Reply to post: Re: Nope

Rich Communication Services: Nobody uses it, nobody wants it, but analysts reckon it's on the verge of a breakthrough

doublelayer Silver badge

Re: Nope

Um...not really. The centralized model argument is the only good one you've made. The security of the protocol itself has been verified repeatedly, and the data available to a potentially malicious Signal server is known. We have access to the code and we can take chunks of it, including their protocol, if it suits us.

The centralization argument is a good one--we shouldn't rely on Signal's servers because they could be compromised or removed. That's a valid concern. However, the comparison here has been between Signal and RCS. RCS is also centralized. Now I can hear the arguments already--Signal runs the only servers, whereas RCS is run by multiple mobile companies. The problem being that you need your mobile company's servers to send or receive RCS messages, and you also need your recipient's provider's servers to be operational. That's two single points of failure or interference. In addition, it restricts you to using one communication mechanism to send RCS messages--no sending one over WiFi unless your mobile provider supports it, and even if they do, it takes exactly the same path after leaving your local network. Neither are decentralized.

A decentralized communication system with end-to-end encryption would be nice. The one I've used before is encrypted email, which does offer that but has some usability problems. We can use a few other options or design a new one. RCS is not it.

In addition, RCS places a lot more requirements on hardware and mobile provider support. If I have any network connection, I can send an email with encrypted contents. If I have any verifiable mobile connection at setup time and any connection later, I can send a Signal message. If I have any mobile connection on any provider worldwide, I can send an insecure SMS message. If I have a specific set of phones running on one of two providers in the U.S., I can send an RCS message. That means that, if I go to a different country and get a local number, I can still send email, SMS, and Signal, but RCS is not an option no matter what I like--I just have to wait for someone there to implement it and hope they do so with the encryption enabled, because I can neither verify what their code looks like nor bypass them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021