[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    Re: [qubes-users] Secure Phones
From:       Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date:       2015-02-01 22:48:52
Message-ID: 54CEAD54.3040507 () invisiblethingslab ! com
[Download RAW message or body]


On 02/01/15 23:41, Hakisho Nukama wrote:
> On Fri, Jan 30, 2015 at 12:23 PM, cprise <cprise@gmail.com> wrote:
> > Actually, I just realized Redphone requires SMS (cellular) to establish a
> > call, even when using wifi.
> > 
> > Redphone has an iphone counterpart called Signal and they can call each
> > other.
> 
> This SMS capability is only used during registration. You could also use
> another device to receive the SMS or phonecall for registering and
> enter it into Redphone.
> There are plans to use another identifier (email) for registration.
> 
> > Redphone has an iphone counterpart called Signal and they can call each
> > other.
> > 
> > The big privacy advocates sometimes recommend Jitsi, but its something of an
> > old-fashioned PC app and can be a hassle to use. Jacob Applebaum has used it
> > to do teleconferences.
> > 
> > The last 15 years of communications development has been one big effort to
> > coax people into trading their privacy in exchange for coolness and
> > convenience. So the corners where privacy is protected are few and far
> > between.
> > 
> 
> There is also another messaging technology, that tries to achieve secure comms.
> https://pond.imperialviolet.org/
> 
> One big problem is the scattering of users throughout incompatible
> implementations.
> https://xkcd.com/927/
> 
> The biggest problem is still endpoint security (The E in E2E Encryption).
> 
> On Sun, Feb 1, 2015 at 9:42 PM, Joanna Rutkowska
> <joanna@invisiblethingslab.com> wrote:
> > On 02/01/15 13:16, J.M. Porup wrote:
> > > cprise:
> > > > 
> > > > On 01/31/15 07:01, J.M. Porup wrote:
> > > > > cprise:
> > > > > > But carrying a phone in your pocket giving telecom carriers and \
> > > > > > 'authorities' a record of your 24/7 whereabouts (along opportunities for \
> > > > > > surreptitiously acquiring other data) is qualitatively different in the \
> > > > > > users' experience... e.g. they don't experience it, even though its \
> > > > > > happening. 
> > > > > > The panopticon has been insinuated into our personal devices, quietly.
> > > > > What the world needs is a hard shell, sound-proof Faraday pouch.
> > > > > 
> > > > > Anyone feel like Kickstarting this?
> > > > > 
> > > > > JMP
> > > > 
> > > > Playing devil's advocate: How does an RF shield help if you aren't really in
> > > > control of your phone and it uses its motion sensors to record your movements
> > > > (or audio, etc.) in-between the times it does have contact with the cellular
> > > > network?
> > > > 
> > > > And isn't a removable battery more convenient than dealing with the addition \
> > > > of a metal case?
> > > 
> > > I work with / live with many non-technical people who completely embrace
> > > the Delusion of Security (TM) and remain flabbergasted at what they call
> > > my "paranoia."
> > > 
> > > You probably know people like this.
> > > 
> > > What good does it do for us to secure ourselves, if our loved ones --
> > > and indeed, society as a whole -- do not benefit also?
> > > 
> > > It seems to me that security for the masses must be the side effect of a
> > > product, never the selling point. It's like RedPhone in Brazil -- "Make
> > > free calls! Cool!"
> > > 
> > > A hard-shell sound-proof Faraday smartphone case could be marketed as
> > > "Unplug Time" or "For when you just want to relax." The side effect
> > > would be improved privacy for millions of people.
> > > 
> > > Jake has pointed out that such a design is not currently feasible. I am
> > > not a sound materials engineer, but since he's clearly spent time
> > > studying the subject, I'll take his word for it.
> > > 
> > > Perhaps future innovation in sound-proof materials will permit advance
> > > in this area.
> > > 
> > > JMP
> > > 
> > 
> > I wonder if anybody tried to use techniques similar to Active Noise
> > Cancellation, as used e.g. in aviation headset? Of course our problem is
> > somehow different: rather than canceling predictable and v. repetitive
> > noises made by machines (e.g. sounds of a helicopter engine, etc), we
> > would need to cancel the (totally unpredictable) voices made by people,
> > keystrokes, voltage regs on motherboard, etc. Still might work, perhaps?
> > 
> > joanna.
> > 
> 
> Project Ara could be a good starting point.
> https://www.projectara.com/faq/
> Just unplug the spy module consisting of baseband and sensor array.
> And any other proprietary or not (yet) audited modules.
> And if you need some sensor or crap module, plug it in.
> 

There is dozens of electronic devices present at my apartment and I
don't feel like/have time/desire to disassemble all of them, look for
mics and cameras, remove all them. Also, most of them are not
replace'able by open-source/hardware alternatives. Let's be realistic.
We need a more generic solution.

> @joanna: How do you make a voice call with your iPhone 6?
> 

The answer is on the photo :) BT headset with an on/off switch. Also,
you can use iPhone standard headsets -- no BT, just good-old wire
pluggable via good-old 3.5mm jack (but the inconvenience of the
always-strangely-knotted wires ;)

joanna.

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-users@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/54CEAD54.3040507%40invisiblethingslab.com.
 For more options, visit https://groups.google.com/d/optout.


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]