On Thu, Jul 31, 2014 at 8:26 PM, David Hill <dhill+cpunks@mindcry.org> wrote:

.... You cannot secure cellphones.

but you *can* put eve out of business, and make mallory's work harder. (extra credit for pushing mallory to burglary ;) best regards,

On Fri, Aug 01, 2014 at 05:53:57PM +1000, James A. Donald wrote:

An attack on cellphones, rather than communications between cellphones would be an active attack by a very powerful adversary. They are not going to actively attack everyone, or even very many people.

so is your statement consistent with: http://www.zdziarski.com/blog/?p=3441 -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

Dnia czwartek, 31 lipca 2014 23:26:26 David Hill pisze:

You cannot secure cellphones.

Here, have a read: https://medium.com/message/81e5f33a24e1 Pay some special attention to this part: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - “Most of the world does not have install privileges on the computer they are using.” That is, most people using a computer in the world don’t own the computer they are using. Whether it’s in a cafe, or school, or work, for a huge portion of the world, installing a desktop application isn’t a straightforward option. Every week or two, I was being contacted by people desperate for better security and privacy options, and I would try to help them. I’d start, “Download th…” and then we’d stop. The next thing people would tell me was that they couldn’t install software on their computers. Usually this was because an IT department somewhere was limiting their rights as a part of managing a network. These people needed tools that worked with what they had access to, mostly a browser. So the question I put to hackers, cryptographers, security experts, programmers, and so on was this: What’s the best option for people who can’t download new software to their machines? The answer was unanimous: nothing. They have no options. They are better off talking in plaintext I was told, “so they don’t have a false sense of security.” Since they don’t have access to better software, I was told, they shouldn’t do anything that might upset the people watching them. But, I explained, these are the activists, organizers, and journalists around the world dealing with governments and corporations and criminals that do real harm, the people in real danger. Then they should buy themselves computers, I was told. That was it, that was the answer: be rich enough to buy your own computer, or literally drop dead. I told people that wasn’t good enough, got vilified in a few inconsequential Twitter fights, and moved on. Not long after, I realized where the disconnect was. I went back to the same experts and explained: in the wild, in really dangerous situations — even when people are being hunted by men with guns — when encryption and security fails, no one stops talking. They just hope they don’t get caught. The same human impulse that has kept lotteries alive for thousands of years keeps people fighting the man against the long odds. “Maybe I’ll get away with it, might as well try!” - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- Pozdr rysiek