Hello! With both Partisan SMS and Silence being abandonware, I haven't really seen a lot of apps that support encrypting regular SMS. Sure, Signal and similar apps are great, but I've been in situations where I have to send SMS. Mostly with friends at times when the mobile data isn't working as it should. In times like these I would rather send encrypted SMS than unencrypted SMS.

With that in mind, has anyone tested Deku SMS? It's a fairly recent SMS app that supposedly supports E2EE for regular text messages and while the app is a bit sluggish compared to Simple SMS I'm hoping that will be fixed soon.

On the negative side there is a complete lack of documentation for how the E2EE actually works. Does anyone know?

    5 months later

    wuseman has anyone replied to this?
    Would it work for 2 factor identification when banks, for instance, send SMS to verify your log on...or would it not come through?

        Dumdum thanks, when the OP says “abandonware” does he mean Silence doesn’t exist\ can’t be used anymore?

            CodexAG
            Silence is 'abandonware' because its been 9 months since its received any updates. And even then, most of the updates for the past couple of years(!) as you can see are just translations and not actual feature/security updates. Weirdly, the canary they have is still updating it seems. Its recommended not to use outdated software but if it works, its ultimately up to you if you wish to use it or not.

                Dumdum No, the last update released for Silence was August 2019. You're confusing commits with updates to the app and those are automatically merged translations updates. The last change to the code was July 2019.

                The last change to the app's code was July 2019. You're confusing automatically merged translation updates with updates to the code or app. Silence is highly insecure and has numerous critical vulnerabilities including ones with proof of concept exploits. It should not be used. It is the opposite of improving your privacy and security.

                These apps also do not provide any end-to-end encryption without the people on both ends using them, and you should simply use a proper end-to-end encrypted messaging app that's not unnecessarily based on SMS. SMS on 4G and later uses TCP/IP anyway. It's not a separate protocol from data but rather travels over cellular data or Wi-Fi.

                    CodexAG It's a highly insecure app abandoned in 2019. Using it will dramatically reduce your privacy and security. It will not provide any additional encryption without convincing someone else to use a highly insecure app and enable end-to-end encryption with you. SMS travels via data on 4G and later. Even with end-to-end encryption, using SMS means each carrier and other parties know who you are talking to and when you're talking to them. Why would you want to use SMS? Most users interested in this appear to have the misconception that it will provide them with extra encryption without convincing someone else to use it.

                      wuseman

                      Hello! With both Partisan SMS and Silence being abandonware, I haven't really seen a lot of apps that support encrypting regular SMS. Sure, Signal and similar apps are great, but I've been in situations where I have to send SMS. Mostly with friends at times when the mobile data isn't working as it should. In times like these I would rather send encrypted SMS than unencrypted SMS.

                      SMS depends on having either mobile data or Wi-Fi for 4G and beyond. It only works without working internet access on 2G/3G which are being phased out. Both people also need to have the app and need to initiate communication with it. The carriers on both ends along with other parties involved in transmitting the SMS or receiving info from the carriers can still see each message with time, destination and padded size.

                      With that in mind, has anyone tested Deku SMS? It's a fairly recent SMS app that supposedly supports E2EE for regular text messages and while the app is a bit sluggish compared to Simple SMS I'm hoping that will be fixed soon.

                      It only provides E2EE if you convince the other person to use it too. You could convince them to use Molly/Signal instead to have a far more private and secure messaging app.

                      On the negative side there is a complete lack of documentation for how the E2EE actually works. Does anyone know?

                      The negative side is that it's based on a legacy protocol still giving a lot of information to carriers. SMS doesn't avoid a dependency on working internet access for 4G and beyond.

                          GrapheneOS You're confusing commits with updates to the app

                          I'm not. I might not have worded it well enough, but I did say any updates. I do believe this should very much include commits (aka updates to the code).

                          those are automatically merged translations updates.

                          So we're both in agreement on the whole "updates" thing then?

                          The last change to the code was July 2019.

                          The last change to the app's code was July 2019. You're confusing automatically merged translation updates with updates to the code or app.

                          Not sure why you feel the need for such over repetition in your comment, but I am very aware that the last update was 2019 hence why I pointed this out with "even then, most of the updates for the past couple of years(!) as you can see are just translations and not actual feature/security updates."

                          Silence is highly insecure and has numerous critical vulnerabilities including ones with proof of concept exploits. It should not be used. It is the opposite of improving your privacy and security.

                          Yes. Good thing I pointed out it wasn't recommended to use outdated software. Again, ultimately up to users if they wish to use it (in case it wasn't clear, this is not a recommendation of the app and shouldn't be treated as such). Not that there's any real reason to use this app, since using modern non-SMS apps like Signal is obviously better.

                          These apps also do not provide any end-to-end encryption without the people on both ends using them

                          Cool. Good thing I pointed this out in a previous comment. :)

                            GrapheneOS Both people also need to have the app and need to initiate communication with it.

                            I never claimed otherwise 😜

                            As I said, sometimes you have to send an SMS. I've had situations where I've been stuck in a tunnel and SMS works but Molly doesn't.

                            Assuming I could convince the other person to get an app with encrypted SMS then the messages then would be encrypted.

                            Is it worth it? Is it plausible that said person will have said app? Probably not.

                            But I can always dream.

                                wuseman Is it worth it?

                                No the symmetric-key encryption is defective. Secure SMS does not exist.

                                    wuseman I was confused with Partisan SMS but given that you still have to convince your contacts to use the application and that SMS is an inherently insecure protocol, even with an attempt to implement end-to-end encryption, you'd be better off doing so with a truly secure and private messenger like Molly, from my point of view, encrypted SMS has no real interest.

                                    https://discuss.grapheneos.org/d/13-sms-app-dark-mode/20

                                        Xtreix
                                        SMS is terrible, absolutely. But if there was a good looking SMS with lots of QoL features that has E2EE with PFS, I'd still prefer using that with people on the rare occasion that I send an SMS. I'm 99% certain I could convince my friends to switch apps so that wouldn't be an issue.

                                        I use Molly daily, but as I stated in my prior post, I've been stuck in a tunnel before where Molly literally didn't work. Accessing the internet didn't work. Sending an SMS did.

                                        Does this happen to me often? Nope not at all. Just saying that if Deku SMS ever gets MMS support and stops breaking the database with updates, I'd happily use that over Messages because RCS offers me nothing.

                                          a month later

                                          @wuseman SMS on 4G and later is only implemented via the internet connection so any coverage advantage will be gone when 2G/3G are fully phased out.

                                          6 days later
                                          admin locked the discussion .