Discussion:
Google is preparing to replace RCS with MLS
(too old to reply)
Carlos E. R.
2024-07-06 20:35:26 UTC
Permalink
The information I have is from a Spanish paper, which you can read with
google translate, or find an English language source.

<https://www.elespanol.com/elandroidelibre/noticias-y-novedades/20240705/google-messages-cambia-siempre-nuevo-protocolo-mensajeria-proteger-mensajes/868163289_0.html>

Google and the RCS protocol have been part of the discourse with which
they have been attacking Apple on numerous occasions , and now the
technology giant intends to replace it with a more advanced one with
some important functions. SMS, although they are not used as much in
Spain as in the United States, will now be much more secure with the new
protocol .

The RCS protocol became essential for the Android text messaging
platform in 2019, and Apple recently added support for it with the
update to iOS 18 . The only drawback it has is that it requires both
mobiles or devices to have the same platform to ensure end-to-end
encryption of messages; an essential measure for privacy.

To cover this gap, Google announced last year support for the MLS
(Messaging Layer Security) protocol that brings end-to-end encryption to
Android devices. MLS is an enhanced protocol developed by the Internet
Engineering Task Force (IETF). Its objective is to ensure communication
between apps and platforms always with the maxim that individual and
group chats are effectively encrypted.

... continues at the link.


Further info:

<https://www.androidpolice.com/google-messages-messaging-layer-security/>

Google Messages is preparing to implement its new messaging protocol


Summary

* Evidence suggests Google Messages will soon add Messaging Layer
Security (MLS) support for end-to-end encryption.
* After Google pledged support for the standard last year, MLS is
set to become the default security layer for encryption once fully
implemented in Messages.
* Adoption outside of Google Messages remains to be seen, but MLS
looks to unify encrypted messaging across platforms and services by
implementing an encryption standard that all messaging apps can share.
--
Cheers,
Carlos E.R.
Andrew
2024-07-06 21:40:16 UTC
Permalink
Post by Carlos E. R.
To cover this gap, Google announced last year support for the MLS
(Messaging Layer Security) protocol that brings end-to-end encryption to
Android devices.
Thanks Carlos for that timely information as Lord knows, the last thing
Apple wants is to play nicely with Android messaging (which isn't even a
guess on my part because I read the internal emails published during the
Epic court case deposition where that's essentially what Apple execs said).

Looking up MLS:
<https://messaginglayersecurity.rocks/>
"Messaging Layer Security (MLS) is an IETF working group building
a modern, efficient, secure group messaging protocol."

Q: Should I use this right now?
A: Yes! The protocol has been approved by the IESG and has been
published as RFC9420. There are several implementations,
of which some are open source.
<https://github.com/mlswg/mls-implementations>

I looked for an Android messaging app which supports MLS but it might take
a while as the Skyica App Finder isn't working lately for some reason.
Andy Burns
2024-07-06 22:47:37 UTC
Permalink
Post by Andrew
<https://messaginglayersecurity.rocks/>
"Messaging Layer Security (MLS) is an IETF working group building
a modern, efficient, secure group messaging protocol."
We discussed MLS nearly a year ago

<https://groups.google.com/g/comp.mobile.android/c/6iWXKyYJ-UY/m/4cd8hNuIAQAJ>
Andrew
2024-07-06 23:34:17 UTC
Permalink
Post by Andy Burns
We discussed MLS nearly a year ago
<https://groups.google.com/g/comp.mobile.android/c/6iWXKyYJ-UY/m/4cd8hNuIAQAJ>
Thank God for people who use search engines. Thanks. Much appreciated.

Whew! That's a long thread. I am not on it. I don't remember reading it.

Generally my memory is excellent, so I probably didn't even read it as I
never cared for end-to-end encryption because it inherently has always
required both people using the exact same server and both people having
login accounts on that server (where I don't need to say more why that's
anathema for privacy).

Does this "new" MLS stuff require both those privacy-destroying things?

BTW, a new easy-to-remember Usenet search URI is this (which I made today).
https://tinyurl.com/nova-comp-mobile-android

Which complements the old easy-to-remember search URI I made long ago:
https://tinyurl.com/comp-mobile-android
Carlos E. R.
2024-07-07 11:02:50 UTC
Permalink
Post by Andrew
Post by Andy Burns
We discussed MLS nearly a year ago
<https://groups.google.com/g/comp.mobile.android/c/6iWXKyYJ-UY/m/4cd8hNuIAQAJ>
Thank God for people who use search engines. Thanks. Much appreciated.
Whew! That's a long thread. I am not on it. I don't remember reading it.
Generally my memory is excellent, so I probably didn't even read it as I
never cared for end-to-end encryption because it inherently has always
required both people using the exact same server and both people having
login accounts on that server (where I don't need to say more why that's
anathema for privacy).
Does this "new" MLS stuff require both those privacy-destroying things?
In the google implementation, it will require the same as the current
Google Messages app requires. This is just an (educated) guess.
Post by Andrew
BTW, a new easy-to-remember Usenet search URI is this (which I made today).
https://tinyurl.com/nova-comp-mobile-android
https://tinyurl.com/comp-mobile-android
I never use shorted links.
--
Cheers,
Carlos E.R.
Andrew
2024-07-07 13:43:35 UTC
Permalink
Post by Carlos E. R.
Post by Andrew
Does this "new" MLS stuff require both those privacy-destroying things?
In the google implementation, it will require the same as the current
Google Messages app requires. This is just an (educated) guess.
Hi Carlos,
Well then, since I don't use Google apps, may I ask the team if the Google
Messages app with RCS also requires those two privacy destroying things?

Q: Does Google Messages with RCS require a login account for both users
who wish to communicate on an end-to-end encrypted chat?
A: Yes or no.

If so, there's a privacy issue there...
Post by Carlos E. R.
Post by Andrew
BTW, a new easy-to-remember Usenet search URI is this (which I made today).
https://tinyurl.com/nova-comp-mobile-android
https://tinyurl.com/comp-mobile-android
I never use shorted links.
The long link is hard to remember:

This short url https://tinyurl.com/nova-comp-mobile-android expands to
https://www.novabbs.com/computers/search.php?group=comp.mobile.android

This short url https://tinyurl.com/comp-mobile-android expands to
https://groups.google.com/forum/#!forum/comp.mobile.android which is
https://groups.google.com/g/comp.mobile.android
Alan
2024-07-07 16:23:50 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
Does this "new" MLS stuff require both those privacy-destroying things?
In the google implementation, it will require the same as the current
Google Messages app requires. This is just an (educated) guess.
Hi Carlos,
Well then, since I don't use Google apps, may I ask the team if the Google
Messages app with RCS also requires those two privacy destroying things?
Q: Does Google Messages with RCS require a login account for both users
who wish to communicate on an end-to-end encrypted chat?
A: Yes or no.
ANY MESSAGING APP is going to require some kind of login, Arlen.

How else can it possibly know which messages are going to go to which
recipient.
Post by Andrew
If so, there's a privacy issue there...
No. There is not. Not as long as you can create an account with no
personally identifying information.
s|b
2024-07-07 18:51:50 UTC
Permalink
Post by Alan
ANY MESSAGING APP is going to require some kind of login, Arlen.
How else can it possibly know which messages are going to go to which
recipient.
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
--
s|b
Alan
2024-07-07 18:55:13 UTC
Permalink
Post by s|b
Post by Alan
ANY MESSAGING APP is going to require some kind of login, Arlen.
How else can it possibly know which messages are going to go to which
recipient.
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You think a telephone number isn't equivalent to a login?
Andrew
2024-07-07 18:58:01 UTC
Permalink
Post by s|b
Post by Alan
ANY MESSAGING APP is going to require some kind of login, Arlen.
How else can it possibly know which messages are going to go to which
recipient.
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
Oh God. The Apple religious zealot Alan Baker has infested this thread.

I've been on Usenet for decades, and he is one of only a handful of people
I've plonked - as there's nothing from him that ever adds any value.

Based on what SorB quoted, Alan Baker (who is an Apple moron, by the way),
thinks that we actually "log into" an account to send/receive messages.

It won't matter that none of us do that - he does it - so he thinks
everyone else does - because Apple literally requires the privacy-robbing
login account to be used every day for the rest of your living life.

Anyway, every time Alan Baker posts, he subtracts value, but the point of
my question is only whether or not RCS and MLS require that login account.
Alan
2024-07-07 19:02:57 UTC
Permalink
Post by Andrew
Post by s|b
Post by Alan
ANY MESSAGING APP is going to require some kind of login, Arlen.
How else can it possibly know which messages are going to go to which
recipient.
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
Oh God. The Apple religious zealot Alan Baker has infested this thread.
I've been on Usenet for decades, and he is one of only a handful of people
I've plonked - as there's nothing from him that ever adds any value.
Based on what SorB quoted, Alan Baker (who is an Apple moron, by the way),
thinks that we actually "log into" an account to send/receive messages.
You do "log into" an account, you simpleton.

It might be with a SIM card, but it's the same thing.
Post by Andrew
It won't matter that none of us do that - he does it - so he thinks
everyone else does - because Apple literally requires the privacy-robbing
login account to be used every day for the rest of your living life.
Anyway, every time Alan Baker posts, he subtracts value, but the point of
my question is only whether or not RCS and MLS require that login account.
RCS and MLS are PROTOCOLS, doofus.

Services that USE those protocols will require some kind of
identification (i.e. a "login") in order to route a message from one
user of such a service to another.

For the low IQ here (that's you, Arlen):

Any service that needs to deliver messages to a recipient is going to
need that recipient to "log in" in some fashion.
Carlos E. R.
2024-07-08 00:58:15 UTC
Permalink
Post by s|b
Post by Alan
ANY MESSAGING APP is going to require some kind of login, Arlen.
How else can it possibly know which messages are going to go to which
recipient.
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
--
Cheers,
Carlos E.R.
Alan
2024-07-08 01:02:36 UTC
Permalink
Post by Carlos E. R.
Post by s|b
Post by Alan
ANY MESSAGING APP is going to require some kind of login, Arlen.
How else can it possibly know which messages are going to go to which
recipient.
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
Yup.

And the SIM card that does the "logging in" is connected to your
account, which is most definitely connected to your personal data.
Andrew
2024-07-08 02:08:24 UTC
Permalink
Post by Carlos E. R.
Post by s|b
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
Hi Carlos,

Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?

In that case, where is this login you speak of when I power them up?
Carlos E. R.
2024-07-08 10:42:05 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by s|b
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
Hi Carlos,
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
Thus you can not make messages.
--
Cheers,
Carlos E.R.
Alan
2024-07-08 16:05:27 UTC
Permalink
Post by Carlos E. R.
Post by Andrew
Post by Carlos E. R.
Post by s|b
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
Hi Carlos,
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
Thus you can not make messages.
Note the feeble attempt to shift from "how about a telephone number" to
"everything [] but cellular phone"
Andrew
2024-07-08 19:55:26 UTC
Permalink
Post by Carlos E. R.
Post by Andrew
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
Thus you can not make messages.
Yes, but my point was Android works well without creating a mothership
login/password - as long as the device has Wi-Fi Internet capabilities.

The point being that, unlike Apple devices which are designed as dumb
terminals that can't do what people love about them without creating a
login to mothership Internet servers, the Android device is designed such
that you never need to create an account on the device to motherships.

Now, let's take the case of a tablet/phone with a SIM card, shall we.

Q: What changes in terms of requiring a login/password to a mothership?
A: Nothing. There is no need to create mothership login/password.

As an example, I don't have a mothership login/password on my Android
device, and I can make/receive phone calls and make/receive MMS/SMS.

What makes anyone think I have to create a new login/password on my Android
phone or tablet (which has a SIM card) just for calls & messages?

Makes no sense.
Carlos E. R.
2024-07-08 20:10:39 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
Thus you can not make messages.
Yes, but my point was Android works well without creating a mothership
login/password - as long as the device has Wi-Fi Internet capabilities.
And we are telling you "no".
Post by Andrew
The point being that, unlike Apple devices which are designed as dumb
terminals that can't do what people love about them without creating a
login to mothership Internet servers, the Android device is designed such
that you never need to create an account on the device to motherships.
Now, let's take the case of a tablet/phone with a SIM card, shall we.
And you need to enter the pin code when the phone boots. That's a LOGIN.
And you probably also need to login to Google (it is a google's app),
but I am not going to test this.

Enjoy.
--
Cheers,
Carlos E.R.
Andrew
2024-07-08 20:38:21 UTC
Permalink
Post by Carlos E. R.
Post by Andrew
Now, let's take the case of a tablet/phone with a SIM card, shall we.
And you need to enter the pin code when the phone boots. That's a LOGIN.
And you probably also need to login to Google (it is a google's app),
but I am not going to test this.
WTF? What kind of slum do you live in?

If you put a hundred locks on your bedroom door, then it's YOU who has to
navigate all those PIN codes - but the door is designed to work without it.

I have NEVER added a PIN code to my phone and my phone works just fine.
Nor do I have a Google Account set up on my phone and it works just fine.

If your phone doesn't work that way, then you're doing something wrong.

My point was, and is, that anyone who thinks that an Android phone requires
a mothership login/password just to make calls and send texts, is wrong.

That's basically how iOS works; not Android.
Apple designed iOS as a dumb terminal; Google didn't do that for Android.

Android makes/receives calls & texts & MMS just fine without creating a
mothership login/password to any server.

If your phone requires that login/password, then it's set up wrong.
Carlos E.R.
2024-07-12 13:41:30 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
Now, let's take the case of a tablet/phone with a SIM card, shall we.
And you need to enter the pin code when the phone boots. That's a LOGIN.
And you probably also need to login to Google (it is a google's app),
but I am not going to test this.
WTF? What kind of slum do you live in?
If you put a hundred locks on your bedroom door, then it's YOU who has to
navigate all those PIN codes - but the door is designed to work without it.
I have NEVER added a PIN code to my phone and my phone works just fine.
Nor do I have a Google Account set up on my phone and it works just fine.
It is your decision, your responsibility, and your problem if you remove
the PIN to your phone. Similar to removing your house lock.
--
Cheers, Carlos.
Andrew
2024-07-12 21:48:05 UTC
Permalink
Post by Carlos E.R.
Post by Andrew
I have NEVER added a PIN code to my phone and my phone works just fine.
Nor do I have a Google Account set up on my phone and it works just fine.
It is your decision, your responsibility, and your problem if you remove
the PIN to your phone. Similar to removing your house lock.
Carlos,

It's clear you live in the slums; I don't.

You live in abject fear of every person around you, whether that's your
wife, your kids, your own mom, your friends and neighbors; I don't.

I feel sorry for people who lock up their phones because they feel unsafe.
And the fact they lock it up means they do not know how to use a phone.
Alan
2024-07-12 22:39:15 UTC
Permalink
Post by Andrew
Post by Carlos E.R.
Post by Andrew
I have NEVER added a PIN code to my phone and my phone works just fine.
Nor do I have a Google Account set up on my phone and it works just fine.
It is your decision, your responsibility, and your problem if you remove
the PIN to your phone. Similar to removing your house lock.
Carlos,
Arlen,
Post by Andrew
It's clear you live in the slums; I don't.
It is clear that you don't understand that even people who don't live in
slums require security on their devices.
Post by Andrew
You live in abject fear of every person around you, whether that's your
wife, your kids, your own mom, your friends and neighbors; I don't.
I feel sorry for people who lock up their phones because they feel unsafe.
And the fact they lock it up means they do not know how to use a phone.
LOL!
Arno Welzel
2024-07-14 13:25:21 UTC
Permalink
Post by Andrew
Post by Carlos E.R.
Post by Andrew
I have NEVER added a PIN code to my phone and my phone works just fine.
Nor do I have a Google Account set up on my phone and it works just fine.
It is your decision, your responsibility, and your problem if you remove
the PIN to your phone. Similar to removing your house lock.
Carlos,
It's clear you live in the slums; I don't.
That has nothing to do where one lives. Certain applications *REQUIRE* a
kind of protection, otherwise they just refuse to work.
Post by Andrew
You live in abject fear of every person around you, whether that's your
wife, your kids, your own mom, your friends and neighbors; I don't.
It also has nothing to do with "fear". Certain companies *REQUIRE* that
you protect your data, otherwise you *MUST* *NOT* work for them since
you show clear ignorance of best practices to protect data.
--
Arno Welzel
https://arnowelzel.de
Andrew
2024-07-15 13:03:02 UTC
Permalink
Post by Arno Welzel
Post by Andrew
You live in abject fear of every person around you, whether that's your
wife, your kids, your own mom, your friends and neighbors; I don't.
It also has nothing to do with "fear". Certain companies *REQUIRE* that
you protect your data, otherwise you *MUST* *NOT* work for them since
you show clear ignorance of best practices to protect data.
Hi Arno,

There is a lot to this story where I brought up the slums and being in
abject fear of your own wife & kids & neighbors as a philosophical point.

If you set up a phone properly, you do not need to lock that phone down.
It's only people who don't understand computers who lock personal phones.

We're going to have to understand that I had already stated that I wasn't
talking about a corporate device but about a typical personal use device.

Also, we have to understand Carlos and others were completely ignorant that
an Android phone works perfectly fine without any login/password.

It turns out that Carlos has absolutely no understanding of how phones work
in that there is no Internet server login/password required for texting
despite the fact he repeatedly insisted Internet is required for texting.

It's not.
Android texting works fine without any connection to the Internet.

Carlos was unaware of that fact; and Carlos appears to still be unaware.
There's nothing more I can do as he insists login/passwords are required.

They're not.
But there's more to the story as this concept is a philosophical one.

It's about how to properly set up your phone for personal privacy.

Hence, we have to understand that most people don't know how to set up a
cellphone, so *those people* will always need to add biometric gimmicks.

We also have to understand that MARKETING wants you to create accounts left
and right, containing your personal data, which is a key failing of most
people because they have automatic logins to things like email and banks.

We have to understand that a well set up device has no personal data
accessible to anyone - even the purse snatcher who lives in your house.

We have to understand that if you set up your phone properly, then there's
nothing you lose if/when it's stolen other than the physical phone itself.

And your texting will work fine whether or not you have Internet accounts.
Alan
2024-07-15 15:35:35 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Post by Andrew
You live in abject fear of every person around you, whether that's your
wife, your kids, your own mom, your friends and neighbors; I don't.
It also has nothing to do with "fear". Certain companies *REQUIRE* that
you protect your data, otherwise you *MUST* *NOT* work for them since
you show clear ignorance of best practices to protect data.
Hi Arno,
There is a lot to this story where I brought up the slums and being in
abject fear of your own wife & kids & neighbors as a philosophical point.
If you set up a phone properly, you do not need to lock that phone down.
It's only people who don't understand computers who lock personal phones.
Setting up a phone to lock IS setting it up properly.

Anyone can lose a phone or have it stolen.
Post by Andrew
We're going to have to understand that I had already stated that I wasn't
talking about a corporate device but about a typical personal use device.
Also, we have to understand Carlos and others were completely ignorant that
an Android phone works perfectly fine without any login/password.
Unless you want to send and receive messages of some kind.
Post by Andrew
It turns out that Carlos has absolutely no understanding of how phones work
in that there is no Internet server login/password required for texting
despite the fact he repeatedly insisted Internet is required for texting.
"no Internet server login/password" is not the same as "no login".
Post by Andrew
It's not.
Android texting works fine without any connection to the Internet.
But still requires authentication. i.e. a login.
Post by Andrew
Carlos was unaware of that fact; and Carlos appears to still be unaware.
There's nothing more I can do as he insists login/passwords are required.
They're not.
But there's more to the story as this concept is a philosophical one.
It's about how to properly set up your phone for personal privacy.
Hence, we have to understand that most people don't know how to set up a
cellphone, so *those people* will always need to add biometric gimmicks.
We also have to understand that MARKETING wants you to create accounts left
and right, containing your personal data, which is a key failing of most
people because they have automatic logins to things like email and banks.
We have to understand that a well set up device has no personal data
accessible to anyone - even the purse snatcher who lives in your house.
We have to understand that if you set up your phone properly, then there's
nothing you lose if/when it's stolen other than the physical phone itself.
And your texting will work fine whether or not you have Internet accounts.
Arno Welzel
2024-07-20 14:38:08 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Post by Andrew
You live in abject fear of every person around you, whether that's your
wife, your kids, your own mom, your friends and neighbors; I don't.
It also has nothing to do with "fear". Certain companies *REQUIRE* that
you protect your data, otherwise you *MUST* *NOT* work for them since
you show clear ignorance of best practices to protect data.
Hi Arno,
There is a lot to this story where I brought up the slums and being in
abject fear of your own wife & kids & neighbors as a philosophical point.
If you set up a phone properly, you do not need to lock that phone down.
A "proper setup" *is* locking it down by at least using a screen pattern
or PIN to protect it.
Post by Andrew
It's only people who don't understand computers who lock personal phones.
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
Post by Andrew
We're going to have to understand that I had already stated that I wasn't
talking about a corporate device but about a typical personal use device.
Also for personal use devices I prefer to have at least basic protection.
Post by Andrew
Also, we have to understand Carlos and others were completely ignorant that
an Android phone works perfectly fine without any login/password.
Only, if you do not use apps which *require* login/password - for
example for Google Pay you *must* enable some kind of lock screen. Also
for some bankinkg apps you *must* enable a lock screen.
Post by Andrew
It turns out that Carlos has absolutely no understanding of how phones work
in that there is no Internet server login/password required for texting
despite the fact he repeatedly insisted Internet is required for texting.
Yes, if you defined "texting" as "using SMS". Even RCS already requires
internet.
Post by Andrew
It's not.
Android texting works fine without any connection to the Internet.
No, only SMS works fine without any connection to the internet. And this
has nothing to do with "Android" but is a service in mobile networks.

However "Android texting" may not only be SMS.

[...]
Post by Andrew
We have to understand that a well set up device has no personal data
accessible to anyone - even the purse snatcher who lives in your house.
"Well set up" means with lock screen enabled. Otherwise this is only
true if you do not store *any* personal data on it, even no phone numbers.
--
Arno Welzel
https://arnowelzel.de
Andrew
2024-07-20 16:26:24 UTC
Permalink
Post by Arno Welzel
Post by Andrew
There is a lot to this story where I brought up the slums and being in
abject fear of your own wife & kids & neighbors as a philosophical point.
If you set up a phone properly, you do not need to lock that phone down.
A "proper setup" *is* locking it down by at least using a screen pattern
or PIN to protect it.
Philosophy being what it is, what matters more than anything is that a
person who knows computers has a "plan" and a person who doesn't, doesn't.

My plan is to set up the phone so that it's efficient for...
a. Daily use
b. Backup & restore
c. Privacy

Most people have no plan whatsoever, where I would assume you know
computers well enough to have a plan for those three things also.

Since most people have no plan at all, they have to lock it up.
I don't have to lock it at all.

And my data is far safer than that of the people who lock it up.
Post by Arno Welzel
Post by Andrew
It's only people who don't understand computers who lock personal phones.
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
I've been using computers since the 1970s, and I've built them from scratch
(Motorola 68701) so I'm well aware that people have no plan for
safeguarding their data which is why they're forced to lock them up.

Under that username/password they have no plan whatsoever for privacy.
Post by Arno Welzel
Post by Andrew
We're going to have to understand that I had already stated that I wasn't
talking about a corporate device but about a typical personal use device.
Also for personal use devices I prefer to have at least basic protection.
All my personal data is locked up in encrypted containers on all computers.
Post by Arno Welzel
Post by Andrew
Also, we have to understand Carlos and others were completely ignorant that
an Android phone works perfectly fine without any login/password.
Only, if you do not use apps which *require* login/password - for
example for Google Pay you *must* enable some kind of lock screen. Also
for some bankinkg apps you *must* enable a lock screen.
Again, philosophically you have to set up your computer for privacy from
the start, so, if you have Google Pay or Banking Apps, you need to lock
_them_ up separately. Google doesn't design it that way but if you know how
to use a computer, you will already know you can lock individual apps.

Only people who don't know anything about computers lock it up at the top.
Post by Arno Welzel
Post by Andrew
It turns out that Carlos has absolutely no understanding of how phones work
in that there is no Internet server login/password required for texting
despite the fact he repeatedly insisted Internet is required for texting.
Yes, if you defined "texting" as "using SMS".
Even RCS already requires internet.
That was my question of you and Andy (as Carlos wouldn't know anything).
If RCS or MLS require the Internet, then that's not good for privacy.
Post by Arno Welzel
Post by Andrew
It's not.
Android texting works fine without any connection to the Internet.
No, only SMS works fine without any connection to the internet. And this
has nothing to do with "Android" but is a service in mobile networks.
However "Android texting" may not only be SMS.
I guess you're right that MMS uses the "Internet" in a way that doesn't
require a data plan. I assume that's what you're intimating above, Right?
Post by Arno Welzel
Post by Andrew
We have to understand that a well set up device has no personal data
accessible to anyone - even the purse snatcher who lives in your house.
"Well set up" means with lock screen enabled. Otherwise this is only
true if you do not store *any* personal data on it, even no phone numbers.
I keep my personal data in encrypted containers. It's not hard to do.
I keep passwords in KeePassXC (Keepass2Android on the phone) too.

Philosophically, I think people who spread their data and logins about on
the phone are the ones who are forced to lock up the phone at the top.

But locking the phone or computer at the top has efficiency penalties.

It's like keeping the wife's jewelry in the living room and kitchen so that
you're forced to lock the front door with a dozen padlocks just because you
don't know enough to put the jewelry in its own locked safe.

The philosophical part about efficiency is:
a. You go through the front door a lot
b. You only have to open the safe infrequently

This is why I can argue with reasonable logic that anyone locking the
computer or phone at the top level doesn't know how to use computers.

Or... they truly do live in the slums in abject fear of everyone around
them (which is sad that they're that deathly afraid of people they love).
Alan
2024-07-20 18:29:03 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Post by Andrew
There is a lot to this story where I brought up the slums and being in
abject fear of your own wife & kids & neighbors as a philosophical point.
If you set up a phone properly, you do not need to lock that phone down.
A "proper setup" *is* locking it down by at least using a screen pattern
or PIN to protect it.
Philosophy being what it is, what matters more than anything is that a
person who knows computers has a "plan" and a person who doesn't, doesn't.
My plan is to set up the phone so that it's efficient for...
a. Daily use
b. Backup & restore
c. Privacy
Most people have no plan whatsoever, where I would assume you know
computers well enough to have a plan for those three things also.
Since most people have no plan at all, they have to lock it up.
I don't have to lock it at all.
And my data is far safer than that of the people who lock it up.
You just lock it differently...

...so I guess you DO live in a slum, huh?
Post by Andrew
Post by Arno Welzel
Post by Andrew
It's only people who don't understand computers who lock personal phones.
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
I've been using computers since the 1970s, and I've built them from scratch
(Motorola 68701) so I'm well aware that people have no plan for
safeguarding their data which is why they're forced to lock them up.
Under that username/password they have no plan whatsoever for privacy.
Post by Arno Welzel
Post by Andrew
We're going to have to understand that I had already stated that I wasn't
talking about a corporate device but about a typical personal use device.
Also for personal use devices I prefer to have at least basic protection.
All my personal data is locked up in encrypted containers on all computers.
Only people who live in slums need encryption.
Post by Andrew
Post by Arno Welzel
Post by Andrew
Also, we have to understand Carlos and others were completely ignorant that
an Android phone works perfectly fine without any login/password.
Only, if you do not use apps which *require* login/password - for
example for Google Pay you *must* enable some kind of lock screen. Also
for some bankinkg apps you *must* enable a lock screen.
Again, philosophically you have to set up your computer for privacy from
the start, so, if you have Google Pay or Banking Apps, you need to lock
_them_ up separately. Google doesn't design it that way but if you know how
to use a computer, you will already know you can lock individual apps.
Only people who don't know anything about computers lock it up at the top.
Post by Arno Welzel
Post by Andrew
It turns out that Carlos has absolutely no understanding of how phones work
in that there is no Internet server login/password required for texting
despite the fact he repeatedly insisted Internet is required for texting.
Yes, if you defined "texting" as "using SMS".
Even RCS already requires internet.
That was my question of you and Andy (as Carlos wouldn't know anything).
If RCS or MLS require the Internet, then that's not good for privacy.
Post by Arno Welzel
Post by Andrew
It's not.
Android texting works fine without any connection to the Internet.
No, only SMS works fine without any connection to the internet. And this
has nothing to do with "Android" but is a service in mobile networks.
However "Android texting" may not only be SMS.
I guess you're right that MMS uses the "Internet" in a way that doesn't
require a data plan. I assume that's what you're intimating above, Right?
Post by Arno Welzel
Post by Andrew
We have to understand that a well set up device has no personal data
accessible to anyone - even the purse snatcher who lives in your house.
"Well set up" means with lock screen enabled. Otherwise this is only
true if you do not store *any* personal data on it, even no phone numbers.
I keep my personal data in encrypted containers. It's not hard to do.
I keep passwords in KeePassXC (Keepass2Android on the phone) too.
Philosophically, I think people who spread their data and logins about on
the phone are the ones who are forced to lock up the phone at the top.
But locking the phone or computer at the top has efficiency penalties.
It's like keeping the wife's jewelry in the living room and kitchen so that
you're forced to lock the front door with a dozen padlocks just because you
don't know enough to put the jewelry in its own locked safe.
Is your front door unlocked when you're out?
Post by Andrew
a. You go through the front door a lot
b. You only have to open the safe infrequently
This is why I can argue with reasonable logic that anyone locking the
computer or phone at the top level doesn't know how to use computers.
Or... they truly do live in the slums in abject fear of everyone around
them (which is sad that they're that deathly afraid of people they love).
Arno Welzel
2024-07-21 11:53:41 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Post by Andrew
There is a lot to this story where I brought up the slums and being in
abject fear of your own wife & kids & neighbors as a philosophical point.
If you set up a phone properly, you do not need to lock that phone down.
A "proper setup" *is* locking it down by at least using a screen pattern
or PIN to protect it.
Philosophy being what it is, what matters more than anything is that a
person who knows computers has a "plan" and a person who doesn't, doesn't.
My plan is to set up the phone so that it's efficient for...
a. Daily use
b. Backup & restore
c. Privacy
I do the same. And I use my phone daily and also as 2FA for a number of
accounts. And *because* it is also used for 2FA I need some kind of
protection.
Post by Andrew
Most people have no plan whatsoever, where I would assume you know
computers well enough to have a plan for those three things also.
Since most people have no plan at all, they have to lock it up.
I don't have to lock it at all.
And my data is far safer than that of the people who lock it up.
If you don't have any data at all on the phone - yes, then it it safe
without any kind of lock.
Post by Andrew
Post by Arno Welzel
Post by Andrew
It's only people who don't understand computers who lock personal phones.
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
I've been using computers since the 1970s, and I've built them from scratch
(Motorola 68701) so I'm well aware that people have no plan for
safeguarding their data which is why they're forced to lock them up.
Define "safeguarding".

[...]
Post by Andrew
Post by Arno Welzel
Yes, if you defined "texting" as "using SMS".
Even RCS already requires internet.
That was my question of you and Andy (as Carlos wouldn't know anything).
If RCS or MLS require the Internet, then that's not good for privacy.
SMS is also not good for privacy. SS7 was already compromised 10 years ago:

<https://www.firstpoint-mg.com/blog/ss7-attack-guide/>

[...]
Post by Andrew
I guess you're right that MMS uses the "Internet" in a way that doesn't
require a data plan. I assume that's what you're intimating above, Right?
No. MMS uses data transmission and requires a data plan. Without a data
plan, MMS gets *very* expensive since data is then charge by its amount
where even 1 MB of data can cost more than 1 USD.

[...]
Post by Andrew
Post by Arno Welzel
"Well set up" means with lock screen enabled. Otherwise this is only
true if you do not store *any* personal data on it, even no phone numbers.
I keep my personal data in encrypted containers. It's not hard to do.
I keep passwords in KeePassXC (Keepass2Android on the phone) too.
This is what I call "do not store *any* personal data on it, even no
phone numbers" - because an encrypted container is not "storing data on
the phone. An encrypted container can not be used to choose a person to
call in the phone app and you can also not see any calendar entries or
send/recieve messages this way.

Also SMS *is* personal data. So if you send or receive SMS you already
have personal data on the phone.
Post by Andrew
Philosophically, I think people who spread their data and logins about on
the phone are the ones who are forced to lock up the phone at the top.
But locking the phone or computer at the top has efficiency penalties.
Android will *encrypt* all data on the device and if you use a lock
procedure *nobody* can access the data on the device storage at all.
Only very old devices (older than 4-5 years) may not support that.
Post by Andrew
It's like keeping the wife's jewelry in the living room and kitchen so that
you're forced to lock the front door with a dozen padlocks just because you
don't know enough to put the jewelry in its own locked safe.
Why "a dozen padlocks"? One lock is enough.
--
Arno Welzel
https://arnowelzel.de
Andrew
2024-07-21 13:49:18 UTC
Permalink
Post by Arno Welzel
Post by Andrew
My plan is to set up the phone so that it's efficient for...
a. Daily use
b. Backup & restore
c. Privacy
I do the same. And I use my phone daily and also as 2FA for a number of
accounts. And *because* it is also used for 2FA I need some kind of
protection.
Philosophy can & should be different among intelligent knowledgeable
people, where I *never* use MFA/2FA/2SV because of the privacy flaws.

But then again, my phone can't do financial transactions (again, because
it's set up with a plan in mind - and that plan includes security).

Philosophically, I set up my phone for
a. Efficient constant use (i.e., no lock screens), and,
b. All my important data is secure and easily backed up, and,
c. Everything I do on the phone is designed to be done with privacy.
Post by Arno Welzel
Post by Andrew
And my data is far safer than that of the people who lock it up.
If you don't have any data at all on the phone - yes, then it it safe
without any kind of lock.
Huh? I have plenty of personal data on my phone in encrypted containers.

Most people lock their phone because they don't use encrypted containers.
They live in abject fear, quivering & shaking that their data is insecure.

That's why people who don't know anything about phones, lock them up.
It's sad so many people live in the scary slums, figuratively speaking.
Post by Arno Welzel
Post by Andrew
I've been using computers since the 1970s, and I've built them from scratch
(Motorola 68701) so I'm well aware that people have no plan for
safeguarding their data which is why they're forced to lock them up.
Define "safeguarding".
Well, I could write a lot about safeguarding because what's different about
me is I'm not clueless like every person who locks their phone is clueless.

For one thing, it means never using "the cloud" for my data, and for
another it means never installing apps which require a login/password when
they don't need a login/password, but it also means extending the safety of
my data to keeping private data in their own locations, in encrypted file
containers, and in securing passwords on the phone in Keepass2Android.

Most people have no clue the contacts (by default) are stored in a contacts
sqlite database on Android - where mine is always kept completely empty.

This is what I mean by people who don't know how to use phones, lock them.

It's a thousand more things, Arno - all of which is why I can safely make
the observation that people who lock their phones don't know technology.

They live in abject fear of everyone around them - which - is kind of sad.
Post by Arno Welzel
Post by Andrew
That was my question of you and Andy (as Carlos wouldn't know anything).
If RCS or MLS require the Internet, then that's not good for privacy.
<https://www.firstpoint-mg.com/blog/ss7-attack-guide/>
I do not disagree that SMS texting can get you in trouble.
Ask Tom Brady about that. :)

(Although he apparently deleted his texts successfully, as far as I know.)
Post by Arno Welzel
Post by Andrew
I guess you're right that MMS uses the "Internet" in a way that doesn't
require a data plan. I assume that's what you're intimating above, Right?
No. MMS uses data transmission and requires a data plan. Without a data
plan, MMS gets *very* expensive since data is then charge by its amount
where even 1 MB of data can cost more than 1 USD.
The main point is simply that any messaging that requires a login/password
to a specific Internet server is a metadata privacy hole by design.

See above where "safeguarding" means not establishing those login/passwords
for things that don't need to have a login/password on an Internet server.
Post by Arno Welzel
Post by Andrew
Post by Arno Welzel
"Well set up" means with lock screen enabled. Otherwise this is only
true if you do not store *any* personal data on it, even no phone numbers.
I keep my personal data in encrypted containers. It's not hard to do.
I keep passwords in KeePassXC (Keepass2Android on the phone) too.
This is what I call "do not store *any* personal data on it, even no
phone numbers" - because an encrypted container is not "storing data on
the phone. An encrypted container can not be used to choose a person to
call in the phone app and you can also not see any calendar entries or
send/recieve messages this way.
Huh? My contacts are NOT in the default sqlite file, on purpose.
But I still have my contacts in each of my communication apps.

I don't have to lock my phone just to keep my contacts private from
Internet servers (which most people upload to without even knowing it).

Even WhatsApp is used without contacts - since it doesn't need them
(if you know how a phone works - which is why I say that anyone who locks
their phone, I feel sorry for - because either they live in the slums, or,
they don't know how to use computers).
Post by Arno Welzel
Also SMS *is* personal data. So if you send or receive SMS you already
have personal data on the phone.
I'm actually surprised you don't understand how SMS is different from
establishing a login/password on an additional Internet server, Arno.

That's the problem Carlos had with his comprehension of technology.
The difference in terms of privacy is huge - where I think the reason you
don't understand how SMS differs from establishing a login/password on an
Internet server is you equate SMS connection to the carrier to establishing
a login/password on an Internet server.

They're not the same.
Post by Arno Welzel
Post by Andrew
Philosophically, I think people who spread their data and logins about on
the phone are the ones who are forced to lock up the phone at the top.
But locking the phone or computer at the top has efficiency penalties.
Android will *encrypt* all data on the device and if you use a lock
procedure *nobody* can access the data on the device storage at all.
Only very old devices (older than 4-5 years) may not support that.
Yeah. I know. I tried that. I don't like it. Although I tried it long ago
when it first came out. I prefer encrypted file containers.

Remember my analogy. You don't need to lock every window and door in the
house and lock the chimney and lock the basement cellar door, etc.

All you need to do is put your valuable jewelry in a locked safe.
It's the same with Android.

I feel sad for people who are so afraid of their wife & children that they
feel they must lock their phone up so that nobody will steal their data.
Post by Arno Welzel
Post by Andrew
It's like keeping the wife's jewelry in the living room and kitchen so that
you're forced to lock the front door with a dozen padlocks just because you
don't know enough to put the jewelry in its own locked safe.
Why "a dozen padlocks"? One lock is enough.
The point is that I feel sorry for people who lock their phone because it
means either they are afraid of every person around them, or they don't
have a clue how a phone works (and probably, it's both of those things).

BTW, I'm quite well aware why MARKETING wants all your data unlocked when
you unlock your phone - as MARKETING is what leads the sheep to slaughter.
Arno Welzel
2024-07-23 07:46:36 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Post by Andrew
My plan is to set up the phone so that it's efficient for...
a. Daily use
b. Backup & restore
c. Privacy
I do the same. And I use my phone daily and also as 2FA for a number of
accounts. And *because* it is also used for 2FA I need some kind of
protection.
Philosophy can & should be different among intelligent knowledgeable
people, where I *never* use MFA/2FA/2SV because of the privacy flaws.
What security flaw is known for TOTP? Can you be more specific?

[...]>> If you don't have any data at all on the phone - yes, then it it
safe
Post by Andrew
Post by Arno Welzel
without any kind of lock.
Huh? I have plenty of personal data on my phone in encrypted containers.
No, you have them in encrypted containers. The same container can be
everywhere else as well. So it is not stored on the phone itself.

[...]
Post by Andrew
Most people lock their phone because they don't use encrypted containers.
Newer Android devices encrypt *all* data stored on them. The whole data
partition is encrypted. And the lock mechanism is part of the security
concept!
Post by Andrew
They live in abject fear, quivering & shaking that their data is insecure.
Bullshit!

[...]
Post by Andrew
Post by Arno Welzel
No. MMS uses data transmission and requires a data plan. Without a data
plan, MMS gets *very* expensive since data is then charge by its amount
where even 1 MB of data can cost more than 1 USD.
The main point is simply that any messaging that requires a login/password
to a specific Internet server is a metadata privacy hole by design.
Which is not the case for many messaging apps.

[...]
Post by Andrew
Post by Arno Welzel
This is what I call "do not store *any* personal data on it, even no
phone numbers" - because an encrypted container is not "storing data on
the phone. An encrypted container can not be used to choose a person to
call in the phone app and you can also not see any calendar entries or
send/recieve messages this way.
Huh? My contacts are NOT in the default sqlite file, on purpose.
You don't understand how Android storage works. There is no "default
sqlite file" for contacts.
Post by Andrew
But I still have my contacts in each of my communication apps.
Then you *have* data stored on your phone! And of course *those*
contacts are *not* in "encrypted containers".
Post by Andrew
I don't have to lock my phone just to keep my contacts private from
Internet servers (which most people upload to without even knowing it).
Enabling a screen lock has *nothing* to do with "keeping contacts
private from internet servers"!
Post by Andrew
Even WhatsApp is used without contacts - since it doesn't need them
(if you know how a phone works - which is why I say that anyone who locks
their phone, I feel sorry for - because either they live in the slums, or,
they don't know how to use computers).
That's one reasone why I don't use WhatsApp.
Post by Andrew
Post by Arno Welzel
Also SMS *is* personal data. So if you send or receive SMS you already
have personal data on the phone.
I'm actually surprised you don't understand how SMS is different from
establishing a login/password on an additional Internet server, Arno.
The SMS messages are personal data!

And about my knowledge: I am a software developer who also maintains
Android apps:

<https://github.com/arnowelzel/>
--
Arno Welzel
https://arnowelzel.de
Andrew
2024-07-23 17:26:14 UTC
Permalink
Post by Arno Welzel
Post by Andrew
Philosophy can & should be different among intelligent knowledgeable
people, where I *never* use MFA/2FA/2SV because of the privacy flaws.
What security flaw is known for TOTP? Can you be more specific?
I said privacy. You said security.
The privacy flaw in MFA/2FA/2SV is obvious. It's that second thing.
Post by Arno Welzel
Post by Andrew
Huh? I have plenty of personal data on my phone in encrypted containers.
No, you have them in encrypted containers. The same container can be
everywhere else as well. So it is not stored on the phone itself.
ah... um... er... huh? I maintain encrypted containers on the device.
I used to use TrueCrypt but moved to VeraCrypt when everyone else did.

The encrypted container is stored on the device itself.
It's just a file on the device.
Post by Arno Welzel
Post by Andrew
Most people lock their phone because they don't use encrypted containers.
Newer Android devices encrypt *all* data stored on them. The whole data
partition is encrypted. And the lock mechanism is part of the security
concept!
Here's where philosophy rules the design since that requires some kind of
lock on the phone, does it not? Remember, I don't put a lock on the phone.

I think people who put locks on their phone don't know how to use a phone.
Or, they live in slums. And they fear every person around them. It's sad.
Post by Arno Welzel
Post by Andrew
They live in abject fear, quivering & shaking that their data is insecure.
Bullshit!
I'm making a point by being dramatic that it's a sad thing that people have
to feel that they have to lock their phone to keep it away from their own
wife and kids and friends and neighbors.

I think people who lock their phones either live in slums and therefore
they need to put bars all over their phone - or they don't know how to use
phones.

There's no reason to lock your phone if you know how a phone works.
Post by Arno Welzel
Post by Andrew
The main point is simply that any messaging that requires a login/password
to a specific Internet server is a metadata privacy hole by design.
Which is not the case for many messaging apps.
But which is the case for default messaging apps (on Android).
Post by Arno Welzel
Post by Andrew
Huh? My contacts are NOT in the default sqlite file, on purpose.
You don't understand how Android storage works. There is no "default
sqlite file" for contacts.
Huh? Maybe you need to look it up before you make that claim.
Normally you're a smart guy so I hope you can back up that claim.
There's ALWAYS a default contacts sqlite database.
It's in different default locations depending on the OEM.
But it's there somewhere.

For example, there are tools to access that default sqlite db.
<https://github.com/alejandrolopezparra/AndroidContactsDatabase-tools>

If you deny that claim, then I'd be glad to learn from you.

Where do YOU think your contacts are stored, by default?
And where do you think SMS messages are stored, by default?
Post by Arno Welzel
Post by Andrew
But I still have my contacts in each of my communication apps.
Then you *have* data stored on your phone! And of course *those*
contacts are *not* in "encrypted containers".
Of course. However, they're just contacts. And, the main point is they're
NEVER uploaded to someone else's servers (which you can't say for sure for
the default sqlite contacts database which every nefarious apps wants).

However.... to your point... you could lock your contacts app if you
actually cared about that level of securing your contacts (which you might
do if you lived in the slums or if you lived in abject fear of your wife).
Post by Arno Welzel
Post by Andrew
I don't have to lock my phone just to keep my contacts private from
Internet servers (which most people upload to without even knowing it).
Enabling a screen lock has *nothing* to do with "keeping contacts
private from internet servers"!
True. This is a conversation so not every sentence has been vetted by my
publicist and lawyer. The point is that if you put the contacts in the
default sqlite location, then you can rest assured that every nefarious app
knows where that is and if they want to, they grab it (e.g., GMail).

Again (and again) it's my belief that people who store their contacts in
the default sqlite database don't know how to use phones with privacy in
mind.
Post by Arno Welzel
Post by Andrew
Even WhatsApp is used without contacts - since it doesn't need them
(if you know how a phone works - which is why I say that anyone who locks
their phone, I feel sorry for - because either they live in the slums, or,
they don't know how to use computers).
That's one reasone why I don't use WhatsApp.
The reason I'm forced to use WhatsApp (without contacts, by the way), is
that I have great grandchildren whose parents send videos via Apple
Messages, but which are destroyed by the default gateway to Android
messaging.

Also, I have relatives in Munchen who, the young ones, are using WhatsApp
almost exclusively, and the older ones I need Google Voice to reach.

So I am forced to maintain:
a. Google Voice (to call POTS lines overseas at a low cost)
b. WhatsApp (to get clear videos & to reach the younger crowd overseas)
c. PulseSMS (to text people in the USA)

It's sad I have to do that. And I know how to use a phone. :)
Post by Arno Welzel
Post by Andrew
Post by Arno Welzel
Also SMS *is* personal data. So if you send or receive SMS you already
have personal data on the phone.
I'm actually surprised you don't understand how SMS is different from
establishing a login/password on an additional Internet server, Arno.
The SMS messages are personal data!
While I fully agree that SMS messages are "personal data", I'm more worried
about someone vacuuming up my metadata to use for nefarious purposes.
Post by Arno Welzel
And about my knowledge: I am a software developer who also maintains
<https://github.com/arnowelzel/>
I respect that you are a developer. I published tutorials on this newsgroup
for using Android Studio but I've never written an app from scratch myself.

I wrote in IBM Assembly Language on the IBM 360 in the seventies, and in
the eighties I wire wrapped my own Motorola 68701 micro controllers and in
the nineties I bootstrapped PDP 11 university machines, graduating to the
DEC VAX/VMS and then SunOS/Solaris machines well before Linux was a thing.

My first language was Fortran before Fortran 77 even existed, and then I
took PL/1 before C existed and I took COBOL (which is a crazy language).

After COBOL, I gave up on programming. I was burned out. They all do the
same thing with different syntax. :)

I respect your acumen.
Arno Welzel
2024-07-26 15:23:24 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Post by Andrew
Philosophy can & should be different among intelligent knowledgeable
people, where I *never* use MFA/2FA/2SV because of the privacy flaws.
What security flaw is known for TOTP? Can you be more specific?
I said privacy. You said security.
The privacy flaw in MFA/2FA/2SV is obvious. It's that second thing.
What "privacy flaw" are you talking about?

[...]
Post by Andrew
Post by Arno Welzel
Newer Android devices encrypt *all* data stored on them. The whole data
partition is encrypted. And the lock mechanism is part of the security
concept!
Here's where philosophy rules the design since that requires some kind of
lock on the phone, does it not? Remember, I don't put a lock on the phone.
I think people who put locks on their phone don't know how to use a phone.
Or, they live in slums. And they fear every person around them. It's sad.
I give up - you don't get it.
--
Arno Welzel
https://arnowelzel.de
Alan
2024-07-26 15:34:58 UTC
Permalink
Post by Arno Welzel
Post by Andrew
Post by Arno Welzel
Post by Andrew
Philosophy can & should be different among intelligent knowledgeable
people, where I *never* use MFA/2FA/2SV because of the privacy flaws.
What security flaw is known for TOTP? Can you be more specific?
I said privacy. You said security.
The privacy flaw in MFA/2FA/2SV is obvious. It's that second thing.
What "privacy flaw" are you talking about?
[...]
Post by Andrew
Post by Arno Welzel
Newer Android devices encrypt *all* data stored on them. The whole data
partition is encrypted. And the lock mechanism is part of the security
concept!
Here's where philosophy rules the design since that requires some kind of
lock on the phone, does it not? Remember, I don't put a lock on the phone.
I think people who put locks on their phone don't know how to use a phone.
Or, they live in slums. And they fear every person around them. It's sad.
I give up - you don't get it.
It's hilarious.

He talks about people who lock their phones living in "slums"...

...but those who lock the data ON their phones are perfectly normal!

LOL
Arno Welzel
2024-07-26 16:11:41 UTC
Permalink
[...]
Post by Alan
Post by Arno Welzel
Post by Andrew
Here's where philosophy rules the design since that requires some kind of
lock on the phone, does it not? Remember, I don't put a lock on the phone.
I think people who put locks on their phone don't know how to use a phone.
Or, they live in slums. And they fear every person around them. It's sad.
I give up - you don't get it.
It's hilarious.
He talks about people who lock their phones living in "slums"...
...but those who lock the data ON their phones are perfectly normal!
LOL
Yes - and especially when considering that an encrypted container also
requires some kind of password or key to be useful. If the encryption
would happen automatically without and interaction, the data would be
completely unprotected if some other person gets access to the phone.
--
Arno Welzel
https://arnowelzel.de
Andrew
2024-07-27 03:21:24 UTC
Permalink
Post by Arno Welzel
Yes - and especially when considering that an encrypted container also
requires some kind of password or key to be useful. If the encryption
would happen automatically without and interaction, the data would be
completely unprotected if some other person gets access to the phone.
You don't get it, and that's OK because efficiency isn't your thing.

HINT: How many times do you unlock your phone just to use it, versus how
many times you unlock your encrypted containers?

Think about that.

It's a hundred to one. Maybe five hundred to a thousand to one.

The fact efficiency isn't in your thought process is why you think
unlocking your phone a thousand times a day is something you enjoy.

Me?

I unlock when I need to unlock. Which is once a week, if that.

If you don't understand the concept by now, you never will.
So we may as well give up.

You'll never convince me that unlocking a phone a thousand times is more
efficient than unlocking it once - when you need your data unlocked.

And I'm never going to convince you that NOT unlocking your phone a
thousand times is more efficient than unlocking it once - when you need to.

If you don't get it by now, you never will. And that's OK.
Some people enjoy being inefficient. It makes them feel better.
Arno Welzel
2024-07-27 12:53:02 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Yes - and especially when considering that an encrypted container also
requires some kind of password or key to be useful. If the encryption
would happen automatically without and interaction, the data would be
completely unprotected if some other person gets access to the phone.
You don't get it, and that's OK because efficiency isn't your thing.
HINT: How many times do you unlock your phone just to use it, versus how
many times you unlock your encrypted containers?
Think about that.
That's irrelevant since you have to unlock any container *ALWAYS* to
access information on it.

And I unlock my phone *ONLY* to access private information on it, since
this is the sole purpose for it - to store private information.
Post by Andrew
The fact efficiency isn't in your thought process is why you think
unlocking your phone a thousand times a day is something you enjoy.
Me?
I unlock when I need to unlock. Which is once a week, if that.
I unlock when I need to unlock. Which is every time when I use my phone,
because on my phone there is no "public" information at all! EVERY data
on that is private! Having an encrypted container which I would access
only once a week would make no sense at all to me.
--
Arno Welzel
https://arnowelzel.de
Alan
2024-07-27 18:46:46 UTC
Permalink
Post by Arno Welzel
Post by Andrew
Post by Arno Welzel
Yes - and especially when considering that an encrypted container also
requires some kind of password or key to be useful. If the encryption
would happen automatically without and interaction, the data would be
completely unprotected if some other person gets access to the phone.
You don't get it, and that's OK because efficiency isn't your thing.
HINT: How many times do you unlock your phone just to use it, versus how
many times you unlock your encrypted containers?
Think about that.
That's irrelevant since you have to unlock any container *ALWAYS* to
access information on it.
And I unlock my phone *ONLY* to access private information on it, since
this is the sole purpose for it - to store private information.
Post by Andrew
The fact efficiency isn't in your thought process is why you think
unlocking your phone a thousand times a day is something you enjoy.
Me?
I unlock when I need to unlock. Which is once a week, if that.
I unlock when I need to unlock. Which is every time when I use my phone,
because on my phone there is no "public" information at all! EVERY data
on that is private! Having an encrypted container which I would access
only once a week would make no sense at all to me.
Exactly.
Andrew
2024-07-27 19:12:42 UTC
Permalink
Post by Arno Welzel
Post by Andrew
HINT: How many times do you unlock your phone just to use it, versus how
many times you unlock your encrypted containers?
Think about that.
That's irrelevant since you have to unlock any container *ALWAYS* to
access information on it.
And I unlock my phone *ONLY* to access private information on it, since
this is the sole purpose for it - to store private information.
Post by Andrew
The fact efficiency isn't in your thought process is why you think
unlocking your phone a thousand times a day is something you enjoy.
Me?
I unlock when I need to unlock. Which is once a week, if that.
I unlock when I need to unlock. Which is every time when I use my phone,
because on my phone there is no "public" information at all! EVERY data
on that is private! Having an encrypted container which I would access
only once a week would make no sense at all to me.
Hi Arno,
Let's give up as you're not stupid but you're not getting the point about
unlocking a phone 1000 times versus only unlocking that same phone once.

I get it you use file system encryption, and I get it that you consider the
entire phone to be private data - so for you, unlocking it 1000 times is a
worthwhile tradeoff to my unlocking of my phone only once for your
thousand.

Let's just leave it at that, as people can disagree on philosophy as long
as they don't disagree on the facts.

For every thousand times you unlock your phone, I unlock mine once.
I consider my method efficient and your method inefficient.
You consider my method inefficient and your method efficient.

And that's OK.
As long as we agree on the facts, that's all that matters.
Alan
2024-07-27 19:51:52 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Post by Andrew
HINT: How many times do you unlock your phone just to use it, versus how
many times you unlock your encrypted containers?
Think about that.
That's irrelevant since you have to unlock any container *ALWAYS* to
access information on it.
And I unlock my phone *ONLY* to access private information on it, since
this is the sole purpose for it - to store private information.
Post by Andrew
The fact efficiency isn't in your thought process is why you think
unlocking your phone a thousand times a day is something you enjoy.
Me?
I unlock when I need to unlock. Which is once a week, if that.
I unlock when I need to unlock. Which is every time when I use my phone,
because on my phone there is no "public" information at all! EVERY data
on that is private! Having an encrypted container which I would access
only once a week would make no sense at all to me.
Hi Arno,
Let's give up as you're not stupid but you're not getting the point about
unlocking a phone 1000 times versus only unlocking that same phone once.
You're doing what you always do: focusing on something that is in
reality trivial and making it the hill you want to die on.

Who cares how many times a day I unlock my phone...

...if it doesn't inconvenience me at all to do so?
The Real Bev
2024-07-28 01:46:11 UTC
Permalink
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning about
half the time) I'd be willing to do that. NOT if I have to do it every
time the screen goes blank, which I have it set to do after 2 minutes.
--
Cheers, Bev
All bleeding eventually stops.
Alan
2024-07-28 01:51:38 UTC
Permalink
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning about
half the time) I'd be willing to do that.  NOT if I have to do it every
time the screen goes blank, which I have it set to do after 2 minutes.
If it unlocks before you can even do anything?

My phone unlocks with my thumbprint by the time I can see the screen.
The Real Bev
2024-07-28 03:33:48 UTC
Permalink
Post by Alan
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning about
half the time) I'd be willing to do that.  NOT if I have to do it every
time the screen goes blank, which I have it set to do after 2 minutes.
If it unlocks before you can even do anything?
It's annoying enough to have to push the button, but I don't see any way
around that.
Post by Alan
My phone unlocks with my thumbprint by the time I can see the screen.
After my experience with the thumb-reader at the gym I'm not about to
trust the phone's. I suddenly want to take a picture and have to fumble
with the switch AND the thumb-reader? No.
--
Cheers, Bev
Horn broken. Watch for finger.
Alan
2024-07-28 05:24:46 UTC
Permalink
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning
about half the time) I'd be willing to do that.  NOT if I have to do
it every time the screen goes blank, which I have it set to do after
2 minutes.
If it unlocks before you can even do anything?
It's annoying enough to have to push the button, but I don't see any way
around that.
I'm sorry, but I want to understand:

Pushing a button...

...is "annoying"?
Post by The Real Bev
Post by Alan
My phone unlocks with my thumbprint by the time I can see the screen.
After my experience with the thumb-reader at the gym I'm not about to
trust the phone's.  I suddenly want to take a picture and have to fumble
with the switch AND the thumb-reader?  No.
You don't have to "fumble" with anything to take a picture, so...
The Real Bev
2024-07-29 02:34:45 UTC
Permalink
Post by Alan
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning
about half the time) I'd be willing to do that.  NOT if I have to do
it every time the screen goes blank, which I have it set to do after
2 minutes.
If it unlocks before you can even do anything?
It's annoying enough to have to push the button, but I don't see any way
around that.
Pushing a button...
...is "annoying"?
My Lenovo tablet, otherwise in fine shape, is useless because the little
plastic actuaor that actually pushes the switch no longer reaches the
switch. I can only assume wear. I don't want to replace my phone
because of something stupid like that. I can take the tablet apart, but
the phone needs to be glued. No.
Post by Alan
Post by The Real Bev
Post by Alan
My phone unlocks with my thumbprint by the time I can see the screen.
After my experience with the thumb-reader at the gym I'm not about to
trust the phone's.  I suddenly want to take a picture and have to fumble
with the switch AND the thumb-reader?  No.
You don't have to "fumble" with anything to take a picture, so...
Rotate phone.
Half-push the power button with thumb because of the oddness of the case..
[tap/touch finger-sensor]
Re-position the camera.
Tap the circle.
Butterfly gone.

Small-muscle clumsiness is the reason that some of us would never be
good musicians. Also causes problems with object manipulation.
--
Cheers, Bev
"I love to go down to the schoolyard and watch all the
little children jump up and down and run around yelling and
screaming...They don't know I'm only using blanks." --Emo
AJL
2024-07-29 05:01:07 UTC
Permalink
Post by The Real Bev
My Lenovo tablet, otherwise in fine shape, is useless because the
little plastic actuaor that actually pushes the switch no longer
reaches the switch. I can only assume wear.
One of my earlier Android tablets woke up when it was picked up (moved).
So no need to use its switch in everyday use.
Post by The Real Bev
I don't want to replace my phone because of something stupid like
that.
My current Android phone (Galaxy S10+) wakes up with a double tap to the
screen. Again no need to use (and wear out?) the switch.

This of course won't help you currently, but I suggest for your future
device purchases that you get one with this capability. It should help
with your switch paranoia... ;)
The Real Bev
2024-07-29 14:07:14 UTC
Permalink
Post by AJL
Post by The Real Bev
My Lenovo tablet, otherwise in fine shape, is useless because the
little plastic actuator that actually pushes the switch no longer
reaches the switch. I can only assume wear.
One of my earlier Android tablets woke up when it was picked up (moved).
So no need to use its switch in everyday use.
That means leaving it on when I'm not using it, which I don't like to do
-- especially since I use it only once in a couple of months.
Post by AJL
Post by The Real Bev
I don't want to replace my phone because of something stupid like
that.
My current Android phone (Galaxy S10+) wakes up with a double tap to the
screen. Again no need to use (and wear out?) the switch.
This of course won't help you currently, but I suggest for your future
device purchases that you get one with this capability. It should help
with your switch paranoia... ;)
I chose the Pixel2 because of the camera quality (and the price, of
course), which is what I mostly use it for. Nonetheless, I will take
your counsel under advisement.
--
Cheers, Bev
"The problem with defending the purity of the English language is that
English is about as pure as a cribhouse whore. We don't just borrow
words; on occasion, English has pursued other languages down
alleyways to beat them unconscious and rifle their pockets for
new vocabulary." --James D. Nicoll
AJL
2024-07-29 15:48:51 UTC
Permalink
Post by The Real Bev
Post by AJL
Post by The Real Bev
My Lenovo tablet, otherwise in fine shape, is useless because the
little plastic actuator that actually pushes the switch no longer
reaches the switch. I can only assume wear.
One of my earlier Android tablets woke up when it was picked up (moved).
So no need to use its switch in everyday use.
That means leaving it on when I'm not using it, which I don't like to do
-- especially since I use it only once in a couple of months.
If your switch broke while only using the tablet once every couple of
months it was likely a manufacturing defect. Probably won't happen
again. FWIW I've had several Lenovo tablets (both Android and Chrome)
over the years and nary a problem.
Post by The Real Bev
Post by AJL
Post by The Real Bev
I don't want to replace my phone because of something stupid like
that.
My current Android phone (Galaxy S10+) wakes up with a double tap to the
screen. Again no need to use (and wear out?) the switch.
This of course won't help you currently, but I suggest for your future
device purchases that you get one with this capability. It should help
with your switch paranoia... ;)
I chose the Pixel2 because of the camera quality (and the price, of
course), which is what I mostly use it for. Nonetheless, I will take
your counsel under advisement.
This video on the Pixel 2 shows the fingerprint sensor waking/sleeping
the phone just like my Galaxy S10+ does with the double screen tap. So
you apparently do have the capability of not having to use the switch.

My Galaxy S10+ also has this capability of waking/sleeping using a
fingerprint. But mine works poorly and I find the double tap + pin
actually quicker (and much less frustrating). Perhaps your fingerprint
lock is frustrating as well?

<https://www.gsmarena.com/google_pixel_2-8733.php>
The Real Bev
2024-07-29 18:47:53 UTC
Permalink
Post by AJL
Post by The Real Bev
Post by AJL
Post by The Real Bev
My Lenovo tablet, otherwise in fine shape, is useless because the
little plastic actuator that actually pushes the switch no longer
reaches the switch. I can only assume wear.
One of my earlier Android tablets woke up when it was picked up (moved).
So no need to use its switch in everyday use.
That means leaving it on when I'm not using it, which I don't like to do
-- especially since I use it only once in a couple of months.
If your switch broke while only using the tablet once every couple of
months it was likely a manufacturing defect. Probably won't happen
again. FWIW I've had several Lenovo tablets (both Android and Chrome)
over the years and nary a problem.
That does seem likely, but 'wear' seems like a reasonable mechanism. It
worked for over a year and then started not working occasionally and
ended up not working at all. I added a thin plastic shim which made it
work a few more times. I just don't feel like taking it apart again to
see what happened. I can easily push the actual switch when the back is
off, and "too short" really seems like the problem -- and it seems kind
of irrational that this tiny plastic part could be made of cheesier
plastic than the rest of the device.
Post by AJL
Post by The Real Bev
Post by AJL
Post by The Real Bev
I don't want to replace my phone because of something stupid like
that.
My current Android phone (Galaxy S10+) wakes up with a double tap to the
screen. Again no need to use (and wear out?) the switch.
This of course won't help you currently, but I suggest for your future
device purchases that you get one with this capability. It should help
with your switch paranoia... ;)
I chose the Pixel2 because of the camera quality (and the price, of
course), which is what I mostly use it for. Nonetheless, I will take
your counsel under advisement.
This video on the Pixel 2 shows the fingerprint sensor waking/sleeping
the phone just like my Galaxy S10+ does with the double screen tap. So
you apparently do have the capability of not having to use the switch.
Possibly, but I really don't want to trust something where failure
causes total inoperability when I don't have to.

Shit happens a lot more frequently than it ought to.

Case in point: I bought a data SIM for the Pixel and was setting up
google voice to work with it. As I held the phone to my ear it let out
a loud shriek that bothered someone sitting across the room from me. I
immediately lost roughly half the hearing in that ear and it hasn't come
back nearly a year later. When they tell you not to listen to loud
music they're giving you good advice -- but nobody ever said that a
single blast would do permanent damage. I didn't think it was possible
for the phone to make that loud a noise -- music is pitiful and phone
conversations in 'speaker' mode are just adequate.

Shit happens.
Post by AJL
My Galaxy S10+ also has this capability of waking/sleeping using a
fingerprint. But mine works poorly and I find the double tap + pin
actually quicker (and much less frustrating). Perhaps your fingerprint
lock is frustrating as well?
Unwilling to even test it!
Post by AJL
<https://www.gsmarena.com/google_pixel_2-8733.php>
I like gsmarena. I wish there were more sites like that for different
electronic products which are essentially black boxes. Trying to chose
a fitness/smartwatch is an exercise in pain.
--
Cheers, Bev
"No matter how cynical I get, it's just never enough to keep up."
--Lily Tomlin
Alan
2024-07-29 20:12:14 UTC
Permalink
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning
about half the time) I'd be willing to do that.  NOT if I have to
do it every time the screen goes blank, which I have it set to do
after 2 minutes.
If it unlocks before you can even do anything?
It's annoying enough to have to push the button, but I don't see any
way around that.
Pushing a button...
...is "annoying"?
My Lenovo tablet, otherwise in fine shape, is useless because the little
plastic actuaor that actually pushes the switch no longer reaches the
switch.  I can only assume wear.  I don't want to replace my phone
because of something stupid like that.  I can take the tablet apart, but
the phone needs to be glued.  No.
Post by Alan
Post by The Real Bev
Post by Alan
My phone unlocks with my thumbprint by the time I can see the screen.
After my experience with the thumb-reader at the gym I'm not about to
trust the phone's.  I suddenly want to take a picture and have to
fumble with the switch AND the thumb-reader?  No.
You don't have to "fumble" with anything to take a picture, so...
Rotate phone.
Half-push the power button with thumb because of the oddness of the case..
[tap/touch finger-sensor]
Re-position the camera.
Tap the circle.
Butterfly gone.
Small-muscle clumsiness is the reason that some of us would never be
good musicians.  Also causes problems with object manipulation.
So your argument is that unlocking a phone with a home button is bad...

...because yours happens to be broken?
The Real Bev
2024-07-30 04:26:03 UTC
Permalink
Post by Alan
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning
about half the time) I'd be willing to do that.  NOT if I have to
do it every time the screen goes blank, which I have it set to do
after 2 minutes.
If it unlocks before you can even do anything?
It's annoying enough to have to push the button, but I don't see any
way around that.
Pushing a button...
...is "annoying"?
My Lenovo tablet, otherwise in fine shape, is useless because the little
plastic actuaor that actually pushes the switch no longer reaches the
switch.  I can only assume wear.  I don't want to replace my phone
because of something stupid like that.  I can take the tablet apart, but
the phone needs to be glued.  No.
Post by Alan
Post by The Real Bev
Post by Alan
My phone unlocks with my thumbprint by the time I can see the screen.
After my experience with the thumb-reader at the gym I'm not about to
trust the phone's.  I suddenly want to take a picture and have to
fumble with the switch AND the thumb-reader?  No.
You don't have to "fumble" with anything to take a picture, so...
Rotate phone.
Half-push the power button with thumb because of the oddness of the case..
[tap/touch finger-sensor]
Re-position the camera.
Tap the circle.
Butterfly gone.
Small-muscle clumsiness is the reason that some of us would never be
good musicians.  Also causes problems with object manipulation.
So your argument is that unlocking a phone with a home button is bad...
What is a home button? Do you mean power button?
Post by Alan
...because yours happens to be broken?
Not broken; I don't like subjecting things to unnecessary wear and I'm
clumsy. I'd also like the tiny fonts used by so many apps to be larger
-- WTF are they saving that whitespace for?

We all need more config options, not fewer.
--
Cheers, Bev
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"Friends help you move. *Real* friends help you move bodies."
--A. Walker
Alan
2024-07-30 04:48:48 UTC
Permalink
Post by Alan
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning
about half the time) I'd be willing to do that.  NOT if I have to
do it every time the screen goes blank, which I have it set to do
after 2 minutes.
If it unlocks before you can even do anything?
It's annoying enough to have to push the button, but I don't see
any way around that.
Pushing a button...
...is "annoying"?
My Lenovo tablet, otherwise in fine shape, is useless because the
little plastic actuaor that actually pushes the switch no longer
reaches the switch.  I can only assume wear.  I don't want to replace
my phone because of something stupid like that.  I can take the
tablet apart, but the phone needs to be glued.  No.
Post by Alan
Post by The Real Bev
Post by Alan
My phone unlocks with my thumbprint by the time I can see the screen.
After my experience with the thumb-reader at the gym I'm not about
to trust the phone's.  I suddenly want to take a picture and have
to fumble with the switch AND the thumb-reader?  No.
You don't have to "fumble" with anything to take a picture, so...
Rotate phone.
Half-push the power button with thumb because of the oddness of the case..
[tap/touch finger-sensor]
Re-position the camera.
Tap the circle.
Butterfly gone.
Small-muscle clumsiness is the reason that some of us would never be
good musicians.  Also causes problems with object manipulation.
So your argument is that unlocking a phone with a home button is bad...
What is a home button?  Do you mean power button?
Nope. I mean a home button.

It's on the bottom of some iPhones.
Post by Alan
...because yours happens to be broken?
Not broken;  I don't like subjecting things to unnecessary wear and I'm
clumsy.  I'd also like the tiny fonts used by so many apps to be larger
-- WTF are they saving that whitespace for?
We all need more config options, not fewer.
You're deflecting now.

Andy Burns
2024-07-28 07:42:39 UTC
Permalink
Post by The Real Bev
Post by Alan
Who cares how many times a day I unlock my phone...
...if it doesn't inconvenience me at all to do so?
If I only needed to unlock it when I turned it on (in the morning about
half the time) I'd be willing to do that.  NOT if I have to do it every
time the screen goes blank, which I have it set to do after 2 minutes.
Do you have a bluetooth device that never leaves the building?
Set your phone to remain unlocked so long as it can see that device.

<https://support.google.com/pixelphone/answer/6093922>
Andrew
2024-07-29 11:40:48 UTC
Permalink
Post by Andy Burns
Do you have a bluetooth device that never leaves the building?
Set your phone to remain unlocked so long as it can see that device.
<https://support.google.com/pixelphone/answer/6093922>
With respect to bluetooth...

Thanks for that pointer as what's interesting is my bluetooth is off unless
I need it, which means it's in only one of three situations in daily life:
a. If I'm home, the bluetooth is off
b. If I'm driving, it's often on (especially if I'm routing)
c. Once I exit the vehicle, I instantly turn bluetooth off

I suspect (but haven't investigated) that many stores can use your
bluetooth to track your movements inside a store, so generally I set
airplane mode on in the specific situation of entering a building.
Andy Burns
2024-07-29 11:47:05 UTC
Permalink
Post by Andrew
Post by Andy Burns
Do you have a bluetooth device that never leaves the building?
Set your phone to remain unlocked so long as it can see that device.
<https://support.google.com/pixelphone/answer/6093922>
With respect to bluetooth...
Thanks for that pointer as what's interesting is my bluetooth is off unless
I need it
If your wifi is on, you can use it for a geo-fenced version of remaining
unlocked
Alan
2024-07-27 18:46:22 UTC
Permalink
Post by Andrew
Post by Arno Welzel
Yes - and especially when considering that an encrypted container also
requires some kind of password or key to be useful. If the encryption
would happen automatically without and interaction, the data would be
completely unprotected if some other person gets access to the phone.
You don't get it, and that's OK because efficiency isn't your thing.
HINT: How many times do you unlock your phone just to use it, versus how
many times you unlock your encrypted containers?
I unlock my phone instantly every time I pick it up.
Post by Andrew
Think about that.
It's a hundred to one. Maybe five hundred to a thousand to one.
The fact efficiency isn't in your thought process is why you think
unlocking your phone a thousand times a day is something you enjoy.
Me?
I unlock when I need to unlock. Which is once a week, if that.
So your encrypted data can't be very important to your life.
Post by Andrew
If you don't understand the concept by now, you never will.
So we may as well give up.
You'll never convince me that unlocking a phone a thousand times is more
efficient than unlocking it once - when you need your data unlocked.
And I'm never going to convince you that NOT unlocking your phone a
thousand times is more efficient than unlocking it once - when you need to.
If you don't get it by now, you never will. And that's OK.
Some people enjoy being inefficient. It makes them feel better.
s|b
2024-07-20 20:29:08 UTC
Permalink
Post by Arno Welzel
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
I've 'locked' my computer with a PIN code, but if they want my data,
it's on the unencrypted D: drive.
--
s|b
Andrew
2024-07-21 00:02:12 UTC
Permalink
Post by s|b
Post by Arno Welzel
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
I've 'locked' my computer with a PIN code, but if they want my data,
it's on the unencrypted D: drive.
What matters, both philosophically & technically, is you have a plan for
a. Efficient daily use
b. Easy backup & restore
c. Secure personal data

Those who don't know computers don't have a plan and hence they're forced
to lock it up (and to use "someone else's computer" to backup their data).

Back to the topic at hand, if RCS/MLS require a login/password on an
Internet server through which all the messages go, that's terrible for
privacy.

Sure, the messages are encrypted; but the metadata is your privacy.
Alan
2024-07-21 00:39:12 UTC
Permalink
Post by Andrew
Post by s|b
Post by Arno Welzel
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
I've 'locked' my computer with a PIN code, but if they want my data,
it's on the unencrypted D: drive.
What matters, both philosophically & technically, is you have a plan for
a. Efficient daily use
Yes. Unlocking my phone with a fingerprint or (shortly) my face is very
efficient.
Post by Andrew
b. Easy backup & restore
My phone backs up securely to the cloud in encrypted form.
Post by Andrew
c. Secure personal data
All the data on my phone is encrypted.
Post by Andrew
Those who don't know computers don't have a plan and hence they're forced
to lock it up (and to use "someone else's computer" to backup their data).
Why is locking up one's computer not a part of that plan?

How do you unlock your "secure personal data"?
Post by Andrew
Back to the topic at hand, if RCS/MLS require a login/password on an
Internet server through which all the messages go, that's terrible for
privacy.
Sure, the messages are encrypted; but the metadata is your privacy.
As I've stated before and as it has apparently not yet sunk in:

1. RCS and MLS are protocols for sending and receiving messages. Exactly
how one connects to a messaging service is not a part of them.

2. EVERY SINGLE MESSAGING SERVICE THERE IS requires you to identify
yourself and in a manner that is secured by some process. i.e. LOG IN.
That process might be unseen by you on a day to day basis, but it MUST
EXIST.

Without that, anyone can pretend to be you to the service and receive
messages (perhaps very private messages) intended for you, and can send
messages to others AS IF they were you.

The only messaging service most people use that doesn't require them to
perform the standard login of providing a username and a password, is
SMS/MMS messaging via the cellular network, but that requires your SIM
card to do it. "SIM" literally stands for "Subscriber IDENTITY Module".

When you insert the SIM provided by your cellular carrier, you make your
phone identifiable as belonging to YOU.

And if you were looking for a good reason to lock your phone with a PIN
(or fingerprint or facial recognition), there it is:

Without it, is someone gets a hold of your phone, they can send messages
that purport to be from YOU.
Arno Welzel
2024-07-21 11:55:59 UTC
Permalink
Andrew, 2024-07-21 02:02:

[...]> Back to the topic at hand, if RCS/MLS require a login/password on an
Post by Andrew
Internet server through which all the messages go, that's terrible for
privacy.
It doesn't. It just uses the existing internet connection.
Post by Andrew
Sure, the messages are encrypted; but the metadata is your privacy.
No, messages are not encrypted in RCS. This is a proprietary extension
by Google and *not* part of the RCS standard. When sending RCS messages
to non-Android-devices they are not encrypted at all.
--
Arno Welzel
https://arnowelzel.de
Arno Welzel
2024-07-21 11:54:23 UTC
Permalink
Post by s|b
Post by Arno Welzel
I also lock my computers - without usernamen/password none of my
computers can be used. And I've been working as software developer,
network administrator and team lead in the IT industry for 30 years now.
I've 'locked' my computer with a PIN code, but if they want my data,
it's on the unencrypted D: drive.
I don't have any unencrypted drives.
--
Arno Welzel
https://arnowelzel.de
Alan
2024-07-08 20:49:22 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
Thus you can not make messages.
Yes, but my point was Android works well without creating a mothership
login/password - as long as the device has Wi-Fi Internet capabilities.
The discussion was messaging services.

And those services require identiy.
Post by Andrew
The point being that, unlike Apple devices which are designed as dumb
terminals that can't do what people love about them without creating a
login to mothership Internet servers, the Android device is designed such
that you never need to create an account on the device to motherships.
I'm sorry but that is completely false.

Actually... ...I'm not sorry.
Post by Andrew
Now, let's take the case of a tablet/phone with a SIM card, shall we.
Sure.
Post by Andrew
Q: What changes in terms of requiring a login/password to a mothership?
A: Nothing. There is no need to create mothership login/password.
That was the sound of goalposts being dragged.
Post by Andrew
As an example, I don't have a mothership login/password on my Android
device, and I can make/receive phone calls and make/receive MMS/SMS.
If you "login" with a SIM card.
Post by Andrew
What makes anyone think I have to create a new login/password on my Android
phone or tablet (which has a SIM card) just for calls & messages?
That is what is called a "straw man argument".
Post by Andrew
Makes no sense.
Alan
2024-07-08 16:04:21 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by s|b
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
Hi Carlos,
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
In that case, where is this login you speak of when I power them up?
How can you send and receive messages with those devices?
Carlos E. R.
2024-07-08 18:48:26 UTC
Permalink
Post by Alan
Post by Andrew
Post by Carlos E. R.
Post by s|b
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
Hi Carlos,
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
In that case, where is this login you speak of when I power them up?
How can you send and receive messages with those devices?
Any messaging platform will require some kind of login. And an SMS
replacement messaging platform will require a phone number associated,
thus a SIM card active.
--
Cheers,
Carlos E.R.
Alan
2024-07-08 18:48:47 UTC
Permalink
Post by Carlos E. R.
Post by Alan
Post by Andrew
Post by Carlos E. R.
Post by s|b
How about telephone number. RCS can be used in the default Android SMS
(text) app, but both recipients need to support it. I tried it once with
my brother. No login needed.
You are mistaken. There is a login to the phone when you power it up.
Hi Carlos,
Let's take the simplest case, which is I have a drawer full of Android
tablets in front of me, where I can easily connect them to the Internet,
and with that I can do everything but make cellular phone calls, right?
In that case, where is this login you speak of when I power them up?
How can you send and receive messages with those devices?
Any messaging platform will require some kind of login. And an SMS
replacement messaging platform will require a phone number associated,
thus a SIM card active.
Exactly.
Andrew
2024-07-08 20:44:55 UTC
Permalink
Post by Carlos E. R.
Post by Alan
How can you send and receive messages with those devices?
Any messaging platform will require some kind of login. And an SMS
replacement messaging platform will require a phone number associated,
thus a SIM card active.
Hi Carlos,

When you use "some kind of login", what I mean by a login/password account
on an Internet server is specifically setting up an account on the phone to
that mothership server (e.g., to Google) which is not required on Android.

As Andy noted, plenty of people are incredibly stupid so they do set up a
login/password to Google servers on their phone - but it's never required.

Hell, I must have dozens of Google email addresses and I get my mail on
Android just fine *without* setting up a login/password to a Google account
on my phone. But I know how a phone works. Most people are clueless.

The connection to the cellular provider is a completely different thing
than is the connection to an Internet server by the way.

If you can't tell the difference, no wonder you're saying what you did.

The fact is that an Android phone works fine WITHOUT setting up a
login/password to a server on the Internet - whether you know that or not.

1. I have no Internet account set up on my phone
2. And my phone makes & receives calls just fine
3. And it makes & receives SMS/MMS texts just fine

Hell, even the dumb-terminal Apple devices can make & receive SMS/MMS texts
just fine without the user having to log into Apple's mothership servers.

In summary, anyone claiming the mothership Internet account/password is
required doesn't understand even the simplest of the basics of Android.
Alan
2024-07-08 20:50:16 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Alan
How can you send and receive messages with those devices?
Any messaging platform will require some kind of login. And an SMS
replacement messaging platform will require a phone number associated,
thus a SIM card active.
Hi Carlos,
When you use "some kind of login", what I mean by a login/password account
on an Internet server is specifically setting up an account on the phone to
that mothership server (e.g., to Google) which is not required on Android.
That's not what you meant when this discussion commenced.
Post by Andrew
As Andy noted, plenty of people are incredibly stupid so they do set up a
login/password to Google servers on their phone - but it's never required.
Hell, I must have dozens of Google email addresses and I get my mail on
Android just fine *without* setting up a login/password to a Google account
on my phone. But I know how a phone works. Most people are clueless.
The connection to the cellular provider is a completely different thing
than is the connection to an Internet server by the way.
If you can't tell the difference, no wonder you're saying what you did.
The fact is that an Android phone works fine WITHOUT setting up a
login/password to a server on the Internet - whether you know that or not.
1. I have no Internet account set up on my phone
2. And my phone makes & receives calls just fine
3. And it makes & receives SMS/MMS texts just fine
Hell, even the dumb-terminal Apple devices can make & receive SMS/MMS texts
just fine without the user having to log into Apple's mothership servers.
In summary, anyone claiming the mothership Internet account/password is
required doesn't understand even the simplest of the basics of Android.
Carlos E. R.
2024-07-09 11:07:39 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Alan
How can you send and receive messages with those devices?
Any messaging platform will require some kind of login. And an SMS
replacement messaging platform will require a phone number associated,
thus a SIM card active.
Hi Carlos,
When you use "some kind of login", what I mean by a login/password account
on an Internet server is specifically setting up an account on the phone to
that mothership server (e.g., to Google) which is not required on Android.
As Andy noted, plenty of people are incredibly stupid so they do set up a
login/password to Google servers on their phone - but it's never required.
Thank you for calling 99% of the population using androids stupid.

Plonk.
--
Cheers,
Carlos E.R.
Andrew
2024-07-09 13:16:40 UTC
Permalink
Post by Carlos E. R.
Post by Andrew
As Andy noted, plenty of people are incredibly stupid so they do set up a
login/password to Google servers on their phone - but it's never required.
Thank you for calling 99% of the population using androids stupid.
Now that we've established that anyone who says you must log into an
Internet server in order to use Android is ignorant of how phones work...

The original question that brought it up still remains unanswered...

Q: Does Google Messages with RCS/MLS require a login account for both users
who wish to communicate on an end-to-end encrypted chat?
A: Yes or no.

If so, there's a privacy issue there...
Alan
2024-07-09 16:16:09 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
As Andy noted, plenty of people are incredibly stupid so they do set up a
login/password to Google servers on their phone - but it's never required.
Thank you for calling 99% of the population using androids stupid.
Now that we've established that anyone who says you must log into an
Internet server in order to use Android is ignorant of how phones work...
The original question that brought it up still remains unanswered...
Q: Does Google Messages with RCS/MLS require a login account for both users
who wish to communicate on an end-to-end encrypted chat?
A: Yes or no.
Yes. If you don't log in, how would a messaging service know where to
direct messages sent to you, you idiot?
Post by Andrew
If so, there's a privacy issue there...
No. Not if the login can be created without any personally identifying
information.
Bill Powell
2024-07-09 16:38:20 UTC
Permalink
Post by Alan
Yes. If you don't log in, how would a messaging service know where to
direct messages sent to you, you idiot?
Nobody on Android has to log into a server to use their mms sms app.

If your Android phone requires it, then you're doing something wrong.

What Android phone are you using which requires a login account?
Andy Burns
2024-07-09 16:46:35 UTC
Permalink
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
The credentials to use sms/mms are stored in the SIM ...
Bill Powell
2024-07-09 16:51:57 UTC
Permalink
Post by Andy Burns
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
The credentials to use sms/mms are stored in the SIM ...
But that works independent of any Internet login password server accounts.

Nobody on Android has to connect to the Internet with a login & password
account just to use the default messaging that comes with every Android.

Not sure about MLS or RCS though, as that's not the default, is it?
Alan
2024-07-09 17:52:35 UTC
Permalink
Post by Bill Powell
Post by Andy Burns
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
The credentials to use sms/mms are stored in the SIM ...
But that works independent of any Internet login password server accounts.
What is an "internet login password server account"?
Post by Bill Powell
Nobody on Android has to connect to the Internet with a login & password
account just to use the default messaging that comes with every Android.
Not sure about MLS or RCS though, as that's not the default, is it?
If you want to receive messages, you must identify yourself and
authenticate that you are the authorized recipient of those messages.
Bill Powell
2024-07-10 07:10:52 UTC
Permalink
Post by Alan
Post by Bill Powell
Post by Andy Burns
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
The credentials to use sms/mms are stored in the SIM ...
But that works independent of any Internet login password server accounts.
What is an "internet login password server account"?
Post by Bill Powell
Nobody on Android has to connect to the Internet with a login & password
account just to use the default messaging that comes with every Android.
Not sure about MLS or RCS though, as that's not the default, is it?
If you want to receive messages, you must identify yourself and
authenticate that you are the authorized recipient of those messages.
Your knowledge level is so lacking that it's hard to respond nicely.

If I have to explain to you what the Internet is, then you have no business
making your outrageous claims that Android can't do text messaging without
having to enter a login and password into an Internet server account.

Android has been doing text messaging without the Internet for a long time.
Alan
2024-07-10 18:41:07 UTC
Permalink
Post by Bill Powell
Post by Alan
Post by Bill Powell
Post by Andy Burns
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
The credentials to use sms/mms are stored in the SIM ...
But that works independent of any Internet login password server accounts.
What is an "internet login password server account"?
Post by Bill Powell
Nobody on Android has to connect to the Internet with a login & password
account just to use the default messaging that comes with every Android.
Not sure about MLS or RCS though, as that's not the default, is it?
If you want to receive messages, you must identify yourself and
authenticate that you are the authorized recipient of those messages.
Your knowledge level is so lacking that it's hard to respond nicely.
If I have to explain to you what the Internet is, then you have no business
making your outrageous claims that Android can't do text messaging without
having to enter a login and password into an Internet server account.
I never said it was a "internet server account".
Post by Bill Powell
Android has been doing text messaging without the Internet for a long time.
And that text messaging requires a form of logging in that's just so
transparent to you, you don't notice it.

The SIM card logs you in to your cellular provider.

Do you know what "SIM" means:

"Subscriber Identity Module".
Bill Powell
2024-07-10 19:05:50 UTC
Permalink
Post by Alan
Post by Bill Powell
Post by Alan
Post by Bill Powell
Post by Andy Burns
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
The credentials to use sms/mms are stored in the SIM ...
But that works independent of any Internet login password server accounts.
What is an "internet login password server account"?
Post by Bill Powell
Nobody on Android has to connect to the Internet with a login & password
account just to use the default messaging that comes with every Android.
Not sure about MLS or RCS though, as that's not the default, is it?
If you want to receive messages, you must identify yourself and
authenticate that you are the authorized recipient of those messages.
Your knowledge level is so lacking that it's hard to respond nicely.
If I have to explain to you what the Internet is, then you have no business
making your outrageous claims that Android can't do text messaging without
having to enter a login and password into an Internet server account.
I never said it was a "internet server account".
Post by Bill Powell
Android has been doing text messaging without the Internet for a long time.
And that text messaging requires a form of logging in that's just so
transparent to you, you don't notice it.
The SIM card logs you in to your cellular provider.
"Subscriber Identity Module".
I was aware you have no idea what the Internet is and therefore you don't
have any clue that Android text messaging has worked fine and still works
fine without entering a login & password into an account on a server on it.
Alan
2024-07-10 20:07:24 UTC
Permalink
Post by Bill Powell
Post by Alan
Post by Bill Powell
Post by Alan
Post by Bill Powell
Post by Andy Burns
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
The credentials to use sms/mms are stored in the SIM ...
But that works independent of any Internet login password server accounts.
What is an "internet login password server account"?
Post by Bill Powell
Nobody on Android has to connect to the Internet with a login & password
account just to use the default messaging that comes with every Android.
Not sure about MLS or RCS though, as that's not the default, is it?
If you want to receive messages, you must identify yourself and
authenticate that you are the authorized recipient of those messages.
Your knowledge level is so lacking that it's hard to respond nicely.
If I have to explain to you what the Internet is, then you have no business
making your outrageous claims that Android can't do text messaging without
having to enter a login and password into an Internet server account.
I never said it was a "internet server account".
Post by Bill Powell
Android has been doing text messaging without the Internet for a long time.
And that text messaging requires a form of logging in that's just so
transparent to you, you don't notice it.
The SIM card logs you in to your cellular provider.
"Subscriber Identity Module".
I was aware you have no idea what the Internet is and therefore you don't
have any clue that Android text messaging has worked fine and still works
fine without entering a login & password into an account on a server on it.
I know precisely what the Internet is, and I know that the topic was
whether or not messaging services need logins in order to work. The
original question doesn't suppose the particular TYPE of login.

And if your SIM card doesn't identify you as someone who has the
authority to send and receive messages...

(i.e. "log you in")

...you won't.
Alan
2024-07-09 17:51:33 UTC
Permalink
Post by Bill Powell
Post by Alan
Yes. If you don't log in, how would a messaging service know where to
direct messages sent to you, you idiot?
Nobody on Android has to log into a server to use their mms sms app.
Incorrect.

You just do the "log in" via the SIM in your phone.
Post by Bill Powell
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
Message requires identifying recipients.

Ergo, those recipients must provide some means of identifying themselves.

That is what logging in means.
Bill Powell
2024-07-10 07:06:59 UTC
Permalink
Post by Alan
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
Incorrect.
You just do the "log in" via the SIM in your phone.
Post by Bill Powell
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
Message requires identifying recipients.
Ergo, those recipients must provide some means of identifying themselves.
That is what logging in means.
Please look up what the "Internet" means before continuing to make a fool
of yourself stating that a cell phone can't do text messaging without
entering a login and password into a server that is on the Internet.
Alan
2024-07-10 18:44:15 UTC
Permalink
Post by Bill Powell
Post by Alan
Post by Bill Powell
Nobody on Android has to log into a server to use their mms sms app.
Incorrect.
You just do the "log in" via the SIM in your phone.
Post by Bill Powell
If your Android phone requires it, then you're doing something wrong.
What Android phone are you using which requires a login account?
Message requires identifying recipients.
Ergo, those recipients must provide some means of identifying themselves.
That is what logging in means.
Please look up what the "Internet" means before continuing to make a fool
of yourself stating that a cell phone can't do text messaging without
entering a login and password into a server that is on the Internet.
The question was:

"What Android phone are you using which requires a login account?"

Do you see a word in there about "internet"?

And I have never said that the server to which you log in was on the
internet.

The POINT is that to use a messaging service, you must authoritatively
identify yourself to that service. It has to be authoritative because
you don't want messages intended for you to be delivered to just anyone.

The fact that the method used to authoritatively identify yourself to
your cellular provider is a SIM (Subscriber IDENTITY Module), doesn't
change the fact that is essentially a login.
Carlos E. R.
2024-07-09 20:07:24 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
As Andy noted, plenty of people are incredibly stupid so they do set up a
login/password to Google servers on their phone - but it's never required.
Thank you for calling 99% of the population using androids stupid.
Now that we've established that anyone who says you must log into an
Internet server in order to use Android is ignorant of how phones work...
The original question that brought it up still remains unanswered...
It has been answered. I told you to go and find out yourself. I am not
interested in testing it.
Post by Andrew
Q: Does Google Messages with RCS/MLS require a login account for both users
who wish to communicate on an end-to-end encrypted chat?
A: Yes or no.
If so, there's a privacy issue there...
No.
--
Cheers,
Carlos E.R.
Andrew
2024-07-10 19:46:45 UTC
Permalink
Post by Carlos E. R.
Post by Andrew
Now that we've established that anyone who says you must log into an
Internet server in order to use Android is ignorant of how phones work...
The original question that brought it up still remains unanswered...
It has been answered. I told you to go and find out yourself. I am not
interested in testing it.
It seems you don't realize that the fact you don't know that carrier's
towers aren't the same as the Internet means you never could answer it.

Intelligent people like Andy & Arno likely can answer the RCS/MLS question.

But people like you who don't know the difference between cellular towers
and the Internet will never be able to understand anything about messaging.
Alan
2024-07-10 20:09:13 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
Now that we've established that anyone who says you must log into an
Internet server in order to use Android is ignorant of how phones work...
The original question that brought it up still remains unanswered...
It has been answered. I told you to go and find out yourself. I am not
interested in testing it.
It seems you don't realize that the fact you don't know that carrier's
towers aren't the same as the Internet means you never could answer it.
Whether a carrier's towers aren't the same as the Internet or not (and I
know they aren't) doesn't change the fact that even SMS messaging
requires authentication that the person wanting to send and receive
messages is allowed to do so.

i.e. A login.
Post by Andrew
Intelligent people like Andy & Arno likely can answer the RCS/MLS question.
Intelligent people realize that PROTOCOLS for encrypting messages aren't
what require the login.
Post by Andrew
But people like you who don't know the difference between cellular towers
and the Internet will never be able to understand anything about messaging.
Carlos E.R.
2024-07-12 13:52:55 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
Now that we've established that anyone who says you must log into an
Internet server in order to use Android is ignorant of how phones work...
The original question that brought it up still remains unanswered...
It has been answered. I told you to go and find out yourself. I am not
interested in testing it.
It seems you don't realize that the fact you don't know that carrier's
towers aren't the same as the Internet means you never could answer it.
I know this very well.
Post by Andrew
Intelligent people like Andy & Arno likely can answer the RCS/MLS question.
But people like you who don't know the difference between cellular towers
and the Internet will never be able to understand anything about messaging.
You are being stupid.

1. To send/receive SMS on any phone you need to activate the Subscriber
Identity Module with a pin. You are free to disable the pin, that's your
problem.

2. To send/receive RCS or MLS you need a certain app, currently
belonging to Google. Whether this app (besides the SIM auth) requires
you login to Google or not, is something I am not interested in testing.
You go ahead, find out, and tell us.

I have told you this from the start. You know this, I know this. Now
please stop playing games and calling the rest of the people stupid.
--
Cheers, Carlos.
Andrew
2024-07-12 21:46:08 UTC
Permalink
Post by Carlos E.R.
Post by Andrew
It seems you don't realize that the fact you don't know that carrier's
towers aren't the same as the Internet means you never could answer it.
I know this very well.
Whew! Because that means you must understand then, that you DO NOT have to
enter a login and password to an Internet server in order to messaging on
Android.

For you to bring up the carriers' cell towers in this conversation simply
means you understand the 1st things of the most basic messaging actions.

Leave that to the iPhone morons please - they're used to logging into an
Internet server every second of their entire lives just to use Messages.
Post by Carlos E.R.
Post by Andrew
Intelligent people like Andy & Arno likely can answer the RCS/MLS question.
But people like you who don't know the difference between cellular towers
and the Internet will never be able to understand anything about messaging.
You are being stupid.
No. You don't understand how messaging works on Android.
HINT: There is no need to enter a login/password into any Internet server.
Post by Carlos E.R.
1. To send/receive SMS on any phone you need to activate the Subscriber
Identity Module with a pin. You are free to disable the pin, that's your
problem.
Duh. You just called me stupid and then you say something like that which
is just about the most basic of the simplest thing about using a phone.

Whether you understand it or not, the messaging you speak of above does NOT
require the user to enter a login & password to a server on the Internet.

The fact you can't comprehend that fact does not make me stupid Carlos.
Post by Carlos E.R.
2. To send/receive RCS or MLS you need a certain app, currently
belonging to Google. Whether this app (besides the SIM auth) requires
you login to Google or not, is something I am not interested in testing.
You go ahead, find out, and tell us.
Jesus Christ. After all this time you wasted of ours, you now say you never
had any intention of understanding and/or helping to answer the question.
Post by Carlos E.R.
I have told you this from the start. You know this, I know this. Now
please stop playing games and calling the rest of the people stupid.
You are the one playing the childish silly games, Carlos.

1. The question NEVER had anything to do with the carriers' SMS/MMS
2. The question was whether RCS/MLS require Internet server login/passwd

The fact you never understood the question, Carlos, does not make me
stupid. It just means you know nothing whatsoever about Android messaging.

Stop wasting our time with your childish games; that's what the moron
iPhone users do because they hate they're logging into Internet servers.
Alan
2024-07-12 22:37:57 UTC
Permalink
Post by Andrew
Post by Carlos E.R.
Post by Andrew
It seems you don't realize that the fact you don't know that carrier's
towers aren't the same as the Internet means you never could answer it.
I know this very well.
Whew! Because that means you must understand then, that you DO NOT have to
enter a login and password to an Internet server in order to messaging on
Android.
Why do you imagine that the only kinds of servers are "internet servers"?
Post by Andrew
For you to bring up the carriers' cell towers in this conversation simply
means you understand the 1st things of the most basic messaging actions.
Leave that to the iPhone morons please - they're used to logging into an
Internet server every second of their entire lives just to use Messages.
Not to use MESSAGES. iPhones send SMS messages in exactly the same way
that Android phones to.
Post by Andrew
Post by Carlos E.R.
Post by Andrew
Intelligent people like Andy & Arno likely can answer the RCS/MLS question.
But people like you who don't know the difference between cellular towers
and the Internet will never be able to understand anything about messaging.
You are being stupid.
No. You don't understand how messaging works on Android.
HINT: There is no need to enter a login/password into any Internet server.
Again, you attempt to hide a straw man in your argument...

...if you're bright enough to even know it's called a "straw man".
Post by Andrew
Post by Carlos E.R.
1. To send/receive SMS on any phone you need to activate the Subscriber
Identity Module with a pin. You are free to disable the pin, that's your
problem.
Duh. You just called me stupid and then you say something like that which
is just about the most basic of the simplest thing about using a phone.
Whether it is simple or not, it is still essentially a login.
Post by Andrew
Whether you understand it or not, the messaging you speak of above does NOT
require the user to enter a login & password to a server on the Internet.
And "enter[ing] a login & password to a server on the Internet" was not
what was under discussion.
Post by Andrew
The fact you can't comprehend that fact does not make me stupid Carlos.
Post by Carlos E.R.
2. To send/receive RCS or MLS you need a certain app, currently
belonging to Google. Whether this app (besides the SIM auth) requires
you login to Google or not, is something I am not interested in testing.
You go ahead, find out, and tell us.
Jesus Christ. After all this time you wasted of ours, you now say you never
had any intention of understanding and/or helping to answer the question.
Your question has been answered in that neither RCS nor MLS are
messaging SERVICES. They are protocols that messaging services can USE.

And it is the services themselves that require a login.
Post by Andrew
Post by Carlos E.R.
I have told you this from the start. You know this, I know this. Now
please stop playing games and calling the rest of the people stupid.
You are the one playing the childish silly games, Carlos.
1. The question NEVER had anything to do with the carriers' SMS/MMS
2. The question was whether RCS/MLS require Internet server login/passwd
EVERY rational messaging service requires a login of some kind.

Period.
Carlos E. R.
2024-07-07 18:09:23 UTC
Permalink
Post by Andrew
Post by Carlos E. R.
Post by Andrew
Does this "new" MLS stuff require both those privacy-destroying things?
In the google implementation, it will require the same as the current
Google Messages app requires. This is just an (educated) guess.
Hi Carlos,
Well then, since I don't use Google apps, may I ask the team if the Google
Messages app with RCS also requires those two privacy destroying things?
Q: Does Google Messages with RCS require a login account for both users
who wish to communicate on an end-to-end encrypted chat?
A: Yes or no.
If so, there's a privacy issue there...
I assume that you have to login to the phone with the provider pin, to
power up the phone. And then requires the phone entry auth, which
normally these days it is a pattern with the finger. And normally this
assumes you logged in to Android/google.

I am not going to test without that login. You try that yourself.
Post by Andrew
Post by Carlos E. R.
Post by Andrew
BTW, a new easy-to-remember Usenet search URI is this (which I made today).
https://tinyurl.com/nova-comp-mobile-android
https://tinyurl.com/comp-mobile-android
I never use shorted links.
I don't care. Short links are a security issue. It means blindly
clicking on to an unknown site. And they can stop working in the future
for any reason.
--
Cheers,
Carlos E.R.
Andy Burns
2024-07-07 18:12:04 UTC
Permalink
Post by Carlos E. R.
I assume that you have to login to the phone with the provider pin, to
power up the phone. And then requires the phone entry auth, which
normally these days it is a pattern with the finger. And normally this
assumes you logged in to Android/google.
I am not going to test without that login. You try that yourself.
We know it's not compulsory to associate a google account with an
android phone, any guesses what percentage *do* have one?
Kind of pointless game as we have no way of finding out.
Andrew
2024-07-07 18:51:52 UTC
Permalink
Post by Andy Burns
Post by Carlos E. R.
I assume that you have to login to the phone with the provider pin, to
power up the phone. And then requires the phone entry auth, which
normally these days it is a pattern with the finger. And normally this
assumes you logged in to Android/google.
I am not going to test without that login. You try that yourself.
We know it's not compulsory to associate a google account with an
android phone, any guesses what percentage *do* have one?
Kind of pointless game as we have no way of finding out.
To Andy's quite valid pragmatically sensible observation...

1. We all know I don't have a Google Account set up on my phone, and
we all know I can likely do more than most people, right?

So we know the Google Account isn't required just to do things
like messaging (which I do all day, every day, with iOS & Android
users despite the moronic Apple users not understanding that).

You just have to be intelligent about using the phone w/o Google.
That's all.

2. However.... we also know that ~99.99% of people do exactly
what the phone tells them to do - which - of course - is to
set up a Google Account on that phone - which means - to Andy's
question - I'd guess the percentage is ~99.99% (give or take)
who, like the idiotic iPhone users, blindly log into Google
servers every moment of every day of the rest of their lives.

3. So I get Andy's point that, if MLS requires a login account,
and, in fact, if MLS requires both participants to have a
login account on the same Google server, then it's not such
a privacy flaw as I make it out to be (as they're already dead).

However, that doesn't change the question nor the answer to it, right?

Q: Does RCS require both participants to log into a server or not?
Q: Does ENCRYPTED RCS require both to log into a server or not?
Q: Does MLS require both participants to log into the same server?

Any idea?
Alan
2024-07-07 18:56:57 UTC
Permalink
Post by Andrew
Post by Andy Burns
Post by Carlos E. R.
I assume that you have to login to the phone with the provider pin, to
power up the phone. And then requires the phone entry auth, which
normally these days it is a pattern with the finger. And normally this
assumes you logged in to Android/google.
I am not going to test without that login. You try that yourself.
We know it's not compulsory to associate a google account with an
android phone, any guesses what percentage *do* have one?
Kind of pointless game as we have no way of finding out.
To Andy's quite valid pragmatically sensible observation...
1. We all know I don't have a Google Account set up on my phone, and
we all know I can likely do more than most people, right?
No one here knows either of those things for a fact.

We know you CLAIM both of those things.
Post by Andrew
So we know the Google Account isn't required just to do things
like messaging (which I do all day, every day, with iOS & Android
users despite the moronic Apple users not understanding that).
An account doesn't have to be a Google account.
Post by Andrew
You just have to be intelligent about using the phone w/o Google.
That's all.
2. However.... we also know that ~99.99% of people do exactly
what the phone tells them to do - which - of course - is to
set up a Google Account on that phone - which means - to Andy's
question - I'd guess the percentage is ~99.99% (give or take)
who, like the idiotic iPhone users, blindly log into Google
servers every moment of every day of the rest of their lives.
3. So I get Andy's point that, if MLS requires a login account,
and, in fact, if MLS requires both participants to have a
login account on the same Google server, then it's not such
a privacy flaw as I make it out to be (as they're already dead).
However, that doesn't change the question nor the answer to it, right?
Q: Does RCS require both participants to log into a server or not?
Q: Does ENCRYPTED RCS require both to log into a server or not?
Q: Does MLS require both participants to log into the same server?
Any idea?
How do you imagine messages get from your phone to someone else's
without going through a server, you idiot?
s|b
2024-07-07 19:04:22 UTC
Permalink
Post by Carlos E. R.
* Evidence suggests Google Messages will soon add Messaging Layer
Security (MLS) support for end-to-end encryption.
It's all show. The European Union wants access to our encrypted
messages, supposedly in the fight against kiddie porn. A proposition was
called and they needed 65% for it to vote. 62,3% thought it was a good
idea, so no vote, not yet. They've been talking about this for years and
it's going to happen.

Signal already said they will leave Europe if this happens, because the
EU's software will break the end-to-end encryption. But Meta and Google?
They'll stay and collect you (meta)data.
--
s|b
Andrew
2024-07-07 20:31:14 UTC
Permalink
Post by s|b
It's all show. The European Union wants access to our encrypted
messages, supposedly in the fight against kiddie porn. A proposition was
called and they needed 65% for it to vote. 62,3% thought it was a good
idea, so no vote, not yet. They've been talking about this for years and
it's going to happen.
Signal already said they will leave Europe if this happens, because the
EU's software will break the end-to-end encryption. But Meta and Google?
They'll stay and collect you (meta)data.
This is good to know 'cuz the instant you log into an account on Internet
servers, your metadata will throw your privacy under the bus.
Alan
2024-07-07 21:17:11 UTC
Permalink
Post by Andrew
Post by s|b
It's all show. The European Union wants access to our encrypted
messages, supposedly in the fight against kiddie porn. A proposition was
called and they needed 65% for it to vote. 62,3% thought it was a good
idea, so no vote, not yet. They've been talking about this for years and
it's going to happen.
Signal already said they will leave Europe if this happens, because the
EU's software will break the end-to-end encryption. But Meta and Google?
They'll stay and collect you (meta)data.
This is good to know 'cuz the instant you log into an account on Internet
servers, your metadata will throw your privacy under the bus.
That would depend on what data the account has about you.
Jörg Lorenz
2024-07-07 20:43:15 UTC
Permalink
Post by s|b
Post by Carlos E. R.
* Evidence suggests Google Messages will soon add Messaging Layer
Security (MLS) support for end-to-end encryption.
It's all show. The European Union wants access to our encrypted
messages, supposedly in the fight against kiddie porn. A proposition was
called and they needed 65% for it to vote. 62,3% thought it was a good
idea, so no vote, not yet. They've been talking about this for years and
it's going to happen.
Signal already said they will leave Europe if this happens, because the
EU's software will break the end-to-end encryption. But Meta and Google?
They'll stay and collect you (meta)data.
*Everything* utter nonsense.
--
"Manus manum lavat."
s|b
2024-07-08 14:33:15 UTC
Permalink
Post by Jörg Lorenz
*Everything* utter nonsense.
Don't just throw a one liner at it, debunk it.

<https://netzpolitik.org/2024/etappensieg-belgien-scheitert-mit-abstimmung-zur-chatkontrolle/>
<https://www.security.nl/posting/846765/EU-voorzitter+Belgi%C3%AB+schrapt+stemming+chatcontrole+wegens+te+weinig+steun>
--
s|b
Jörg Lorenz
2024-07-08 14:49:12 UTC
Permalink
Post by s|b
Post by Jörg Lorenz
*Everything* utter nonsense.
Don't just throw a one liner at it, debunk it.
<https://netzpolitik.org/2024/etappensieg-belgien-scheitert-mit-abstimmung-zur-chatkontrolle/>
<https://www.security.nl/posting/846765/EU-voorzitter+Belgi%C3%AB+schrapt+stemming+chatcontrole+wegens+te+weinig+steun>
France killed it: They made clear that they only support the legislation
as long as it does not brake the E2E-encryption. But exactly this would
happen if the "Chatkontrolle" would be passed. Belgium did not dare to
hold a vote. It would have killed the legislation forever. And the
Germans make/made it clear that they will not and cannot for
constitutional reasons support such a law.

And more important: This vote if passed had only started the legislation
process.
--
"Manus manum lavat."
s|b
2024-07-08 15:25:19 UTC
Permalink
France killed it:They made clear that they only support the legislation
as long as it does not brake the E2E-encryption. But exactly this would
happen if the "Chatkontrolle" would be passed. Belgium did not dare to
hold a vote. It would have killed the legislation forever. And the
Germans make/made it clear that they will not and cannot for
constitutional reasons support such a law.
According to this article Germany killed it; France changed its mind
before.

<https://tuta.com/blog/germany-stop-chat-control>
And more important: This vote if passed had only started the legislation
process.
But you can see it coming from miles away: this is going to happen.
--
s|b
Jörg Lorenz
2024-07-08 15:35:37 UTC
Permalink
Post by s|b
France killed it:They made clear that they only support the legislation
as long as it does not brake the E2E-encryption. But exactly this would
happen if the "Chatkontrolle" would be passed. Belgium did not dare to
hold a vote. It would have killed the legislation forever. And the
Germans make/made it clear that they will not and cannot for
constitutional reasons support such a law.
According to this article Germany killed it; France changed its mind
before.
<https://tuta.com/blog/germany-stop-chat-control>
Wrong. That was before a spokes-person corrected the Swedish Monster
https://de.wikipedia.org/wiki/Ylva_Johansson and made clear that
Johansson lied about the breakup of the E2E-encryption the whole time.
Post by s|b
And more important: This vote if passed had only started the legislation
process.
But you can see it coming from miles away: this is going to happen.
Perhaps.
--
"Manus manum lavat."
Nick Cine
2024-07-10 18:26:27 UTC
Permalink
Post by Jörg Lorenz
That was before a spokes-person corrected the Swedish Monster
Shut up Arlen. Say something useful for once, you fucking moron.
Loading...