Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

Bernard Tyers ei8fdb at ei8fdb.org
Fri Sep 13 01:15:39 PDT 2013



Firstly: I agree with you in principle but these tools need to be available to all. 

Technology is not used in a sterile, hygienic environment, it is used on the streets, by people who can't write, who use it for their purposes, not necessarily the purpose it was invented for.

Hence I disagree with you in practice. ;)

Erik de Castro Lopo <mle+libs at mega-nerd.com> wrote:
>Bernard Tyers - ei8fdb wrote:
>
>> Stefan: Why not?
>
>For verification, OpenPGP on smartphones is *possibly* ok. For
>a device used to sign or encrypt smartphones are totally
>inappropriate regardless of the potential convenience.

Given a choice between some level of security and no level of security, users will take the first option, if it makes sense.

You can't make people jump through hoops to be "totally secure". They will refuse, particularly if they are not security experts.

>No such agency and the like are almost certainly able (with the
>help of carriers and manufacturers) backdoor and exploit all
>the major smartphone brands and models [0].

If the user is not a person if interest to certain US government agencies, then that threat may not be applicable?

>Smartphones are horrendously complex, rely heavily on untrusted
>binary blobs, have mutiple CPUs some without direct owner/user
>control (eg the CPU doing the baseband processing) [1]. 

I agree with your points about running untrusted binaries and lack of user control. 

Firefox OS (OS level at least) is open source, right?

Cyanogenmod is open source, right?

>Currently these devices are impossibly difficult to secure.

Is the point not "securing it 100%" (as this is an impossibility). The point is what level of security the user needs to apply. Applying the level of security according to their threat-model.

If I am a user at risk of arrest in country_X which has a nasty government, the NSA is not going to assist said nasty government.

My threat is from the local governmental goons and their smarter colleagues in the government controlled telco, who will surveil my calls, SMS, and e-mail.

If I can use any tool to protect myself from them, isn't it worth seeing that tool exist?

Bernard.



>Erik
>
>[0]
>http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html
>[1]
>http://www.geeky-gadgets.com/baseband-hacking-a-new-way-into-your-smartphone-17-01-2011/
>-- 
>----------------------------------------------------------------------
>Erik de Castro Lopo
>http://www.mega-nerd.com/
>-- 
>Liberationtech is public & archives are searchable on Google.
>Violations of list guidelines will get you moderated:
>https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>Unsubscribe, change to digest, or change password by emailing moderator
>at companys at stanford.edu.

-- 
Sent from Kaiten Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130913/d1e0e519/attachment.html>


More information about the liberationtech mailing list