Yes I was too, that is the client end-point that everyone is after now, and where Meta was trying to spy on Snapchat, and where State Actors get into encrypted data before it gets encrypted. It’s the known weak point, as you read everything unencrypted. But it also comes down to who would want to read your data and why. Are they legally empowered/prevented from doing so, do they sell data to data brokers, etc.

Not as simple as that as many did ditch WahtsApp for Meta’s documented privacy violations, and their ongoing T&C which passes the WhatsApp metadata upstream to Meta and others. A lot of people also only use one messenger, and right now nothing connects them together yet. So I have masses of family and friends that only use WhatsApp, and I now only have SMS contact with them. About 8% to 10% do have multiple messengers so I see some on Signal and Telegram.

The last thing the world needs, is for WhatsApp to become the default dominant standard. That is a company that can be least trusted out of everyone worldwide, based on their history. With the app installed, the metadata includes constant location, usage, contacts, messages to who, etc.

It is certainly not where it needs to be yet.

One to one messages are fully E2EE so are not decrypted on the server side. It was only groups that was still getting E2EE rolled out. I agree tho as an open standard for adoption, it should not only have a server at Google. I don’t think the mobile carriers like that either.

Not really so, as MSMS is a major thing by us (outside the US) for most notifications from banks, gov, transactions, visit to pharmacy, etc. Incoming is fine apart from fact it is all open for anyone to read, but replies cost money. Also, where people are not using the same messenger, then it is sms text messages, each costing money. For pre-paid phone accounts, those SMSS messages cost even a bit more. SMS today is still the common denominator everything falls back on. It is very expensive when you consider what is paid, and it is only around 140 characters vs data.

From what I understand with Apple’s fallback (or like Google’s Message app does), if RCS is sensed by the other non-iMessage user, then RCS will be used, if not right now it would still default back to text SMS but then lose some features like hi-res photos etc. Just don’t know how it will work for me where I am on iMessage on my iPad, but when out with my Android phone will the iMessage’s wait a week until I turn on my iPad again. Would be nice if there was a proper presence sensing, and it routes to there. That may be possible with RCS, but we won’t know how Apple plans to use it, and they are not going to want it to be as shiny and nice as sending an iMessage…

Certainly not now as a replacement but I understand that is the longer term intention. There is a lot of older infrastructure carriers need to unload and move on (lime dismantling 2G and 3G etc), and they often pay negotiated Inter-carrier fees. If it is to replace SMS I understand carriers can zero rate whatever data they want to, so it will be cheaper for them to not charge any data charges on RCS than to actually keep providing text SMS. RCS also uses exiting modern network technologies so there is nothing extra, or outdated, that has to be maintained.

It does seem to have innovated quite quickly. I’m still using Bitwarden as I have the paid access to biometrics etc, and it has a nice tweak also to add unique e-mails for every login, etc. But I’m interested to see where Proton Pass will be in another few months, seeing I’m already paying for their service, and maybe I can consolidate my expenses a bit. I actually got drawn into paid Proton by leaving ExpressVPN, which I needed for Netflix, and then found Proton (with one or two others) were the only one’s handling Netflix’s geofencing quite well. Looking at options is always good.

No just have “Proton for Business newsletter” disabled but I see many of their mails say only once a quarter etc. So seems they don’t send out every month.

It is the same for Bitwarden. What I noticed is if I go to a site with passkeys, then Bitwarden prompts me with a pop-up to want to add a passkey. It’s not something you manually add, apparently.

Not really, right now as the password resets all undermine passkeys for many sites. One day if/when passwords get replaced then there will be a need, but that is a long way off probably. A good random password along with any 2FA is really good enough for most cases, and Bitwarden already does that very well along with even random e-mail addresses.

It’s not a race and I would not even start to use passkeys until I know they can move with me across devices and OSs. Also, most sites that do offer passkeys, still offer highly insecure password resets which really undermines the security that passkeys should offer. I waited a long time for Bitwarden to start with passkeys, and they were going to be the answer to fully portable passkeys (I’ve been waiting so that I know my passkeys will work across all my devices and OSs). Now I’m waiting for mobile implementation before I can get going. I do hope they will also be offering exporting of passkeys, like you can currently export your passwords to other services.

Ah thanks for explaining that. It just makes it then difficult to fully move to passkeys with Bitwarden, which is why I’ve been waiting so long, and why I never stayed using Google or Apple’s passkeys.

There is a difference but right now as long as one uses a good password with a 2FA it is probably good enough. Too many services with passkeys are still quickly offering password resets via e-mail or text, so they, as sites, are not secure. And unless you can move your passkeys with you, like you can with passwords, you don’t want to get locked into a single device or OS.

Firstly, the point was made that the passkey functionality in Proton Pass is free (no account needed or “selling”) and that is for unlimited logins. Anyone can just use it. I pay for, and am still using Bitwarden. I posted about this because it is interesting that Pass has implemented passkeys for mobile, while I still wait for Bitwarden, so I’m interested in testing this out with Proton Pass. I post about all sorts of things that I find interesting, and sometimes I do switch my services across if I find it can match or better what I already use. That’s the bottom line.

I was just as interested when I was considering moving from LastPass to Bitwarden, but then I was accused of “selling” free Bitwarden to people. Everyone must make up their own minds as their circumstances are different. But if no-one posted about what they found interesting, we’d have no Lemmy, and we’d all forever just stay stuck on whatever we personally know. Certainly Bitwarden and Proton Pass are not the only good password managers out there, but this week I was interested to see an article about Proton Pass, and I had not even known they’d rolled out passkeys yet. It seems like quite a few others did not either.

I’m sure others also post about what new stuff 1Password has just rolled out, and I’d be interested to hear about that too. That is how I decide whether I want to try something better.

If I wanted to try to sell something, I’m sure Proton Pass probably has some loyalty link for paid accounts, but no, you did not see me sharing anything like that. I mentioned the access was free.

Google’s own one may be, and that is their right, but it is an open standard so anyone can produce their own RCS app like Samsung has done, and the same way Apple is building support into their exiting app. Nothing should stop a 3rd party developer looking at the standard, and producing an open source RCS app?

The GSMA does need to work harder at ensuring true interoperability between carriers, esp for E2EE. I’m expecting that the Google “monopoly” will get broken up at some point. I would have hoped that Apple insisted on hosting their own RCS (standards compliant) server.

Vulnerabilities on the client end are the only way right now for most state actors to gain access to messaging. So yes, various actors are already exploiting that as they have a lot at stake to gain access. But with others already able to exploit that, why would Proton want to do that? Their model is not about advertising or selling data, and they have 100 million paying customers as I understand it. The one’s that have been spying and exploiting have been the likes of Meta’s Facebook with their app present on the client device, and then trying to break Snapchat’s encryption this was (this came out in March 2024). Anyone “can” but we need to also consider “why” and what business model they have.

Not the only one, Samsung also their Messages app with RCS built in, and Apple is adding soon. The one-to-one messages are E2EE, and I understand groups are/were to be E2EE. We should be seeing more apps building it in as I’ve been asking Truecaller to do, as I have to pay for every SMS in Truecaller.

It is not zero encryption, like SMS, though? All GSMA-compliant RCS implementations must use TLS to encrypt data transfer between your device and the carrier’s server. While recommended by GSMA, E2EE is an optional feature that carriers can choose to implement or not. So carriers can implement it. I’m pretty sure that as adoption goes mainstream, a “monopoly” on the server side is going to get broken up.