hundreds of thousands or millions to break into your operating systems.
If the NSA really wants you they get you, period. But TextSecure protects you from theives, cyber criminals and nearly everybody else who wants to read your messages.
You say you think the encrypted SMS mode was safe? With this your provider (and thus your government and every agency that wants it) has all the metadata. Who sent something to whom etc.
Google on the other hand has actually LESS meta data, because your phone sends the message to the TextSecure server, which relays the message to GCM. GCM then delivers the message. Because everything is encrypted none of the servers get contact data. But google only gets the receiver, not the sender. Your provider gets everything.
A global passive adversary may still do time corellation attacks, by listening who sends something when and who receives something at this time. After some sessions it's pretty clear who is talking to whom. It doesn't matter if Google is evil or not in this case. They get the metadata if they want to.
If you want protection against something like this take a look at pond, or meet i person: https://github.com/agl/pond
As I explained there is no weakening whatsoever. Even if you consider google the adversary, they get less meta data than your SMS provider.
You can use this exactly as before without the google blobs if you want to.
They are actively working on a way to get away from the play store and GCM by building their own distribution method (which is finished, but not yet released, see #127 in their github) and implementing Websockets (server works, client is on the way).
Before you start slamming something you should really understand how it works, or ask if you understood it correctly.
Click to expand...
Click to collapse
"Decompile GSF"
You are kidding. Aren't you? If one can examine closed source the same way as open one, then all problems would be solved. And by the way, there would be no point in having proprietary software. Would it? Of course Java is easier to reverse engineer, but want to try Oracle's java?
"Google" Google has root access to your device: It can pull/install any application without you noticing it. They can install another version of TextSecure with backdoors. They can do whatever they want or told to. So, if you have Google, there is no point in any security at all. And when a developer forces users to have Google for his app to work, that's no security at all.
Cyanogenmode/Conspiracy? There is no conspiracy. The US has a law that requires providers to have back doors in their software/hardware for law enforcement, and there are wild claims (by those who know (and don't) what they are talking about) of TextSecure as "weapon" against this kind of surveillance. And that is pure bull. All that the app can provide is the false sense of security, while in reality making users more transparent to surveillance.
Phone service providers vs. internet: when you use Textsecure as a pure sms app, your provider gets gibberish, but they have no way of knowing what you are using. With GCM/GSF/Googleplay, they know exactly what you are doing, as you are marked as using this particular app. So, Moxie is making life of "survaillors" much easier.
Thanks for telling me to uninstall the app if I want to generate new key. So, if I do it this way, you think my contacts won't receive a message that my key has changed?
Here is how I began to suspect foul play: First I noticed the app wanted access to the internet, then I discovered that I can no longer generate a new key, then I went to read about F-droid/Whisper problems. Then I read that he wants the app be available through Google only, because he cares about security and does not want users to allow third party apps (BS). Then I read about feds harassment. You think the 3 letter agencies wouldn't like to have him?
In my view, Moxie's arguments no longer make sense. And by the way, when he is against the wall, he tells you to create a world wide push service - alternative to GCM. LOL.
For me that's enough to stay away from the app. Others will decide accordingly...
Does anybody work on an alternativ push service in order to replace hard requirement on Google services for TextSecure, Redphone and lots of other useful apps?
I understand that GAPPS are needed to run textsecure.
Is it possible/ has anyone succeed to get it to run with the no GAPPS apps such as the blank store etc or is the app relying too much on google infrastructure?
i can use textsecure sms without internet. besides registering with push is not mandatory at all so the crash you've experienced must be a bug in the version of textsecure you're using. also why compare it to pgp/gpg? textsecure uses otr with improvements to deniability and forward secrecy. also textsecure supports mms (which uses internet).
if you're really that paranoid, avoid android at all and stop spreading FUD claiming it to be fact. i don't find the statement factual at all. it lacks any evidence (show us the code with the backdoor first).
and also avoid openguardian project too as they conspire with textsecure since they are recommending it.
and by the way, whisper and openwhisper are different.
It really is ashamed when misinformed people comment on things they do not have enough information to intelligently speak about. Especially when it discourages people from using an application that is one of the only current means of communicating over SMS in a secure manner. Is it perfect? Certainly not... Security and encryption are never perfect, and there will always be flaws to be found, but to insist that someone such as Moxie Marlinspike is somehow working against the security researcher community in some undercover role as an agent of the government or some corrupt company is really insulting. If you have some absolute proof, or even a reasonable solid suspicion, please share it, but otherwise do not taint these incredible people with false accusations. Learn a bit about encryption, reverse engineering, and packet inspection, and then come back and give an intelligent analysis of your findings of the application you suspect to be playing some nefarious role. Until then, your accusations are completely unfounded and damaging to the community as a whole. There are many people who have worked hard to make this product a reality, and I believe they should be praised for their efforts. Obviously these are my own opinions, and you are free to dismiss them outright as you have done to others in previous posts. In addition, I realize I am not an active member of the xda community, but I am an active member of the security/reverse engineering community. My job and nearly all of my free time is spent reverse engineering software and I see no basis for your accusations.
Here is more update on Textsecure: there was a major vulnerability found last October-November. And Moxie's response (not surprisingly) - fixing "feels pretty cumbersome" and "I dunno."
Also, Open Whisper is now accepted into the family of such a bastion of privacy, as Facebook (kids love it, NSA approves). So, If you had any doubt about this app before, now you can sleep well at night (sarcasm).
https://moderncrypto.org/mail-archive/messaging/2014/001029.html
https://moderncrypto.org/mail-archive/messaging/2014/001030.html
To those who like to attack the messenger ( I call them Google thugs or pacifier babies). One says decompile GSF, the other - false accusations and absolute proof?! Wake up and get the pacifier out of your mouth. There is no such thing in real life. I give you the dots, you can't connect them with the pacifier in your mouth.
Here is some more damning evidence that Textsecure is a totally compromised project no longer to be trusted: during 2013-2014 Open Whisper Systems received over $1.3 mln from BBG, which is an arm of US Government and its 3-letter-agencies.
http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/
So, Moxie, it appears, has turned from someone who was harrased by TSA in airports (presumably for a failure to cooperate with the government) to a receipient of major funds from the same government. I am not even talking about him getting a once in a life-time project to work on "securing" Facebook's What's up application. Pitty and shame...
Replacement for Textsecure
Here is a pure sms app, which replaces compromised Textsecure, as well as stock messaging. There is no over the internet messaging, no google binaries and no Google Services Framewor all closed sourse. In addition, starting from version 2.7, textsecure no longer encrypts SMS. Pitty.
Here is the latest version: http://forum.xda-developers.com/android/apps-games/sms-secure-aes-256-t3065165
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
dstarfire said:
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
Click to expand...
Click to collapse
I'm curious what site it was listed on?
Just for anyone who is interested...
As soon as the severity of the flaw was clear, we began updating our machines. Some services use pre-built packages and others use custom-compiled software (using the flawed openssl version). We updated all of our services within 30 minutes or so.
The forum.xda-developers.com hostname uses a 3rd party service who was still vulnerable to heartbeat after we patched our internal services. We opened a ticket with them - I'm sure by that point they were aware of the issue and a fix was already in the works. About an hour after that they had patched their services.
This is definitely one of the worst security flaws in the history of the internet - you pretty much have to assume that any communications thought protected by https have been compromised unless there were other protections in addition to SSL.
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Isriam said:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Click to expand...
Click to collapse
That list is old... see my statement above.
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Isriam said:
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Click to expand...
Click to collapse
Sure, but not too much I can do about old information.
The link loriam posted is the one I found xda mentioned on. However, before I posted, I also checked a live testing website that showed xda as safe.
If anybody is interested, the url for that site is filippo.io/Heartbleed/
Unless there is updated information that I was unable to see, your SSL certificate is showing as being from 7 months ago. Shouldn't it be updated since that was part of the information that was vulnerable to Heartbleed?
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
wto605 said:
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
Click to expand...
Click to collapse
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
bitpushr said:
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
Click to expand...
Click to collapse
I totally agree (and believe me I'm hating this crap as much as I'm sure you guys are)... I just wanted to make sure it was in progress as I'm waiting to change my password until then.
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Some progress in updating androids vulnerable openssl 1.0.1e ? Heartbleed is disabled (for me) but somehow i imagine unwanted changes like from apps etc
Sent from my GT-I9505 using xda app-developers app
GrammarNazi said:
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Click to expand...
Click to collapse
We would blow up all mobiles they own. Mwahahahah!
Sent from my HTC Explorer A310e using XDA Premium 4 mobile app
Our new SSL certificates are in place.
Glad to hear were safe. Maybe XDA should force all users to change their passwords?? In the security world it's just better off and safer to assume everything was compromised.
Sent from my Galaxy S4 using Tapatalk
bitpushr said:
Our new SSL certificates are in place.
Click to expand...
Click to collapse
Hi bitpushr,
How to use the secured connection when logging in and/or changing password in this forum? I haven't noticed any ssl connection when logging in and/or changing password from the control panel.
Online test for Heartbleed
There are sites that will test for it.