mfioretti's blog

Carrier IQ proves (again) the need for completely open mobile phones

According to the Register and many other sources online, an Android app developer has reported conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration.

The only way to avoid such attacks to one’s privacy are mobile phones are systems that are built from the ground up to provide truly private conversations and to be completely transparent to their end users as the TFF Transparent Telematics system.

Telex, an anti-censorship technology and a possible component of UVT

Telex is (quoting from New Tool Keeps Censors in the Dark): "a scheme that makes it harder for censors to block communications, by taking traffic that's destined for restricted sites and disguising it as traffic meant for popular, uncensored sites."

The Telex system has two major components: "stations" at dozens of Internet service providers (ISPs) and a software client that runs on the computers or smartphones of end users.

The clients make outgoing connections to non blocked websites, encrypting the traffic in the same way that an e-commerce or online banking site does. The identity of the site to which they really want to connect is then encoded using steganography in a special string, or "tag," that's embedded in the encrypted request. A Telex station at an ISP can examine incoming traffic and detect the presence of these tags, providing it has the right encryption key. The tag would be indistinguishable from random gibberish without the key.

When the Telex station detects an incoming request that includes a tag, it redirects that connection to the site specified in the encrypted message.

The Telex protocol may then be used in the User Verifiable Telematics (UVT) system to give its end users an anonymous, not interceptable way to connect from their smartphones to the anonymous blogs and discussion forums hosted by the same providers of their UVT terminals.

HTML5 has a huge potential to promote freedom for world citizens

HTML5 and other open multimedia standard for online publishing and interactive communication play a critical role in one of the projects of the Telematics Freedom Foundation: the Universal Audiovisual Library. Here is one of the reasons.

HTML5 and its ("extension" webAPI, open web platform, boot2gecko, webgl, etc) represent a potential extension of the freedom implicit in open Web standards to the world of native apps. If widely deployed on mobile, NetTVs and TV-connected device, such technologies will have the historical potential to promote an incredible disintermediation of the video (and entertainment) sector, similar to what has happened for text news with traditional blogs.

This has the potential to enourmously help the liberalization and democratization of opinion building by ordinary citizens about relevant social matters.

According to IBC, by 2015 IBC there will be 2 billions of mobile devices with HTML5 capability. This means that in just a few years a large part of the world population may be able to use a standard browser as their main interface to discover and consume up to 4-5 hours per day of multimedia entertainment (video and games) as explained, for example, in these articles:

All this , however, would also contribute greatly to promote disintermediation in those markets, in much the same way as it has happened in the daily news sector with blogs.

Such an unprecedented disintermediation would, in turn, cause an equally unprecedented democratization (through liberalization) of TV. This would substantially decrease the huge editorial control and the related "manufacturing of consent" currently exercised by owners of broadcasting infrastructure (satellite, cable, digital terrestrial), and make much easier that "micro-production centered on research, editing and remixing" that is one of the objectives of the Universal Audiovisual Library

GPLv3 is great to promote open innovation, but not enough to protect our constitutional communication rights

(this is a summary of some of the reasons why TFF Founder Rufo Guerreschi and others started the UVT project)

A lot of great work has been done in promotion and branding of GNU GPLv3. However, I think GPLv3 cannot promise freedoms in digital communications to ordinary users, and adequately protect their constitutional communication rights while using telematics communications.

Even a very wide deployment of GPLv3 software and its adoption - through lots of very easy to use online services and apps - by many end users would still not provide those end users with effective means to verify the levels of security, privacy and authentication of those services, because they would have no means to verify that:

  • the code they are using on some website is effectively the same code that, thanks to the GPLv3 license, they could download from that same website
  • there is no other malicious software running on the same server
  • in general, the hardware on which that software runs has not been compromised
  • all that GPLv3 code is regularly tested, to maintain consistent levels of security, privacy and authentication

Of course, nothing of all this is a critique to the GPL or to the FSF (which has other goals than solve the general problems above): these are not problems that any license could solve. However, this doesn't change the fact that, today, it has become extremely difficult for an ordinary person to enjoy the freedoms promote by FSF. It is not a problem of demand but of supply. There are no tools and practices that are accessible to the ordinary person who cares about his or her freedom, not even for the most sensitive parts of their computing or communications.

There is a large demand, and need, for that. People in regimes with decent judiciary systems should have access to basic digital communications in a way that:

  • it is not controlled by any private corporation, nor by any single system administrator or anyone else
  • does not run on proprietary and/or unsafe hardware and software environments
  • it is legal

The last point is crucial for quick and large scale building and adoption (even from people without software hacking skills) of such secure and privacy-friendly communication systems. In practice, it means that such systems should be built and work in ways that still allow lawful interceptions and compliance with the EU data retenction directive and similar laws, but in ways that also make abuse of those laws, as well as violations of your privacy by private parties (e.g. business competitors...) impossible.

If we could bring out a service and device like that, active citizens could communicate with adequate privacy and security, while lawful interceptions, authorized by Courts after getting evidence of their needs, would still be possible.

In other words, the availabily of such integrated services and devices for peaceful and democratic political activists, would make it politically difficult for governments to:

  • further promote the "privacy is bad" meme that is now being aggressively promoted and would prepare the way for laws that make all encrypted communications illegal
  • make secret deals for large scale privacy violations with telecom networks operators and providers, as there would be no single organization of that kind, that could stipulate or enforce such deals.

All this is why we conceived User Verified Telematics (UVT). UVT aims to:

- provide and effectively guarantee levels of authentication, security and privacy that are legal, very very high AND inherently, openly verifiable by everyone

  • make possible the activation of lawful interception procedures only after a Court order and in presence of a suitable number of randomly selected users, to prevent abuses (but WITHOT disclosing to anyone the identity of the intercepted users!)

A very short comparison between the TFF UVT project and the Freedom Box

The Learn About the FreedomBox! page of the FreedomBox Foundation explains that their FreedomBox "integrates privacy protection on a cheap plug server so everybody can have privacy. Data stays in your home and can't be mined by governments, billionaires, thugs or even gossipy neighbors... FreedomBox will put in people's own hands and under their own control encrypted voice and text communication, anonymous publishing, social networking, media sharing, and (micro)blogging."

According to that page, the services provided by the FreedomBox are:

  • Email and telecommunications that protects privacy and resists eavesdropping
  • A publishing platform that resists oppression and censorship.
  • An organizing tool for democratic activists in hostile regimes.
  • An emergency communication network in times of crisis.

The User Verifiable Telematics project (UVT) of the Telematics Freedom Foundation has some goals and services in common with the FreedomBox, but takes a different approach. From a purely technical point of view, UVT aims to provide the first two services mentioned above, but:

  • works through end-user devices that are communication terminals with a completely open architecture, like the FreedomBox, but working through any ordinary cellphone
  • hosts the content crypted with those terminals on external, not on personal servers
  • is 100% compliant by design with existing lawful interception laws and requirement for telecom equipment. While this doesn't, of course, provide total protection from interception, it guarantees that it will only be performed in compliance with existing laws. In other words, TFF makes impossible for anybody, be they law enforcement officers or private parties, to illegally intercept the communications of large numbers of people, for as long as they want, at an affordable cost

In addition to this, UVT was conceived thinking to a different use case. The FreedomBox is a (fixed?) server that requires a certain amount of knowledge to operate. Regardless of how much or how little that knowledge is, it can constitute quite a psychological barrier, if we think to how many people still consider computers and software as black magic (even when they use them daily). The FreedomBOx is also less dependent on external, pre-existing large telecom infrastructures than UVT.

UVT, however, is made to order for a much larger class of people (especially, but not only, in developing countries), that is ordinary cellphone users. Besides, UVT will be much simpler to use than a FreedomBox, in the sense that it will require zero set-up and configuration, and the same skills needed to operate a basic cellphone. For these reasons, we believe that UVT may be a better solution for many people, that is a better compromise between ease of use and higher privacy.

Obscuracam, a smartphone app for visual privacy

Obscuracam logo The goal of ObscuraCam for Android, developed by the SecureSmartCam project, is to to design and develop a new type of smartphone camera app that makes it simple for the user to respect the visual privacy, anonymity and consent of the subjects they photograph or record, while also enhancing their own ability to control the personally identifiable data stored inside that photo or video.

ObscuraCam doesn't set out to replace training and/or best practices, but rather to introduce these concepts to a wider activist audience, as well as to raise awareness and generate discussion around the idea of "visual privacy."

 To try ObscuraCam or know more about the project, please read:

Report confirms basic assumptions of the Telematics Freedom Foundation

According to a recent analysis from Matt Blaze, the 2010 U.S. Wiretap Report released last month provides official, essential confirmation of the assumption at the basis of several Telematics Freedom Foundation (TFF) activities.

In the report, defined "the most complete public picture of wiretapping as practiced in the US by federal and state law enforcement agencies", there are two interesting facts, according to Blaze: discouraging the incorporation of basic security technology in ICT infrastructures meant that the computers, phones, and other gadgets remained exposed to other criminals who might want to illegally exploit the very same surveillance techniques that the government hoped to preserve for itself.

However, the report says, despite dire predictions to the contrary, the open availability of cryptography has done little to hinder law enforcement's ability to conduct investigations. Even when they encountered encrypted communications, law enforcement officials have adapted their methods in order to get their work done, with one comforting result: widespread encryption, rather than shutting down police wiretaps, has actually pushed them in a more reliable and accountable direction... legal wiretap evidence is now much more reliable and illegal cellular intercepts are now much harder to perform.

This is exactly the principle inspiring TFF projects like User Verifiable Telematics: to provide systems that give all citizens the greatest possible guarantees that their communications will remain private and that only law enforcement officials will be able, within the limits set by law and with full accountability, to intercept them.

The Telematics Freedom Foundation is active again

After a break caused from simple lack of time from its members to work on the several programs, the Telematics Freedom Foundation (TFF) has restarted its activities. The Programs and Documentation projects now active on the Foundation website are the following:

In the next days, the "Active Projects" block in the navigation menu will be updated to reflect the new set of activities, and the home page of each project will be updated. Older programs, currently unactive, will still remain available in a separate section of the website, but only for historical documentation purposes.

 Marco Fioretti

TFF Program Director

New director for the Telematics Freedom Foundation

The Telematics Freedom Foundation has chosen as new Program Director Marco Fioretti. Marco succeeds Giovani Spagnolo, who is now working on other projects but remain a member of the Advisory Board. Marco is a freelance writer, trainer and member of several groups and organizations active in the Open Standards and Digital Rights arena. Marco's first task will be to refresh, prioritize and streamline the Programs on which the Foundation will work in the next months. The updated list of Programs will be announced soon in another post.