Re: [liberationtech] Scramble.io, Round Two
I think my only complaint (that doesn't seem to be mentioned, though I could have missed it) is that the email address is generated with your key. This means that you have to create a whole new email account every 6 - 12 months for optimal security. I would suggest that you should allow people to alias their username to their email address, but also realize that doing so would kill one of your security advantages. On 2013-08-27, at 3:05 AM, DC wrote: Hi all, Just arrived in Seoul! I'm travelling this week, sorry for the delayed replies. Thanks for all the feedback. I'll try to answer all in one email: From: h0ost h...@mailoo.org Hi DC, Thanks for sharing this project. I'd like to install it on a server and play with it, but can't find an install doc. https://github.com/dcposch/scramble/blob/master/doc/how.md references a Quick Start, but I can't seem to find it. I'm sure I'm overlooking something, but thought I'd check first. Thanks. Host I hadn't published the Quick Start yet. My mistake. I'll try to correct that today, and I'll send out the URL. From: The Doctor dr...@virtadpt.net To: liberationtech@lists.stanford.edu [...] scramble.io does not play nicely with the Tor Browser Bundle: [...] Problematic. You're right. Unfortunately, this is tricky to fix! It's critical to security that the PGP key pair be generated on the client, and the server never sees the (plain) private key. To generate a key pair on the client, you need a secure random number generator. This is a new JS API that doesn't exist in older browsers, including the Tor Brower Bundle's version of Firefox :( So Scramble over Tor won't be solved until one of two things happens: * The Tor Browser Bundle upgrades to a more recent Firefox * Someone makes an easy-to-use Chromium+Tor bundle From: Griffin Boyce griffinbo...@gmail.com [...] It should give an option to continue anyway, tbh. See above---can't generate the key pair. Maybe I'll simply remove the Generate Account button on older browsers. When the secure RNG API is missing, you *could* log into an existing account, but can't create a new one. That feels a bit dirty, though. From: Nicolai nicolai-liberationt...@chocolatine.org Cool idea. This is also similar to CurveCP and DNSCurve. [...] But I think you meant to say the Base32 encoding of one's public key, not the hash, right? Nicolai Same format as Onion URLs: Base32 encoding of the first 80 bits of SHA1(PubKey) From: Tom Ritter t...@ritter.vg [...] I feel compelled to point out the precedence here. This is a problem known as Zooko's Triangle https://en.wikipedia.org/wiki/Zooko's_triangle Yes! Out of security, decentralization, and short names, you can only pick two. So HTTPS gives you security and short names (eg paypal.com), at the cost of placing trust in a centralized system (the CAs). Scramble, SSH fingerprints, Onion URLs, and others make the opposite tradeoff: security+decentralization, but now your identifiers are hashes. I think the consistent lesson of Prism, Lavabit, Freedom Hosting, etc is that anything centralized is inherently vulnerable. Hence the choice. From: Ali-Reza Anghaie a...@packetknife.com To: liberationtech liberationtech@lists.stanford.edu [...] I'm conceptually really curious about various aspects but before I forget - this time - I'd like to ask two broader questions first: - Is this in any way an officially backed project in any way? Part of a thesis or what-not lets say? Nope. So far, this is just my weekend project over the past four or five weekends :) Several friends have helped me refine the ideas. So far I've written all the code. Hopefully that will change soon! https://github.com/dcposch/scramble From: Michael Rogers mich...@briarproject.org Hi DC, Thanks for the reply. Responses to your responses inline. ;-) [...] 80 bits may not be enough to defend against a well-funded adversary these days - that's one aspect of the Tor hidden services design that needs some love. https://blog.torproject.org/blog/hidden-services-need-some-love Interesting! I'll read about it more carefully. (Note that in the entire history of Bitcoin, the smallest hash a miner has found starts with less than 80 zero bits. So impersonating an Onion URL or Scramble address would take roughly more than the *total* computation done by all Bitcoin miners to date. I think this is quite good.) [...] What block cipher mode of operation do you use? If the mode of operation requires padding, what padding scheme do you use? Do you authenticate the ciphertext? If so, what MAC function do you use, and how do you derive the MAC key? OpenPGP.js defaults. I'll give you a better answer soon. (Re: authenticating the ciphertext: not yet, but I should. Messages and bodies are currently PGP RSA-encrypted messages, but not
Re: [liberationtech] Scramble.io, Round Two
On Wed, Aug 28, 2013 at 9:49 AM, Travis McCrea m...@travismccrea.com wrote: I think my only complaint (that doesn't seem to be mentioned, though I could have missed it) is that the email address is generated with your key. This means that you have to create a whole new email account every 6 - 12 months for optimal security. I would suggest that you should allow people to alias their username to their email address, but also realize that doing so would kill one of your security advantages. A compromise is not necessary — in cables, the hash is based on root certificate, whereas DH peer keys are signed with a lower-level certificate's private key, which may have different lifetime. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Request for participants for HCI study into the use of mobile apps
Hi all, I'd like to ask list members who are based in London, or *who will be in London anytime during September*, to participate in my research. I am exploring the use of mobile apps by investigative journalists, human rights and NGO workers. - Are you an investigative journalist, NGO or a human rights defender? - Do you need to communicate securely and privately with co-workers and contacts? - Do you use mobile devices regularly? - Can you give me 1 hour of your time to take part in my university research project about mobile apps and trust? If you can answer YES to these questions, then I would love to talk with you. As thanks for taking part in my study I will cover tube/bus expenses, make a donation to your organisation (or organisation of your choice) or compensate you.  Contacting me: - by unencrypted e-mail bernard.tyer...@city.ac.uk - by Twitter @bernardtyers - by encrypted e-mail: If you would prefer to communicate via encrypted e-mail please use: ei8...@ei8fdb.org and this key http://bit.ly/BernardTyers-GPG-Key I have also created this flyer for people who'd like to send it to colleagues, or contacts: http://www.ei8fdb.org/bernard/participant_recruitment_page.pdf If anyone has questions, then please let me know. I'd be happy to answer them. best regards, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] SMS questions
On 08/27/2013 09:36 AM, Richard Brooks wrote: I have colleagues living in a small country, far, far away with a history of rigged elections who want to put in place a system for collecting information using SMS. The local government keeps shutting down the systems that they put in place. As you probably know, the main solutions people use for this are Ushahidi or FrontlineSMS, but neither of these are secure enough for your needs, I think. FrontlineSMS has a good rundown of risks here: http://www.frontlinesms.com/wp-content/uploads/2011/08/frontlinesms_userguide.pdf Guardian created a fork of the Ushahidi android app to support encrypted transport, but it requires a data plan (and maybe isn't maintained?): https://guardianproject.info/2010/03/10/ushahidi-linda-testimony-protection/ If you want secure reporting over SMS as the transport, I think your only option is moxie's TextSecure android app. This will not help in processing the reports, but it will allow the reports to be securely submitted. The government will still be able to identify and shut down this approach by identifying which devices are sending encrypted SMS messages or by blocking the number that reports are submitted to. The final option is to use SMS over satellite phones. Supposedly, this works very well, but is monstrously expensive. -elijah -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] SMS questions
Take the advice *not* to use SMS. I'd also avoid any NGO software that insists it was written for humanitarian purposes: this branding is usually skin deep and they are often less secure than off-the-shelf software. There are exceptions, like much of what Benetech produces, but if you need to ask lists about security and you are working from scratch on a tight timeline, like you say, then you are not in a position to adequately evaluate the pros and cons. If your main concern is that election monitoring reports are being read by the local government while in transit via the phone networks, then I would recommend Email rather than SMS, and have the reporters use an email provider that defaults to SSL (like gmail). This is assuming that you are not worried about the following things: 1- the local government knowing about the *existence* of the system, if not the content of every report. 2- the identities of reporters being discovered. 3- the implications of individual reporters and/or their devices in the country being physically compromised. If the security situation is critical enough that any of these three points concerns you, then should probably avoid digital reporting entirely, or find someone qualified in security to take the lead. Otherwise, there's a good chance you'll just be helping the local government identify their wanted dissidents, and ultimately do more harm than good. Rob ps: Is the small far, far away country Luxembourg or Andorra? On 28 August 2013 15:40, elijah eli...@riseup.net wrote: On 08/27/2013 09:36 AM, Richard Brooks wrote: I have colleagues living in a small country, far, far away with a history of rigged elections who want to put in place a system for collecting information using SMS. The local government keeps shutting down the systems that they put in place. As you probably know, the main solutions people use for this are Ushahidi or FrontlineSMS, but neither of these are secure enough for your needs, I think. FrontlineSMS has a good rundown of risks here: http://www.frontlinesms.com/wp-content/uploads/2011/08/frontlinesms_userguide.pdf Guardian created a fork of the Ushahidi android app to support encrypted transport, but it requires a data plan (and maybe isn't maintained?): https://guardianproject.info/2010/03/10/ushahidi-linda-testimony-protection/ If you want secure reporting over SMS as the transport, I think your only option is moxie's TextSecure android app. This will not help in processing the reports, but it will allow the reports to be securely submitted. The government will still be able to identify and shut down this approach by identifying which devices are sending encrypted SMS messages or by blocking the number that reports are submitted to. The final option is to use SMS over satellite phones. Supposedly, this works very well, but is monstrously expensive. -elijah -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Idibon www.idibon.com www.robertmunro.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] SMS questions
How important is the privacy of people doing the submission? Because the government can always get SMS records from providers. That said, I worked a bit on UReport in Uganda which is an SMS based system that allows (mostly young) Ugandans to respond to surveys on various topics, some of which (schools, water) were sensitive to the government. I worked a bit with the back end providers and the interface APIs, so I understand some of the issues, what would you like to know? There may be technical things you can do that will raise the difficulty of government surveillance, but at the end of the day they can still go to the provider and have your service turned off. One approach is to make the information just embarrassing enough to get the government to change, but not so embarrassing as to get them to clamp down. That approach obviously doesn't work in all situations. -- Charles On Wed, Aug 28, 2013 at 12:36 AM, Richard Brooks r...@acm.org wrote: I have colleagues living in a small country, far, far away with a history of rigged elections who want to put in place a system for collecting information using SMS. The local government keeps shutting down the systems that they put in place. I think I understand their needs and wants. SMS is really not my strong point. If anyone with an understanding of SMS, SMS web interfaces, and/or related security issues would be willing to point me in the right direction (or discuss potential issues) I (and by extension they) would be grateful. The alternative is for me to dedicate my excess cycles to researching those issues from scratch, which sounds time consuming. They kind of need help in the near future. -Richard -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] SMS questions
Richard Brooks r...@acm.org wrote: If anyone with an understanding of SMS, SMS web interfaces, and/or related security issues would be willing to point me in the right direction (or discuss potential issues) I (and by extension they) would be grateful. SMS is basically insecure. Others in the thread have given good advice, which you should heed, but here's my take on it in case a slightly different perspective is also useful. The basic problem is that all SMS messages go through servers which may be monitored. In many countries the service providers are under direct government control. Anywhere else, it may be possible for government to acquire access with some combination of appeals to patriotism, legal (or in some places extra-legal) threats, and promises of rewards such as government contracts, There are plenty of examples of actual monitoring. During the SARS scare, people in Beijing were arrested for spreading rumors via SMS. In the US, the NSA has monitoring equipment in ATT offices: https://www.eff.org/nsa/hepting It gets worse. The US has a Communications Assistance to Law Enforcement Act (CALEA) that basically makes it illegal for anyone to sell phone switches without wiretap capability in the US. As a result nearly all such switches have the capability built in. That includes the switches that various nasty regimes buy. Then there are a whole range of other attacks possible against phone systems. Trojan horse programs can take over a smartphone to record things like passwords or even use the phone's mike to bug whatever room the phone is in. Bogus cell phone towers (in the back of a KGB, NSA or whoever van) can locate a phone with great accuracy. Those are just two that have been reported as commercially available; there are likely more I don't know about. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] SMS questions
On Wed, Aug 28, 2013 at 10:47:16PM -0400, Sandy Harris wrote: It gets worse. The US has a Communications Assistance to Law Enforcement Act (CALEA) that basically makes it illegal for anyone to sell phone switches without wiretap capability in the US. As a result nearly all such switches have the capability built in. That includes the switches that various nasty regimes buy. Expanding on this point -- Once the wiretapping capability is built into the switch, it's often very easy to turn on (by a small bribe to the technician who manages the switch, for example). Even if the wiretapping feature is an added cost extra, generally that means that the code is included in the shipping product and just needs to be enabled by a small hack of the software. Exactly this happened in Greece in 2004. http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%9305 It's safe to assume that it's happened many more times that weren't discovered. -andy -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
