[Community] hardware for secure phones

kardan kardan at riseup.net
Sat Aug 10 11:32:59 CEST 2013


there was the question what kind of tools we should focus on weeks ago.
Here is some direction Eleanor Saitta gave regarding the development of
security tools with her talk on OHM recently:

"If you say, we’re gonna  segment this problem, let’s say you have a
phone, instead of it just being a phone I’m just gonna make it a WIFI
dongle and a phone and the wifi dongle has some LEDs on that aren’t
being used for anything and I pack a firewall and a deep packet
inspection tool on that wifi dongle and if it sees anything that it
thinks looks weird it lights up an LED and if it sees something, hey,
you got something I think looks like voice traffic, it lights up an
LED… and then you look at your phone and you see, wait, I’m not in a
call why does this thing have this voice traffic LED going on, and now
I can do something. Maybe, you know, I’m still owned and I don’t know
any techies and I can’t really do anything but I can say, my phone is
acting weird and I think it’s owned. Then my wifi dongle is wrong,
something in this set of things is no longer acting correctly. Ok, now
I can take some kind of corrective action, maybe, I’m gonna go and put
my phone in the fridge and have this conversation in another room or
I’m going to leave my phone in the bus so it rides around town for a
few hours while I go to the airport or whatever.

The thing you actually need to do is, you put a user in a place where
they can affect what the outcome is for them. This is how you look at a
security problem and take a theory of change and drive it all the way
through. If you’re not doing that and you’re designing tools, you’re
probably wasting everyone’s time."

Maybe you think this is off the ground, but I am pretty sure in the
future we could run into situations when users ask "why did no developer
ever think of that possibility and did something about it". What do you

"So, hacker culture is kind of at a crossroads. For a long time it was
totally cool that, you know what, I don’t really want to be political,
because I just like to reverse code and it’s a lot of fun, and I don’t
really have time for politics cause I spend thirteen hours a day
looking at Shell code and socialism takes too long. That was great for
a while, but we don’t get to be apolitical anymore." "If you’re
apolitical, you’re aiding the enemy."


Kardan <kardan at riseup.net>
Encrypt your email: http://gnupg.org/documentation
Public GPG key 9D6108AE58C06558 at hkp://pool.sks-keyservers.net
fpr: F72F C4D9 6A52 16A1 E7C9  AE94 9D61 08AE 58C0 6558
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: not available
URL: <http://lists.goldelico.com/pipermail/community/attachments/20130810/c1a1ebae/attachment.asc>

More information about the Community mailing list