On Mon, 2020-08-10 at 17:14 +0200, Stefan Claas wrote: > ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users wrote: > > > 10/08/20 09:07 ನಲ್ಲಿ, Stefan Claas <s...@300baud.de> ಬರೆದರು: > > > Matthias Apitz wrote: > > > > > > > El día domingo, agosto 09, 2020 a las 10:06:13p. m. +0200, Stefan Claas > > > > escribió: > > > > > > > > > > This article showed up today, when I did a Google search again: > > > > > > > > > > > > <https://tech.firstlook.media/how-to-defend-against-pegasus-nso-group-s-sophisticated-spyware> > > > > > > > > > > > > Trustworthy source. > > > > > > > > > > Mmmhhh, it is getting 'better and better' for smartphone users. > > > > > > > > > > https://www.androidauthority.com/government-tracking-apps-1145989/ > > > > > > > > > > > > > One can use a Linux mobile phone running UBports.com (as I and all my > > > > family do) > > > > or the upcoming Puri.sm L5 (as I pre-ordered in October 2017). > > > > > > Yes, people gave me already (not from here of course) good advise for > > > other OSs > > > which one can use. The question is how long will those OSs been > > > unaffected ... > > > > > > > Stop whining, stand up and fight and protect yourself. > > > > > > I am not whining ... I only wanted to let the people know. Also very > > > interesting that only one person in this thread replied, besides you ... > > > > I was wary of storing my private GPG keys on my phone (if only because of > > theft/loss/etc), so I set up my keys on a Yubikey > > and use that to decrypt stuff on my phone. From what I understand, even if > > they were to obtain secrets decrypted by the > > Yubikey or exfiltrate private files, they would not be able to actually > > decrypt them given that the key resides on the > > Yubikey (if the private key were on the phone itself, they'd "just" have to > > crack the passphrase or whatever, which would > > presumably be much easier...). > > > > Just another way to mitigate the risk of stuff like this. > > Well, I do have YubiKeys and a Nitrokey too, but I would say while they can't > obtain your private key they will for sure > know the passphrase (PIN) used and the content you encrypted/decrypted on > your smartphone. > > I came up yesterday with the idea to use an additional offline laptop[1] > connected to my smartphone via a USB OTG cable > and an FTDI USB to USB cable, costs for both less then 20 USD. When both > devices are connected one uses on the laptop > CoolTerm (cross-platform) and on the Android device serial usb terminal, > available on the PlayStore. > > As of my understanding (please someone proofs me wrong) an attacker would > have a hard time to know the encrypted content > created on the offline laptop. >
Why use PGP on your phone if you carry a whole laptop with you anyway? -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
