05.04
Allright.
It’s no secret that the May installment of the Technology Bytes Geek Gathering is happening this Friday night at the Coffee Groundz in Midtown Houston, but what if it were? How would you go about protecting said secret? Do you have the tools it would take to keep this
meeting of magnificent minds on the DL? On the Point 00243? (That’s the inverse of 4 1 1.)
The move from analog to digital cellular networks gave us all a slight reprise from the casual creep eavesdropping on our calls, but it’s no great secret that Uncle Sam can check up on our voice communications at will, pending the proper paperwork. If I were to place a call to Dwight right now to tell him that the Coffee Groundz is located at 2503 Bagby and that we’d be there this Friday from 7:00 PM until close, we’d have cheap suits all over us from the time we order our first coffee, tea or other non-alcoholic beverage until we disconnect from the free WiFi and head home.
Let’s give him a call… My phone is actually dead, so we’ll have to fake this. Ring Ring. “Hey, Dwight! Allah your base are belong to us at 7:30. The gathering should be the Bomb! Gotta go – I’m shopping for vintage Anthrax t-shirts on eBay.”
See? Totally unencrypted. And…I suppose it also went out over the FM band, too. Not to worry – while many Three Letter Agencies do monitor KPFT, I’m pretty sure they take a lunch break when TechBytes comes on. We’re harmless. Mostly.
And seeing that they’re all on lunch right now, let’s take a second or two to talk conspiracy theories.
See? I think this solves the mystery of the empty trailer parked in front of the station. It’s an NSA listening post. They must re-staff it by the time Damage Control comes on, because it’s definitely still empty when Vegan World Radio takes the air. I guess they figure the vegans don’t have the energy required to mount a revolution. Wow. I think that’s a little insulting to the vegans. (Hey Vegans – you should know that the National Security Agency’s initials, NSA, are more commonly known to mean No Such Agriculture. That’s right. They want to hide all the fruits and vegetables and force everyone to eat meat.)
OK – that’s it for ConspiracyTime. Now back to fixing our phones on BarretTime.
Adding a layer of end-to-end encryption that protects everything passed between your mobile device and the device of the person you’re communicating with is really the only way to ensure that your RAIDed drives don’t get raided as you’re pulling up to the Geek Gathering. *Android* users can do this with RedPhone. Sorry, iPhone users, but you’ll have to wait a little longer for an iOS version to be released.
RedPhone provides end-to-end encryption for your mobile calls, securing your conversations so that nobody can listen in. It functions just like the normal dialer you’re accustomed to and uses your existing mobile number for addressing, so there’s no need to have yet another identifier or account name. If you know someone’s mobile number, you know how to call them using RedPhone. And when you receive a RedPhone call, your phone will ring normally, even when it’s asleep.
Of course, you’ll still have to provide your own Cone of Silence.
Just like that reference, RedPhone is probably pertinent only to those over-35, as all the kids these days are texting.
If you’re young, or just young at heart, you’ll want to check out TextSecure, again for the Android Mobile Operating System. TextSecure is a drop-in replacement for the standard text messaging application, allowing you to send and receive text messages as you normally would. All text messages sent or received with TextSecure are stored in an encrypted database on your phone, and text messages are encrypted during transmission when communicating with someone else also using TextSecure. This also means that should you lose your phone, you won’t divulge the contents of any surreptitious SMSs.
Both RedPhone and TextSecure are available for free on the Android Market.
Now, these only work if you completely trust your phone. Which I do. I’m pretty confident that my stock 2.2.3 Android install on my Nexus One is free from government back doors, malware and the like, but what if you don’t trust Google’s stated desire to not be evil?
And do you trust that “Angry birds walkthrough” you downloaded? Or that “Office Space soundboard”? You really have no idea what those programs are doing behind the scenes unless you take control of your phone at a much lower level so that you can police what applications are allowed to communicate with the outside world.
If you want to swap out the kernel that came with your phone for one you can trust, look no further than WhisperCore. WhisperCore is a secure Android platform dedicated to providing the security and management features necessary for transforming a consumer phone into an enterprise-class device. It provides full device level encryption for your phone, and can encrypt any attached SD card as well.
WhisperCore comes with WhisperMonitor, a software firewall capable of dynamic egress filtering and real-time connection monitoring, giving you control over where your data is going and what your apps are doing.
Unfortunately, installing these packages takes a little more commitment than clicking through a couple of screens on the Android Market. You’ll need to load an installer on your Mac, Linux or Windows PC, completely back up your phone, and go down the “road of secure communications” knowing that there’s no way back, both in terms of paranoia and in restoring your phone’s original firmware.
Luckily, we want *everybody* to know about the May Geek Gathering, so there’s no need to risk bricking your phone. Of course, if you’re up for it, I only ask that you wait until this Friday night to give it a go. If things don’t go as planned, you can always see what’s required to hack together a new phone from Arduino parts, a SIM card and a small GPRS radio. We’ll also have several radio-controlled blinky lights to help you find your happy place, as well as a ton of HexBug Nanos to play with.
Now, I’d spend some time talking about how to secure your email using PGP encryption plugins for popular mail clients, like the Gnu Privacy Guard for Outlook, Thunderbird and Evolution, but again, all the kidz these days are using FaceBook.
So… Here’s what you need do to make your FaceBook communications secure:
( . . . . )
That’s it for your concealed communications codex and that’s that for BarretTime.
