Joe the Programmer May 17, 2011 2:46 PM

Not much of a contest if you don’t win anything.

“The best overall submission will be given the opportunity to discuss their app with judges and audience members at the ceremony.”

What kind of award is that? How about dinner with the T-Mobile spokeswoman or something?

zap May 17, 2011 2:49 PM

The best overall submission will be given the opportunity to explain to judges how they safeguarded privacy so that such loopholes can be closed.

Clive Robinson May 17, 2011 3:40 PM


Sorry to sound negative but we have kind of seen this sort of competition before.

Those who organise judge it end up by pretending they have “the best” of something so no further effort gets put in.

The simple fact is security is a bit like the air bubble under that piece of wallpaper you have just put up. Unless you take care each time you push the bubble down it either moves somewhere else or splits into two or more bubbles.

So as you “close a loophole” you can end up making one or more new ones.

f(bob) May 17, 2011 4:03 PM

My, what an attractive vector for distributing malware: an app that actually educates you about avoiding malware. It’s like The Wolf Who Cried Wolf.

Dirk Praet May 17, 2011 6:57 PM

Er, an app that roots the device, clones the firmware to some cloud service and subsequently replaces it with a device specific SE-Linux kernel (or better), a Google independent FOSS version of Android and a set of userspace applications officially approved by Bruce and Clive. Until such a time, I’m sticking with my old Motorola RAZR.

moo May 17, 2011 7:11 PM

@BF Skinner:
It doesn’t have to shock the poor user when a leak is detected, automatic countermeasures would work fine.

When it detects a leak it should just immediately do a low-level erase of the device, thus neutralizing the risk.

RobertT May 17, 2011 7:31 PM

How about a simple visual app that shows you a hundred different ways that critical data can leak from smart phones. Once you’ve watched the app run, you will have no illusions of security and you’ll hopefully adjust your expectations to match smart phone reality.

Davi Ottenheimer May 17, 2011 9:10 PM

“demonstrate the possibility that apps for mobile devices can actually enhance the privacy of users”

hey, it’s sponsored by the ACLU!

how about a firewall app that has a default-deny on outbound traffic and then pops up a new warning every time your phone tries to initiate a connection.

instead of a “yes / no” confirmation it should give the options: “yes / litigate”

if you click on litigate it sends an SMS with the offending app details to the ACLU.

do i win?

Nick P May 18, 2011 12:50 AM

Props so far to Joe the Programmer, RobertT, Davi Ottenheimer and Dirk Praet for best suggestions.

My vote for best suggestion is Joe’s idea: Catherine Zeta Jones is plenty of motivation for me to code a masterpiece in two weeks.

Clive Robinson May 18, 2011 2:21 AM

Nick P,

“Catherine Zeta Jones is plenty of motivation for me to code a masterpiece in two weeks.”

Hmm, I guess you’ve not heard her sing then?

Then again Maestro what sort of masterpiece are you going to produce? I guess not something to compete with Richard Wagner’s “Der Ring des Nibelungen” (AKA The Ring Cycle).

Mind you put Catherine Zeta Jones in chainmail and a horned helmet she might not look to bad…

But I guess you’ld want her as a goddess, such as Freia (goddess of love, youth and beauty) but I think these days she would have to play Fricka (Wotan’s wife and goddess of home and marriage).

Richard Steven Hack May 18, 2011 4:34 AM

I love having a cell phone that doesn’t do anything but take calls and text messages (and probably could surf the Web if I let it which I don’t.)

Oh, it does have an FM radio in it. When I discovered that, I laughed heartedly because who the hell wants to try to tune a radio with a cell phone keyboard? It’s insane.

“Hmm, I guess you’ve not heard her sing then?”

I’d make her sing…

And as either of those goddesses, she’s still hot as this Golden Globes pic this year shows:

Dirk Praet May 18, 2011 6:46 AM


“I love having a cell phone that doesn’t do anything but take calls and text messages”

I can recommend the Emporia brand of products at . This Austrian company specifically targets a senior citizen audience, and it’s the brand of choice of my mom and her friends. My personal favorite is the “Shock Stick”, a retro cell phone stun gun, available for about 7,000 yuan ( ) .

Jeff May 18, 2011 7:07 AM

App? Who needs an app when you’ve got a wrap?

Aluminum foil! Wrap your phone in it and it will stop leaking your data.

also useful for making hats.


zorg May 18, 2011 8:17 AM

Apropos cell phones, I would need one that also cannot receive SMS messages. Or at least only is capable of dealing with text in them. That way the government cannot install stuff on my phone through the message.

But can they install stuff through code on the GSM card?

What? May 18, 2011 8:43 AM

Many people on this list seem to trust what Clive says explicitly and without question, but if he thinks it takes “chain mail and a horned helmet” to make Catherine Zeta Jones look good, I don’t want him to judge any beauty contests.

…and I don’t care if she sings or not.

Clive Robinson May 18, 2011 12:08 PM

@ What?

From whence do you come?

If you read back you will find I was gently joking with Nick P.

However both “The Ring Cycle” and “The Lord of The Rings” are about rings made by dwarves to “Control the world”.

In some old style hacker communities knowledge of both the Opera(?) and book was considered mandatory.

Both also contain a love story of how an immortal became mortal for the love of a relative.

Both stories involve gods and their fall in the world of man.

The idea of “one ring to control them all” is the idea behind most malware attacks etc.

I’m sorry if this did not come across to your liking but just one thought for you,

I did not say what sort of chain mail or helm other than it had horns. You are I guess assuming the sort of maximal sort of thing you would expect on an Opera Soprano in a Wagnerian presentation, and perhaps not the slinky little items you might find in the more select of certain clothes and other adult entertainment stores where leather rubber and other such passions are catered for?

BF Skinner May 18, 2011 12:35 PM

@Clive ” rings made by dwarves to “Control the world”.”

Fanboy quibble.

Elves made the Rings – even The Seven. And Sauron himself made The One. Not sure what he was, aniu, and Valar of course but the elves were more Mair.

What? May 18, 2011 2:47 PM


Yes, I believe I understood your comment and the spirit it was intended, and I intended my comment to be in the same “gently joking” vein.

“…slinky little items…leather, rubber” – I take the 5th.

Nick P May 18, 2011 5:37 PM

@ Clive Robinson

Chainmail and helmets? I was thinking more Victoria Secret. I figure I’d just let her use her imagination. Sexy women know how to be sexy. She needs no tips from me. 😉

Richard Steven Hack May 18, 2011 9:24 PM

A: FM Fingerprinting. Interesting. Looks like one can “fingerprint” almost anything these days. Not too surprising, since pretty much everything is “unique” if you can get down to the bottom of it conveniently.

S May 19, 2011 3:41 AM

@A: Almost every phone I’ve ever seen with an FM tuner has also had RDS. No real need for any FM fingerprinting.

undead clipper chip manifests as new feature in new form? May 20, 2011 6:19 PM

“No real need for any FM fingerprinting.”

but the reality exists, ask yourself why it’s being mandated new phones all have FM radio feature. It’s for fingerprinting of the device. The new chip being added for alerts is also a concern.

bart May 25, 2011 3:55 AM

Anyone who submits losses it’s privacy, rule 7:
“each Participant also grants to Organizers and to Organizers’ designees an irrevocable, royalty-free right to publish, disseminate, and use the Participant’s name, likeness and biographical information (including, with respect to a Team, the name, likeness and biographical information of each member of the Team) in connection with the execution and promotion of the Challenge without further notice or consideration.”

Chris (ACLU-NorCal) May 25, 2011 1:46 PM

Quick response to a couple of the comments (though I’m late to the thread, unfortunately)…


Yes, we know, there’s irony in requiring info about submitters for a privacy-centric competition — but if the goal is to push this into the public dialog, it’s harder to do without actually having the developers take part. Can’t win ’em all.


Security and privacy are absolutely moving targets, and we don’t intend to act as if we have “solved” anything. I’m well aware of the kind of response we’d get from the DEF CON audience in particular if we tried to do so.

The goal is simply to use this competition to bring together developers who have new ideas about privacy tools and organizations like the ACLU who are able to make those ideas and those tools part of the public dialog.

@Joe, davi, others: Code it and submit it – you’ve still got a week! 🙂

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.