You are viewing a single comment's thread from:

RE: AnoPhone (A2X) - The Cryptophone with Complete Secure Design

in #steemhunt5 years ago

If Edward Snowden designed a mobile phone, the AnoPhone could be the result.

Epic!

I am not fully aware of privacy breaches telecom companies conduct but can mobile sim operators actually prevent the sim from functioning in such a secure device? I am sure they probably can track what i browse and sim settings for an operator may not be compatible wit this phone?

Sort:  

The SIM relies on a mobile modem. The modem can have secure components which purposely send other identifiers to towers, still allowing phone and SMS operation but not allowing geo-location [or A-GPS locating] anymore.

The SIM is merely embedded software so to say. Anything a SIM does could be entered in a NFC chip if telcos wanted to switch MO.

Can they prevent the SIM functioning in such devices? I doubt it unless they know in what devices you operate it and they can reverse engineer the capabilities of the modems. SIMs are pretty dumb devices and do not carry nor transmit that much data. They mostly only provide compatibility for the little data (your number, base address book, few stored SMS, and maybe some mobile wallet protocol) with the common transmission protocols.

I am not fully aware of privacy breaches telecom companies conduct

For example in the USA Trump allowed telcos to sell browsing history to companies/advertisers. I assume that also happens in many countries with less strict privacy laws than the EU. Who knows if in those countries location is sold to advertisers as well.

Not necessarily a “breach” but it does make the user the product, more often than not unknowingly even. Definitely not an example of privacy.

I am 99.999...8% confident that in many authoritarian nations law agencies have real-time access to SMS. We know from the NSA files that anything not encrypted they track. Even that they can turn on camera/mic remotely.

Facebook even applied for a patent for turning on mic remotely, some years after Snowden revealed everything. Zuckerberg himself has long covered his laptop’s mic/camera with duct tape. Pictures of that go back to last decade.

With device based encryption, only encrypted apps, hardware selected to be secure against specific man-in-the-middle attacks, black doors, and leakages the AnoPhone may be one of the most secure options available.

Of course, biggest threat to security is still the user. Don’t renew the VPN after first year and install an email client which works with gmail... good luck if you relied on the security of the AnoPhone.

thanks for a detailed response. definitely helps me better understand the hunt.

Currently for rights activists and journalist in dangerous nations (I think yours belongs to that group too) it's usually this:

VPN plus Wickr/Signal/WhatsApp combined with burner numbers linked to anonymous prepaid debit cards [connected to prepaid SIMs]. Depending on how on the ball agencies are that may also require to ditch phones every xx days, or at least take them out of rotation for few years until definitely not targeted anymore.

News organizations will also have SecureDrop setups (has anybody already hunted that?)

WhatsApp is Signal-based but closed source. Security agencies have publicly discussed the need to be able to listen in, as additional user and that would require the x joined conversation notification to be removed or not shown for backdoor entries. Obviously that's also a security risk, backdoors can be discovered by criminals too.

Will FB succomb long-term to such requests? Nobody knows because closed source. Will Google if they have an end-to-end encrypted messenger? Nobody knows...

Currently IT departments for say Reuters must order phones on which they can install a hardened android fork but also have processors which allow device based encryption, implement device based encryption. Nextdeactivate location as admin for all apps, except for the secure messenger which allows them to send distress signals. Then they must hope none of the hardware components leak any potentially dangerous data. And they need a SecureDrop admin as well.

Eventually the resource cost runs up and, of course specialized software licenses also cost. Queue maintenance cost of remotely operated updates, all of which need to be checked for security breaches again.

A local rights activists group can not even afford all of that.

AnoPhone makes it all a lot easier and that at a reasonable cost assuming they will provide updates too.