Maybe it will kick-start companies to do more battery research. Better batteries will fundamentally change a lot of items, especially transportation. Get a battery to 1/10 the energy density per volume as gasoline, and you won't need internal combustion engines anymore. Get battery tech cheaper, and Tesla Powerwall like whole-house UPS systems become common, which can allow battery banks to charge when it is cheapest, as well as provide a couple hours of power if the grid drops.
You can have a national ID system, but the way it likely will be designed will be a jackpot for all well-heeled attackers.
Instead, why not a national ID system based on certificates? For example:
When someone turns 21 here in the US, the country they were born in signs a certificate stating that the owner is over 21. This way, a bar owner has 100% cryptographic proof that someone is of legal age to drink... but doesn't need to know their name or any other info about the person.
If a degree from an accredited school is required, the school signs the ID with a cert showing the degree. That way, it doesn't matter who the person is... but the cert is valid.
Going into short-lived certs, one can have a cert signed by the FBI stating that there are no priors on the RAP sheet. This cert can be valid for a few days. Again, it solves the purpose and gives no data out.
Even credit records, Equifax or whatnot can sign a certificate stating someone's FICO score is over 700, ensuring they have an easy track for qualifying for a house. Since all this requires is a HSM to do the signing, it can be made well secured, with the actual scores being on an air-gapped database.
If we go with certificates, it means that one's privacy is kept, but the legal needs for stuff (age, no criminal history) are met. Add an option for the ID card holder to only show certs that are relevant, and this makes for an extremely private ecosystem.
Secure as well, since the only real points of attack are the cryptosystem (good luck), endpoint cards (which would only compromise users singly), and a signing cert holder (which only affects them). The only real single point of failure would be the physical ID card itself.
An uneducated populace is easy to rule. Divide and conquer. Make them think an enemy is under every bad. Have them call the police rather than interact meaningfully with their neighbors. Keep them in their own echo chambers on social media. Encourage them to unfriend/block/unfollow people who don't march lock-step to their political leanings. Replace critical thinking and the three "r"s with the three "C"s: Confirm, Comply, and Consume.
An educated populace will have none of that. They will go and recall a candidate who makes them pay more taxes while giving breaks to a wealthy few. They will have a candidate tarred/feathered/railed if the candidate is a proven liar. This is why politicians abhore educated folk.
Typo city. tl;dr Preemptive multitasking is what made OS X a major step for Apple, and a major improvement. Applications made from System 1-7 and macOS 8-9 had to be extremely well coded, or else they would take down the entire machine.
Setting reliability is its own can of worms. Someone on one side of the fence can consider Alex Jones a reliable source. Someone with other beliefs can say that RT is a shining light of truth. Still others may only green-light the Onion as a trustworthy source.
What might be a reliable source is allowing individuals themselves to set the trustworthy sliders themselves, with the ability for them to use other people's settings as weight for their own news moderation. For example, if I know someone who I respect, it would be useful to allow them to select results.
OS X was one of the best things that ever happened to Apple. System 7 to OS 9 were preemptive multitasking, where if one program didn't call a WaitNextEvent(), the entire OS would freeze, necessitating a hard reset. In fact, one had to reboot their Mac every 2-3 hours because their OS was so unstable. These were Apple's dark ages, because all but really dedicated people left the Mac platform either because they could get more work done on Windows, or the fact that they could do some cool tinkering on Linux. If it were not for NeXTStep, Apple likely would not have survived, or if so, it would have been in some diminished capacity (like being bought out by Sun.)
Apple can innovate, but historically, they tend to go into markets after the original pioneers have dealt with the slings and arrows. Had Apple stepped into the MP3 market any sooner, they would have to battle the RIAA on RIAA's turf, and the iPod would be a completely different offering, if it didn't get stomped out of existance. Diamond's Pyrrhic victory was a stepping stone for Apple to get into that market.
It would be nice for Apple to get back into "bread and butter" computing. Apple used to be a one stop shop, where if one had an problem, they could call Apple to deal with everything from the printer, monitor, OS, hardware, and even the application. No finger pointing to vendors who point the finger right back. I know there would be a market if Apple would start selling "everyday" devices again. Things like a Time Capsule with two drives for RAID, a decent laser printer/scanner/copier, or a hardened server designed where IoT devices communicated with it, and it would allow/deny communication, as a way to keep remote attackers at bay, especially if it could use Z-wave.
Apple could even make money by making their own removable media format for backups (perhaps licensing Sony's optical formats or high density tape formats) , and it would sell well.
Encryption wouldn't be needed, but signing would be important. However, how does one offer this? An encrypted stream takes very little overhead to keep going with, because block and stream ciphers are very efficient. However, plaintext signing is a different ball game together. How do you sign a stream?
If one has time for this, there is nothing wrong with paper and pencil. There are always balances when it comes to security. For a SOHO business, barring a targeted attack specifically at that business by a well-heeled organization, having a PC with a dedicated virtual machine [1] just for the accounting software, a NAS with at least RAID 1 for fast local backups for bare metal restores, and an offsite backup using Arq for documents. Arq provides AES encryption, and works with S3 and other providers. For backing to the NAS, Veeam is good for that (as it also offers encryption).
For physical security, BitLocker or VeraCrypt on the machine itself.
If one uses a Mac, 10.13.x can me formatted from the get-go using encrypted APFS volumes, so you can specify a long and hairy disk password that would need to be typed in before it allows a user to authenticate. You can always let the user's PW unlock the disk as well, but having them separate ensures that a reboot forces a would-be intruder to have to deal with a very long, infrequently typed in PW. From there, Arq can back up to S3 or other providers, and one can use Time Machine with most NAS offerings. For virtualization [2], Virtualbox, Parallels, or VMWare Fusion can run the finance stuff isolated from everything else, and as far as I am aware, there isn't any malware out there currently which will jump from a host machine to a VM.
[1]: With Windows 10, might as use Hyper-V.
[2]: I'm glad Apple got with the times and now has a real filesystem. Now, they need a hypervisor. Every other mainstream OS (Linux, Windows, *BSD) has the ability to run some type of tier 1 hypervisor, be it Hyper-V, Xen, or KVM. Virtualization is critical to security these days.
There are a lot of places that enacted laws that require data to be stored on local servers to that country. Russia, and the EU require this. China requires not just this, but 51% ownership of any venture on their soil.
What is surprising is that the US doesn't have these rules. Critical info on US citizens can be stored anywhere, even a hostile nation that would use that info for its economic or military gains.
I wonder if websites might move to a proof of work model, where their miner would have to execute for n cpu cycles for access to pages to be granted. I can see this becoming an alternative to advertising, especially with smartphone CPUs so relatively fast.
There are drivers for older Macs to allow the latest macOS to install on them. You have to turn off SIP and keep it off, since the kexts used are definitely not signed... but if you want that black MacBook from 2008 to run High Sierra, it is doable.
I've been using a self-destruct button since I was using Exchange on my phone back in 2006, where I could remote wipe it should the need arise.
The key is maintaining access/control of your account. Apple has done some changes, but they do have 2FA available (although it would be nice if they offered a standard Google Authenticator QR code method as well.)
Then there are backups. This is what Time Machine and services like CrashPlan or Backblaze are for. If you like packing your own parachute, buy/use Arq and Amazon S3 to stash your data securely.
They won't. "Security has no ROI" has been a mantra for the industry, and virtually the entire IoT campaign since its inception. Plus, with companies able to get away scot-free no how egregious the breach by saying, "we can't do anything, the hackers are too good" almost institutionalize the fact that shit for security is the standard.
A "cat 1" breach is inevitable. I was at a meeting with someone from a Congressional committee several years back stating that an intrusion that would cause massive destruction and loss of life is going to happen. However, luckily it hasn't. I hope it doesn't, because I'm sure laws will hit the books like the CFAA which might get some teenager arrested and jailed for 20 years because they found perl world executable on their school's webserver, but won't do a single thing against organizations overseas who are well-heeled.
What we need to do is have governments stop focusing on scare tactics and start tackling this problem in a methodical way:
1: An organization like UL (Underwriters Labs) which does security testing, and does similar to Europe's Sold Secure. A Sold Secure Bronze router may be something OK, but a Sold Secure Gold router would be designed from the ground up using a secure microkernel OS with MAC/DAC protection on everything, specialized CPU, multiple cryptographic signatures on ROM images, source code audited by a clued third party or an organization like NIST, etc.
2: Since most regulations (FERPA, FedRAMP, FISMA, HIPAA, CJIS, SOX, PCI-DSS, etc.) have overlapping items, take the core ones that all of them cover, and have a certification which allows for random auditing at any time without notice.
3: Have multiple different certifying agencies, so regulatory capture becomes less of an issue.
4: More data privacy laws like the EU should be enacted. That way, a company getting massively compromised might feel more than a few days of bad PR.
There are technologies which are truly disruptive. However, other than ways to spooge ads and siphon data, there has been little to nothing that has been actually truly changing how people work day to day. The biggest change that happened recently with regards to actual workflow was tablets killing netbooks on the low end. Otherwise, what we are doing in 2017 is almost identical to what we are doing in 2010.
The problem is that truly disruptive technologies will get either bought out or just stomped out of existance, which is why virtually nothing has changed for everyday life, other than more privacy intrusions and the push from vendors to sell us crappy IoT devices which are usually security nightmares and will remain so until thrown away.
Then there is shit like actively MITMing traffic which some telcos did, where they actively added in UIDH headers into HTTP traffic as a way to ID people. T-Mobile was one of the few that didn't do this.
I get no warm fuzzies about this merger unless Sprint is completely absorbed and Magenta's DNA stays the same.
I wish Apple would allow combinations of authentication methods, especially with something like an Apple Watch, where the iPhone could tell if the other device was near or not. That way, if the watch was nearby, the fingerprint scanner, voiceprint scanner, or face scanner would suffice. If the watch (or another BT object) was not around, demand the entire full length passphrase.
This would be useful for travel in dodgy areas. If the phone gets stolen, have an option for additional security be be activated.
Who is buying out whom? T-Mobile buying out Sprint is fine with me, but I really don't like the other way round, since I've not really been happy with Sprint's CS over the years.
Apple has a lot to lose if people find out the Secure Enclave is not doing what Apple said. Unlike Google, who is hard to avoid, consumers can give Apple the middle finger quite easily and jump ship. Apple's good name is why people pay more for their hardware.
Of all the companies that have large databases on people, I would expect Apple to be the most worried if they got compromised, mainly because of the "boutique" status of their products, and the relative ease it is to jump ship, either from macOS to Windows (or even Linux), or from iOS to Android.
I bought an el cheapo LG phone (LG Stylo 3) with a fingerprint scanner on the back, and it worked surprisingly well. I don't see why Apple doesn't offer this with the iPhone X. That way, one has the best of both worlds. Plus, the fingerprint scanner gives a definite, deliberate "authenticate this" ability, compared to passive facial recognition, which is important for payments.
It is already out. Back in 2014, the HTC device I used had a very good form of facial recognition. People just didn't seem to be interested in using it, because tapping your finger on a scanner is easier than positioning the phone to grab your visage before using it. It also makes things like payment methods a tad awkward. Right now, Apple Pay consists of tapping twice near a NFC reader, and a beer drops out of the vending machine. FaceID means trying to authenticate to that while positioning the phone close enough to the NFC reader of the merchant.
It isn't a bad technology... and it is an additional authentication method... but fingerprint scanners are great for convenience.
I have a HTC Android phone that does fingerprint and facial unlocking, and works well with both. You lift the phone up, it recognizes you (optionally can be set to not allow unlock until the eyes blink), and go on. Android offers other ways to unlock as well, via proximity to Bluetooth devices, presence on trusted SSIDs, safe geofenced areas, and so on.
What I'd like to see is a combination of that. Have a Bluetooth transponder on my keychain, where if the phone detects it, then use a fingerprint or face scan. Otherwise, prompt for the passphrase [1]. That way, if my phone walks off, I kill the keychain transponder, and a would-be intruder has ten guesses.
[1]: With how easy fingerprint access is, I set at least a 20-30 character password. Especially Android devices where you can have a different boot passphrase than the screen unlock, so the boot PW can be long enough to deter most brute forcing by itself, without needing any enforcement from hardware.
There was a decent keyboard app, but forgot the name, which was great for UNIX stuff, and offered a bunch of customizations, be it arrow keys, key size, color, and a lot of other options. I think it was Swiftkey, but not sure.
Of course, the nice thing about Android and a rooted device... the keyboard could be firewalled, just in case it decided to try to phone home.
With a blockchain readable to the world, and arguably the best cryptographic minds designing it? I don't think it really evades government control, as shifts power. Wallet owners may be anonymous, but their transactions are forever.
I really would not want to be buying anything illegal with BTC.
With security standards as they stand today, claiming the highest can be just as easy as not falling off the floor.
What is really needed is for an open standards body to function like UL, and have a set of security certifications for devices. Perhaps with a Sold Secure type of gold/silver/bronze level as well, where with the higher levels, the device is on more secure OS, there is auditing, the CPU is secure, and so on. Something where Joe Sixpack who wants something secure can buy something decent, or spend the bucks for something certified as more secure.
We have a powerful tool for security on almost all recent CPUs -- virtualization. Done right, this can immensely improve security, even on embedded devices. Even the el cheapo ARM CPUs have this built in.
Slashdot Mirror
Maybe it will kick-start companies to do more battery research. Better batteries will fundamentally change a lot of items, especially transportation. Get a battery to 1/10 the energy density per volume as gasoline, and you won't need internal combustion engines anymore. Get battery tech cheaper, and Tesla Powerwall like whole-house UPS systems become common, which can allow battery banks to charge when it is cheapest, as well as provide a couple hours of power if the grid drops.
You can have a national ID system, but the way it likely will be designed will be a jackpot for all well-heeled attackers.
Instead, why not a national ID system based on certificates? For example:
When someone turns 21 here in the US, the country they were born in signs a certificate stating that the owner is over 21. This way, a bar owner has 100% cryptographic proof that someone is of legal age to drink... but doesn't need to know their name or any other info about the person.
If a degree from an accredited school is required, the school signs the ID with a cert showing the degree. That way, it doesn't matter who the person is... but the cert is valid.
Going into short-lived certs, one can have a cert signed by the FBI stating that there are no priors on the RAP sheet. This cert can be valid for a few days. Again, it solves the purpose and gives no data out.
Even credit records, Equifax or whatnot can sign a certificate stating someone's FICO score is over 700, ensuring they have an easy track for qualifying for a house. Since all this requires is a HSM to do the signing, it can be made well secured, with the actual scores being on an air-gapped database.
If we go with certificates, it means that one's privacy is kept, but the legal needs for stuff (age, no criminal history) are met. Add an option for the ID card holder to only show certs that are relevant, and this makes for an extremely private ecosystem.
Secure as well, since the only real points of attack are the cryptosystem (good luck), endpoint cards (which would only compromise users singly), and a signing cert holder (which only affects them). The only real single point of failure would be the physical ID card itself.
An uneducated populace is easy to rule. Divide and conquer. Make them think an enemy is under every bad. Have them call the police rather than interact meaningfully with their neighbors. Keep them in their own echo chambers on social media. Encourage them to unfriend/block/unfollow people who don't march lock-step to their political leanings. Replace critical thinking and the three "r"s with the three "C"s: Confirm, Comply, and Consume.
An educated populace will have none of that. They will go and recall a candidate who makes them pay more taxes while giving breaks to a wealthy few. They will have a candidate tarred/feathered/railed if the candidate is a proven liar. This is why politicians abhore educated folk.
Typo city. tl;dr Preemptive multitasking is what made OS X a major step for Apple, and a major improvement. Applications made from System 1-7 and macOS 8-9 had to be extremely well coded, or else they would take down the entire machine.
I stand corrected. Meant cooperative multitasking... a quality of UNIX since bygone times. Thank you.
Setting reliability is its own can of worms. Someone on one side of the fence can consider Alex Jones a reliable source. Someone with other beliefs can say that RT is a shining light of truth. Still others may only green-light the Onion as a trustworthy source.
What might be a reliable source is allowing individuals themselves to set the trustworthy sliders themselves, with the ability for them to use other people's settings as weight for their own news moderation. For example, if I know someone who I respect, it would be useful to allow them to select results.
OS X was one of the best things that ever happened to Apple. System 7 to OS 9 were preemptive multitasking, where if one program didn't call a WaitNextEvent(), the entire OS would freeze, necessitating a hard reset. In fact, one had to reboot their Mac every 2-3 hours because their OS was so unstable. These were Apple's dark ages, because all but really dedicated people left the Mac platform either because they could get more work done on Windows, or the fact that they could do some cool tinkering on Linux. If it were not for NeXTStep, Apple likely would not have survived, or if so, it would have been in some diminished capacity (like being bought out by Sun.)
Apple can innovate, but historically, they tend to go into markets after the original pioneers have dealt with the slings and arrows. Had Apple stepped into the MP3 market any sooner, they would have to battle the RIAA on RIAA's turf, and the iPod would be a completely different offering, if it didn't get stomped out of existance. Diamond's Pyrrhic victory was a stepping stone for Apple to get into that market.
It would be nice for Apple to get back into "bread and butter" computing. Apple used to be a one stop shop, where if one had an problem, they could call Apple to deal with everything from the printer, monitor, OS, hardware, and even the application. No finger pointing to vendors who point the finger right back. I know there would be a market if Apple would start selling "everyday" devices again. Things like a Time Capsule with two drives for RAID, a decent laser printer/scanner/copier, or a hardened server designed where IoT devices communicated with it, and it would allow/deny communication, as a way to keep remote attackers at bay, especially if it could use Z-wave.
Apple could even make money by making their own removable media format for backups (perhaps licensing Sony's optical formats or high density tape formats) , and it would sell well.
Encryption wouldn't be needed, but signing would be important. However, how does one offer this? An encrypted stream takes very little overhead to keep going with, because block and stream ciphers are very efficient. However, plaintext signing is a different ball game together. How do you sign a stream?
If one has time for this, there is nothing wrong with paper and pencil. There are always balances when it comes to security. For a SOHO business, barring a targeted attack specifically at that business by a well-heeled organization, having a PC with a dedicated virtual machine [1] just for the accounting software, a NAS with at least RAID 1 for fast local backups for bare metal restores, and an offsite backup using Arq for documents. Arq provides AES encryption, and works with S3 and other providers. For backing to the NAS, Veeam is good for that (as it also offers encryption).
For physical security, BitLocker or VeraCrypt on the machine itself.
If one uses a Mac, 10.13.x can me formatted from the get-go using encrypted APFS volumes, so you can specify a long and hairy disk password that would need to be typed in before it allows a user to authenticate. You can always let the user's PW unlock the disk as well, but having them separate ensures that a reboot forces a would-be intruder to have to deal with a very long, infrequently typed in PW. From there, Arq can back up to S3 or other providers, and one can use Time Machine with most NAS offerings. For virtualization [2], Virtualbox, Parallels, or VMWare Fusion can run the finance stuff isolated from everything else, and as far as I am aware, there isn't any malware out there currently which will jump from a host machine to a VM.
[1]: With Windows 10, might as use Hyper-V.
[2]: I'm glad Apple got with the times and now has a real filesystem. Now, they need a hypervisor. Every other mainstream OS (Linux, Windows, *BSD) has the ability to run some type of tier 1 hypervisor, be it Hyper-V, Xen, or KVM. Virtualization is critical to security these days.
There are a lot of places that enacted laws that require data to be stored on local servers to that country. Russia, and the EU require this. China requires not just this, but 51% ownership of any venture on their soil.
What is surprising is that the US doesn't have these rules. Critical info on US citizens can be stored anywhere, even a hostile nation that would use that info for its economic or military gains.
I wonder if websites might move to a proof of work model, where their miner would have to execute for n cpu cycles for access to pages to be granted. I can see this becoming an alternative to advertising, especially with smartphone CPUs so relatively fast.
There are drivers for older Macs to allow the latest macOS to install on them. You have to turn off SIP and keep it off, since the kexts used are definitely not signed... but if you want that black MacBook from 2008 to run High Sierra, it is doable.
I've been using a self-destruct button since I was using Exchange on my phone back in 2006, where I could remote wipe it should the need arise.
The key is maintaining access/control of your account. Apple has done some changes, but they do have 2FA available (although it would be nice if they offered a standard Google Authenticator QR code method as well.)
Then there are backups. This is what Time Machine and services like CrashPlan or Backblaze are for. If you like packing your own parachute, buy/use Arq and Amazon S3 to stash your data securely.
They won't. "Security has no ROI" has been a mantra for the industry, and virtually the entire IoT campaign since its inception. Plus, with companies able to get away scot-free no how egregious the breach by saying, "we can't do anything, the hackers are too good" almost institutionalize the fact that shit for security is the standard.
A "cat 1" breach is inevitable. I was at a meeting with someone from a Congressional committee several years back stating that an intrusion that would cause massive destruction and loss of life is going to happen. However, luckily it hasn't. I hope it doesn't, because I'm sure laws will hit the books like the CFAA which might get some teenager arrested and jailed for 20 years because they found perl world executable on their school's webserver, but won't do a single thing against organizations overseas who are well-heeled.
What we need to do is have governments stop focusing on scare tactics and start tackling this problem in a methodical way:
1: An organization like UL (Underwriters Labs) which does security testing, and does similar to Europe's Sold Secure. A Sold Secure Bronze router may be something OK, but a Sold Secure Gold router would be designed from the ground up using a secure microkernel OS with MAC/DAC protection on everything, specialized CPU, multiple cryptographic signatures on ROM images, source code audited by a clued third party or an organization like NIST, etc.
2: Since most regulations (FERPA, FedRAMP, FISMA, HIPAA, CJIS, SOX, PCI-DSS, etc.) have overlapping items, take the core ones that all of them cover, and have a certification which allows for random auditing at any time without notice.
3: Have multiple different certifying agencies, so regulatory capture becomes less of an issue.
4: More data privacy laws like the EU should be enacted. That way, a company getting massively compromised might feel more than a few days of bad PR.
There are technologies which are truly disruptive. However, other than ways to spooge ads and siphon data, there has been little to nothing that has been actually truly changing how people work day to day. The biggest change that happened recently with regards to actual workflow was tablets killing netbooks on the low end. Otherwise, what we are doing in 2017 is almost identical to what we are doing in 2010.
The problem is that truly disruptive technologies will get either bought out or just stomped out of existance, which is why virtually nothing has changed for everyday life, other than more privacy intrusions and the push from vendors to sell us crappy IoT devices which are usually security nightmares and will remain so until thrown away.
Then there is shit like actively MITMing traffic which some telcos did, where they actively added in UIDH headers into HTTP traffic as a way to ID people. T-Mobile was one of the few that didn't do this.
I get no warm fuzzies about this merger unless Sprint is completely absorbed and Magenta's DNA stays the same.
I wish Apple would allow combinations of authentication methods, especially with something like an Apple Watch, where the iPhone could tell if the other device was near or not. That way, if the watch was nearby, the fingerprint scanner, voiceprint scanner, or face scanner would suffice. If the watch (or another BT object) was not around, demand the entire full length passphrase.
This would be useful for travel in dodgy areas. If the phone gets stolen, have an option for additional security be be activated.
Who is buying out whom? T-Mobile buying out Sprint is fine with me, but I really don't like the other way round, since I've not really been happy with Sprint's CS over the years.
Apple has a lot to lose if people find out the Secure Enclave is not doing what Apple said. Unlike Google, who is hard to avoid, consumers can give Apple the middle finger quite easily and jump ship. Apple's good name is why people pay more for their hardware.
Of all the companies that have large databases on people, I would expect Apple to be the most worried if they got compromised, mainly because of the "boutique" status of their products, and the relative ease it is to jump ship, either from macOS to Windows (or even Linux), or from iOS to Android.
I bought an el cheapo LG phone (LG Stylo 3) with a fingerprint scanner on the back, and it worked surprisingly well. I don't see why Apple doesn't offer this with the iPhone X. That way, one has the best of both worlds. Plus, the fingerprint scanner gives a definite, deliberate "authenticate this" ability, compared to passive facial recognition, which is important for payments.
It is already out. Back in 2014, the HTC device I used had a very good form of facial recognition. People just didn't seem to be interested in using it, because tapping your finger on a scanner is easier than positioning the phone to grab your visage before using it. It also makes things like payment methods a tad awkward. Right now, Apple Pay consists of tapping twice near a NFC reader, and a beer drops out of the vending machine. FaceID means trying to authenticate to that while positioning the phone close enough to the NFC reader of the merchant.
It isn't a bad technology... and it is an additional authentication method... but fingerprint scanners are great for convenience.
I have a HTC Android phone that does fingerprint and facial unlocking, and works well with both. You lift the phone up, it recognizes you (optionally can be set to not allow unlock until the eyes blink), and go on. Android offers other ways to unlock as well, via proximity to Bluetooth devices, presence on trusted SSIDs, safe geofenced areas, and so on.
What I'd like to see is a combination of that. Have a Bluetooth transponder on my keychain, where if the phone detects it, then use a fingerprint or face scan. Otherwise, prompt for the passphrase [1]. That way, if my phone walks off, I kill the keychain transponder, and a would-be intruder has ten guesses.
[1]: With how easy fingerprint access is, I set at least a 20-30 character password. Especially Android devices where you can have a different boot passphrase than the screen unlock, so the boot PW can be long enough to deter most brute forcing by itself, without needing any enforcement from hardware.
There was a decent keyboard app, but forgot the name, which was great for UNIX stuff, and offered a bunch of customizations, be it arrow keys, key size, color, and a lot of other options. I think it was Swiftkey, but not sure.
Of course, the nice thing about Android and a rooted device... the keyboard could be firewalled, just in case it decided to try to phone home.
With a blockchain readable to the world, and arguably the best cryptographic minds designing it? I don't think it really evades government control, as shifts power. Wallet owners may be anonymous, but their transactions are forever.
I really would not want to be buying anything illegal with BTC.
With security standards as they stand today, claiming the highest can be just as easy as not falling off the floor.
What is really needed is for an open standards body to function like UL, and have a set of security certifications for devices. Perhaps with a Sold Secure type of gold/silver/bronze level as well, where with the higher levels, the device is on more secure OS, there is auditing, the CPU is secure, and so on. Something where Joe Sixpack who wants something secure can buy something decent, or spend the bucks for something certified as more secure.
We have a powerful tool for security on almost all recent CPUs -- virtualization. Done right, this can immensely improve security, even on embedded devices. Even the el cheapo ARM CPUs have this built in.