ralphmZash: thanks. Putting that on the reading list for tomorrow
ralphmsleeps
Tobiashas left
waqashas left
MarandaDHT..
Marandasuddenly had a chill run up his spine.
stpeterMaranda: ?
stpeteroh, does Tobias mention DHTs in that message?
stpeterI need to read it again
Marandastpeter, not sure but the whole mention of having a DHT overlay on top of xmpp gives me chills, no trolling intended :) sorry.
stpeteractually I know some people building a DHT-based overlay on the entire Internet ;-)
bearhas left
Jefhas left
emchohas left
emchohas joined
emchohas left
emchohas joined
Marandahas left
Zashhas left
emchohas left
emchohas joined
stpeterhas left
waqashas joined
emchohas left
waqashas left
waqashas joined
simonhas joined
waqashas left
xnyhpsIt'd be nice to have a mobile client that gives you a view like WhatsApp (ignoring groups and only showing the list of recent conversations, sorted by recentness)
xnyhpsBut I don't think you'll be able to do the 0-step setup unless you compromise in some way.
xnyhpsIt's exactly an example of Zooko's Triangle: you can either have it secure, or decentralized, but not both.
simonxnyhps - I wish Adium gave me the option to sort my chat tabs by recentness too :)
Neustradamushas left
fippothe third edge being usable?
xnyhpsHuman-meaningful.
xnyhps(Human-meaningful in this context because you're trying to link an existing phone number to an account, not because phone numbers are particularly easy to remember)
fippothe twinlife guys had some interesting idea about giving out personalized addresses to each contact -- http://bloggeek.me/twinlife-webrtc-interview/
fippobut I think that is very far from the human-meaningful edge :-/
fippoi wonder why people still get away with "our webrtc thing works on chrome only" without a decent technical reason...
Alexhas joined
xnyhpsThe page isn't clear to me whether that is decentralized or not.
emchohas joined
emchohas left
emchohas joined
emchohas left
emchohas joined
emchohas left
emchohas joined
emchohas left
Jefhas joined
emchohas joined
Ge0rGxnyhps: isn't whatsapp a one-step setup?
Zashhas joined
xnyhpsWhat step? Picking a display name?
ZashAnd phone numbers aren't exactly hard to predict / brute-force
emchohas left
emchohas joined
emchohas left
Ge0rGxnyhps: you have to at least enter / confirm your phone number
xnyhpsPretty sure your phone will know its phone number. :P
Ge0rGxnyhps: pretty sure is not factual knowledge. I know that my phone doesn't know its number
xnyhpsOkay, it's clicking "OK" a couple of times, but in a typical setup you wouldn't need to enter anything yourself.
Ge0rGIIRC apple phones are disallowed from getting the phone number at all
xnyhpsI know you can setup WhatsApp on a different device, but its not common and probably not something they officially support.
xnyhpsGe0rG: I really doubt that. Don't you mean IMEI?
Ge0rGxnyhps: no, I meant phone number
ZashAre phones really aware of their own phone number?
xnyhpsBut does it still do the text message activation?
Tobiashas joined
Ge0rGxnyhps: yes it does. So I assume you have to enter the phone number
Zashhas left
Jefhas left
emchohas joined
emchohas left
emchohas joined
Ashley Wardhas joined
Ashley Wardhas left
Ashhas joined
AshSorry about wading into a discussion that I know little about, but couldn't an app send a text message to the app provider, which would then reveal the phone number?
KevNo.
KevOr, rather, yes, they could send a text revealing /a/ phone number, but necessarily their own.
KevI don't think the phone number on texts is strongly authenticated. I could be wrong.
KevAlthough I could easily be wrong, and thinking of something else.
fippoalex: update your email template :-)
Alexups, ya, that was the wrong one ;-)
Ge0rGKev, Ash: a phone can not easily fake the sender number when sending an SMS, but there are services that can do that. So you'd have to prevent the original SMS from being sent, and fake it from another SMS source
KevGe0rG: Preventing an SMS being sent is fairly easy. Just turn off the mobile network.
Ge0rGKev: it requirese some sophistication at least
Ge0rGthe more important point I see is, many people still have to pay for SMS, so it is better to let the provider send an SMS to the customer
Santiago26has joined
Santiago26has left
Santiago26has joined
emchohas left
emchohas joined
dezanthas left
Marandahas joined
dezanthas joined
dezanthas left
AshIs it possible for an app to receive an SMS? If so you could have the app send an sms to the app provider, and along another channel (https) send a generated token. The app provider could then send an sms back to the number with the token in. I assume this reply would be far more difficult to subvert?
Marandahas left
dezanthas joined
dezanthas left
dezanthas joined
Tobiashas joined
Santiago26has left
emchohas left
emchohas joined
simonAsh - yes, at least in Android and Symbian you have a receieve priority for inbound SMSs. https://stackoverflow.com/questions/18940286/how-to-make-my-sms-app-is-highest-priority-to-receive-broadcast-receiver
dezanthas left
Tobiashas joined
Jefhas joined
emchohas left
emchohas joined
emchohas left
Jefhas left
waqashas joined
dwdsimon, You don't happen to know if the SMS "port number" stuff works in Android, do you?
dwdOh, turns out it does.
dwdSo that might be more reliable than listening to all SMSs.
dwdDone my voting.
KevDid mine this morning. Not entirely sure how I failed to do it until today.
KevI typically do it the moment Alex sends the first mail.
dwdYeah, I confess to being busy. I've tried to be as careful as I can with "yes" votes; to the extent of even voting down people I know quite well, which feels a bit weird.
XSF Discussion - 2014-02-21