Entries tagged encryption

10 best Android apps for the paranoid

Posted on 15. Dezember 2013 Comments

So I compiled a few apps that even the most paranoid people would feel safe to use. Privacy is mostly enforced through encryption but beware: if you don’t use encryption correctly by e.g. chosing a weak password, it’s totally useless. You can download from Google Play (GP) or F-Droid (FD)

 

TextSecure (GP)

TextSecure encrypts your text messages(SMS) locally. Also, if your partner also has TextSecure, you can encrypt the messages, so not even the carrier could intercept them.

update: No SMS encryption functionality anymore, but this app is now called Signal and can still encrypt the SMS and message database on the phone. For SMS encryption use Silence (GP).

textsecure

Cost: free

RedPhone (GP)

RedPhone is basically an open source Skype replacement with even better encryption. It’s dead simple to use. If a contact in your phonebook also uses RedPhone, you will be asked if you want to upgrade to a secure call.

update: Now merged with TextSecure in the Signal Messenger App.

redphone

Cost: free

 

Google Authenticator (GP)

Whether it’s your bank, your WordPress blog, github, Dropbox or facebook. Two factor authentication with One Time Passwords(OTPs) is getting popular! With this app, you will not only need your password to login, but a code from your smartphone that’s generated and valid for 30 seconds. Just in case your phone gets stolen or lost, make sure to print out extra backup code. Don’t want them laying around your house? Use the next app!

google-authenticator

Cost: free

 

EDSLite (GP)

EDSLite works much like Truecrypt/Veracrypt for your computer. You can create containers, where you can store your Pins, Tans, Backup OTP Backup Codes and more. Because TrueCrypt can read those containers you can just save them to your Dropbox and keep them in sync with your computer. If you don’t trust Dropbox, maybe the next app is for you.

update: Use Veracrypt instead of Truecrypt, since Truecrypt is not actively developed anymore. EDS can use both.

edslite

Cost: free

 

ownCloud (GP/FD)

ownCloud is an app that works with your owncloud installation. You can download your private cloud and host it from home on a Rapberry Pi or chose a hosted solution in a data center that you trust.

owncloud

Cost: 0.79€

 

F-Droid

So, from where should you download all these apps? Trust Google or Amazon that the binaries you’re getting are what the developers uploaded? f-droid.org is another alternative app store that you might consider to trust. The apps are all open source and you can probably even get a couple of apps for free that would cost a few cents in the Google Play Store.

Cost: free

 

Threema (GP/Website)

Threema is probably the best app available for secure encrypted messaging; it works very much like Whatsapp. The servers are in Switzerland. The only downturn is: it’s not open source. But: you can verify that the encryption works correctly. If you just add a contact with his/her Threema ID, the contact appears read. If you sync your phonebook with Threema(your phone number is only transmitted as a hash) and Threema recognizes a contact, it’s getting orange. And if you meet your contact in person and scan his QR-code, the contact finally turns green. This is the most paranoid messaging app I’ve seen.

threema

Cost: 1.60€

 

k-9 Mail (GP/FD)

If you want to send only encrypted emails, this is for you. Together with the APG app, it’s super easy to send encrypted and receive/decrypt emails.

k9mail

Cost: free

 

Built-in Android encryption

With Android 4.x on you can encrypt your whole device. Make sure you chose and remember a good password or PIN.

Cost: free

 

NoteCipher (GP/FD)

Evernote is great for keeping your notes in sync. But if you want to keep them secret, you might want to consider using this app. Every entry is encrypted via sqlcipher with AES 256.

notecipher

Cost: free

 

More stuff

  • Heml.is looks promising but has been under development for quite some time now. Hope to hear more soon.
    • Heml.is is dead.
  • Telegram is another open source messaging app. The encryption only works, when both participants are online, so be careful.
  • Droid-Break has a lot more high quality open source apps

 

GP: Google Play, FD: F-Droid, Pictures from play.google.com

Liste von Programmen gegen Uberwachung

Posted on 1. Juli 2013 Comments

Alle Programme setzen auf Verschlüsselung und die meisten zusätzlich noch auf Dezentralität, so dass es keinen Betreiber gibt, der ggf. mithören könnte, wenn es keine Ende-zu-Ende Verschlüsselung gibt. Sie sind kostenlos und OpenSource in irgendeiner Art und Weise(außer anders gekennzeichnet).

update: jemand hat hier aufgrund der ganzen #Prism und #Tempora Geschichte eine ziemlich vollständige Liste zusammengestellt: prism-break.org

update2: Der Artikel ist von 2013, ggf. sind die Informationen veraltet.

Sprache

SRTP/ZRTP

  • RedPhone (Android), update: heisst jetzt Signal und ist auch für iOS verfügbar
  • Jitsi (Linux, Windows, MacOS)
  • Skype sollte man als NICHT SICHER ansehen

 

Text/Chat/Mail

OTR

GPG/OpenPGP

Misc

  • AES Verschlüsselung für SMS: BlackSMS  (iOS, Achtung: nicht OpenSource)

 

Dateiverschlüsselung

  • TrueCrypt (Linux, MacOS, Windows)
    • update: TrueCrypt wird nicht mehr aktiv weiterentwickelt, stattdessen kann man den Nachfolger VeraCrypt benutzen (danke, Sophie)
  • LUKS (Linux)
  • ownCloud (in der Cloud, s. unten)

 

Cloud

  • owncloud (PHP, MySQL/SQLite + moderner Browser)

 

Browser/Surfen

Tor

Misc

  • i2p (Linux, MacOS, Windows)

 

VPN

 

Social Networks/Microblogging

 

Misc

 

to be continued…

Weiterlesen

XMPP/Jabber, VoIP(jingle), Webcam und Remote Desktop auf Dockstar

Posted on 30. April 2011 Comments

Wenn man sich die anderen Beiträge hier anguckt, merkt man, dass ich mich in letzter Zeit ziemlich viel mit XMPP/Jabber, Verschlüsselung und VoIP beschäftige. Leider gab es lange Zeit keine gute Alternative zu Skype aber nach ein paar Stunden testen, meine ich tatsächlich eine Lösung gefunden zu haben: jitsi. Wer das schon länger verfolgt, kennt das Programm vielleicht noch unter dem Namen SIP-Communicator. Inzwischen ist es ein vollwertiger Instant Messenger, der auch ICQ, Windows Live(MSN) und weitere Messenger unterstützt. Mit der Implementierung von jingle gehen jetzt auch Voice Calls und Webcam, grade unter Windows 7 zu Windows XP und Ubuntu 10.04 getestet.

Nun ist man natürlich immer noch abhängig vom Anbieter des XMPP-Servers, allerdings nicht mehr von Red5, welches in Java geschrieben ist und somit wohl eher nicht auf z.B. der Dockstar (->Openfire) läuft. Mit der ebenfalls Webcam und Audio möglich war, s. jabber-server.de/red5 über Spark(Client) und Openfire (Server). Hier also mal eine kleine Auflistung von öffentlichen Jabber-Servern:

Für optimale Privacy kann man natürlich auch einen eigenen Jabber-Server, z.B. ejabberd aufsetzen. Das funktioniert auch mit einer 1GHz ARMEL CPU auf der Dockstar (!)

Ein sehr geiles Feature, nach dem ich überhaupt nicht überhaupt gesucht hatte, ist die Remote-Desktop Funkionlität. Sonst habe ich das immer über das proprietäre logmein.com/hamachi gemacht, aber das gefällt mir natürlich besser:) OTR für’s chatten ist eingebaut und funktioniert auch out-of-the-box mit Pidgin auf der Gegenseite( und damit wohl auch Adium)

update: Die Gespräche sind über ZRTP verschlüsselt

Pidgin und OTR in einer Datei

Posted on 28. April 2011 Comments

Bei einer Diskussion beim Easterhegg 2011 kamen wir auf die Idee, dass die Leute vielleicht einfacher dazu bewegen wären, Pidgin mit OTR-Verschlüsselung zu installieren, wenn es einfach nur eine Installationsdatei geben würde und man nicht, wie auch z.B. in meinem Blog(engl.), man eine Anleitung dazu schreiben muss. Diese hier ist einfach:

1. Download

2. Draufklicken

  • Pidgin Version: 2.7.11
  • pidgin-otr Version: 3.2.0-1

(Sowohl Pidgin als auch pidgin-otr sind freie Software unter der GPL.)

//edit: Alternativ lohnt sich auch Jitsi, das auch noch Skype(Audio/Webcam) und Remote-Desktop Programme ersetzen kann.

Establish secure instant messaging connections via jabber and OTR

Posted on 12. April 2011 Comments

//update: even easier: My installer for both messenger and encryption

Instant Messaging is what most of you might know as ICQ, AIM, YIM, Windows Live Messenger(or „MSN“), Skype, Google Talk, etc.

What I’m going to show you is how to install the instant-messenger Pidgin, the encryption extension OTR and create a jabber-account with a provider of your choice. But don’t worry, this is not getting very technical, in fact, it probably takes you less than 5 minutes(!). At the end of the article you’ll find some more explanations and backgrounds, if you’re interested.

Step by step

1. Download Pidgin at http://www.pidgin.im/download (Link for Windows)

2. Download the OTR Pidgin plugin at http://www.cypherpunks.ca/otr/ (Link for Windows)

3. Install Pidgin, just doubleclick on the icon and press next every time you’re asked something. Then install the OTR plugin, same procedure.

4. Create a jabber account, for the beginning https://register.jabber.org/ will do. Just choose a nickname, that might be your real name, a nickname or some letter-number-chaos, just remember it and the password too.

5. Open Pidgin, you’re gonna be asked to create an profile/account. Choose XMPP as protocol. Username is the part in front of @jabber.org at your new jabber-address, so the nickname you chose before. Domain is jabber.org. Leave recource free and enter your password. Click Save.

7. Your buddy-list opens, as you might know it from ICQ or Skype. You can now add buddys via the main menu.

8. Enable OTR by clicking Tools/Plugins in the main menu, then scroll down, until you find Off-the-Records Messaging, make sure it’s checked.

9. As soon as you chat with someome who also has OTR installed, Pidgin creates a pair of keys(only for the first time). As from now on the connection is encrypted. Just make sure, the person you’re talking to, is really the person you think it is.

10. That’s what the verifying function is about. On the right side of a chat window, there is a button with encrypted but not authorized button, click on it and authorize your chat buddy via passphrase, question and answer or by compairing digital fingerprints over a secure connection, e.g. mobile phone or by standing next to each other.

 

Extra Information

Pidgin is a multi platform chat client. This means you can use whatever chat provider you want to, such as ICQ, Windows Live(MSN) or Skype and use just one programm for all of them. Also, OTR works with all of them, but to be completly independent on commercial providers, I chose jabber.

Jabber works a bit like e-mail (decentralized, that is). You have to choose a provider, just like you would choose hotmail.com, googlemail.com, yahoo.com etc for e-mail. There a quite a few providers, for example the Chaos Computer Club in Germany or even German Universities. Since most jabber software is free software you might even want set up your very own jabber server in your basement like me.

OTR has a pretty good encryption. The big advantage is the encryption from end to end, so unless the attacker is in control over your computer, no one can see what you’re writing. Plus, it’s plausible deniable, see Plausible Deniability at wikipedia

Jabber, or rather the protocol XMPP is used by various big companies such as Google(google talk) or Facebook(facebook chat). You just hardly ever get to know what’s behind a system.