Email wasn’t designed with security in mind. Unless you take steps to protect your communication, emails are sent in plain text - and so are your email account username and password.
At the same time, if you and your recipient are taking the appropriate security precautions, mobile email can be a secure and reliable alternative to other forms of mobile communication. If you have data service for your mobile, encrypted email can replace text messaging, and if you aren’t able to access a website securely to upload content - photos or videos for example - getting it to a trusted contact as an email attachment can be a safer alternative.
Email wasn’t designed with security in mind. Unless you take steps to protect your communication, emails are sent in plain text - and so are your email account username and password.
At the same time, if you and your recipient are taking the appropriate security precautions, mobile email can be a secure and reliable alternative to other forms of mobile communication. If you have data service for your mobile, encrypted email can replace text messaging, and if you aren’t able to access a website securely to upload content - photos or videos for example - getting it to a trusted contact as an email attachment can be a safer alternative.
This article suggests the following tactics for improving the security of your mobile email:
Mobile Anonymity and Censorship Circumvention: How to Browse the Web Anonymously On Your Phone data sheet 3114 Views
Author:
MelissaLoudon
Abstract:
If you don’t want someone to know that you were accessing a particular web site (or that you were accessing it at a particular time, such as when inflammatory content was posted), you need to anonymize your mobile browsing. Depending on how your network is set up, the site you are accessing may be able to see and keep a record of your IP address. Your network administrator, Internet Service Provider and/or Mobile Network Operator can see and keep records of the IP addresses of both your Internet-connected mobile device and the sites you are accessing. IP addresses can nearly always be linked to a geographic location, whether a zip code or a city, and your ISP or mobile network provider can link your IP to your individual device.
However, using HTTPS does not hide your identity. If you don’t want someone to know that you were accessing a particular web site (or that you were accessing it at a particular time, such as when inflammatory content was posted), you need to anonymize your mobile browsing. Depending on how your network is set up, the site you are accessing may be able to see and keep a record of your IP address. Your network administrator, Internet Service Provider and/or Mobile Network Operator can see and keep records of the IP addresses of both your Internet-connected mobile device and the site you are accessing. IP addresses can nearly always be linked to a geographic location, whether a zip code or a city, and your ISP or mobile network provider can link your IP to your individual device.
Organisations and countries that block websites can do so by blocking communication to and from specific IP addresses. For this reason, anonymizing your browsing is also the first step to circumventing Internet censorship.
This article describes two tactics for anonymous browsing and censorship circumvention - using a proxy, and using a mobile version of the circumvention tool Tor. Both are used on cpmputers as well as mobile devices. Specific tools for mobile phones are described in the second part of the article.
A User Guide to Orbot - Anonymized Tor Browsing on Your Mobile Phone data sheet 2669 Views
Author:
SaferMobile
Abstract:
Orbot is an anonymizing and circumvention app that connects Android phones to the Tor network. Developed by The Guardian Project, it is currently the only way to use Tor on a mobile phone.
Orbot is for Android users who need to browse anonymously or circumvent blocked sites. It should work on both older and new model Android phones, and does not require a rooted phone (although there are some advantages to using it with one). Orbot is designed for proficient Android users.
Orbot is an anonymizing and circumvention app that connects Android phones to the Tor network. Developed by The Guardian Project, it is currently the only way to use Tor on a mobile phone.
Who should use it?
Orbot is for Android users who need to browse anonymously or circumvent blocked sites. It should work on both older and new model Android phones, and does not require a rooted phone (although there are some advantages to using it with one). Orbot is designed for proficient Android users.
How does it work?
Orbot sets up a connection to the Tor network and makes it available to apps through a local proxy.
Particularly for smartphones, there are many apps that promise improved privacy and security for your mobile communications. Like all apps, some are very good, but other are poorly written or overpriced, and may even be malicious. This article will help you evaluate whether you should trust their promises.
Before You Start
Security apps are most useful as part of a coherent security policy covering all your mobile communications. The Mobile Risk Assessment Primer will help you complete an inventory of mobile communications risks, and decide which are most important and most feasible to mitigate.
Once you’ve completed a risk assessment, it’s important to search broadly for security apps. MobileActive is in the process of reviewing many of these from our current list of security apps, but the mobile security landscape changes quickly. Ask friends and colleagues, read about your specific security need online, and search your device’s app marketplace. Once you’ve identified as many options as possible, it’s time to start evaluating your security apps.
Will It Work on Your Phone?
As with computer software, some mobile apps are built to work on one platform - Android, iPhone, Blackberry, Symbian, Java - and may not work on others. There may be other requirements too, such as particular phone models. Make sure the apps you have chosen are all going to work on your device.
Also consider how you will actually get the app - can it be downloaded from a web link that you open on your phone, or can you get it from an app marketplace? Some apps can also be downloaded to a PC and transferred via bluetooth or a data cable. This step sounds obvious, but it can be tricky when you don’t have stable Internet access on your phone or aren’t used to the app install process.
Facebook has more than 500 million users, half of which access the site through their mobile phone. Being able to communicate your message to an audience this large is exceptionally valuable. At the same time, your activities on the site generate very detailed information about you and your networks. If you are concerned about surveillance, this information can put you at risk. This how-to explains what those risks are and how to use Facebook on your mobile device more securely.
Facebook has more 500 million users, half of which access the site through their mobile phones. Being able to communicate your message to an audience this large is exceptionally valuable. At the same time your activities on the site generate very detailed information about you and your networks. If you are concerned about surveillance, this information can put you at risk.
Assess Your Facebook Mobile Risks
Like Twitter, Facebook is a way to get your messages to a potentially large audience. It is not a secure method of communication for sensitive information.
This article offers advice about how to mitigate risks when using Facebook as a dissemination and organizing tool. In particular, we consider the following risks:
The risk that your public activities on Facebook reveal compromising information about you or your networks - for example, revealing the identity of supporters or identifying people who were present at a particular event.
The risk of your private information being revealed to a third party without your consent.
The risk that your account details (username and password) are discovered, and that someone may impersonate you.
The risk of your account being deleted or suspended.
The risk that Facebook is blocked or becomes inaccessible.
in general, you should only use Facebook to share information that you consider public. Public information can be freely distributed by you, your organization, and your supporters, without any risk to individuals or organizational operations. In communicating public information, you can send and receive this information without taking any precautions.
HTTP, the Hypertext Transfer Protocol, is the data communication protocol you use when you broswe the web - as you probably know if you've noticed that website addresses usually begin with http://. HTTPS is the secure version of HTTP, which you might have seen being used for sensitive transactions like online banking and online shopping. When you are using the secure part of a site, the web address will begin with https://.
When using your mobile phone for sensitive communications, it is important to ensure that your online activities - whether researching or reading about an issue, sending an email, writing a blog post or uploading photos - are done over a secure connection. There are three elements of secure web browsing:
Despite the smartphone craze of the past 5 years, featurephones are still king in much of the world. From the perspective of activists, rights defenders, and journalists, they cannot be ignored. And feature phones have plenty of built-in capability to help users stay safer. During the course of our research, we've uncovered valuable features that even the most experienced users may not be aware of.
As a part of SaferMobile, a project of MobileActive.org, we've focused on documenting the most important ways that a user can lock down a mobile handsets. No external apps or special tools are required, just a charged battery. We've condensed these tips into single-page, device-specific reference guides for a variety of makes & models that get straight to the point. And yes, we made sure to cover smartphones and featurephones.
A discussion on mobile application security must address the current issues facing mobile devices and the best way to mitigate them. This chapter aims to provide content on the following subjects:
Top issues facing mobile devices
Tips for secure mobile application development
The issues covered in this chapter are not exhaustive and appear in no particular order; however, they can be used to begin the conversation on mobile application security in your organization.
This article contains information to help you understand and mitigate mobile security risks related to Twitter. As always, remember that risks are context-specific, and depend on the environment you work in as well as whether you are communicating sensitive information. For more information on risk assessment, please review the Guide to Mobile Security Risk Assessment.
Twitter is a way to get your messages to a wider audience. However, you should know that from any platform (computer or mobile phone), it is not a secure method of communicating sensitive information. Consider the following guidelines:
Your Tweets should only contain information you want to widely and publicly share. This should be public information that can be freely distributed by you, your organization, and your supporters, without any risk to individuals or organizational operations.
Even if you protect your tweets so that only followers can see them, followers can easily retweet your messages, or access them over an insecure connection.
A Guide to Mobile Security Risk Assessment data sheet 4117 Views
Author:
SaferMobile
Abstract:
You are an activist, rights defender, or journalist. You use a mobile device. And you work in sometimes risky situations in your country. This guide will help you implement mobile security practices in your work. It will help you assess the particular risks that face you and then assist you in developing a plan to mitigate those risks.
You are an activist, rights defender, or journalist. You use a mobile device. And you work in sometimes risky situations in your country.
This guide will help you implement mobile security practices in your work. It will help you assess the particular risks that face you and then assist you in developing a plan to mitigate those risks. First, we'll cover some of basic concepts. Then, in the second part of this guide, we'll take you through developing your own risk assessment in 5 steps.
We have previously published a Mobile Risk Primer that describes general security vulnerabilities associated with mobile technology and communication. Read it!
Throughout this guide, we'll also highlight the fictitious case of Asima, a blogger and activist in Egypt. Examples of how Asima might complete the assessment worksheet and create a security plan for her work are highlighted in this guide.
Asima lives in Cairo, Egypt and is a blogger and an activist. She used to maintain a blog on Blogspot, but now mostly uses Facebook and Twitter to follow current events, to share information, and to communicate with colleagues. She tweets from her mobile phone while in traffic and at cafes and protests and from her computer when she is at work or at home.
Activists, rights defenders, and journalists use mobile devices for reporting, organizing, mobilizing, and documenting. We have written about many of these uses for years now, describing how mobile phones provide countless benefits to activists and rights defenders. Mobile tech is relatively low cost and allows for increased efficiencies and vast reach, for example. But, there is a darker side.
Mobile Phones present specific risks to rights defenders, journalists, and activists. We believe that is is critically important to know that mobile communication is inherently insecure and exposes rights defenders and those working in sensitive environment to risks that are not easy to detect or overcome. (We provide an overview of those risks in this Primer, for instance)
To address mobile safety and security for rights defenders, we are introducing SaferMobile, to help activists, human rights defenders, and journalists assess the mobile communications risks that they are facing, and then use appropriate mitigation techniques to increase their ability to organize, report, and work more safely.
What is SaferMobile?
Online and offline educational and tactical resources (risk evaluation tools, case studies, how-to guides, security tool reviews);
Trainings and curricula for use in various countries and with different constituencies;
Specific mobile security software focused on the needs of rights defenders, activists, and journalists.
As will all that we do, we believe that there certain values and principles that are paramount in this work. For SaferMobile, we are following these principles:
We believe that skilled, trained, and knowledgeable activists, journalists, and rights defenders are key to democratic changes. We also believe that the smart and effective use of technology constitutes an integral piece of their skill set.
The better activists, journalists, and rights defender are able to work, the more safely they are able to organize and communicate, the more likely it is that their work is effective and heard.
We are committed to accessible, useful, actionable, and technically accurate and secure content, materials, and software.
We are also committed to describing technological vulnerabilities in terms that non-technical users can easily understand.
We work with activists on the ground to ensure that the content we produce addresses real uses and risks.
We also seek responsive connections between activists and security professionals so that both are more able to assess and respond to changing risks.
Lastly, we are maintaining information that reflects current security risks and technological vulnerabilities and is vetted for security and technological accuracy by knowledgeable experts.
Roadmap and Process
The SaferMobile project is just beginning its second Phase. Phase 1 included needs assessment with users and peers – activists, rights defenders, journalists, technologists, security experts, and mobile developers. Through this research, we outlined plans for web content, training curriculum and tools (software) and are now creating these pieces in Phase 2 of the project (May-August 2011).
Mobile Security Risks: A Primer for Activists, Journalists and Rights Defenders data sheet 18219 Views
Author:
SaferMobile
Abstract:
A primer on mobile security risks for activists, rights defenders, and journalists. includes tips on how to protect yourself.
Activists, rights defenders, and journalists use mobile devices and communications for reporting, organizing, mobilizing, and documenting. Mobiles provide countless benefits -- relatively low cost, increased efficiencies, vast reach -- but they also present specific risks to rights defenders and activists.
Additionally, information about other mobile uses, such as your photos or video, your data, the Internet sites you visit from your phone, and your physical location, are stored on your device and often logged by your mobile network. (The above graphic shows a schematic overview of the layers of the mobile networks to give you sense of the different elements that make up communications between two phones.)How much is this putting you at risk? This Overview will help you evaluate your level of risk in regard to your mobile communications.
Please join us on Friday, April 1 in NYC! To celebrate April Fools Day and to highlight mobile phone & digital network insecurities, the Guardian Project and MobileActive.org are hosting "Don't be Fooled", part of the new SaferMobile initiative. This hackday will showcase mobile tools to enhance security, profile GP's open-source tools and feature a room for face-to-face conversations about mobile security.
Do to the intimate size of the venue, we are caping RSVPs at 30: 20 "developers / hackers" who want to learn about developing secure mobile phone services and 10 practitioners who want to root their phones / learn about mobile security. Please put your name here!
Location: Open Mobile Lab, 127 W 27 St, Suite 702, NYC Time: Friday, 1 April 2011 from 9:30 till 5:00. Beer O'Clock from 5:00 till 7:00. Hashtag: #safermobile
The Guardian Project (@guardianproject) aims to create easy to use apps, open-source firmware MODs, and customized, commercial mobile phones that can be used and deployed around the world, by any person looking to protect their communications and personal data from unjust intrusion and monitoring.
MobileActive.org (@MobileActive) connects people, organizations, and resources using mobile technology for social change. Our global network of practitioners and technologists are working
Surveillance technology is currently only in the hands of those who are already in power, which means it cannot be used to combat the largest problem facing modern society: abuse of power. So the question remains: "Quis custodiet ipsos custodes?" - roughly, Who watches the watchers? This is where OpenWatch comes in. The recent ubiquity of mobile telephones with media recording capabilities and the ability to run any software the users chooses gives the public a very powerful tool. Now, we are all equipped to become opportunistic journalists. Whenever any of us come in contact with power being used or abused, we can capture it and make it become part of the public record. If we seek truth and justice, we will be able to appeal to documentary evidence, not just our word against theirs. Ideally, this will mean less corruption, more open government and a more transparent society.
OpenWatch aims to democratize this theory of 'scientific journalism' championed by Julian Assange and apply it to citizen media. OpenWatch is not only intended to display abuse of power, but also to highlight appropriate use. As we are unbound by technological restrictions, we can aim to record every single time power is applied so that we may analyze global trends and provide a record for future historians. Police, corporate executives, judges, lawyers, private security agents, lobbyists, bankers, principals and politicians: be mindful! We are watching!
OpenWatch recorder is a tool for Android phones which secretly records audio and video, then automatically and anonymously uploads it to a server, which it can be reviewed and listen on the OpenWatch website. Client and server software is Free and Open Source.
Tool Category:
App resides and runs on a mobile phone
App resides and runs on a server
Is a web-based application/web service
Key Features :
Secretly Records Audio and Video
Automatically Uploads Media Anonymously to a Secure Server
We have been very keen on exposing the security issues related to mobile communications for activists in insecure environments. To that end we have, to date, produced a number of how-to guides that evaluate some of the tools available.
We will continue to pay close attention to this space as there are not enough tools and resources yet for activists and journalists to communicate securely via mobile. If you are aware of other projects or resources, please add a comment!
The Mobile Minute is here to bring you coverage on Sierra Leone's crackdown on unregistered SIM cards, Wall Street firms' move away from BlackBerry, Tim Berners-Lee's concerns about the mobile web's privacy, accountability, neutrality of networks, and accessibility, and a how-to guide for taking the best photos with your Android phone.
Mobile Diffusion and Development: Issues and Challenges of M-Government with India in Perspective data sheet 2237 Views
Author:
Kavita Karan and Michele Cheng Hoon Khoo
Publication Date:
Jan 2008
Publication Type:
Journal article
Abstract:
Mobile telephony has emerged as the new frontier where governments around the world are making themselves more accessible through the remote delivery of government services and faster rate of data transfer. In developing countries, the lower cost of mobile technology as compared to Internet has allowed for the expansion of mobile government or m-government services to the poorer segments of the population. From a literature review on m-government, including the various strategies required and successive practices across the world, we build five parameters for a framework for evaluation of m-government services. These include Infrastructural Investment, Regulatory and Political environment, Awareness and Acceptance, Security and Privacy, and Equitable Acceptance.
Using these factors, we review the m-government initiatives in selected countries both in the West, Asia and India. This paper provides an updated review of the current mobile government initiatives, including: m-government’s facilitation of development; the issues and challenges in India; and, finally, proposes some strategies that can be adopted by India.
Today's Mobile Minute covers how mobiles are improving students' performance in a North Carolina school, personal data theft from a malicious Android app, a $100 million USAID grant for health services in Malawi, the effect of mobile applications on the East African economy, and the release of Opera's "State of the Mobile Web."
Today's Mobile Minute covers the mobile gender gap, mobiles in the classroom that allow deaf children to learn alongside hearing children, a study about mobile over-sharing, mobile credits on cell phones during disasters, post-Haiti disaster management with ICTs, and a 90-second interview with Patricia Mechael about mobile health.
The Child Africa International School in Kabale, Uganda encourages the use of SMS at school in order to foster communication between hearing and non-hearing students, as described in "Deaf Children are Being Heard in Africa." (Hat tip Textually.org)
According to a Webroot Study of 1,645 social network users, 55% of people polled said "they worry over loss of privacy incurred from using geolocation data" on mobile phones."
"Disaster Response 2.0: Learning from Haiti" looks at how ICTs were used after the January 2010 earthquake in Haiti, covering mobile donations, Ushahidi, and how ICTs can help during emergencies.
[Mobile Minute Disclaimer: The Mobile Minute is a quick round-up of interesting stories that have come across our RSS and Twitter feeds to keep you informed of the rapid pace of innovation. Read them and enjoy them, but know that we have not deeply investigated these news items. For more in-depth information about the ever-growing field of mobile tech for social change, check out our blog-posts, white papers and research, how-tos, and case studies.]
Two mobile tools that we have been watching with interest have new versions out and available for public beta and testing.
Freedom Fone
Freedom Fone, developed by Kubatana in Zimbabwe, is an interactive voice response system that allows callers to access audio information on their mobile phones. It is aimed at organizations who want to set interactive up audio news services for their audiences. Freedom Fone is now out in version 1.5 and available for public testing and use.
While there are many such interactive voice systems (Asterisk is the most well-known open source VOIP platform, with many commercial, open source versions such as Trixbox using Asterisk), Freedom Fone is focused on an NGO audience with easy install and setup that minimizes the need for technical expertise.
In our ongoing and ever-expanding series of how-to resources for NGOs and grassroots organizations using mobile technology in their work, we are releasing a new primer on "Mobile Surveillance." Our reviewer, Melissa Loudon, gives an overview of mobile surveillance risks and tips and tools on how to prevent surveillance for secure communications.