ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users wrote: > 10/08/20 09:07 ನಲ್ಲಿ, Stefan Claas <s...@300baud.de> ಬರೆದರು: > > > > Matthias Apitz wrote: > > > > > El día domingo, agosto 09, 2020 a las 10:06:13p. m. +0200, Stefan Claas > > > escribió: > > > > > > > > This article showed up today, when I did a Google search again: > > > > > > > > > > <https://tech.firstlook.media/how-to-defend-against-pegasus-nso-group-s-sophisticated-spyware> > > > > > > > > > > Trustworthy source. > > > > > > > > Mmmhhh, it is getting 'better and better' for smartphone users. > > > > > > > > https://www.androidauthority.com/government-tracking-apps-1145989/ > > > > > > > > > > One can use a Linux mobile phone running UBports.com (as I and all my > > > family do) > > > or the upcoming Puri.sm L5 (as I pre-ordered in October 2017). > > > > Yes, people gave me already (not from here of course) good advise for other > > OSs > > which one can use. The question is how long will those OSs been unaffected > > ... > > > > > Stop whining, stand up and fight and protect yourself. > > > > I am not whining ... I only wanted to let the people know. Also very > > interesting that only one person in this thread replied, besides you ... > > I was wary of storing my private GPG keys on my phone (if only because of > theft/loss/etc), so I set up my keys on a Yubikey > and use that to decrypt stuff on my phone. From what I understand, even if > they were to obtain secrets decrypted by the > Yubikey or exfiltrate private files, they would not be able to actually > decrypt them given that the key resides on the > Yubikey (if the private key were on the phone itself, they'd "just" have to > crack the passphrase or whatever, which would > presumably be much easier...). > > Just another way to mitigate the risk of stuff like this.
Well, I do have YubiKeys and a Nitrokey too, but I would say while they can't obtain your private key they will for sure know the passphrase (PIN) used and the content you encrypted/decrypted on your smartphone. I came up yesterday with the idea to use an additional offline laptop[1] connected to my smartphone via a USB OTG cable and an FTDI USB to USB cable, costs for both less then 20 USD. When both devices are connected one uses on the laptop CoolTerm (cross-platform) and on the Android device serial usb terminal, available on the PlayStore. As of my understanding (please someone proofs me wrong) an attacker would have a hard time to know the encrypted content created on the offline laptop. [1]I have to check out if they are mobile and inexpensive Raspberry Pi solutions available for purchase. Regards Stefan -- my 'hidden' service gopherhole: gopher://iria2xobffovwr6h.onion _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
