Franz messaging app
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Because the PC ties to your phone.
If I got your SIM card, even if your phone is destroyed, I get your Telegram and you lose it. It's that simple.
-
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
-
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@JaredBusch said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
I am now made to wonder how good the security on these types of apps are. I never really thought about it in the past, but things have changed.
If they tie to a phone number (WhatsApp, Telegram, etc.) then security isn't at the core of their design.
Still don't get what you mean - while it's true they are tied, I see that primarily as a way to make the connection to users.
In 10 years you'll tell us that using an email address shows that security isn't at the core of the design, even though the main and possibly only purpose of the phone number/email address is a way of finding others you know.
Now Telegram does fail in the first place because you can't sign up without having a phone number, but after you get signed up, I'm not sure it's ever needed again.
No, there is no sign up for telegram. it is 100% phone based. there is not an "account" for telegram.
If it was 100% phone based, how would I have it on my PC. After signing up with my phone (which I DID mention) I could install it on my desktop, then remove it from my phone and never put it back on my phone again, and then install it on future Windows installs all I want.
Actually, no you cannot. If you lose your current install, you will not be able to reinstall. there is no way to reauthenticate without the phone.
I've had my PC lock out because my phone was off once, too. They might have removed that, but it at least used to check in from time to time (maybe when the app updates?)
-
@JaredBusch that's true, if I only had one install remaining, and I lost that install, I would not be able to regain access without the phone, but I never claimed I could either.
-
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
-
@Dashrender said in Franz messaging app:
@JaredBusch that's true, if I only had one install remaining, and I lost that install, I would not be able to regain access without the phone, but I never claimed I could either.
But you implied it. If you knew that this was true, you'd know why owning the phone owns your account.
-
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system. -
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
-
There is another Telegram problem that Americans often forget....
Lose your phone number for whatever reason (often because the phone was temporary or you didn't pay your bill) and whoever gets your phone number next becomes "you" to your Telegram friends. Instantly, automatically. Doesn't require hacking or effort. It can happen ON ACCIDENT.
-
@Dashrender said in Franz messaging app:
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system.Have you not seen my thread on texting Nearly everyone.
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
I did this while in Europe. My US SIM card was out of my phone most of that trip, yet telegram worked just fine, both on my phone (with a different number) and on my laptop.
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
Only true in a meaningless way. It might stop at any time (as I pointed out has happened) and only works until the phone does something else. The phone number owns the account, the PC only gets it until something happens. It's like cached creds that someone else can revoke anytime.
-
@Dashrender said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
I did this while in Europe. My US SIM card was out of my phone most of that trip, yet telegram worked just fine, both on my phone (with a different number) and on my laptop.
Again and again... not relevant.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system.Have you not seen my thread on texting Nearly everyone.
that's not the same thing at all - but I do recall that discussion. It's NOT that someone demanded a phone number based app, it's that people demanded to the the native app that's on every phone in the US - there's a huge difference.
-
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
Telegram on the desktop works more or less like how Apple Messenger works with SMS messages. It hijackes the SMS via the cell phone device, turns the SMS into SMSoIP (I made that up, but some special Apple protocol for that) and lets desktops and iPads talk over SMS - but if the phone goes away, the others go offline, too.
@scottalanmiller This is not true in the case of Telegram though. You can turn off your phone and Telegram will continue to work just fine.
Only true in a meaningless way. It might stop at any time (as I pointed out has happened) and only works until the phone does something else. The phone number owns the account, the PC only gets it until something happens. It's like cached creds that someone else can revoke anytime.
I will grant you these things about how the account can become borked.
-
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
-
@scottalanmiller said in Franz messaging app:
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
No I'm not - if anyone is, it's you claiming that I am. I fully understand that there is no security, I'll scroll this thread is see if I actually said that Telegram is secure...
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
@Dashrender said in Franz messaging app:
@scottalanmiller
Who do you see demanding that things be tied to their phone number? I guess I've never seen people have a real preference to using a phone number over an email address for a part of the authentication to a system.Have you not seen my thread on texting Nearly everyone.
that's not the same thing at all - but I do recall that discussion. It's NOT that someone demanded a phone number based app, it's that people demanded to the the native app that's on every phone in the US - there's a huge difference.
It's kind of the same. They made a demand that only had one answer. If you wanted to be tied to phone numbers, you could state it in that way knowing that that was the only possible answer. Things that use accounts that are something beyond phone numbers don't exist on every phone.
-
@Dashrender said in Franz messaging app:
@scottalanmiller said in Franz messaging app:
You are confusing accessibility with security. No matter how much you can get it to "keep working" when your account hasn't been taken over, the risk to it being taken over is the same. The instant someone gets access to your number, they own your telegram and can revoke you any time they want... or just listen in on what you are saying.
No I'm not - if anyone is, it's you claiming that I am. I fully understand that there is no security, I'll scroll this thread is see if I actually said that Telegram is secure...
If that is true, why would you bring up that you can get it to "keep working" before it gets hijacked? What was the relevance to that statement?
-
The one thing that I do like about Telegram (no, it's not a security feature) is the message you get when you sign up a new device.
IE: I installed it on my phone, and bam... It was happy. I said, "Oh, Windows version!" And installed it on my Windows. I got a Telegram message on my phone with a code to punch in on my Windows device.
Now I want it on my tablet... I get that same security message on my Phone and my Windows Desktop...
When somebody connects another device to your Telegram account, assuming you have at least one device that is still connected, you should know about it.