pR0Ps's comments

Actually, if you receive a message from someone using SMSSecure, you'll get a prompt asking if you want to upgrade to a secure session. But yes, there is no way to look someone up and check if they're using SMSSecure.

The detection was actually inherited from TextSecure and works by "tagging" shorter messages with some detectable whitespace after the message contents. A bit of a hack, but it's a limitation of the transport.

Relevant commit: https://github.com/SMSSecure/SMSSecure/commit/93d94f2b7a9fd6...

SMSSecure's default mode is to send normal, unencrypted SMS messages so people using regular SMS clients can still receive them.

If both users have SMSSecure, they can exchange keys and upgrade to an encrypted session.

Also, there's some amount of autodetection going on. SMSSecure will automatically prompt the user to start a secure session if it detects the recipient is also using SMSSecure.

But yes, if a user tries to start a secure session with someone who doesn't have SMSSecure installed, the recipient will just see a bunch of garbage (limitation of the transport).

Relevant pull request: https://github.com/WhisperSystems/TextSecure/pull/2817

We've removed the need for GCM since SMSSecure only deals with the SMS/MMS functionality.

I'm one of the developers of this project. If you have any questions, let me know.

To be clear, this project isn't endorsed in any way by Open Whisper Systems. We forked their codebase pre-v2.7.0 and are integrating upstream commits, but that's it.

The idea isn't to compete with TextSecure, it's to provide the encrypted SMS functionality TextSecure used to (with all it's compromises and drawbacks) for people that push-based messaging isn't an option for.

Very useful! I like the simplicity of it. One suggestion: the email notifications are sent from ([email protected]) is a little odd. Something like "notifications" or "updates" might be a bit clearer.