[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor on Android

To: tor-java@xxxxxxxxxxxxxx
Subject: Re: Tor on Android
From: Chris Palmer <chris@xxxxxxxxxxxxxxxx>
Date: Fri, 18 Sep 2009 16:40:03 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-java-outgoing@xxxxxxxx
Delivered-to: tor-java@xxxxxxxx
Delivery-date: Fri, 18 Sep 2009 19:39:48 -0400
In-reply-to: <4AB3E4F4.1070603@xxxxxxxxxxxxx>
References: <4AB07511.7030605@xxxxxxxxxxxxx> <1253102841.3970.26.camel@maxwell> <20090916125029.GA15977@xxxxxxxxxxxxx> <55158e530909160956l795d62c6jfa68493431fffeab@xxxxxxxxxxxxxx> <D8933CA4-A172-48A4-A7B0-0250D98AA8E1@xxxxxxxxxxxxxxxx> <4AB3E4F4.1070603@xxxxxxxxxxxxx>
Reply-to: tor-java@xxxxxxxxxxxxxx
Sender: owner-tor-java@xxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.3i

Jacob Appelbaum writes:

> It's basically a lost cause to try to secure any phone that uses the (HTC
> style) dual CPU architecture.

I disagree -- there is no "secure", there is only costs, payers, benefits,
and beneficiaries. Put another way, there is only "secure against a
particular (class of) attacker mounting a certain (class of) attack against
a particular (class of) asset". You can't secure the Droid against an
attacker who controls the baseband, but there are plenty of attackers who we
care about defending against who do not control the baseband.

Also, all phones (available on the consumer market) have a non-open, closed
source baseband blob. It's not just Android, and it's not just HTC machines.
Other options include putting the baseband OS and the application OS on the
same host CPU! using the magic of microkernels:

http://www.ok-labs.com/_assets/evoke.pdf

For that matter, your Linux laptop probably has a closed source video driver
and/or wifi driver blob. And those blobs own your kernel, too. These blobs
often must be blobular for regulatory reasons (some silly, some less so).

There is no "perfect", but there is no "lost cause" (usually -- is
Guardian's cause lost? Tell us more about its threat model).

-- 
http://www.noncombatant.org/
http://hemiolesque.blogspot.com/

References:
- Tor on Android
  - From: Jacob Appelbaum
- Re: Tor on Android
  - From: Connell Gauld
- Re: Tor on Android
  - From: Lexi Pimenidis
- Re: Tor on Android
  - From: Nathan Freitas
- Re: Tor on Android
  - From: Chris Palmer
- Re: Tor on Android
  - From: Jacob Appelbaum

Prev by Author: Re: Tor on Android
Next by Author: Re: Tor on Android
Previous by thread: Re: Tor on Android
Next by thread: Issues with Onion Coffee...
Index(es):
- Author
- Thread