BBM not as secure as Apple?
-
Posted on my Model M11-01-16 07:03 PMLike 0 - That's the point, which I think is clear now. Everyone seriously participating in this thread seems to acknowledge that end-to-end encryption is not the necessary and sufficient condition to ultimate security and privacy.
I hope it's also agreed that "better than" depends--just as "secure enough" depends--on what the user needs.
It seems BB think e2e encryption is so valuable that people will actually pay extra for it.JeepBB and Dunt Dunt Dunt like this.11-01-16 08:37 PMLike 2 - Reading the report (with a focus on BBM security, as I only use that system right now) , I think the scoring is fair. Anyone who has a bit deeper knowledge of cryptography and security knows that the default BBM chat falls short in terms of security when compared to the likes of Apple or Whatsapp. I'm a bit sad that they did not include Signal, as I believe it would have come in first place, but it's probably not known enough.
Posted via CB1011-02-16 04:46 AMLike 0 - Reading the report (with a focus on BBM security, as I only use that system right now) , I think the scoring is fair. Anyone who has a bit deeper knowledge of cryptography and security knows that the default BBM chat falls short in terms of security when compared to the likes of Apple or Whatsapp. I'm a bit sad that they did not include Signal, as I believe it would have come in first place, but it's probably not known enough.
Posted via CB10
By doing just basic research, I think chatsecure with omemo on IOS and conversations on Android are possibly THE most secure and private cross-platform messaging solutions. Better than Signal because they don't need phone numbers, or Google play services, but a bit more difficult to set-up.
Posted via CB1011-02-16 06:39 AMLike 0 -
I don't want to speak for BlackBerry, but I still say it is obvious that it thinks it is offering added value at a fair market price, and end-to-end encryption is part of that service. Is that a realistic assessment on their part--added value at a fair market price? I don't know.11-02-16 06:42 AMLike 0 - I've noticed remarks like that a lot. Either it is an attempt to be dismissive, or perhaps we have read the thread and taken different interpretations. Whatever. I think I've been clear what thoughts I was addressing and the reasoning behind my comments. Anyone else is free to do the same.11-02-16 06:46 AMLike 0
- Secure enough means good for your needs. Most people, simple encryption is good. People that deals with confidential information from clients would need end to end encryption. Government would need higher grade11-02-16 07:10 AMLike 0
-
One more opinion from me. There are many reasons someone who is law abiding would want or need the message encrypted as it transits the server, and not just encrypted on the transit to and from the server. Could be professional standards or industry regulations that would require it generally as part of confidentiality requirements, and those under such rules would not be the typical consumer user. The point is that these users probably aren't in a position to decide whether standard BBM is secure enough because in a general sense that decision is being made for them irrespective if BlackBerry servers or anyone's servers.11-02-16 08:32 AMLike 0 -
There is no significant tradeoff for achieving end2end encryption, so saying BBM encryption is good enough might not only be false for e.g. human rights activists in certain countries, there is also no need to artificially stay at a lower level of security for most other persons, and that BlackBerry can provide end2end encryption is proven with BBM protected.
Posted via CB1011-02-16 11:42 AMLike 0 - I've noticed remarks like that a lot. Either it is an attempt to be dismissive, or perhaps we have read the thread and taken different interpretations. Whatever. I think I've been clear what thoughts I was addressing and the reasoning behind my comments. Anyone else is free to do the same.
And I'm sorry, I haven't been able to get over when you said:
Everyone seriously participating in this thread seems to acknowledge that end-to-end encryption is not the necessary and sufficient condition to ultimate security and privacy.
Posted on my Model M11-02-16 07:55 PMLike 3 -
This is a fundamental feature of secure communication: I should be able to send you a message such that there is very little chance that someone other than you would be able to read that message or alter that message.
In free BBM, we know that the recipient is not the only person who can read that message. It's not even a case of there being a non-neglible probability that someone can read the message. It is known with certainty that BlackBerry, and very soon another company Emtek, can read every message you send on free BBM.
For some people that may not be an issue. That I understand. However, getting back to the OP's question, by any reasonable definition of security you have to say that BBM is less secure than other choices that are now available. Whether it's "good enough" is of course something each person or family or group or company has to decide.11-02-16 09:13 PMLike 6 - Why would you go for something less secure (no end2end encryption) if the alternative is easy to achieve and used by competitors?
There is no significant tradeoff for achieving end2end encryption, so saying BBM encryption is good enough might not only be false for e.g. human rights activists in certain countries, there is also no need to artificially stay at a lower level of security for most other persons, and that BlackBerry can provide end2end encryption is proven with BBM protected.
Posted via CB10
I don't use BBM cause it's not secure enough nor practical to communicate with my clients.11-02-16 09:37 PMLike 0 -
It also has less features so it gives a chance for people to download many many apps to use to fulfil their needs.11-02-16 10:36 PMLike 0 - Yet, you haven't noticed the posts where BBM's shortcomings have been described?
And I'm sorry, I haven't been able to get over when you said:
which is false. End to end encryption is very much a necessary pre-requisite for security and privacy of communication (and communication over the internet especially). Perhaps the "not" in that statement was a typo? Perhaps it was egregiously misworded and you never meant to imply that you can have security and privacy (again, particularly in networks) without trustworthy end to end encryption?
Posted on my Model M11-03-16 06:37 AMLike 0 -
...end-to-end encryption is not the necessary and sufficient condition to ultimate security and privacy- e2ee is neither necessary nor sufficient? or
- e2ee is necessary but is not not sufficient? or
- e2ee is sufficient, but not necessary?
If you are saying (2) then I would agree.aiharkness likes this.11-03-16 09:55 PMLike 1 - Maybe you could clarify what you meant. Here is the quote again:
Which of these are you saying:- e2ee is neither necessary nor sufficient? or
- e2ee is necessary but is not not sufficient? or
- e2ee is sufficient, but not necessary?
If you are saying (2) then I would agree.
First, I should be clear. I think the ability to communicate privately and securely is a human right. When the authorities want to keep the ability to encrypt from you, that is reason enough to use it. Exercise your rights.
So, "necessary and sufficient".... I mean #2
A requirement or set of requirements that must be met in order to achieve a purpose may be only the subset of steps necessary. It may not be all of the requirements or steps.
The full, or complete set of requirements, or steps, or procedures, or pick your term, that must be practiced or performed in order to achieve the intended purpose is the necessary and sufficient set.
I sense that many--not just here, but on other forums as well--believe that end-to-end encryption is the be all and end all--the necessary and sufficient condition--to complete and total privacy and security. I have been arguing that it is not. I hope I have swayed some opinions.
As I say, I believe people should exercise their rights, and no time like the present to do it; but just understand the service(s), understand what it does, understand what it doesn't do, etc.11-04-16 06:46 AMLike 0 - There is a big debate here in Canada about what police can or cannot do because it was unearthed that authorities where monitoring a journalist's iPhone.
The reason why this matters is that they wanted to know the source of that journalist, and it was in regard to an investigation about the police.
That brings up a whole lot of questions: should all communications be encrypted to prevent abuses by the authorities? If that happens, then what can authorities do vs the real criminals?
Also carriers has tons and tons of information about us. Recently, police sent out 7500 text messages to cellphone users that was connected to a specific cell tower on a certain day at a certain time... looking for witnesses to a murder. This proved that with the best end to end encryption, surveillance can still be achieved with crazy precision.11-04-16 12:24 PMLike 0 -
Not arguing. Just trying to get all the information.
If too far afield from the topic, I understand.11-04-16 12:43 PMLike 0 - There is a big debate here in Canada about what police can or cannot do because it was unearthed that authorities where monitoring a journalist's iPhone.
The reason why this matters is that they wanted to know the source of that journalist, and it was in regard to an investigation about the police.
That brings up a whole lot of questions: should all communications be encrypted to prevent abuses by the authorities? If that happens, then what can authorities do vs the real criminals?
Also carriers has tons and tons of information about us. Recently, police sent out 7500 text messages to cellphone users that was connected to a specific cell tower on a certain day at a certain time... looking for witnesses to a murder. This proved that with the best end to end encryption, surveillance can still be achieved with crazy precision.
What you mention about the journalist is happening not just in Canada. Not just with smartphones. And those doing the snooping probably didn't need the contents of the communication to identify the journalist's source. Of course, those doing the snooping would probably be happy to have the contents of the communication; but to just identify the source, odds are they didn't need it.
The balance between protecting your rights and not unreasonably hindering the authorities is a tough one. I'm not even sure of my word choice, "unreasonably hindering". On one hand, I really, truly believe what I wrote above. Use of encryption is your right. I also think that authority tends to gradually want it all, "it" being control, information, data, the ability to read anyone's communication without any bureaucratic hassles if the need arises, whatever. If you and some critical mass of others don't exercise your rights, you and everyone will lose those rights a bit at a time. But on the other hand, when we are talking about the authorities, we know that they have the resources and the manpower to accomplish whatever they want to accomplish. Encryption doesn't make them incapable just as the authorities are not incapacitated by "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." (off course, where these rights are recognized)
Forget the carriers. That's a drop in a very big, gigantic bucket. Look up the story on the law-abiding Florida guy who was stopped when driving through Maryland and searched because he has a carry permit in Florida. The system in use by the authorities scanned his tag automatically as he entered or exited a tunnel on I-95, looked him up automatically, showed that he has a carry permit in Florida, and from there the authorities pulled him and over and searched him and his vehicle looking for a gun (which he didn't have, by the way). The gun part of the story is incidental. Tons of commercial entities and state and federal government agencies have all kinds of information on you, and it is shared and sold, and it is retrievable and actionable in real time, depending on the intent and motives of those doing the looking and acting.Last edited by aiharkness; 11-04-16 at 01:35 PM.
11-04-16 01:19 PMLike 0 - I started searching and reading on Emtek partly because of its mention in this thread and another BBM thread (BBM enterprise). I haven't followed it closely so I probably have missed something. Do you have a link, or links, or remember the source? So far what I've read is Emtek is licensing tech and will have use of APIs to deliver content. This is different from the impression I'm getting from the threads is what you say here, that Emtek is taking over the consumer BBM and what was BBM protected (and now BBM Enterprise?) on iOS and Android platforms. ....
Not arguing. Just trying to get all the information.
If too far afield from the topic, I understand.
As Emtek advances the platform for the consumer market, BlackBerry will continue to advance the platform for enterprise with BBM Protected, the world’s most secure cross-platform messaging service. BBM Protected provides enterprise-grade messaging for Android, iOS, BB10 and BBOS, and enables users to stay connected and engaged with each other through real time messaging, voice and video communications.
But everything I seen indicates the Emtek is now the Global licensee for BBM (not Protected)... Have to wonder what if anything they care about users outside of the Indonesian market?11-04-16 01:43 PMLike 0 - Like you, I'm another person who is seriously participating in this thread who also believes that e2e encryption is necessary (but not sufficient) to consider communication as secure.
This is a fundamental feature of secure communication: I should be able to send you a message such that there is very little chance that someone other than you would be able to read that message or alter that message.
In free BBM, we know that the recipient is not the only person who can read that message. It's not even a case of there being a non-neglible probability that someone can read the message. It is known with certainty that BlackBerry, and very soon another company Emtek, can read every message you send on free BBM.
For some people that may not be an issue. That I understand. However, getting back to the OP's question, by any reasonable definition of security you have to say that BBM is less secure than other choices that are now available. Whether it's "good enough" is of course something each person or family or group or company has to decide.
So, a quibble. Yes, I understand that standard BBM messages transit the BlackBerry servers in a form that is readable by BlackBerry or anyone that BlackBerry assists, and by anyone who captures those messages in the "scrambled" form who also has the global key. To state succinctly , those standard BlackBerry messages as they transit the BlackBerry servers can be read, as you state.
However, "can happen" is not the same as "will happen", and it doesn't necessarily mean catastrophe if it does happen. I'm not making a I-don't-have-anything-to-hide-so-I-don't-care argument. Rather, I'm saying your potential jeopardy isn't just assessed by the vulnerability, but by the probability that vulnerability will be used, and the consequences for you if it is.
Personally, I was fine with standard BBM. Again, I'm not making the I-don't-have-anything-to-hide statement, just saying that in the big picture I was fine. For what it's worth, I'm a BlackBerry enthusiast going way back, and I'm using BBM Protected because I can and I'm exercising my right to use encryption. There is no more to it than that.11-04-16 02:03 PMLike 0 - BLACKBERRY AND EMTEK FORGE PARTNERSHIP TO ACCELERATE AND ADVANCE BBM?S CONSUMER BUSINESS GLOBALLY -
It's not really clear that EMTEK is going to have full operational access, or if they will simple be in control of content. But another article made it sound like they planned to make really big changes to expend BBM to much more than messaging, which would require a lot of changes to be made to the coding. To be honest the first thing I would do if I were Emtek would be to provide e2e encryption so that BBM doesn't further lose it's position in the Indonesian market where MOST of the BMM users are.
But everything I seen indicates the Emtek is now the Global licensee for BBM (not Protected)... Have to wonder what if anything they care about users outside of the Indonesian market?
It also isn't clear, but sounds like Emtek's license is restrictive to Indonesia. The phrase about the partnership helping extend BBM globally could simply be marketing for this is a piece in our (BlackBerry and BBM) plans to expand globally.
I have to add, it seems BlackBerry can't catch a break. First they aren't doing enough to give people a reason to buy and use BlackBerry products (which is undeniably true, in my opinion), but then they catch flak for trying. I'd love to see a partner with a license in the USA or North America that would expand BlackBerry Channels to its potential. Probably never going to happen. But I wouldn't complain if it did happen.
Anyway, I'm still not seeing where Emtek is going to be reading my communications with contacts if I was using standard BBM. If someone is reading between the lines and making an argument that it could go that way, who knows, maybe so.11-04-16 02:44 PMLike 0 - Yeah. Not clear to me that Emtek would be anything more than a content provider, or would have access to anything other than what is involved it interaction with the components Emtek provides. I could be missing something, but that's the way I read what I've found.
It also isn't clear, but sounds like Emtek's license is restrictive to Indonesia. The phrase about the partnership helping extend BBM globally could simply be marketing for this is a piece in our (BlackBerry and BBM) plans to expand globally.
I have to add, it seems BlackBerry can't catch a break. First they aren't doing enough to give people a reason to buy and use BlackBerry products (which is undeniably true, in my opinion), but then they catch flak for trying. I'd love to see a partner with a license in the USA or North America that would expand BlackBerry Channels to its potential. Probably never going to happen. But I wouldn't complain if it did happen.
Anyway, I'm still not seeing where Emtek is going to be reading my communications with contacts if I was using standard BBM. If someone is reading between the lines and making an argument that it could go that way, who knows, maybe so.
But the little I've read about Emtek's plans, is they plan to turn BBM into a entertainment portal and and advertising meca. I doubt that can be done without a big change to the code. But I also doubt it can be done without killing the reason most use BBM in the first place. I've kinda wondered why BlackBerry didn't do a BBM lite and drop the Channels features after that flopped. I think it might make for a more streamline product.... But then I don't know... maybe Channels is a success over in Indonesia and that is what Emtek plans to build on.11-04-16 03:04 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
BBM not as secure as Apple?
Similar Threads
-
bbm fails to get HD picture
By wg7 in forum General BBM ChatReplies: 14Last Post: 04-09-17, 10:33 AM -
priv wont turn on, shows charging but not charging
By CrackBerry Question in forum Ask a QuestionReplies: 10Last Post: 12-30-16, 03:08 PM -
Hangouts not working after follwoing Cobalts steps
By CrackBerry Question in forum Ask a QuestionReplies: 2Last Post: 12-22-16, 09:11 AM -
Smart Lock facial recognition does not apper to be doing anything?
By F2 in forum BlackBerry PrivReplies: 16Last Post: 10-23-16, 03:46 PM -
So will Chen pull plug on BBM at some point?
By prplhze2000 in forum General BlackBerry News, Discussion & RumorsReplies: 11Last Post: 10-21-16, 03:16 PM
LINK TO POST COPIED TO CLIPBOARD