[tor-talk] Thou shalt not use mobile phones (was: Firefox with Tor on Android?)

Jens Lechtenboerger tortalk at informationelle-selbstbestimmung-im-internet.de
Mon May 25 13:06:29 UTC 2015


On 2015-05-23, at 21:54, Mirimir wrote:

> On 05/23/2015 07:47 AM, Alexis Wattel wrote:
>
> <SNIP>
>
>> From what I know, Mike Perry's article on hardening Android is the only
>> viable *starting* point to secure an Android platform.
>> 
>> Good luck fellas! 
>
> It needs to be a dedicated device, with no links (money, accounts,
> contacts, activities, etc) to ones true name. And as Mike notes, it
> can't have a working cellular radio. Public WiFi only.
>
> <SNIP>

As this discussion has drifted away from the original topic, I
changed the subject.

I believe that the above warning against Android should really be
understood as warning against mobile phones in general: Phones are
powerful surveillance devices, easily exploitable by third parties.
I don’t think that Android phones are worse than other smartphones
in this respect.  Please correct me if I’m wrong.

As a matter of fact, people use smartphones anyways.  Some readers
here might say that smartphone users are doomed beyond help.
I don’t agree.

People may try to protect themselves (1) against targeted attacks
and targeted espionage or (2) against mass surveillance.  Both
assume different threat models, yet frequently both are mixed up,
which does not help.  I agree that I’m doomed if I attempt (1) on my
smartphone.  In fact, I don’t think that many people are skilled
enough to protect any kind of device with Internet connection
against targeted attacks.  Thinking of Stuxnet, I don’t believe that
there are many devices which can be protected against targeted
attacks at all (regardless of network connections).

Now, if we mix up cases (1) and (2) it is easy to conclude that
there is nothing one can do anyways.  Resistance appears futile, so
it’s reasonable to resign and submit to the destruction of our
privacy.  It’s the convenient, lazy route, apparently justified by
expert advice.

So, let’s consider both cases separately.  Let’s forget about (1).
We are left with (2), mass surveillance, which as the name suggests
affects the masses and should be everybody’s concern.  Mass
surveillance is based on bulk data collection, where it’s easy to
see who communicates where and when with whom, potentially about
what.  I hope that Tor is a useful tool against mass surveillance.
It’s probably safe to say that with Tor it is not “easy” any more to
see who communicates where and when with whom.  Tor users do not
offer this information voluntarily, they resist actively.

And it does not matter on what devices people use Tor.  Mass
surveillance becomes harder in any case.

So, please, be careful whom you warn how against the use of mobile
phones.  Too many people are indifferent to mass surveillance
already.  Do not join the chorus to mislead the masses in believing
that resistance is futile.

You may suggest to throw away mobile phones, of course.  I would not
expect more than disbelieve, shock, or laughter in response.
Alternatively, you may want to explain other measures—which also
work on phones: Use decentralized services, use alternative search
engines, encrypt communication, anonymize communication.

Best wishes
Jens


More information about the tor-talk mailing list