The session was proposed and initiated by Nathan Freitas and focuses on four general areas -- security, privacy, anonymity, and technology.
Anonymity Needs
* Dataset anonymity at collection point -- by indirection?
* Anonymous redialer -- Google Voice, OpenBox.com possible tools
* Short messages are easier to anonymize
* TOR on the Android phone (see http://openideals.com/2009/10/22/orbot-proxy/)
-- Avoids man-in-the-middle attack
-- Also used by law enforcement
* Make anonymity and anti censorhip the everyday habits
* All phones support VPN now -- why shouldn't we all use it?
* Proper government regulation is necessary to
* Spoofing: packets look innocent and don't draw attention.
- HayStack mentioned as stegonagraphy tool
Privacy+Security Needs
* Dialer on Android is open source so can program to not log (select) calls.
* See Shadow -- browser that doesn't log.
* Documentary film -- subjects at more risk with new media exposure.
* Citizen journalism -- Ushahidi, frontline SMS, Alive Iran, SMS reports, voice calls.
-> Reporting exposes you. Problem with crowdsourcing as well.
* Education/guidelines about security, paranoia
* Encrypting draws attention -- sometimes better to be clear
* World Institute for Mobile Privacy (WIMP)
* Mobile Active has a mobile security guide (http://mobileactive.org/howtos/mobile-surveillance-primer)
* Using secure gmail
-- Reports in Burma that man in the middle attacks are launched. The Internet Service Provider gives you a fake SSL cert, so you think you are secure, but you are not.
* A "HELP I'M CAPTURED' beacon
-- Involves 911/GPS alert/Wipe of Device
* Possible worries
-- Tracking in repressive countries
-- Matching by computers.
-- Traffic analysis
* Possible use: Mediation and Negotion
-- requires confidentiality as migrating from web to mobile technology
Tools/Technology for Supporting Security
Name | Platform | Privacy (network), Encryption (device), Anonymity |
CryptoSMS | J2ME | P, E |
Crypto apps | Android | P, E |
Remote Wipe | Android | P |
Orbot (TOR) | Android | P, E, A |
Shadow (Browser) | Android | P (doesn't log) |
OpenVPN | Smartphones | P, E |
PPPT | ||
Guardian | Android | P, E, A |
SIPdroid | Android | P, E, voice |
Skype | iPhone, Windows Mobile |
P voice |
XMPP Android (can be secured)
OTR (off the record) messaging