[liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

Eugen Leitl eugen at leitl.org
Sat Sep 21 05:33:31 PDT 2013 

----- Forwarded message from Micah Lee <micah at micahflee.com> -----

Date: Fri, 20 Sep 2013 11:15:54 -0700
From: Micah Lee <micah at micahflee.com>
To: liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130821 Icedove/17.0.8
Reply-To: liberationtech <liberationtech at lists.stanford.edu>

On 09/12/2013 04:14 PM, Erik de Castro Lopo wrote:
> Bernard Tyers - ei8fdb wrote:
> 
>> Stefan: Why not?
> 
> For verification, OpenPGP on smartphones is *possibly* ok. For
> a device used to sign or encrypt smartphones are totally
> inappropriate regardless of the potential convenience.
> 
> No such agency and the like are almost certainly able (with the
> help of carriers and manufacturers) backdoor and exploit all
> the major smartphone brands and models [0].
> 
> Smartphones are horrendously complex, rely heavily on untrusted
> binary blobs, have mutiple CPUs some without direct owner/user
> control (eg the CPU doing the baseband processing) [1].
> Currently these devices are impossibly difficult to secure.
> 
> Erik
> 
> [0] http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html
> [1] http://www.geeky-gadgets.com/baseband-hacking-a-new-way-into-your-smartphone-17-01-2011/

I completely disagree. Ubiquitous end-to-end encryption will help
protect against *dragnet* surveillance. The fact that smartphones are
imminently pwnable doesn't change this fact. Even if you're using a
Carrier IQ-infested/baseband backdoored device, adversaries would
still need to *target* you in order to compromise your OpenPGP
conversations.

Saying that we shouldn't encourage OpenPGP on smartphones is like
saying we shouldn't encourage it on Windows computers either. There's
a big difference between encrypted internet traffic and endpoint
security, and just because the endpoint isn't 100% secure doesn't mean
you should give up on encrypting traffic.

Undetectable, sniffing the wire eavesdropping is the preferred way
that NSA and GCHQ conduct surveillance. Every time they try to hack
into a laptop or smartphone they run the risk of detection. They might
be really good, and detection might be very unlikely, but it's still
risky because these are active attacks, and they are much more
expensive than getting handed all the data passively. They can't
afford to do *dragnet* endpoint attacks.

There doesn't seem to be these same complaints against OTR on
smartphones, and in fact Gibberbot and ChatSecure seem to be
celebrated by this community, but they suffer all the same problems
(and likely even more, because they run on Android and iOS) that
OpenPGP built-in to Firefox OS would. For that matter, RedPhone,
CSipSimple and OStel, TextSecure, and Orbot also all from running on
smartphones. Should all these projects get discouraged too?

At this point, nothing is completely secure. The most talented hackers
I know use ThinkPads (with alleged Chinese hardware backdoors [0]) and
run Debian (researchers recently crashed 1.2k Debian packages with
automated fuzzing [1] -- how many of these are overflows, how many
have already been systematically weaponized by the NSA?). Should we
discourage people using OpenPGP on ThinkPads, or when using Debian?

The best we can strive to do is make surveillance more expensive,
force it to be targeted, force it to be detectable, and make the cost
of spying on everyone as expensive as possible. I'm really happy to
hear that Firefox OS is building end-to-end encryption tools into
their phone, something that I hope all smartphone OSes copy.

[0] http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL
[1] http://lists.debian.org/debian-devel/2013/06/msg00720.html

-- 
Micah Lee
@micahflee



-- 
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20130921/424a56f3/attachment-0002.sig>

More information about the cypherpunks mailing list