In case you use OpenPGP on a smartphone ...

Ryan McGinnis ryan at digicana.com
Wed Aug 12 17:10:03 CEST 2020


I guess the real question is: what are people using PGP for on mobile
devices?  If it's for communication, that's silly.  There are at least a
half dozen far, far, far better ways to securely communicate on a
smartphone. 

Also -- unless you are steeped in the security industry and run a
hardened OS, your laptop is likely as vulnerable if not more vulnerable
to the kinds of state level actors deploying this kind of mobile
malware.  The best mobile devices are far less vulnerable than typically
configured PCs.  An iPad is likely orders of magnitude more secure than
using a laptop with a typical consumer OS (Windows, Ubuntu, etc).  Both
can be compromised but the iPad, if kept up to date, is going to be a
much more expensive target. 

The people of the world with Snowden-level paranoia (at least the ones
not tied to some nation's security service) are using air-gapped
internet-virgin hardware to communicate.  For everyone else, a locked
down (location services off, iCloud account off, always-on VPN, kept in
faraday bag when not in use) iPhone/iPad is as close as they're going to
get to real privacy/security. 

On 8/10/20 10:49 AM, Stefan Claas wrote:
> Michał Górny wrote:
>
> [...]
>
>> Why use PGP on your phone if you carry a whole laptop with you anyway?
> Good question. There is software for Andoid available called OpenKeyChain,
> which as understood is the defacto standard for Android smartphone users,
> in combination with a MUA for Android.
>
> The question IMHO now is what should mobile device users do now? I showed
> a solution, assuming those users have an offline laptop too, which then
> would allow them to comfortably and securely create their messages.
>
> Not all people can purchase now a new smartphone with a more secure OpenSource
> OS and new SIM, I assume.
>
> I also do not know if it is common if people use an (compromised?) online
> laptop, as a smartphone, when on the road.
>
> Regards
> Stefan
>
> --
> my 'hidden' service gopherhole:
> gopher://iria2xobffovwr6h.onion
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
-Ryan McGinnis
http://bigstormpicture.com
PGP Fingerprint: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 839 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200812/ca6c5e2e/attachment.sig>


More information about the Gnupg-users mailing list