Re: [luv-talk] Is it possible to make tracking the meta-data not just illegal but impossible ?
On Tue, Nov 15, 2016 at 8:58 AM, Rohan McLeod via luv-talk <luv-talk@luv.asn.au> wrote:
“We have to find ways to protect not only the content of the text message or the phone call, but to disguise the fact that the communication happened at all,” (Ed Snowden quote)
Well..a kind of Tor for mobile devices? Imagine many people are running something like Asterisk, at home or as a VM. Your phone is looking up the "nearest" server, establishes a secured connection and uses the server to call. Does it work in principle? What are the challenges? I would also think of a 'web of trust', maybe using PGP to chose and establish connections. So I am storing well-known PGP keys which identify friends; servers I trust. I can chose to trust friends' friends - maybe the degree of trust (level of separation). BTW: I have interest in it, if there are others who think it is a good idea, and worth to do some serious brainstorming to figure out a good solution.. I am up for it. I have the feeling a lot of the technologies are out there, it is just a matter of getting the plumbing right. Regards Peter
Peter Ross via luv-talk wrote:
On Tue, Nov 15, 2016 at 8:58 AM, Rohan McLeod via luv-talk <luv-talk@luv.asn.au> wrote:
“We have to find ways to protect not only the content of the text message or the phone call, but to disguise the fact that the communication happened at all,” (Ed Snowden quote) Well..a kind of Tor for mobile devices?
....snip
BTW: I have interest in it, if there are others who think it is a good idea, and worth to do some serious brainstorming to figure out a good solution.. I am up for it.
As an aspiriing inventor and amateur philosopher; I would have to confess I have little regard for naive 'brainstorming' as a path to invention; at least innitially ! - as a first step I would advocate understanding the problem; What in essence is the problem ?.....the ontological question ! -then having answered that; is any kind of solution possible ......the problem may be a contradiction in terms! - if any solution is possible; is any feasable...cheap, finite, immediate etc? - now having having established all the above; engage in social brainstorming, to find solutions consistent with those constraints ! ............ bear in mind some people seem naturally afflicted by brainstorms :-) regards Rohan Mcleod
Hi Rohan, As much as I come up with "some kind of solution", I am not across all areas to choose the best. E.g. The key infrastructure is a problem, and I am not fully aware what is considered "best available solution" today. The problem, at the time of writing, is: 1. Most of our communication is not encrypted end-to-end. 2. The metadata for phone communication is easily available. We have at least the following questions: 1. How do you encrypt safely all communication from phone to phone? I believe, the only way of doing it these days is by using IP telephony (and messaging etc.) because I can encrypt it. It needs to be an open source solution because it is the only way to find backdoors etc. Security by closed source is an oxymoron because I rely on good faith that the solution provider is trustworthy. 2. To avoid metadata tracking, she communication has to be broken up so the path between sender and recipient is not visible. The Tor network is a working example. 3. The entry point of this network is critical. It knows the sender and the recipient. The security fails if this system is tainted. So, hardening of this system is essential. Furthermore, I have to trust these entry-points so a web of trust helps me to find trustworthy systems. I am able to find a handful of bits and pieces to build these kind of systems. But it maybe needs a bit more knowledge than just mine. So, that's why I asked whether someone else here is interested in it and like to share ideas. I still believe that it will be possible to track some targeted communication. But it may stop mass surveillance, spying on everyone as we have it in place now. Regards Peter
On Tuesday, 15 November 2016 11:13:36 AM AEDT Peter Ross via luv-talk wrote:
1. Most of our communication is not encrypted end-to-end.
2. The metadata for phone communication is easily available.
We have at least the following questions:
1. How do you encrypt safely all communication from phone to phone?
I believe, the only way of doing it these days is by using IP telephony (and messaging etc.) because I can encrypt it.
Encrypting data without VOIP is possible and has been done in several ways. GSM includes encryption but it's only designed to stop hostile parties between the cell tower and the phone, and in addition it's been broken. The GSM calls have a digital data stream that can be used for other things. A Dutch company that I knew of when I was in Amsterdam made phones that encrypted voice data and sent it as a GSM stream. The telco thought it was a regular phone call but it happened to be encrypted. I don't think there's a lot of demand for that sort of thing nowadays. As you noted Whisper only encrypts the data. I am not sure to what extent it would protect metadata. It would not be THAT difficult to design a VOIP service that had all calls with encrypted data going to a central system so it would not be obvious which end users were talking to each other, but a hostile party with significant resources (IE a government agency) could tap all data and match start and end times. It wouldn't be any more difficult to have a VOIP service that's always on and sends a continuous data stream to/from all end nodes such that the start and end of calls can't be known without decrypting the data. But the problem with this is that a central service is vulnerable to all manner of attacks by government agencies. Tor is very difficult to crack, some people who have done various illegal things have said things like "if Tor was easy to crack I would be in jail now". It's quite plausible that there is a weakness in Tor that allows someone with the resources of a government agency to attack it, in fact it's certain that if an agency had enough hostile nodes in the Tor network it could do that. But it's a matter of how badly they want to catch someone. If you have the type of secrets that most people have or commit crimes that don't have a national security impact then government agencies wouldn't risk revealing their capabilities for attacking Tor. But Tor is totally unsuitable for phone calls. Long RTTs and lots of jitter. If you want good encryption then use IM instead of phone calls. Torchat is supposed to be good at what it does. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
Hi, On 15/11/16 11:13, Peter Ross via luv-talk wrote:
As much as I come up with "some kind of solution", I am not across all areas to choose the best.
E.g. The key infrastructure is a problem, and I am not fully aware what is considered "best available solution" today.
You need encryption of the transport layer(s), you need white noise too and you need a good mass of participation so that no-one knows whom is talking to whom. What's more, you need to be able to fully trust your hardware and that is nigh on impossible these days. The latest vulnerabilities include DRAMMER and Row Hammer (related)... many Android devices are vulnerable, even disregarding which version they are running. Many ordinary computers are similarly vulnerable. In a nutshell, using row hammer is about swapping bits in memory, by hammering it; knowing what is where and then exploiting it by making non executable blocks of "memory", executable, almost at will. That's a new way to root an Android phone. Most modern computer equipment run Intel processors and have Intel chipsets that make them vulnerable as well -- you want a better performing machine, well you'll probably have an Intel Inside one too. The IME (Intel Management Engine) is something that can exploit your hardware (amongst other manufactured vulnerabilities) ... this runs at ring 0 level, above the OS, so the OS doesn't even matter. And then of course, we have software vulnerabilities. Yep, modern computing is so lost when it comes to trust these days. Heck, iMessage has it's problems (even though many think that it doesn't). It is Apple's server(s) that connect people, that is proprietory, even though it was expected to be open sources (or was that just Facetime....), not that it matters much. If you rely on Tor, then you need to avoid exit nodes as much as possible, that is, use .onion addresses. Now, when it comes to trust, how do you know you can trust even an .onion service? Facebook has an unusual situation, it has full EV certs for their own .onion address available. https://facebookcorewwwi.onion Still, you log in to FB, so you give away heaps already..... Encrypted VoIP calls too have problems, there are apparently ways to learn the gist of a call, even when you can't decrypt it; strange, but true. Encrypting lots of small packets is a problem too, unless you are able to sufficiently encrypt them as a stream, then UDP is probably out of the question and you need another routable packet type, such as TCP -- now you are back to having your source and desitination be more public than you might like. I use Signal for calls and messaging, the mobile phone network is completely insecure, given the SS7 vulnerabilities. Let alone all the mobiles out there that are vulnerable because they aren't able to be patched easily. And GPG trust is another can of worms. People whom have no idea will sign anything, any key they come across, just because they can. They don't vet the key for validity and even if they do, there is little guarantee that the keys don't end up in the wrong hands and you THINK you are talking with someone and then it turns out you are not talking with them. And furthermore, you might have extremely high level of trust with someone you are communicating with, but they are compromised ... can anybody say Sabu?
The problem, at the time of writing, is:
1. Most of our communication is not encrypted end-to-end.
2. The metadata for phone communication is easily available.
Signal keeps very little that it can give away to authorities; unless they've been forced to change with an NSL (National Security Letter). They record who uses Signal and when they last connected, that's it. But as I've said before, I want to be able to fully export ALL my data with Signal and import it to another phone; but Whisper Systems have made that virtually impossible (unless, maybe, if you have root access to manage it yourself and then it might not work). If you install Signal on a new device or after a factory refresh of a device, then you will have new keys and your old ones will be with your contacts and they'll have trouble "proving" that they are talking to the "new" you as evidenced by the new keys.
We have at least the following questions:
1. How do you encrypt safely all communication from phone to phone?
You can Torify apps on mobile and also outside of mobiles. But Tor may have it's issues as well, some of which they won't tell us and well, they might not even know themselves. The Tor browser bundle has had a bunch of things made simpler for ordinary people to use it; but having made those changes to defaults, then TBB is less secure.
I believe, the only way of doing it these days is by using IP telephony (and messaging etc.) because I can encrypt it.
Yes, but you need to transport the data securely and quickly enough for real time communications to not be a pain. And, as I said earlier, include noise in the factor with a great many participants. So, not so simple.
It needs to be an open source solution because it is the only way to find backdoors etc. Security by closed source is an oxymoron because I rely on good faith that the solution provider is trustworthy.
Yes.
2. To avoid metadata tracking, she communication has to be broken up so the path between sender and recipient is not visible.
Yes.
The Tor network is a working example.
That is, unfortunately, not perfect; not even if you only stick with .onion addresses.
3. The entry point of this network is critical. It knows the sender and the recipient. The security fails if this system is tainted.
Yes.
So, hardening of this system is essential.
Tails?
Furthermore, I have to trust these entry-points so a web of trust helps me to find trustworthy systems.
You can limit your Tor traffic to "trusted" participants, but you'll need a great deal of them for it to be effective.
I am able to find a handful of bits and pieces to build these kind of systems. But it maybe needs a bit more knowledge than just mine.
So, that's why I asked whether someone else here is interested in it and like to share ideas.
There is interest, plenty of interest, but at times things as simple as good password practices are completely lost on the masses.
I still believe that it will be possible to track some targeted communication. But it may stop mass surveillance, spying on everyone as we have it in place now.
Use Tor, as a minimum for as much as possible; and where possible don't exit the network (using .onion addresses). Use Signal as exclusively as you can of the normal insecure SS7 based mobile network. Ordinary SMS or mobile phone calls are very insecure -- all the bad guys need is the software, which they likely have, the will and your mobile number and they can see everything you send/receive as well as listen in to your calls in real time. And that's not even considering the Stingray equipment out there, pretending to be phone towers and taking your data as MITM... I am keen to hear of good alternatives, and there are others out there already. But we need systems that everyone can use and everyone will use if we are to lessen mass surveillance at the very least. And of course, this is a public mailing list isn't it? All messages can be read by anyone at any time in the future, fully archived, is that right? Kind Regards AndrewM
Coincidently this [1] just come from one of my suppliers. Perhaps a wire mesh network, completely outside the normal Internet might be an answer. If the Internet moves to be fully IPV6 then IPV4 can easily be used with off-Internet networks, almost as needed, provided the current IPV4 space becomes otherwise worthless to the world via Internet (that is being talked about, dumping IPV4 completely and going entirely with IPV6 for the future, perhaps even in the near future, but who knows). Not sure the state of this network [2], but it might be interesting. And one day, if this ever becomes a solution [3], looks like a recent release -- it is just messaging though I think, which I do with my own XMPP (jabber) esrver. However, this one is client to client over Tor with no server in the middle, so it's beter. [1] http://www2.bluechipit.com.au/eMarketing/weeklySpecial/21.11.16/Cambium_E500... [2] https://hyperboria.net/ [3] https://ricochet.im/ Cheers A.
On Wed, Nov 16, 2016 at 5:15 PM, Andrew McGlashan via luv-talk <luv-talk@luv.asn.au> wrote:
What's more, you need to be able to fully trust your hardware and that is nigh on impossible these days.
http://www.kryptowire.com/adups_security_analysis.html "Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD. These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices." http://www.heise.de/newsticker/meldung/Adups-China-Billighandys-spionieren-i... According to Adups the software is installed on more than 700 Mio devices world-wide ("Die Software ist laut Adups auf über 700 Millionen Geräten weltweit installiert.") Regards Peter
participants (4)
-
Andrew McGlashan -
Peter Ross -
Rohan McLeod -
Russell Coker