Re: Google is preparing to replace RCS with MLS

Andrew, 2024-07-20 18:26:

Arno Welzel wrote on Sat, 20 Jul 2024 16:38:08 +0200 :
 

There is a lot to this story where I brought up the slums and being in
abject fear of your own wife & kids & neighbors as a philosophical point.
>
If you set up a phone properly, you do not need to lock that phone down.

>
A "proper setup" *is* locking it down by at least using a screen pattern
or PIN to protect it.

 
Philosophy being what it is, what matters more than anything is that a
person who knows computers has a "plan" and a person who doesn't, doesn't.
 
My plan is to set up the phone so that it's efficient for...
a. Daily use
b. Backup & restore
c. Privacy

I do the same. And I use my phone daily and also as 2FA for a number of
accounts. And *because* it is also used for 2FA I need some kind of
protection.

Most people have no plan whatsoever, where I would assume you know
computers well enough to have a plan for those three things also.
 
Since most people have no plan at all, they have to lock it up.
I don't have to lock it at all.
 
And my data is far safer than that of the people who lock it up.

If you don't have any data at all on the phone - yes, then it it safe
without any kind of lock.

It's only people who don't understand computers who lock personal phones.

>
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.

 
I've been using computers since the 1970s, and I've built them from scratch
(Motorola 68701) so I'm well aware that people have no plan for
safeguarding their data which is why they're forced to lock them up.

Define "safeguarding".

[...]

Yes, if you defined "texting" as "using SMS".
Even RCS already requires internet.

 
That was my question of you and Andy (as Carlos wouldn't know anything).
If RCS or MLS require the Internet, then that's not good for privacy.

SMS is also not good for privacy. SS7 was already compromised 10 years ago:

<https://www.firstpoint-mg.com/blog/ss7-attack-guide/>

[...]

I guess you're right that MMS uses the "Internet" in a way that doesn't
require a data plan. I assume that's what you're intimating above, Right?

No. MMS uses data transmission and requires a data plan. Without a data
plan, MMS gets *very* expensive since data is then charge by its amount
where even 1 MB of data can cost more than 1 USD.

[...]

"Well set up" means with lock screen enabled. Otherwise this is only
true if you do not store *any* personal data on it, even no phone numbers.

 
I keep my personal data in encrypted containers. It's not hard to do.
I keep passwords in KeePassXC (Keepass2Android on the phone) too.

This is what I call "do not store *any* personal data on it, even no
phone numbers" - because an encrypted container is not "storing data on
the phone. An encrypted container can not be used to choose a person to
call in the phone app and you can also not see any calendar entries or
send/recieve messages this way.

Also SMS *is* personal data. So if you send or receive SMS you already
have personal data on the phone.

Philosophically, I think people who spread their data and logins about on
the phone are the ones who are forced to lock up the phone at the top.
 
But locking the phone or computer at the top has efficiency penalties.

Android will *encrypt* all data on the device and if you use a lock
procedure *nobody* can access the data on the device storage at all.
Only very old devices (older than 4-5 years) may not support that.

It's like keeping the wife's jewelry in the living room and kitchen so that
you're forced to lock the front door with a dozen padlocks just because you
don't know enough to put the jewelry in its own locked safe.

Why "a dozen padlocks"? One lock is enough.




--
Arno Welzel
https://arnowelzel.de