Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


High Time for Smartphone Privacy?!

No description

Pavol Luptak

on 14 March 2017

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of High Time for Smartphone Privacy?!

High time for smartphone privacy?!
Why choose Android when you care about your privacy
Encrypted storage
Android >=3.0 supports native full disk encryption
other alternatives are Luks encryption, Cryptonite
encrypt your root filesystem including all your external SD cards and your Titanium backups!
Mobiflage - Deniable Storage Encryption for Mobile Devices
Encrypted communication II
Email encryption
Let's talk about...
Random and persistent digital privacy threats
Why choose Android as a secure privacy platform?
Encrypted storage
Encrypted communication
Privacy-aware searching
Anonymization techniques (browsing, payments)
Other privacy recommendations
It is open source - easily and completely auditable what is crucial for security (iOS, Blackberry, Windows Mobile are proprietary closed-source platforms) - you know there isn't anything hidden that might violate your privacy (e.g. Carrier IQ)
There is a "privacy-aware" Android distribution - Cyanogenmod / Replicant that has removed any Google spying functionality, incognito mode, torification etc.
It supports all advanced Linux security features (e.g. SELinux, Truecrypt full disk encryption, etc.)
Why Yes:
Why Not:
iOS marketplace is more conservative, it may contain less malware/trojans
Full disk encryption
Application-specific encryption
at least AES256 storage for your sensitive information (credit card numbers, credentials, private keys, etc)
B-Folders, KeePassDroid, NoteCipher
PGP encryption based on APG (K9 Mail, Kaiten Mail, K-@ Mail Pro), based on PGP KeyRing (Squeaky mail), r2mail2
S/MIME encryption (DJIGZO S/MIME, r2mail2)
Instant chat encryption
based on OTR or PGP
Xabber, ChatSecure, IM+ Pro with OTR plugin
Voice encryption
based on ZRTP protocol and SIP/TLS
CSipSimple (can be used with Ostel.me), Signal Messenger
Acrobits Softphone with ZRTP outgoing module (or Groundwire)
Anonymization techniques
Outgoing connection / browsing anonymization
based on Tor, torification of all outgoing connections from smartphone is possible
based on i2p, nightweb application
Orbot and Orweb v2, AdBlockPlus Firefox plugin
Payment transactions
based on Bitcoins
Bitcoin Wallet, Mycelium Wallet
Other privacy recommendations
Use trustworthy software
Always check application's permission during installation (use XPrivacy / Xposed Framework)
Use applications from official Android Market only
Use antivirus and firewall (DroidWall), Network Log
Privacy-aware searching
Use DuckDuckgo.com instead of Google!
Avoid using social networks
They have usually access to all your sensitive informations stored on your smartphone
Use trustworthy tracking / wiping software
With the possibility of "remote wipe" and "remote lock"
Secure wipe InTheClear
Face obscure
Avoid using really sensitive applications
Google is not a privacy-aware search engine, it tracks everything about you!
Disable Geolocation services
If you don't use them
Care about your privacy - privacy intrusions by 3rd parties (government, corporations, your competitors) will be more likely in the future
You are already tracked (by data retention law, all social networks, Google) and can be easily monitored (by any secret or other government agencies)
The Internet is a permanent storage - some your sensitive data may be never erased when they are leaked
Thanks for your attention!
Contact me!
Encrypted communication I.
strongSwan VPN client
SSH tunnels
Encrypted communication IV.
There are some cool crypto Android applications, but they are proprietary with no source code:
Acrobits Softphone
Can we trust them?
Start to encrypt your text / voice communication immediately:
Signal (SMS or IP data encryption channel, SIP/TLS + ZRTP VoIP client with preddefined SIP/ZRTP server) - STRONGLY RECOMMENDED
Telegram (but be aware of its history of serious security vulnerabilities in the past)
Persistent privacy threats I.
Governments - they need to spy their citizen because of many reasons (e.g. tax evasion):
massive legal spying using data-retention law (valid in the most EU countries including Slovakia) -> all ISP/mobile operators are forced to store headers of all communications for 6-24 months! - it was held unconstitutional by European Court of Justice
secret agencies (in Slovakia there is no transparency about their activities)
NSA warrantless surveillance including manipulation of standardization processes, implementing backdoors in crypto (Dual_EC_DRBG), blackmailing of companies in order to weaken their implemented crypto, e.g. using weak RNG generators, hacking core network routers, buying 0-day exploits, VUPEN subscription, Lavabit threatening and much more malicious activities, FBI has forced Apple to build a backdoored iOS firmware)
Persistent privacy threats II.
Corporations - spying is a part of their business model
Google has a full access to all Android used wireless networks, your calendars, your contacts, despite the fact they care about security a lot, they ignore their users' privacy (Google applications still do not support end-point encryption, e.g. using PGP)

Apple is not better at all, they started to collect fingerprints ...
Persistent privacy threats III.
Mobile operators - it's also part of their business and they are forced by legislation
Full access to your localization data (and they sell it!)
Legally they CAN NOT provide end-to-end encrypted calls (using ZRTP) for their customers (because of impossibility of legal interception)
Therefore they have full access to all your calls, text messages, ...
SSH Tunnel
More information at http://prism-break.org/
Opt out of global data surveillance programs like PRISM, XKeyscore and Tempora. Stop governments from spying on you by encrypting your communications and ending your reliance on proprietary services.
Digital Privacy Threats
Unexpected threats caused by various viruses, malware, targeted attackers
Cyber-terorism (a hype and pretext for hugely expensive government IT security projects paid by tax-payers)
Can be reduced by antiviruses, anti-malware, hardening your systems

Forced by the government and their legislation
Can be reduced by end-to-end crypto and hardening your systems
Encrypted communication III
Classic email encryption (PGP, S/MIME) lacks the support of PFS, anonymity, trustless keyservers
Check http://mute.berlin for a completely new approach of sending / receiving messages in secure and anonymous way
Full transcript