Thanks sacredpoet for a good post. What really made me give up on BBM was exactly that - the BBM contacts all disappeared.
The security consideration is an important one. How cautious do you want to be? Sorry, this is a long post, but this is a complicated issue.
Discounting the risk of an unencrypted phone call that is easily intercepted for the moment, and focusing on instant messaging:
It is unclear who has access to the key material for BBM. Who can get access to the text of your chats? RIM employees? A court order can almost certainly surface the contents of your chats, and in the climate of numerous secret orders on the part of governments for personal data, and interception of personal communications outside the legal system, this is a valid concern. Governments have also been known to turn over interception information over to local corporations. RIM has publicly caved to governments on this one. Examples:
We live in an era where corporate security folks in corporations with a presence in multiple countries are very worried about corporate espionage facilitated by governments.
The story with BBM communications internal to an instance of BES is probably better than BIS, but the waters are muddy here.
Also think about the possibility of someone getting spyware onto your BES servers. That would probably take a dedicated attacker, but it is always a possibility. It is always a risk when you have an intermediate server with access to plaintext of communications. There is also the nefarious or socially engineered employee with admin access the BES threat to consider. Humans with access to sensitive data are pretty much always a weak link.
Similarly with iMessage, I am reasonably sure that Apple has access to the contents of your chats and will turn them over depending on local requirements. A nefarious/socially engineered Apple employee could also compromise communications. This kind of stuff happens - e.g. the recent google case - http://www.techdirt.com/articles/201...33711025.shtml. Do we have any idea what internal protections Apple has in place to protect against iMessage monitoring and disclosure by employees. Many people can be bribed. Social engineering is also a common component of attacks against organisations.
What threats are you trying to protect against? Someone stealing the device and extracting the encrypted data? Someone hacking your device remotely? A nefarious employee or one acting in good faith but who is the victim of social engineering? A hostile government that intercepts communications, domestically and internationally? Probably all of these.
Depending upon the answers, you might be better off with something like "Silent Text", Wickr, an OTR capable chat client, or TextSecure where nobody has access to the key material used to protect chats other than the two people involved.
Silent Text - https://silentcircle.com/web/silent-text/
TextSecure - https://play.google.com/store/apps/d...search_result#
Wickr - https://itunes.apple.com/us/app/wick...528962154?mt=8
OTR capable chat clients include the following. This ends up being the way to go for platform independence, but one needs to think carefully about the risk of someone hacking the devices involved in the chat. In particular, generic multi-purpose operating systems are notoriously easy to compromise, but there is spyware available for phones also.
Pidgin (Windows, Linux)
Adium (Mac OS)
IM+ and ChatSecure (iOS)
Gibberbot, IM+, Beem (Android)
Jitsi (Windows, Mac, Linux - also supports encrypted VOIP via ZRTP)
This question of who and what you trust is a complicated one. There are no easy best answers.
Perhaps next think about the security of voice calls, and what options there are for encrypted voip without back doors (hint: probably not skype which, if nothing else, has a known vulnerability in its encryption due to the use of a VBR codec.) It is also worth thinking about what an adversary can determine via traffic analysis even if all communications are securely encrypted and no spyware is involved.
and then we could talk about email security... But this is already too much.
Still, it should be hard to get spyware onto a properly locked down Blackberry. That's an advantage there.
At this point if you feel "safe" using pretty much any security solution, you aren't paying attention. It is all a matter of making the attacker's job more difficult, realising that there are multiple threats you need to consider and balance.
e.g. I sure wouldn't trust either BBM or iMessage if I were an activist engaged in a cause unpopular with the local government and my life and/or freedom were at stake. I might, however, be willing to take the risk of using Silent Text/Silent Phone or TextSecure/Redphone.
Now if BBM conversations were end-to-end encrypted with keys only local to the devices involved in the conversation, and perfect forward secrecy on a properly locked down Blackberry, that would be an almost as good as it gets. Perhaps an OTR messaging layer on top of BBM. If BBM had the APIs to allow an OTR chat client on top of BBM, that could be a killer app. Combine that with a ZRTP capable VOIP app for encrypted phone calls. It could almost convince me to buy a Blackberry again except that there would be nobody else to chat with I literally don't know anyone with a Blackberry anymore. I know one Windows phone user, who happens to be a former MS employee and is planning to ditch Windows Phone when he is eligible for an upgrade, and everyone else I know who uses a smartphone uses iOS or Android (roughly 50/50)
Maybe RIM could pay the Silent Circle folks to develop Blackberry apps. Seems like only iOS and Android are on their roadmap. Unlikely though, as I'm sure RIM doesn't want to remind people that BBM messages are potentially monitored. I really like the fact that the Silent Circle folks are clear about what data they retain and what data they will turn over when required.
Last edited by mch; 11-10-2012 at 06:14 PM.
"I didn't get fat by accident. This was a personal choice. " - Kevin Gillespie