Posts Tagged encryption
After my first look, I’m back exploring the other apps on my Blackphone. See my Full Disclosure of my friendship with the Silent Circle guys and my work on the ZRTP security protocol used in the Blackphone. Today I’m trying out the interestingly named Disconnect Secure Wireless application, basically a VPN (Virtual Private Network) service. Given that this app is all about making connections, having it called “Disconnect” is a little odd. The name probably makes more sense with their ad and malware blocking services. According to their FAQ: “Secure Wireless uses AES-256 to encrypt data to or from your device. Secure Wireless also enforces Diffie-Hellman for key agreement/exchange which provides perfect forward secrecy (PFS).” which is all good. Out of the box, the Disconnect Secure Wireless application takes you through a short tour of the service. Essentially, it is a VPN service that can be easily enabled/disabled and also automatically enabled/disabled based on a preference for a given network. It seems this application is only available on Android, as the iOS version seems to not be a VPN but be an add blocker of some type. Disconnect Secure Wireless starts off with a free service of 512MB per month which you would blow through very quickly if you used it for everything. By putting the Blackphone activation code into the Account screen, you get 2GB per month, which seems reasonable if you use it sparingly, such as WiFi hotspots or when traveling.
Using it is easy – tapping the middle of the screen starts the VPN. When turning it on, you get two warnings:
The first reminds you that, since this is a VPN service, all the device network packets will be routed through it. Essentially, this app is a Man-in-the-Middle (MitM), although hopefully a trusted MitM. You must tap the “I trust this application.” in order to proceed.
The next warning tells you that once turned on, the VPN will always run for this network, until you turn it off. This is a good warning from a usage perspective.
Next you get a Connecting message and the middle of the screen turns green and indicates bandwidth usage for the month to date. One interesting thing – while I did notice the bandwidth usage rise with normal web browsing, I did not notice it go up during lengthy Silent Circle voice calls. In general, for a VoIP call such as silent circle, you can use up to 1MB per minute, depending on the codec. Perhaps the packets from Silent Circle aren’t tallied by Disconnect against the VPN quota. Or maybe I just got lucky…
The VPN speed seemed reasonable, although a speed test during a Saturday afternoon isn’t exactly scientific. Compared to just my WiFi over Cable Modem, it was slower, of course. The VPN has a location configuration for North America, Europe, or Asia. I’ll need to try it other times of the day to see how well it works.
The default search is also provided by Disconnect, although this can be changed. A DNS failure in the browser automatically brings up a https://search.disconnect.me search window for the failed string. It does show the Google “G” symbol, however, indicating that it is not an actual search engine. Instead, as described here, Disconnect Search forwards you request to the engine of your choice (Google, Bing, Yahoo, DuckDuckGo, or Blekko) and anonymizes it. You can also use it in any browser at https://search.disconnect.me/ So, Disconnect Secure Wireless does what it promises to on the Blackphone.
Your suggestions, comments and questions are most welcome!
Full disclosure: I am good friends with Phil Zimmermann, co-founder of Silent Circle. He and I worked together for many years to publish his ZRTP media security protocol as an RFC in the IETF standards body. I also helped him with his Zfone Project. I’m also friends with Jon Callas, Travis Cross, and others at Silent Circle, who collaborated with Geeksphone to produce the Blackphone.
After the Blackphone was announced back in February in Barcelona, I ordered one as soon as they started taking orders, and have pretty much just been killing time ever since then. I even had a false alarm delivery the other week when I was at the IETF conference inToronto. Another package with an address that had “Black” in it arrived, and I jumped to the conclusion that it was my Blackphone. Instead, my Blackphone arrived the day I was in Chicago at ClueCon, on a Security Round Table panel with Phil and Travis.
My first impressions are quite positive: the packaging is good, the phone is nice to hold in the hand. If anything, it feels lighter than I expected. And it is black. Included accessories are USB cable, charger with US and European plugs, and a headset.
I’ve been using Silent Circle for a while now on my iPhone, so I recognized the Silent Phone and Silent Text apps. Silent Contacts was new to me, as were the other pre-installed security apps.
It took me a little while to get Silent Phone and Text working. I had forgotten that I had to look up the Product Keys to get the Silent Circle Ronin code to activate the service and create my account. The Silent Circle apps are similar to those on my iPhone although the user interface is inscrutable. Why does it show one grey dot when I’m calling then switch to three green dots when I’m connected and ZRTP has been authenticated? What does “Secure to server” mean? Hopefully this is an easy fix to the UI to make it understandable.
Next, I need to try out SpiderOak and Disconnect.Me. Also, I haven’t put a SIM in yet. My friend James Body has given me a fantastic Truphone travel SIM that I really could have used last month during all my travels…
Look for a future post on these topics. As always, questions & comments most welcome.
RFCs or Request For Comments are the publications about how the technical details of how Internet works. They go all the way back to the earliest days of the ARPANET, used to share information among a small group of researchers. RFCs are published by the RFC Editor and cover Internet fundamentals such as TCP, IP, and SMTP. My first RFC was one for Session Initiation Protocol or SIP which was published as RFC 3261. Since then, I have published 14 others, but I’m most proud of this one.
ZRTP is a security protocol for providing privacy for VoIP calls over the Internet. It was invented by Phil Zimmermann, who invented PGP (Pretty Good Privacy) for email encryption in the 90’s. When I met him in 2005, he had an idea how to encrypt voice calls and some very rough prototype code. I helped him turn it into a protocol, and wrote the outline of the document that was published today. I’ve been the editor of this document for the past 5 years.
I think ZRTP is the best way to secure voice and video over the Internet. The reasons are a bit technical, but perhaps I’ll attempt explain why in another post. In the meantime, Phil Zimmermann’s Zfone Project web page has some good points in it.
Oh, and there is one other reason why I’m proud of this document – I came up with the name ZRTP. RTP stands for Real-time Transport Protocol. And of course, Z stands for Phil! It was a joke at first, but it kind of stuck.
ZRTP even makes an appearance in my techno thriller novel, Counting from Zero. The protagonist, Mick O’Malley uses ZRTP to ensure that all his voice and video communication is private, thwarting those who would like to wire tap his communications.
It has been a lot of work getting this RFC published, and I’m quite proud of the work. And over the years, I’ve become good friends with Phil, which is a real bonus.
Today I’m going to have a mini celebration – happy first birthday ZRTP, RFC 6189!