Twitter releases TextSecure [LWN.net]

Twitter releases TextSecure

Posted Dec 21, 2011 16:58 UTC (Wed) by hawk (subscriber, #3195) [Link]

I don't see how anything except putting a stop to the CIQ madness will fix that particular issue, though.

Twitter releases TextSecure

Posted Dec 22, 2011 1:23 UTC (Thu) by rgmoore (✭ supporter ✭, #75) [Link]

It's still a valid concern, though; you can't build a truly secure application on an insecure platform. When the user controls the platform that works in his favor because it's possible to work around anti-user stuff like DRM, but when somebody else controls the platform it means you can't trust it with your privacy.

Twitter releases TextSecure

Posted Dec 22, 2011 5:33 UTC (Thu) by raven667 (subscriber, #5198) [Link]

Isn't that hat encryption is for, building a secure platform on insecure underpinnings

Twitter releases TextSecure

Posted Dec 22, 2011 7:56 UTC (Thu) by ekj (guest, #1524) [Link]

Sort of.

It's for 2 secure platforms separated by insecure infrastructure to communicate securely despite the insecurity in the infrastructure between them.

For example, if we can do encryption in our head, we can talk safely despite the fact that talk can be intercepted by a nearby microphone - but this only works because our platforms (brain) is secure.

Similarily, I can encrypt an email and send it trough the insecure internet - but this only works aslong as the platforms doing encryption and decryption are secure.

Encryption can't solve the problem of the platform being used to do the crypto itself, being insecure.

Twitter releases TextSecure

Posted Dec 22, 2011 11:14 UTC (Thu) by epa (subscriber, #39769) [Link]

Right, you and your friend can have two books printed where each line is a lookup table from one character to another - so line 1 says that instead of A you should type P, instead of B type E, instead of C type space, and so on. You use that line for the first character, type the encrypted character into your phone, and then cross off the first line from the book. You then use the next line of the book for the next character of your message, and so on. Your friend can use the same book to decrypt the message (or perhaps a variant of the book which presents the lookup table the other way round).

Then you will be able to communicate securely even though your phone is logging every keystroke that is entered. You do have to make sure nobody else can get a copy of the book (including whoever printed it for you).

But if the phone is an unsecure part of the system, you obviously can't enter your plaintext message into the phone and expect it to be secure.

Secure and insecure platforms

Posted Dec 23, 2011 20:05 UTC (Fri) by rgmoore (✭ supporter ✭, #75) [Link]

I think you're just proving the point about not building a secure application on an insecure platform. The platform is where the cryptography takes place, i.e. anywhere that has a copy of the plaintext, while the channel is anywhere that only gets to see the cyphertext. By moving the cryptographic step off-line to a codebook and paper, you convert the phone from an insecure platform, where cryptography is no help, to an insecure channel, where it is. But again, if your platform is compromised by having a copy of the codebook leak, you lose your security again.

Of course the insecure platform still does some good. Even if somebody has a keystroke logger, the potential compromise is limited to people who can get at its records; if your codebook leaks the compromise is limited to people who can get a copy. They still protect you from people who can only tap the communications channel but don't have access to the other stuff.

Twitter releases TextSecure

Posted Dec 30, 2011 2:18 UTC (Fri) by rahvin (subscriber, #16953) [Link]

Everyone using an android phone should be flashing custom ROM's that cut the malarkey out of the carrier ROM's. Almost every ROM for my phone on xda-developers had CIQ disabled 6 months before it hit the main stream press. At the time CIQ was discovered the ROM developers disabled it because it was being deliberately hidden from the process list and had superuser access. I believe it was precisely because of the custom ROMS that the original research into it was started.

Don't get me wrong, the carriers need something like CIQ that can track signal levels, GPS coordinates and phone home with the information because it allows them to dramatically improve signal reception without hiring hundreds of signal engineers to drive around with equipment measuring signal levels. Particularly given that they wouldn't be able to access the vast majority of areas where people use their phones.

But the sheer evil capabilities that CIQ has was almost unbelievable (why were these capabilities even developed if not to spy on users). That they would integrate the ability to log every single keystroke on a platform designed to measure phone/network performance just boggles the mind. Not only that, but that this very capability was enabled on several phone models and being transmitted back to the CIQ database is justification for the company to be destroyed by the public backlash.

But the main point here is that the CIQ drama proves one thing, that Android and custom ROMS are the savior that everyone should be using. I'm not sure how many people noticed that Apple had this installed on every single Iphone and no one would have even known about the capabilities and data being recorded had Android, FOSS and custom ROMS along with the xda-developers combined to reveal the evil being fostered on the public by the carriers. Everyone should be installing custom ROMs if for no other reason than to avoid privacy destroying programs like CIQ.

Twitter releases TextSecure

Posted Jan 2, 2012 17:47 UTC (Mon) by jimparis (subscriber, #38647) [Link]

Android and custom ROMS are the savior that everyone should be using ... Everyone should be installing custom ROMs if for no other reason than to avoid privacy destroying programs like CIQ.

It's not always that easy. Many phones don't have a custom ROM available. Even if the phone generally does, your particular variant might not: see e.g. all of the red at the bottom of this page about the Galaxy S. Worse, installing a custom ROM can break critical features like the ability to call 911.

While custom ROMs are the savior for some, stopping things like CIQ at their source is still important.

Twitter releases TextSecure

Posted Dec 22, 2011 3:58 UTC (Thu) by pabs (subscriber, #43278) [Link]

The obvious solution is to always wipe any (mobile) device you receive and install your preferred CarrierIQ-less operating system. You wouldn't leave vendor-supplied Windows on a laptop, so why would you leave carrier/vendor-supplied Android on there? Switch to Replicant, SHR, QtMoko, Mer/Nemo, Debian or one of the other OSen created by and for the FLOSS community.

Twitter releases TextSecure

Posted Dec 22, 2011 23:09 UTC (Thu) by daglwn (subscriber, #65432) [Link]

Debian is on phones now?

Twitter releases TextSecure

Posted Dec 23, 2011 16:24 UTC (Fri) by ballombe (subscriber, #9523) [Link]

Debian sid includes the freesmartphone.org zhone suite.

Twitter releases TextSecure

Posted Jan 3, 2012 23:28 UTC (Tue) by pabs (subscriber, #43278) [Link]

I've had it on my OpenMoko since 2008 or so.

Twitter releases TextSecure

Posted Jan 3, 2012 23:29 UTC (Tue) by pabs (subscriber, #43278) [Link]

I should mention that if you are interested in Debian on mobile devices and or willing to work on that, come join the #debian-mobile IRC channel and debian-mobile list.