[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Phones for Tor

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Phones for Tor
From: Dash Four <mr.dash.four@xxxxxxxxxxxxxx>
Date: Thu, 25 Jul 2013 11:53:28 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 25 Jul 2013 06:53:48 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=aUrdo8hSYTotMR4vyTlC6TRZV4d08pFQNIUUTfEmd2A=; b=X3+z/Eo0iqx2BSWRye6JFEkqnd/QvRX2m2KuNuI/Iv/euhi+zYLHZawqrpusqrWZCI A42dOS6cWzRBa0xzjSUipGhMUf7c5nobjvCzN4IkeDiOnaIeEVEVMuvhf+uZvrvlDjzK +0+dZNsWa7qV4uQCvm5gco8CYz6O0/6LKnjgs4MyVadk1L0OdAGreK3g9xIhRAbO3Smd KJib0cTbOM8NBGpuIXQOybFaN4kzA7Aggq5GFITvNbcDdXl5X7IOOd2TvJJRpAPnUU7/ nSyHO3uVfq+zeyVjEbCD9G62EZKV04atXOQQyFuLQ6eQ2xIDVbomwB5EkzPt2d2kMITG Vvcg==
In-reply-to: <CAD2Ti2-k-BLaU6W4gR2pbYBOqydBZoTHNU8x5T7qx9Hdt8CSEA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti2_tiPx-zazL4XLR6NeOw0k0ZY2sutPdFBNKna8T763rog@xxxxxxxxxxxxxx> <51EF313E.8070903@xxxxxxxxxxx> <CAD2Ti2_K7ZR6NBHjfavnn=EZF-NCJC+oLuBMZ14xrmOCTxO5TQ@xxxxxxxxxxxxxx> <51EFD377.8020209@xxxxxxxxxxx> <CAD2Ti29Su=HMqZcjPBLhPM+_jQ1dbQ0wR+QzsY-2-ZwNu9ibjg@xxxxxxxxxxxxxx> <51F05812.80208@xxxxxxxxxxxxxx> <CAD2Ti2-k-BLaU6W4gR2pbYBOqydBZoTHNU8x5T7qx9Hdt8CSEA@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23


grarpamp wrote:

This phone appears to be Windows-based.


We have some trust in the MS stack concerning
ability to execute code and move packets properly.
Sniffing and sending the cleartext... that's an uknown
but is reasonably verifiable by watching the network.

You trust M$/Windows if you want to, but I'd steer clear of themwhenever I can.

I see that they are banging on about their FOSS on
every web page on their site


They give away the source. There's some blurbs about verifying
their published binary hash with what you compile.

Yeah, but it is still a Windows source (besides, there is no mentionwhether they distribute the whole source of their product, including theWindows components/API, or just their source code alone) and I certainlydon't have the resources/manpower to audit that stuff, which is why Iprefer Linux-based systems - it has always been open source, it has beenaround for more than 15 years and it has a large number of communitymembers who have contributed to it and made it for what it is today.

that the whole software is based on the Windows-platform.


I don't like cryptophone due to the cost and non-community
model. But they do offer an Android unit now.

Care to point me out to a link? There isn't anything on their web sitethat I could see, offering Android-based unit.

Interesting feature is the Baseband firewall


I saw that but didn't get what it is. Please tell...

The term "firewall" is a bit misleading, since this feature is supposedto prevent over-the-air attacks by your network operator/malware"specialists" (seehttp://www.theregister.co.uk/2013/03/07/baseband_processor_mobile_hack_threat?page=2for a brief introduction to this). More advanced versions could alsofilter the modem commands sent by the network operator/others. The sadthing is that I have not seen full FOSS implementation of this yet.

Don't even know if anyone has truly audited android.


Unless it involves money or rep, auditing is largely a myth.

Indeed. To me, Android is the lesser of the two evils - ideally, I wouldhave liked to have "standard" Linux on my phone (as far as I know,Ubuntu are the only ones which could offer this, discarding Jolla forthe time being as they have not made anything official yet), but this isa pipe dream, so Android is the next "acceptable" option - at least for now.

The other two options, as far as I can see, are either having Windows orclosed-source/propriety system, both of which are a no-no for me.

There are some crypto programs you can install but it requires
the other party to have the program as well.


This is not a problem in this community.
And a proper app would recognize your incoming number
and use that app when you call people who aren't techs
(friend/family) but told to install it under threat of no calls.

I'd have better luck buying burn phones for people than
getting them to install software and use it properly..


For them, yes. For you, no, your graph will instantly point
to you. With that, encrypted content is your last bastion.

Apart from the "locked-in" system (which, again, appears to beWindows-based) and the baseband firewall, I don't see anything theycould offer, which isn't already present.

Secure communications could be accomplished with existingtools/protocols (zrtp/ssl for media, tls for signalling) and there is aplethora of Android-based apps already offering that - OSTel/CSipSimpleto mention just two such apps, so I don't really see any benefit ofCryptophone at all.

fancy menus which don't tell me much


As in my former note, all we really want is opensource voice/SMS
encryption over the cell network, preferably without a data plan
(but not required).
Because cell's coverage area is better than wifi (which we can
already use for crypted wifi to wifi with any old app of the day,
(provided access to the mic and speaker) but not to interoperate
with cell, see the former data plan for that).
Everything after that is likely to be much easier... full disk encryption
of data, call lists, texts, mails, metadata, etc.

Can't you accomplish this with existing "standard" Linux tools? I couldthink of a number of packages in Linux, which deal with disk encryptionand are quite good for example.


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Phones for Tor
  - From: grarpamp

References:
- [tor-talk] Phones for Tor
  - From: grarpamp
- Re: [tor-talk] Phones for Tor
  - From: Nathan Freitas
- Re: [tor-talk] Phones for Tor
  - From: grarpamp
- Re: [tor-talk] Phones for Tor
  - From: Nathan Freitas
- Re: [tor-talk] Phones for Tor
  - From: grarpamp
- Re: [tor-talk] Phones for Tor
  - From: Dash Four
- Re: [tor-talk] Phones for Tor
  - From: grarpamp

Prev by Author: Re: [tor-talk] Phones for Tor
Next by Author: Re: [tor-talk] How intensely do you use Tor?
Previous by thread: Re: [tor-talk] Phones for Tor
Next by thread: Re: [tor-talk] Phones for Tor
Index(es):
- Author
- Thread