Silk Road forums

Discussion => Security => Topic started by: golden horse on June 24, 2013, 09:18 am

Title: just bought samsung galaxy 4, big mistake?
Post by: golden horse on June 24, 2013, 09:18 am
Not so long ago, I got my first smart phone, samsung galaxy 4, I thought I could use it for SR and proxy it up with tor etc.

Now I think it might have been a big mistake, firstly it didn't come cheap, but it's security i'm worried about, can u make these phones secure?  With all these apps that sync and constantly want to share details, seems like a security nightmare.

Is there a tutorial on how to set up and use android devices or should I sell it and go back to my cheap throw away phone.

Title: Re: just bought samsung galaxy 4, big mistake?
Post by: popjoe on June 24, 2013, 11:07 am
I dunno about the S4 but my S2 rarely manages to log into SR with the tor browser.  It's generally a waste of time.  If it works for you however all the better.  Apparently phones are easy to hack into but what are the chances you get hacked while surfing the Road?

I suggest asking on a TorProject forum if it provides the same anonymity.

However if you don't mind the hassle the pgp app for android "APG" is quite simply excellent in my experience.  If you don't mind keeping public keys on your key-ring it's fine but you can sort it out so that you add them each time.

If you don't want them in your keyring all the time you can encrypt the .asc files containing each key with APG.  Encryption strength goes up to 8000 to create your secret key.
All you have to do is create a new txt file on your pc, select "All Files" and save as "filename".asc - send it to your phone, bluetooth or wireless whatever works best and you're good to go.

I forgot to mention : on my S2 I can refuse automatic updates, which can help, but I'm really not sure what apps are communicating or not with whatever internet connection is going on.
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: 45mypet on June 24, 2013, 11:33 am
They can't see what you're viewing but they can tell when you're using tor and you're phone has a gps. All in all, I would not use it.
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: talawtam on June 24, 2013, 01:05 pm
Nokia 3210 FTW!
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: Jack N Hoff on June 24, 2013, 01:15 pm
They can't see what you're viewing but they can tell when you're using tor and you're phone has a gps. All in all, I would not use it.

Many carriers do see the URLs that you visit if you are not using wifi.
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: popjoe on June 24, 2013, 01:26 pm
They can't see what you're viewing but they can tell when you're using tor and you're phone has a gps. All in all, I would not use it.

Many carriers do see the URLs that you visit if you are not using wifi.

Wish I had know that before... good thing I gave up trying to connect.  Maybe I can't actually log in due to that.  I'll try and see if it works better with wi-fi.
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: 45mypet on June 24, 2013, 01:29 pm
They can't see what you're viewing but they can tell when you're using tor and you're phone has a gps. All in all, I would not use it.

Many carriers do see the URLs that you visit if you are not using wifi.

Oh really? I didn't know that, thanks for the heads up. Just gives another reason why you should not access ToR from a phone.
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: anonypunk on June 24, 2013, 08:22 pm
Well you can root it which might help. I wonder if it would help if you run tor on your phone then tether it with a usb cable to your PC which would be running OpenVPN and Tor as well. It seems like that could give you a couple extra layers of security. Especially if you didn't use all the google apps with your real name. I don't know though just a thought.
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: coglac on June 25, 2013, 02:12 am
would your carrier still be able to see the url your visiting if you were using a vpn as well as Tor?
Title: Re: just bought samsung galaxy 4, big mistake?
Post by: fartsinthewind on June 25, 2013, 03:30 am
Guys,

Running orbot with orweb and/or any other TOR browser from your "smart" phone is a terrible idea. First off, your carrier aka NSA can pretty easily pick you up according to the frequency you're operating on (even though there may be a hundred people nationwide on a tiny sliver of the electromagnetic spec frequency now with anything post-gsm) by detecting your RFID and link it with the IMEI (your phone's HARDWARE id). Secondly, If you're going to use a smart phone for TOR and annonymnity purposes, delete all other aps, pay with cash upon initial setup, and put black electrical tape over the screen-facing camera, if there is one. Download an app called "Tspychecker" that goes through all your currently installed apps fine print in the user agreements and gives you an excellent overview of what permissions you are giving what apps, like....why does my banking app have/want permission to take "sneaking camera shots" without notification? Well, my fellow road travellers, the answer is logical. I guess there is the possibility of somebody stealing my phone and trying to get bank account information off of it....I'm sure the federal authorities would be most thorough and decisive in their action of tracking said theif!! Or not. Now, why the ultimate flashlight free app also wants to take pics of my face without me knowing.....your guess is as good as mine.

That's just the tip of the iceberg with smart phones. Disabling NFC connectivity(physically remove it if you can), various location "services", battery replacement/removal (data can be stored on batteries, this is bad news to all you apple folks. Apple knows when you are taking an ishit). I'd suggest rooting for android. I'd mandate an office-space type of destruction separately of phone, SIM card, and battery. Replace with AT&T go phone for $14.99-$50 at wal mart along with a $25 airtime card, pay cash, $2 daily charge unlimited data in some cases, billed only on the days you use it.

Be safe guys!