Comments

COINcidenceNovember 30, 2016 3:47 PM

You will need this for your NODAPL solidarity and libertarian manifestos. Because while you were working hard to get into one of those fine Boston educational institutions, all the dumbest shits in your high school - the hopeless military cannon fodder, the C+ zeroes stalking pompom girls, the brain-damaged small scrappy nose guards - they became cops. Now those Wonderlic wonders are going to take all that big data you collected and look at it to decide if you're a Russian agent or an antigovernment anarchicalist or just a political prisoner like Barrett Brown.

https://privacysos.org/blog/boston-police-department-plans-buy-1-4m-social-media-spying-tool/

Cause CIA outsmarted you, you bought it when they did the Boston Marathon to you so they could spy more.

ThothNovember 30, 2016 9:22 PM

@Bruce Schneier

Ross Anderson had a nice idea but what's worrying is the use of "Overlay" SIM cards. Overlay SIM are simply a sticker containing a SIM chip and you paste the SIM sticker on top of a cellphone's GSM SIM card and this has gotten GSMA very worried.

In fact, GSMA, in an effort to retain their powers, had wrote a letter to all Service Providers to take Overlay SIMs as possible problems to the GSM network.

To put it bluntly, the Powers That Be hates changes and prefers the old ways to retain their market control.

I see an avenue for camera phones with a modification to Ross Anderson's method to use Overlay SIMs combined with cameras on phones to create a lightweight distributed payment with more security by exchanging asymmetric keypairs (i.e. Currve25519 or ECC P-256) instead of shared keys. Although Ross Anderson was correct that SIM chips are tamper resistant, the fact is that they still can be decapped and gotten hold of the shared keys. If keypairs are used, decapping a single Overlay SIM is useless as everyone would theoretically have a different keypair and this is where you use the camera of the phone comes in to do photo-based QR code verification and transmission of parties' public keys just like how Signal and other security apps use QR codes to exchange public keys with camera phones.

The main thing is snapping the spine of GSMA controlled authentication and payment because GSMA will not sit idly to allow DigiTally the rampant adoption as GSMA and their Service Providers that makes profits over telco network services would see a drop in revenue since DigiTally does not provide payment over SMS and GSMA's warning to telcos about the "dangers" of Overlay SIM.

Link: http://www.gsma.com/publicpolicy/wp-content/uploads/2014/08/GSMA-Security-Group-Overlay_SIM_Security_Assessment_August_18_2014.pdf

WinterDecember 1, 2016 3:07 AM

@Thoth
"In fact, GSMA, in an effort to retain their powers, had wrote a letter to all Service Providers to take Overlay SIMs as possible problems to the GSM network."

On the other hand, there are equally big powers that are very, very keen on expand mobile payments into the developing world. Access to banks, savings, and credit are one of the main obstacles of economic development in large parts of the world.

I expect the parties to come to some agreement to allow such a service in one way or another.

ThothDecember 1, 2016 4:57 AM

@Winter

The reason GSMA wrote the letter is due to the fact that they have their own payment and financial APi over GSM network (linked below). All the GSMA APIs are behind NDAs, paywalls, contracts and so on.

Noting that major telcos in Africa have the M Pesa mobile payment initiatives and DigiTally seems to outperform M Pesa (froim the reports), what are the chances that the telcos who have their own lousier implementation would back down and admit that DigiTally is the better version and support it ? There is a chance the huge telcos may back down and adopt DigiTally or revamp their M Pesa to use DigiTally schemes but I guess their huge corporate egos may not allow it to happen ?

These are all my guesses though.

Link:
- http://www.gsma.com/personaldata/api-exchange
- http://www.gsma.com/personaldata/mobile-connect-banking
- http://www.gsma.com/personaldata/mobile-connect-commerce
- https://en.wikipedia.org/wiki/M-Pesa

Clive RobinsonDecember 1, 2016 8:27 AM

@ Wm,

In Africa, can it handle elephant's tusk, crocodile teeth, and leopard skins?

Man, that is some serious bling you want to bring to that thing... ;-)

CallMeLateForSupperDecember 1, 2016 12:03 PM

@regulars skip to next post while I have some fun with:
@COINcidence

"Now those Wonderlic wonders are going to ...decide if you're a Russian agent or an antigovernment anarchicalist or just a political prisoner like Barrett Brown."

First off, it's "wunderlich".

AHEM... I can save "them" the trouble of investigating. Each of us here is unabashedly a PRO-government "anarchicalist". And even more damning, at least one of us is a tone-deaf musicaloligist.

Earth to @COIN: Barrett Brown is not a political prisoner.

ab praeceptisDecember 1, 2016 12:18 PM

CallMeLateForSupper

DISCRIMINATION!!!!!!

I'm a readerologist and in this very moment a respondologist, too.

I wonder why you are a no-mentionologist regarding the above facts? Are you - gasp - an evil-undercover-discriminologist?!?

signed - snowflake, safe-spaceologist

albertDecember 1, 2016 12:51 PM

@Winter,
If, by "economic development" you mean capturing the African financial system for the Blood Sucking Parasites, then I agree.
. .. . .. --- ....

COINcidenceDecember 1, 2016 4:37 PM

@CallMe thank you for supplying the correct name of the inverse intelligence test used to populate US domestic guard labor with malleable dumbshits so profoundly retarded that you can march them around Boston in cast-off soldier suits looking for one skinny wounded stoner who din't do nuthin.

@Earth, Barrett Brown is not a political prisoner. Yeah right.

https://twitter.com/wikileaks/status/803670092810596352

You must have been scared when the authorities let that crazy criminally insane nut Natan Sharansky out of the Perm 35 psychiatric facility. Cuz you are sure no statist dupe, you know bad guys when you see em.

CallMeLateForSupperDecember 3, 2016 11:15 AM

@ab praeceptis
"I wonder why you are a no-mentionologist [...]"

Three reasons:
Um... What was the question? ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.