[guardian-dev] warrant canary

Paul Gardner-Stephen paul at servalproject.org
Tue Feb 10 15:19:41 EST 2015 

Okay, sounds good.  Is there a nice diagram that shows the steps.  I only
ask this as while I think I have a handle on it this morning, it wasn't
obvious last night how it works, and if I get confused about it when a
little tired, my suspicion is that plenty of other people will, too.

Paul.

On Tue, Feb 10, 2015 at 9:21 PM, Hans-Christoph Steiner <
hans at guardianproject.info> wrote:

>
> The point here is to eliminate the need to trust f-droid or any other
> entity.
> f-droid.org is just one instance of this service, anyone can take
> fdroidserver
> and build their own instance.  Then there is additionally planned a
> lightweight fdroid instance, the Verification Server, that just does
> builds to
> verify that they match what is published on f-droid.org.
>
> This whole thing is built on the APK signature, so you have to trust that.
> FDroid is also rolling out GPG signatures, but making reproducible APKs
> that
> match by hash is a lot harder than match by APK signature.  But you don't
> have
> to trust any people in the whole chain, you can verify it all yourself, and
> run your own instance.
>
> For the record, the F-Droid org is incorporated in the UK, so NSLs don't
> apply.  But I imagine that the UK has something similar.  I'm not sure
> where
> the servers are.
>
> .hc
>
> Paul Gardner-Stephen:
> > Super :)
> >
> > Now, how do we make sure that F-Droid doesn't get hit by a NSL?
> >
> > Paul.
> >
> > On Tue, Feb 10, 2015 at 7:59 PM, Hans-Christoph Steiner <
> > hans at guardianproject.info> wrote:
> >
> >>
> >> Yes, this is very useful!  That's why we have implemented this in
> FDroid.
> >> Its
> >> pretty raw at the moment, but we do have at least one app that has been
> >> accepted to FDroid using a reproducible build process.  This app was
> built
> >> by
> >> f-droid.org's build infrastructure, then compared against the official
> >> Guardian Project build, and since they matched, f-droid.org published
> an
> >> APK
> >> using our signature:
> >>
> >>
> https://f-droid.org/repository/browse/?fdid=info.guardianproject.checkey
> >>
> >> Anyone can submit their app to f-droid.org as long as it is all free
> >> software.
> >>  To make f-droid.org verify its build against yours, just include a
> >> download
> >> link to your official APK in the Binaries: metadata field:
> >>
> >>
> https://gitlab.com/fdroid/fdroiddata/tree/master/metadata/info.guardianproject.checkey.txt
> >>
> >> You can read more here:
> >> * https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds
> >> * https://f-droid.org/wiki/page/Verification_Server
> >>
> >> .hc
> >>
> >> Paul Gardner-Stephen:
> >>> Deterministic compilation of Android applications would be a great step
> >>> forward to provide some protection against forced insertion of
> backdoors
> >>> into binaries.  Not perfect, but helpful.  Of course it doesn't help on
> >>> Apple.
> >>>
> >>> It would also be interesting to have a mechanism where you can ask an
> >>> application serve up the compiled byte code for any class for remote
> >>> verification.  Of course this would be spoofable, but including the
> >> "real"
> >>> byte code would bloat the application, which would be noticeable in the
> >>> increased size of the class files.
> >>>
> >>> Actually, I am over-doing that.  We could have a service where the
> >> android
> >>> apps get compiled from public, auditable source code, and the APKs
> >>> downloaded from the net or people's phones (to stop attacks forcing
> >> Google
> >>> to do two-faced apk serving, with the "bad" apk going to phones, and
> the
> >>> "good" apk going to the audit server).  Then compare the compiled
> classes
> >>> and resource files to look for any differences. Has the advantage that
> it
> >>> would reveal any naughty insertions.
> >>>
> >>> Would these be useful things?
> >>>
> >>> Paul.
> >>>
> >>> On Tue, Feb 10, 2015 at 1:22 AM, Patrick Connolly <
> >>> patrick.c.connolly at gmail.com> wrote:
> >>>
> >>>> This is great! Thanks, Nick!
> >>>>
> >>>> Related to your comment, Tim, it might be informative if the
> watermarks
> >> of
> >>>> the endorsers at the bottom of the "about" page were also near the top
> >> of
> >>>> the front. It seems the partners could be more visible on page one to
> >> give
> >>>> the whole project more weight.
> >>>>
> >>>> I've cc'd canary watch, as I'm not 100% sure Nick is on this list.
> >>>>
> >>>> --------------------------------------------
> >>>> Q: Why is this email [hopefully] five sentences or less? | A:
> >>>> http://five.sentenc.es
> >>>>
> >>>> NOTE that my incoming emails are delayed from arriving in my inbox
> until
> >>>> 9am daily. If you need to reach me sooner, please use other means of
> >>>> getting in touch. #slowwebmovement
> >>>> On Feb 9, 2015 5:31 AM, "Hans-Christoph Steiner" <
> >>>> hans at guardianproject.info> wrote:
> >>>>
> >>>>>
> >>>>> I imagine EFF, Harvard Law's Berkman Center, and NYU Law had some
> >> really
> >>>>> good
> >>>>> lawyers look at this before they endorsed it ;-)  It is uncharted
> >>>>> territory to
> >>>>> some degree, in terms of courts.  But it sounds like those lawyers
> >>>>> forming a
> >>>>> posse in case this does go to court.
> >>>>>
> >>>>> Also, for those who don't know, Nick Merrill, the man behind Calyx,
> was
> >>>>> the
> >>>>> plaintiff in Doe v. Ashcroft, which challenged the legality of
> aspects
> >> of
> >>>>> National Security Letters (NSLs):
> >>>>> https://en.wikipedia.org/wiki/Nicholas_Merrill
> >>>>>
> >>>>> I can't really imagine a better legal team behind this effort.  I
> >> suppose
> >>>>> they
> >>>>> are missing an ACLU endorsement...
> >>>>>
> >>>>> .hc
> >>>>>
> >>>>> Tim Bray:
> >>>>>> I almost don’t want to show this to others because of the
> alphabetical
> >>>>>> ordering putting 8chan prominently at the top…  Also I’d like to
> hear
> >>>>> some
> >>>>>> really good lawyers take up the question of whether these things
> >>>>> actually
> >>>>>> work.  But interesting, thanks.
> >>>>>>
> >>>>>> On Sat, Feb 7, 2015 at 1:20 AM, Hans-Christoph Steiner <
> >>>>>> hans at guardianproject.info> wrote:
> >>>>>>
> >>>>>>>
> >>>>>>> Looks like our man Nick has vetted the warrant canary idea and
> thinks
> >>>>> its
> >>>>>>> worth doing:
> >>>>>>>
> >>>>>>> https://canarywatch.org/
> >>>>>>>
> >>>>>>> At the very least, there are a bunch of lawyers behind it (EFF,
> >>>>> Berkman,
> >>>>>>> NYU
> >>>>>>> Law), so hopefully they'll be willing to offer their services if it
> >>>>> comes
> >>>>>>> to it.
> >>>>>>>
> >>>>>>> .hc
> >>>>>>>
> >>>>>>> --
> >>>>>>> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
> >>>>>>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> Guardian-dev mailing list
> >>>>>>>
> >>>>>>> Post: Guardian-dev at lists.mayfirst.org
> >>>>>>> List info:
> https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >>>>>>>
> >>>>>>> To Unsubscribe
> >>>>>>>         Send email to:
> Guardian-dev-unsubscribe at lists.mayfirst.org
> >>>>>>>         Or visit:
> >>>>>>>
> >>>>>
> >>
> https://lists.mayfirst.org/mailman/options/guardian-dev/tbray%40textuality.com
> >>>>>>>
> >>>>>>> You are subscribed as: tbray at textuality.com
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>> --
> >>>>> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
> >>>>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
> >>>>> _______________________________________________
> >>>>> Guardian-dev mailing list
> >>>>>
> >>>>> Post: Guardian-dev at lists.mayfirst.org
> >>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >>>>>
> >>>>> To Unsubscribe
> >>>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
> >>>>>         Or visit:
> >>>>>
> >>
> https://lists.mayfirst.org/mailman/options/guardian-dev/patrick.c.connolly%40gmail.com
> >>>>>
> >>>>> You are subscribed as: patrick.c.connolly at gmail.com
> >>>>>
> >>>>
> >>>> _______________________________________________
> >>>> Guardian-dev mailing list
> >>>>
> >>>> Post: Guardian-dev at lists.mayfirst.org
> >>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >>>>
> >>>> To Unsubscribe
> >>>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
> >>>>         Or visit:
> >>>>
> >>
> https://lists.mayfirst.org/mailman/options/guardian-dev/paul%40servalproject.org
> >>>>
> >>>> You are subscribed as: paul at servalproject.org
> >>>>
> >>>>
> >>>
> >>
> >> --
> >> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
> >> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
> >>
> >
>
> --
> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150211/06481463/attachment-0001.html>

More information about the guardian-dev mailing list