Search Mailing List Archives
dafinley at gmail.com
Tue Jan 18 12:56:46 PST 2011
Thanks. That cleared things up.
On Mon, Jan 17, 2011 at 9:04 PM, Chris Palmer <chris at eff.org> wrote:
> Some notes. Some things are re-assertions of what other people have said; I
> repeat them because there seems to be a fair amount of confusion and I get
> worried that people will do something dangerous while working under
> Yes, you can use some phones on wifi without a SIM card.
> Even if you do use a phone on wifi, and/or take the SIM card out, the phone
> still has a baseband radio with its unique identifiers (IMEI, et c.) and its
> trackable behavior. And wifi is geolocatable too.
> Tor does not operate at the link or similar layers (wired Ethernet, wifi,
> GSM, CDMA, et c.; I use the term "link layer" loosely and from an internet
> point of view). Making a Tor-like thing that did probably would not work ---
> the link layer is inherently local and has an inherently small anonymity set
> at any one time. On the third hand, make a link-layer Tor and prove me
> wrong. :)
> Tor on a phone lacks the features of Torbutton. A better approach would be
> to make a customized browser that supports Torbutton-like features. Although
> this is not easy, you do have powerful generic objects/libraries like
> WebView/WebKit, and the source code of the Android Browser, to start from.
> The smartphone encryption article seems to mainly discuss how it's not
> supported (Android) or when it is, it is useless (iPhone). (As the article
> says, iPhone's "encryption" is in fact merely a pretty decent remote wipe
> feature, not a storage confidentiality mechanism.) Imagine for a second that
> you had the gold standard of local storage encryption, BitLocker, on your
> phone. How good is your key protector? Is it an offline brute-forceable PIN
> or short password? I bet it is. Even if you have a TPM: when your phone is
> seized or stolen, is it powered on or powered off? I bet it's on, and that
> the adversary can attack the phone while its filesystem is mounted and
> available unencrypted. As you can see, storage encryption for easily-lost
> and always-on devices is not a clear win, even if it were widely available.
> If you want your phone to not be an audio/video/location bug and
> evidence/PII goldmine, take the battery out and/or leave it at home. Jim
> Youll has the right idea.
> Chris Palmer
> Technology Director, Electronic Frontier Foundation
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> Should you need to change your subscription options, please go to:
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
> Should you need immediate assistance, please contact the list moderator.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech