Difference between revisions of "Cryptoparty/2014/April"

2,414 bytes added ,  15:25, 20 April 2014
no edit summary
(april notes)
 
 
Line 15: Line 15:
*Gibberbot, now called ChatSecure, for iOS and Android for instant messaging.
*Gibberbot, now called ChatSecure, for iOS and Android for instant messaging.
*In order to use fdroid (a free and open source app store for Android), go to Settings, Allow Unknown Sources so you don't need Google's permission to install apps. It's fairly trivial to modify the contents of the APK while it remains signed by Google.
*In order to use fdroid (a free and open source app store for Android), go to Settings, Allow Unknown Sources so you don't need Google's permission to install apps. It's fairly trivial to modify the contents of the APK while it remains signed by Google.
*Recommended to put phones into Airplane mode (or at least toggle off WiFi) so that they're not sending out identifying probe packets. Private corporations can track your movements
**[http://www.juicedefender.com/ Juice Defender] to turn off your radios for saving battery life.
**It may be possible to spoof your Android's MAC address, some devices


=Anonymity=
=Anonymity=
Line 33: Line 36:
*Electric Embers, local worker coop, for paid mail hosting
*Electric Embers, local worker coop, for paid mail hosting
*1984 and Gandi.net for web hosting
*1984 and Gandi.net for web hosting
*[https://riseup.net Riseup], [https://airvpn.org/ AirVPN], [https://www.ipvanish.com/ IP Vanish]
*[http://www.opensmtpd.org/ OpenSMTPD]
*[http://www.opensmtpd.org/ OpenSMTPD]
*Cryptobot
=Dropbox=
*Dropbox is not end-to-end encrypted
*Condoleeza Rice is now on the Board of Directors for Dropbox.
*[https://www.boxcryptor.com/ BoxCryptor] for encrypting your cloud storage.
*[https://spideroak.com/ Spider Oak] - Client-side encrypted.
*[http://owncloud.org/ OwnCloud] - Run your own Dropbox. Does not do client-side encryption.
*[http://cozy.io/ Cozy.io] -
*Or just a copy of Apache with WebDAV
*rsync all the things!
=Note-Taking=
*Etherpad
**Developed for different databases, like NoSQL databases, making fully-replicable Etherpads possible
*[https://workflowy.com Workflowy]
=Legal=
*Will the police force you to input your password?
**No precedent has really been set yet.
**"Expectation of privacy"
**Australia and the UK will force you to input your password - you can be held in jail until you decrypt it. Which is crazy, considering you can have random bits accumulate on your computer that appear encrypted.
*If its on shared hosting, a hosting provider is required to hand over just the data belonging to the suspect.
*TrueCrypt use raises suspicion, you're expected to have a hidden TrueCrypt volume the password to which must be revealed.
*USB Debugging on allows anyone to access the phone and get content off it, even if the phone is locked.
*Most mobile phones can be pwned almost instantly
=MAC Addresses=
*Difficult to spoof for mobile devices - may be possible on some rooted Android phones
*Macspoofer on Linux - easy!
=Bitcoin=
*What can you buy with Bitcoin?
**CheapAir - flights
**Foodler - food
**Overstock.com
**Tiger Direct
**Alibaba
**Donate to the EFF or to Sudo Room!
*Better to host your own wallet than to use one of the third-party services that could steal your shit.
**Create the wallet while completely offline.
*Lots of altcoins popping up
*Drop in Bitcoin after hedgefund was created to store something like 49 million Bitcoins, though the Bitcoin community seems to have now forgotten about it.
1,196

edits