Before you freak out about these recommendations, please take into account:
These instructions are written for unsophisticated users, particularly journalists and activists, and were written with feedback from those users. So, for instance, the steps you might take to arrive at a secure Firefox or Android configuration are probably fine, but not workable for the audience these instructions are intended for.
We're simultaneously working with the airport lawyer groups (there's a huge one at ORD). It's been jarring to realize how many compromises are required to make things workable for groups of non-experts to use. Just getting software installed is a major hassle, so anything you install or customize needs to be really worth the effort.
First, thank you so much for putting together this list (you say "we", so I assume you are part of it); a great first step. What was your role? Do you endorse this list now and going forward?
Second, whoever made this list should include names that endorse it. They must be names of people trusted by various communities: IT security community, journalists (e.g., NY Times), activists (e.g., EFF), etc. Otherwise, it's just another list of very many on the Internet; who knows how reliable it is?
> It's been jarring to realize how many compromises are required to make things workable for groups of non-experts to use.
Third, I am very familiar with this problem, and that assumes you can persuade them that there's sufficient risk to justify the effort. The only solution is for someone to create secure, foolproof, user-friendly and appealing software that is effortless to install and maintain. I know it's easy for me to say "someone", but I don't have the expertise and this project absolutely requires expertise; it can't be yet another hack claiming to be secure.
Fourth, that will create another problem: If that software becomes widely used it will become a very appealing target for extremely well-resourced attackers. I'm not sure of the solution to this problem; can software really be secured effectively against those attackers? Really, we need more than one secure option; or, what if most communication software was fundamentally secure? One step at a time.
It is time for journalism schools (of all sorts) to teach this stuff. Nobody should call themselves a journalist (or a lawyer) if they cannot communicate securely, if they cannot at least put up a good fight against the watchers.
What I'm missing here is a simple: Don't use a laptop or cellphone to store sensitive information in the first place (regardless of whether of not you take it across the border). That seems to be the simplest precaution of all.
Was that an option or was it assumed un-avoidable that people will always have a smart phone or laptop with sensitive info on them? (so it would have to be an iphone according to the article) whereas that is assuming the choice has already been made that you have to have a smartphone to begin with.
What you're missing here is that the work these people do requires them to use computers and phones, and telling them to stop using them is like telling them to be 1/100th as effective as they would be otherwise.
This isn't "advice for refugees entering the country whose lives depend on getting past CBP".
Yeah. The only reasonably secure option for Android requires you to own a Nexus device within the window Google pushes security updates regularly. Or you flash it yourself to keep it up to date regularly. And even that is kind of dicey unless its just Google apps + Signal + verifiable OSS.
For one, without Google Play Services you have no Play Store. Unless you're going to prevent users from installing apps entirely, there isn't really another safe way to obtain apps. Additionally Verify Apps, SafetyNet, Safe Browsing, etc. are all part of Google Play Services. You _really_ want Verify Apps.
F-Droid and Racoon are ways to obtain apps. MicroG is an alternative to Google Play Services. How do these solve the other issues the commenter mentioned? Does MicroG include "Verify Apps, SafetyNet, Safe Browsing, etc."?
I believe the point is that such a signature is useless since the software signed as safe is actually unsafe, while a self-signed rom at least has a chance to be safe.
this reminds me of when team-teso had their stuff on their website directly accessible over https.. so they used a self-signed cert, so that no govt or corporation could require a MITM with a valid signed cert from any trusted CA.
I wouldn't, but the instructions here assume the network itself is compromised, so I'm not sure we gain much security by adding another scary-sounding technical requirement.
These instructions are written for unsophisticated users, particularly journalists and activists, and were written with feedback from those users. So, for instance, the steps you might take to arrive at a secure Firefox or Android configuration are probably fine, but not workable for the audience these instructions are intended for.
We're simultaneously working with the airport lawyer groups (there's a huge one at ORD). It's been jarring to realize how many compromises are required to make things workable for groups of non-experts to use. Just getting software installed is a major hassle, so anything you install or customize needs to be really worth the effort.