Trust me, I push Signal hard and even donate to it monthly. As I’m sure many of you know, there are always a few contacts who unfortunately refuse to use it.
In this case: do you prefer to use insecure SMS in something like QUIK SMS or Fossify Messages, or do you prefer to bite the Google bullet to get end-to-end encrypted messages (even if the metadata isn’t encrypted)?
I can see good arguments for both sides, so I am curious what Lemmy’s take is.
I have a dumb question: what’s to stop someone from creating a GPG based front end for any kind of unencrypted SMS? It could encrypt as you send and decrypt as you receive. If two people have each other’s keys isn’t that end to end encryption? Why would you need to rely on something that the OS or carrier is providing?
Thanks!
RCS is trash.
For you downvoters, RCS violates the most fundamental rules of networking, which were established in the mid-80’s: separate user ID, device ID, network physical ID and network Logical ID - which is why we have TCP/IP addresses which aren’t tied to physical device ID.
RCS is backwards, by decades.
Fuck RCS - I will never use it.
i would just use sms/mms. it’s easier to manage (backups and stuff)
Sadly, encrypted will always the be better option, even if proprietary.
Neither.
SMS/texting is so fucking outdated. Why are ya’ll still attached to that stuff?Because it’s a universal communication standard. Quite literally every phone made in the last 30 years supports SMS. The hangup is the carrier. But pretty much every carrier, at least here in the USA, offers unlimited SMS.
Sounds like the usual “Because we have always done it that way and it works. I won’t just change!!!11 because some youngster found the next new fancy thingy”
Sarcasm aside, you really aren’t that far off. Unfortunately, we as enthusiasts don’t make the decisions - our own social networks (the concept, not the internet shitholes) do that for us. The vast majority of regular people don’t even realize you can use a different texting app, let alone a secure one that doesn’t rely on an insecure protocol (i.e. Signal). And then you have iPhone users who don’t realize that iMessage is a wholly separate thing from SMS. You can’t really expect those kinds of people to download 4 different messaging apps just to keep in contact with their peers.
Why are ya’ll still attached to that stuff?
It comes with every phone and is the lowest common denominator.
So I can ask a recipient what messaging-app-de-jour they are using, and then install said app , or I have to convince them to use MY messaging-app-de-jour and get them to install it. All this has to happen outside preferred channels of communication, because we haven’t yet figured out what shared methods we can communicate with.
Orrrrr I could just send them a SMS and know that even if they are using the shittiest, most locked down non-free piece of crap phone possible, their phone will go 'bing! ’ and they will receive my message.
I seriously would not mind RCS if Google didn’t monopolize it.
I will be forever on MMS because I’ll never use Google’s crappy message app.
No one is sending anything substantial over SMS for me anyway, so it’s not an issue where I need an e2ee channel with someone who doesn’t have signal
RCS. Even with the added smart features, it’s still seen as a more secure alternative due to encryption and sender’s verification
SMS for uninteresting plain texts to a phone.
RCS for sending a picture over 1mb to a phone.
Email for common everything else.
Matrix\Element or other measaging clients for the uncommon everything else.
A second phone number or virtual SMS client like Google Voice for sensitive SMS 2FA.
I absolutely cannot stand RCS. Here in the US all the carriers have given up implementing it themselves and instead offload it to Google — I’m not even an Android user! I have to explicitly unblock a bunch of Google domains for RCS to work.
E2E will be nice once it’s functional with iOS but I still loathe depending on Google.
Well if I only get those two options it’d be SMS because I don’t do anything interesting enough for a government to spy on, but Google would benefit in knowing my contacts.
But the real answer would be, I would not message that person anymore.
Personally I hate both options, I’ve lucked out that most of my steady contacts use signal, currently I’d go with RCS especially as it’s supposed to get e2e encryption between iOS and Android. That said both options are rough, your carrier can read all your sms and Google gets all your metadata for RCS
What’s wrong with email?
Email is not an instant messaging protocol.
SMS is not an instant messaging protocol either. Sometimes they arrive quickly, sometimes they don’t arrive at all. :/
SMS is not an instant messaging protocol either.
Yes, it is. It was always an instant messaging protocol. It may not have been called instant messaging, but that was its intended purpose - initially for carriers to send alerts or other notifications to their customers. Instantly.
The very first SMS was quite literally an instant message from one person to another, saying “Merry Christmas”. In '92. Every Nokia device supported SMS by '93, and many more manufacturers were not far behind.
Sometimes they arrive quickly, sometimes they don’t arrive at all. :/
Occasional technical hiccups (e.g. not received) do not change the originally-intended function. I’ve had more issues sending/receiving RCS messages than SMS/MMS messages.
Delta Chat says hi.
Well, I don’t have Google Messages on my phone. And as far as I know there’s no open third-party implementation out there to do RCS?! That kind of messenging also isn’t part of AOSP …That means I’d obviously (need to) send and receive SMS.
RCS is harder for average criminals to snoop into.
Also if in the future bank verification codes use RCS, that makes it harder to get MITM’d
(cuz banks are stubborn as hell, they’d never allow 2fa apps)
I’d rather still have SMS verifications than the proprietary 2FA app mine has now
What are you more worried about, third party, MitM interception (e.g. IMSI catcher) or Google knowing who you are communicating with? The former is technically harder for an attacker, but the use of such devices is well documented and poorly controlled. Google is, well Google. And you can expect them to monitize any bit of data they have on you. Also, that data will almost certainly be handed over to local law enforcement, especially if they have whatever the local equivalent of a warrant is.
As with most security, there are trade-offs. You have to decided what risks you are willing to accept and what you are not.
Personally, mostly concerned about surveillance capitalism and mass surveillance. But I pose this more as a hypothetical for what “you” (the average lemmy user) would think is the lesser of two evils
