[kwlug-disc] cell phone security and privacy

Wed Jul 27 20:20:03 EDT 2022

Mikalai wrote:
> Passing border must happen empty-handed, or, if your device was touched, 
> you become empty-handed. On the other side, you should resurrect a 
> system on some fresh clean device. Current option is chromebook with all 
> cloud apps and android with google services. None are private.
>
> 3NWeb is tailored for this scenario of resurrecting your system on new 
> device. In a private and secure way. Stay tuned :)
>
> At some point on a defending side we should start question assumptions. 
> Your data and apps with settings may be more valuable than a device. If 
> we engineer around possibility of ditching a device, we gain room for 
> maneuver.

I personally do not keep important information on a cell phone, more as a general life philosophy than as a security stance. I lived the majority of my life before the iPhone was announced, and I was fine, so now I want to continue living my life without being dependent on a damn machine. They are fascinating toys, and Graphene is a new thing to learn about, but if I lose it, nothing important is lost. Eventually I'll get tired of phones and upgrade to a NoPhone, as I said to Jason. Or civilization might collapse and smart phones will no longer be available, so we'll all learn to do without anyway. <https://www.youtube.com/watch?v=SS3HygCi20Y> So I guess I'm saying, think about what's really important to your life. Or as the video suggests, be careful what you base your identity/sense of self on.

Stock Android allows to back up your system state to Google Cloud (requiring a Google account).
Graphene allows to back up system state to an SD card or to a Next Cloud instance (or to a file on your phone, but the latter is no good in the above scenario). The Graphene backup is encrypted with a secure pass phrase. So, if you have sensitive information on your phone and know in advance that you will be temporarily in an adversarial situation, you could wipe your phone, and later restore from backup.

Graphene supports *user profiles*. Each user has no ability to access data stored in other user profiles. Graphene recommends storing sensitive information and apps in a user profile, separate from the "owner profile" that contains the shared apps and the shared system settings. If you are just logged in to the owner profile, the sensitive data in the user profile is inaccessible without giving a pass phrase. There is a lot of interesting security design in the user profile system, which takes advantage of security hardware and stored secrets on the Titan M chip, see the FAQ. In the border guard scenario, you could securely delete your user profile in advance without wiping the entire phone.

If you lose your Graphene phone while travelling, you can install Graphene on a new Pixel using a laptop or another phone, or you can mail order a preconfigured one from several suppliers. If you've got the money, buy 2 phones, turn one into a Graphene phone, return the other.