Help to grow The Independent Mobile Tool Community!
Paul Wise
pabs3 at bonedaddy.net
Fri Jun 14 03:58:37 CEST 2013
On Fri, Jun 14, 2013 at 2:14 AM, Sebastian Krzyszkowiak wrote:
> http://yro.slashdot.org/story/13/06/13/1632210/ask-slashdot-how-to-bypass-govt-spying-on-cellphones
>
> I smell that OpenPhoenux may be good answer for recent NSA drama :)
Not really, you need to go much further than that because the problem
is an end-to-end one; attacks occur at the network layer (mostly there
right now), on your phone and on your friends phones. There are also
attacks that occur after the fact.
So you need communication with encryption, mutual authentication,
perfect forward secrecy, trustworthy hardware/software on both sides
and a trustworthy society.
Encryption to thwart passive MITM attacks (eavesdropping).
Mutual authentication to thwart active MITM attacks (inline
replacement of keys).
Perfect forward secrecy to thwart key disclosure attacks (rubber-hose
cryptanalysis or a $5 wrench).
Trustworthy and secure hardware/software to thwart active code
injection attacks and consequent information leakage. If you are
communicating solely with people who use gmail with no encryption or
use an iOS/Android device, then you get to join the dragnet too, yay!
You need a trustworthy society so that you aren't subject to people
forcing you to give up your data without a good reason. Steganography
can help if that isn't what you were born into though.
Some thoughts about this from Moxie Marlinspike are here:
http://www.thoughtcrime.org/blog/we-should-all-have-something-to-hide/
http://www.youtube.com/watch?v=eG0KrT6pBPk
The author's solutions to the first 3 issues above are a couple of
Android apps that provide these over SMS and VoIP.
https://www.whispersystems.org/
--
bye,
pabs
More information about the community
mailing list