top | item 17196089

(no title)

lqdc13 | 7 years ago

Regarding SMS interception, you can do it with every other messenger that uses this technique, which is basically every messenger that doesn't use passwords.

Regarding the nonce attack, it looks like the devs responded and said it was because of poor random numbers source on the client, which I personally don't understand as a justification. However, they said they'll remove it in the next update and that nonce has been "0" up until now.

Regardless, all of these messengers for cell phones aren't great if you are paranoid. That's because the hosting company's servers have all kinds of data on you as it is. Your contacts, access to SMS, access to location, camera, mic, photos, and all the files on the device.

This is true for all the messengers that are currently in widespread use.

If you are paranoid, use Pidgin with OTR plugin.

discuss

ryanlol|7 years ago

>If you are paranoid, use Pidgin with OTR plugin.

Don't do that, this is a super bad idea. If you really have to go that way, at least use coyim or something. Definitely not anything libpurple based.

jsjohnst|7 years ago

Keybase.io chat is quite good too.

lqdc13|7 years ago

Why? Because they had a code exec vuln in 2017?

On the CoyIM site it says: "Not yet audited. Do not use for anything sensitive."