ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #03068
Re: [feature request/question] Encrypted email/sms support?
Josh
I will accept that the first two options are not really options for you, but an encryption proxy built into the phone is very practical solution to the problem and works.
The reason why you want a proxy built into the phone and not just a unified client is that a proxy will work with any messaging system (including SMS) so long as it can identify that the other end is capable and then force OTR/ZRTP between them. So you could have encrypted messaging going via MSN, wechat, Qq SMS whatever.
ZRTP standard also allows augmented data on the signalling which you can use to augment the hash from media generated keys and if your clever can be used to add all sorts of checks such as location or even public key so I would not dismiss it so easily.
As for option 2, it was used by various security services in Europe, but not so much these days unless you just want two non smart phones talking to each other using encrypted SMS. It is in fact more secure than anything you could do on your smartphone.
The algorithms used were written in C, so could be used in a smart phone to encrypt SMS. In fact it was a proxy and proves SMS could be encrypted.
Since most OS can be compromised by Fin Fisher perhaps the entire discussion is moot because no matter what YOU do on your smart phone, if you live in a country that uses gamma internationals system then your phone will be infected if your a person of interest , thus messaging encryption becomes meaningless and a mere false sense of security rather than real security.
On 18 Jul, 2013, at 6:42 AM, Alan Miller <dralanmiller@xxxxxxxxx> wrote:
> Rot is not encryption but good enough for basic privacy for many people especially if you use more than one algorithm with it, (Rot15(rot5(rot666))).
> I would prefer a full encryption proxy and OTR3/ZRTP though.
>
>
> On 18 Jul, 2013, at 6:33 AM, Alan Miller <dralanmiller@xxxxxxxxx> wrote:
>
>> Josh I think you have 3 choices.
>>
>> ONE
>> for SMS you could do unix ROT 13 a few times if you want to keep things private, although its not really encryption its good enough for most purposes and trivially easy to implement.
>>
>> https://en.wikipedia.org/wiki/ROT13
>>
>> TWO
>> Alternatively go buy some bladox SMS boards…your SIM plugs into them and then the whole thing plugs into the phone.
>>
>> THREE
>> OR design an encryption proxy which will work on all unified messages, why not ? the whole trend is towards unified messaging, nothing stopping you from SMS encryption by that means.
>>
>>
>> On 18 Jul, 2013, at 6:14 AM, Josh Leverette <coder543@xxxxxxxxx> wrote:
>>
>>> "Who uses SMS much anyway these days ? Its all IM."
>>>
>>> You have no idea how much I wish that were true. For me and my friends though, it couldn't be further from the truth. All we use is SMS, practically speaking.
>>>
>>>
>>> On Wed, Jul 17, 2013 at 5:09 PM, Alan Miller <dralanmiller@xxxxxxxxx> wrote:
>>> Who uses SMS much anyway these days ? Its all IM.
>>> We used to use small electronic boards from Bladox to encrypt SMS in the past but that was before IM and smart phones.
>>> There is very clear need for some kind of encryption proxy built into Ubuntu that could provide point to point encryption. I have always liked Phil Zimmermanns ZPHONE and how it worked. It sits in the protocol stack and when it detects another ZPHONE it jumps up and opportunistically encrypts using ZRTP.
>>> The key is generated in the media stream and wiped afterwards so no public key is needed, just verbal verification of the fingerprint strings.
>>>
>>> Two ubuntu phones no matter which service they used would be able to send and receive encrypted messages or even audio point to point.
>>> OTR can easily be implemented as well.
>>> All that is needed is a way to announce to the world that you are capable of encryption and to do that all you need is to transmit a character at the beginning of each message and that can used to trigger OTR or ZRTP.
>>> The fingerprint strings could be brought up to the UI easily enough at the top like the battery or Wifi indicators and pulled down to view and verify.
>>>
>>> While we are on this topic, could someone get crypto.cat working on ubuntu as an app ?
>>>
>>> On 18 Jul, 2013, at 3:26 AM, Marius Kotsbak <marius@xxxxxxxxxxx> wrote:
>>>
>>>> They have given up individual SMS charging in Norway too. Also the content could be en compressed inside the encryption so that it might not require so many SMS-es.
>>>>
>>>> Den 17. juli 2013 21:08 skrev "Gianguido Sorà" <gianguidorama@xxxxxxxxx> følgende:
>>>> Exactly, in the USA there are unlimited SMS but in other countries there aren't.
>>>> In Italy for example if an operator give 200/month is a great deal.
>>>> I think that the XMPP approach is more useful, because (almost) free 3G/4G data access is more reliable and easy to use.
>>>>
>>>> Il giorno 17/lug/2013 20:57, "Josh Leverette" <coder543@xxxxxxxxx> ha scritto:
>>>> I didn't say linking. Just breaking it up and sending them out. It's the user's choice. Encrypting it won't make it take up more space necessarily. If the user wants to send that many messages, they can. In a number of countries, SMS is unlimited. Here in the United States, all of the companies essentially gave up on charging for each message. It really is absolutely free for the cell company, and once one of them started offering unlimited SMS, none of the others could do any less and be competitive. Doing an XMPP system would work too, but that requires having a data connection, which should always be more expensive than SMS, realistically. I'm fine with it being XMPP, but the advantage of using SMS is that it works even when you barely have any signal, and SMS is dirt cheap compared to data, at least here in the United States. I can't speak about the rest of the world, but SMS as a technology is infinitely cheaper. Whether the company chooses to charge appropriately, that's up to them.
>>>>
>>>>
>>>> On Wed, Jul 17, 2013 at 1:52 PM, Rasmus Eneman <Rasmus@xxxxxxxxx> wrote:
>>>> Linking SMS cost money, you have to pay for every SMS. Also I'm pretty sure you only can link up to 4 SMSes.
>>>> However an XMPP based service would still be better as key exchange may happen automagically. You have
>>>> already broken the standard so why continue to use it when you only gets its limitations?
>>>>
>>>>
>>>> 2013/7/17 Josh Leverette <coder543@xxxxxxxxx>
>>>> Also, I don't see why encrypting SMS would be impossible. You don't send encrypted SMS to people who can't decrypt them. Since we're talking about asymmetric encryption anyways, then the only people you could even think of sending encrypted SMS to are people for whom you have a public key. If you don't have a public key for a contact, then obviously you have no method of encrypting a message to them. But, more importantly, you can always break up an SMS into multiple SMS as the need arises, so length isn't an issue as long as the user knows how many messages it will form.
>>>>
>>>>
>>>> On Wed, Jul 17, 2013 at 1:36 PM, Mike Bybee <mike.bybee@xxxxxxxxx> wrote:
>>>> Well, SMS obviously can't do GPG due to character limits - however, there are dozens of varieties of secure SMS tools currently on Android. It seems that some variety encryption could be supported by the default client - much like OTR for Pidgin, etc.
>>>> Not that it should default to it - that would be awful. But that it should be able to have an easy to enable option.
>>>>
>>>> There's a lot of people world wide mad about security right now - and if Ubuntu Touch can eventually ship with a good basic set of security options, it will appeal to people who otherwise might have no reason to use it.
>>>>
>>>>
>>>> On Wed, Jul 17, 2013 at 11:30 AM, Rasmus Eneman <Rasmus@xxxxxxxxx> wrote:
>>>> You can't have GPG on SMS as it can't handle that amount of characters. Also it would be stupid
>>>> as no one can't receive GPG/PGP SMS. If this feature is realy wanted on Ubuntu to Ubuntu
>>>> then implementing something like iMessage or Hangouts should be done using XMPP and bound
>>>> to the Ubuntu One account.
>>>>
>>>>
>>>> 2013/7/17 Mike Bybee <mike.bybee@xxxxxxxxx>
>>>> Thanks. I think with PRISM and it's various world-wide equivalents, we're all thinking about this.
>>>>
>>>>
>>>> On Wed, Jul 17, 2013 at 11:08 AM, Josh Leverette <coder543@xxxxxxxxx> wrote:
>>>> I'm still waiting on the actual native email client to be written. Once that happens, adding encryption should be relatively trivial. So, whenever that happens.
>>>>
>>>>
>>>> On Wed, Jul 17, 2013 at 1:07 PM, Mike Bybee <mike.bybee@xxxxxxxxx> wrote:
>>>> Are there currently any plans to make sure the ubuntu mail app will support gpg or some other standard - and likewise for SMS?
>>>> I know right now it just uses webmail, but I'm sure that's not the long term goal
>>>>
>>>> --
>>>> Thanks,
>>>> Mike Bybee
>>>>
>>>> --
>>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>>> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Sincerely,
>>>> Josh
>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>> Mike Bybee
>>>> --
>>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>>> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Rasmus Eneman
>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>> Mike Bybee
>>>>
>>>>
>>>>
>>>> --
>>>> Sincerely,
>>>> Josh
>>>>
>>>>
>>>>
>>>> --
>>>> Rasmus Eneman
>>>>
>>>>
>>>>
>>>> --
>>>> Sincerely,
>>>> Josh
>>>>
>>>> --
>>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>>> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>> --
>>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>>> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>> --
>>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>>> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>> --
>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>> Post to : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>>
>>>
>>> --
>>> Sincerely,
>>> Josh
>>
>
References
-
[feature request/question] Encrypted email/sms support?
From: Mike Bybee, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Josh Leverette, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Mike Bybee, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Rasmus Eneman, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Mike Bybee, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Josh Leverette, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Rasmus Eneman, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Josh Leverette, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Gianguido Sorà, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Marius Kotsbak, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Alan Miller, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Josh Leverette, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Alan Miller, 2013-07-17
-
Re: [feature request/question] Encrypted email/sms support?
From: Alan Miller, 2013-07-17