On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote:

We're in the late prototype phase for Groundsourcehttp://groundsourcing.com, a mobile data collection and engagement platform -- designed for journalists, researchers, NGO's and others to use to gather first-hand knowledge. We've used the prototype to validate the need for the platform, and now privacy & data protection have moved front and center as we ramp up for a beta phase later this spring/summer.

We've had some early discussions with the Tor Project about protecting journalists using the platform in countries with repressive regimes (down the road). We're also looking into using Wickr for encrypting communications. In the short term, we need advisors who can help guide our decisions around privacy and personal data collection & protection.

Ok. Here's some advice. You're not going to like it. ;-) Sorry. But better now than later, when lives are on the line. I'd like to ask you to open a web browser and use your favorite search engine to search for: mobile malware epidemic smartphone malware android malware windows phone malware and similar. Then I'd like you to explain how you propose to keep all those mobile phones secure in the face of routine malware, let alone targeted and custom malware crafted by hostile governments who would very much like all those journalists and researchers and NGOs you mentioned to STFU because they're saying and reporting and doing things those governments find...disturbing. Forget all the other security and privacy issues for a moment (some of which I touched on in a previous list message [1]): how, EXACTLY, do you propose to keep those phones from being infested just like a gazillion other phones already are or will be real soon now? Because once those endpoints are compromised, all the crafty routing and anonymization and encryption layers you could possibly put in place aren't going to matter very much. And those endpoints WILL be compromised (probably much sooner than you think) because they're going to be in the hands of journalists and researchers and NGOs, *not* in the hands of paranoid clueful paranoid diligent (did I mention paranoid?) geeks. Oh, sure, someone sufficiently knowledgeable, cautious, etc. can probably keep *one* phone secure. Just like someone with those qualities might be able to keep a single Windows system secure. There are people on this list who are capable of both of those things. But dozens? Hundreds? Thousands? Being carried around all over the place by their owners? There's not a chance in hell. None. This is not a solved problem in computing. Nor is there even a hint of a twitch of a notion of a suggestion of a whisper that it will be solved anytime soon. It's not even solved for people who've stacked the deck in their favor (e.g., those who have the luxury of centralized control) let alone for those who are allowing end users to connect their own. And most of them aren't painting big targets on their chests, they're just caught up in the general crossfire...unlike *your* users, who are self-nominating to be on the business end of some very serious attention from some very determined, clueful and nasty people -- people who probably *already* have been working on building or buying custom malware for phones because of course that's what any prudent adversary with sufficient resources would be doing just about now. Yeah, okay, so I'm making the point at your expense, and I don't really mean to do that, so I'll make it in the more general case: look, people, unless you can produce a plan -- and more than that, a plan that's been proven in the field to work -- for keeping, let's say, a population of, oh, a thousand independent scattered phones free of malware, then you CAN'T deploy your whizbang singing dancing smartphone app because it's going to be promptly undermined. Any government worthy of the term "oppressive" is going to 0wn each and every phone of interest and is going to install trackers, spyware, keystroke loggers, and whatever else occurs to them, and you're not going to stop them. At best, you might figure out that this is happening after-the-fact and remediate some of them...until they go back out in the field and get infested again. Lather, rinse, repeat. Not to put too fine a point on it (but I suppose I will anyway): If someone else can run arbitrary code on your computer, it's not YOUR computer any more. [2] The phone may be in a journalist's hand or it may be in a researcher's pocket, but it's not theirs. *Not any more*. Which means that your liberation app, the one that you designed and developed and sweated over, the one that your user is trusting to send and receive sensitive information, the one that's connecting to a backend through umpteen layers of encryption and obfuscation and misdirection and whatever...is now running on the government's phone. ---rsk [1] https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007672.html [2] I'm probably quoting somebody. But I don't know who. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE