BBM one of the least secure messaging platforms, based on this EFF report
-
Let me add a dumb comment... when everyone out there has my encryption keys, can it be secure or is it just another security through obscurity?
I still think if people want real security using BBM the only option is the BES way (or BBM protected), consumer BBM will stay as "secure" as it was 10 years ago imo...11-06-14 02:45 AMLike 0 - You may read points 5.3, 5.4 and 5.5 on page 15 of this paper.
And according to BBRY Security Note, BBM on BB 10 is always using a combination of TLS + BBM Encryption Key for messages, while BBOS sometimes use only the BBM Encryption Key.
As a BB 10 user, I am 100% confident that BBM is protected against criminal attacks.
The problems could start when BBRY must cooperate with any local LEAs in countries with significantly higher corruption, weak implementation of human rights, etc. etc. ...but I have the impression BBRY has always been aware of their responsibilities to protect the human rights of their customers:
Former NSA's chief lawyer: BlackBerry's encryption efforts led to its demise | ZDNet
...and in some countries like India, where I have mixed feelings, BBRY announced their (limited) cooperation with the government in advance, so that everybody was warned.
I don't think that BBRY is intercepting your BBM traffic for any LEA...., as long as you don't try to be the next Tony Montana:
Blackberry messages helped police crack Montreal Mafia ring | Toronto Starendevour likes this.11-06-14 06:50 AMLike 1 -
- For those courageous few, I offer you the RED pill(s)
The Danger of Fetishizing BlackBerry Messenger Security | Technology, Thoughts & Trinkets
https://citizenlab.org/
For those less so, I offer you the BLUE pill. You can remain in the Matrix ad finem.Last edited by jefbeard911; 11-06-14 at 10:15 AM.
11-06-14 09:36 AMLike 3 - For those courageous few, I offer you the BLUE pill(s)
The Danger of Fetishizing BlackBerry Messenger Security | Technology, Thoughts & Trinkets
https://citizenlab.org/
For those less so, I offer you the RED pill. You can remain in the Matrix ad finem.
http://btsc.webapps.blackberry.com/b...ListHelperImpl
And then admit you are wrong.11-06-14 09:44 AMLike 0 -
- For those courageous few, I offer you the BLUE pill(s)
The Danger of Fetishizing BlackBerry Messenger Security | Technology, Thoughts & Trinkets
https://citizenlab.org/
For those less so, I offer you the RED pill. You can remain in the Matrix ad finem.
Quote: "Decryption is usually mandated because of lawful access requirements that RIM must comply with; the company doesn�t proactively make these messages available in the absence of legal pressures. " is no problem for citizens in the developed countries.
We have rights protecting us from our governments. Criminals do not have these rights. Deal with it.
(I am totally against any mass surveillance, when data are collected for no particular reason, but that's not described in this article here.)
In countries like Russia a person like Tim Cook could be classified as criminal, but I don't see BBRY collaborating with Russia.
Anyways, for certain less stable, uhm,developing countries where the situation with human rights is more problematic, BBRY should re-consider to provide end-to-end encryption for regular BBM or strictly limit the collaboration with the LEA as they did in the past.jefbeard911 likes this.11-06-14 10:08 AMLike 1 - Good point.
BlackBerry Protected offers end to end encryption.
Makes you wonder then, why would BlackBerry need to offer another version of BBM if the original was so secure? hmmmmm...note the sarcasm.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACF
Posted via CB1011-06-14 10:31 AMLike 0 - BlackBerry collects data from their users and will happily hand it over to other parties without your consent. They even say so in their own terms of service agreements!
18. USER DATA
In addition to any disclosures authorized by Section 17, You and Your Users consent and agree that the BlackBerry Group of Companies may access, preserve, and disclose Your or Your Users' data, including personal information, contents of Your communication, or information about the use of the Services functionality and the services or software and hardware utilized in conjunction with the Services where available to us ("User Data"), to third parties, including foreign or domestic government entities, without providing notice to You
In the same terms, BlackBerry spells out what type of personal information they collect:
Personal information Processed may include information such as name, display picture, status and personal messages, email address, telephone number, BBM contact list, language preference, BlackBerry ID or other account credentials, settings, country and time zone, Service Provider information and IP address, information about the use of the Services' functionality and the software and hardware utilized in conjunction with the Services, including device or computer information (for example, device PIN, IMEI, IMSI, UDID, MAC address or similar identifiers, and device model), or other information that may be required by law to be collected. In some cases, address book information, device location data (including real-time location information), calendar and reminder entries, and photos may be accessed
You have to agree to these terms before you can even use BBM. They spell it out in black and white for people, but fools still believe that their personal information is secure just because they are on BBM.Last edited by Witmen; 11-06-14 at 10:51 AM.
Wwhite1036 and solitude1984 like this.11-06-14 10:34 AMLike 2 - Hey, its 2014, not 2012. BBM on BB10 devices is different. They were talking BBOS. Why don't you be courageous and read the following
http://btsc.webapps.blackberry.com/b...ListHelperImpl
And then admit you are wrong.
"BBM encryption key: The BBM encryption key is a Triple DES 168-bit key. A BlackBerry device uses this key to encrypt BBM messages that it sends to other BlackBerry devices, Authenticate and decrypt BBM messages that it receives from other BlackBerry devices. Each device uses the same global BBM encryption key, which BlackBerry adds to the device during the manufacturing process."
Bla bla bla..This is old news.
Note the last sentence.."each device uses the same global BBM encryption key..."
Come back when you have a reputable security source mentioning this method as a good one for secure messaging. You won't find one.
The 2012 doc I linked above is accurate in its description of BBM's encryption protocol currently used in 2014. Nothings changed.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACFLast edited by jefbeard911; 11-06-14 at 10:35 PM.
eyesopen1111 and solitude1984 like this.11-06-14 10:38 AMLike 2 - Good read, but this article clearly says that there is no mass surveillance
Quote: "Decryption is usually mandated because of lawful access requirements that RIM must comply with; the company doesn�t proactively make these messages available in the absence of legal pressures. " is no problem for citizens in the developed countries.
We have rights protecting us from our governments. Criminals do not have these rights. Deal with it.
(I am totally against any mass surveillance, when data are collected for no particular reason, but that's not described in this article here.)
In countries like Russia a person like Tim Cook could be classified as criminal, but I don't see BBRY collaborating with Russia.
Anyways, for certain less stable, uhm,developing countries where the situation with human rights is more problematic, BBRY should re-consider to provide end-to-end encryption for regular BBM or strictly limit the collaboration with the LEA as they did in the past.
Carrier and manufacture initiated surveillance is a whole nother issue. I'm not sure BlackBerry has the balls to deny a NSA request for user information.
This is why I prefer other messenger services that offer ephemeral, self destructing messages and are client to client, not client to server, server to client.
Anyway, I hoping BlackBerry will shore up BBM and/or offer BlackBerry Protect to consumers, but I don't see that happening.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACF11-06-14 10:43 AMLike 0 - For those courageous few, I offer you the RED pill(s)
The Danger of Fetishizing BlackBerry Messenger Security | Technology, Thoughts & Trinkets
Also: Blackberry needs to support OpenVPN soon or I may move on.
Posted via CB10jefbeard911 likes this.11-06-14 11:04 AMLike 1 -
-
Regulator directs GP, Airtel to discontinue BlackBerry services11-06-14 11:11 AMLike 0 -
I love my BlackBerry, but it is not a religion to me. I come here in search of answers to problems and to hopefully debate areas where BlackBerry could and should become better.
More and more such debate is not accepted around here.
Posted via CB10jefbeard911 likes this.11-06-14 11:22 AMLike 1 - Tre LawrenceBetween RealitiesThat's exactly what I was thinking. This place is turning more and more into a cult.
I love my BlackBerry, but it is not a religion to me. I come here in search of answers to problems and to hopefully debate areas where BlackBerry could and should become better.
More and more such debate is not accepted around here.
Posted via CB10
Notice that the members/staffers that are probably most keyed into to BBRY affairs don't buy into the illogical nonsense.jefbeard911 likes this.11-06-14 11:29 AMLike 1 - That's exactly what I was thinking. This place is turning more and more into a cult.
I love my BlackBerry, but it is not a religion to me. I come here in search of answers to problems and to hopefully debate areas where BlackBerry could and should become better.
More and more such debate is not accepted around here.
Posted via CB10
Once I started using Blackberry devices and mostly since BB10, I have found Blackberry to be the best communication device and the best ecosystem that doesn't tie your hands in moving from it. My experience with Apple is one that I dread and I will never us the products again personally as I want choice. Blackberry gives that to me with an open reliable product.
There are many that people like yourself call a cult, but there are so many armchair CEOs, developers, marketers, etc that make suggestions and comments that I find laughable. Debate is good, but at least have good ideas.Superdupont 2_0 and jefbeard911 like this.11-06-14 12:05 PMLike 2 - I'm only going to give this thread a one line sentence. Here it goes, BlackBerry is as secure as the governing body allows it to be. Blackberry rocks the house! Sorry, two sentences.
Posted via CB10jefbeard911 likes this.11-06-14 12:20 PMLike 1 - Yeah, agreed.
Carrier and manufacture initiated surveillance is a whole nother issue. I'm not sure BlackBerry has the balls to deny a NSA request for user information.
This is why I prefer other messenger services that offer ephemeral, self destructing messages and are client to client, not client to server, server to client.
Anyway, I hoping BlackBerry will shore up BBM and/or offer BlackBerry Protect to consumers, but I don't see that happening.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACF
BlackBerry should consider a client to client model with encryption end to end.
The competition is becoming more fierce, besides the messengers mentioned in the report, there are more in beta.
Take Bleep and Ricochet for example that according to initial reports take into account metadata besides all the other security features.
It's becoming a crowded space.
Posted via CB10jefbeard911 likes this.11-06-14 12:26 PMLike 1 -
And actually the recent ZDnet article I posted above indicates that BBRY was acting quite ethically over the last years.
Anyways, if someone is belonging to any "persecuted minority" and doesn't live in a stable democracy: BBM is not for you (by design), sorry.
Uhm, if I am not misleaded BBM is client-to-client.
The server in between is just ensuring authentication to keep MITM attackers out. That's also why governments can't read the traffic without help from BBRY.
How do your messengers clients find each other without a server in between?Bluenoser63 likes this.11-06-14 01:04 PMLike 1 - The biggest problem with BBM is missing end-to-end encryption, simple as that. And if other messengers do have it (like BBM protected does), it does make those automatically better for any person seriously considering their privacy.
People who know crypto would never use the standard issue BBM for any important stuff that should not be decrypted by adversaries, period.
It's funny how many people are rushing to defend BlackBerry when they don't even know the meaning of those features tested. Not everyone needs all the features, and BBM is lacking in some departments, that's just a simple fact.
BlackBerry should give us S/MIME and PGP capabilities!jefbeard911 likes this.11-06-14 05:29 PMLike 1 - OOOOOOH? I'm throwing the BS flag on the for this statement. Bangladesh banned BB phones for exactly the security issue.
Regulator directs GP, Airtel to discontinue BlackBerry services
No worries. I'll concede. I'm too tired to aruge..lol...anyway, thanks.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACF11-06-14 07:53 PMLike 0 - I have carefully read all revelations from Edward Snowden. There is no single hint that BBRY was in bed with NSA.
And actually the recent ZDnet article I posted above indicates that BBRY was acting quite ethically over the last years.
Anyways, if someone is belonging to any "persecuted minority" and doesn't live in a stable democracy: BBM is not for you (by design), sorry.
Uhm, if I am not misleaded BBM is client-to-client.
The server in between is just ensuring authentication to keep MITM attackers out. That's also why governments can't read the traffic without help from BBRY.
How do your messengers clients find each other without a server in between?
I didn't say that BlackBerry HAD given info, just that I thought they may be vulnerable to a NSA request.
I'll get back to you in you C-2-C question. I'm interested in the details too.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACF11-06-14 07:59 PMLike 0 - The biggest problem with BBM is missing end-to-end encryption, simple as that. And if other messengers do have it (like BBM protected does), it does make those automatically better for any person seriously considering their privacy.
People who know crypto would never use the standard issue BBM for any important stuff that should not be decrypted by adversaries, period.
It's funny how many people are rushing to defend BlackBerry when they don't even know the meaning of those features tested. Not everyone needs all the features, and BBM is lacking in some departments, that's just a simple fact.
BlackBerry should give us S/MIME and PGP capabilities!
Everyone is, "trust me, we won't do harm". Out of BB, Google and Apple, my personal trust is in BlackBerry. It's been shown time and time again, Apple TRIES really, really, hard, but epic fails over and over.
There are better write ups including the one by the initial researcher who counterpoints Apples response. This isn't it, this is just the first google hit. Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attackjefbeard911 likes this.11-06-14 08:59 PMLike 1 -
I'm using TorGuard now which is one of two I've found supporting IKEv2. The other is PureVPN. I happen to like TorGuard's privacy policy and methods better. Of course I'm paying a little ($30USD/6 months) for it but that's ok.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACFnah.uhh likes this.11-06-14 10:40 PMLike 1
- Forum
- BBM Central
- General BBM Chat
BBM one of the least secure messaging platforms, based on this EFF report
Similar Threads
-
Why won't my BB Bold 9900 turn on?
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 12-05-14, 03:15 PM -
Financial Post Article on Chen's one year at BlackBerry
By Grafic111 in forum General BlackBerry News, Discussion & RumorsReplies: 13Last Post: 11-08-14, 12:35 AM -
New bbm force close
By Hendri kusliawan in forum General BBM ChatReplies: 3Last Post: 11-04-14, 09:02 PM -
My blackberry internet service is not connected how to connect on bold 9700?
By CrackBerry Question in forum Ask a QuestionReplies: 2Last Post: 11-04-14, 12:04 PM
LINK TO POST COPIED TO CLIPBOARD