This probably doesn’t float but, is there anything gained from adding a round for unknown contacts?
msg from the unknown > rsp w/ random str > rply w/ str => msg moves to inbox Do spammers have the capacity to respond to all the mail they send out? On Tuesday, September 23, 2014 at 2:35 PM, Joseph Bonneau wrote: > > On Tue, Sep 23, 2014 at 4:15 PM, Trevor Perrin <[email protected] > (mailto:[email protected])> wrote: > > "Apple iMessage, Wickr and BBM Protected can all be described as > > opportunistic encryption messaging systems that have been very > > successful deployment-wise." - Joe Bonneau, [2 > > To that list we can apparently add Kik and its 150 million users. > Interestingly, they don't seem to make any claims publicly about their > security, but in their advice to law enforcement they say "The text of Kik > conversations is ONLY stored on the phones of the Kik users involved in the > conversation. Kik doesn’t see or store chat message text in our systems, and > we don’t ever have access to this information." [1] It's not P2P, so this > seems to imply that E2E encryption is happening. This is highly unusual of > course-most apps make bold security claims publicly and undermine them in the > fine print but the opposite appears to be going on here. > > [1] > http://kik.com/wp-content/uploads/2014/01/Kiks-Guide-for-Law-Enforcement_July-17-2014.pdf > > Some other thoughts: > > > 1) Size of target population: Email has a huge userbase, and email > > addresses are widely shared, so spammers are able to harvest huge > > target lists. > > If you scale by people interested in/susceptible to spam, these populations > may remain low. I think they lean young and tech-savvy. Also there is very > little commercial use of these channels which makes spam stick out more. > > > 2) Cost per communication: Sending a single email is very cheap, > > compared to (say) postal mail > > This may be non-zero for messaging apps because all benefit currently from > only being accessible via proprietary apps. I'm not sure which have been > reverse engineered successfully-I believe WhatsApp and SnapChat have been at > least partially reverse engineered but I'm not sure for the above. Surely a > motivated spammer could create a compatible app to send spam for free, but > that's a non-zero barrier to entry. > > > 4) Ability to attribute and penalize the sending user: Free email > > accounts and easy signup make it hard to impose a cost on abusive > > users. > > Certainly these are all centralized systems with the ability to ban sending > users. The key question is, how hard is it to create accounts? It would be > interesting to survey what info each requires-which verify phone numbers, > etc. Phone numbers are definitely a non-free resource. iMessage and BBM > Protected may also utilize some sort of unique device identifiers which are > even less free. > _______________________________________________ > Messaging mailing list > [email protected] (mailto:[email protected]) > https://moderncrypto.org/mailman/listinfo/messaging > >
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
