Hi, On 15/11/16 11:13, Peter Ross via luv-talk wrote:
As much as I come up with "some kind of solution", I am not across all areas to choose the best.
E.g. The key infrastructure is a problem, and I am not fully aware what is considered "best available solution" today.
You need encryption of the transport layer(s), you need white noise too and you need a good mass of participation so that no-one knows whom is talking to whom. What's more, you need to be able to fully trust your hardware and that is nigh on impossible these days. The latest vulnerabilities include DRAMMER and Row Hammer (related)... many Android devices are vulnerable, even disregarding which version they are running. Many ordinary computers are similarly vulnerable. In a nutshell, using row hammer is about swapping bits in memory, by hammering it; knowing what is where and then exploiting it by making non executable blocks of "memory", executable, almost at will. That's a new way to root an Android phone. Most modern computer equipment run Intel processors and have Intel chipsets that make them vulnerable as well -- you want a better performing machine, well you'll probably have an Intel Inside one too. The IME (Intel Management Engine) is something that can exploit your hardware (amongst other manufactured vulnerabilities) ... this runs at ring 0 level, above the OS, so the OS doesn't even matter. And then of course, we have software vulnerabilities. Yep, modern computing is so lost when it comes to trust these days. Heck, iMessage has it's problems (even though many think that it doesn't). It is Apple's server(s) that connect people, that is proprietory, even though it was expected to be open sources (or was that just Facetime....), not that it matters much. If you rely on Tor, then you need to avoid exit nodes as much as possible, that is, use .onion addresses. Now, when it comes to trust, how do you know you can trust even an .onion service? Facebook has an unusual situation, it has full EV certs for their own .onion address available. https://facebookcorewwwi.onion Still, you log in to FB, so you give away heaps already..... Encrypted VoIP calls too have problems, there are apparently ways to learn the gist of a call, even when you can't decrypt it; strange, but true. Encrypting lots of small packets is a problem too, unless you are able to sufficiently encrypt them as a stream, then UDP is probably out of the question and you need another routable packet type, such as TCP -- now you are back to having your source and desitination be more public than you might like. I use Signal for calls and messaging, the mobile phone network is completely insecure, given the SS7 vulnerabilities. Let alone all the mobiles out there that are vulnerable because they aren't able to be patched easily. And GPG trust is another can of worms. People whom have no idea will sign anything, any key they come across, just because they can. They don't vet the key for validity and even if they do, there is little guarantee that the keys don't end up in the wrong hands and you THINK you are talking with someone and then it turns out you are not talking with them. And furthermore, you might have extremely high level of trust with someone you are communicating with, but they are compromised ... can anybody say Sabu?
The problem, at the time of writing, is:
1. Most of our communication is not encrypted end-to-end.
2. The metadata for phone communication is easily available.
Signal keeps very little that it can give away to authorities; unless they've been forced to change with an NSL (National Security Letter). They record who uses Signal and when they last connected, that's it. But as I've said before, I want to be able to fully export ALL my data with Signal and import it to another phone; but Whisper Systems have made that virtually impossible (unless, maybe, if you have root access to manage it yourself and then it might not work). If you install Signal on a new device or after a factory refresh of a device, then you will have new keys and your old ones will be with your contacts and they'll have trouble "proving" that they are talking to the "new" you as evidenced by the new keys.
We have at least the following questions:
1. How do you encrypt safely all communication from phone to phone?
You can Torify apps on mobile and also outside of mobiles. But Tor may have it's issues as well, some of which they won't tell us and well, they might not even know themselves. The Tor browser bundle has had a bunch of things made simpler for ordinary people to use it; but having made those changes to defaults, then TBB is less secure.
I believe, the only way of doing it these days is by using IP telephony (and messaging etc.) because I can encrypt it.
Yes, but you need to transport the data securely and quickly enough for real time communications to not be a pain. And, as I said earlier, include noise in the factor with a great many participants. So, not so simple.
It needs to be an open source solution because it is the only way to find backdoors etc. Security by closed source is an oxymoron because I rely on good faith that the solution provider is trustworthy.
Yes.
2. To avoid metadata tracking, she communication has to be broken up so the path between sender and recipient is not visible.
Yes.
The Tor network is a working example.
That is, unfortunately, not perfect; not even if you only stick with .onion addresses.
3. The entry point of this network is critical. It knows the sender and the recipient. The security fails if this system is tainted.
Yes.
So, hardening of this system is essential.
Tails?
Furthermore, I have to trust these entry-points so a web of trust helps me to find trustworthy systems.
You can limit your Tor traffic to "trusted" participants, but you'll need a great deal of them for it to be effective.
I am able to find a handful of bits and pieces to build these kind of systems. But it maybe needs a bit more knowledge than just mine.
So, that's why I asked whether someone else here is interested in it and like to share ideas.
There is interest, plenty of interest, but at times things as simple as good password practices are completely lost on the masses.
I still believe that it will be possible to track some targeted communication. But it may stop mass surveillance, spying on everyone as we have it in place now.
Use Tor, as a minimum for as much as possible; and where possible don't exit the network (using .onion addresses). Use Signal as exclusively as you can of the normal insecure SS7 based mobile network. Ordinary SMS or mobile phone calls are very insecure -- all the bad guys need is the software, which they likely have, the will and your mobile number and they can see everything you send/receive as well as listen in to your calls in real time. And that's not even considering the Stingray equipment out there, pretending to be phone towers and taking your data as MITM... I am keen to hear of good alternatives, and there are others out there already. But we need systems that everyone can use and everyone will use if we are to lessen mass surveillance at the very least. And of course, this is a public mailing list isn't it? All messages can be read by anyone at any time in the future, fully archived, is that right? Kind Regards AndrewM