Clarify that the storage should be encrypted using a strong passphrase. Chatsecure doesn't seem to be maintained anymore and it's not part of F-Droid anymore, so recommend Conversations instead. AGP was replaced with OpenKeychain in K-9 Mail. The link to the K-9 Mail website is updated. Add orWall to the Android Tor setup. Add Silence for encrypting SMS. Remove the Tor project's Android hardening guide: The guide was updated and there is a link to the updated guide at the beginning of the old guide. The new guide has extensive sections about CopperheadOS and recommends to use it and donate to the project. CopperheadOS is nonfree software. They not only use blobs like LineageOS does, but their entire source code changes have a nonfree licence[1].
[1] https://copperhead.co/android/downloads Signed-off-by: Wolfgang Wiedmeyer <wolf...@wiedmeyer.de> --- freedom-privacy-security-issues.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-issues.php index 7def689..0400d81 100644 --- a/freedom-privacy-security-issues.php +++ b/freedom-privacy-security-issues.php @@ -154,13 +154,14 @@ Some general good advice to ensure the best possible respect of freedom and privacy/security on mobile devices includes: <ul> <li>Installing only free software applications, from trusted sources such as F-Droid on Replicant.</li> - <li>Encrypting the device's storage, to prevent some unauthorized access to the device's data.</li> - <li>Using software that provides secure peer-to-peer-encrypted communications such as <a href="//dev.guardianproject.info/projects/gibberbot">ChatSecure</a> for instant messaging and <a href="//thialfihar.org/projects/apg/">AGP</a> with <a href="//code.google.com/p/k9mail">K-9 Mail</a> for emails on Replicant.</li> - <li>Using <a href="//www.torproject.org/">Tor</a> to achieve reliable anonymity, for instance with <a href="//www.torproject.org/docs/android.html.en">Orbot</a> on Replicant.</li> + <li>Encrypting the device's storage with a strong passphrase, to prevent some unauthorized access to the device's data.</li> + <li>Using software that provides secure encrypted communications such as <a href="https://conversations.im/";>Conversations</a> for instant messaging and <a href="https://www.openkeychain.org/";>OpenKeychain</a> with <a href="https://k9mail.github.io/";>K-9 Mail</a> for emails on Replicant.</li> + <li>Using <a href="//www.torproject.org/">Tor</a> to achieve reliable anonymity, for instance with <a href="//www.torproject.org/docs/android.html.en">Orbot</a> and <a href="https://orwall.org/";>orWall</a> on Replicant.</li> + <li>Using <a href="https://silence.im/";>Silence</a> to encrypt SMS messages.</li> <li>If the device is telephony-enabled, switching the modem to airplane mode or (when possible) turning it off when not in use, to avoid being tracked at all times.</li> <li>Browsers using the webview framework (such as the browser shipped with Replicant and <a href="https://github.com/anthonycr/Lightning-Browser";>Lightning</a>) are subject to <a href="https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior";>various security flaws</a> in Replicant 4.2.</li> </ul> - In addition, the <a href="//www.fsf.org/">Free Software Foundation</a> provides a <a href="//www.fsf.org/campaigns/surveillance">comprehensive guide to help protect freedom and privacy</a> and the Tor project an article entitled <a href="//blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">Mission Impossible: Hardening Android for Security and Privacy</a>. + In addition, the <a href="//www.fsf.org/">Free Software Foundation</a> provides a <a href="//www.fsf.org/campaigns/surveillance">comprehensive guide to help protect freedom and privacy</a>. </p> </div> </div> -- 2.11.0 _______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant
