Using Tor/GPG/whatever in a Android device is it worth?

12 replies [Last post]
GNUser
Offline
Joined: 07/17/2013

Hey everyone.
Don't get me wrong, I have been a heavy user of Tor and OTR for some time now in my day to day life. But when it came to smartphone, I used to feel ok with using CM (replicant was unsupported) and F-Droid repositories. But when I think of HOW a smartphone works, it seems pretty useless... It can be tracked at all times, the microphone can be turned on remotely (making it useless the fact that you are using some kind of voice encryption software) and maybe they even get to read what words you type in the keyboard (making it useless to use Tor).
So my question is, aside the fact that we are using free software, which is a good political social thing to do, do you think it is worth to try and use privacy apps in android devices?
I have chosen not to use Tor in my android device, if I want to check something using Tor, I wait until I get home and use it in my computer. Any thoughts?

onpon4
Offline
Joined: 05/30/2012

You should try to avoid other methods of spying, but if you can't avoid all of them, avoiding the ones you can is still worth it in my opinion. Giving up because it might not be working would be rather like not bothering to encrypt e-mails because recipients might be using proprietary software to decrypt and read them; it doesn't mean you should just give up and act hopeless.

oralfloss
Offline
Joined: 06/20/2013

It's worth trying, even thought it might not work. However, it's important to not link anything from your computer to your Android device. So I would advise not using the same email on it or logging into the same websites, just because once they link your phone to all your account's all your privacy is pretty much lost.

GNUser
Offline
Joined: 07/17/2013

I know we should not give up, I am referring specifically to smartphones. Do we have ANY chance of being protected when using them, or should we really avoid using "private sensitive" things over the phone and only do so on the computers (where we have a little bit more control over what happens)?
I currently do that, private/anonymous emails only are accessed through the pc. Smartphone serves not that purpose.

Michał Masłowski

I am a member!

I am a translator!

Offline
Joined: 05/15/2010
lembas
Offline
Joined: 05/13/2010

Parent post by Michał appears blank on the forums.

andrew
Offline
Joined: 04/19/2012

-------- Original Message --------
Subject: Re: [Trisquel-users] Using Tor/GPG/whatever in a Android device is it worth?
Date: Mon, 18 Nov 2013 19:25:11 +0100
From: mtjm@****.** (Michał Masłowski)
To: User help and discussion <name at domain>

There are some specific issues that can be solved, other ones cannot be
when using the phone. You can use a phone running a free system on AP
and having an isolated baseband so it won't spy on data like in RAM or
microphone input, while it knows where you are and has access to all
data sent by the network. Some freer phone projects offer turning the
modem off as a way to avoid some tracking. (Modem firmware is always
nonfree, so it's useful to know what the hardware design prevents it
From spying on.)

Replicant wiki shows which devices have known spying on AP issues.
Unless they use separate interfaces for spying and communication with
the kernel, there are several models where it's safe. Some of them have
other problems, like Galaxy Nexus requiring blobs for its camera and all
supported phones other than GTA04 having nonfree bootloaders.

Fernando_Negro
Offline
Joined: 06/17/2012

I can't find the piece of news now... But, there was a hacker who discovered that the record of every key pressed in Android-running devices' virtual keyboards was sent to somewhere, through a functionality that people were not aware of. (Which is - to me, at least - an absolute no surprise, since it's a partially proprietary OS, developed by Google/NSA/CIA. - http://www.prisonplanet.com/group-calls-for-hearings-into-google%E2%80%99s-ties-to-cia-and-nsa.html)

All that it takes to compromise the security of a device is a single closed-source program. And, from what I know, Android has several. (So, it, obviously, can't be trusted.)

Cell phones - and, even worse, smart phones - are the antithesis of privacy. And, unless you really need one, I advise you to get rid of it. (Or to, at least, keep it with the battery off of it, and only use it when you /really/ need it.) Even if it's only for health reasons. - https://trisquel.info/en/forum/ot-mobile-telephony-survey#comment-44632

As for Tor... How many times do I have to say to people, in here, that it's a network known not to be secure?... (https://trisquel.info/en/forum/how-use-tor-trisquel#comment-26792)

Fernando_Negro
Offline
Joined: 06/17/2012
GNUser
Offline
Joined: 07/17/2013

I have a saying that goes like this
"Privacy is a right. Anonymity is not. But privacy is dead, so get over it. The only hope we have left is anonymity."
Since you distrust Tor, what do you do to stay private/anonymous online? You seem to be very "critic" of governments and companies and such, I assume you use some kind of protection to make it harder for those to identify and localize you... Mind sharing? :)

As for Tor, I have to say this: Tor is useless against a global adversary. NSA and some other "companies" have the resources to look at the entire internet at once and in that scenario Tor is useless. HOWEVER, against "local" adversaries Tor is very useful (if you are using a public wifi, for example, it will prevent someone sitting next to you from stealing you data). Nowadays someone who works ar a internet service provider can easily "take a look" at the contents of your communications (even unauthorized to do so) and against that, Tor is again useful because it DOES encrypt your traffic in some ways. So, Tor won't save us from "Big Brother" but it will help to prevent abuses from some jerks who happen to have a friend working a telecom company or at the police station. If there is a better alternative, please let me know =)

As for the android device recording every keypress and sending it to somewhere else, that was my fear actually. I would like to ask you to find that news report, because I would like to know if it happens ONLY with the stock rom or also with CM and Replicant.

THANKS

onpon4
Offline
Joined: 05/30/2012

In Snowden and the Future, Eben Moglen made an interesting point: privacy is a combination of anonymity, confidentiality, and autonomy. He talked quite a bit about the importance of anonymity and how this has been largely ignored.

I suggest watching it, it's a great series of talks:

http://snowdenandthefuture.info

Fernando_Negro
Offline
Joined: 06/17/2012

I've found the news report, that I mentioned, a few minutes after I made my first post - and, I've left it here, above, while you were writing your answer... :)

The web page has even a video demonstrating the functionality in question.

As for my choices, in terms of privacy...

I trust the "GNU Privacy Guard" software, and that's it.

But, because most people I correspond with don't know how (/don't care) to use it, I have yet to start using it... (But I plan to start to, with someone who knows how to use it, in the near future...)

I've heard of another communications software that, supposedly, protects one's privacy - https://trisquel.info/en/forum/fundraising-campaign-privacy-friendly-mail-tlsopengpgetc-software#comment-42196 - but, because there's no way of knowing if, by using it on Windows (that is the only OS in which I know that it runs), I'm also having my key strokes being recorded - like in the case of Android - I don't trust such a program. (Or, better saying, I don't trust the way that it is run...) So, I don't use it.

As for the rest...

I simply assume that everything that I do on-line is being recorded...

(Or... Knowing, for a fact, that I'm under surveillance, because of what I write about, on the Internet, I know that everything that I do on-line is being recorded, and take that into consideration...)

Concerning encrypted communications, for daily use...

Although I use the Internet a lot, I don't feel the need to use it away from home. So, I don't have to worry about encrypting communications on Internet cafés, and such.

The worst people that could have access to my communications - i.e. the people who run the governments and corporations that are part of secret societies involved in pedophile rings, drug trafficking networks, terrorist groups financing, and other horrible things - I know, for a fact, that are already surveilling me... So, to worry about some guy, at a telecom company, that doesn't have anything better to do, than to take a peek at somebody else's private life, is even a laughable idea to me...

But, still, because I don't like to have my e-mail box checked by someone else, every time they want to, without a warrant (http://cnsnews.com/news/article/13753-gov-t-requests-google-e-mail-data-2012-most-without-warrant), I chose to have a mail box hosted in Russian territory. (https://trisquel.info/en/forum/ixquickstartpage-launching-new-privacy-aware-email-service#comment-36249)

Since, knowing (from experience) how easily activist movements can be infiltrated and deceived, I don't trust any "riseup.net" and similar organizations, run by people that I don't know, that /claim/ to be this and that. (https://trisquel.info/en/forum/fundraising-campaign-privacy-friendly-mail-tlsopengpgetc-software#comment-42177)

That's the situation that I know I'm in...

As for /real/ solutions...

I don't think they lie in the domain of computers, or software. (https://trisquel.info/en/forum/how-use-tor-trisquel#comment-26804)

This is a *political* problem, that requires a *political* solution.

And, I also don't want a society were one is not able to catch, and close down, pedophile rings and such. (Like networks of the type of Freenet, I2P, and such, make it possible to.)

What I think all of us should do, is to get rid of abusive types of governments, so that we can freely communicate and post content on-line, without having to worry about a Big Brother spying on everyone.

To "splinter the CIA into a thousand pieces and scatter it to the winds", like the late Kennedy said.

(Or, even better - I think - would be to get rid of governments, at all, and substitute them for non-hierarchical and transparent federations, where everyone is accountable, all the time, for what they do, and in which no one is in a position to abuse anyone else.)

The problem is that there doesn't seem to be enough people who - for now, at least - want to fight for such type of alternative societies...

GNUser
Offline
Joined: 07/17/2013

I will try to give you a more complete reply when I can, but for now, let me clarify one thing: I don't (particularly) worry about someone who I don't know and doesn't know me, having access to "which websites I visit". I worry (particularly) about a person who wants to "discredit" me at work, asking a friend on a telecom company which websites I visit and using that information to "attack" me publicly or blackmail me. I have suffered similar "harassment" before, not in this situation but similar, I have to tell you IT'S DISGUSTING! :S If using Tor prevents that, and it does, I will use it. NSA spying on me? Not the bigggest worry for me (even if I am against that too). My friends/neighbors/co-workers spying on me? THAT IS DISGUSTING! And troubles me a LOT!
Just to clarify why I use Tor =)
Thanks and I will get back to you soon.