[Replicant] [PATCH v2] freedom-privacy-security-issues: Update general advice section

Paul Kocialkowski contact at paulk.fr
Fri Apr 28 14:35:07 UTC 2017


Le mercredi 15 mars 2017 à 19:51 +0100, Wolfgang Wiedmeyer a écrit :
> Clarify that the storage should be encrypted using a strong passphrase.
> Chatsecure doesn't seem to be maintained anymore and it's not part of
> F-Droid anymore, so recommend Conversations instead.
> AGP was replaced with OpenKeychain in K-9 Mail. The link to the K-9
> Mail website is updated.
> Add Silence for encrypting SMS.
> Remove the Tor project's Android hardening guide: The guide was
> updated and there is a link to the updated guide at the beginning of
> the old guide. The new guide has extensive sections about CopperheadOS
> and recommends to use it and donate to the project. CopperheadOS is
> nonfree software. They not only use blobs like LineageOS does, but
> their entire source code changes have a nonfree licence[1].
> 
> [1]  https://copperhead.co/android/downloads
> 
> Signed-off-by: Wolfgang Wiedmeyer <wolfgit at wiedmeyer.de>

Acked-by: Paul Kocialkowski <contact at paulk.fr>

> ---
> 
> Changes since v1:
> 
> 	- Don't add orWall as it is EOL
> 
>  freedom-privacy-security-issues.php | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-
> issues.php
> index db6d321..ceb15a5 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -154,13 +154,14 @@
>  				Some general good advice to ensure the best
> possible respect of freedom and privacy/security on mobile devices includes:
>  				<ul>
>  					<li>Installing only free software
> applications, from trusted sources such as F-Droid on Replicant.</li>
> -					<li>Encrypting the device's storage,
> to prevent some unauthorized access to the device's data.</li>
> -					<li>Using software that provides
> secure peer-to-peer-encrypted communications such as <a
> href="//dev.guardianproject.info/projects/gibberbot">ChatSecure</a> for
> instant messaging and <a href="//thialfihar.org/projects/apg/">AGP</a> with <a
> href="//code.google.com/p/k9mail">K-9 Mail</a> for emails on Replicant.</li>
> +					<li>Encrypting the device's storage
> with a strong passphrase, to prevent some unauthorized access to the device's
> data.</li>
> +					<li>Using software that provides
> secure encrypted communications such as <a href="https://conversations.im/">Co
> nversations</a>; for instant messaging and <a
> href="https://www.openkeychain.org/">OpenKeychain</a> with <a
> href="https://k9mail.github.io/">K-9 Mail</a> for emails on Replicant.</li>
>  					<li>Using <a href="//www.torproject.o
> rg/">Tor</a>; to achieve reliable anonymity, for instance with <a
> href="//www.torproject.org/docs/android.html.en">Orbot</a> on Replicant.</li>
> +					<li>Using <a href="https://silence.im
> /">Silence</a>; to encrypt SMS messages.</li>
>  					<li>If the device is telephony-
> enabled, switching the modem to airplane mode or (when possible) turning it
> off when not in use, to avoid being tracked at all times.</li>
>  					<li>Browsers using the webview
> framework (such as the browser shipped with Replicant and <a href="https://git
> hub.com/anthonycr/Lightning-Browser">Lightning</a>;) are subject to <a
> href="//redmine.replicant.us/issues/1780">various security flaws</a> in
> Replicant 6.0.</li>
>  				</ul>
> -				In addition, the <a href="//www.fsf.org/">Fre
> e Software Foundation</a> provides a <a
> href="//www.fsf.org/campaigns/surveillance">comprehensive guide to help
> protect freedom and privacy</a> and the Tor project an article entitled <a
> href="//blog.torproject.org/blog/mission-impossible-hardening-android-
> security-and-privacy">Mission Impossible: Hardening Android for Security and
> Privacy</a>.
> +				In addition, the <a href="//www.fsf.org/">Fre
> e Software Foundation</a> provides a <a
> href="//www.fsf.org/campaigns/surveillance">comprehensive guide to help
> protect freedom and privacy</a>.
>  			</p>
>  		</div>
>  	</div>
-- 
Paul Kocialkowski, developer of free digital technology and hardware support

Website: https://www.paulk.fr/
Coding blog: https://code.paulk.fr/
Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20170428/e55a02a3/attachment.asc>


More information about the Replicant mailing list