30 July 2016

How secure are in fact VPN or Red Phone

How secure are in fact VPN or Red Phone
Article inspired by a PM received on XDA forum.

Hello there! Finally someone who cares about security.
Originally Posted by iunlock

Greetings, I've been reading some of your posts and all that info is right up my alley. It's hard to find someone who actually cares about this stuff like I do. Anyhow, I have some questions that you may be able to answer for me. A lot of people I've tried to run this by doesn't have any passion for security so I've only received half "" answers, which is not what I'm seeking.
What do you think about this set up.
1. I use a VPN that claims they don't keep logs on my phone. But who knows...better than nothing? Or are these companies compromised? See if I was the big bad wolf, I'd either create VPN companies to give people options to trick them into thinking they have security with a VPN (illusions) and/or pay VPN companies a dollar amount that they can't refuse for a backdoor...ie...easy access any time to the traffic and data. So what if VPN companies lie about their claims...who's going to tell right? $win-$win situation for big bad wolf and the VPN company that couldn't refuse the $ offered. Interesting eh?
2. Tor/Orweb. Hmm....slow as a dead turtle, but does it really work like they claim? I do see some truth to this though with its concept, but going back to what I said above. $ talks?
3. Password managers like last password, 1 Password etc... again if I was the big bad wolf, would I not be able to make $ talk? Make you think.
4. Secure apps...like jitsi, xabber, encrypted stuff...etc. ..
On the flip side of the coin, there are true security nuts who hate the big bad wolf and a lot of these people are the founders of some of these VPN companies and alike. So there's some comfort in knowing that I assume....also open source stuff is good because they are transparent. No messing around there. Anything funny or fishy would be known for any vulnerability in the app etc....
With all that stuff aside, assuming you did trust the VPN, tor etc....what's the best we can do security wise for our phones?
Well I think using a VPN is a must. Next using gpg to encrypt all emails along with encrypted chat clients. Then the use of tor to proxy your connections like mail, chat, fb, twitter etc....
What are your thoughts?
BTW, I don't use Facebook (Cia / prism) buffet....
I think gpg is the only sure way of true security.
In the real world, having the convenience for non important things makes the use of Gmail and other Google apps convenient.
Never do I ever use any real info for any of these accounts lol.
So the question is....will using a VPN, encrypted email, encrypted chat client, and tor do the trick?
How about the use of redphone app with Google voice on VPN since it uses data and not voice tunnel?
A lot of cool stuff....would love to hear your thoughts.

Hi sorry for so late answer.
Please read my posts on my security blog.
As a guide line:
There is no secure VPN or provider, all depends on your "enemies" or whom are you afraid of. It all depends on who "don't care about you".
And what you want to do.
Everything located on US territory will report in case to US authorities. Same goes for Germany, Russia, China.
Also for smaller countries: Canada, New Zealand, Australia - all will report to UK and USA.
Same for Austria, Finland, Sweden - all will report to USA, UK, Germany.
The closed ties in SIGINT cooperation are 100% same in so-called VPN providers/software.
IMHO it's money waste to pay for VPN. If you want to do something against law.
Respect the laws and ignore VPN.
All above is for private persons.
If enterprise, own physically the VPN server and never trust any 3rd part.
With kind regards
Zeno Sloim

Part 2

Red Phone - bogus for naive people
Any product (hardware or software) produced on German territory HAVE backdoor for German state authorities and Germany SIGINT close partners: USA, UK
Any product made on USA territory has back doors for US state authorities.
The whole Apple FBI encryption scandal was bogus for big public, all Apple products have backdoor.
It's a matter of time for how quickly will authorities know and decrypt your private data "travelling on internet".
Best solution is to try to keep it LOCALLY, as much as possible, by controlling anything going out of your phone.
It's not easy for a normal user.
But use only verified by you, apps.

With regards
Zeno Sloim