Arno Welzel wrote on Tue, 23 Jul 2024 09:46:36 +0200 :
Philosophy can & should be different among intelligent knowledgeable
people, where I *never* use MFA/2FA/2SV because of the privacy flaws.
What security flaw is known for TOTP? Can you be more specific?
I said privacy. You said security.
The privacy flaw in MFA/2FA/2SV is obvious. It's that second thing.
Huh? I have plenty of personal data on my phone in encrypted containers.
No, you have them in encrypted containers. The same container can be
everywhere else as well. So it is not stored on the phone itself.
ah... um... er... huh? I maintain encrypted containers on the device.
I used to use TrueCrypt but moved to VeraCrypt when everyone else did.
The encrypted container is stored on the device itself.
It's just a file on the device.
Most people lock their phone because they don't use encrypted containers.
Newer Android devices encrypt *all* data stored on them. The whole data
partition is encrypted. And the lock mechanism is part of the security
concept!
Here's where philosophy rules the design since that requires some kind of
lock on the phone, does it not? Remember, I don't put a lock on the phone.
I think people who put locks on their phone don't know how to use a phone.
Or, they live in slums. And they fear every person around them. It's sad.
They live in abject fear, quivering & shaking that their data is insecure.
Bullshit!
I'm making a point by being dramatic that it's a sad thing that people have
to feel that they have to lock their phone to keep it away from their own
wife and kids and friends and neighbors.
I think people who lock their phones either live in slums and therefore
they need to put bars all over their phone - or they don't know how to use
phones.
There's no reason to lock your phone if you know how a phone works.
The main point is simply that any messaging that requires a login/password
to a specific Internet server is a metadata privacy hole by design.
Which is not the case for many messaging apps.
But which is the case for default messaging apps (on Android).
Huh? My contacts are NOT in the default sqlite file, on purpose.
You don't understand how Android storage works. There is no "default
sqlite file" for contacts.
Huh? Maybe you need to look it up before you make that claim.
Normally you're a smart guy so I hope you can back up that claim.
There's ALWAYS a default contacts sqlite database.
It's in different default locations depending on the OEM.
But it's there somewhere.
For example, there are tools to access that default sqlite db.
<
https://github.com/alejandrolopezparra/AndroidContactsDatabase-tools>
If you deny that claim, then I'd be glad to learn from you.
Where do YOU think your contacts are stored, by default?
And where do you think SMS messages are stored, by default?
But I still have my contacts in each of my communication apps.
Then you *have* data stored on your phone! And of course *those*
contacts are *not* in "encrypted containers".
Of course. However, they're just contacts. And, the main point is they're
NEVER uploaded to someone else's servers (which you can't say for sure for
the default sqlite contacts database which every nefarious apps wants).
However.... to your point... you could lock your contacts app if you
actually cared about that level of securing your contacts (which you might
do if you lived in the slums or if you lived in abject fear of your wife).
I don't have to lock my phone just to keep my contacts private from
Internet servers (which most people upload to without even knowing it).
Enabling a screen lock has *nothing* to do with "keeping contacts
private from internet servers"!
True. This is a conversation so not every sentence has been vetted by my
publicist and lawyer. The point is that if you put the contacts in the
default sqlite location, then you can rest assured that every nefarious app
knows where that is and if they want to, they grab it (e.g., GMail).
Again (and again) it's my belief that people who store their contacts in
the default sqlite database don't know how to use phones with privacy in
mind.
Even WhatsApp is used without contacts - since it doesn't need them
(if you know how a phone works - which is why I say that anyone who locks
their phone, I feel sorry for - because either they live in the slums, or,
they don't know how to use computers).
That's one reasone why I don't use WhatsApp.
The reason I'm forced to use WhatsApp (without contacts, by the way), is
that I have great grandchildren whose parents send videos via Apple
Messages, but which are destroyed by the default gateway to Android
messaging.
Also, I have relatives in Munchen who, the young ones, are using WhatsApp
almost exclusively, and the older ones I need Google Voice to reach.
So I am forced to maintain:
a. Google Voice (to call POTS lines overseas at a low cost)
b. WhatsApp (to get clear videos & to reach the younger crowd overseas)
c. PulseSMS (to text people in the USA)
It's sad I have to do that. And I know how to use a phone. :)
Also SMS *is* personal data. So if you send or receive SMS you already
have personal data on the phone.
I'm actually surprised you don't understand how SMS is different from
establishing a login/password on an additional Internet server, Arno.
The SMS messages are personal data!
While I fully agree that SMS messages are "personal data", I'm more worried
about someone vacuuming up my metadata to use for nefarious purposes.
And about my knowledge: I am a software developer who also maintains
Android apps:
<https://github.com/arnowelzel/>
I respect that you are a developer. I published tutorials on this newsgroup
for using Android Studio but I've never written an app from scratch myself.
I wrote in IBM Assembly Language on the IBM 360 in the seventies, and in
the eighties I wire wrapped my own Motorola 68701 micro controllers and in
the nineties I bootstrapped PDP 11 university machines, graduating to the
DEC VAX/VMS and then SunOS/Solaris machines well before Linux was a thing.
My first language was Fortran before Fortran 77 even existed, and then I
took PL/1 before C existed and I took COBOL (which is a crazy language).
After COBOL, I gave up on programming. I was burned out. They all do the
same thing with different syntax. :)
I respect your acumen.
Google is preparing to replace RCS with MLS
Re: Google is preparing to replace RCS with MLS