Tor-Enabled Smartphone Is Antidote To Google 'Hostility' Over Android, Says Developer

An anonymous reader quotes a report from Ars Technica: The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone -- an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router.

As much exectation of privacy as you can afford

[rectalfeeding]

The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys."

As long as it remains "as much privacy and security as you can afford", while the masses opt for sub $50 phones that treat them like cattle... What we need is herd level expectations of privacy. FOSS top to bottom, lowest barriers to forking competing alternatives. I only trust upstreams that don't behave as though not trusting them is a bad thing.

Re:

[AHuxley]

Is the Verified Boot with user-controlled keys still in user app land? The security services would not allow a phone to be network connected that they cannot listen, log, track even if another OS level OS is installed.

Re:

[K. S. Kyosuke]

You can track on the cellular network level, but simply having a separate modem module defeats it.

Re:

[AHuxley]

So voice, gps, power on, live mic, call logs are all hardware designed in.
The more commercial advance spyware, adware apps would get detected as they altered the OS, expecting a different OS.

Re:

[infolation]

As.... much... expectation of... privacy as your.... zootopia... sloth friends... can... tolerate... on....
....
...
tor

ha.... ha.... ... ... ha....

Tor stinks of Honeypot

[Anonymous Coward]

Tor is very very borked.

NSA and GCHQ planned to create enough entry and exit nodes to shape the traffic. This was done.
They planned to put in attack nodes to exploit bugs in Firefox. This was done.
They planned to put in attack nodes and exploit bugs in servers. This was done.
They presumably planned to put friendlies into Tor foundation, and given their behavior that was done too.

If you consider the 'obsfucation nodes', to hide use of Tor, you can request an undocumented entry node via GMail. Gmail the syste

Re:

[wiretrip]

Our last Prime Minister actually did that.

Re:

[rectalfeeding]

The new Trump reality means if its a USA system its a hostile-to-freedom system.

Please give examples of any less 'hostile-to-freedom' systems that exist? I.e. is there some other country whose systems you feel are thus 'less hostile to freedom'? Please name them, and explain in more detail.

And while Trump may raise some anxieties, perhaps altogether appropriately on these issues, Snowden's revelations about the USA tech systems under Obama does not suggest that Trump is necessarily a true game changer

Tor stinks of honeypot stinks of FUD

[epine]

Avoid Tor. It's a trap.

And you would be:

A) on the side of the freedom loving tin hats;
B) the algorithmic claptrap of yet another NSA disinformation FUD campaign?

What I can say for certain.

Your post hails from the Chicago "the gun, the gun, the gun" school of analysis.

s/gun/NSA/g

Interesting. Somewhere in the bath water, reducing the scope of your security leak to (probably) the most advanced and (certainly) the best-funded surveillance agency on the planet went right out the window.

Here's the thing about th

Re:

[Anonymous Coward]

Seems like if Google were hostile to openness, it wouldn't go out of its way to make sure that the devices it sells can be fully owned by the user.

Because you have to come crawling to them to actually do anything with the device. They will never release the drivers nor their device kernels as open source. You need their binary blobs - which do god knows what. Not to mention they are increasingly converting what used to be open source components of Android into bloated proprietary binary blobs and abandoning the open source ones. There is absolutely nothing open about Google. Google relishes every single opportunity to fence the web and install ads bet

Re:

[AHuxley]

Given the US per case costs of tracking onion routing for open court case work... all ip's are court ready now.

Terrorist friendly?

[Anonymous Coward]

Would this phone enable secure intercell communications? Is it detonator ready? How traceable are the components?

Onions

[PsyMan]

lets be honest, this seems like alt-great stuff, NN, wish I had pixels and nexii when boiling onions.

not nearly good enough.

[Gravis Zero]

If you don't want to Google meddling in your affairs, do not use any of their services. However, the real security issue here is the baseband processor. To my knowledge, they are all closed source though there is an implementation of a open source one. That said, if you want to avoid being spied on, you shouldn't carry around the most sophisticated piece of surveillance equipment that man has ever created.

Re:

[rectalfeeding]

That said, if you want to avoid being spied on, you shouldn't carry around the most sophisticated piece of surveillance equipment that man has ever created.

Or if you do because you don't want to forgo the tactical advantages, you may at least want to have the battery, microphones, cameras, and antennae temporarily physically disconnected, all inside a faraday baggie carrying pouch.

Re:

[ChunderDownunder]

The summary suggests carrying a secondary burner phone to connect to the mobile network via wifi tethering.

But can't the benevolent folks at the 5-Eyes then still track a suspect by the location of the wifi hotspot?

Re:

[psyclone]

Of course. This won't prohibit location tracking.

This sounds like fancy layers of firewalls for appy app apps: route traffic through TOR, prohibit certain types of malware, trust some versions of binary apps to not change.

Re:

[rtb61]

You only need one phone, you just need to treat it properly. It is not a security device, it is not a privacy device, it is a digital megaphone which screams out your communications across the entire internet. So use with care, limit what goes on there, assume your worst enemy is listening in (for many that is factually true) but they does not mean to abandon the fight for privacy and security. What they stole we can take back and Google has most definitely proved itself to be a corporation never to be trus

Re:

[Burz]

Wifi equipment has started down a road of anonymization. Linux users have been tinkering with macchanger for a while (though not effectively enough to stop the native MAC address from popping up now and then). Apple made the first big splash when they made MAC randomization standard for scanning mode; Android copied that. Microsoft followed suit with a MAC randomization in more modes. Then the Linux folks finally did it right by building MAC randomization features into Network Manager. The idea, of course,

Re:

[nnull]

That's what makes me sad with cellphones.

To do it properly, let's dump Android

[hughbar]

As far as I'm concerned Android is a sticky layer of ugliness, spyiness, syrupiness and general insecurity attached with sticky tape onto the top of a Linux kernel. Most of this shit is written in Java, the COBOL of the 1990s with it's murky license and endless lines of code, to do one little thing.

Secondly as I've said here: https://slashdot.org/comments.... [slashdot.org] I hate apps, now a more influential commentator has followed this line of thought, this week: https://medium.com/javascript-... [medium.com] They break the philosophy and freedom of the web, as if Facebook etc. hadn't done that already (as a friend said, I used to surf but now I visit 'sites').

All in all, my old friend William of Ockham: https://en.wikipedia.org/wiki/... [wikipedia.org] is spinning in his grave right now and dreaming of a non-Android, non 'apps', non-commercially tied future. Like John Lennon, I'm probably dreaming, but just 'imagine'...

Re:

[hughbar]

I said I hate them, but you are quite welcome to them my friendly Anonymous Coward. Be well and prosper, as they say!