slides.org (Mobile): Review
The references were supposed to be committed a little while back, but I'm not going to rewrite history; I have better things to do right now. * sapsf.bib: Add references.master
parent
d86e016cfc
commit
17dbce4b7f
|
@ -0,0 +1,224 @@
|
|||
@online{panopti:about,
|
||||
author = {Electric Frontier Foundation},
|
||||
title = {Panopticlick | About},
|
||||
url = {https://panopticlick.eff.org/about},
|
||||
urldate = {2017-03-08},
|
||||
}
|
||||
|
||||
@online{whonix:donot,
|
||||
author = {Whonix},
|
||||
title = {DoNot},
|
||||
url = {https://www.whonix.org/wiki/DoNot},
|
||||
urldate = {2017-03-05}
|
||||
}
|
||||
|
||||
@online{tor,
|
||||
author = {Tor Project},
|
||||
title = {Tor Project: Anonymity Online},
|
||||
url = {http://torproject.org/},
|
||||
urldate = {2017-03-09},
|
||||
}
|
||||
|
||||
|
||||
@online{eff:nsa:timeline,
|
||||
author = {Electronic Frontier Foundation},
|
||||
title = {Timeline of NSA Domestic Spying},
|
||||
url = {https://www.eff.org/nsa-spying/timeline},
|
||||
urldate = {2017-03-09},
|
||||
}
|
||||
|
||||
@online{mtg:uproar,
|
||||
author = {Mike Gerwitz},
|
||||
title = {National Uproar: A Comprehensive Overview of the
|
||||
NSA Leaks and Revelations},
|
||||
url = {https://mikegerwitz.com/2013/06/National-Uproar-A-Comprehensive-Overview-of-the-NSA-Leaks-and-Revelations},
|
||||
month = 06,
|
||||
year = 2013,
|
||||
urldate = {2017-03-09},
|
||||
}
|
||||
|
||||
@online{eff:bernstein:doj,
|
||||
author = {Electronic Frontier Foundation},
|
||||
title = {Bernstein v. US Department of Justice},
|
||||
url = {https://www.eff.org/cases/bernstein-v-us-dept-justice},
|
||||
urldate = {2017-03-09},
|
||||
}
|
||||
|
||||
% TODO: figure out how to render the URL
|
||||
@techreport{poodle:paper,
|
||||
author = {Möller, Brodo and Duong, Thai and Kotowicz, Krzysztof},
|
||||
title = {This POODLE Bites: Exploiting the SSL 3.0 Fallback},
|
||||
institution = {Google},
|
||||
year = 2014,
|
||||
month = Sep,
|
||||
url = {https://www.openssl.org/~bodo/ssl-poodle.pdf},
|
||||
}
|
||||
|
||||
@online{w:crypto-wars,
|
||||
author = {Wikipedia},
|
||||
title = {Crypto Wars},
|
||||
url = {https://en.wikipedia.org/wiki/Crypto_wars},
|
||||
urldate = {2017-03-10},
|
||||
}
|
||||
|
||||
|
||||
@online{fedr:export-controls,
|
||||
author = {Executive Office of the President},
|
||||
title = {Administration of Export Controls on Encryption Products},
|
||||
url = {https://www.gpo.gov/fdsys/pkg/FR-1996-11-19/pdf/96-29692.pdf},
|
||||
urldate = {2017-03-10},
|
||||
month = 11,
|
||||
year = 1996,
|
||||
note = {Federal Register, Vol. 61, No. 224, Executive Order 58767},
|
||||
}
|
||||
|
||||
|
||||
|
||||
@online{doc:rev-export-reg,
|
||||
author = {United States Department of Commerce},
|
||||
title = {Revised U.S. Encryption Export Regulations},
|
||||
url = {https://epic.org/crypto/export_controls/regs_1_00.html},
|
||||
month = 01,
|
||||
year = 2000,
|
||||
urldate = {2017-03-10},
|
||||
}
|
||||
|
||||
|
||||
@online{arxiv:mac,
|
||||
author = {Martin, Jeremy
|
||||
and Mayberry, Travis
|
||||
and Donahue, Collin
|
||||
and Foppe, Lucas,
|
||||
and Brown, Lamont
|
||||
and Riggins, Chadwick
|
||||
and Rye, Erik C.
|
||||
and Brown, Dane},
|
||||
title = {A Study of MAC Address Randomization in Mobile Devices and When it Fails},
|
||||
year = 2017,
|
||||
month = 03,
|
||||
archivePrefix= {arXiv},
|
||||
eprint = {1703.02874},
|
||||
primaryClass = {cs.CR},
|
||||
}
|
||||
|
||||
@online{aimsid,
|
||||
author = {CellularPrivacy},
|
||||
title = {Android IMSI-Catcher Detector},
|
||||
url = {https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@online{osmand,
|
||||
title = {OsmAnd - Offline Mobile Maps and Navigation},
|
||||
url = {http://osmand.net/},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@online{mozilla:loc-services,
|
||||
author = {MozillaWiki},
|
||||
title = {CloudServices/Location - MozillaWiki},
|
||||
url = {https://wiki.mozilla.org/CloudServices/Location},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@online{openmobilenetwork,
|
||||
title = {OpenMobileNetwork},
|
||||
url = {http://www.openmobilenetwork.org/},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@online{w:wps,
|
||||
author = {Wikipedia},
|
||||
title = {Wi-Fi positioning system},
|
||||
url = {https://en.wikipedia.org/wiki/Wi-Fi_positioning_system},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@online{w:trilateration,
|
||||
author = {Wikipedia},
|
||||
title = {Trilateration},
|
||||
url = {https://en.wikipedia.org/wiki/Trilateration},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@article{acm:spotfi,
|
||||
author = {Kotaru, Manikanta
|
||||
and Joshi, Kiran
|
||||
and Bharadia, Dinesh
|
||||
and Katti, Sachin},
|
||||
title = {{SpotFi}: Decimeter Level Localization Using {WiFi}},
|
||||
journal = {{ACM} {SIGCOMM} Computer Communication Review - {SIGCOMM'15}},
|
||||
doi = {10.1145/2785956.2787487},
|
||||
volume = 45,
|
||||
pages = {269-282},
|
||||
year = 2015,
|
||||
}
|
||||
|
||||
@article{acm:lteye,
|
||||
author = {Kumar, Swarun
|
||||
and Hamed, Ezzeldin
|
||||
and Katabi, Dina
|
||||
and Li, Li Erran},
|
||||
title = {{LTE} radio analytics made easy and accessible},
|
||||
journal = {{S3 '14} Proceedings of the 6th annual workshop on Wireless of
|
||||
the students, by the students, for the students},
|
||||
doi = {10.1145/2645884.2645891},
|
||||
pages = {29-30},
|
||||
year = 2014,
|
||||
}
|
||||
|
||||
@online{replicant,
|
||||
author = {Replicant},
|
||||
title = {Replicant},
|
||||
url = {http://www.replicant.us},
|
||||
urldate = {2017-03-11},
|
||||
annotation = {A fully free Android distribution}
|
||||
}
|
||||
|
||||
@online{replicant:sec,
|
||||
author = {Replicant},
|
||||
title = {Freedom and privacy/security issues},
|
||||
url = {http://www.replicant.us/freedom-privacy-security-issues.php},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@online{replicant:samsung-bd,
|
||||
author = {Replicant},
|
||||
title = {Samsung Galaxy back-door},
|
||||
url = {http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor},
|
||||
urldate = {2017-03-11},
|
||||
annotation = {Backdoor in Samsung Galaxy phones closed by Replicant},
|
||||
}
|
||||
|
||||
@online{gnu:malware-mobile,
|
||||
author = {GNU Project},
|
||||
title = {Malware in Mobile Devices},
|
||||
url = {https://www.gnu.org/philosophy/malware-mobiles.html},
|
||||
urldate = {2017-03-11},
|
||||
annotation = {Numerous resources on privacy/security issues with mobile
|
||||
devices}
|
||||
}
|
||||
|
||||
@online{jots:mobile,
|
||||
author = {Jinyan Zang
|
||||
and Krysta Dummit
|
||||
and James Graves
|
||||
and Paul Lisker
|
||||
and Latanya Sweeney},
|
||||
title = {Who Knows What About Me? A Survey of Behind the Scenes Personal
|
||||
Data Sharing to Third Parties by Mobile Apps},
|
||||
url = {http://jots.pub/a/2015103001/index.php},
|
||||
urldate = {2017-03-11},
|
||||
}
|
||||
|
||||
@online{kryptowire:adups,
|
||||
author = {Kryptowire},
|
||||
title = {KRYPTOWIRE DISCOVERS MOBILE PHONE FIRMWARE THAT TRANSMITTED
|
||||
PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER
|
||||
CONSENT OR DISCLOSURE},
|
||||
url = {http://www.kryptowire.com/adups_security_analysis.html},
|
||||
urldate = {2017-03-11},
|
||||
annotation = {BLU mobile phones transmitting SMS content, contacts, call
|
||||
history, telephone numbers, IMEIs, etc to third-party
|
||||
servers without users' knolwedge or censent}
|
||||
}
|
644
slides.org
644
slides.org
|
@ -10,151 +10,150 @@
|
|||
#+BEAMER_HEADER: \beamertemplatenavigationsymbolsempty
|
||||
#+BIBLIOGRAPHY: sapsf plain
|
||||
#+TODO: RAW(r) DEVOID(v) LACKING(l) DRAFT(d) REVIEWED(R) | READY(+) REHEARSED(D)
|
||||
#+COLUMNS: %40ITEM %10DURATION{:} %TODO %BEAMER_ENV(ENVIRONMENT)
|
||||
#+COLUMNS: %40ITEM %10DURATION{:} %8TODO %BEAMER_ENV(ENVIRONMENT)
|
||||
|
||||
|
||||
#+BEGIN: columnview :hlines 3 :id global
|
||||
| ITEM | DURATION | TODO | ENVIRONMENT |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| * LaTeX Configuration | | | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| * Slides | 0:44 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** Introduction / Opening | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** Mobile [0/5] | 0:04 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Introduction | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Cell Towers [0/2] | 00:01 | LACKING | |
|
||||
| **** Fundamentally Needed | | DRAFT | |
|
||||
| **** Cell-Site Simulators | | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Wifi [0/3] | 00:01 | LACKING | |
|
||||
| **** Wifi | | DRAFT | |
|
||||
| **** Ubiquitous Access Points | | DEVOID | |
|
||||
| **** Mitigations | | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Location Services [0/2] | 00:01 | DRAFT | |
|
||||
| **** GPS | | DRAFT | |
|
||||
| **** Access Points | | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Operating System [0/3] | 00:01 | DRAFT | |
|
||||
| **** Untrusted/Proprietary OS | | DRAFT | |
|
||||
| **** Free/Libre Mobile OS? | | DRAFT | |
|
||||
| **** Modem | | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** Stationary [0/5] | 0:08 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Surveillance Cameras [0/2] | 0:00 | DRAFT | |
|
||||
| **** Unavoidable Surveillance | | DRAFT | |
|
||||
| **** Access to Data | 00:00:30 | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Internet of Things [0/4] | 0:04 | LACKING | |
|
||||
| **** Internet-Connected Cameras | 00:00:30 | DRAFT | |
|
||||
| **** The ``S'' In IoT Stands For ``Security'' | 00:01:30 | LACKING | |
|
||||
| **** Who's Watching? | 00:00:30 | DEVOID | |
|
||||
| **** Facial Recognition | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Social Media [0/1] | 0:01 | DRAFT | |
|
||||
| **** Collateral Damage | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Driving [0/3] | 0:02 | RAW | |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
| **** ALPRs | 00:01 | LACKING | |
|
||||
| **** Car Itself | 00:00:30 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** The Web [0/6] | 0:10 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Introduction [0/1] | | DRAFT | ignoreheading |
|
||||
| **** Introduction | | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Bridging the Gap [0/1] | 0:01 | LACKING | |
|
||||
| **** Ultrasound Tracking | 00:01 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Incentive to Betray [0/1] | 0:00 | DRAFT | |
|
||||
| **** Summary | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Analytics [0/2] | 0:02 | LACKING | |
|
||||
| **** Trackers | 00:01 | LACKING | |
|
||||
| **** Like Buttons | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Fingerprinting [0/3] | 0:03 | LACKING | |
|
||||
| **** Summary | | DRAFT | |
|
||||
| **** Alarmingly Effective | 00:03 | LACKING | fullframe |
|
||||
| **** User Agent | | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Anonymity [0/4] | 0:04 | DRAFT | |
|
||||
| **** Summary | 00:01 | DRAFT | fullframe |
|
||||
| ***** Anonymity | | | |
|
||||
| ***** Pseudonymity | | | |
|
||||
| **** IANAAE | | DRAFT | fullframe |
|
||||
| **** The Tor Network | 00:01 | DRAFT | |
|
||||
| **** TorBrowser, Tails, and Whonix | 00:02 | DRAFT | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** Data Analytics [0/2] | 0:04 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Headings [0/3] | 0:04 | LACKING | |
|
||||
| **** Advertisers | 00:02 | LACKING | |
|
||||
| **** Social Media | 00:01 | DEVOID | |
|
||||
| **** Governments | 00:00:30 | DEVOID | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** Policy and Government [0/6] | 0:12 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Surveillance [0/7] | 0:06 | LACKING | |
|
||||
| **** History of NSA Surveillance | 00:02 | DRAFT | |
|
||||
| **** Ron Wyden | | DRAFT | fullframe |
|
||||
| **** The Leak | | DRAFT | fullframe |
|
||||
| **** Verizon Metadata | 00:00:30 | DRAFT | |
|
||||
| **** PRISM | | DRAFT | |
|
||||
| **** Snowden | 00:01 | DRAFT | |
|
||||
| **** Tools | 00:02 | DEVOID | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Crypto Wars [0/6] | 0:04 | LACKING | |
|
||||
| **** Introduction | 00:00 | DRAFT | fullframe |
|
||||
| **** Export-Grade Crypto | 00:01:30 | DRAFT | |
|
||||
| **** Bernstein v. United States | 00:01 | DRAFT | |
|
||||
| **** The First Crypto Wars | 00:01 | DRAFT | |
|
||||
| **** Re-repeats Itself | 00:00 | DRAFT | fullframe |
|
||||
| **** Modern Crypto Wars | | DRAFT | fullframe |
|
||||
| **** ``Going Dark'' | | DEVOID | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Espionage [0/1] | 0:01 | LACKING | |
|
||||
| **** US Can't Keep Its Own Secrets | 00:01 | DEVOID | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Subpoenas, Warrants, NSLs [0/1] | 0:01 | LACKING | |
|
||||
| **** National Security Letters | 00:01 | DEVOID | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Law [0/1] | 0:01 | LACKING | |
|
||||
| **** Summary | 00:01 | DEVOID | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** Your Fight [0/1] | 0:05 | LACKING | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| *** Headings [0/6] | 0:05 | LACKING | |
|
||||
| **** Feeding | 00:00 | DRAFT | fullframe |
|
||||
| **** SaaSS and Centralization | 00:01 | DEVOID | |
|
||||
| **** Corporate Negligence | 00:01 | LACKING | |
|
||||
| **** Status Quo | 00:02 | DRAFT | |
|
||||
| **** Status Quo Cannot Hold | | DRAFT | fullframe |
|
||||
| **** Push Back | 00:01 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** Thank You | | | fullframe |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| ** References | | | appendix |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| * Exporting | | | |
|
||||
|-----------------------------------------------+----------+---------+---------------|
|
||||
| * Local Variables | | | |
|
||||
| ITEM | DURATION | TODO | ENVIRONMENT |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * LaTeX Configuration | | | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * Slides | 0:47 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Introduction / Opening | 00:01 | REVIEWED | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Mobile [0/5] | 0:07 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction | 0:00 | REVIEWED | ignoreheading |
|
||||
| **** Introduction | 00:00:15 | REVIEWED | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Cell Towers [0/2] | 0:02 | REVIEWED | |
|
||||
| **** Fundamentally Needed | 00:00:45 | REVIEWED | |
|
||||
| **** Cell-Site Simulators | 00:00:45 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Wifi [0/3] | 0:01 | REVIEWED | |
|
||||
| **** ESSID and MAC Broadcast | 00:01 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Geolocation [0/3] | 0:02 | REVIEWED | |
|
||||
| **** GPS | 00:01 | REVIEWED | |
|
||||
| **** But I Want GPS! | 00:00:30 | REVIEWED | |
|
||||
| **** Location Services | 00:00:45 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Operating System [0/3] | 0:02 | REVIEWED | |
|
||||
| **** Untrusted/Proprietary OS | 00:00:45 | REVIEWED | |
|
||||
| **** Free/Libre Mobile OS? | 00:00:30 | REVIEWED | |
|
||||
| **** Modem Isolation | 00:00:30 | REVIEWED | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Stationary [0/5] | 0:08 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Surveillance Cameras [0/2] | 0:00 | DRAFT | |
|
||||
| **** Unavoidable Surveillance | | DRAFT | |
|
||||
| **** Access to Data | 00:00:30 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Internet of Things [0/4] | 0:04 | LACKING | |
|
||||
| **** Internet-Connected Cameras | 00:00:30 | DRAFT | |
|
||||
| **** The ``S'' In IoT Stands For ``Security'' | 00:01:30 | LACKING | |
|
||||
| **** Who's Watching? | 00:00:30 | DEVOID | |
|
||||
| **** Facial Recognition | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Social Media [0/1] | 0:01 | DRAFT | |
|
||||
| **** Collateral Damage | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Driving [0/3] | 0:02 | RAW | |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
| **** ALPRs | 00:01 | LACKING | |
|
||||
| **** Car Itself | 00:00:30 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** The Web [0/6] | 0:10 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | | DRAFT | ignoreheading |
|
||||
| **** Introduction | | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Bridging the Gap [0/1] | 0:01 | LACKING | |
|
||||
| **** Ultrasound Tracking | 00:01 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Incentive to Betray [0/1] | 0:00 | DRAFT | |
|
||||
| **** Summary | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Analytics [0/2] | 0:02 | LACKING | |
|
||||
| **** Trackers | 00:01 | LACKING | |
|
||||
| **** Like Buttons | 00:01 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Fingerprinting [0/3] | 0:03 | LACKING | |
|
||||
| **** Summary | | DRAFT | |
|
||||
| **** Alarmingly Effective | 00:03 | LACKING | fullframe |
|
||||
| **** User Agent | | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Anonymity [0/4] | 0:04 | DRAFT | |
|
||||
| **** Summary | 00:01 | DRAFT | fullframe |
|
||||
| ***** Anonymity | | | |
|
||||
| ***** Pseudonymity | | | |
|
||||
| **** IANAAE | | DRAFT | fullframe |
|
||||
| **** The Tor Network | 00:01 | DRAFT | |
|
||||
| **** TorBrowser, Tails, and Whonix | 00:02 | DRAFT | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Data Analytics [0/2] | 0:04 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Headings [0/3] | 0:04 | LACKING | |
|
||||
| **** Advertisers | 00:02 | LACKING | |
|
||||
| **** Social Media | 00:01 | DEVOID | |
|
||||
| **** Governments | 00:00:30 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Policy and Government [0/6] | 0:12 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Introduction [0/1] | 0:00 | DRAFT | ignoreheading |
|
||||
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Surveillance [0/7] | 0:06 | LACKING | |
|
||||
| **** History of NSA Surveillance | 00:02 | DRAFT | |
|
||||
| **** Ron Wyden | | DRAFT | fullframe |
|
||||
| **** The Leak | | DRAFT | fullframe |
|
||||
| **** Verizon Metadata | 00:00:30 | DRAFT | |
|
||||
| **** PRISM | | DRAFT | |
|
||||
| **** Snowden | 00:01 | DRAFT | |
|
||||
| **** Tools | 00:02 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Crypto Wars [0/6] | 0:04 | LACKING | |
|
||||
| **** Introduction | 00:00 | DRAFT | fullframe |
|
||||
| **** Export-Grade Crypto | 00:01:30 | DRAFT | |
|
||||
| **** Bernstein v. United States | 00:01 | DRAFT | |
|
||||
| **** The First Crypto Wars | 00:01 | DRAFT | |
|
||||
| **** Re-repeats Itself | 00:00 | DRAFT | fullframe |
|
||||
| **** Modern Crypto Wars | | DRAFT | fullframe |
|
||||
| **** ``Going Dark'' | | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Espionage [0/1] | 0:01 | LACKING | |
|
||||
| **** US Can't Keep Its Own Secrets | 00:01 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Subpoenas, Warrants, NSLs [0/1] | 0:01 | LACKING | |
|
||||
| **** National Security Letters | 00:01 | DEVOID | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Law [0/1] | 0:01 | LACKING | |
|
||||
| **** Summary | 00:01 | DEVOID | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Your Fight [0/1] | 0:05 | LACKING | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| *** Headings [0/6] | 0:05 | LACKING | |
|
||||
| **** Feeding | 00:00 | DRAFT | fullframe |
|
||||
| **** SaaSS and Centralization | 00:01 | DEVOID | |
|
||||
| **** Corporate Negligence | 00:01 | LACKING | |
|
||||
| **** Status Quo | 00:02 | DRAFT | |
|
||||
| **** Status Quo Cannot Hold | | DRAFT | fullframe |
|
||||
| **** Push Back | 00:01 | DRAFT | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** Thank You | | | fullframe |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| ** References | | | appendix |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * Exporting | | | |
|
||||
|-----------------------------------------------+----------+----------+---------------|
|
||||
| * Local Variables | | | |
|
||||
#+END
|
||||
|
||||
|
||||
|
@ -205,23 +204,50 @@ GOAL: Captivate; Startle
|
|||
\origcite{#1}%
|
||||
}%
|
||||
}}
|
||||
|
||||
\renewcommand*{\bibfont}{\scriptsize}
|
||||
#+END_LATEX
|
||||
|
||||
|
||||
* LACKING Slides :export:ignore:
|
||||
** DRAFT Introduction / Opening :B_fullframe:
|
||||
** REVIEWED Introduction / Opening :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:DURATION: 00:01
|
||||
:BEAMER_env: fullframe
|
||||
:END:
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Hello, everyone.
|
||||
Thanks for coming!
|
||||
|
||||
My name's Mike Gerwitz.
|
||||
I am a free software hacker and activist with a focus on user privacy and
|
||||
security.
|
||||
I'm also a GNU Maintainer, software evaluator, and volunteer for various
|
||||
other duties.
|
||||
|
||||
And I'm here to talk to you about an unfortunate,
|
||||
increasingly unavoidable fact of life.
|
||||
|
||||
None of you made it here without being tracked in some capacity.
|
||||
Some of us are still being tracked at this very moment.
|
||||
Some of us are /still/ being tracked at this very moment!
|
||||
|
||||
...
|
||||
This isn't a tinfoil hat presentation.
|
||||
It's a survey of facts.
|
||||
/Actual/ facts, not alternative ones! (Dig at Kellyanne Conway, for those
|
||||
reading this in the future.)
|
||||
Since time isn't on my side here,
|
||||
I'm going to present a broad overview of the most pressing concerns of
|
||||
today.
|
||||
Every slide has numeric citations,
|
||||
which are associated with references in the final slides.
|
||||
I won't be showing them here---you can get them online.
|
||||
My goal is to present you with enough information that you know that these
|
||||
things /exist/,
|
||||
and you know where to find more information about them.
|
||||
Those unknown unknowns.
|
||||
|
||||
Let's start with the obvious.
|
||||
So: let's start with the obvious.
|
||||
|
||||
(Note: You're being "tracked", rather than "watched": the latter is too
|
||||
often used and dismissed as tinfoil-hat FUD.)
|
||||
|
@ -232,14 +258,15 @@ often used and dismissed as tinfoil-hat FUD.)
|
|||
#+BEAMER: \only<2>{(No, really, I have references.)}
|
||||
#+END_CENTER
|
||||
|
||||
** LACKING Mobile [0/5]
|
||||
*** DRAFT Introduction :B_ignoreheading:
|
||||
|
||||
** REVIEWED Mobile [0/5]
|
||||
*** REVIEWED Introduction :B_ignoreheading:
|
||||
:PROPERTIES:
|
||||
:BEAMER_env: ignoreheading
|
||||
:END:
|
||||
**** DRAFT Introduction :B_fullframe:
|
||||
**** REVIEWED Introduction :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:DURATION: 00:00:15
|
||||
:BEAMER_env: fullframe
|
||||
:END:
|
||||
|
||||
|
@ -250,59 +277,94 @@ often used and dismissed as tinfoil-hat FUD.)
|
|||
#+BEGIN_COMMENT
|
||||
How many of you are carrying a mobile phone right now?
|
||||
Probably most of us.
|
||||
They are something we carry with us everywhere;
|
||||
they are computers that are always on.
|
||||
A phone is often synonymous with an individual.
|
||||
They are something we carry with us everywhere.
|
||||
They are computers that are always on.
|
||||
|
||||
A phone is often synonymous with an individual;
|
||||
they are a part of us.
|
||||
In other words: they're excellent tracking devices.
|
||||
#+END_COMMENT
|
||||
|
||||
*** LACKING Cell Towers [0/2]
|
||||
*** REVIEWED Cell Towers [0/2]
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:DURATION: 0:02
|
||||
:END:
|
||||
**** DRAFT Fundamentally Needed
|
||||
- <1-> Phone needs tower to make and receive calls
|
||||
- <2-> Gives away approximate location (can triangulate)
|
||||
**** REVIEWED Fundamentally Needed
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
- Phone needs tower to make and receive calls
|
||||
- Gives away approximate location (can triangulate)
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
The primary reason is inherent in a phone's design: cell towers.
|
||||
The primary reason is inherent in a phone's design:
|
||||
cell towers.
|
||||
A phone "needs" to be connected to a tower to make and receive calls.
|
||||
|
||||
Unless it is off,
|
||||
Unless it is off or otherwise disconnected (like airplane mode),
|
||||
its connection to the cell tower exposes your approximate location.
|
||||
These data persist for as long as the phone companies are willing to persist
|
||||
it. If it's mined by the NSA, then it might be persisted indefinitely.
|
||||
it.
|
||||
|
||||
Some people don't use phones primarily for this reason.
|
||||
|
||||
rms said he might use a phone if it could act as a pager,
|
||||
rms, for example, said he might use a phone if it could act as a pager,
|
||||
where he'd only need to expose his location once he is in a safe place.
|
||||
You can imagine that such would be a very useful and important feature for
|
||||
reporters and dissidents as well.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** LACKING Cell-Site Simulators
|
||||
**** REVIEWED Cell-Site Simulators
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
- <1-> IMSI-Catchers
|
||||
- <1-> Masquerade as cell towers
|
||||
- <2-> (List them) e.g. Stingray
|
||||
- <1-> Most popular: Stingray
|
||||
- <2-> Free/libre Android program AIMSICD available on F-Droid attempts to
|
||||
detect\cite{aimsid}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
I'm sure many of you have heard of Cell Site Simulators;
|
||||
one of the most popular examples being the Stingray.
|
||||
These devices masquerade as cell towers and can perform a dragnet search for
|
||||
an individual.
|
||||
Your location can be triangulated.
|
||||
Cell Site Simulators have made a lot of news in the past (including my local
|
||||
news),
|
||||
one of the most popular examples being the Stingray.
|
||||
These devices masquerade as cell towers.
|
||||
This allows (for example) law enforcement to get a suspect's phone to
|
||||
connect to _their_ device rather than a real tower,
|
||||
which allows their location to be triangulated,
|
||||
calls to be intercepted,
|
||||
texts to be mined,
|
||||
etc.
|
||||
Law enforcement might also use it to record all devices in an area,
|
||||
such as during a protest.
|
||||
|
||||
The problem is: _every_ phone in the area will try to connect to it;
|
||||
it amounts to a dragnet search,
|
||||
and is therefore extremely controversial.
|
||||
|
||||
The Android program AIMSICD---Android IMSI-Catcher Detector---is being
|
||||
developed in an attempt to detect these devices.
|
||||
It is free software and is available on F-Droid.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
*** LACKING Wifi [0/3]
|
||||
*** REVIEWED Wifi [0/3]
|
||||
:PROPERTIES:
|
||||
:DURATION: 0:01
|
||||
:END:
|
||||
|
||||
**** REVIEWED ESSID and MAC Broadcast
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:END:
|
||||
|
||||
**** DRAFT Wifi
|
||||
- Device may broadcast ESSIDs of past hidden networks
|
||||
- Expose unique hardware identifiers (MAC address)
|
||||
- <1-> Device may broadcast ESSIDs of past hidden networks
|
||||
- <2-> Expose unique hardware identifiers (MAC address)
|
||||
- <3-> **Defending against this is difficult**
|
||||
- <4-> /Turn off Wifi/ in untrusted places
|
||||
- <4-> Turn off settings to auto-connect when receiving e.g. MMS
|
||||
- <5-> Use cellular data (e.g. {2,3,4}G)
|
||||
- <6-> **MAC address randomization works poorly**\cite{arxiv:mac}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
What else is inherent in a modern phone design?
|
||||
|
@ -311,125 +373,231 @@ A common feature is Wifi.
|
|||
If you connected to any hidden networks,
|
||||
your phone may broadcast that network name to see if it exists.
|
||||
|
||||
Your mobile device could be broadcasting information like past network
|
||||
connections and unique device identifiers (MAC),
|
||||
It exposes unique device identifiers (MACs),
|
||||
which can be used to uniquely identify you.
|
||||
#+END_COMMENT
|
||||
|
||||
**** DEVOID Ubiquitous Access Points
|
||||
- <AP stuff>
|
||||
Defending against this is difficult,
|
||||
unless you take the simple yet effective route:
|
||||
disable Wifi completely,
|
||||
at least when you're not in a safe area you can trust.
|
||||
Some apps will automatically enable networking if they receive,
|
||||
for example,
|
||||
MMS messages;
|
||||
be careful of that.
|
||||
If you really do need data,
|
||||
use your cellular data.
|
||||
You are already hemmoraging information to your phone company,
|
||||
so at least you're limiting your exposure.
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Access points increasingly line the streets or are within range in nearby
|
||||
buildings.
|
||||
Some phones and apps offer MAC address randomization.
|
||||
That's a good thing in priniciple.
|
||||
Unfortunately, it seems to be easily defeated.
|
||||
One study, cited here,
|
||||
claims to be able to defeat randomization 100% of the time,
|
||||
regardless of manufacturer.
|
||||
|
||||
Can be incredibly accurate for tracking movements,
|
||||
and it is _passive_---it requires no software on your device.
|
||||
/Segue to next section:/
|
||||
All these previous risks are _passive_---
|
||||
they require no malicious software on your device.
|
||||
But what if we _do_ have such software?
|
||||
And of course, we do.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** DRAFT Mitigations
|
||||
- Disable Wifi [when not in use]
|
||||
- Do not automatically connect to known networks
|
||||
- At the very least, not hidden
|
||||
- Randomize MAC address
|
||||
*** REVIEWED Geolocation [0/3]
|
||||
:PROPERTIES:
|
||||
:DURATION: 0:02
|
||||
:END:
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Disable Wifi when not in use.
|
||||
You can also randomize your MAC address,
|
||||
and be sure not to broadcast hidden networks.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
*** DRAFT Location Services [0/2]
|
||||
**** REVIEWED GPS
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:END:
|
||||
|
||||
**** DRAFT GPS
|
||||
- Often enabled by default
|
||||
- Might prompt user, but features are attractive
|
||||
|
||||
- Programs give excuses to track
|
||||
- Location for tweets, photos, nearby friends, etc.
|
||||
- <1-> Not inherently a surveillance tool
|
||||
- <2-> Often enabled by default
|
||||
- <2-> Might prompt user, but features are attractive
|
||||
- <3-> Programs give excuses to track\cite{jots:mobile}
|
||||
- <3-> Navigation systems
|
||||
- <3-> Location information for social media, photos, nearby friends, finding
|
||||
lost phones, location-relative searches, etc.
|
||||
- <4-> Not-so-good: targeted advertising and building users profiles
|
||||
- <4-> If phone is compromised, location is known
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Oh, but what if we _do_ have software on the device?
|
||||
And we do.
|
||||
|
||||
Let's talk about location services!
|
||||
Let's talk about geolocation!
|
||||
Many people find them to be very convenient.
|
||||
|
||||
The most popular being GPS.
|
||||
|
||||
GPS isn't inherently a surveillance tool;
|
||||
it can't track you on its own.
|
||||
Your GPS device triangulates its location based on signals
|
||||
broadcast by GPS satellites in line-of-site.
|
||||
|
||||
Because of the cool features it permits,
|
||||
it's often enabled.
|
||||
it's often enabled on devices.
|
||||
And programs will track your movements just for the hell of it.
|
||||
Or give an excuse to track you.
|
||||
|
||||
I'm not saying there aren't legitimate uses.
|
||||
Navigation systems,
|
||||
social media,
|
||||
photo metadata,
|
||||
finding nearby friends,
|
||||
finding lost phones---
|
||||
all of these things are legitimate.
|
||||
You just need to be able to trust the software that you are running,
|
||||
Often times, you can't.
|
||||
Without source code,
|
||||
it's sometimes hard to say if a program is doing other things.
|
||||
Like using it for targeted advertising,
|
||||
and/or building a user profile (which we'll talk about later).
|
||||
#+END_COMMENT
|
||||
|
||||
**** DRAFT Access Points
|
||||
**** REVIEWED But I Want GPS!
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:END:
|
||||
- <1-> Is the program transparent in what data it sends? (Is the source code
|
||||
available?)\cite{jots:mobile}
|
||||
- <1-> Does the program let you disable those features?
|
||||
- <2-> Pre-download location-sensitive data (e.g. street maps)
|
||||
- <2-> OsmAnd (free software, Android and iOS)\cite{osmand}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
So you may legitimately want GPS enabled.
|
||||
It's terrible that you should be concerned about it.
|
||||
|
||||
You need to know what data you're leaking so that you can decide whether
|
||||
or not you want to do so.
|
||||
And you need the option to disable it.
|
||||
|
||||
Sometimes your location is leaked as a side-effect.
|
||||
Navigation systems, for example, usually lazy-load map images.
|
||||
Some apps let you use pre-downloaded maps,
|
||||
like OsmAnd,
|
||||
which is free software available on both Android and---if you must---iOS.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** REVIEWED Location Services
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
|
||||
- <1-> No GPS? No problem!
|
||||
- <2-> AP harvesting (e.g. Google Street View cars)
|
||||
- <2-> Works even where GPS and Cell signals cannot penetrate
|
||||
- <3> Can be /more/ accurate than GPS (e.g. what store in a shopping mall)
|
||||
- <1-> Mozilla Location Services, OpenMobileNetwork, ...
|
||||
\cite{mozilla:loc-services,openmobilenetwork}
|
||||
- <2-> Wifi Positioning System; Bluetooth networks;
|
||||
nearby cell towers\cite{w:wps}
|
||||
- <2-> Signal strength and SSIDs and MACs of Access Points
|
||||
\cite{w:trilateration,acm:spotfi,acm:lteye}
|
||||
- <3-> Gathered by Google Street View cars
|
||||
- <3-> Your device may report back nearby networks to build a more
|
||||
comprehensive database
|
||||
- <4-> Works even where GPS and Cell signals cannot penetrate
|
||||
- <4-> Can be /more/ accurate than GPS (e.g. what store in a shopping mall)
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
But GPS doesn't need to be available.
|
||||
Have you ever used a map program on a computer that asked for your location?
|
||||
How does it do that without GPS?
|
||||
Google scours the planet recording APs.
|
||||
It knows based on _what APs are simply near you_ where you are.
|
||||
|
||||
There are numerous services available to geolocate based on nearby access
|
||||
points, bluetooth networks, and cell towers.
|
||||
Based on the signal strength of nearby WiFi networks,
|
||||
your position can be more accurately trangulated.
|
||||
|
||||
These data are gathered by Google Street View cars.
|
||||
Your phone might also be reporting back nearby networks in order to improve
|
||||
the quality of these databases.
|
||||
|
||||
Sometimes this can be more accurate than GPS.
|
||||
And it works where GPS and maybe even cell service don't, such as inside
|
||||
shopping malls.
|
||||
|
||||
So having radio and GPS off may not help you.
|
||||
MAC spoofing won't help since software on your device has countless other
|
||||
ways to uniquely identify you---this is active monitoring, unlike previous
|
||||
examples.
|
||||
So just because GPS is off does not mean your location is unknown.
|
||||
#+END_COMMENT
|
||||
|
||||
*** DRAFT Operating System [0/3]
|
||||
*** REVIEWED Operating System [0/3]
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:01
|
||||
:DURATION: 0:02
|
||||
:END:
|
||||
|
||||
**** DRAFT Untrusted/Proprietary OS
|
||||
**** REVIEWED Untrusted/Proprietary OS
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
|
||||
- Who does your phone work for?
|
||||
- <1-> Who does your phone work for?
|
||||
- Apple? Google? Microsoft? Blackberry? Your manufacturer too?
|
||||
- Carry everywhere you go, but fundamentally cannot trust it
|
||||
- <1-> Carry everywhere you go, but fundamentally cannot
|
||||
trust it\cite{gnu:malware-mobile}
|
||||
- <2-> Some come with gratis surveillance
|
||||
- <2-> BLU phones sent SMS messages, contacts, call history, IMEIs, and
|
||||
more to third-party servers without users' knowledge or censent
|
||||
\cite{kryptowire:adups}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
The OS situation on mobile is lousy.
|
||||
Does your phone work for Apple? Google? Microsoft? Blackberry? ...?
|
||||
A lot of this boils down to trust.
|
||||
Who does your phone work for?
|
||||
|
||||
Does your phone work for Apple? Google? Microsoft? Blackberry?
|
||||
Or does it work for you?
|
||||
|
||||
The OS situation on mobile is lousy.
|
||||
You carry around this computer everywhere you go.
|
||||
And you fundamentally cannot trust it.
|
||||
|
||||
Take BLU phones for example.
|
||||
In November of last year it was discovered that these popular phones
|
||||
contained software that sent SMS messages, contact lists, call history,
|
||||
IMEIs, etc to third-party servers without users' knowledge or consent.
|
||||
That software could also remotely execute code on the device.
|
||||
#+END_COMMENT
|
||||
|
||||
**** DRAFT Free/Libre Mobile OS?
|
||||
- <1-3> Android is supposedly free software
|
||||
- <1-3> But every phone requires proprietary drivers, or contains
|
||||
**** REVIEWED Free/Libre Mobile OS?
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:END:
|
||||
- <1-> Android is supposedly free software
|
||||
- <1-> But every phone requires proprietary drivers, or contains
|
||||
proprietary software
|
||||
- <2-3> Replicant
|
||||
- <2-> Replicant\cite{replicant}
|
||||
- <3> Niche. Interest is low, largely work of one developer now.
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
I use Replicant.
|
||||
Android is supposedly a free operating system.
|
||||
Unfortunately,
|
||||
every phone requires proprietary drivers to work,
|
||||
and is loaded with proprietary software.
|
||||
|
||||
Does anyone here use Replicant?
|
||||
I feel like I can at least trust my phone a little bit.
|
||||
I do.
|
||||
Replicant is a fully free Android fork.
|
||||
I feel like I can at least trust my phone a little bit,
|
||||
but I still consider any data on it to be essentially compromised in the
|
||||
sense that I can't be confident in my ability to audit it and properly
|
||||
secure the device.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** DRAFT Modem
|
||||
- But modem still runs non-free software
|
||||
- Often has access to CPU, disk, and memory
|
||||
**** REVIEWED Modem Isolation
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:30
|
||||
:END:
|
||||
|
||||
- But modem still runs non-free software\cite{replicant:sec}
|
||||
- Sometimes has access to CPU, disk, and memory\cite{replicant:samsung-bd}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
But on nearly every phone,
|
||||
the modem still runs proprietary software.
|
||||
And often times has direct access to CPU, disk, and memory.
|
||||
And sometimes it has direct access to CPU, disk, and memory.
|
||||
Replicant closed a backdoor in Samsung Galaxy phones that allowed for remote
|
||||
access to the disk.
|
||||
That backdoor might not have been intentional,
|
||||
but it illustrates the possibility,
|
||||
and could still be exploited by an attacker.
|
||||
|
||||
So even with Replicant,
|
||||
I consider the device compromised;
|
||||
|
|
Loading…
Reference in New Issue