Tor-Enabled Smartphone Is Antidote To Google 'Hostility' Over Android, Says Developer

An anonymous reader quotes a report from Ars Technica: The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone -- an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router.

As much exectation of privacy as you can afford

[rectalfeeding]

The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys."

As long as it remains "as much privacy and security as you can afford", while the masses opt for sub $50 phones that treat them like cattle... What we need is herd level expectations of privacy. FOSS top to bottom, lowest barriers to forking competing alternatives. I only trust upstreams that don't behave as though not trusting them is a bad thing.

Tor stinks of Honeypot

Tor is very very borked.

NSA and GCHQ planned to create enough entry and exit nodes to shape the traffic. This was done.
They planned to put in attack nodes to exploit bugs in Firefox. This was done.
They planned to put in attack nodes and exploit bugs in servers. This was done.
They presumably planned to put friendlies into Tor foundation, and given their behavior that was done too.

If you consider the 'obsfucation nodes', to hide use of Tor, you can request an undocumented entry node via GMail. Gmail the system with the NSA PRISM interface, and connected to physical android phones, and Google Play credit card details, a microphone, camera and comms, all under remote control.
So as soon as you request an obsfucation node, you would be flagged as interesting for surveillance and that could include listening in on your devices, given the facilities of smartphones these days. Tor made this choice to deliver obsfucation nodes, *AFTER* the PRISM interface had been revealed by Snowden. Why exactly would they make such a choice if they weren't borked.

But of course NSA would never do that, they'd never for example, spy on your emails of politicians to keep a man who got fewer votes in power. He'd never work with hackers to undermine a democracy because he's an honest businessman hiding nothing. NOT. The new Trump reality means if its a USA system its a hostile-to-freedom system. Any warm feelings you have for NSA, put them aside, their management will get stuffed full of traitors more faithful to Trump than to America, and certainly not your friends.

Avoid Tor. It's a trap.

To do it properly, let's dump Android

[hughbar]

As far as I'm concerned Android is a sticky layer of ugliness, spyiness, syrupiness and general insecurity attached with sticky tape onto the top of a Linux kernel. Most of this shit is written in Java, the COBOL of the 1990s with it's murky license and endless lines of code, to do one little thing.

Secondly as I've said here: https://slashdot.org/comments.... I hate apps, now a more influential commentator has followed this line of thought, this week: https://medium.com/javascript-... They break the philosophy and freedom of the web, as if Facebook etc. hadn't done that already (as a friend said, I used to surf but now I visit 'sites').

All in all, my old friend William of Ockham: https://en.wikipedia.org/wiki/... is spinning in his grave right now and dreaming of a non-Android, non 'apps', non-commercially tied future. Like John Lennon, I'm probably dreaming, but just 'imagine'...