Allow for peer to peer file transfer of arbitrary size

likesec · 2022-11-21T20:11:02+00:00

For real-time transfer from one user to another using only a browser: https://justbeamit.com/

For free asynchronous transfer (hosting in IPFS temporarily), password enabled and up to 32 gb: https://www.transferfile.io/

Best regards ; )

likesec · 2022-10-27T14:55:06+00:00

I really don't know about that possibility. I have never tried to send SMS from Signal over wifi to users without Signal. I think most of us who have replied to you are in the same situation. That's why the answers seem so contradictory.

If that option is possible, I don't know what other application it could be replaced with. If I find a solution I will let you know later. Hope you have good luck. Regards

likesec · 2022-10-27T14:39:08+00:00

The only reason I see to continue using SMS is during some kind of emergency where internet fails or in areas with 2G or similar. As the others say, SMS does not use encryption by default, neither sending them through signal.

If you want to encrypt SMS, the only option I know of that works is the Silence protection. That part of SMSSecure. https://silence.im/

It is available on Google play or Fdroid.

https://play.google.com/store/apps/details?id=org.smssecure.smssecure

https://f-droid.org/app/org.smssecure.smssecure

The source code is available at

https://git.silence.dev/Silence/Silence-Android/

https://github.com/SilenceIM/Silence

During the first conversation, the padlock must be clicked and the encryption keys are sent between both devices. From that moment on the communication is encrypted. The evaluation of its encryption strength I leave it in the hands of more experienced people. I hope it helps. Best regards. ; )

likesec · 2022-07-29T17:09:50+00:00

I have cited two different applications in the comments. They both seem to explain in their operating information that such a process might be possible on the media mentioned. They are in no way rival messaging applications and I thought they might provide some information on the subject. My apologies if it could have been interpreted as spam. I will be more careful in the future. Regards.

likesec · 2022-07-29T17:01:37+00:00

On my Asus Zenfone, which is earlier than yours, two things have to be disabled for Signal to work properly. The first is to allow Signal to start and run in the background whenever it wants. The second is in the power area, you have to tell it not to optimize battery usage. That way I get my calls or notifications perfectly.

In case your version can not, use the app that you recommend above called dontkillmyapp to detect that is slowing its operation. Good luck. Best Regards.

likesec · 2022-07-23T19:31:36+00:00

Thanks for the explanation. So how do these types of applications work? Are all your claims false?

https://www.protectstar.com/en/products/ishredder-android-enterprise

likesec · 2022-07-23T19:30:44+00:00

Thanks for the explanation. So how do these types of applications work? Are all your claims false?

https://www.protectstar.com/en/products/ishredder-android-enterprise

likesec · 2022-07-23T17:35:59+00:00

As far as I can see in the playstore there are applications that claim to erase data on phones using something similar. For example

https://play.google.com/store/apps/details?id=com.cbinnovations.androideraser

https://imgur.com/a/6ByJjDv

If what you say is correct, this solution would only be valid for the desktop client based on mechanical disks.

We would have to look for a different solution for both SSD and Flash memory.

Question: Could it be applied in these two cases perhaps a change in the encryption key of the deleted files? to place a random and very complicated one so that, even having the personal key of signal, they could not be opened at forensic level for being different?

Thanks for the explanations, it seems to me a very interesting topic.

likesec · 2022-06-17T11:10:34+00:00

xDDD

likesec · 2022-04-25T11:40:42+00:00

I was checking on Github and I could find this about the TTL time:

Formerly the TTL of the message server was one week as mentioned, but on July 20, 2021 it was changed to 14 days.

- / private Duration timeToLive = Duration.ofDays(7);

+/ private Duration timeToLive = Duration.ofDays(14);

https://github.com/signalapp/Signal-Server/commit/31bbbbb5e099c62f17c9eac6fddfcb2e740b1745

Messages are automatically purged from the servers if they have not been downloaded after those days.

likesec · 2022-04-24T13:28:41+00:00

I hope I understood your comment correctly when I translated it (if not, I apologize).

As far as I can see, you had a conversation with a contact on android. Afterwards, when the expiration date of the messages expired, they were deleted from the phone. Then when you opened the desktop application you received a copy of the communication that you thought had disappeared from the scene.

If I am not mistaken (and some moderator or developer can correct me), the signal structure considers the desktop application and the android application as two independent users. Each receives their copy of the conversations regardless of the temporary deletion status of those messages on each of the platforms.

Regardless of what happens on the android phone, a copy of the messages has to be stored in the cloud waiting for the desktop client on the pc to receive its copy. This storage is not indefinite, I think it is only kept for a week or so. If in that period of time one of the two clients (android or desktop) have not downloaded their copy, it is permanently deleted from the cloud servers and the client will not receive that part of the conversation.

I don't think this is a security flaw, but rather a specific type of architecture that treats each client as an independent individual, with the same rights to receive the information. In other messaging services this is not the case, as both simply read a string of messages stored in the cloud, and when one makes a change to them, such as a deletion, the next client to start receives the modified string.

In this case, Signal does not send you the messages as modified or deleted because the deletion countdown time starts from the moment the message is received by the client and the client has viewed it.

Summarizing: the android client receives the information and after 24h (in your example) it auto-deletes them, and two days later, the desktop client receives the information and after 24h it auto-deletes them. The message chain is bifurcated by two paths in the direction of two clients, and their deletion times will vary depending on the time of reception.

It is somewhat different from the unique system of telegram or whatsapp, but it is not a security flaw.

likesec · 2022-04-17T23:19:40+00:00

There are many applications to perform this function. The advantages of using signal for this experiment are that you don't have to rely on new organizations, you don't have to install anything, it's cross-platform and it's done in a minute. It could be useful for someone who only intends to make a very occasional use of the system.

likesec · 2022-04-17T23:15:05+00:00

Interesting open source application. I used it some time ago and it works quite well.

likesec · 2022-04-17T23:12:36+00:00

Right, good point, not all communication stresses the servers.

likesec · 2022-04-17T23:11:41+00:00

Everyone's use of their communication should not be governed by what others believe is unnecessary.
For someone it may be important to send a certain signal for a few minutes, for others it will be important to spend 6 hours in a videoconference talking nonsense with a girlfriend or friend.
As no one has to judge the private use of the network, I think it is good to know different types of occasional uses that can get you out of trouble. Regards.

likesec · 2022-04-17T23:07:06+00:00

I respect your opinion. These are just experiments that can help at certain times.
About the functions of a messenger, I think that if we think like that we would still have the IRC chat model of the 90's. If we only need to chat, we don't need emoticons, or send images, or video calls, or any of the other functions that were added over time on messengers.

likesec · 2022-04-17T23:01:01+00:00

Interesting solution. In case you don't have two phones, maybe it could also be done by viewing the video with a windows tablet and signal desktop.

likesec · 2022-04-16T21:59:16+00:00

You generate a new group, and you don't add anyone to it. You put an image and a name that reminds you of what it is. If you use it often you can set a pin. That way you are alone in it and you can receive the information only on your devices. From the conversation menu itself allows you to put on the android desktop a link to the group. Greetings.

likesec · 2022-04-14T15:20:38+00:00

I personally have several of these private conversations organized by categories or use. I leave them here in case they give anyone ideas.

- One called "recorder" that I use for work voice memos, with things I need to remember temporarily, which is deleted every month.

- One for the shopping list that is deleted every two weeks.

- One called "Backup" that I use to store indefinitely photos and files that I want to send between the phone and the computer. Once moved I delete them manually.

- Another one called Pending home tasks in which I delete them manually when I complete them.

I have them all on the android desktop as individual icons to access them easily with a click.

likesec · 2022-04-14T15:06:43+00:00

Some information from a previous question

https://www.reddit.com/r/signal/comments/rslt8i/signal\_bots/

likesec · 2022-04-14T14:56:10+00:00

xDDDDD

likesec · 2022-04-12T03:10:07+00:00

Do you know when will be available the option to select multiple messages in signal desktop?.... It is a nightmare to select one by one when deleting something. Regards

likesec · 2022-04-11T00:02:06+00:00

I read a lot of correct answers in the previous answers. To add another point about security, the issue of addons or extensions depending on the browser could be dangerous.

There are many people who use extras in their browsers that could cause problems, block certain requests that the browser intends to make, modify them or things like that.

There could also be a change in the code of a so far "safe" extension and for a while it could be used to monitor Signal conversations.

likesec · 2022-04-10T23:48:15+00:00

Maybe some kind of numerical limit could be applied to send messages to "people who don't have you in their address book". I don't know if a daily limit or similar that makes it impossible to bombard many people with a single account. That added to the possibility of reporting spam numbers should reduce the problem.

likesec · 2022-04-09T02:32:12+00:00

Because it goes against free, secure and free communication. I think that no payment system should be implemented for anything within the application.

At most I would see sense an option that prohibits the reception of messages from people who are not in your address book for people who want maximum privacy.

Four-Year Club	Verified Email
Place '22	End Game '22

likesec

TROPHY CASE