[vox-tech] any OTR preferences?

Tue Dec 6 13:33:30 PST 2016

Quoting Bill Broadley (bill at broadley.org):

> Ha, looking at your link and found:
> Because the download integrity for all of these packages is abysmal ....

Yes, I was intending to point out that bit to you in particular, but
couldn't find it on the November 16th blog post -- but I see it's on the
April 2nd original blog post of which the November one is a refresh.

I notice the refresh article is using keytool instead of sha256sum to
verify the Signal app key's fingerprint, FWIW, not that that does
anything for the basic, larger problem.

> Would be nice to have copperhead OS, then something automated like:
> * launch container/sandbox without rw to /system
> * use google play to download APKs and verify signatures.
> * save downloaded APK to /tmp
> * shutdown container
> * have copperhead install and verify the APKs (after checking they won't
> overwrite copperhead APKs)
> 
> That way no google play services, and no way for google to change any copperhead
> files.

Yes, concur.  For _me_, I don't compelling need for anything from Google
Play, but I realise I'm a mutant.

> For most installing signal via:
> Download the apk.
> Unzip the apk with unzip org.thoughtcrime.securesms.apk
> Verify that the signing key is the official key with keytool -printcert -file
> META-INF/CERT.RSA
> You should see a line with SHA256:
> 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0
> EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
> Make sure that fingerprint matches (the space was added for formatting).
> Verify that the contents of that APK are properly signed by that cert with:
> jarsigner -verify org.thoughtcrime.securesms.apk. You should see jar verified
> printed out.
> 
> Is *WAY* too complicated.

As they point out, this results from the Signal people and the F-Droid
people fighting over acceptance criteria.  You'll note that the author
says in the notes 'Wow, the Signal vs F-Droid issue is a stupid hot
mess. Can't we all just get along and share the software? Don't make me
sing the RMS song, people... I'll do it...'  ;->

Still 'n' all, yeah, Copperhead OS and drills like the one on the Tor
blog post(s) are as good as we have, at the moment.  What boggled me 
was what a near-total showstopper the baseband CPU/firmware problem
continues to be.  The article's April iteration
(https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy)
goes through some elaborate steps to deal with this and related
problems.  (At present, they recommend decoupling the phone or tablet
from baseband problems by using a separate MiFi device.)

Personally, the only Android-type device I have is a Nook Tablet running
Cyangenmod, which at least sidesteps the baseband problem.  Copperhead
OS would have been much better but, as the Tor blog notes, so far,
Copperhead doesn't support any wifi-only devices, only certain
smartphones.

I have my doubts about progress.  The OEMs still are failing to support
meaningful service lives for their hardware, and everyone's trying to 
use tricks to control customers.