[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-users
Subject: Re: [qubes-users] Secure Phones
From: Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date: 2015-02-01 22:48:52
Message-ID: 54CEAD54.3040507 () invisiblethingslab ! com
[Download RAW message or body]
On 02/01/15 23:41, Hakisho Nukama wrote:
> On Fri, Jan 30, 2015 at 12:23 PM, cprise <cprise@gmail.com> wrote:
> > Actually, I just realized Redphone requires SMS (cellular) to establish a
> > call, even when using wifi.
> >
> > Redphone has an iphone counterpart called Signal and they can call each
> > other.
>
> This SMS capability is only used during registration. You could also use
> another device to receive the SMS or phonecall for registering and
> enter it into Redphone.
> There are plans to use another identifier (email) for registration.
>
> > Redphone has an iphone counterpart called Signal and they can call each
> > other.
> >
> > The big privacy advocates sometimes recommend Jitsi, but its something of an
> > old-fashioned PC app and can be a hassle to use. Jacob Applebaum has used it
> > to do teleconferences.
> >
> > The last 15 years of communications development has been one big effort to
> > coax people into trading their privacy in exchange for coolness and
> > convenience. So the corners where privacy is protected are few and far
> > between.
> >
>
> There is also another messaging technology, that tries to achieve secure comms.
> https://pond.imperialviolet.org/
>
> One big problem is the scattering of users throughout incompatible
> implementations.
> https://xkcd.com/927/
>
> The biggest problem is still endpoint security (The E in E2E Encryption).
>
> On Sun, Feb 1, 2015 at 9:42 PM, Joanna Rutkowska
> <joanna@invisiblethingslab.com> wrote:
> > On 02/01/15 13:16, J.M. Porup wrote:
> > > cprise:
> > > >
> > > > On 01/31/15 07:01, J.M. Porup wrote:
> > > > > cprise:
> > > > > > But carrying a phone in your pocket giving telecom carriers and \
> > > > > > 'authorities' a record of your 24/7 whereabouts (along opportunities for \
> > > > > > surreptitiously acquiring other data) is qualitatively different in the \
> > > > > > users' experience... e.g. they don't experience it, even though its \
> > > > > > happening.
> > > > > > The panopticon has been insinuated into our personal devices, quietly.
> > > > > What the world needs is a hard shell, sound-proof Faraday pouch.
> > > > >
> > > > > Anyone feel like Kickstarting this?
> > > > >
> > > > > JMP
> > > >
> > > > Playing devil's advocate: How does an RF shield help if you aren't really in
> > > > control of your phone and it uses its motion sensors to record your movements
> > > > (or audio, etc.) in-between the times it does have contact with the cellular
> > > > network?
> > > >
> > > > And isn't a removable battery more convenient than dealing with the addition \
> > > > of a metal case?
> > >
> > > I work with / live with many non-technical people who completely embrace
> > > the Delusion of Security (TM) and remain flabbergasted at what they call
> > > my "paranoia."
> > >
> > > You probably know people like this.
> > >
> > > What good does it do for us to secure ourselves, if our loved ones --
> > > and indeed, society as a whole -- do not benefit also?
> > >
> > > It seems to me that security for the masses must be the side effect of a
> > > product, never the selling point. It's like RedPhone in Brazil -- "Make
> > > free calls! Cool!"
> > >
> > > A hard-shell sound-proof Faraday smartphone case could be marketed as
> > > "Unplug Time" or "For when you just want to relax." The side effect
> > > would be improved privacy for millions of people.
> > >
> > > Jake has pointed out that such a design is not currently feasible. I am
> > > not a sound materials engineer, but since he's clearly spent time
> > > studying the subject, I'll take his word for it.
> > >
> > > Perhaps future innovation in sound-proof materials will permit advance
> > > in this area.
> > >
> > > JMP
> > >
> >
> > I wonder if anybody tried to use techniques similar to Active Noise
> > Cancellation, as used e.g. in aviation headset? Of course our problem is
> > somehow different: rather than canceling predictable and v. repetitive
> > noises made by machines (e.g. sounds of a helicopter engine, etc), we
> > would need to cancel the (totally unpredictable) voices made by people,
> > keystrokes, voltage regs on motherboard, etc. Still might work, perhaps?
> >
> > joanna.
> >
>
> Project Ara could be a good starting point.
> https://www.projectara.com/faq/
> Just unplug the spy module consisting of baseband and sensor array.
> And any other proprietary or not (yet) audited modules.
> And if you need some sensor or crap module, plug it in.
>
There is dozens of electronic devices present at my apartment and I
don't feel like/have time/desire to disassemble all of them, look for
mics and cameras, remove all them. Also, most of them are not
replace'able by open-source/hardware alternatives. Let's be realistic.
We need a more generic solution.
> @joanna: How do you make a voice call with your iPhone 6?
>
The answer is on the photo :) BT headset with an on/off switch. Also,
you can use iPhone standard headsets -- no BT, just good-old wire
pluggable via good-old 3.5mm jack (but the inconvenience of the
always-strangely-knotted wires ;)
joanna.
--
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-users@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/54CEAD54.3040507%40invisiblethingslab.com.
For more options, visit https://groups.google.com/d/optout.
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic