This was posted to Twitter today: http://www.lieberbiber.de/2017/03/07/the-guardian-projects-proof-mode-app-for-activists-doesnt-work/
I think there are some valid concerns that we should mostly address in more FAQ about the app. ProofMode was meant to say that X file existed at Y time and here is the Z data generated when we detected that files existence. The idea that you could generate a photo or create a camera app that creates a "fake" or filtered photo is definitely something we understood was possible. My general statement is that there are always bad actors and malicious intent, and that the role of humans in building relationships, reputation and veracity still matter. This is particularly true with human rights advocacy groups gathering data from witnesses and investigatory bodies like the International Criminal Court. Like any evidence, it requires an investigation to verify that data you have. ProofMode is just meant to provide more data, rather than the current case where there is no data at all. As far as technical changes we could make to make it more difficult to adversaries, there are some possibilities including: - Storing the key in a way that can't be exported from the device, even if rooted. I've been looking at the KeyChain API for this. Has anyone had experience storing app generated key data in this way? - Notarizing the key on a special cloud service (or keybase.io perhaps) to ensure it came from the actual ProofMode app and not a random PGP command line... again, any thoughts on somehow tagging the origins of a key to a specific instance or hardware? - Not running proofmode when a USB device is connected, or when a device is rooted (We can detect both), or simply logging facts in the proof CSV file. - Add more sensor data into proof to make it harder to convincingly fake... this includes putting the gestures/accelerator data and compass data back in from CameraV. We used to have this, and you could easily match the motion of the person holding the camera while shooting a photo or video to the image or video you were seeing. Like I said, this is not a surprising critique, and something with CameraV and its built-in encrypted camera and "closed ecosystem" approach, we actively worked to combat. With ProofMode, we opened up the system a bit more, and dialed back the paranoia. What we are seeking is a balance, while keeping the insanely simple user experience intact. +n -- Nathan of Guardian [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
