07-07-17 09:45 AM
62 123
tools
  1. santoshwins's Avatar
    Hey guys!

    I have been searching through github and many other forums (of course including this one!) in order to find a Signal alternative. Now we already know that Signal for android does not work on BB10 (even the Cobat versions of Google framework do not help and who would want that on their BBs).

    As much as I love BB10 (and I have always had BBs for decades now), I am forced to use android for one single reason - Signal - specifically, the end-to-end zero-knowledge encryption.

    I am not an android/Google supporter and I hate to have to do this. Telegram does not have voice (plus their code is not based on PGP which is funny!). Signal has said they will only focus on Android and iOS. 'Conversations' uses XMPP but does not have voice.

    BBM is out of question as they share their encryption keys with governments easily (I know that to be true for India). Plus the voice calls are unencrypted.

    I do NOT want to use the BB-Android phones out there.

    Any help, any help at all will be greatly appreciated :-) Thanks in advance!
    02-01-17 11:50 AM
  2. David Tyler's Avatar
    BBM is out of question as they share their encryption keys with governments easily (I know that to be true for India). Plus the voice calls are unencrypted.
    Can you get BBM Protected?
    02-01-17 12:01 PM
  3. semime's Avatar
    Threema (Android) operates without GPS.

    Only others that come to mind are Wire or the Tox products which I think are still in alpha.
    02-01-17 12:19 PM
  4. elfabio80's Avatar
    Threema (Android) operates without GPS.

    Only others that come to mind are Wire or the Tox products which I think are still in alpha.
    Does it work well on BB10?

    Posted via CB10
    02-02-17 02:00 PM
  5. thurask's Avatar
    Threema (Android) operates without GPS.

    Only others that come to mind are Wire or the Tox products which I think are still in alpha.
    I've heard Wire doesn't work on BB10, so that's out.
    02-02-17 02:03 PM
  6. llelectronics's Avatar
    02-02-17 04:54 PM
  7. Leszek Lesner's Avatar
    02-02-17 04:55 PM
  8. jamesp614's Avatar
    I use Threema. Slight delay on posts when closed due to Google push not working well on BB10 even with Cobalt's services fix. You have to set a polling interval in the settings. Otherwise it works just fine. I replaced BBM with it and have not looked back.

    Posted via CB10
    02-02-17 04:57 PM
  9. santoshwins's Avatar
    Wow! I am SO sorry that I forgot to subscribe to my own question! Such lovely answers! Now here are the updates from my end -

    1. Call me crazy but I went ahead and bought ppse in this day and age :-) and I have been loving it!

    2. I am very vary of any version of google play. Including cobalts's. Id rather keep my BlackBerry google free as much as I can.

    3. I tried Wire. Doesnt work as @thurask mentioned.

    4. Threema's code is not open to public audit. And its paid so thats a bummer. But would you be kind enough to mention your experience in detail with it, @jamesp614? Is it a one time purchase or a subscription?

    5.Briar is still a work in progress and not sure if it will work with BlackBerry or not.

    6. Does TextSecure have voip calling as well? And how has the user experience been for your guys, @leszek and @llelectronics?

    7. I am still looking and not willing to give up. My other trouble is that BlackBerry bbm is unable to video call an android bbm. Which is a bloody shame. But I wont diverge from the secure messaging/calling topic that this thread is about.

    Thanks guys for your help. Greatly appreciated.

    Cheers!
    Santosh
    03-05-17 01:17 PM
  10. Leszek Lesner's Avatar
    6. Does TextSecure have voip calling as well? And how has the user experience been for your guys, @leszek and @llelectronics?
    The version of LibreSignal Jolla Edition won't work I guess.

    But the Upstream Signal project now added a websocket based version for voice call and text chat so that when you download the official APK (apkmirror or other methods) from Signal you can get the latest and greatest from Signal with Websockets support that works fine with BB10s Android Runtime.
    The only drawback when you are not already registered and you want to register is that you need to wait for the timer for the sms activation to end running before you can use the call activation.
    I have this one patched out for BB10 and SailfishOS so that it skips the timer and you can directly take the call activation.

    I am not sure if I find time updating my version as I could just use that patch against vanilla Signal.
    Though Moxie seems not to be very happy about people rebuilding the apk and using his server.
    But the good news is Signal now supports WebSockets officially so you can use it with BB10 or SailfishOS directly.
    santoshwins likes this.
    03-05-17 02:05 PM
  11. jamesp614's Avatar
    Threema is a one time purchase.
    03-05-17 02:33 PM
  12. santoshwins's Avatar
    Threema is a one time purchase.
    Thank you. Other than the polling, which I know is a bit of a challenge, how has your experience been with Threema?
    03-05-17 08:02 PM
  13. jamesp614's Avatar
    It is fine. I bought a license for my friend on IOS and we chat back and forth just fine. Just that small delay on polling when it is idling (i use the 15 minute standard). Once we are active in conversation, it is just like BBM or any other chat application.
    03-05-17 08:06 PM
  14. santoshwins's Avatar
    It is fine. I bought a license for my friend on IOS and we chat back and forth just fine. Just that small delay on polling when it is idling (i use the 15 minute standard). Once we are active in conversation, it is just like BBM or any other chat application.
    Are you able to use voice calling as well? Thanks!
    03-06-17 05:19 AM
  15. deadcowboy's Avatar
    According to the Wikileaks CIA Vault7 release, Signal is compromised. All of the encrypted chat apps are compromised. WhatsApp, Telegram. False sense of security.

    Posted via CB10
    03-08-17 06:28 AM
  16. jd smithers's Avatar
    Sorry to disagree but this is - until proven otherwise in the future - just not right. Up to the moment nothing within the leakes points to an compromised app nor broken protocol or encryption degradation of signal algorithm scheme (also see public statement from openwhisper systems: https://twitter.com/whispersystems/s...04754718932992).

    Up to now the focus of the exploits which has been published withing the vault7 leak relies on the endpoint. Neither the protocol and implementation nor the math itself.

    Thus, if you assert that the secure chat apps are insecure under the precondition the endpoint is compromised, then well... it's true. But with any compromised endpoint, nothing is secure anymore.

    Edit1: wikileaks states it-/themselves
    These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
    source: https://wikileaks.org/ciav7p1/index.html
    werkregen likes this.
    03-08-17 06:48 AM
  17. deadcowboy's Avatar
    Sorry to disagree but this is - until proven otherwise in the future - just not right. Up to the moment nothing within the leakes points to an compromised app nor broken protocol or encryption degradation of signal algorithm scheme (also see public statement from openwhisper systems: https://twitter.com/whispersystems/s...04754718932992).

    Up to now the focus of the exploits which has been published withing the vault7 leak relies on the endpoint. Neither the protocol and implementation nor the math itself.

    Thus, if you assert that the secure chat apps are insecure under the precondition the endpoint is compromised, then well... it's true. But with any compromised endpoint, nothing is secure anymore.

    Edit1: wikileaks states it-/themselves

    source: https://wikileaks.org/ciav7p1/index.html
    Thanks for doing the research and editing your post with a link. I should have done the same in my post and pointed out that it's inherent OS vulnerabilities that make chat app security largely irrelevant.

    Posted via CB10
    03-08-17 07:11 AM
  18. santoshwins's Avatar
    What I have also interestingly found is that BBOS/BB10 has not specifically been targeted as per the Vault 7 release. Is that true? In my cursory look through the news reports, it never was mentioned.
    Android of course was not a surprise as well as IoT stuff.

    When @deadcowboy mentioned the Signal app was compromised - I had automatically inferred that it isn't the math or the encryption that is flawed but the step before that - the flow of info is obviously Hardware --> OS --> app -> Encryption -->Transmission and reverse. There were reports earlier that Singapore based Gemalto that makes sim cards had hardware bugs in the sim cards themselves. You cannot fight that grade of surveillance with an app, of course.
    03-08-17 11:09 AM
  19. thurask's Avatar
    Thanks for doing the research and editing your post with a link. I should have done the same in my post and pointed out that it's inherent OS vulnerabilities that make chat app security largely irrelevant.

    Posted via CB10
    It's like what Chrome's Incognito mode used to say:

    Pages you view in incognito tabs won’t stick around in your browser’s history, cookie store, or search history after you’ve closed all of your incognito tabs. Any files you download or bookmarks you create will be kept. Going incognito doesn’t affect the behavior of other people, servers, software, or people standing behind you.
    Intercepting messages on-device, before (end to end encrypted) transmission is the equivalent of looking over the sender's shoulder.
    03-08-17 12:20 PM
  20. thurask's Avatar
    What I have also interestingly found is that BBOS/BB10 has not specifically been targeted as per the Vault 7 release. Is that true? In my cursory look through the news reports, it never was mentioned.
    There aren't any meaningful hits in what's released so far (only one percent of what they have according to Wikileaks).
    03-08-17 12:21 PM
  21. deadcowboy's Avatar
    There aren't any meaningful hits in what's released so far (only one percent of what they have according to Wikileaks).
    It'll be interesting to see what else gets released and if BlackBerry shows up. No doubt BBOS was a high profile target. And with BB10 being largely EOL, I don't doubt that its vulnerabilities have had time to have been discovered.

    Posted via CB10
    03-08-17 02:29 PM
  22. thurask's Avatar
    It'll be interesting to see what else gets released and if BlackBerry shows up. No doubt BBOS was a high profile target. And with BB10 being largely EOL, I don't doubt that its vulnerabilities have had time to have been discovered.

    Posted via CB10
    There are some results about BBOS, but those are in reference to this old thing.
    03-08-17 02:33 PM
  23. santoshwins's Avatar
    There are some results about BBOS, but those are in reference to this old thing.
    That was, indeed, a while ago. I somehow had assumed that BBOS was safer than BB10. But that's not true looks like. Let us wait and watch what comes out of Vault 7 regarding the BB10.
    03-08-17 08:50 PM
  24. SethDove's Avatar
    The version of LibreSignal Jolla Edition won't work I guess.

    But the Upstream Signal project now added a websocket based version for voice call and text chat so that when you download the official APK (apkmirror or other methods) from Signal you can get the latest and greatest from Signal with Websockets support that works fine with BB10s Android Runtime.
    The
    Upstream Signal Project? Can you provide a link with more info?

    Posted via CB10
    03-10-17 10:28 AM
  25. thurask's Avatar
    Upstream Signal Project? Can you provide a link with more info?

    Posted via CB10
    Upstream: the original, not a fork. https://github.com/WhisperSystems/Signal-Android

    LibreSignal is an abandoned fork to remove Google Play Services, which is irrelevant now that upstream offers the option.
    03-10-17 10:38 AM
62 123

Similar Threads

  1. How to sign-in to Slack app using SSO?
    By int3h in forum BlackBerry Passport
    Replies: 3
    Last Post: 07-03-17, 12:08 AM
  2. Is Blackberry 10 still getting upgrades?
    By wayne hachey in forum Ask a Question
    Replies: 12
    Last Post: 02-06-17, 03:17 AM
  3. OneMediaHub Calendar Sync End of Life
    By Newfangled in forum BlackBerry Bold 9930/9900
    Replies: 5
    Last Post: 02-06-17, 02:57 AM
  4. Why is blackberry not recommended for countries other than the US, UK and CANADA?
    By Sand_rina4 in forum General BlackBerry Discussion
    Replies: 13
    Last Post: 02-03-17, 09:06 PM
  5. Quite a quandry, need help.
    By Septembersrain in forum Site Feedback & Help
    Replies: 11
    Last Post: 02-02-17, 04:34 PM
LINK TO POST COPIED TO CLIPBOARD