In case you use OpenPGP on a smartphone ...
sac at 300baud.de
Tue Aug 11 20:57:57 CEST 2020
Andrew Gallagher wrote:
> It matters little whether these statements were made by Snowden. Whether a particular piece of software exists or not, and
> whether it is owned by the Russians or the Israelis or the Americans, is beside the point. In principle, it can exist and
> similar pieces of software have existed in the past, so we can safely assume that something like it will always exist in some
> form or another.
> If someone roots your phone, or your laptop, it is Game Over. It does not matter if you are using Signal, or WhatsApp, or
> PGP. If the Bad Guys have rooted your phone you are helpless against them. The solution is not to let them root your phone in
> the first place (i.e. update regularly and don’t click on anything unsolicited), and don’t use your phone for anything that
> would endanger your life if you were rooted.
I must admit that I only use a smartphone for a couple of months now, because I wanted to see what things I can do with it.
Besides that I must also say that I am no fan of smartphone technology.
You say that we must be careful that not someone roots our smartphone. As understood a Pegasus operator can do what ever
he likes to do remotely, anonymously with our (Android/iOS) smartphone, without that we know that this happens. And then
some people may also have problems with their Desktop computer, in case FinFisher and friends allows zero-clicks too, which
we don't know.
So, to sum it up (I know you prefer Tails) would you agree that sooner or later the community should develop strategies,
in form of a best practice FAQ (cross-platform), to no longer use encryption software on online devices and work out
strategies to use offline devices and how to handle this data securely over to an online device, until proper and affordable
hardware encryption devices for online usage are available?
my 'hidden' service gopherhole:
More information about the Gnupg-users