LibreSignal is like Signal – the private WhatsApp and SMS service – but without using requirement for GooglePlay. So people with alterntive firmwares on their phones (CyanogenMod) can use it as well.

Is it a fake alternative that started off with good intentions?

Unfortunately only the client-source is transparent – not the server side.

WhatsApp (Facebook) bought into it.

In the age of InfoWars – look closely – and always follow the trail of the money…

“ The UK government could conceivably ban messaging companies that offer end-to-end encryption from operating in the UK. However, it is not clear how you would enforce that – and indeed it would be the people who do not want to be monitored who would find ways to avoid it.“ (src: TheGuardian)

alternatives to the alternative: What about XMPP?

Install your own server: https://www.ejabberd.im/

community server edition: https://www.process-one.net/en/ejabberd/downloads/

and use conversations: https://conversations.im/

Financing

The project is financed by an unknown number of anonymous donations of private entities via the Freedom of the Press Foundation.[58]

Known funds also come from the Knight Foundation,[59] Shuttleworth Foundation,[60] and Open Technology Fund,[61] a US-gov subsidies program, that in the past also financed projects like Tor and the Cryptocat chat app. (interessssssting…..) (src: translate from German Wikipedia https://de.wikipedia.org/wiki/Signal_(Messenger)#Finanzierung)

Audits

In October 2014 scientists of the Ruhr-Universität Bochum, University of Oxford, Queensland University of Technology and McMaster University analyzed the TextSecure-Protokoll discovered an vulnerability (key-share attack), but concluded that the protocol was in general secure.[62][63]

The result was that it is in general „secure“ and implements Forward Secrecy, requirements.[64]

Abstract

Signal is a new security protocol and accompanying app that provides end-to-end encryption for instant messaging.

The core protocol has recently been adopted by WhatsApp, Facebook Messenger, and Google Allo among many others; the first two of these have at least 1 billion active users. Signal includes several uncommon security properties (such as “future secrecy” or “post-compromise security”), enabled by a novel technique called ratcheting in which session keys are updated with every message sent.

Despite its importance and novelty, there has been little to no academic analysis of the Signal protocol.

We conduct the first security analysis of Signal’s Key Agreement and Double Ratchet as a multi-stage key exchange protocol.

We extract from the implementation a formal description of the abstract protocol,
and define a security model which can capture the “ratcheting” key update structure.

We then prove the security of Signal’s core in our model, demonstrating several standard security properties.

We have found no major flaws in the design, and hope that our presentation and results can serve as a starting point for other analyses of this widely adopted protocol.

src: https://eprint.iacr.org/2016/1013.pdf

backup: Analysis of the Signal TextSecure Protocol – key-share attack vulnerability.pdf

Vulnerabilities

„In this paper, we introduce a practical and efficient man-in-the-middle attack against such protocols.. a key recovery that reveals up to 47 % of the generated secret bits“
backup mirror download: Signal Protocol mad in the middle attack pre shared key vulnerability – esorics_camera_ready.pdf
src: https://www.cs.ox.ac.uk/files/7236/esorics_camera_ready.pdf

Possible problems

i am not 100% sure if it’s using Push or Pull… if it’s using Pull expect a high energy consumption and battery drain… would be bad.

„Telegram for example, manage to work without GCM and without any noticeable battery drain.“ (src)

Direct Download:

download: http://dwaves.de/software/apps/LibreSignal_4.6.0_267.apk

sha512sum „LibreSignal_4.6.0_267.apk“

f0a42a14b5ab6d7ccf7d19ddc05752ca42745e1506b702fe1591ee17941c0193e4e8031bcb85c4c44a8dc614ed33dc3765d1f1e383c27a0934b0fcee7da484f5

Also pretty cool – Firefox for Mobile – the alternative Browser to your default (probably Google Chrome based) web browser.

It does automatic updates via WIFI only.

download: http://dwaves.de/software/apps/Firefox Nightly_56.0a1_2015496977.apk

sha512sum „Firefox Nightly_56.0a1_2015496977.apk“

ae25b62ec16263e2010cd0ebf496c8d80d88f1489670e619650520ba84f6ef57a4f5a342ffc0de70ebb941acd85e67da6178d69775c6741b7816aafc44f84d68

those apps were extracted with the incredible

download: http://dwaves.de/software/apps/Apk\ Extractor_3.03_29.apk

fcc8988088ec852ef8e57d094428b0299f0484cb23fde0efed12289a50882c9a469d3d8720a7feea7637e8654cdd1a83f5891d0a773c11d3ca51ceadf556ca8e Apk Extractor_3.03_29.apk

which allows you to export and send and send Apps via Bluetooth or Mail.

LibreSignal for Android

LibreSignal is the Google-Free fork of the original

Signal messaging app for simple private communication with friends.

LibreSignal uses your phone’s data connection (WiFi/3G/4G) to communicate securely, optionally supports plain SMS/MMS to function as a unified messenger, and can also encrypt the stored messages on your phone. Featured on Kuketz IT-Security Blog.

WebSocket Support

For push notifications, Google Cloud Messaging has been completely replaced by WebSocket to directly connect to Open Whisper Systems’s server. It’s done via a modified version of libtextsecure, which has been included as a submodule.

Push vs Pull

Push messaging means – the server can instantly notify the client – pull means the client has a fixed interval in which the client asks the server if the server has updates for the client.

Push is prefered but technologically harder to implement – pull is easier to implement but causes more traffic and energy consumption – energy consumption is critical with the battery powered smartphones.

So Push is definately the way to go.

Push-functionality comes with „Google Cloud Messaging“ (GCM) that come swith the Google Play software.

If you have a custom build firmware withtou Google Play you will have to use alternative services.

On the other hand – nobody expects mail to arrive within seconds.

Unless you use an Exchange-Server and an device that implements the Microsoft ActiveSync-protocoll properly – or P-IMAP there is no instant notification of new mails.

Which seems to be okay for most users.

So it is up to test if users would accept long polling intervals in a chat software… and if it makes a big difference for everyday use or not. It could even make the communication better in quality – because it is more async – take your time and think and write before you send – a lot of people are already stressed by the load of informations storming towards them in a very short time.

http://app-kantine.de/alternative-push-dienste-fuer-android/

http://www.eclipse.org/paho/clients/android/

How is Telegram implementing Push?

Parameters

token_type int Device token type.
Possible values:

1

– APNS

2

– GCM

3

– MPNS

4

– Simple Push

5

– Ubuntu Phone

6

– Blackberry

https://core.telegram.org/method/account.registerDevice

https://core.telegram.org/api/push-updates

https://tutorials.botsfloor.com/push2me-your-personalised-telegram-push-notification-96143587b9c8

with this? https://www.pushbullet.com/

What is strange:

WhatsApp (Facebook) hires OpenWhisperSystems to implement encryption for WhatsApp?

This is super-strange. As if Facebook has not the money or staff to do it themselves?

Facebook is basically drowning in money – making Mr Zuckerberg the 6th dollar-wise-richest dude on this planet.

I guess like the Google buying into Mozilla – which in my opinion, was more about extraction know-how and destruction of competition – than a real attempt to increase privacy for it’s users.

https://whispersystems.org/blog/whatsapp-complete/

About WhisperSystems

Whisper Systems
Industry Encryption software, Mobile software, Mobile security
Fate Acquired by Twitter
Founded 2010
Founders
Defunct November 28, 2011
Headquarters San Francisco, California, U.S.
Website www.whispersys.com
See Archived 17 January 2013 at the Wayback Machine.

Open Whisper Systems is making private communication simple.

We design open protocols, develop Open Source software, and give it away for free.

It’s challenging work, and we pay ourselves to take it on, but we’re not a business (?).

We started this project because we think making things is fun, privacy is valuable, and cryptography is remarkable.

Working at Open Whisper Systems is an opportunity to collaborate with passionate people in an environment where it’s possible to be creative and effective.

Jobs: Android Developer: Is the pleasure center of your brain directly wired to the experience of a slick UX or a nice animation? Do you hunt down memory leaks and StrictMode violations for fun? We’re looking for someone with deep knowledge of the Android framework and an equally strong intuition for pairing beautiful app experiences with beautiful code. You’ll be the architect of major features, making your code available to the world. You don’t need to be a security expert; it’s knowing how to make complicated systems simple to use that’s at the heart of what we do.

These are full-time positions in our San Francisco office or remote (US only).

Sorry, we are not seeking interns at this time.

https://whispersystems.org/workworkwork/

List of instant messengers:

https://de.wikipedia.org/wiki/Liste_von_mobilen_Instant-Messengern

admin