Delivery-Date: Tue, 26 May 2015 00:31:21 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A83931E10D5;
	Tue, 26 May 2015 00:31:18 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0D87A3581E;
	Tue, 26 May 2015 04:31:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B37A2356D7
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 04:31:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ne91yMIiQz88 for <tor-talk@lists.torproject.org>;
 Tue, 26 May 2015 04:31:08 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 7F1AA33F0A
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 04:31:08 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 2E4AB40B9C
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 04:31:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1432614665; bh=PiA5srNCNG/aZtb6tAEBZRb8v+WbBNbCJkm0Krp35Gk=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=i27mthhccAOcA18Mo/SyTxp9go77AS9nmiFaZsFCmQAhttAlLrQIdmzrjjsl2VirI
 4b4xtmUiXzue80KDjV7N8UaS/qmYkta7l2Sugwm7NcOaPkrhlojd/8LsANvqC/7oWk
 TnT7LhuBwZPIzzWHTaHPkT98hs9y4U6SmpdfDzhg=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id 4598E40EBC
Message-ID: <5563F709.6040103@riseup.net>
Date: Mon, 25 May 2015 22:31:05 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <87iobo8fzv.fsf@informationelle-selbstbestimmung-im-internet.de>
 <512753.5549443130353135392d31343036383939313433@popretr.messagingengine.com>
 <1432069898.394980.273147569.5582B404@webmail.messagingengine.com>
 <CAMTdTS8WCkSYNoCpMt_JOJhqUzZ+RGgoZC85ZOxuXWy-9Cu82g@mail.gmail.com>
 <87zj4v8mak.fsf@informationelle-selbstbestimmung-im-internet.de>
 <44ADB9B1-03EC-4B55-BB2D-C5BE3695FC78@gmail.com>
 <55614B8A.3050403@riseup.net>
In-Reply-To: <55614B8A.3050403@riseup.net>
X-Virus-Scanned: clamav-milter 0.98.7 at mx1
X-Virus-Status: Clean
Subject: [tor-talk] Thou shalt not use mobile phones (was: Firefox with Tor
 on Android?)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 05/25/2015 7:06 PM, Jens Lechtenboerger wrote:

> On 2015-05-23, at 21:54, Mirimir wrote:
>
>> On 05/23/2015 07:47 AM, Alexis Wattel wrote:
>>
>> <SNIP>
>>
>>> From what I know, Mike Perry's article on hardening Android is the
only viable *starting* point to secure an Android platform.
>>>
>>> Good luck fellas!
>>
>> It needs to be a dedicated device, with no links (money, accounts,
contacts, activities, etc) to ones true name. And as Mike notes, it
can't have a working cellular radio. Public WiFi only.
>>
>> <SNIP>
>
> As this discussion has drifted away from the original topic, I changed
the subject.
>
> I believe that the above warning against Android should really be
understood as warning against mobile phones in general: Phones are
powerful surveillance devices, easily exploitable by third parties. I
don=92t think that Android phones are worse than other smartphones in this
respect.  Please correct me if I=92m wrong.

Actually, Android is better than iOS because it's open-source. Also, it
can run on open-source hardware, which is being developed. But
generally, smartphones were expressly designed to be far less
independent and private than PCs.

> As a matter of fact, people use smartphones anyways.  Some readers
here might say that smartphone users are doomed beyond help.
> I don=92t agree.

They are if they're using mass-market iOS and Android devices.

> People may try to protect themselves (1) against targeted attacks and
targeted espionage or (2) against mass surveillance.  Both assume
different threat models, yet frequently both are mixed up, which does
not help.  I agree that I=92m doomed if I attempt (1) on my smartphone.
In fact, I don=92t think that many people are skilled enough to protect
any kind of device with Internet connection against targeted attacks.
Thinking of Stuxnet, I don=92t believe that there are many devices which
can be protected against targeted attacks at all (regardless of network
connections).

Yes, I agree that resisting targeted attacks is difficult, if not
impossible. Maybe the VM that I'm typing this on is pwned. But it's
dedicated to Mirimir, and doesn't administer anything. Maybe the entire
host machine is pwned. But neither it nor other hosts on its LAN contain
true-name information. I appreciate that such paranoia is unusual. But I
do my best to proselytize ;)

> Now, if we mix up cases (1) and (2) it is easy to conclude that there
is nothing one can do anyways.  Resistance appears futile, so it=92s
reasonable to resign and submit to the destruction of our privacy.  It=92s
the convenient, lazy route, apparently justified by expert advice.

I do not advocate that!

> So, let=92s consider both cases separately.  Let=92s forget about (1). We
are left with (2), mass surveillance, which as the name suggests affects
the masses and should be everybody=92s concern.  Mass surveillance is
based on bulk data collection, where it=92s easy to see who communicates
where and when with whom, potentially about what.  I hope that Tor is a
useful tool against mass surveillance. It=92s probably safe to say that
with Tor it is not =93easy=94 any more to see who communicates where and
when with whom.  Tor users do not offer this information voluntarily,
they resist actively.

Yes.

> And it does not matter on what devices people use Tor.  Mass
surveillance becomes harder in any case.

Maybe. From what I've read, Tor on smartphones seems quite broken.

> So, please, be careful whom you warn how against the use of mobile
phones.  Too many people are indifferent to mass surveillance already.
Do not join the chorus to mislead the masses in believing that
resistance is futile.

Again, that is not what I recommend. I'm sorry if I came off that way.

> You may suggest to throw away mobile phones, of course.  I would not
expect more than disbelieve, shock, or laughter in response.
Alternatively, you may want to explain other measures=97which also work on
phones: Use decentralized services, use alternative search engines,
encrypt communication, anonymize communication.

I do not suggest throwing away mobile phones. What I warn against is
pretending that they can be secure and anonymous. One must assume, I
believe, that all standard consumer smartphones will be pwned, and that
all activity on will be monitored.

But that's not a problem, if one is aware of it. The response is
compartmentalization. Have at least two smartphones. One is for routine
true-name use. The goal there is looking normal, just like everyone
else. Use no encryption, never use Tor, don't be clever, etc.

The others are dedicated to private use. Buy with cash, with the primary
smartphone left at home. Have no mobile account, and use only public
WiFi. And so on.

> Best wishes
> Jens
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

