[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Phones for Tor
I had a weird experience with a android ROM which even when turned off send
stats to a server over wifi... I have not tested it with stock rom, and I
have no idea how it works, but it might be worth listening to phone data
and try to figure out what it does before using a mod\ded phone for
something important... Even when it\s turned off.
2013/7/25 grarpamp <grarpamp@xxxxxxxxx>
> >>> http://www.cryptophone.de/en/products/mobile/
> > This phone appears to be Windows-based.
> We have some trust in the MS stack concerning
> ability to execute code and move packets properly.
> Sniffing and sending the cleartext... that's an uknown
> but is reasonably verifiable by watching the network.
> > I see that they are banging on about their FOSS on
> > every web page on their site
> They give away the source. There's some blurbs about verifying
> their published binary hash with what you compile. However it's
> unclear if the binary on the *phone* is meant to verifiably match
> yours, if you can upload yours to the phone, etc. For over $1000
> per endpoint in a mesh, that's not a solution for us.
> Reimplementing it is.
> > that the whole software is based on the Windows-platform.
> I don't like cryptophone due to the cost and non-community
> model. But they do offer an Android unit now.
> > Also, it looks as though the whole Cryptophone's setup is centralised
> That too. You should be able to do this with any street phone
> having ARM or whatever ported processor.
> > Interesting feature is the Baseband firewall
> I saw that but didn't get what it is. Please tell...
> > Don't forget stock android has code [...]
> My understanding is Android is Linux, ie: Linux has been
> ported to run on the phone processor (ARM?).
> So I'm not seeing a reason to use Android proper, where
> Linux plus any driver blobs stripped for use from Android
> could suffice. Perhaps as an underground project if use of
> said blobs that way would violate blobs license.
> > Don't even know if anyone has truly audited android.
> Unless it involves money or rep, auditing is largely a myth.
> > There are some crypto programs you can install but it requires
> > the other party to have the program as well.
> This is not a problem in this community.
> And a proper app would recognize your incoming number
> and use that app when you call people who aren't techs
> (friend/family) but told to install it under threat of no calls.
> > I'd have better luck buying burn phones for people than
> > getting them to install software and use it properly..
> For them, yes. For you, no, your graph will instantly point
> to you. With that, encrypted content is your last bastion.
> > fancy menus which don't tell me much
> As in my former note, all we really want is opensource voice/SMS
> encryption over the cell network, preferably without a data plan
> (but not required).
> Because cell's coverage area is better than wifi (which we can
> already use for crypted wifi to wifi with any old app of the day,
> (provided access to the mic and speaker) but not to interoperate
> with cell, see the former data plan for that).
> Everything after that is likely to be much easier... full disk encryption
> of data, call lists, texts, mails, metadata, etc.
> Maybe this is not the best tech list for that question.
> Any ideas on that?
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to