HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Topics » Computers & Internet » Computer Help and Support (Group) » Let's talk about encrypti...

Fri Jun 14, 2013, 08:21 PM

 

Let's talk about encryption and security some more.

Some of us care about this issue out of pure professional interest, others on principle.. which I totally grok. I tinker. I'm a tinkerer, and one of the things I tinker with is encryption. I loved Hardy Boys as a kid, so let's inform each other.

The big question, it seems to me, is mobile phone security. There are currently paid services that will encrypt your voice calls so the *content* is however secure.. probably not real secure.. but I'm gambling that more free services will appear with similar ideas.

VOIP is an option, but which VOIP? Well, we know that Google and Skype are both in the PRISM program, so Google Voice and .. uh.. Skype are out. That leaves, mostly, paid services once again filling the gap. If I were paranoid, I would marvel at the coincidence that the two big free VOIP providers .. where call logs wouldn't normally exist per se .. are also in PRISM.

so here's what you want:

Linphone - 'Open source video SIP phone for desktop & mobile.'
http://www.linphone.org/

yeaaahhhh, baby.

3 replies, 3475 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 3 replies Author Time Post
Reply Let's talk about encryption and security some more. (Original post)
Phillip McCleod Jun 2013 OP
Warren Stupidity Jun 2013 #1
Phillip McCleod Jun 2013 #2
Phillip McCleod Jun 2013 #3

Response to Phillip McCleod (Original post)

Fri Jun 14, 2013, 09:06 PM

1. Much of what prism is doing is creating association databases.

 

Your network of acquaintances, not the content of your conversations. As such, encryption is useless. Speaking of which, the NSA stopped caring about public key encryption technology over 20 years ago, presumably because they no longer considered it a threat.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Warren Stupidity (Reply #1)

Fri Jun 14, 2013, 09:35 PM

2. encryption is useless against PRISM agreed.. which i mentioned.

 

but combinations are even better. my initial contribution was about phone call log avoidance, since that's the crux of PRISM. i pointed out that Google Voice and Skype are out and offered one alternative.. there are many, mostly payfor options. Linphone is nice because it uses SIP so you can change your VoIP 'carrier' in a sense, without changing the app that uses it.

*if* one were paranoid, an inventor, or a corporate tool - which i am not.. rather i'm a whitehat infosec geek who geeks out on infosec - i would want a combined approach. ideally, i would want..

- proxy IP, ie Tor-compliant VoIP dialer, which doesn't exist, so here's dreaming of Ubuntu/phone (masks IP)
+ open-source SIP VoIP dialer like Linphone, so that the security protocols can be reviewed/revised to suit (avoids call logs)
- encrypt audio call content over the VoIP call.. so far not possible AFAIK. once again forced to use a dedicated app like this one on gizmodo. again, can't wait for Ubuntu.com/phone for that

IM'ing is another story, though the same disconnect between encrypted content and masked IP still exists.

major point is that call logs can be avoided-ish.. though if one is a blackhat kind of person, i'm sure the MIC would find a way.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Warren Stupidity (Reply #1)

Fri Jun 14, 2013, 10:03 PM

3. yes i know this, sad sally.

 

but this isn't the eye of sauron we're talking about. big brother is not godlike, IRL.

i'm saying if one wanted to send an unbreakable and untraceable message, how would one go about it? how would you do it? i would start with principles of encryption, since they are general.. that whole 'Alice' and 'Bob' and 'Carl' thing.. and consider how i wanted to whisper my message using tools that i could realistically acquire. i would weigh the relative security of my choice against the importance of the message and the capabilities of 'Carl', etc..

what about you? how would you tell your medical marijuana supplier to meet you at the corner of 4th and Easy St?

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread