Blackphone(store.blackphone.ch) |
Blackphone(store.blackphone.ch) |
I could drone on about this for pages and pages, but the sad fact is that if you are a target, it doesn't matter that you are using a "secure phone", "secure OS", or "encryption".
Time and time again, these systems have been broken or breached with simple tradecraft and subtle sabotage.
The Pentagon has a concerted (and expensive) effort to validate or verify the absence of "backdoors" or evidence of "additional circuitry" on ASICs or subsystems of it's major weapons systems and associated gadgetry. Do you?
I tell people that their simplest way to avoid having their communications intercepted is to NOT. USE. AN. ELECTRONIC. COMMUNICATIONS. DEVICE.
UBL used couriers, flash drives, and cutouts. If you need that level of protection, SO SHOULD YOU.
When I need to communicate secretly I BUY SOMEONE A BEER.
I don't really like this kind of anti-crypto argument. At this point I think making normal communications between normal people less embarrassingly mass-snoopable is a very worthy goal. For the time being, people who really, really have something to hide need to be extra careful (as has always been the case).
Which is not to say I'm feeling particularly enthusiastic about this device.
For a discussion of the _huge_ value of _international_ telecommunications, which can't be replicated by in-person communication, I reccomend "Talking to Vula" by the ANC (who were considered a terrorist group in many countries for a long time): http://www.anc.org.za/show.php?id=4693
At the end of the day, state actors all have finite resources. If we continuously tell people to not bother with crypto at all, then we are being self-defeating.
Right now targeting those that use crypto is like shooting fish in a barrel. So few people are using crypto regularly, that they are incredibly easy to single out. If everyone used crypto, the amount it would cost state actors to find and further investigate individuals would quickly overwhelm the current resources of those state actors.
Obviously people using these devices need to know they aren't foolproof and only use them for casual secrets that at most implicate, but not provide solid proof of activities considered subversive by a state actor.
Making the cost of dragnet mass surveillance phishing expeditions prohibitively expensive should be goal number one right now in the crypto community. State actors commit the crime of violating everyone's privacy because it is so incredibly easy and cheap to do so.
I don't know how much it currently costs for state intelligence agencies to investigate an individual, but whatever it is now, I would hope the the price were one to two orders of magnitude more expensive than it currently is and be at least in the 7 figure range. If someone really is a terrorist bent on causing lots of damage and killing civilians, it is trivial to justify spending 7 figures on surveilling that individual. The benefit of making it super expensive to surveil everyone, is that these state agencies can no longer casually surveil those it shouldn't be, such as American lawyers doing work protected by attorney client privilege [0].
At the end of the day, although state actors have deep pockets, they are bounded to some degree by market factors like what activities they can legitimately justify given the cost of surveillance and the the amount of talent they have available.
[0] http://www.nytimes.com/2014/02/16/us/eavesdropping-ensnared-...
Introducing technology into a system can WEAKEN your security. Knowing that is almost 90% of the battle.
Too bad an unsubsidized special-purpose phone will only address a tiny fraction of normal people.
The creators acknowledged that fact [1]: "There is no such device that is NSA-proof," said Mike Janke, co-founder and CEO of Silent Circle, in an interview with Mashable, ahead of the launch. "If you are on the terrorist wanted list or a criminal, intelligence services will get into your device... There's no such thing as 100% secure phone."
[1] http://mashable.com/2014/02/24/what-is-blackphone/
(For a humorous take on nation-state threat models, read the hilarious usenix article This World of Ours by James Mickens: http://research.microsoft.com/en-us/people/mickens/thisworld...)
"Security research is the continual process of discovering your spaceship is a deathtrap" has to be one of the most apt descriptions of security research I've ever heard. What a great read!
Its not merely being a target that is the problem, it is being a high priority target for a long period of time. Eventually they'll find a way to get your communications, but how many days or months does a technology buy you, at what cost to you and to them. Why do you think they are willing to spend that cost on people that aren't Snowden, Greenwald? It isn't win or lose, its mitigation.
We should judge security technologies not on absolutes but on relative merits given the reasonable security goals we wish to achieve (note that Snowden was able to achieve communications security against the NSA/GCHQ long enough to complete his goal).
Hi Richard, it has come to our attention that you have been secretively discussing leaking government information to our enemy in a pub in central London.
What's that you say? You didn't discuss private information? Then why did you try to conceal your handwriting on the napkin from our CCTV security cameras?
We'd like to take you in for questioning. If you resist this may end badly for you.
On a sidenote, if they at least have 2 separate SoC's on board, and a self rolled hardware firewall to make sure the baseband can't access things it shouldn't access, that may still be a great improvement to what we have right now. It still won't protect you from unknown hardware level exploits, but it's better than nothing.
It had the notable benefit of avoiding the hidden listening devices in their places of work/rest/play.
Edit: nm, I should have just googled it :)
So even though you are right, it's still better to choose a safer technology.
By conversing over the phone or with a computer, we usually expose ourselves to a greater risk of eavesdropping. We should ask ourselves if the medium is worth the exposure to risk, considering, among other things, the privacy of the information we're sharing.
That preliminary question seems to be missing from conversations about online privacy.
If I'm trying to protect myself from hackers, I choose one route. From my ISP, another. From FB/Google, another.
And from my government or your government, yet another.
What's missing here is honest dialogue about the limits of the technology. The best technology has yet to save people from their own foolishness.
Assuming it's not being built as a honeypot by a state-level adversary, it's also going to attract attention to you. Want to avoid surveillance -- as much as practical act like someone who isn't worried about surveillance.
BTW: "Buy someone a beer" -- True Detective episode 6 reference?
First of all, if you're under targetted surveillance, you're possibly better using electronic communications than meeting in-person. Then, it's not always possible to meet in person.
Same with your USB stick.
Go read up on how the CIA sabotaged the Iranian nuclear enrichment centrifuges by compromising the supply chain of the power supplies (not the computer controls).
1. http://www.theverge.com/2014/2/24/5441642/blackphone-silent-...
They should really have released their code at the same time they released their phone though.
Full disclosure: I work for Silent Circle and it's pretty damn secure. It's also open-source: https://github.com/SilentCircle
> speak personally with a partner
> worry about your kids
Shameful.
Or are you implying we make babies in factories?
Open sourcing "vast majority of its code" is not good enough -- this thing is selling security and if you can't rebuild it all yourself there's really no point.
See comments from previous post about a month ago: https://news.ycombinator.com/item?id=7062748
Since 4.4 I have been able to, at least to some level, revoke some basic rights that apps have, like seeing my contacts (through app shield or whatever). If I am able to download apps from the 'normal' Android store, is access that those apps have somehow controlled as well? Some sort of sandbox mode would be nice.
That's a shame, since protection from state level adversaries is really what's at the top of my feature wish list, and that probably goes for a fair amount of other people too, in this day and age.
Is anyone here aware of cell-phone-like projects that have potential to resist exploitation of the type we've seen reported from Five Eyes? I'd be particularly curious about ways to mitigate the location tracking.
You can have basically secure messaging on the phone today. You can use Replicant (libre software) on many phones where there probably are no backdoors, you can use OTR with Xabber (you can build it yourself), there are probably applications for PGP too.
Yeah, Replicant will fail to work on many phones and on those that work, half of the functionality is missing ( http://redmine.replicant.us/projects/replicant/wiki/Replican... ) - but trying to sell non-free phone as "secure" is snake-oil anyway. In my humble opinion.
Guy complaining that dropbox is useless because "For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem."
But in an era of dragnet surveillance and meta-data analysis [1] they're not very useful.
Unless you're calling varying phones, at varying places, from varying places, at varying times, all with no discernible pattern or schedule -- it would be easy enough for them to identify a network of burners and determine which ones belong to which individuals on the network based on that meta-data. And if anyone in the network carried or used a 'real' phone alongside the burner, it would only get easier.
And you can Google search on the news wires to see how well people do at this game, even when they know their lives are literally on the line and thus devote a significant portion of their effort toward it.
[1] Done well-enough to be confident-enough to lob hellfire missiles at SIM cards in not-quite-friendly countries...
Crazy idea. It just might work.
Edit: Ha! I just received the email...
But my point is that most us aren't foreign states trying to make nuclear reactors against the wishes of a superpower. We're more worried about things like common theft and border seizures.
But, knowing nothing about them, when I asked them ``How does your protocol compare to TextSecure's Axolotl?'' the response was ``We have Phil Zimmerman''. So....I'm still a bit put off by them.
Some of their code is already open-sourced here. https://github.com/SilentCircle
Both the Internet and mobile phones are here to stay, and billions use them. You can't just say "don't use them". That's a big cop-out.
You can choose not to use certain providers, like using DDG instead of Google, or using Blackphone instead of the iPhone 5S. But you can't just use blanket statements like "don't use anything that's a big part of everyone's lives today."
Security is never a guaranteed thing - with or without NSA. That doesn't mean you shouldn't do your best to secure yourself. I feel the same about Blackphone. Granted, I'd prefer something that's fully open source, and I think those solutions are coming (perhaps an even more secure version of CyanogenMod with TextSecure v2 and RedPhone integrated into it), but I think every little bit helps, and I do think we're moving in the right direction - securing our conversations and networks. It's a process, not a goal.
The issue with computers is they are so, so, so cost effective to tap & data mine. And storage just keeps getting cheaper. Hence, illegal mass surveillance.
Also, I had to make a meme: http://i.imgur.com/bk16CyB.jpg
By providing ready access to a stream of digital data and metadata about yourself, you're making their job easier.
Even if you use crypto, the mere fact that you use crypto is interesting enough to draw attention.
The point is to blend into the background. Do you think that crossing a border using the Blackphone isn't going to raise eyebrows? In denied areas the idea is to use equipment that looks ordinary and boring: a wristwatch or a calculator.
If for no other reason than an adversary might not know who you are, you reveal yourself to them by using a special-purpose tool.
we're protecting from an internal one. the moment you go out the door, we're in the public. law enforcement doesn't really need an excuse to follow you around while you are in public.
on the other hand imho you can safely assume that all crypto will eventually be broken. the question is when, and will your adversaries still care at that point. not quite the same, but still kinda related: https://en.wikipedia.org/wiki/Venona_project
Technology and crypto are the easy parts. Infrastructure, legislation, and user behavior are the bigger pieces and a much harder problem.
We have had secure email systems for better than two decades. They are VERY poorly deployed. Why? We have had secure voice systems for even longer. Why is the encryption on these systems so poorly designed?
I don't trust machines to keep my secrets for these very reasons. I have little faith that more crypto will fix anything. That's what I'm saying.
When was the last time you saw a STU-III in an office? Ever? It's because the security capability isn't worth the trade off and friction it creates for business.
The dirty little secret is that the whole process of doing key exchange and verifying that you have a solid connection between two trusted parties is NOT a widely solved problem.
TRUST between two parties that have never met is NOT a solved problem at scale unless you consider SSL a solution and there are a lot of people who think that SSL is broken in many regards.
Think of all the features that a modern enterprise phone system has:
Call waiting Three way calling Conference bridges Voicemail CallerID Call Parking Assistant Mode ...et al. Regulatory archiving
You don't get ANY of those with ANY commercially available secure phone system. The same problems you have with using secure email at scale you have with secure voice.