[liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
Micah Lee
micah at micahflee.com
Fri Sep 20 11:15:54 PDT 2013
On 09/12/2013 04:14 PM, Erik de Castro Lopo wrote:
> Bernard Tyers - ei8fdb wrote:
>
>> Stefan: Why not?
>
> For verification, OpenPGP on smartphones is *possibly* ok. For
> a device used to sign or encrypt smartphones are totally
> inappropriate regardless of the potential convenience.
>
> No such agency and the like are almost certainly able (with the
> help of carriers and manufacturers) backdoor and exploit all
> the major smartphone brands and models [0].
>
> Smartphones are horrendously complex, rely heavily on untrusted
> binary blobs, have mutiple CPUs some without direct owner/user
> control (eg the CPU doing the baseband processing) [1].
> Currently these devices are impossibly difficult to secure.
>
> Erik
>
> [0] http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html
> [1] http://www.geeky-gadgets.com/baseband-hacking-a-new-way-into-your-smartphone-17-01-2011/
I completely disagree. Ubiquitous end-to-end encryption will help
protect against *dragnet* surveillance. The fact that smartphones are
imminently pwnable doesn't change this fact. Even if you're using a
Carrier IQ-infested/baseband backdoored device, adversaries would still
need to *target* you in order to compromise your OpenPGP conversations.
Saying that we shouldn't encourage OpenPGP on smartphones is like saying
we shouldn't encourage it on Windows computers either. There's a big
difference between encrypted internet traffic and endpoint security, and
just because the endpoint isn't 100% secure doesn't mean you should give
up on encrypting traffic.
Undetectable, sniffing the wire eavesdropping is the preferred way that
NSA and GCHQ conduct surveillance. Every time they try to hack into a
laptop or smartphone they run the risk of detection. They might be
really good, and detection might be very unlikely, but it's still risky
because these are active attacks, and they are much more expensive than
getting handed all the data passively. They can't afford to do *dragnet*
endpoint attacks.
There doesn't seem to be these same complaints against OTR on
smartphones, and in fact Gibberbot and ChatSecure seem to be celebrated
by this community, but they suffer all the same problems (and likely
even more, because they run on Android and iOS) that OpenPGP built-in to
Firefox OS would. For that matter, RedPhone, CSipSimple and OStel,
TextSecure, and Orbot also all from running on smartphones. Should all
these projects get discouraged too?
At this point, nothing is completely secure. The most talented hackers I
know use ThinkPads (with alleged Chinese hardware backdoors [0]) and run
Debian (researchers recently crashed 1.2k Debian packages with automated
fuzzing [1] -- how many of these are overflows, how many have already
been systematically weaponized by the NSA?). Should we discourage people
using OpenPGP on ThinkPads, or when using Debian?
The best we can strive to do is make surveillance more expensive, force
it to be targeted, force it to be detectable, and make the cost of
spying on everyone as expensive as possible. I'm really happy to hear
that Firefox OS is building end-to-end encryption tools into their
phone, something that I hope all smartphone OSes copy.
[0]
http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL
[1] http://lists.debian.org/debian-devel/2013/06/msg00720.html
--
Micah Lee
@micahflee
More information about the liberationtech
mailing list