[Loc22]

No they have said a couple of times now that Emtek is BBM.... BlackBerry is BMM Protected.

But the little I've read about Emtek's plans, is they plan to turn BBM into a entertainment portal and and advertising meca. I doubt that can be done without a big change to the code. But I also doubt it can be done without killing the reason most use BBM in the first place. I've kinda wondered why BlackBerry didn't do a BBM lite and drop the Channels features after that flopped. I think it might make for a more streamline product.... But then I don't know... maybe Channels is a success over in Indonesia and that is what Emtek plans to build on.

I think it is pretty clear and as you can see that now in Indonesia. EMTEK is providing the content only. They just provide content and additional applications like games, vouchers, reservations services, bill payments, news, music and videos.

In that short period of time EMTEK has already launched these services in Indonesia. I think it is a good strategy.

[app_Developer]

I started searching and reading on Emtek partly because of its mention in this thread and another BBM thread (BBM enterprise). I haven't followed it closely so I probably have missed something. Do you have a link, or links, or remember the source? So far what I've read is Emtek is licensing tech and will have use of APIs to deliver content. This is different from the impression I'm getting from the threads is what you say here, that Emtek is taking over the consumer BBM and what was BBM protected (and now BBM Enterprise?) on iOS and Android platforms. ....

Not arguing. Just trying to get all the information.

If too far afield from the topic, I understand.

There is more clarification here. In classic BBRY fashion their original statements needed clarification days later. This time it was Emtek themselves.


https://www.google.com/amp/s/blog.bb...lackberry/amp/

They explain there's is a new company formed operating as BBM, and that company is a subsidiary of Emtek. Further they say they will operate BBM globally, and have teams globally to do this.

[app_Developer]

BTW, it's also worth noting that BBM's blog refers to "our partnership with BlackBerry". This is pretty clear to me that BlackBerry is no longer operating consumer BBM.

[xtremeled]

Apple market share world wide is not what you think.


Posted via CB10

In all fairness, Apple is a single phone, Android is dozens of phones with many variations of the OS. Apples to Oranges!

[MyNameIsAbey]

No way. Bbm is the most secure one. It wasn't first. But it is now. Just not popular as whatsapp that all.

Posted via CB10

[aiharkness]

There is more clarification here. In classic BBRY fashion their original statements needed clarification days later. This time it was Emtek themselves.


https://www.google.com/amp/s/blog.bb...lackberry/amp/

They explain there's is a new company formed operating as BBM, and that company is a subsidiary of Emtek. Further they say they will operate BBM globally, and have teams globally to do this.

Just reading the article now, but I notice the blog.bbm.com rss feed URL is bbmtek.wordpress.com/feed/.

Disturbing (to me).

Off to read the article at blog.bbm.com.




More....

I guess this is the key sentence: "We have formed a new company, a subsidiary of Emtek’s digital content arm KMK Online to operate as BBM."

The we is presumably BlackBerry and Emtek. The author of the blog post is https://blog.bbm.com/author/bbmatttalbot/

And re BBM versus BBM Protected: "Second, some media outlets reported that BBM is 100% owned by Indonesia. While it’s true that Emtek has licensed the BBM software and intellectual property (IP), and will operate the platform globally and develop it for the consumer market, BlackBerry will continue to advance the platform for enterprise with BBM Protected."

[jope28]

No way. Bbm is the most secure one. It wasn't first. But it is now. Just not popular as whatsapp that all.

Posted via CB10

I tend to be on the side of end-to-end encryption having to be part of the app in order to be considered 'most secure'.
E-2-E encryption doesn't make something secure by itself, but in my opinion, something can't be considered secure nowadays if it's lacking E-2-E encryption.
Of course, encryption alone doesn't make it the most secure, it's that along with other things. Which is why I use BBM Protected.

I don't consider regular BBM as 'secure' especially since that's a relative term. I do consider BBM Protected to be secure, but am worried about the fact that they've made it harder now for new consumers to sign up for BBM Protected.
They now require jumping through some hoops which I didn't have to jump through when I first signed up.
I hope they allow me to renew when my year subscription is up.

 Passport filter-evading the NSA  Make BlackBerry Great Again!

[bobshine]

Also you can have the most secure communication device or application... and it's worthless if it isn't secured on big side. That's the problem with BBM and BBM protect... no matter how strong the encryption on BBM Protect is... if no one uses it, then it won't work

[chain13]

There doesn't seem to be consensus on what "secure enough" means.
To me, end-to-end encryption with private keys is "secure enough" and BBM Protected does a great job of it.

 Passport filter-evading the NSA  Make BlackBerry Great Again!

BBM protected is currently using old method of 3DES, compared to free e2e feature that whatsapp offers with newer stronger AES method, secure enough is not worth paying for buggy messenger app to be called "does a great job". Not to mention that those 3DES protected feature only works perfectly under blackberry environments network. While whatsapp's full feature applied to common available networks.

[eshropshire]

In all fairness, Apple is a single phone, Android is dozens of phones with many variations of the OS. Apples to Oranges!

People need to understand the difference between the high end phone market and the low end market. Apple completely dominates the high end market and could care less about the low end. Look at Apple's ASP. Also who buys apps and media? High end phone customers. I have several friends who are App developers. They all say the same thing. They make the vast majority of their income from iOS customers.

Microsoft tried to penatrate the smartphone market with low end phones. I think they achieved around 5-6% of the market. In the end it did not do anything for them because App developers quickly realized none of their low end customers bought apps. Microsoft has now abandoned this strategy and is about out of the mobile market.

[aiharkness]

BBM protected is currently using old method of 3DES, compared to free e2e feature that whatsapp offers with newer stronger AES method, secure enough is not worth paying for buggy messenger app to be called "does a great job". Not to mention that those 3DES protected feature only works perfectly under blackberry environments network. While whatsapp's full feature applied to common available networks.

That graphic is from the standard BBM security note. It is not representative of BBM protected.

Following are links to the BBM Protected FAQ and Security Note:

http://ca.blackberry.com/content/dam...tected-faq.pdf

https://help.blackberry.com/detectLa...-security-pdf/

Following is copy and paste from BBM Protected standard and algorithms section, which would seem to contradict what is posted above:

BBM Protected standards and algorithms BBM Protected uses FIPS 140-2 validated cryptographic libraries to ensure that it satisfies the security requirements for protecting unclassified information as defined by the Federal Information Processing Standards.

BBM Protected uses ECC because it offers significant advantages over the most widely used alternative, RSA. BlackBerry uses the ECC implementation that is offered by Certicom, which is a wholly owned subsidiary of BlackBerry. Certicom has been developing standards-based cryptography for over 25 years. Certicom is the acknowledged worldwide leader in ECC, offering the most security per bit of any known public key scheme. For example, a 160-bit ECC key and a 1024-bit RSA key offer a similar level of security. A 512-bit ECC key provides the same level of security as a 15,360-bit RSA key.

BBM Protected standards

BBM Protected uses the following standards for signing, encrypting, and hashing, which meet or exceed the NIST Suite B cryptographic guidelines:

� Digital signature standard FIPS 186-4: provides a means of guaranteeing the authenticity and non-repudiation of messages

� AES symmetric encryption standard FIPS 197: uses agreed symmetric keys to guarantee the confidentiality of messages

� HMAC standard FIPS 198-1: based on SHA2-256 and uses agreed symmetric keys to guarantee the integrity of messages � Cryptographic key generation standard NIST SP 800-133: generates the cryptographic keys that are needed to employ algorithms that provide confidentiality and integrity protection for messages

� Secure Hash standard FIPS 180-4: provides preimage and collision resistant hash functions that are required for secure HMACs, digital signatures, key derivation, and key exchange

BBM Protected algorithms and functions To protect the connection between BBM users during a BBM chat, BBM Protected users exchange public signing and encryption keys using an out-of-band shared secret and EC-SPEKE. These keys are then used to encrypt and digitally sign BBM messages between the devices. BBM Protected uses the following algorithms that are based on NIST standards with 256-bit equivalent security:

� EC-SPEKE: securely exchanges a symmetric key by protecting the exchange with a password

� KDF: securely derives message keys from shared secrets

� One-Pass DH: using one user�s private key and another user�s public key, derives a new shared secret between the users

The algorithms and associated key strengths that BBM Protected implements are:

� AES-256 for symmetric encryption

� ECDSA with NIST curve P-521 for signing

� One-Pass ECDH with NIST curve P-521 for symmetric key agreement

� SHA2-512 for hashing and key derivation

� SHA2-256-128 HMAC for message authentication codes

BBM Protected voice and video calling uses SRTP media streaming and implements the following algorithms and associated key strengths:

� AES-128 in CTR mode for symmetric encryption

� 112-bit salting keys

� BBM Protected messaging for symmetric key transfer

� SHA1 80-bit tag for message authentication and integrity

[aiharkness]

By the way,

https://sharylattkisson.com/apple-ha...ryl+Attkisson)

From the blog at the link:

“We have a team that responds to those requests 24 hours a day. Strong encryption does not eliminate Apple’s ability to give law enforcement meta-data or any of a number of other very useful categories of data,” Apple’s Lisa Jackson tells Clinton campaign chairman John Podesta on Dec. 20, 2015.

[chain13]

That graphic is from the standard BBM security note. It is not representative of BBM protected.

Following are links to the BBM Protected FAQ and Security Note:

http://ca.blackberry.com/content/dam...tected-faq.pdf

https://help.blackberry.com/detectLa...-security-pdf/

I know you just paste all from the document.

Even in BBM protected, blackberry still differentiates the level of security for their devices and android/ios/wp devices (eventhough it's paid). WhatsApp on the other hand implements same level security for all supported OSes (FREE) with better execution (no lag). I could see that BBM prefers using ECC, it might have advantage such as using smaller key than RSA, while RSA using bigger key which lead to more unefficient generating key time. But with mobile chip performance today, generating big key is not a problem anymore. Also bigger key could mean that it will be harder and more durable to break in. WhatsApp also using AES256 for its symmetric alg (I believe its CBC mode since it's using initial value) with SHA256 for hashing digest.

[Prem WatsApp]

BBM is encrypted, but to my knowledge, with a common key. So anyone who has that key can just read your messages

There is a TLS encryption layer on top, iirc... :-)

�   "BB10 dead?" - "Let's dance the Danse MacaBBRY! ... or is it..?" ;-D   �

[keyboardweeb]

There is a TLS encryption layer on top, iirc... :-)

Which isn't very helpful if one is concerned about what might happen when the message passes through BBM infrastructure.

BlackBerry, or Emtek assuming it is true they also have the BBM key, could still potentially decrypt and divulge the contents of any message.

I would be happy to answer. Thanks for asking.

First, I should be clear. I think the ability to communicate privately and securely is a human right. When the authorities want to keep the ability to encrypt from you, that is reason enough to use it. Exercise your rights.

So, "necessary and sufficient".... I mean #2

Thanks for the clarification.

To expand on my own position a bit I believe most, if not all the other factors for secure, private communication exist mainly in service to the necessary encryption. The endpoints must be secure in and of themselves (what good is PGP for example, if the adversary has already swiped my private key by way of malware), the ciphers used should be strong, etc.

Posted on my Model M

[aiharkness]

Thanks for the clarification.To expand on my own position a bit I believe most, if not all the other factors for secure, private communication exist mainly in service to the necessary encryption. The endpoints must be secure in and of themselves (what good is PGP for example, if the adversary has already swiped my private key by way of malware), the ciphers used should be strong, etc.Posted on my Model M

I wouldn't assume those other factors are being provided or performed by the messaging service or its software on your device. I would expect the messaging service to be very specific in its policy about what the service provides and what it doesn't.

I would also ask myself how much I trust that service to honor not just the letter of its policy but the spirit as well.

(And it is a foregone conclusion that any company is going to cooperate with the law in the jurisdictions in which it operates. That sign that this is true is the company continues to operate in said jurisdiction. But what the company tells or implies to its "customers" and its "users" and what it tells the authorities may not be the same things.)

Also, personally, I don't discount the value of meta-data. I know some or many believe the content of the communication is the important piece to protect, and that meta-data isn't that important, but I disagree.

And also, I believe in paying for performance. Nothing is free. Someone is paying for it, and if you are getting it at no cost then you are not the customer, you are the product.

[Loc22]

Also you can have the most secure communication device or application... and it's worthless if it isn't secured on big side. That's the problem with BBM and BBM protect... no matter how strong the encryption on BBM Protect is... if no one uses it, then it won't work

Definitely agree with you. The trouble here is that a lot of people on BBM don't want others to use it. They want to make it difficult find your contacts and add them.

[petkovst]

Snapchat, Skype, BBM not protecting users' privacy, says Amnesty International - Technology & Science - CBC News

Posted via CB10

Oh, that's ridiculous. BBM must have highest security and least irritating inapps marketing prompts than any other vendor. BBM is even worse than Viber in that sense. Once loyal to the brand, I am very disappointed with the decisions they (blackberry) make.