Threats and Usability of Secure Voice

 Posted on July 10, 2012  |  patch

In my previous post I found that end-to-end encryption with OSTN is both effective and usable. There are two important things the user must be aware of when using OSTN. They must confirm with each phone call that the encryption icon is present and they must correctly complete SAS verification dialog boxes. So on a basic level, encrypted voice just works. But, what does this all mean? This post looks at the threats to security and usability of encrypted ZRTP phone calls in CSipSimple. [Read More]
audit  encryption  ostel  ostn  voip  zrtp 

A Network Analysis of Encrypted Voice over OSTN

 Posted on July 5, 2012  |  patch

Introduction to OSTN The OSTN network stands for Open Source Telephony Network. It is a federated network standard for supporting Internet calling with end-to-end encryption ala ZRTP. Its very similar to e-mail in that VOIP calls can be routed to addresses such as user@domain.tld. Its a simple concept, but I believe it to be ground breaking implementation! Never before have I seen such an accessible solution to encrypted VOIP calls. OSTN is platform independent, is a federated network, and it is an open standard such that it is widely adoptable. [Read More]
audit  encryption  ostel  ostn  voip  zrtp 

IOCipher lives! encrypted virtual file system for Android

 Posted on May 17, 2012  |  Hans-Christoph Steiner

Nathan and I just got the first complete test of IOCipher working in the IOCipherServer/SpotSync app. We created a filesystem sqlite.db file, then mounted it and got all the files via HTTP. In the test suite, I have lots of operations all running fine and encrypting! The core idea here is a java.io API replacement that transparently writes to an encrypted store. So for the most part, just change your import statements from: [Read More]
Android  encryption  open source  prototype  psst  security 

Singing and Dancing for Encryption

 Posted on April 19, 2012  |  mark

If you see me dancing or signing with my phone in my hand, I may not just be having a great time, but also creating an encryption key. Part of the issue with security is that it can often be difficult to implement or an added step in what users want to be an easy and seamless process. What if we can make secure and private communications fun and easy? [Read More]
award  cryptocat  encryption  hackathon  informaCam  ostel  ostn  privacy  security  transparency  voip  wsjdata  zrtp 

User scenarios to guide our crypto development

 Posted on April 14, 2012  |  Hans-Christoph Steiner

At Guardian Project, we find user-centered development to be essential to producing useful software that addresses real world needs. To drive this, we work with user stories and scenarios as part of the process of developing software. One particular development focus is the Portable Shared Security Token (PSST) project, which aims to make it easy to use encryption across both mobile and desktop computers, as well as keep the stores of cryptographic identities (i. [Read More]
anonymity  encryption  openpgp  otr  privacy  psst  usability  user scenarios  user stories 

Transparent encrypted virtual disks for Android (we call it IOCipher)

 Posted on April 3, 2012  |  Hans-Christoph Steiner

When using phones, laptops, computers, etc. it feels like a private experience, as if our screen was the same as a piece of paper, and when that paper is gone, then no one can see it anymore. Digital media works very differently. While the user interface portrays the deletion of files as very final, for someone with the right tools, it is actually not hard to recover deleted files. Also, digital information takes up so little space, we now regularly carry vast amounts of information in our pockets. [Read More]
Android  encryption  full disk encryption  fuse  open source  psst 

How many ways to store 5 numbers?

 Posted on February 23, 2012  |  Hans-Christoph Steiner

At the core of all software that aims to be secure, private and anonymous is encryption, or as I think of it, amazing math tricks with really large numbers. These really large numbers can serve as a token of identity or the key to information locked away behind the encryption math. There are a number of different encryption methods commonly used based on different mathematical ideas, but they all rely on people managing sets of really large numbers, usually known as keys. [Read More]
dsa  encryption  keys  otr  psst 

Introducing InformaCam

 Posted on January 20, 2012  |  harlo

These are interesting times, if you go by Times Magazine as an indicator. The magazine’s person of the year for 2011 was The Protester, preceded in 2010 by Facebook founder Mark Zuckerberg. Both entities partners with equal stake in freely sharing the digital content that shows the world what’s going on in it, at any time, from behind any pair of eyes.Also casting in their lot with the others is Time Magazine’s 2006 person of the year, You: the You that puts the “you” in “user-generated content;” the You whose miasma of bits, bytes, and the powerful images they express are becoming increasingly problematic. [Read More]
encryption  informaCam  metadata  obscuracam  pgp  privacy  securesmartcam  witness 

How To: Lockdown Your Mobile E-Mail

 Posted on July 9, 2010  |  Derek

Update 2015-04-27: _We now recommend OpenKeychain over APG, the app described in this blog post. The set up is drastically easier, so you probably don’t even need this HOWTO anymore. Start by downloading K-9 and OpenKeychain, then go into OpenKeychain and start the config there._ Over the past few years it’s become increasingly popular to sound the call that ‘email is dead{#y8a0}.’ And while many complementary forms of synchronous and asynchronous communication – from IM to social networking – have evolved since email first came on the scene, it’s hard to see email suddenly disappearing from its role as the most important way organizations communicate. [Read More]
Android  apg  encryption  openkeychain  openpgp  pgp