Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Communication/smartphone privacy workshop, libertycon 2017, praha
Transcript of Communication/smartphone privacy workshop, libertycon 2017, praha
Why choose Android when you care about your privacy
Android >=3.0 supports native full disk encryption
other alternatives are Luks encryption, Cryptonite
encrypt your root filesystem including all your external SD cards and your Titanium backups!
Mobiflage - Deniable Storage Encryption for Mobile Devices
Encrypted communication II
Let's talk about...
Why protect information
It is open source - easily and completely auditable what is crucial for security (iOS, Blackberry, Windows Mobile are proprietary closed-source platforms) - you know there isn't anything hidden that might violate your privacy (e.g. Carrier IQ)
There is a "privacy-aware" Android distribution - Cyanogenmod / Replicant that has removed any Google spying functionality, incognito mode, torification etc.
It supports all advanced Linux security features (e.g. SELinux, Truecrypt full disk encryption, etc.)
iOS marketplace is more conservative, it may contain less malware/trojans
Full disk encryption
at least AES256 storage for your sensitive information (credit card numbers, credentials, private keys, etc)
B-Folders, KeePassDroid, NoteCipher
PGP encryption based on APG (K9 Mail, Kaiten Mail, K-@ Mail Pro), based on PGP KeyRing (Squeaky mail), r2mail2
S/MIME encryption (DJIGZO S/MIME, r2mail2)
Instant chat encryption
based on OTR or PGP
Xabber, ChatSecure, IM+ Pro with OTR plugin
based on ZRTP protocol and SIP/TLS
CSipSimple (can be used with Ostel.me), Signal Messenger
Acrobits Softphone with ZRTP outgoing module (or Groundwire)
Outgoing connection / browsing anonymization
based on Tor, torification of all outgoing connections from smartphone is possible on Android/desktop
Orbot and Orweb v2, AdBlockPlus Firefox plugin
based on Bitcoin
Bitcoin Wallet, Mycelium Wallet,
breadWallet on iOS
Other privacy recommendations
Use trustworthy software
Always check application's permission during installation (use XPrivacy / Xposed Framework)
Use applications from official Android Market only
Use antivirus and firewall (DroidWall), Network Log
Use DuckDuckgo.com instead of Google!
Avoid using social networks
They have usually access to all your sensitive informations stored on your smartphone
Use trustworthy tracking / wiping software
With the possibility of "remote wipe" and "remote lock"
Secure wipe InTheClear
Avoid using really sensitive applications
Google is not a privacy-aware search engine, it tracks everything about you!
Care about your privacy - privacy intrusions by 3rd parties (government, corporations, your competitors) will be more likely in the future
You are already tracked (by data retention law, all social networks, Google) and can be easily monitored (by any secret or other government agencies)
The Internet is a permanent storage - some your sensitive data may be never erased when they are leaked
Thanks for your attention!
Encrypted communication I.
Start to encrypt your text / voice communication immediately:
Signal (messages, voice and video calls). Free, iOS, Android, Desktop. Encryption not optional, perfect forward secrecy - STRONGLY RECOMMENDED
Telegram (bad design, past vulnerabilities)
Wire - turns out voice and video messages are not well encrypted
WhatsApp - works for something, but it is not pivacy-aware, it's not a priority
Threema - nice, proprietary
Persistent privacy threats I.
Governments - they "need" to spy their citizen because of many reasons (e.g. tax evasion):
massive legal spying using data-retention law
(secret) mass surveillance (domestic and foreign) - Snowden
targeted government hacking - wikileaks/Vault7
Persistent privacy threats II.
Corporations - spying is a part of their business model
Google has a full access to all Android used wireless networks, your calendars, your contacts, despite the fact they care about security a lot
Your data is very valuable.
If you are not the paying customer, you are the product!
Persistent privacy threats III.
Mobile operators - it's also part of their business and they are forced by legislation
Full access to your localization data (and they sometimes sell it)
Legally they CAN NOT provide end-to-end encrypted calls for their customers (legal interception requirements)
Therefore they have full access to all your calls, text messages, ...
HTTPS Everywhere (incl. in some browsers, e.g. Brave on iOS)
More information at http://prism-break.org/
Opt out of global data surveillance programs like PRISM, XKeyscore and Tempora. Stop governments from spying on you by encrypting your communications and ending your reliance on proprietary services.
Digital Privacy Threats
Unexpected threats caused by various viruses, malware, targeted attackers
Cyber-terorism (a hype and pretext for hugely expensive government IT security projects paid by tax-payers)
Can be reduced by antiviruses, anti-malware, hardening your systems
Forced by the government and their legislation
Can be reduced by end-to-end crypto and hardening your systems
Encrypted communication III
Classic email encryption (PGP, S/MIME) lacks the support of PFS, anonymity, trustless keyservers
Check http://mute.berlin for a completely new approach of sending / receiving messages in secure and anonymous way
Anonymity & "Encryption"
Orbot, Orweb, ...
but wait.... Vault7 said Signal is broken!
Well, not really.
It seems that end-point devices are broken!
But there still is a difference. Signal protects you against mass surveillance, not targeted attacks.
Perfect forward secrecy is the key <- why are we resisting surveillance?