Slashdot Mirror
CyanogenMod Integrates Text Message Encryption
sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages."
Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.
The most important part of any crypto communication system is key exchange. Looks like this protocol uses automated SMS key exchange, and implementations should store keys similar to SSH. It's trivial to MITM, but it's a high risk attack because people can simply meet in person to compare keys.
Seriously, why are The People trying to play Spy vs Spy with their own government? The government owns the internet. It's as silly to encrypt your license plate as it is your text messages. You have no way to do so. If you're able to send a text, then you're using a carrier of some kind. That carrier has no control over the government's ability to get the data if the government wants to.
Isn't that the whole point of this project? It allows you to encrypt your data, so unless you think the government has a secret back door into every encryption algorithm, when you encrypt your data, the government can't see it. They may still be able to see who you're talking to (a TOR-like extension might help), but they won't know what you're saying unless they compromise your phone (or happened to compromise the key exchange).
Remember, it's metadata that we're talking about. "Who talked to who - and what time(s)". Linking people together is what it's all about. They don't need to know what you're talking about, so long as they know who you're talking to.
Despite what the NSA wants you to think, it's not just "Metadata" -- any analyst who believes that a conversation is with a foreign correspondent can retrieve the entire contents of the conversation -- text, email, etc with nothing more than a slightly better than 50% belief that one party in the conversation is foreign. No warrants or other oversight required.
Do you think the government should be able to retrieve your private conversations on an analyst's "hunch"?
How do you feel about the private contractor that's doing the snooping knowing what you've had for dinner and that your wife has breast cancer and selling that information to companies who can now try to sell you miracle cancer cures? How comfortable are you with prospective employers knowing your child has autism and needs extra attention, which might possibly mean more absences from work?
Remember, most of the data collection and first-level analysis is not done by "the government" but by a private company that works for the government. And, that private company has corporate clients besides the government. How comfortable are you knowing that anyone who can afford to pay having access to all your personal communications?
And what happens that day you disagree with what the government is doing? How comfortable are you knowing that you're planning to go to a political demonstration? How comfortable are you with your boss or potential employer knowing?
How comfortable are you with a techie with anti-social tendencies having access with all your family's communication? Your wife's, your daughter's? Because who do you think is working for that private contractor who's working for the government?
You are welcome on my lawn.