[guardian-dev] Blackphone

Matej Kovacic matej.kovacic at owca.info
Fri Jan 17 06:10:45 EST 2014


Hi,

> The OSTN servers of the caller and callee can see who's calling who
> though, right?
> 
> I'd rather reveal that information to a server I trust than a server I
> don't trust - so trust is relevant.

Yes, but adversary can see when do you connect to OSTN server to place a
call and see who responded to a call. Actually they can only see who is
transferring the data and in what amount, but it is enough for
correlation. So they can see who is communicating with who.

A solution would be to use OSTN with Tor network (OK, it would not work,
but you can use ChatSecure's voice messages), while both parties should
also generate some additional fake traffic to Tor network to prevent
correlation.

In that case you would have encrypted conversation, server administrator
cannot see who is communicationg with who (actually, can only see some
identity number like number 1000 is calling number 2000, but without
real IP addresses), and adversary can only see that you have connected
to Tor network and that you are transferring some data.

In that case you do not need to trust anyone. Except endpoint devices. :-)

P. S. My opinion is that for ordinary users content of communication is
not so problematic as traffic and location data. Secret services cannot
really record all the calls, even if they did, it is hard to analyse
them. But it is much easier for them to store all traffic data and
analyse them.

And the real problem is location data. You can use encryption, Tor, etc,
but adversary can track your location on a mobile network (or with
silent SMS messages). And there is no usable protection against this
threat yet.

Regards,

Matej


More information about the Guardian-dev mailing list