Entries tagged paranoia

10 best Android apps for the paranoid

Posted on 15. Dezember 2013 Comments

So I compiled a few apps that even the most paranoid people would feel safe to use. Privacy is mostly enforced through encryption but beware: if you don’t use encryption correctly by e.g. chosing a weak password, it’s totally useless. You can download from Google Play (GP) or F-Droid (FD)

 

TextSecure (GP)

TextSecure encrypts your text messages(SMS) locally. Also, if your partner also has TextSecure, you can encrypt the messages, so not even the carrier could intercept them.

update: No SMS encryption functionality anymore, but this app is now called Signal and can still encrypt the SMS and message database on the phone. For SMS encryption use Silence (GP).

textsecure

Cost: free

RedPhone (GP)

RedPhone is basically an open source Skype replacement with even better encryption. It’s dead simple to use. If a contact in your phonebook also uses RedPhone, you will be asked if you want to upgrade to a secure call.

update: Now merged with TextSecure in the Signal Messenger App.

redphone

Cost: free

 

Google Authenticator (GP)

Whether it’s your bank, your WordPress blog, github, Dropbox or facebook. Two factor authentication with One Time Passwords(OTPs) is getting popular! With this app, you will not only need your password to login, but a code from your smartphone that’s generated and valid for 30 seconds. Just in case your phone gets stolen or lost, make sure to print out extra backup code. Don’t want them laying around your house? Use the next app!

google-authenticator

Cost: free

 

EDSLite (GP)

EDSLite works much like Truecrypt/Veracrypt for your computer. You can create containers, where you can store your Pins, Tans, Backup OTP Backup Codes and more. Because TrueCrypt can read those containers you can just save them to your Dropbox and keep them in sync with your computer. If you don’t trust Dropbox, maybe the next app is for you.

update: Use Veracrypt instead of Truecrypt, since Truecrypt is not actively developed anymore. EDS can use both.

edslite

Cost: free

 

ownCloud (GP/FD)

ownCloud is an app that works with your owncloud installation. You can download your private cloud and host it from home on a Rapberry Pi or chose a hosted solution in a data center that you trust.

owncloud

Cost: 0.79€

 

F-Droid

So, from where should you download all these apps? Trust Google or Amazon that the binaries you’re getting are what the developers uploaded? f-droid.org is another alternative app store that you might consider to trust. The apps are all open source and you can probably even get a couple of apps for free that would cost a few cents in the Google Play Store.

Cost: free

 

Threema (GP/Website)

Threema is probably the best app available for secure encrypted messaging; it works very much like Whatsapp. The servers are in Switzerland. The only downturn is: it’s not open source. But: you can verify that the encryption works correctly. If you just add a contact with his/her Threema ID, the contact appears read. If you sync your phonebook with Threema(your phone number is only transmitted as a hash) and Threema recognizes a contact, it’s getting orange. And if you meet your contact in person and scan his QR-code, the contact finally turns green. This is the most paranoid messaging app I’ve seen.

threema

Cost: 1.60€

 

k-9 Mail (GP/FD)

If you want to send only encrypted emails, this is for you. Together with the APG app, it’s super easy to send encrypted and receive/decrypt emails.

k9mail

Cost: free

 

Built-in Android encryption

With Android 4.x on you can encrypt your whole device. Make sure you chose and remember a good password or PIN.

Cost: free

 

NoteCipher (GP/FD)

Evernote is great for keeping your notes in sync. But if you want to keep them secret, you might want to consider using this app. Every entry is encrypted via sqlcipher with AES 256.

notecipher

Cost: free

 

More stuff

  • Heml.is looks promising but has been under development for quite some time now. Hope to hear more soon.
    • Heml.is is dead.
  • Telegram is another open source messaging app. The encryption only works, when both participants are online, so be careful.
  • Droid-Break has a lot more high quality open source apps

 

GP: Google Play, FD: F-Droid, Pictures from play.google.com

Establish secure instant messaging connections via jabber and OTR

Posted on 12. April 2011 Comments

//update: even easier: My installer for both messenger and encryption

Instant Messaging is what most of you might know as ICQ, AIM, YIM, Windows Live Messenger(or „MSN“), Skype, Google Talk, etc.

What I’m going to show you is how to install the instant-messenger Pidgin, the encryption extension OTR and create a jabber-account with a provider of your choice. But don’t worry, this is not getting very technical, in fact, it probably takes you less than 5 minutes(!). At the end of the article you’ll find some more explanations and backgrounds, if you’re interested.

Step by step

1. Download Pidgin at http://www.pidgin.im/download (Link for Windows)

2. Download the OTR Pidgin plugin at http://www.cypherpunks.ca/otr/ (Link for Windows)

3. Install Pidgin, just doubleclick on the icon and press next every time you’re asked something. Then install the OTR plugin, same procedure.

4. Create a jabber account, for the beginning https://register.jabber.org/ will do. Just choose a nickname, that might be your real name, a nickname or some letter-number-chaos, just remember it and the password too.

5. Open Pidgin, you’re gonna be asked to create an profile/account. Choose XMPP as protocol. Username is the part in front of @jabber.org at your new jabber-address, so the nickname you chose before. Domain is jabber.org. Leave recource free and enter your password. Click Save.

7. Your buddy-list opens, as you might know it from ICQ or Skype. You can now add buddys via the main menu.

8. Enable OTR by clicking Tools/Plugins in the main menu, then scroll down, until you find Off-the-Records Messaging, make sure it’s checked.

9. As soon as you chat with someome who also has OTR installed, Pidgin creates a pair of keys(only for the first time). As from now on the connection is encrypted. Just make sure, the person you’re talking to, is really the person you think it is.

10. That’s what the verifying function is about. On the right side of a chat window, there is a button with encrypted but not authorized button, click on it and authorize your chat buddy via passphrase, question and answer or by compairing digital fingerprints over a secure connection, e.g. mobile phone or by standing next to each other.

 

Extra Information

Pidgin is a multi platform chat client. This means you can use whatever chat provider you want to, such as ICQ, Windows Live(MSN) or Skype and use just one programm for all of them. Also, OTR works with all of them, but to be completly independent on commercial providers, I chose jabber.

Jabber works a bit like e-mail (decentralized, that is). You have to choose a provider, just like you would choose hotmail.com, googlemail.com, yahoo.com etc for e-mail. There a quite a few providers, for example the Chaos Computer Club in Germany or even German Universities. Since most jabber software is free software you might even want set up your very own jabber server in your basement like me.

OTR has a pretty good encryption. The big advantage is the encryption from end to end, so unless the attacker is in control over your computer, no one can see what you’re writing. Plus, it’s plausible deniable, see Plausible Deniability at wikipedia

Jabber, or rather the protocol XMPP is used by various big companies such as Google(google talk) or Facebook(facebook chat). You just hardly ever get to know what’s behind a system.