[georg4BB]

OMG, this is an absolute disaster for BBM in Germany... And on top of that, Germany has never been a BBRY-country. I think, Threema and Telegram will be the winners here with WhatsApp as #1. It's a pity though but in order to gain anything in Germany BB really has to offer sth great.

I agree. The damage is limited because there is almost nothing to damage here, LOL.
But having lunch with my colleagues was like wearing a duncecap. All time joking that BBM / Blackberry is NOT better than Android / Facebook / Whatsapp, when it comes to privacy, hahaha. It's a hard time now to be a BB fan in Germany.

Despite this, BB still has a good reputation in companies, so this will not hurt the enterprise section, IMHO.
BBM protect might help in the future. But for now BBM as a consumer platform is almost done in Germany.

It will be interesting if BB will react with a Press Release... there are still some points in the review which need clarification.

[web99]

"Stiftung Warentest" is not a random device test magazine. It's THE test-institution and the results are in the public perception infallible.
Today the media is full with stories about Whatsapp user switching to Threema because of the Facebook deal. To make it clear, in Germany the privacy issue is strongly discussed in in the media right now, and a lot of people do care.
It's a big slap in the face of german BBM fans, who try to promote this platform. Consumer who don't care about privacy will stay with Whatsapp, and the others will go to Threema, not BBM for sure.
When I try to promote BBM now I will earn a big laugh...

For regular consumers, security in messaging services/platforms are not as big a factor as you are implying. Otherwise WhatsApp would not have a userbase of 450 million and would not have sold for 19 billion dollars. If security was a big factor for the regular consumer in determining what social applications they use then SnapChat, Instagram, Facebook would not be thriving. So for the regular consumer for general messaging it is not.

For corporate consumers, BlackBerry is addressing that. If you listed to BlackBerry CEO Chen's presentation 2 days ago at the Mobile World Congress in Barcelona, Spain. You will see that they are going to be introducing eBBM, which is the corporate version of BBM for companies, with a heavy emphasis on security. So if your concerns are regarding security for companies and corporate users, BlackBerry already has a solution.

BlackBerry Ltd rolls out new phones, eBBM, enterprise messaging service, as part of comeback strategy | Financial Post

As well, BlackBerry unveiled eBBM Suite, a new messaging platform for enterprise users in regulated industries which is designed to tie the company�s popular BlackBerry Messenger (BBM) technology deeper into its security infrastructure.

[BallRockReaper]

Stiftung Warentest writes a test about mobile security is like a chicken writes a test about nuklear power. If you read all they wrote you see that there are no specs about how they tested. If you check the spell of BlackBerry you see they have no deeper knowledge. If you read all tests you see that they are against BBM. They wrote nothing against Threema which uploads your phone book to their server like WhatsApp is doing. They did not check that you can change all Threema chats without any problem (open it from a PC and you won't find any encryption). Wow! This is security. Not worth to spend time in reading Stiftung Warentest.

If you are reading this, congrats you know how to read.

[SirJes]

Stiftung Warentest writes a test about mobile security is like a chicken writes a test about nuklear power. If you read all they wrote you see that there are no specs about how they tested. If you check the spell of BlackBerry you see they have no deeper knowledge. If you read all tests you see that they are against BBM. They wrote nothing against Threema which uploads your phone book to their server like WhatsApp is doing. They did not check that you can change all Threema chats without any problem (open it from a PC and you won't find any encryption). Wow! This is security. Not worth to spend time in reading Stiftung Warentest.

If you are reading this, congrats you know how to read.

*2

Posted via CB10

[bungaboy]

It could not be clarified if bbm uses end to end encryption?

Really? This one line makes me not take this seriously

Posted via CB10

[phsieben]

You are right in so far that their tests of IT products are infamous or at least questionable, especially this one here being a "Schnelltest" = "quickie" as in "not thorough". But the result remains: The damage is done.

The "Stiftung" wags its finger and the common man/woman say: "Nope, that product's not for me."

[wjrcoop]

Apparently Europe is going ga-ga stupid over Threema. Who knows ... it was born on European soil, so they want to stick with the home guy?? I wouldn't expect anything less to come from a European source (or north american if this were reversed) to be honest. The same happened years ago with virus scanners - north america had their favourite, europe had their favourite ... both claimed the other one was bad. The world didn't end.

But on a different note ... I really hope nobody intercepts and steals that picture of the birthday cake I sent to my mother on BBM - could be disastrous!!

[webbert]

BlackBerry, move your marketing ***, a fail test from Stiftung Warentest is Desaster in german speaking regions.

Posted via CB10

[wjrcoop]

You are right in so far that their tests of IT products are infamous or at least questionable, especially this one here being a "Schnelltest" = "quickie" as in "not thorough". But the result remains: The damage is done.

The "Stiftung" wags its finger and the common man/woman say: "Nope, that product's not for me."

... the other term for this is ... sheep

[gdarmy]

WhatsApp und Alternativen - Datenschutz im Test - Schnelltest - Stiftung Warentest

Edit: first ios contact deleted bbm...

I would like to see the test via YouTube. Their comments seem to contradict their allegations, maybe due to translation.

Proof via video is really needed.

[Rjinswand]

I would like to see the test via YouTube. Their comments seem to contradict their allegations, maybe due to translation.

Proof via video is really needed.

They haven't done a video review. What points are you skeptic about? This review was purely about privacy/security matters. You could check out BBMs terms and conditions and find their criticism about them valid.

And about the lack of end-to-end encryption: Why else should they announce this security feature to be coming with BBM Protected if it already was there? And how else could have BlackBerry helped authorities by granting them access to messages (again: not BES connected BBM only)? That wouldn't have been possible with end-to-end encryption: Even if BlackBerry would want to help , they couldn't read the messages as only the one sending and the one receiving it have the key to access it.

[Oddsocket]

BlackBerry need to (at least be seen to) redouble security, and reassure its users. I'm personally not about to walk away from an elegant, stable and well-integrated IM solution on the back of one bum review, but people need to know that BlackBerry are on this, and that security is foremost in their approach.

Especially in this day and age.

Posted via CB10

[berryvic]

Hi everyone, it's Victoria from the BBM team at BlackBerry. We’ve seen this article and we are working on correcting any inaccuracies, and at the very least shedding better light on some of the info from the article.

There are a few really important points being made on this thread so far. One is that when it comes to consumer messaging, people are often more concerned with privacy and protection of personal info than security.... We are very much about putting control of personal information back into our users' hands. We shouldn't be able to share your personal information with other people, just because they have you in a contact list, thus the PIN (or email or NFC or barcode, if you prefer) for inviting and sharing. You should be able to decide if you want to BBM and chat with someone, so we have a double opt-in. We let you decide what Channels you want to follow or want info on. We give options for users to choose how they want to see updates - all, contacts, or just channels. And we layer this on the security we have in BBM. I will circle back with more info on that in greater detail, but we are fact checking first.

For the enterprise, we offer a variety of services and policies to help them manage BBM and with BBM Protected we will offer enhanced encryption as a policy for regulated comms. (Best part? One instance of BBM gives you regulated level encryption and comms for your internal contacts, while still giving access to external contacts with our regular levels of security and control.) We also have policies around logging and auditing already for compliance industries and highly competitive IP industries. We get that they have those needs and we work to provide options to them and their employees.

We're not slowing down and we're continuing to look at the needs of all of our users, in all walks of their lives.

Again, I will share more as I have it. Thanks for your continued support. I'm @berryvic on twitter and I'm vberry at BlackBerry dot com(I am trusting the CrackBerry community with my email and I'm pretty conservative about that usually, even though I'm in PR) and you can always reach out to me. I may not always have an answer and I may not always respond as quickly as you would like, but I always read my emails (on my BlackBerry - how could I not???).

[gdarmy]

They haven't done a video review. What points are you skeptic about? This review was purely about privacy/security matters. You could check out BBMs terms and conditions and find their criticism about them valid.

And about the lack of end-to-end encryption: Why else should they announce this security feature to be coming with BBM Protected if it already was there? And how else could have BlackBerry helped authorities by granting them access to messages (again: not BES connected BBM only)? That wouldn't have been possible with end-to-end encryption: Even if BlackBerry would want to help , they couldn't read the messages as only the one sending and the one receiving it have the key to access it.

Agree no end to end... SIP-TLS is not end to end. From this German article are they suggesting http://www.berryreview.com/2013/12/0...orks-over-sip/ is not secure? I would like to see this test in action.

As for London protesters/rioters/arsonists/(violence) getting caught due to bb giving BBM pin logs to Scotland yard... Well that maybe a legal and/or moral obligation of bb, laws in Canada & agreements with UK (ie. Five eyes)

As for this German company being able to crack the BBM SIP-TLS tunnel, I would like to see that done.

If one is using BBM for basic messages and channels, etc., over data and WiFi, BBM is solid with security for iOS, BB, & Android. And it will only get better.

If one is a government protester or rioter or inciting violence against one another or an anarchist trying to destabilize the political and legal system, then BBM is not the app for that type of person.

Back to SIP-TLS cracking or a sysadmin monitoring a public or private company WiFi and iOS and android BBM users messages being read, that is yet to be proven. If that has been done please post the video link.

[laketrout73]

A full page ad in the major German newspapers, outlining all of the security features in BBM, might be needed to reverse the bad press from this.

Z10 STL100-3 |10.2.1.2141 | Bell | CB10

[gdarmy]

A full page ad in the major German newspapers, outlining all of the security features in BBM, might be needed to reverse the bad press from this.

Z10 STL100-3 |10.2.1.2141 | Bell | CB10

Even the Globe and Mail brief explanation how BBM works would help...

http://m.theglobeandmail.com/technol...service=mobile

Or a more thorough BBM app explanation with graphic would calm the security fears.

[SunshineStateFlyer]

This has impact also on swiss BBM users as the foundation is well known in Switzerland too. One of our major papers has published an article on the test results today.

Personally I only trust the professional IT magazines in this field - like "iX' which is a publication covering mostly IT security concerns. Their view on BlackBerry has, security wise, always been throughout positive. They also came up with one of the best BB10 reviews at launch that I've read.

However this will not help the general IM using folks at all. They got very insecure since the devastating media coverage on WhatsApp recently and they are looking for something new. Some of them are still indecisive but they will certainly be very receptive for such test results. Unfortunately a big lose situation for BlackBerry.

Posted via CB10

[gnirkatto]

I would like to see the test via YouTube. Their comments seem to contradict their allegations, maybe due to translation.

Proof via video is really needed.

No video available.
No translation issues. Although English is not my native language, I'm sure I did a decent job by providing an (almost) 1:1 translation.
I agree, some statements are in conflict with others. But this is exactly what was in the "review".
Maybe a native German or an English speaker with good German language skills wants to confirm my translation to be correct.

[gnirkatto]

So everyone is agreeing bbm is not secure because this company says they couldn't confirm some things about it?


Posted via CB10

With all due respect (and I mean it): No!

This is exactly the attitude that leads nowhere.
They said this and that, therefore they are not believable. Why not just ignore them.

The point is not us here in this forum believeing BB is good and Stiftung Warentest are morons, therefore not worthy to be considered.
As many others stated here, they are THE main testing and reviewing site/company in Germany. They are one of the if not the main influencer for buying decisions being made in the German speaking world. There reviews are being accessed (directly or via press releases or articles) by ~100 million German language speakers in Germany, Austria and Switzerland (Threema is Swiss made by the way), and their influence reaches even further than that through quotes in the foreign language press (foreign from a German language perspective).

The damage is HUGE! Regardless of what WE think of them or of their "review".

BBRY just NEEDS to counter this, in the German press if possible, and we here need to keep the pressure and information flow high, rather than not taking this seriously.

[koebi90]

I'm from Germany too. I have to confess that Stiftung Warentest is THE consumer voice in german speaking Europe and beyond.

Indeed, to say that they couldn't prove whether communication is encrypted or not is quite a evidence of incapacity.

My question is: isn't all of blackberry communication (including BBM) executed through encrypted blackberry servers?

Posted on CB 10 and typed on the best Keyboard ever

[NotGoodIMO]

Stiftung Warentest writes a test about mobile security is like a chicken writes a test about nuklear power. If you read all they wrote you see that there are no specs about how they tested. If you check the spell of BlackBerry you see they have no deeper knowledge. If you read all tests you see that they are against BBM. They wrote nothing against Threema which uploads your phone book to their server like WhatsApp is doing. They did not check that you can change all Threema chats without any problem (open it from a PC and you won't find any encryption). Wow! This is security. Not worth to spend time in reading Stiftung Warentest.

If you are reading this, congrats you know how to read.

Stiftung Warentest sounds like a German Engadget to me, always ready to bash Blackberry. The problem with WhatsApp is not that it lacks security, the problem is that Facebook will look at all your data and share with god knows who. If WhatsApp security was a problem then it wouldn't have grown like weed in these last few years when Blackberry was in deep slumber. Also, using phone number is a big issue with WhatsApp. BBM method of using pin instead of phone number is a good enough reason for me to switch to BBM. Also, Blackberry is known for sticking to its privacy policies.

[NotGoodIMO]

Hi everyone, it's Victoria from the BBM team at BlackBerry. We’ve seen this article and we are working on correcting any inaccuracies, and at the very least shedding better light on some of the info from the article.

There are a few really important points being made on this thread so far. One is that when it comes to consumer messaging, people are often more concerned with privacy and protection of personal info than security.... We are very much about putting control of personal information back into our users' hands. We shouldn't be able to share your personal information with other people, just because they have you in a contact list, thus the PIN (or email or NFC or barcode, if you prefer) for inviting and sharing. You should be able to decide if you want to BBM and chat with someone, so we have a double opt-in. We let you decide what Channels you want to follow or want info on. We give options for users to choose how they want to see updates - all, contacts, or just channels. And we layer this on the security we have in BBM. I will circle back with more info on that in greater detail, but we are fact checking first.

For the enterprise, we offer a variety of services and policies to help them manage BBM and with BBM Protected we will offer enhanced encryption as a policy for regulated comms. (Best part? One instance of BBM gives you regulated level encryption and comms for your internal contacts, while still giving access to external contacts with our regular levels of security and control.) We also have policies around logging and auditing already for compliance industries and highly competitive IP industries. We get that they have those needs and we work to provide options to them and their employees.

We're not slowing down and we're continuing to look at the needs of all of our users, in all walks of their lives.

Again, I will share more as I have it. Thanks for your continued support. I'm @berryvic on twitter and I'm vberry@blackberry dot com (I am trusting the CrackBerry community with my email and I'm pretty conservative about that usually, even though I'm in PR) and you can always reach out to me. I may not always have an answer and I may not always respond as quickly as you would like, but I always read my emails (on my BlackBerry - how could I not???).

I love the new Blackberry.

[gnirkatto]

My question is: isn't all of blackberry communication (including BBM) executed through encrypted blackberry servers?

This is what I though too.
But I don't know. There were some discussions here in the early BB10 times, of encryption now happening on the devices or so, if I remember correctly. But then the topic became kind of stale...until now.
This is why I think that BB has to react, now that the topic is hot again. They are the only ones who can provide full clarity. Long term BB experience tells that there will be nothing. I hope JC changed this and proves me to be wrong.

P.S. I had 3 (!) BBM friends (all on iOS) who decided to join Threema today, due to uncertainity created by this review. And another one is begging for solid information, as one of his friends that he converted is now laughing at him.

[gnirkatto]

@ berryvic: thanks for your reply. I hope you are real.
Desperately waiting for more information, to help us to preserve all the users that we painfully converted to BBM, for BBM. And to convert even more.
If you have questions, pls PM me here.

[gdarmy]

This is why I think that BB has to react, now that the topic is hot again. They are the only ones who can provide full clarity. Long term BB experience tells that there will be nothing. I hope JC changed this and proves me to be wrong.

BBM sent this info which doesn't help iOS and android BBM app users.

"BBM Protected will use FIPS 140-2 approved cryptographic libraries and symmetric encryption keys for an unrivalled level of trust in BBM message encryption."

eBBM/Protected is only for bb10 devices.

If BBM Protected was open to all BBM users not connected to an org/corp that would be great.

As for iOS & Android BBM app users, I am still quite confident that this German consumer mag has not been able to hack into the super secure BBM app SIP-TLS tunnel to BBM servers to get individual pin information. I think this German company should show proof, physical proof via video.