cell phones

On Cell Phones

PGP Usability Regression thanks to Enigmail

Thursday, February 25, 2016 

The latest auto update to Enigmail, the essential plugin for Thunderbird for encrypted mail, is a fairly dynamic project that occasionally makes UI and usability decisions that not everyone agrees with.

The latest is a problem for me.  I use K9 for mobile mail and K9 doesn’t support PGP/MIME, but Enigmail just:

enigmail-bad-mime

Why?  OK – PGP/MIME leaks less metainformation than inline PGP, but at the expense of compatibility.  K9 should support PGP/MIME, but it doesn’t.  Enigmail should have synchronized with K9 and released PGP/MIME when mobile users could use it.

But encryption people often insist that the only use case that matters is some edge case they think is critical.  They like to say that nobody should read encrypted mail on a mobile device because the baseband of the device is intrinsically insecure (all cell phones are intrinsically insecure – phones should treat the data radio as a serial modem and the OS and the data modem should interact only over a very simple command set – indeed, the radio should be a replaceable module, but that gets beyond this particular issue).

For now, make sure your default encoding is Inline-PGP or you’ll break encryption.   Encryption only works if it is easy to use and universally available. When people can’t read their messages, they just stop using it.  This isn’t security, this is a mistake.

Posted at 01:52:42 UTC

Category: cell phonesPrivacySecuritytechnology

A sad loss for security

Monday, July 20, 2015 

Whisper systems wrote the very useful TextSecure app for Android. It had a great feature of encrypting text messages, a standard communication modality in much of the world and one I rely on often. I have previously suggested it is a good tool.

The last “update” removed the ability to establish new encrypted chats over SMS and, it appears, the next will remove the function entirely. For me, this change substantially reduces the utility of the app.

Reading their arguments for doing so, I find myself disagreeing with their justifications. I understand there was some complexity in establishing encrypted SMS, but frankly initiating a one-time key exchange was about as easy as encrypted communication gets. That iOS users can’t play along is pretty irrelevant: iOS isn’t exactly the platform for secure communications anyway, you carry iOS devices when you want to impress people with your brand awareness, not get things done. That people occasionally end up with a conversation that is half-encrypted seems annoying but hardly all that problematic. The person that uninstalled the app will try to send messages in the clear, not the person who is still running it and a partial session. I can see the annoyance, but not any security leak.

I think the final result is somewhat dangerous. The first incarnation used SMS as the starting point, and once a secure communications were established, if available, coms moved transparently to the data channel. If not, it stayed with SMS. As I work in a place where data service is frequently disabled, this was the most reliable non-voice communication protocol.

Now SMS is unencrypted and data-mode communication is encrypted. You have to remember which is which and that is dangerous.

If they don’t restore encrypted SMS functionality, I will switch back to the standard SMS app, which is insecure SMS only and so not confusing and use chat secure or xabber for encrypted data communications so the difference is clear. You’re probably going to run a jabber-based chat tool anyway chat secure’s Tor integration makes it a better choice for data-mode chat while text secure no longer does anything particularly useful over the default app for SMS-mode nor anything particularly unique for data mode.

Posted at 00:53:41 UTC

Category: cell phonesSecurity

Iraq Blocked For Many Android Apps

Sunday, March 3, 2013 

I’m not sure who decides what apps are blocked on a country by country basis, but an awful lot of apps are blocked in Iraq and it seems like more and more.

iraq_blocked_play_viber.JPG

OTT apps like Whatsapp and Viber sort of make sense. These apps are at war with the carriers, who claim the app is making money somehow on the backs of the carriers*, and they seem to be largely blocked from install in Iraq. One would imagine that was Asiacell’s doing, but I changed SIMs and that didn’t help.

Iraq_blocked_whatsapp.JPG

But then I noticed that weird apps like Angry Birds are not allowed in Iraq—apps that makes no sense for a carrier to block.  The advertising model actually works and ad-supported apps show (some) relevant, regional ads, as they should, in theory generating at least some revenue for the developers. Part of the problem may be that there’s no way for in-app payments to be processed out of Iraq and therefore developers of even “freemium” apps may choose to block their apps in the country reasoning that if they can’t make money, why let people use the app?

Iraq_blocked_angry_birds.JPG

If so, it seems short sighted: ultimately payment processing will be worked out and even if it isn’t, Iraqis are allowed to travel to countries where in-app payments do work. Establishing a beachhead in the market, even without revenue seems prudent. Blocking users who represent neither revenue nor cost seems arbitrarily punitive.

* The carrier’s business should be to transport bits agnostically.  They have no business caring what we do with our bits; no bit costs more than any other bit to carry.  If they can’t figure out how to make money carrying bits, they have no business being in the bit carrying business. When they whine about a business like WhatsApp or Viber or Free Conference Call or Skype or Google hurting their profits what they really mean is that these new businesses have obviated a parasitic business that was profitable due to a de facto monopoly over what people could do with their bit carrying business.

If the bit carriers were competent application layer developers, they’d have developed their own versions of these “OTT” applications.  But they’re not competent developers and so they have not and they’ve squandered the expertise and market control they once had and are now crying that they can’t even make the core bit carrying business work. This should not inspire sympathy or legislative support.
Dear telco, I will pay you a fair market price for carrying my bits.  You have no right to worry about what bits I choose to send after I’ve paid my bit toll.  If you can’t do that, we the people have every right to build our own information highways collectively without you.  And we probably should anyway.

Posted at 05:29:54 UTC

Category: cell phonesplacespoliticstechnology

Otterboxes for the iPhone and Galaxy S3

Tuesday, January 8, 2013 

There are two things I always do with a new digital device, get a good screen protector and a good case. (And the biggest memory card that will fit).

The screen protector is pretty easy: I’ve used both Zagg and Armor Suit and prefer the Armor Suit, but not by much. Both work really well and I have an Armor Suit on my Motorola Razr V9x (still the best basic cell phone I’ve ever owned) that has lived in my pocket for many, many years without a scratch visible on the outer screen.

For cases I lived with an (almost iconic) yellow Defender case for my Blackberry Bold 9000 for about 5 years.  It was awesome, indestructible, and fit the belt holder perfectly.  Alas, it was no match for a random late night cab ride and early flight out of Dubai–can’t defend against that, can ya? Well, it lasted about 5 years, so no complaints. I contacted Otterbox to see if I could get a replacement silicone bit and they checked and only had 2 belt holsters left in stock from the entire product line.  They mailed me those for free. Thanks Otterbox! (One did come in handy eventually.)

I got an iPod from United and, of course, got an Otterbox for it; one of the Commuter series.  With a polycarbonate outer shell protecting the critical corners, and that backed underneath by a few mm of soft silicone, the iPod is extremely well protected.  This is a well-engineered protection model, far better than just a layer of silicone.

A corner drop tends to generate very high localized pressure where the corner tries to merge with the hard surface it is being dropped on. Having the polycarbonate outer shell distributes that pressure load over the silicone underneath it resulting in a broad, gentile distribution of the impact load and minimizing the risk of localized overpressure which would crack plastic or glass.

Conversely, simple silicone sleeves without the polycarbonate layer, while adding critical padding and being fairly effective in most cases, can’t distribute the impact load nearly so effectively.  This should not matter too much for a surface-to-surface drop where the impact force is distributed over the whole back or even an edge of the phone, but in a corner drop the silicone can be effectively mushed out of the way as the hard surface attempts touch delicate plastic or glass in a tragic romance.

This outer shell is what distinguishes the Commuter series from Otter’s lower-cost silicone-only Impact series cases, as well as the host of cheap silicone sleeves on the market.

otterbox_iPhone-vs-Galaxy_S_3.jpg

I replaced the Blackberry with a Samsung Galaxy S3 and got a Commuter case for it.  The case is very nice, not too big, but Otterbox did something very, very wrong.  They rotated the polycarbonate tabs 45 degrees, covering the edges and not the corners.  Why Otter, why? The case is still quite nice and it is the nicest looking and most comfortable I’ve found, but this is an odd engineering mistake.  They talk about the “layers of protection” as a key selling point for their more expensive Commuter and Defender series, yet leave the most fragile corners protected by only a single layer.  As protection goes, it is no better than the Impact since the corners are all that really matters.

The polycarbonate shell does serve to anchor the access flaps closed, which is an improvement over the iPod case, but this could easily have been achieved with a few well-placed polycarbonate fingers reaching around the case without making it difficult to assemble (too many fingers wrapping around the device make it impossible to snap the device into the polycarbonate shell).

Further, the textured silicone edges on the iPod case are actually really nice to hold, far more comfortable and slip-resistant than the polycarbonate edges of the S3 case (and make the iPod less likely to drop than the S3 as well).  As an additional bonus, the iPod version exposes some textured silicone on the back surface making the case somewhat non-slip, while the S3 case is all polycarbonate on the back. Without some non-slip silicone on the back, the likelihood that the enclosed device will slip off a sloped surface and onto a hard floor or into a toilet or sink is much greater. While the case makes a disaster far less likely for the former eventuality, it is not waterproof.

While the Android OS just crushes iOS, and the availability of Android-specific tools and applications, particularly for security and encryption, makes it the best choice for a mobile device right now (though security, at least, is even less of a concern with a Blackberry – that’s the one thing Rim still has going for it – that and efficient use of data), Otterbox really could have done a better job with the case.   Hopefully the S4 case will get it right.


 

Update

It has been almost 2 years and I’ve been carrying the Otterbox-protected S3 more or less continuously since in a relatively active and somewhat unforgiving environment, not that anyone’s pocket or purse would fail to meet that definition.  A few issues emerged:

  • The rubber flap covering the USB port, which you need to access at least twice a day for charging, tore off very early on;
  • I change SIMS a few times a month and the case doesn’t really like being taken on and off and eventually cracked in two places, but it still holds together;
  • The unprotected silicone covering the corners began to deteriorate fairly quickly, as I predicted, and one corner has disintegrated completely, leaving that most fragile of impact points unprotected.

Failed corner of the otterbox case

I’d probably buy another – two years is a pretty good life (but not as good as the 5 my blackberry gave me.  I still miss that phone).  I wish Otterbox would focus on protecting the corners, not the edges. The iPod case, far less heavily used but equally traveled shows no wear on the corners at all and provides the same protection it did two years ago.  It is a better design.

Posted at 12:36:41 UTC

Category: cell phonesNeutralphotoreviewstechnology

26c3 Berlin

Thursday, December 31, 2009 

26c3 was a blast, as was Berlin. It’s a good conference in the olde school hacker style: mostly younger people, mostly wearing black. There weren’t a lot of women, but Carolyn, Isabella, and Meredith tried to even out the ratio a bit.

Some of the best lectures included one by some German engineers working on the lunar x-prize. They had their prototype rover with them and gave a great talk about the various challenges.

Another great one was Dan Kaminski’s talk on PKI. I don’t agree with the premise that SSL should be a reliable method for identifying the owners of websites as people just can’t tell the difference between bankofamerica.com and bancomerica.com and so it doesn’t make anyone safer if the bankofamerica site is super green if bancomerica.com is also super green, and so the complexities of getting an accepted certificate simply reduce the use of secure connections and the overall security of the internet. But he had some pretty great attacks on the security of SSL that causes problems no matter what.

We enjoyed fuzzing the phone as well. It was a very entertaining talk on attacking phones with crafted SMSes. The method of creating the attacks was very clever – rooting the phone, redirecting the radio to a wifi link to a CPU so they could try zillions of SMS and see what would happen. In the process they discovered they could remotely root the communications manager (which runs as root). And %n to specific windows phones and they’ll crash and fail to reboot until the SMS is cleared out of the inbox.

Berlin is a great city and it was fun working in the shadow of the TV tower.

We made reservations for lunch but we could tell it wasn’t going to be a great day. In the end it was a very intimate lunch with pretty clouds pressing against the glass.

The fog lifted but was replaced by snow, which is a lot of fun in a city when you don’t have to drive.

IMG00220-20091228-0842.jpg

IMG00224-20091229-1405.jpg

IMG00225-20091229-1438.jpg

IMG00226-20091230-1303.jpg

IMG00230-20091230-1653.jpg

IMG00214-20091228-0802.jpg
Posted at 11:42:34 UTC

Category: cell phonesEventsFreeBSDLinuxphotoplacestechnologytravelweather

Cool Tracking Technology

Wednesday, February 4, 2009 

Instamapper.com has a pretty cool solution. Nothing radically novel in concept, but it does pretty much just work and with most devices with a GPS.

Airplane_takeoff.png

It’s a little different from Google Latitude, which has a social aspect (your friends) but no history. Latitude is built into Google Maps Mobile 3.0, so everyone will have this on their phone in a few days. That’ll be weird fur sure.

Amazingly I downloaded this app this morning at 3.0.0, by the time I’d told a friend about it the release was 3.0.1, and the last person I told got 3.0.2. I guess Google is excited about this one.

Posted at 12:30:05 UTC

Category: cell phonesGeopostmapplacestechnology

Ass Dialing

Tuesday, November 6, 2007 

Or why I hate bar phones.

Ass Dialing is when you have a bar phone in your pocket, bend over, and accidentally dial either the last call or something out of your phone book.

My two best ass dialing stories:

1) I had an old qualcomm spoonphone – the early bar phone with the round end with the speaker in it. Very flat and strong. I carried it in my back pocket. I had lunch with this bodybuilder woman I flirted with and she was sitting with her panties exposed. They became a topic of conversation… a conversation my then girlfriend overhead after I ass dialed her. I wasn’t even doing anything with the woman, just flirting, but boy was that embarrassing.

2) Carolyn’s best high school friend is a gay playwright. He wrote most of the plays she did for a long time, and loves to blow straight guys. Before he moved next to the Marine base and had an infinite supply of buff “straight” guys looking for a BJ he had to search for straight guys to blow at porn theaters. One time Carolyn went to pick him up at some porn theater after he was done and ass dialed me. It’s her phone number on the caller ID but all I hear is uh uh uh oh yes oh yesss uh uh uh.

Certainly the best ass-dial I’ve ever gotten. I hate it when someone ass dials me over and over. They’re running through an airport and every time they shift their bag they ass dial again. Another friend kept ass dialing 911.

Me, I don’t ass dial any more. I stick to flip phones.

Posted at 00:00:17 UTC

Category: cell phonesreviewstechnology

depearlized

Monday, July 9, 2007 

 

Pearl parts

depearlized.jpg

If you have a blackberry pearl and you work near metal dust or filings it will not last long.
I took mine to SRL yesterday and needed to use it with dirty hands. I wiped them off on my shirt, really, then used it a few times and noticed that the trackball had stopped running smoothly. The problem is not just the dirt (see the black streaks around the knurls on the little potato masher shafts), but metal flakes that stick to the magnets.
Turns out the blackberry’s trackball works with four little hall effect sensors on the mother board (you can see one of the black sensors in the top right of the cavity where the trackball was). The black ends of the four little (TINY) potato mashers are magnets and attracts dirt… and tools.. and make them endo and stick to things in very annoying ways as you try to reassemble the trackball. If you get a metal flake wedged between the sensor and the magnet cylinder as you roll the cylinder past it you draw nice metal residue rings around the black magnet, which do not come off easily (but fortunately do not affect operation).
Cleaning each bit carefully with rubbing alcohol, blowing out the cavity and the magnets, and particularly working on a strip of tacky paper (like painter’s masking tape) makes it possible to clean the parts and get the little metal bits off. The pearl itself is very likely to make a break for it across any gradient. It’s only 3.5mm in diameter; do not lose it.
These instructions helped. Basically pry the silver ring off gently from the front (under the 2/t/y key) and pop the trackball assembly out. Mine did not have the second metal retaining ring in it and seems to work fine without it.
All back together now, but it will not be accompanying me into environments with metal dust and chips as the sensor is perfectly designed to draw them into the workings and specifically right to where they will jam the rollers. It does seem fairly immune to finger grease and pocket lint though.

Posted at 12:19:11 UTC

Category: cell phonesphototechnology