I had a weird experience with a android ROM which even when turned off send stats to a server over wifi... I have not tested it with stock rom, and I have no idea how it works, but it might be worth listening to phone data and try to figure out what it does before using a mod\ded phone for something important... Even when it\s turned off.
2013/7/25 grarpamp <[email protected]> > >>> http://www.cryptophone.de/en/products/mobile/ > > > This phone appears to be Windows-based. > > We have some trust in the MS stack concerning > ability to execute code and move packets properly. > Sniffing and sending the cleartext... that's an uknown > but is reasonably verifiable by watching the network. > > > I see that they are banging on about their FOSS on > > every web page on their site > > They give away the source. There's some blurbs about verifying > their published binary hash with what you compile. However it's > unclear if the binary on the *phone* is meant to verifiably match > yours, if you can upload yours to the phone, etc. For over $1000 > per endpoint in a mesh, that's not a solution for us. > Reimplementing it is. > > > that the whole software is based on the Windows-platform. > > I don't like cryptophone due to the cost and non-community > model. But they do offer an Android unit now. > > > Also, it looks as though the whole Cryptophone's setup is centralised > > That too. You should be able to do this with any street phone > having ARM or whatever ported processor. > > > Interesting feature is the Baseband firewall > > I saw that but didn't get what it is. Please tell... > > > Don't forget stock android has code [...] > > My understanding is Android is Linux, ie: Linux has been > ported to run on the phone processor (ARM?). > So I'm not seeing a reason to use Android proper, where > Linux plus any driver blobs stripped for use from Android > could suffice. Perhaps as an underground project if use of > said blobs that way would violate blobs license. > > > Don't even know if anyone has truly audited android. > > Unless it involves money or rep, auditing is largely a myth. > > > There are some crypto programs you can install but it requires > > the other party to have the program as well. > > This is not a problem in this community. > And a proper app would recognize your incoming number > and use that app when you call people who aren't techs > (friend/family) but told to install it under threat of no calls. > > > I'd have better luck buying burn phones for people than > > getting them to install software and use it properly.. > > For them, yes. For you, no, your graph will instantly point > to you. With that, encrypted content is your last bastion. > > > fancy menus which don't tell me much > > As in my former note, all we really want is opensource voice/SMS > encryption over the cell network, preferably without a data plan > (but not required). > Because cell's coverage area is better than wifi (which we can > already use for crypted wifi to wifi with any old app of the day, > (provided access to the mic and speaker) but not to interoperate > with cell, see the former data plan for that). > Everything after that is likely to be much easier... full disk encryption > of data, call lists, texts, mails, metadata, etc. > > Maybe this is not the best tech list for that question. > Any ideas on that? > -- > tor-talk mailing list - [email protected] > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
