[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Phones for Tor
I had a weird experience with a android ROM which even when turned off send
stats to a server over wifi... I have not tested it with stock rom, and I
have no idea how it works, but it might be worth listening to phone data
and try to figure out what it does before using a mod\ded phone for
something important... Even when it\s turned off.
2013/7/25 grarpamp <grarpamp@xxxxxxxxx>
> >>> http://www.cryptophone.de/en/products/mobile/
>
> > This phone appears to be Windows-based.
>
> We have some trust in the MS stack concerning
> ability to execute code and move packets properly.
> Sniffing and sending the cleartext... that's an uknown
> but is reasonably verifiable by watching the network.
>
> > I see that they are banging on about their FOSS on
> > every web page on their site
>
> They give away the source. There's some blurbs about verifying
> their published binary hash with what you compile. However it's
> unclear if the binary on the *phone* is meant to verifiably match
> yours, if you can upload yours to the phone, etc. For over $1000
> per endpoint in a mesh, that's not a solution for us.
> Reimplementing it is.
>
> > that the whole software is based on the Windows-platform.
>
> I don't like cryptophone due to the cost and non-community
> model. But they do offer an Android unit now.
>
> > Also, it looks as though the whole Cryptophone's setup is centralised
>
> That too. You should be able to do this with any street phone
> having ARM or whatever ported processor.
>
> > Interesting feature is the Baseband firewall
>
> I saw that but didn't get what it is. Please tell...
>
> > Don't forget stock android has code [...]
>
> My understanding is Android is Linux, ie: Linux has been
> ported to run on the phone processor (ARM?).
> So I'm not seeing a reason to use Android proper, where
> Linux plus any driver blobs stripped for use from Android
> could suffice. Perhaps as an underground project if use of
> said blobs that way would violate blobs license.
>
> > Don't even know if anyone has truly audited android.
>
> Unless it involves money or rep, auditing is largely a myth.
>
> > There are some crypto programs you can install but it requires
> > the other party to have the program as well.
>
> This is not a problem in this community.
> And a proper app would recognize your incoming number
> and use that app when you call people who aren't techs
> (friend/family) but told to install it under threat of no calls.
>
> > I'd have better luck buying burn phones for people than
> > getting them to install software and use it properly..
>
> For them, yes. For you, no, your graph will instantly point
> to you. With that, encrypted content is your last bastion.
>
> > fancy menus which don't tell me much
>
> As in my former note, all we really want is opensource voice/SMS
> encryption over the cell network, preferably without a data plan
> (but not required).
> Because cell's coverage area is better than wifi (which we can
> already use for crypted wifi to wifi with any old app of the day,
> (provided access to the mic and speaker) but not to interoperate
> with cell, see the former data plan for that).
> Everything after that is likely to be much easier... full disk encryption
> of data, call lists, texts, mails, metadata, etc.
>
> Maybe this is not the best tech list for that question.
> Any ideas on that?
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk