Getting Signal on a PocketCHIP

I’m a big fan of the NextThingCo and their $9 CHIP computer for the simultaneously radical and practical approach to hardware manufacturing and low cost computing. Being a fairly early backer of their crowdfunding effort, I was able to get the super fun PocketCHIP dock/case/shell, as well, which looks like a cross between a Blackberry and a Gameboy, with all the circuitous guts exposed. The PocketCHIP is an open-source, handheld, portable computing device, with built-in Wifi and Bluetooth, a hilariously difficult keyboard, and a not so terrible battery. While I have tried to find legitimate uses for it in my day to day toolkit, including as an IoT monitoring terminal for a car’s ODB2 port, I have mostly just carried it to remind myself that the future of mobile computing could be one based on open-source hardware, software and an infinite variety of 3D-printed form factors.

Now, in the last few days, I have become a big fan of Signal-CLI, a Java-based command line interface to the Signal Messenger service. On this very blog, I wrote post on how you can easily send batched encrypted broadcast messages from a terminal shell using it. Then, tonight, I was looking at my PocketCHIP, and I had a moment of inspiration, when I realized that I could easily “apt-get install” java onto it, and by extension run Signal-CLI. This means that I could turn my underused PocketCHIP into a portable, open device upon which to send and receive encrypted messages to anyone in the world who also had Signal.

To make a long story short, it works! I installed Java (“apt-get install openjdk-7-jre-headless”), I downloaded the latest Signal-CLI releases (“wget https://tinyurl.com/signalcli035”), unpacked it (“tar xzvf… ” yada yada), and then ran the signal-cli command line. From there, you just follow the simple instructions provided on Github for registering and verifying, and away you go! I used a Google Voice number to handle receiving the SMS verification code. You could also use any landline or payphone – you just need something that can receive a text or voice call. Make sure to follow all the Signal safety tips, as well!

With Signal-CLI, you can send and receive messages, create and manage groups, and even list and verify safety number “keys”. The limited processing power and memory on the PocketCHIP does cause each command to take a few seconds, but that can be worked around. I can easily imaging an ELM or PINE style user interface for this, that would hide all of that fetching and receiving in a background process.

So, now my PocketCHIP is on Signal, and it has become infinitely more useful. Oh, and did I mention, it also runs Tor? Who is up for writing Ricochet-CLI?


Four Browsers for Defending Your iPhone from Evildoers, Spiders and Snoops

Note: I’m trying to blog more, just get any useful thoughts or recommendations I have down in public, on paper, so to speak. While I have developed, contributed to and promote various formal digital security guides and curriculum, sometimes these can be overwhelming to people just looking for some quick advise.

Why do you need a safer browser than the Safari app your phone comes with? Well, it is true, that Safari is pretty good, and Apple’s track record on security and privacy is solid. That said, Safari is configured by default to work for the most general needs of all iPhone users, many of whom prioritize convenience over privacy and security. While you might not notice day to day, there are a lot of sneaky, suspicious spiders out there in the infrastructure of the net, looking to suck all the value of your data, information and communication, for a wide variety of reasons.

You may have some desire to have more security and privacy when browsing the web, because of work that you do, places you travel, or topics that you are searching for or researching. Perhaps you want to keep your personal browsing separate from other browsing. Some may be worried about browsing on insecure wifi networks when you are at a cafe, hotel or traveling abroad. Whatever your reason, it only takes a few minutes to try these browsers out, which could save hours and days of headaches down the road.

Here then, is my list of browsers to use on your iPhone or iPad, if you want more security and privacy controls than just what the built-in Safari browser offers.

  • Brave Browser: Brave is an open-source browser for mobiles and desktop that increases security and privacy primarily through blocking all advertisements by default. They are open-source, block ads and tracking pixels, and default to using HTTPS on sites that support it. Their business model is focused on reintroducing safe, quality advertisements for content creators, which hopefully leads to both sustainability and a safer, faster web experience.
  • Endless Browser: Endless is another open-source browser, with an amazing array of secure and private by default configurations. It blocks all kinds of bad network behavior like unexpected iframes, popups, and cookies and weak SSL/TLS encryption ciphers. It also includes HTTPS Everywhere, so like Brave and Tor Browser on the desktop, it defaults to secure HTTPS connections if the site supports it. Endless was made by an independent developer who has been working hard to keep it up to date, and doing a great job of it.
  • Onion Browser: This is the best option for browsing through the Tor network on iOS, that gives you maximum privacy of your IP address, increased defense against network surveillance and intrusions, and solid secure default settings. While it has a simple user interface, the guts of it are built on great code, audited components, and incorporates the latest Tor engine and Pluggable Transport support (to get through the most unfriendly firewalls!). Onion Browser v2 is coming soon, based on Endless Browser, which will really bring two of the best open-source iOS browser projects together.
  • Chrome Browser: While Apple limits the ability for Google to port the entire Chrome browser stack to iOS, you still get a bump in security by trusting Google with your web browsing needs. This includes “Safe Browsing” malware protection and stronger HTTPS security through certificate pinning, If you aren’t a Google fan, and care more about privacy than security, then this might not be your best choice, since more of your browsing history data will likely end up in their algorithm.

All of these browsers can be paired with an iOS system wide ad blocker and VPN. I will cover my recommendations for those in another post.

If you feel I have missed a browser, configuration or other complementary option, please let me know!

My Quick Guide to a Less Risky Dropbox

While there are definitely many security-related holes and privacy concerns to be had about the free (but not open-source) Dropbox file sharing service, it has taken the world by storm, including many activist and human rights groups, mostly due to the simplicity and effectiveness of its user experience. As we have seen many times before, software and services that “just work”, will always win out over more secure options with the majority of the population. This post is a quick attempt to share some simple steps you can take to ensure your use of Dropbox, or any similar cloud-based file storage and sharing system, is more properly protected, obscured or otherwise mitigated as a direct threat to the security of your information.

1. Use Dropbox over Tor to stop local network monitors from knowing you are using Dropbox to begin with. This also is a good configuration to use with people who live in places where Dropbox might be blocked, but Tor is not.

Install Tor and use Vidalia (the GUI controller) to connect to the Tor network.

Set Dropbox->Preferences->Network->Proxy Settings to use Tor’s secure SOCKS proxy on localhost, port 9050

2. Set Bandwidth Usage to a low value to avoid creating large spikes in network traffic. This will reduce the likelihood your particular use will be singled out if you are syncing large media files or other transfers.

Set Dropbox->Preferences->Network->Bandwidth Usage to a low value such as 50KB/s for upload and download

3. Use Truecrypt to create encrypted disk volume files inside of Dropbox, and then store your files inside of that. This can still be shared by multiple users, if you use a password based volume.

Download, install and configure the free, open-source TrueCrypt software: http://www.truecrypt.org/

Create a new TrueCrypt volume, stored within a Dropbox folder

All in all, there are more secure ways to share sensitive information, such as using GPG file encryption or another OpenPGP solution, but if you absolutely must use Dropbox, and you are under any sort of threat at all to having the information you store on it used against you, then please follow this advice I have shared.

If you have additional tips, warnings or configurations along these lines, please add them to the comments below.

    The “Took”: Tibetan-enabled Nook eReader

    Thanks to amazing work by Tibetan font experts Tom Meyer and Chris Fynn, as well as the Barnes and Noble Nook eInk reader device hackers at NookDevs.com, I have modified my $199 Nook  ($149 if you get the wifi only model!)  to support proper rendering of Tibetan characters. This is dynamic rendering of Unicode text, and not just static pre-rendered images.

    You might have seen an earlier post I wrote about this here, and I’ve essentially done the same thing this time, but with an important addition of code from Tom that properly stacks the characters (a critical feature often not available in an OS font library), and a new Tibetan font (actually Bhutanese) from Chris which is small, lightweight and efficient enough to be used on Android. All together this provides support for reading Tibetan text on web pages, and within full application user interfaces, eBooks and more.

    With up to 32gb of storage possible via the tiny micro SD Card, this one device could probably store and serve up the majority of Tibetan Buddhist texts, not to mention literary, poetic and historic works, that exist, all in a lightweight, energy-efficient device. Since the device is also networked, you can use it to pull down the latest Tibetan language online news and blogs.

    And yes, this is all possible because the Nook is based on the free, open-source Android operating system. Yay for freedom in all forms!

    This is support for both web pages, as well as full applications on the device.