[Replicant] [PATCH] freedom-privacy-security-issues: Update general advice section

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Thu Mar 16 10:02:37 UTC 2017 

From: Wolfgang Wiedmeyer <wolfgit at wiedmeyer.de>

- Clarify that the storage should be encrypted using a strong passphrase.
- Chatsecure doesn't seem to be maintained anymore and it's not part of
  F-Droid anymore, so recommend Conversations instead.
- AGP was replaced with OpenKeychain in K-9 Mail. The link to the K-9
- Mail website is updated.
- Add orWall to the Android Tor setup.
- Add Silence for encrypting SMS.
- Remove the Tor project's Android hardening guide: The guide was
  updated and there is a link to the updated guide at the beginning of
  the old guide. The new guide has extensive sections about CopperheadOS
  and recommends to use it and donate to the project. CopperheadOS is
  nonfree software. They not only use blobs like LineageOS does, but
  their entire source code changes have a nonfree licence[1].

[1]  https://copperhead.co/android/downloads

Signed-off-by: Wolfgang Wiedmeyer <wolfgit at wiedmeyer.de>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
---
 freedom-privacy-security-issues.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-issues.php
index 7def689..0400d81 100644
--- a/freedom-privacy-security-issues.php
+++ b/freedom-privacy-security-issues.php
@@ -154,13 +154,14 @@
 				Some general good advice to ensure the best possible respect of freedom and privacy/security on mobile devices includes:
 				<ul>
 					<li>Installing only free software applications, from trusted sources such as F-Droid on Replicant.</li>
-					<li>Encrypting the device's storage, to prevent some unauthorized access to the device's data.</li>
-					<li>Using software that provides secure peer-to-peer-encrypted communications such as <a href="//dev.guardianproject.info/projects/gibberbot">ChatSecure</a> for instant messaging and <a href="//thialfihar.org/projects/apg/">AGP</a> with <a href="//code.google.com/p/k9mail">K-9 Mail</a> for emails on Replicant.</li>
-					<li>Using <a href="//www.torproject.org/">Tor</a> to achieve reliable anonymity, for instance with <a href="//www.torproject.org/docs/android.html.en">Orbot</a> on Replicant.</li>
+					<li>Encrypting the device's storage with a strong passphrase, to prevent some unauthorized access to the device's data.</li>
+					<li>Using software that provides secure encrypted communications such as <a href="https://conversations.im/">Conversations</a> for instant messaging and <a href="https://www.openkeychain.org/">OpenKeychain</a> with <a href="https://k9mail.github.io/">K-9 Mail</a> for emails on Replicant.</li>
+					<li>Using <a href="//www.torproject.org/">Tor</a> to achieve reliable anonymity, for instance with <a href="//www.torproject.org/docs/android.html.en">Orbot</a> and <a href="https://orwall.org/">orWall</a> on Replicant.</li>
+					<li>Using <a href="https://silence.im/">Silence</a> to encrypt SMS messages.</li>
 					<li>If the device is telephony-enabled, switching the modem to airplane mode or (when possible) turning it off when not in use, to avoid being tracked at all times.</li>
 					<li>Browsers using the webview framework (such as the browser shipped with Replicant and <a href="https://github.com/anthonycr/Lightning-Browser">Lightning</a>) are subject to <a href="https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior">various security flaws</a> in Replicant 4.2.</li>
 				</ul>
-				In addition, the <a href="//www.fsf.org/">Free Software Foundation</a> provides a <a href="//www.fsf.org/campaigns/surveillance">comprehensive guide to help protect freedom and privacy</a> and the Tor project an article entitled <a href="//blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">Mission Impossible: Hardening Android for Security and Privacy</a>.
+				In addition, the <a href="//www.fsf.org/">Free Software Foundation</a> provides a <a href="//www.fsf.org/campaigns/surveillance">comprehensive guide to help protect freedom and privacy</a>.
 			</p>
 		</div>
 	</div>
-- 
2.12.0

More information about the Replicant mailing list