SMS has one big advantage that all of these proprietary im services lack (and google seem to be moving away from)... It's actually an interoperable standard. I can use any handset with a multitude of operators, or i can use many third party online sms gateways. Regardless of the client or provider i choose, i can still talk to all other users of SMS, and i don't need multiple different accounts and/or devices to talk to different people.
I am in the same boat, i have always run my own XMPP server and have introduced several people to google as somewhere to get an XMPP account from. If google is going to become just another proprietary unconnected im service then i certainly won't be recommending it to anyone in future.
Simple sure, but IRC suffers from the same problems as other IM services - fragmentation, there are far too many unrelated irc servers out there and it becomes a major pain in the ass to sit on several at once.
The problem here is with how html links work... the link description (ie what you see) doesn't need to relate to the actual url (the href), so you often see a link which looks legitimate but actually goes to a malicious site, and many mail clients (and even browsers these days) dont make it easy to see the actual url. This is why slashdot puts the actual domain name inside square brackets after every link because it's far too easy to disguise a link to goatse as something else.
So your mail ends up looking just like every other phishing scam, which means that either people will distrust your mail, or become more likely to fall for phishing scams.
The fact is, computers in their current form and the internet as a whole were never designed for the non technical masses, and many many problems result from this.
And if you lock the account automatically then someone malicious can simply run a script to intentionally try incorrect passwords repeatedly, thus causing a denial of service against the legitimate owner of the account.
Every website appears to have an over inflated sense of its own importance... Why shouldn't i use a "weak" password on a site I deem unimportant?
Many of the password strength checkers are also deeply flawed, as they allow common dictionary words to slip through with trivial changes, eg Password1! is considered strong by most such checkers.
Also, how can i be assured that a site i sign up to is going to store my details securely? What's the point in having a strong password if its going to be stored in plain text or using a weak hashing algorithm?
As companies aim to employ less and cheaper staff, they don't consider the end results - when everyone is unemployed or earning pitiful wages, who's going to buy their products?
Only it's not a replacement, because it only works with those who have the same application installed...
Text messaging can reach anyone with a compatible handset, which is virtually all of them these days. Email is much the same, virtually any networked client device has email capability.
And both of these offer you a huge choice of providers and clients, something you just don't get with proprietary services like whatsapp.
The only thing that makes email difficult to memorise is all the free email services, where anything remotely memorable has already been taken... You end up being dugancent432423432432@gmail.com
Numbers are not terribly memorable, people memorise them out of necessity. I memorise several email addresses without problems, most people are name@company.tld which isn't exactly difficult to memorise.
Which is why i run my own XMPP server... Some trusted friends have accounts on my server, while others run their own individual servers. That way i only need to trust the person i'm talking to (which is implicit anyway), and not a third party.
BBM goes through their network, not via your BES...
Incidentally, pull the battery out of your blackberry... Now put it back in, power it up and watch what it does... It boots, then starts talking to your BES and retrieving mail in the background *before* you have unlocked the device. Therefore:
The unlock requirement is enforced by the device itself. The keys necessary to access your BES and the encrypted data on the device are stored on the device itself.
This is known as client side security, and i shouldn't have to explain why it's bad.
SMS is encrypted over the air on any modern GSM network... Do you trust RIM more than your carrier? Both are still subject to government demands for lawful interception.
If you're really concerned about encryption, you should encrypt the data end to end where only you and who you're communicating with have the keys, not any third parties in between. BBM doesn't provide this.
There are far too many proprietary im services out there...
Email was great, there are many different email services, and they all interoperate... The telephone is great too, there are many different telcos and they all interoperate.
But since then... First we had IRC, all these disparate unconnected networks but at least you could still use a client of your choice.
Then we got instant messaging... ICQ, AIM, Yahoo etc, all unconnected and each with its own client. Multi protocol IM clients made this slightly less intolerable but still, you need a bunch of accounts to talk to different people and you end up having to sign up new accounts because one friend of yours happens to use a service you haven't used before.
And today it just gets worse and worse, services are increasingly proprietary and there are more and more of them every week. It's absolute madness!
Also, I fail to see how being stuck with a closed source proprietary product is any worse than being stuck with a software-as-a-service provider.
Because while the former can be abandoned and stuck without security updates or an easy migration route, the latter being an ongoing contract (assuming someone remotely competent negotiated the contract) will have ongoing support for as long as the service is being paid for.
Look at all the apps out there which are locking companies in to old cruft like ie6... Requiring that a service be compatible with current clients should be part of the contract for any service being bought.
Which they can do with a free service... With a paid service, they have to stick to the contract terms which should include a decent warning period for customers, giving them time to migrate away. Smart customers would also demand migration assistance as part of the contract, not just for if the service is shut off but also for if they want to leave it for whatever reason.
So run zarafa alongside postfix on your debian/rhel/postfix server... It provides all the features you mention. Ofcourse, who's to say the users actually want or need any such features? Many only ever use email, and exchange/outlook is about the worst combination available for a pure mail server.
Why would you not care what microsoft are doing? Would you not care if they decided to stop producing security updates for exchange? Being stuck with a closed source proprietary product that's no longer being updated is not a good situation to be in.
Considering Boston are paying them for the service, the likelihood of them dropping the email service is no higher than the likelihood of their ISP dropping their connectivity... In either case, since the services are standards based they can easily migrate to an alternative, should the need arise.
MS could just as easily drop support for exchange, leaving them with a security nightmare that is intentionally difficult to migrate away from.
One issue with encrypted messages however, is that unless your mail filters have the private keys they cannot look inside the encrypted mail for spam or malware...
The IT department provides all staff with a client that is already configured to send and receive PGP email... The client is configured to automatically encrypt when sending mail to a recipient for which it has a public key, and displays a warning if it doesn't have a key available. When it receives a public key via email it prompt the user to import it.
It's really not terribly difficult if done right, and users will soon be sending encrypted mail without even realising it.
You can pay for gmail, and then they will be beholden to the contract you have with them. There is nothing to stop any company dropping a service, even one you pay for and have a contract for... The most you can hope for is that they give you notice that the service will be discontinued and you can migrate.
This is also why you should always have your own dedicated domain... The beauty of email is that it's a standard, so if you need to you can take your domain elsewhere and continue using email just fine. A much worse problem is when businesses start to rely on non standard services, like skype, twitter, facebook etc... These services could be pulled at any time, and you'd have no option to move your addresses to a third party service.
Because many people don't live within easy travelling distance of best buy or a similar store... Because while best buy may charge the same price, other retailers often charge more. Because the cost of travelling to a store (gas, public transport fares, time etc) may outweigh the shipping cost. Because its often more convenient to just place an order online and then sit on your ass and wait for it.
In many locations that extra 30 minutes would be classified as work, and thus they would be free to join the queue 30 minutes before the time their shift is scheduled to end. Or else claim for 30 minutes of overtime per day. People often fail to stick up for the rights given to them by employment law.
Slashdot Mirror
SMS has one big advantage that all of these proprietary im services lack (and google seem to be moving away from)...
It's actually an interoperable standard. I can use any handset with a multitude of operators, or i can use many third party online sms gateways. Regardless of the client or provider i choose, i can still talk to all other users of SMS, and i don't need multiple different accounts and/or devices to talk to different people.
I am in the same boat, i have always run my own XMPP server and have introduced several people to google as somewhere to get an XMPP account from. If google is going to become just another proprietary unconnected im service then i certainly won't be recommending it to anyone in future.
Simple sure, but IRC suffers from the same problems as other IM services - fragmentation, there are far too many unrelated irc servers out there and it becomes a major pain in the ass to sit on several at once.
The problem here is with how html links work... the link description (ie what you see) doesn't need to relate to the actual url (the href), so you often see a link which looks legitimate but actually goes to a malicious site, and many mail clients (and even browsers these days) dont make it easy to see the actual url. This is why slashdot puts the actual domain name inside square brackets after every link because it's far too easy to disguise a link to goatse as something else.
So your mail ends up looking just like every other phishing scam, which means that either people will distrust your mail, or become more likely to fall for phishing scams.
The fact is, computers in their current form and the internet as a whole were never designed for the non technical masses, and many many problems result from this.
And if you lock the account automatically then someone malicious can simply run a script to intentionally try incorrect passwords repeatedly, thus causing a denial of service against the legitimate owner of the account.
Every website appears to have an over inflated sense of its own importance... Why shouldn't i use a "weak" password on a site I deem unimportant?
Many of the password strength checkers are also deeply flawed, as they allow common dictionary words to slip through with trivial changes, eg Password1! is considered strong by most such checkers.
Also, how can i be assured that a site i sign up to is going to store my details securely? What's the point in having a strong password if its going to be stored in plain text or using a weak hashing algorithm?
As companies aim to employ less and cheaper staff, they don't consider the end results - when everyone is unemployed or earning pitiful wages, who's going to buy their products?
Doesn't email qualify as (free, non-SMS) cross communication between iOS and Android (and virtually any other device)?
Only it's not a replacement, because it only works with those who have the same application installed...
Text messaging can reach anyone with a compatible handset, which is virtually all of them these days.
Email is much the same, virtually any networked client device has email capability.
And both of these offer you a huge choice of providers and clients, something you just don't get with proprietary services like whatsapp.
The only thing that makes email difficult to memorise is all the free email services, where anything remotely memorable has already been taken... You end up being dugancent432423432432@gmail.com
Numbers are not terribly memorable, people memorise them out of necessity. I memorise several email addresses without problems, most people are name@company.tld which isn't exactly difficult to memorise.
Which is why i run my own XMPP server... Some trusted friends have accounts on my server, while others run their own individual servers.
That way i only need to trust the person i'm talking to (which is implicit anyway), and not a third party.
BBM goes through their network, not via your BES...
Incidentally, pull the battery out of your blackberry... Now put it back in, power it up and watch what it does...
It boots, then starts talking to your BES and retrieving mail in the background *before* you have unlocked the device. Therefore:
The unlock requirement is enforced by the device itself.
The keys necessary to access your BES and the encrypted data on the device are stored on the device itself.
This is known as client side security, and i shouldn't have to explain why it's bad.
SMS is encrypted over the air on any modern GSM network...
Do you trust RIM more than your carrier? Both are still subject to government demands for lawful interception.
If you're really concerned about encryption, you should encrypt the data end to end where only you and who you're communicating with have the keys, not any third parties in between. BBM doesn't provide this.
There are far too many proprietary im services out there...
Email was great, there are many different email services, and they all interoperate...
The telephone is great too, there are many different telcos and they all interoperate.
But since then...
First we had IRC, all these disparate unconnected networks but at least you could still use a client of your choice.
Then we got instant messaging... ICQ, AIM, Yahoo etc, all unconnected and each with its own client. Multi protocol IM clients made this slightly less intolerable but still, you need a bunch of accounts to talk to different people and you end up having to sign up new accounts because one friend of yours happens to use a service you haven't used before.
And today it just gets worse and worse, services are increasingly proprietary and there are more and more of them every week. It's absolute madness!
Also, I fail to see how being stuck with a closed source proprietary product is any worse than being stuck with a software-as-a-service provider.
Because while the former can be abandoned and stuck without security updates or an easy migration route, the latter being an ongoing contract (assuming someone remotely competent negotiated the contract) will have ongoing support for as long as the service is being paid for.
Look at all the apps out there which are locking companies in to old cruft like ie6... Requiring that a service be compatible with current clients should be part of the contract for any service being bought.
Which they can do with a free service...
With a paid service, they have to stick to the contract terms which should include a decent warning period for customers, giving them time to migrate away. Smart customers would also demand migration assistance as part of the contract, not just for if the service is shut off but also for if they want to leave it for whatever reason.
So run zarafa alongside postfix on your debian/rhel/postfix server... It provides all the features you mention.
Ofcourse, who's to say the users actually want or need any such features? Many only ever use email, and exchange/outlook is about the worst combination available for a pure mail server.
Why would you not care what microsoft are doing? Would you not care if they decided to stop producing security updates for exchange? Being stuck with a closed source proprietary product that's no longer being updated is not a good situation to be in.
Considering Boston are paying them for the service, the likelihood of them dropping the email service is no higher than the likelihood of their ISP dropping their connectivity...
In either case, since the services are standards based they can easily migrate to an alternative, should the need arise.
MS could just as easily drop support for exchange, leaving them with a security nightmare that is intentionally difficult to migrate away from.
Also, an email asking you to visit a website in order to register looks very much like a phishing scam...
One issue with encrypted messages however, is that unless your mail filters have the private keys they cannot look inside the encrypted mail for spam or malware...
The IT department provides all staff with a client that is already configured to send and receive PGP email...
The client is configured to automatically encrypt when sending mail to a recipient for which it has a public key, and displays a warning if it doesn't have a key available.
When it receives a public key via email it prompt the user to import it.
It's really not terribly difficult if done right, and users will soon be sending encrypted mail without even realising it.
You can pay for gmail, and then they will be beholden to the contract you have with them.
There is nothing to stop any company dropping a service, even one you pay for and have a contract for... The most you can hope for is that they give you notice that the service will be discontinued and you can migrate.
This is also why you should always have your own dedicated domain... The beauty of email is that it's a standard, so if you need to you can take your domain elsewhere and continue using email just fine. A much worse problem is when businesses start to rely on non standard services, like skype, twitter, facebook etc... These services could be pulled at any time, and you'd have no option to move your addresses to a third party service.
Because many people don't live within easy travelling distance of best buy or a similar store...
Because while best buy may charge the same price, other retailers often charge more.
Because the cost of travelling to a store (gas, public transport fares, time etc) may outweigh the shipping cost.
Because its often more convenient to just place an order online and then sit on your ass and wait for it.
In many locations that extra 30 minutes would be classified as work, and thus they would be free to join the queue 30 minutes before the time their shift is scheduled to end. Or else claim for 30 minutes of overtime per day.
People often fail to stick up for the rights given to them by employment law.