SMS is not even as private as a postcard. It's as private as using the public address loudspeakers in a stadium full of people who hate you.

@me No, there is encryption between your SIM card and the cell towers at the very least.

The problem with "SMS being public" is more a reflection on the internal state of the telcos and the handsets, not the protocols.

@me At the same time, the whole SS7 protocol set is so open for abuse, in similar ways to ICS (SCADA etc) because there are no effective security settings, and consumers are not visibly demanding alternatives to justify the costs. is a nice recent example of some of the SS7 problems

It's possible to use an unreliable network of course, but the work has to be done at the application level. This is why RCS is looking interesting; but SMS is "good enough" and unlikely to be switched off by any provider. Eventually people will just turn off SMS notifications on their phones, that's probably the best we'll get in the near future.

@me The funniest part about the SS7 protections that this video describes, is that the passage of traffic through the "SS7 firewall" seems to be a totally optional stage; we still have the same "capable-of-anything" box (STP) connected to the external networks, and it decides whether to ask the firewall for a judgement or not; and of course there are plenty of cases where the external traffic convinces the STP to not bother asking the firewall for comment ...

Sign in to participate in the conversation

Personal mastodon instance of Mark Atwood