-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On 14/10/18 23:31, Russell Coker via luv-talk wrote:
On Sunday, 14 October 2018 4:33:45 PM AEDT Andrew McGlashan via luv-talk wrote:
The other thing I don't understand about personal/business is that people without a job and plenty of "free" time are more likely to spend considerable time on the mobile than those busy at "work" on paid or unpaid tasks with the mobile being a significant distraction. Anyone actively working, sans sales people, do better to ignore the mobile on the whole and make use of voicemail and/or email or other forms of communication for a significant number of interactions --
There are more than a few people watching TV on public transport on the way to/from work. If you spend 40 hours a month on public transport (which is not uncommon) then that would be 25G of data per month if you spent that time watching SBS on demand (I presume other TV sources have similar data requirements but don't use them so can't easily verify).
Well, I have a mobile broadband product with 100GB of data, for a little more, they have 200GB plans now. Before that I had a 50GB plan for under $60, so the $10 extra for double data back when I started this plan in January was a no brainer. My plan was with a device at $70 per month for 2 years and the device was "worth" about $880 when new. Current plans like this are now $80 per month, also with 2 year contract . That gives far more than enough data for anything I need to do away from the fixed wire service; so much so, that I don't even have to worry about using 4G data when fixed wire is handy. That is, if a mobile is connected via hotspot, then I don't necessarily bother to switch to the local WiFi which is connected to the fixed wire service. This kind of data level is as good as unlimited for me as I use it. https://www.optus.com.au/shop/tablet/devices/apple-ipad-2018?plan=35 128GB iPad with 128GB storage, a SIM ... 200GB data each month and some data excluded from quota, including iView, Discovery Channel and more, but not SBS. I also get iHeart Radio streaming at no cost (no subscription service involved either). My SIM is in a mobile (not the tablet) that I carry with me and it provides a hotspot 100% of the time that I need it. Now, that $1 per month plan on TPG (even if you have Vodafone), well, that mobile can get all it's data from the hotspot. Another hone is used for normal calling if required, unlimited calls, SMS / MMS .... and more backup data at not much cost (similar enough to the Kogan deal, but using Optus network). If you are counting, that makes 3 mobiles, but one day I may end up using just two with one of the phones having dual SIM. My only problem or potential problem with the hotspot mobile is that I can run low on battery if I'm not careful.
https://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-aut hentication/
Sure,
as I said, you can't trust SMS and you definitely should not use it as 2FA unless you have no choice, then you can consider it suspect. The best option is to use offline TOTP, which I do with a Python script and some encrypted files that hold the keys as originally presented by the QR code -- no need to use Google Authenticator or any other /like/ app.
Krebs gave the best write-up of SMS issues.
As for Signal, it uses SMS to verify and change encryption settings. So if someone takes over your phone number of SMS I think there's nothing stopping them getting a new Signal key and communicating with people in your contacts list.
Yes, but, in the perfect world, SMS is only used for setup and if you can share the "safety numbers" securely, then you should be golden going forward. I never said Signal had no problems, in fact I agreed with what Rick's friend said about it. However, Signal is currently one of the best options out there that is more commonly used and not part of FB as WhatsApp is with their own encumbrances (even though they use the Signal protocol). Way, way, way back TextSecure used SMS for messages, but they were encrypted. These days, if you send SMS via Signal, then it will always be in plain text -- it's only when both users are using Signal that messages can be sent encrypted as data. I also don't like how Moxie Marlanspike requires everyone using his servers to have to be using his own app. You can run your own servers, but it isn't trivial and perhaps all the required code and steps are not easy to attain even though there is open source involved.. .. Cheers A. -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8NJLgAKCRCoFmvLt+/i +wgLAP980twf/fnr8/0gmHTdra2QEgBkVX50wgh0l8aLRtab8QD/RjLreRkWyMBR Vf+eQfkQtGxHUPcJ3pbm/EFtRiSyHcI= =8AaR -----END PGP SIGNATURE-----