Firstly: I agree with you in principle but these tools need to be available to
all.
Technology is not used in a sterile, hygienic environment, it is used on the
streets, by people who can't write, who use it for their purposes, not
necessarily the purpose it was invented for.
Hence I disagree with you in practice. ;)
Erik de Castro Lopo <mle+l...@mega-nerd.com> wrote:
>Bernard Tyers - ei8fdb wrote:
>
>> Stefan: Why not?
>
>For verification, OpenPGP on smartphones is *possibly* ok. For
>a device used to sign or encrypt smartphones are totally
>inappropriate regardless of the potential convenience.
Given a choice between some level of security and no level of security, users
will take the first option, if it makes sense.
You can't make people jump through hoops to be "totally secure". They will
refuse, particularly if they are not security experts.
>No such agency and the like are almost certainly able (with the
>help of carriers and manufacturers) backdoor and exploit all
>the major smartphone brands and models [0].
If the user is not a person if interest to certain US government agencies, then
that threat may not be applicable?
>Smartphones are horrendously complex, rely heavily on untrusted
>binary blobs, have mutiple CPUs some without direct owner/user
>control (eg the CPU doing the baseband processing) [1].
I agree with your points about running untrusted binaries and lack of user
control.
Firefox OS (OS level at least) is open source, right?
Cyanogenmod is open source, right?
>Currently these devices are impossibly difficult to secure.
Is the point not "securing it 100%" (as this is an impossibility). The point is
what level of security the user needs to apply. Applying the level of security
according to their threat-model.
If I am a user at risk of arrest in country_X which has a nasty government, the
NSA is not going to assist said nasty government.
My threat is from the local governmental goons and their smarter colleagues in
the government controlled telco, who will surveil my calls, SMS, and e-mail.
If I can use any tool to protect myself from them, isn't it worth seeing that
tool exist?
Bernard.
>Erik
>
>[0]
>http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html
>[1]
>http://www.geeky-gadgets.com/baseband-hacking-a-new-way-into-your-smartphone-17-01-2011/
>--
>----------------------------------------------------------------------
>Erik de Castro Lopo
>http://www.mega-nerd.com/
>--
>Liberationtech is public & archives are searchable on Google.
>Violations of list guidelines will get you moderated:
>https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>Unsubscribe, change to digest, or change password by emailing moderator
>at compa...@stanford.edu.
--
Sent from Kaiten Mail. Please excuse my brevity.
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.
