Silk Road forums
Discussion => Security => Topic started by: Reez on August 17, 2013, 07:38 am
-
[CLEARNET] http://www.theblaze.com/stories/2013/02/06/now-you-can-encrypt-your-calls-texts-to-protect-them-from-being-spied-on/ [CLEARNET]
Just took a look through that, seems pretty legit but I'm kind of a noob at cryptography.
Any thoughts?
-
I use gibberbot with XMPP for encrypted chat on my android phone. It supports OTR and TOR, and I have it set so messages are stored only in ram. That plus the built in AES encryption for the android OS and InternalSD makes me feel reasonably secure. I wouldnt really trust SMS over XMPP for any sensitive information, but I could see Silent Circle being useful if it was your only option. AFAIK the Silent Circle stuff isn't fully open source and I'm not sure how well audited it is either.
There's also redphone and textsecure which do more or less the same thing as Silent Circle but for free. I've not used them much personally though.
-
Redphone is fantastic for free and open source secure calling. I use gibberbot and orbot to connect to a hidden-service no logs XMPP service for "text chats" and use OTR and PGP on top of OTR for super secretive messages. I personally think that textsecure is very good "for now" protection but those encrypted messages are more than likely saved forever with your name printed on them so it's only a matter of time before the cryptographic methods used become obsolete. Once quantum computation starts to get good decrypting stored messages from the past will become a sport for the three letters.
It's difficult to trust a 3rd party but regardless but if all they have is my encrypted messages and no alternative form of identification then i'm not in bad shape.
-
I was looking at OTR SMS: https://play.google.com/store/apps/details?id=com.greenwave.hr&hl=en
Which indicates SMS text messaging using OTR, and also TextSecure which I've found mentioned uses OTR but nothing on their website https://whispersystems.org/#privacy that confirms it.
Also RedPhone sounds nice if its open-source encrypted phone calls without a back door, but all these apps are all Android based.
What if I want to communicate to someone on an iPhone? All I have found is "ChatSecure" which uses XMPP with OTR or iTorChat but both log gout rather frequently and aren't "always on" services which is a pain. Are there any cross platform applications?
-
iPhones are shit I don't know why people would get one if they have any concern for security.
-
I was looking at OTR SMS: https://play.google.com/store/apps/details?id=com.greenwave.hr&hl=en
Which indicates SMS text messaging using OTR, and also TextSecure which I've found mentioned uses OTR but nothing on their website https://whispersystems.org/#privacy that confirms it.
Also RedPhone sounds nice if its open-source encrypted phone calls without a back door, but all these apps are all Android based.
What if I want to communicate to someone on an iPhone? All I have found is "ChatSecure" which uses XMPP with OTR or iTorChat but both log gout rather frequently and aren't "always on" services which is a pain. Are there any cross platform applications?
Chat secure is your best bet but if you take security seriously ditch that iPhone and grab an android. Ios is difficult to code for, isn't open source(potential backdoors), and has no secure full disk encryption option.
-
Another vote for gibberbot here, it allows you to do secure chat over Facebook or Google Talk so encourage all of your friends to use it.
If you really want to be secure then use Tor XMPP servers and one account per contact, it uses more connections but you can't be tracked as easily.
-
i just wish we could get open source DEVICE encryption for android or iOS devices. I know Android has device encryption but I know there are back doors which sucks because its supposed to be based on an open-source operating system.
-
also recommend is APG for android, which is a really easy to use PGP encryption tool, very handy.
-
I believe the smartest choice is using multiple layers of encryptions.
ALso, you guys should read this article. It shows that using the standard encryption provided by your cellphone is not enough.
[clearnet warning]
http://news.cnet.com/8301-13578_3-57583843-38/apple-deluged-by-police-demands-to-decrypt-iphones/
Here is the most interesting bit from the article i linked.
Last year, leaked training materials prepared by the Sacramento sheriff's office included a form that would require Apple to "assist law enforcement agents" with "bypassing the cell phone user's passcode so that the agents may search the iPhone." Google takes a more privacy-protective approach: it "resets the password and further provides the reset password to law enforcement," the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised.
One smart thing to do is spread the information you are trying to communicate through multiple mediums (encrypted of course). So at most, LE will only have pieces of the puzzle.
You guys can also look into Steganography. One such example is hiding the encrypted information in the binary of a file such as a picture.
-
Encryption on smart phones??
Maybe with a old Nokia N900...
Never trust Android or iOS! (even if jailbreaked/rooted)