[liberationtech] Unique Opportunity: Input to CEOs of Smartphone Manufacturers

Fri Jul 12 13:49:00 PDT 2013

Hi.

First, I think the promiscuous "network" permission should be replaced with
more fine-grained ones like "secure web connection to example.com" (or
secure chat/im/mail).

I'd also like to see a mechanism for temporary face-to-face trust (e.g. via
qr-code) of self-signed certificates for situations where:

   - all servers and clients are in a relatively small physical area (e.g.
   mesh network)
   - it's possible to walk to the server (can either be a phone or a
   desktop) and ask the operator to present the QR code of the self-signed
   certificate
   - we can't rely on net or cell connection to the outside (e.g. natural
   or political disaster)

Cheers,
The Dod

On 12 July 2013 16:24, Eduardo Robles Elvira <edulix at wadobo.com> wrote:

> Hello:
>
> I'd like to see a mesh mode in the mobile phones. There are currently
> lots of mesh software initiatives, but I haven't seen any smartphone
> manufacturers support this. In the past, they were dependant of
> telecommunication companies to sell their phones, but now some
> companies are now starting to sell phones by themselves (Google for
> example). A mesh network mode would allow users to communicate even if
> there's no other conection, it can be useful to conect with peers in a
> demonstration or to transmit stream video to them in case police
> breaks your phone.
>
> On Fri, Jul 12, 2013 at 1:11 AM, Blibbet <blibbet at gmail.com> wrote:
> >> (1) A unique key built into each device, which can't be read directly
> >> by software, but which can be used to derive other keys (e.g. for disk
> >> encryption) at a limited rate, slowing down brute-force attacks
> >> against such keys.
> >>
> >> (2) An effaceable area of flash storage where the operating system can
> >> store encryption keys for the entire disk and/or individual files,
> >> making it possible to securely delete the corresponding data without
> >> having to smash the device into tiny little pieces.
> >>
> >> (3) A pony.
> >
> >
> > Presuming the smartphone is ARM-based, and presuming if (1) is applied,
> > it'll probably have ARM TrustZone installed, then:
> >
> > (4) Install a modern firmware on your smartphone, with useful security
> > features.
> >
> > (4a) Linux-based Coreboot. or
> >
> > (4b) UEFI.
> >
> > Use UEFI's SecureBoot feature, to enhance your Linux/Android/B2G/etc OS,
> > something none of your competitors are doing, except MS/Win8. To do so,
> you
> > need TPM on x86 or TrustZone on ARM, and you need to get your OS vendor
> to
> > sign the firmware, and not let MS Win8 hardware logo requirements confuse
> > you.
> >
> > Beyond the default TianoCore source, leverage Linaro's ARM-centric fork
> of
> > TianoCore, and Intel's MinnowBoard's UEFI which targets Linux
> > (Angstrom/Yocto), but neither of these Linux-centric UEFI targets support
> > the SecureBoot feature.
> >
> > Extend the current UEFI SecureBoot feature, which only targets 1 OS, to
> one
> > that lets you securely boot more-than-1 OS, for systems that want to
> > securely multiboot a handful of OSes (not necessarily installed, but
> later,
> > if your device is open, your user may opt to install another distro; your
> > job is to gather certs of the major ones, so they can securely boot the
> main
> > distros.)
> >
> > (5) Learn from FairPhone's model. Compete with them, by making something
> > *more* open.
> >
> > Thanks.
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> > emailing moderator at companys at stanford.edu or changing your settings at
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
> --
> Eduardo Robles Elvira     +34 668 824 393            skype: edulix2
> http://www.wadobo.com    it's not magic, it's wadobo!
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130713/b94aa519/attachment.html>