danie10

danie10 OP , 2 months ago

The “better” though is over plain text SMS message which we have to pay per message. I use Signal but less than a handful of friends use it so it does not help me much on that front.

danie10 OP , 2 months ago

The thing also is we can’t replace text SMS unless that mode can be phased out, so it needs everyone to adopt whatever the next step is.

danie10 OP , 2 months ago

A problem I’ve noticed is I’ve had one person using RCS, then a month or two later I noticed they’d reverted to text. They seemed to know nothing about RCS and claims they never disabled it. So not sure if that was maybe a phone upgrade. Others I’ve not had issues with.

danie10 OP , 2 months ago

True and Matrix is very versatile if you look at what Beeper achieved. Yet it has been around a long time and has never gone big time. The thing though with replacing text SMS, is it has to also comply with what the mobile phone companies use at that level, and I don’t Matrix has ever pitched that to them? This is not about the high level messaging we do at app level.

danie10 OP , 2 months ago

The whole point of RCS was to replace text SMS. The last year or two has seen one mobile provider after the next adopting it. That was the point of RCS, to get beyond a zero encryption text message and text messages that are very expensive in 3rd world countries. So a lot of it was focussed on mobile operators. It has to be enabled actually by mobile operators to work.

danie10 OP , 2 months ago

They’re mostly using WhatsApp and I deleted all Meta-owned apps. So, yes if they want to reach me they need to send a text message as most apart from 5 or 10 have never bothered to install Signal, Telegram, SimpleX, Threema, Briar, Jami, etc that I am on.

danie10 OP , 2 months ago

It will be when SMS s phased out. That was why it has been a long, uphill battle to get the mobile phone providers to buy in. That has to happen before SMS can disappear. That is why no other “messenger/chat apps” need mobile provider buy-in. RCS happens at carrier level, and not as an installable 3rd party app. It’s exactly why it will be adopted by everyone as it is designed to replace SMS.

danie10 OP , 2 months ago

That would be the same data then as WhatsApp, Signal, etc. We pay 100’s of percent more on SMS than data, so although there is a data charge, it is really little compared to SMS.

danie10 OP , 2 months ago

RCS is carrier based though, which is why the carriers had to buy into it, and they turn it on, not Google. Many in 3rd World countries don’t have e-mail. Many legal notices are today still sent out by text SMS. I get them all the time for bank transactions, government notices, etc. Actually, Samsung’s Message app also supports RCS, and this is what Apple is building into their Apple Messages app too.

danie10 OP , 2 months ago

RCS should not really be a proprietary app in the sense of a 3rd part installable app. It is normally carrier provided just like SMS works. On Apple the default SMS/Messenger is Apple’s Messages app. On Pixel that is Google Messages and on Samsung phones they have their own one. It has a carrier hook and is apparently tied to the number.

danie10 OP , 2 months ago

True, but the big number really is the USA followed maybe by Australia. Entire Middle East, Africa, South America, and Asia are Android. India is also massive (behind China), and India is 95% Android.

danie10 OP , 2 months ago

South Africa

danie10 OP , 2 months ago

Yes, but a percentage has to be seen in the context of the total to gauge its impact. India for example is 95% of 1.428 billion people vs Japan is 70% of only 124 million. There are just under 200 countries.

danie10 OP , 2 months ago

It is not zero encryption, like SMS, though? All GSMA-compliant RCS implementations must use TLS to encrypt data transfer between your device and the carrier’s server. While recommended by GSMA, E2EE is an optional feature that carriers can choose to implement or not. So carriers can implement it. I’m pretty sure that as adoption goes mainstream, a “monopoly” on the server side is going to get broken up.

danie10 OP , 2 months ago

The GSMA does need to work harder at ensuring true interoperability between carriers, esp for E2EE. I’m expecting that the Google “monopoly” will get broken up at some point. I would have hoped that Apple insisted on hosting their own RCS (standards compliant) server.

danie10 OP , 2 months ago

Google’s own one may be, and that is their right, but it is an open standard so anyone can produce their own RCS app like Samsung has done, and the same way Apple is building support into their exiting app. Nothing should stop a 3rd party developer looking at the standard, and producing an open source RCS app?

danie10 OP , 2 months ago

Certainly not now as a replacement but I understand that is the longer term intention. There is a lot of older infrastructure carriers need to unload and move on (lime dismantling 2G and 3G etc), and they often pay negotiated Inter-carrier fees. If it is to replace SMS I understand carriers can zero rate whatever data they want to, so it will be cheaper for them to not charge any data charges on RCS than to actually keep providing text SMS. RCS also uses exiting modern network technologies so there is nothing extra, or outdated, that has to be maintained.

danie10 OP , 2 months ago

From what I understand with Apple’s fallback (or like Google’s Message app does), if RCS is sensed by the other non-iMessage user, then RCS will be used, if not right now it would still default back to text SMS but then lose some features like hi-res photos etc. Just don’t know how it will work for me where I am on iMessage on my iPad, but when out with my Android phone will the iMessage’s wait a week until I turn on my iPad again. Would be nice if there was a proper presence sensing, and it routes to there. That may be possible with RCS, but we won’t know how Apple plans to use it, and they are not going to want it to be as shiny and nice as sending an iMessage…

danie10 OP , 2 months ago

Not really so, as MSMS is a major thing by us (outside the US) for most notifications from banks, gov, transactions, visit to pharmacy, etc. Incoming is fine apart from fact it is all open for anyone to read, but replies cost money. Also, where people are not using the same messenger, then it is sms text messages, each costing money. For pre-paid phone accounts, those SMSS messages cost even a bit more. SMS today is still the common denominator everything falls back on. It is very expensive when you consider what is paid, and it is only around 140 characters vs data.

danie10 OP , 2 months ago

It is certainly not where it needs to be yet.

danie10 OP , 2 months ago

Not as simple as that as many did ditch WahtsApp for Meta’s documented privacy violations, and their ongoing T&C which passes the WhatsApp metadata upstream to Meta and others. A lot of people also only use one messenger, and right now nothing connects them together yet. So I have masses of family and friends that only use WhatsApp, and I now only have SMS contact with them. About 8% to 10% do have multiple messengers so I see some on Signal and Telegram.

The last thing the world needs, is for WhatsApp to become the default dominant standard. That is a company that can be least trusted out of everyone worldwide, based on their history. With the app installed, the metadata includes constant location, usage, contacts, messages to who, etc.

danie10 OP , 2 months ago

And yet I missed their announcement about their passkeys. In today’s competitive world, I think any company that does not advertise in some way, is really not going to survive (as much as I don’t like ads either). Maybe I don’t see that much as I am paying.

danie10 OP , 2 months ago

I’m using the browser add-on in Linux across all my browsers. I do have the Bitwarden app for Linux, but to be honest I never open it as it is a pain to have to open a separate app, and then copy and paste. Isn’t it just more seamless to let it replace the browser password manager on Linux? If I want to tidy up my Bitwarden vault, I also do that in the browser.

danie10 OP , 2 months ago

Probably best to see their comparison but free account mainly excludes Integrated 2FA authenticator and only has two vaults, but unlimited logins. I’m on the unlimited account (for VPN and mail) so can’t check for sure.

danie10 OP , 2 months ago

True, just hope they eventually get passkeys for mobile.

danie10 OP , 2 months ago

No, an ad would have come out when it was launched, and an ad would try to sell something?

danie10 OP , 2 months ago

Well, at least say WHY? We know we can’t trust Apple (because of the recent backdoor that had to be closed down), Facebook because of the Cambridge Analytica scandal, Microsoft because the NSA were given first access to vulnerabilities before patching), the NSA because of the CLOUD Act), etc as these are all documented, analysed and reported on. Your comment really adds zero value to the debate. Proton is under Swiss law for a start, which has a way higher barrier to entry for law enhancement to get any access to metadata. In the USA the law enforcement just buys that data from data brokers. Proton is not in the business of advertising.

danie10 OP , 2 months ago (edited 2 months ago)

The point of the post was that Proton Pass is beating Bitwarden right now to having passkeys for mobile (Bitwarden has still not released that), and Proton Pass can actually export passkeys which Bitwarden does not do, so they are improving. I would not say though they are better all round than Bitwarden. I pay for both but am still evaluating the rest of Proton Pass vs Bitwarden especially around tweaks in options. But Proton is showing some innovation and momentum, while Bitwarden is slowing a bit. For those already using Proton they will likely find Proton Pass good enough to use right now.

danie10 OP , 2 months ago

But you seem to have missed the heading of the post? Bitwarden still (after many months) has not rolled out passkeys to mobile devices. That was actually the point of the post, and Bitwarden needs to start innovating a bit faster as others are overtaking in regard to passkeys. So, you can’t be using Bitwarden for your passkey logins on mobile?

danie10 OP , 2 months ago

Just like the Bitwarden app on Android, the Proton Pass one sits in the background to help with auto-fill on any browser form, irrespective of which browser it is.

danie10 OP , 2 months ago

Well German is EU, whilst Swiss is Swiss. But either ways, their requirements are way higher than US law for access to any records or metadata. The other thing is, if you live outside of Switzerland, your own government has to arrange legal access via two countries’ jurisdictions. And of course too for the USA, neither the Swiss or the Germans are allowed to just sell off data to data brokers.

danie10 OP , 2 months ago

They do accept Tor connections though… But I think you have the facts wrong about that access to data unless you have a credible source you can share: They are legally obligated to comply with lawful requests from Swiss authorities if they meet specific criteria (just like every other country except the USA where law enforcement [used?] could just request access. In a US case involving threats against immunologist Anthony Fauci, ProtonMail confirmed they received a legal request from Swiss authorities. However, due to end-to-end encryption, they could only provide the date the account was created, not the content of emails.

danie10 OP , 2 months ago

Thanks I did not know that. I see they say share via the vault, but don’t specifically mention exporting, as in to a file for importing elsewhere outside 1Password. But certainly LastPass, Bitwarden and others I’d looked at were not exporting the passkeys.

danie10 OP , 2 months ago

True, and the reverse is also true when a product is bad. I blog usually about what I’m interested in testing out, and when I see if may be worth me moving to a different service.

danie10 OP , 2 months ago

I use passkeys for some sites, but have been reluctant to go all in until I’m sure all my devices can support them. I’m not always going to have my desktop with me, and likewise my phone’s battery can be flat, etc. I’ve always wanted passkeys to first sync across all my devices, and ideally to be exportable and brought into a different service. Right now you can export your 900+ passwords, and import them into a different service if you want to move. You can’t do that with Apple or Google passkeys.

danie10 OP , 2 months ago

Yes, passkeys are public private keys, so a site only ever sees your public key. Your device does the match with the private key. So in that way, no-one can hack the service site and steal your password. But your private key on your device has to stay very private, and should be synced to another device, because if you lose your private key then essentially you can’t login in. If a site offers a backup “password reset via e-mail” then they have rubbish security anyway.

danie10 OP , 2 months ago

Yes, but as I said, as of yesterday still not implemented on mobile.

danie10 OP , 2 months ago

True, it is good, but they need to speed up on passkeys for mobile as many do use mobile devices and what’s the point of having passkeys on desktop.

danie10 OP , 2 months ago

Vulnerabilities on the client end are the only way right now for most state actors to gain access to messaging. So yes, various actors are already exploiting that as they have a lot at stake to gain access. But with others already able to exploit that, why would Proton want to do that? Their model is not about advertising or selling data, and they have 100 million paying customers as I understand it. The one’s that have been spying and exploiting have been the likes of Meta’s Facebook with their app present on the client device, and then trying to break Snapchat’s encryption this was (this came out in March 2024). Anyone “can” but we need to also consider “why” and what business model they have.

danie10 OP , 2 months ago

Firstly, the point was made that the passkey functionality in Proton Pass is free (no account needed or “selling”) and that is for unlimited logins. Anyone can just use it. I pay for, and am still using Bitwarden. I posted about this because it is interesting that Pass has implemented passkeys for mobile, while I still wait for Bitwarden, so I’m interested in testing this out with Proton Pass. I post about all sorts of things that I find interesting, and sometimes I do switch my services across if I find it can match or better what I already use. That’s the bottom line.

I was just as interested when I was considering moving from LastPass to Bitwarden, but then I was accused of “selling” free Bitwarden to people. Everyone must make up their own minds as their circumstances are different. But if no-one posted about what they found interesting, we’d have no Lemmy, and we’d all forever just stay stuck on whatever we personally know. Certainly Bitwarden and Proton Pass are not the only good password managers out there, but this week I was interested to see an article about Proton Pass, and I had not even known they’d rolled out passkeys yet. It seems like quite a few others did not either.

I’m sure others also post about what new stuff 1Password has just rolled out, and I’d be interested to hear about that too. That is how I decide whether I want to try something better.

If I wanted to try to sell something, I’m sure Proton Pass probably has some loyalty link for paid accounts, but no, you did not see me sharing anything like that. I mentioned the access was free.

danie10 OP , 2 months ago

There is a difference but right now as long as one uses a good password with a 2FA it is probably good enough. Too many services with passkeys are still quickly offering password resets via e-mail or text, so they, as sites, are not secure. And unless you can move your passkeys with you, like you can with passwords, you don’t want to get locked into a single device or OS.

danie10 OP , 2 months ago

Ah thanks for explaining that. It just makes it then difficult to fully move to passkeys with Bitwarden, which is why I’ve been waiting so long, and why I never stayed using Google or Apple’s passkeys.

danie10 OP , 2 months ago

It’s not a race and I would not even start to use passkeys until I know they can move with me across devices and OSs. Also, most sites that do offer passkeys, still offer highly insecure password resets which really undermines the security that passkeys should offer. I waited a long time for Bitwarden to start with passkeys, and they were going to be the answer to fully portable passkeys (I’ve been waiting so that I know my passkeys will work across all my devices and OSs). Now I’m waiting for mobile implementation before I can get going. I do hope they will also be offering exporting of passkeys, like you can currently export your passwords to other services.

danie10 OP , 2 months ago

Not really, right now as the password resets all undermine passkeys for many sites. One day if/when passwords get replaced then there will be a need, but that is a long way off probably. A good random password along with any 2FA is really good enough for most cases, and Bitwarden already does that very well along with even random e-mail addresses.

danie10 OP , 2 months ago

It is the same for Bitwarden. What I noticed is if I go to a site with passkeys, then Bitwarden prompts me with a pop-up to want to add a passkey. It’s not something you manually add, apparently.

danie10 OP , 2 months ago

No just have “Proton for Business newsletter” disabled but I see many of their mails say only once a quarter etc. So seems they don’t send out every month.

danie10 OP , 2 months ago

It does seem to have innovated quite quickly. I’m still using Bitwarden as I have the paid access to biometrics etc, and it has a nice tweak also to add unique e-mails for every login, etc. But I’m interested to see where Proton Pass will be in another few months, seeing I’m already paying for their service, and maybe I can consolidate my expenses a bit. I actually got drawn into paid Proton by leaving ExpressVPN, which I needed for Netflix, and then found Proton (with one or two others) were the only one’s handling Netflix’s geofencing quite well. Looking at options is always good.

danie10 , 2 months ago

Good points. Yes, I do prefer to give an instance at least the benefit of the doubt. Difference tho really with Fediverse is you have to search and follow stuff to see it. It does not get inserted into your feed through ads or people playing the algorithms. So generally I’m only seeing what I follow. I suppose we do need to choose our instances wisely. Certainly, if an instance (not just a user on it) is really spamming or impacting on other instances, I suppose there can be grounds to block it. But we have not all been spammed yet by Threads. I don’t like Threads (cancelled all my accounts years ago) but I left a few good friends and family there that I would like to reconnect with, and follow them. I also like that my metadata stays on the Fediverse side, so I don’t need a Threads account or their app tracking me.

I just would not like to be denied the option to even reconnect with my family and friends. Same goes for WhatsApp interoperating on Signal protocol - I have many friends and colleagues I left behind on WhatsApp, and would like to reconnect again with them.