What happens to a text message when you destroy a cell phone?

[Adair Bordon]

According to this article today, the text messages sent from one phone
to two other phones, were destroyed when the 3 phones were destroyed.

Here's the quote:
"Phones that could link damning texts and the alleged rape of a female
student by former Vanderbilt football players Brandon Vandenburg and
Cory Batey were destroyed, according to testimony."

Here's the article:
http://www.nydailynews.com/news/crime/vanderbilt-rape-trial-phones-destroyed-texting-cover-up-article-1.2087769

But I don't understand how destroying the phones gets rid of the text.

Doesn't the phone company keep a "copy" of the text message on
a server somewhere?

Can't that copy be retrieved (especially for a legal trial)?

[nospam]

In article <mabf6a$ku4$1...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> According to this article today, the text messages sent from one phone
> to two other phones, were destroyed when the 3 phones were destroyed.
>
> Here's the quote:
> "Phones that could link damning texts and the alleged rape of a female
> student by former Vanderbilt football players Brandon Vandenburg and
> Cory Batey were destroyed, according to testimony."
>
> Here's the article:
>
> http://www.nydailynews.com/news/crime/vanderbilt-rape-trial-phones-destroyed-t
> exting-cover-up-article-1.2087769
>
> But I don't understand how destroying the phones gets rid of the text.

it doesn't.

> Doesn't the phone company keep a "copy" of the text message on
> a server somewhere?

some do, for varying amounts of time.

aso, depending on how severely the original phone was destroyed (and if
it's been recovered), it may be possible to extract the texts and other
data (phone call history, etc.) from the chips. if it was pulverized
into powder, then not so much.

> Can't that copy be retrieved (especially for a legal trial)?

sure can.

[John Hasler]

Adair Bordon writes:
> Doesn't the phone company keep a "copy" of the text message on a
> server somewhere?

Why would they do that? They keep some metadata for internal purposes
such as billing but the content is of no use to them (and could be a
liability). It's Europe that has "data retention" laws.
--
John Hasler
jha...@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

[J.O. Aho]

On 28/01/15 21:26, nospam wrote:
> In article <mabf6a$ku4$1...@news.albasani.net>, Adair Bordon
> <Adair@not_my_real_email.com> wrote:

>> Doesn't the phone company keep a "copy" of the text message on
>> a server somewhere?
>
> some do, for varying amounts of time.
>
> aso, depending on how severely the original phone was destroyed (and if
> it's been recovered), it may be possible to extract the texts and other
> data (phone call history, etc.) from the chips.

Most often the call history is stored at the operators, while the
content most often ain't (of course there are exceptions), so you will
not need any of the phones to see that A sent something to B and C.

>> Can't that copy be retrieved (especially for a legal trial)?

I don't know if you have heard the story about people buying a phone
which turns out to have some photos or other stuff which shouldn't be
there, this happens when two+ broken phones are mended together to a
phone, so that the phone company can earn some extra bucks.
Breaking a phone don't automatically lead to that the data is lost
unless you do it in an excessive way like pulverize, vapourize, ...

[William Unruh]

Why would they? They may keep a copy until it is delivered but sure
better not (unless the law comes up with a warrent) keep them otherwise.
A) it would take up a HUGE amount of space, and B) It really would be an
invasion of privacy.

[Adair Bordon]

nospam wrote, on Wed, 28 Jan 2015 15:26:43 -0500:

> depending on how severely the original phone was destroyed (and if
> it's been recovered), it may be possible to extract the texts and other
> data (phone call history, etc.) from the chips.

Is the sent/received text stored in the primary flash memory?
If so, can't the cell phone owner just delete it?

I understand that deleted data can be recovered, at least on
Windows computers, so, I wonder if there is also a repeated
"wipe" utility for cell phone memory (similar to what PGP and
other secure repetitive wipes do for computer hard drives)?

[Adair Bordon]

J.O. Aho wrote, on Wed, 28 Jan 2015 21:39:32 +0100:

> Breaking a phone don't automatically lead to that the data is lost
> unless you do it in an excessive way like pulverize, vapourize, ...

On Windows, there have been secure wipes for a long time.

They wipe the disk/memory many times (as many times as you like).
Just wiping once, with random characters, is a pretty good start, but,
there are some who say mathematically you can't wipe enough, but, let's
not go into that (expensive and theoretical) avenue.

Assuming wiping works, aren't there utilities that will 'wipe' a cell
phone's memory? If not, they should exist.

[Adair Bordon]

John Hasler wrote, on Wed, 28 Jan 2015 14:27:12 -0600:

> Why would they do that? They keep some metadata for internal purposes
> such as billing but the content is of no use to them (and could be a
> liability). It's Europe that has "data retention" laws.

I'm a bit confused, as I read the answers prior to this.

Everyone seems to say that the phone company keeps the metadata.
So, in the case of rape, the lawyers know that messages were sent, and when.
They might even know size and type.

But, I guess, what folks are saying is that the CONTENT (the actual picture,
text, or video), is not saved anywhere but on the phone memory itself?

[William Unruh]

On 2015-01-28, Adair Bordon <Adair@not_my_real_email.com> wrote:

> J.O. Aho wrote, on Wed, 28 Jan 2015 21:39:32 +0100:
>
>> Breaking a phone don't automatically lead to that the data is lost
>> unless you do it in an excessive way like pulverize, vapourize, ...
>
> On Windows, there have been secure wipes for a long time.
>
> They wipe the disk/memory many times (as many times as you like).
> Just wiping once, with random characters, is a pretty good start, but,
> there are some who say mathematically you can't wipe enough, but, let's
> not go into that (expensive and theoretical) avenue.

While true for older ( pre 1995) disks, modern disks a single wipe even
with 0 should be enough. magnetic media ( which of course are NOT used
on cell phones) are designed to squeeze as much storage out as possible,
and any redundancey ( a zero written over a zero looks different from a
zero written over a 1) is a lost opportunity to squeeze more data onto
the medium.
f course for flash, it is little capacitors and transistors, and a
single wipe really should be sufficient.

[Rod Speed]

Adair Bordon <Adair@not_my_real_email.com> wrote

Unlikely that any phone company keeps a copy of all the texts
anyone ever sends.

Forget the detail now, but I think during the Pistorius trial
that the texts which were used as evidence of what those
to were doing was obtained from the phones themselves
rather than the phone companys.

> Can't that copy be retrieved (especially for a legal trial)?

Seems a tad unlikely that any phone
company keeps all texts for years etc.

[nospam]

In article <mabi23$qdq$2...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> > Breaking a phone don't automatically lead to that the data is lost
> > unless you do it in an excessive way like pulverize, vapourize, ...
>
> On Windows, there have been secure wipes for a long time.

phones aren't windows (even though some run windows phone), and that's
for a hard drive, which isn't relevant for phones and flash.

> They wipe the disk/memory many times (as many times as you like).
> Just wiping once, with random characters, is a pretty good start, but,
> there are some who say mathematically you can't wipe enough, but, let's
> not go into that (expensive and theoretical) avenue.

if there's reason to pursue it, they can recover data after a secure
wipe. most of the time, there isn't.

> Assuming wiping works, aren't there utilities that will 'wipe' a cell
> phone's memory? If not, they should exist.

they do, but most people don't do that. thugs are generally stupid and
leave a trail.

[nospam]

In article <mabhsr$qdq$1...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> > depending on how severely the original phone was destroyed (and if
> > it's been recovered), it may be possible to extract the texts and other
> > data (phone call history, etc.) from the chips.
>
> Is the sent/received text stored in the primary flash memory?

yes

> If so, can't the cell phone owner just delete it?

they can, but that does not necessarily rewrite the bits. the message
is still there until something *else* uses that sector of the memory.

> I understand that deleted data can be recovered, at least on
> Windows computers, so, I wonder if there is also a repeated
> "wipe" utility for cell phone memory (similar to what PGP and
> other secure repetitive wipes do for computer hard drives)?

there are, but since it's flash there is no guarantee that anything is
erased due to wear leveling and it may be possible to recover the
messages from the phone company anyway.

are you planning on murdering someone?

[nospam]

In article <mabhjh$tsd$1...@dont-email.me>, William Unruh

<un...@invalid.ca> wrote:

> > Doesn't the phone company keep a "copy" of the text message on
> > a server somewhere?
>
> Why would they? They may keep a copy until it is delivered but sure
> better not (unless the law comes up with a warrent) keep them otherwise.
> A) it would take up a HUGE amount of space, and B) It really would be an
> invasion of privacy.

text messages are small and it's not an invasion of privacy since you
sent it through their servers in the first place.

who keeps what and for how long:
<https://www.aclu.org/cell-phone-location-tracking-request-response-cell-
phone-company-data-retention-chart>

[Adair Bordon]

William Unruh wrote, on Wed, 28 Jan 2015 21:00:31 +0000:

> for flash, it is little capacitors and transistors, and a
> single wipe really should be sufficient.

Thanks for explaining that, as I hadn't realized that a single
wipe would suffice (for most of us).

Does a cell phone "delete" of the SMS/MMS wipe the transistors?
If not, how does one do the delete?

Is there software that will delete SMS/MMS messages?

[Rod Speed]

Adair Bordon <Adair@not_my_real_email.com> wrote
> John Hasler wrote

>> Why would they do that? They keep some metadata for internal
>> purposes such as billing but the content is of no use to them (and
>> could be a liability). It's Europe that has "data retention" laws.

> I'm a bit confused, as I read the answers prior to this.

> Everyone seems to say that the phone company keeps the metadata.

Yes, that obviously has to be kept so they can bill you.

And most carriers can show you a list of the texts you have sent and calls
made too.

> So, in the case of rape, the lawyers know that messages were sent, and
> when.

Yes.

> They might even know size and type.

Yes with the type, not necessarily with the size tho.

> But, I guess, what folks are saying is that the
> CONTENT (the actual picture, text, or video), is not
> saved anywhere but on the phone memory itself?

Its obviously not feasible to keep all that stuff for years.

And isn't legal in some jurisdictions anyway.

[Adair Bordon]

nospam wrote, on Wed, 28 Jan 2015 16:09:00 -0500:

> are you planning on murdering someone?

Maybe.

More so if I can get away with it simply by "wiping" my text messages.
:)

[nospam]

In article <mabjac$qdt$1...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> Does a cell phone "delete" of the SMS/MMS wipe the transistors?

no.

> If not, how does one do the delete?

pulverize the phone into dust.

> Is there software that will delete SMS/MMS messages?

are you planning on murdering someone? why do you even care? nobody
wants to read your text messages unless you're involved in a criminal
investigation, in which case you have far bigger problems.

don't send unencrypted text messages if you are worried about someone
other than the intended recipient reading them.

[DevilsPGD]

In the last episode of <mabi23$qdq$2...@news.albasani.net>, Adair Bordon

With modern mobile phone implementations it's completely unnecessary as
all data at rest is stored encrypted, so it's sufficient to wipe the
encryption keys.

--
I'm a tagline virus, please copy me to your signature file

[Rod Speed]

nospam <nos...@nospam.invalid> wrote

> Adair Bordon <Adair@not_my_real_email.com> wrote

>>> Breaking a phone don't automatically lead to that the data is lost
>>> unless you do it in an excessive way like pulverize, vapourize, ...

>> On Windows, there have been secure wipes for a long time.

> phones aren't windows (even though some run windows phone),

Those clearly are windows.

> and that's for a hard drive,

Not anymore, plenty are flash now.

> which isn't relevant for phones and flash.

>> They wipe the disk/memory many times (as many times as you like).
>> Just wiping once, with random characters, is a pretty good start, but,
>> there are some who say mathematically you can't wipe enough, but,
>> let's not go into that (expensive and theoretical) avenue.

> if there's reason to pursue it, they can recover data after a secure wipe.

Bullshit.

[Adair Bordon]

Rod Speed wrote, on Thu, 29 Jan 2015 08:06:02 +1100:

> Seems a tad unlikely that any phone
> company keeps all texts for years etc.

This brings up a related question.

I own all the cell phones in my household (kids + wife)
and I pay the T-Mobile bill.

Can I log into a web site and "see" the text messages?
If not, can I see the meta data at least?
For how long?

Is it different between AT&T, T-Mobile, and Verizon?

[Adair Bordon]

nospam wrote, on Wed, 28 Jan 2015 16:15:16 -0500:

> don't send unencrypted text messages if you are worried about someone
> other than the intended recipient reading them.

I'd better read up on this (before my next murder, anyway)...
I didn't even *know* you _could_ send "encrypted" SMS/MMS.

I'm on Android, so, what's the app that encrypts the text messages?
Does the recipient need to be using the exact same app?

[Jolly Roger]

On 2015-01-28, Adair Bordon <Adair@not_my_real_email.com> wrote:

> J.O. Aho wrote, on Wed, 28 Jan 2015 21:39:32 +0100:
>
>> Breaking a phone don't automatically lead to that the data is lost
>> unless you do it in an excessive way like pulverize, vapourize, ...
>
> On Windows, there have been secure wipes for a long time.
>
> They wipe the disk/memory many times (as many times as you like).
> Just wiping once, with random characters, is a pretty good start, but,
> there are some who say mathematically you can't wipe enough, but, let's
> not go into that (expensive and theoretical) avenue.

For Windows, Linux, and so on, there's also full disk encryption, like
TrueCrypt.

On Macs with FileVault 2 enabled (supported on any Mac running 10.7 or
later with a Recovery Partition installed), all data on the hard drive
is encrypted with XTS-AES 128 encryption.

> Assuming wiping works, aren't there utilities that will 'wipe' a cell
> phone's memory? If not, they should exist.

The flash memory on iPhones (3GS and later models), iPads, and iPod
Touches (3rg Gen and later models) is automatically encrypted by
hardware using 256-bit AES, and wiping the encryption key using Apple's
software is so simple anyone can do it - assuming they are the actual
owner of the device in question.

Encryption on Android devices is available only on phones running
Android Gingerbread 2.3.4 and later, by software rather than hardware
(eg: slower), and is not enabled by default.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[Adair Bordon]

DevilsPGD wrote, on Wed, 28 Jan 2015 13:15:52 -0800:

> With modern mobile phone implementations it's completely unnecessary as
> all data at rest is stored encrypted, so it's sufficient to wipe the
> encryption keys.

That is interesting!

So, say, I send a text to my friend, that I wish to make disappear
(the text, not the friend).

If I just need to delete the "encryption keys" to wipe out all the texts,
then the natural next question is how.

How would I go about finding and deleting an encryption key on a
typical cell phone anyway?

[Rod Speed]

nospam <nos...@nospam.invalid> wrote

> William Unruh <un...@invalid.ca> wrote

>>> Doesn't the phone company keep a "copy"
>>> of the text message on a server somewhere?

>> Why would they? They may keep a copy until it is delivered
>> but sure better not (unless the law comes up with a warrent)
>> keep them otherwise. A) it would take up a HUGE amount
>> of space, and B) It really would be an invasion of privacy.

> text messages are small

But there would be no point in keeping just those.

> and it's not an invasion of privacy

Wrong, legally.

> since you sent it through their servers in the first place.

Irrelevant to whether you ever allowed them
to keep a copy after it had been delivered.

> who keeps what and for how long:
> <https://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-company-data-retention-chart>

Which says that the bulk of the US carriers don't retain
texts at all and that even Verizon and Virgin only does so
for DAYS which isn't relevant to the rape trial being discussed.

[Baker Charles]

On Wed, 28 Jan 2015 21:18:50 +0000, Jolly Roger wrote:

> For Windows, Linux, and so on, there's also full disk encryption, like
> TrueCrypt

I think truecrypt was deprecated & replaced by cryptmount, but I may be wrong.

[nospam]

In article <cit1sp...@mid.individual.net>, Rod Speed

<rod.sp...@gmail.com> wrote:

> >>> Breaking a phone don't automatically lead to that the data is lost
> >>> unless you do it in an excessive way like pulverize, vapourize, ...
>
> >> On Windows, there have been secure wipes for a long time.
>
> > phones aren't windows (even though some run windows phone),
>
> Those clearly are windows.

windows phone is not windows. they run totally different apps written
to different apis.

> > and that's for a hard drive,
>
> Not anymore, plenty are flash now.

flash *can't* be secure erased due to wear leveling.

> > which isn't relevant for phones and flash.
>
> >> They wipe the disk/memory many times (as many times as you like).
> >> Just wiping once, with random characters, is a pretty good start, but,
> >> there are some who say mathematically you can't wipe enough, but,
> >> let's not go into that (expensive and theoretical) avenue.
>
> > if there's reason to pursue it, they can recover data after a secure wipe.
>
> Bullshit.

it's possible, it's just not worth the expense most of the time.

however, if the crime is serious enough, they absolutely will pursue
that avenue.

[nospam]

In article <mabjn2$qdt$4...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> > don't send unencrypted text messages if you are worried about someone
> > other than the intended recipient reading them.
>
> I'd better read up on this (before my next murder, anyway)...
> I didn't even *know* you _could_ send "encrypted" SMS/MMS.
>
> I'm on Android, so, what's the app that encrypts the text messages?

there are many such apps, with varying levels of encryption.

<https://www.eff.org/secure-messaging-scorecard>

> Does the recipient need to be using the exact same app?

usually.

[nospam]

In article <cit287...@mid.individual.net>, Rod Speed

<rod.sp...@gmail.com> wrote:

> > who keeps what and for how long:
> >
> > <https://www.aclu.org/cell-phone-location-tracking-request-response-cell-pho
> > ne-company-data-retention-chart>
>
> Which says that the bulk of the US carriers don't retain
> texts at all and that even Verizon and Virgin only does so
> for DAYS which isn't relevant to the rape trial being discussed.

the cops only need to contact verizon or virgin and retain it within
that time, i.e., when the rape is reported.

[nospam]

In article <mabjsk$qdt$5...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> > With modern mobile phone implementations it's completely unnecessary as
> > all data at rest is stored encrypted, so it's sufficient to wipe the
> > encryption keys.
>
> That is interesting!
>
> So, say, I send a text to my friend, that I wish to make disappear
> (the text, not the friend).

you can't.

even snapchat retains messages and the user can always take a photo of
the phone displaying the text before it goes poof.

> If I just need to delete the "encryption keys" to wipe out all the texts,
> then the natural next question is how.

the encryption keys are for your phone not other people's phones.

> How would I go about finding and deleting an encryption key on a
> typical cell phone anyway?

erase all contents or do a full restore and it's gone, but that doesn't
mean the data can't be obtained in other ways, even after you do the
wipe.

[Rod Speed]

Adair Bordon <Adair@not_my_real_email.com> wrote
> William Unruh wrote

>> for flash, it is little capacitors and transistors,
>> and a single wipe really should be sufficient.

> Thanks for explaining that, as I hadn't realized
> that a single wipe would suffice (for most of us).

> Does a cell phone "delete" of the SMS/MMS wipe the transistors?

No.

> If not, how does one do the delete?

Varys with the technology of the phone.

> Is there software that will delete SMS/MMS messages?

Not on an iphone in the secure wipe sense you mean.

[Rod Speed]

Adair Bordon <Adair@not_my_real_email.com> wrote
> Rod Speed wrote

>> Seems a tad unlikely that any phone
>> company keeps all texts for years etc.

> This brings up a related question.

> I own all the cell phones in my household
> (kids + wife) and I pay the T-Mobile bill.

> Can I log into a web site and "see" the text messages?

No.

> If not, can I see the meta data at least?

That varys with the carrier.

> For how long?

That varys with the carrier.

> Is it different between AT&T, T-Mobile, and Verizon?

Yes.

[Rod Speed]

nospam <nos...@nospam.invalid> wrote

> Rod Speed <rod.sp...@gmail.com> wrote

>>>>> Breaking a phone don't automatically lead to that the data is lost
>>>>> unless you do it in an excessive way like pulverize, vapourize, ...

>>>> On Windows, there have been secure wipes for a long time.

>> > phones aren't windows (even though some run windows phone),

>> Those clearly are windows.

> windows phone is not windows.

Wrong, as always.

> they run totally different apps written to different apis.

Completely irrelevant to whether its windows or not.

>>> and that's for a hard drive,

>> Not anymore, plenty are flash now.

> flash *can't* be secure erased due to wear leveling.

Irrelevant to what you said.

>>> which isn't relevant for phones and flash.

>>>> They wipe the disk/memory many times (as many times as you like).
>>>> Just wiping once, with random characters, is a pretty good start, but,
>>>> there are some who say mathematically you can't wipe enough, but,
>>>> let's not go into that (expensive and theoretical) avenue.

>>> if there's reason to pursue it, they can recover data after a secure
>>> wipe.

>> Bullshit.

> it's possible,

Wrong, as always.

> it's just not worth the expense most of the time.

> however, if the crime is serious enough, they absolutely will pursue that
> avenue.

Have fun listing even a single example of where they ever have.

[Jolly Roger]

On 2015-01-28, Adair Bordon <Adair@not_my_real_email.com> wrote:

Nice morals you have there.

[Rod Speed]

nospam <nos...@nospam.invalid> wrote

> Rod Speed <rod.sp...@gmail.com> wrote

>>> who keeps what and for how long:

>>> <https://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-company-data-retention-chart>

>> Which says that the bulk of the US carriers don't retain texts

>> at all and that even Verizon and Virgin only do so for DAYS

>> which isn't relevant to the rape trial being discussed.

> the cops only need to contact verizon or virgin and
> retain it within that time, i.e., when the rape is reported.

That assumes the rape is reported in time and that's only
true of Virgin anyway and its unlikely that they use Virgin.

[John Hasler]

Jolly Roger writes:
> The flash memory on iPhones (3GS and later models), iPads, and iPod
> Touches (3rg Gen and later models) is automatically encrypted by
> hardware using 256-bit AES, and wiping the encryption key using
> Apple's software is so simple anyone can do it - assuming they are the
> actual owner of the device in question.

And assuming that there is no backdoor and no other copy of the key.
--
John Hasler
jha...@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

[Jolly Roger]

On 2015-01-28, John Hasler <jha...@newsguy.com> wrote:
> Jolly Roger writes:
>> The flash memory on iPhones (3GS and later models), iPads, and iPod
>> Touches (3rg Gen and later models) is automatically encrypted by
>> hardware using 256-bit AES, and wiping the encryption key using
>> Apple's software is so simple anyone can do it - assuming they are the
>> actual owner of the device in question.
>
> And assuming that there is no backdoor and no other copy of the key.

Which is much less likely with Apple than other vendors:

<http://images.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf>

[Adair Bordon]

Jolly Roger wrote, on Wed, 28 Jan 2015 21:43:10 +0000:

> Nice morals you have there.

It was a joke.

[John Hasler]

I wrote:
> And assuming that there is no backdoor and no other copy of the key.

Jolly Roger writes:
> Which is much less likely with Apple than other vendors:

ROFL.

[Jolly Roger]

On 2015-01-28, John Hasler <jha...@newsguy.com> wrote:

> I wrote:
>> And assuming that there is no backdoor and no other copy of the key.
>
> Jolly Roger writes:
>> Which is much less likely with Apple than other vendors:
>
> ROFL.

Uh huh. That all you got? Nothing intelligent to add?

[John Hasler]

I wrote:
> And assuming that there is no backdoor and no other copy of the key.

Jolly Roger writes:
> Which is much less likely with Apple than other vendors:

I wrote;
> ROFL.

Jolly Roger writes:
> Uh huh. That all you got? Nothing intelligent to add?

Hey, I was just indicating that I found your joke amusing.

[nospam]

In article <87mw52v...@thumper.dhh.gt.org>, John Hasler

<jha...@newsguy.com> wrote:

> I wrote:
> > And assuming that there is no backdoor and no other copy of the key.
>
> Jolly Roger writes:
> > Which is much less likely with Apple than other vendors:
>
> I wrote;
> > ROFL.
>
> Jolly Roger writes:
> > Uh huh. That all you got? Nothing intelligent to add?
>
> Hey, I was just indicating that I found your joke amusing.

it's not a joke.

encryption on ios is so good that politicians and the fbi are mad and
want apple to make it weaker.

that's not to say it's perfect (nothing is) but it's *very* strong.

[Adair Bordon]

Adair Bordon wrote, on Wed, 28 Jan 2015 21:16:35 +0000:

> Can I log into a web site and "see" the text messages?
> If not, can I see the meta data at least?
> For how long?

We found the answer.

How long the "information" is saved, was listed in the very nice
URL posted by Mr. Rod Speed.
https://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-company-data-retention-chart

T-Mobile showed me how to log into https://my.t-mobile.com
where I can see the fact that text or picture messages and even
wi-fi connections were made, but not the content of any of those
messages.

So, to answer the question in the opening post, the actual content
isn't saved by the carrier, so, that explains why the article says
what it says about the 3 destroyed phones getting rid of the evidence.

[Adair Bordon]

Lewis wrote, on Thu, 29 Jan 2015 00:02:30 +0000:

> You can't. SMS/MMS has no ability for encryption.

Someone said it did.

[Adair Bordon]

Lewis wrote, on Thu, 29 Jan 2015 00:00:21 +0000:

>> Can't that copy be retrieved (especially for a legal trial)?
>
> Yes, for SMS messages.
>
> However, a lot of people use "text" to mean any text message, whether
> sent via SMS or some other means.

T-Mobile told me no.
And, when I logged in, it was clearly no.

And Mr. Rod Speed's URL says the same thing for T-Mobile anyway.
https://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-company-data-retention-chart

[Jolly Roger]

On 2015-01-28, John Hasler <jha...@newsguy.com> wrote:

> I wrote:
>> And assuming that there is no backdoor and no other copy of the key.
>
> Jolly Roger writes:
>> Which is much less likely with Apple than other vendors:
>
> I wrote;
>> ROFL.
>
> Jolly Roger writes:
>> Uh huh. That all you got? Nothing intelligent to add?
>
> Hey, I was just indicating that I found your joke amusing.

So nothing intelligent to add, then. I'm not surprised.

[Jolly Roger]

Messaging can be encrypted, if you use the right apps and services.

[Your Name]

In article <mabilf$22b$1...@dont-email.me>, William Unruh

<un...@invalid.ca> wrote:

> On 2015-01-28, Adair Bordon <Adair@not_my_real_email.com> wrote:

> > J.O. Aho wrote, on Wed, 28 Jan 2015 21:39:32 +0100:
> >
> >> Breaking a phone don't automatically lead to that the data is lost
> >> unless you do it in an excessive way like pulverize, vapourize, ...
> >
> > On Windows, there have been secure wipes for a long time.
> >

> > They wipe the disk/memory many times (as many times as you like).
> > Just wiping once, with random characters, is a pretty good start, but,
> > there are some who say mathematically you can't wipe enough, but, let's
> > not go into that (expensive and theoretical) avenue.
>

> While true for older ( pre 1995) disks, modern disks a single wipe even
> with 0 should be enough. magnetic media ( which of course are NOT used
> on cell phones) are designed to squeeze as much storage out as possible,
> and any redundancey ( a zero written over a zero looks different from a
> zero written over a 1) is a lost opportunity to squeeze more data onto
> the medium.
> f course for flash, it is little capacitors and transistors, and a

> single wipe really should be sufficient.

The particles on a hard drive retain some of the previous charges, so
data erased with a single pass could potentially still be read (with a
lot of effort and expense). For example, a particle that is written as
a 0 twice hold a slightly different charge to a particle written as a 1
and then a 0.

That's why multi-pass wipes were invented - the more passes you do, the
less difference there is between particle charges.

[Your Name]

In article <mabhjh$tsd$1...@dont-email.me>, William Unruh

<un...@invalid.ca> wrote:
> On 2015-01-28, Adair Bordon <Adair@not_my_real_email.com> wrote:

> > According to this article today, the text messages sent from one phone
> > to two other phones, were destroyed when the 3 phones were destroyed.
> >
> > Here's the quote:
> > "Phones that could link damning texts and the alleged rape of a female
> > student by former Vanderbilt football players Brandon Vandenburg and
> > Cory Batey were destroyed, according to testimony."
> >
> > Here's the article:
> >
> > http://www.nydailynews.com/news/crime/vanderbilt-rape-trial-phones-destroyed-
> > texting-cover-up-article-1.2087769
> >
> > But I don't understand how destroying the phones gets rid of the text.
> >
> > Doesn't the phone company keep a "copy" of the text message on
> > a server somewhere?
>
> Why would they? They may keep a copy until it is delivered but sure
> better not (unless the law comes up with a warrent) keep them otherwise.
> A) it would take up a HUGE amount of space,

TXT messages are small and easily stored ... just like Usenet (ignoring
binary newsgroups).

PXT and video messages would be a little more of a problem, but even
those, by design, aren't huge.




> and B) It really would be an invasion of privacy.

Storing them isn't invasion of privacy (in some places it a legal
necessity). Reading them would be, with the exception of legal
authority request.

Storing them in a similar way to emails could also be handy if you lose
your phone - just get a new one and it still has the same stored
messages available.

[Your Name]

In article <mabi23$qdq$2...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:
> J.O. Aho wrote, on Wed, 28 Jan 2015 21:39:32 +0100:
> >
> > Breaking a phone don't automatically lead to that the data is lost
> > unless you do it in an excessive way like pulverize, vapourize, ...
>
> On Windows, there have been secure wipes for a long time.
>
> They wipe the disk/memory many times (as many times as you like).
> Just wiping once, with random characters, is a pretty good start, but,
> there are some who say mathematically you can't wipe enough, but, let's
> not go into that (expensive and theoretical) avenue.
>

> Assuming wiping works, aren't there utilities that will 'wipe' a cell
> phone's memory? If not, they should exist.

Apple iPhones and iPads for example can be remotely wiped if they are
lost / stolen. Of course the device does need to be connected to a
network for the "wipe" signal to get through.

If selling, giving away, or throwing away the device, then you can
manually wipe and reset it to factory settings.

[Your Name]

In article <mabtmg$k4e$2...@news.albasani.net>, Adair Bordon

An know-nothing idiot implied it did, but it doesn't.

To send encrypted messages you and the receiver need to use the same
third-party messaging app instead of the phone's standard SMS.

[DevilsPGD]

In the last episode of <290120151409092248%Your...@YourISP.com>, Your

SMS/MMS doesn't have any native support for encryption, true. However,
if I were to ROT13 a message before sending it, and you know to ROT13
the same message, we'd be able to communicate while an especially stupid
observer would be unable to understand the contents of the message.

Now swap out ROT13 for strong encryption using keys we exchanged
manually, outside of SMS, and you're good to go.

SMS is just a transport mechanism for carrying plain-text, anything that
can be encoded into plain-text can be transmitted via SMS.

However, in practical terms, most encrypted chat applications don't use
SMS as the delivery mechanism simply because it's easier to implement
your own transport mechanism that is well suited to the larges messages
that usually result from encryption, along with handling the
complexities of key exchange and handshaking.

So while encrypted SMS isn't really a thing in the modern world, there's
no technical reason you couldn't implement it, if you wanted. I know of
one company that dabbled with a commercial implementation, although they
ended up going a different direction before the product was released to
the public.

--
If you can't beat your computer at chess, try kickboxing.

[DevilsPGD]

In the last episode of <mabjsk$qdt$5...@news.albasani.net>, Adair Bordon
<Adair@not_my_real_email.com> said:

>DevilsPGD wrote, on Wed, 28 Jan 2015 13:15:52 -0800:
>
>> With modern mobile phone implementations it's completely unnecessary as
>> all data at rest is stored encrypted, so it's sufficient to wipe the
>> encryption keys.
>
>That is interesting!
>
>So, say, I send a text to my friend, that I wish to make disappear
>(the text, not the friend).
>

>If I just need to delete the "encryption keys" to wipe out all the texts,
>then the natural next question is how.
>

>How would I go about finding and deleting an encryption key on a
>typical cell phone anyway?

On the iPhone, it's controlled by the "Erase All Content and Settings"
action, it takes about 30 seconds to destroy the encryption key and
generate a new one, taking you to the new-iPhone setup screen.

Be aware that there may be backups, Apple is capable of decrypting
iCloud backups (don't believe me? Wipe your device, do a password reset
on your account, then restore a backup. Now think about what stops Apple
from performing similar steps without involving you). iTunes backups can
be encrypted, but this encryption is not well documented (at least to my
knowledge), so you may or may not be able to trust this. I'd recommend
using full disk encryption, or foregoing backups entirely, if security
is worth more than convenience to you.

(And again, most of this is too much of a pain for a common user -- This
is very true. But if you're in a situation where your future freedom or
livelihood is dependant on your data privacy, it's a small price to pay)

[Rod Speed]

Adair Bordon <Adair@not_my_real_email.com> wrote
> Lewis wrote

>> You can't. SMS/MMS has no ability for encryption.

> Someone said it did.

He wasn’t talking about SMS.

[john james]

"Lewis" <g.k...@gmail.com.dontsendmecopies> wrote in message
news:slrnmcj6v8....@kreme.eternal-september.org...
> Okay, so one time? In band camp? DevilsPGD <booga...@crazyhat.net> was
> all, like:

>> In the last episode of <290120151409092248%Your...@YourISP.com>, Your
>> Name <Your...@YourISP.com> said:
>
>>>In article <mabtmg$k4e$2...@news.albasani.net>, Adair Bordon
>>><Adair@not_my_real_email.com> wrote:
>>>> Lewis wrote, on Thu, 29 Jan 2015 00:02:30 +0000:
>>>> >
>>>> > You can't. SMS/MMS has no ability for encryption.
>>>>
>>>> Someone said it did.
>>>
>>>An know-nothing idiot implied it did, but it doesn't.
>>>
>>>To send encrypted messages you and the receiver need to use the same
>>>third-party messaging app instead of the phone's standard SMS.
>
>> SMS/MMS doesn't have any native support for encryption, true. However,
>> if I were to ROT13 a message before sending it, and you know to ROT13
>> the same message, we'd be able to communicate while an especially stupid
>> observer would be unable to understand the contents of the message.
>
>> Now swap out ROT13 for strong encryption using keys we exchanged
>> manually, outside of SMS, and you're good to go.
>

> That's going to be tricky in 160 characters.

There is no reason why the number of characters involved needs to change.

[nospam]

In article <mabtl9$k4e$1...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> > Can I log into a web site and "see" the text messages?
> > If not, can I see the meta data at least?
> > For how long?
>
> We found the answer.
>
> How long the "information" is saved, was listed in the very nice
> URL posted by Mr. Rod Speed.
>
> https://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-
> company-data-retention-chart

*i* posted that link.

[nospam]

In article <1p4jcadan4np2dinf...@4ax.com>, DevilsPGD

<booga...@crazyhat.net> wrote:

> >How would I go about finding and deleting an encryption key on a
> >typical cell phone anyway?
>
> On the iPhone, it's controlled by the "Erase All Content and Settings"
> action, it takes about 30 seconds to destroy the encryption key and
> generate a new one, taking you to the new-iPhone setup screen.
>
> Be aware that there may be backups, Apple is capable of decrypting
> iCloud backups (don't believe me? Wipe your device, do a password reset
> on your account, then restore a backup. Now think about what stops Apple
> from performing similar steps without involving you).

exactly

> iTunes backups can
> be encrypted, but this encryption is not well documented (at least to my
> knowledge), so you may or may not be able to trust this. I'd recommend
> using full disk encryption, or foregoing backups entirely, if security
> is worth more than convenience to you.

if someone is the target of a criminal investigation, their phone *and*
computer will be seized and the cops will be looking for text messages
and a whole lot more, plus, once they have the computer they now have
access to the phone.

[Your Name]

In article <t35jcad53iok7ciba...@4ax.com>, DevilsPGD

<booga...@crazyhat.net> wrote:
> In the last episode of <290120151409092248%Your...@YourISP.com>, Your
> Name <Your...@YourISP.com> said:
> >In article <mabtmg$k4e$2...@news.albasani.net>, Adair Bordon
> ><Adair@not_my_real_email.com> wrote:
> >> Lewis wrote, on Thu, 29 Jan 2015 00:02:30 +0000:
> >> >
> >> > You can't. SMS/MMS has no ability for encryption.
> >>
> >> Someone said it did.
> >
> >An know-nothing idiot implied it did, but it doesn't.
> >
> >To send encrypted messages you and the receiver need to use the same
> >third-party messaging app instead of the phone's standard SMS.
>
> SMS/MMS doesn't have any native support for encryption, true. However,
> if I were to ROT13 a message before sending it, and you know to ROT13
> the same message, we'd be able to communicate while an especially stupid
> observer would be unable to understand the contents of the message.
>
> Now swap out ROT13 for strong encryption using keys we exchanged
> manually, outside of SMS, and you're good to go.
>
> SMS is just a transport mechanism for carrying plain-text, anything that
> can be encoded into plain-text can be transmitted via SMS.

But then you'll need either another app to decode / encode messages, or
spend time doing so manually. The receiving person also needs to know
what encoding scheme / key you've used - you could send a second TXT
saying "I'm using ROT13", but it kind of defeats the purpose. ;-)

> However, in practical terms, most encrypted chat applications don't use
> SMS as the delivery mechanism simply because it's easier to implement
> your own transport mechanism that is well suited to the larges messages
> that usually result from encryption, along with handling the
> complexities of key exchange and handshaking.
>
> So while encrypted SMS isn't really a thing in the modern world, there's
> no technical reason you couldn't implement it, if you wanted. I know of
> one company that dabbled with a commercial implementation, although they
> ended up going a different direction before the product was released to
> the public.

Of course if you're going through a third-party server / messaging
system, there's an potential risk (for the tin-foil hat wearers and
conspiracy "they're spying on me" nutters) that they could well have a
"backdoor" code that enables them to read the messages anyway.

[Ant]

On 1/28/2015 1:24 PM, Baker Charles wrote:

>> For Windows, Linux, and so on, there's also full disk encryption, like
>> TrueCrypt
>
> I think truecrypt was deprecated & replaced by cryptmount, but I may be wrong.

But it is only for Linux. :(
--
"What is this? A center for ants?!" "...What?" "How can we be expected
to teach children to learn how read, if they can't even fit inside the
building?" "Derek, it's just a--" "I don't want to hear your excuses!
The center has to be at least... three times bigger than this!" "...He's
absolutely right!" --Zoolander movie
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

[Jolly Roger]

Yep, assuming the phone has been synchronized with the computer before
and assuming the authorities have access to the hard drive in unencrypted
form.

[Frank Slootweg]

John Hasler <jha...@newsguy.com> wrote:

> Adair Bordon writes:
> > Doesn't the phone company keep a "copy" of the text message on a
> > server somewhere?
>

> Why would they do that? They keep some metadata for internal purposes
> such as billing but the content is of no use to them (and could be a
> liability). It's Europe that has "data retention" laws.

The European (actually EU) Data Retention Directive also only covers
*meta*data, i.e. data *about* communication, not the *content* of the
communication. Specifically the metadata required to:

* Trace and identify the source of a communication;
* Trace and identify the destination of a communication;
* Identify the date, time, and duration of a communication;
* Identify the type of communication;
* Identify the communication device;
* Identify the location of mobile communication equipment.

See <http://en.wikipedia.org/wiki/Data_retention> and the articles
referenced in that article.

Anyway, this whole discussion is moot, because as we all know, the NSA
collects, scans an stores all communication, metadata *and* content! :-)
c.q. :-(

[Rod Speed]

"Frank Slootweg" <th...@ddress.is.invalid> wrote in message
news:civejj...@mid.individual.net...

Nope, because even if they did, and they don’t, no one except
them gets to use the content because if they allowed that,
that would be an admission that they do keep the content.

[DevilsPGD]

In the last episode of

<slrnmcj6v8....@kreme.eternal-september.org>, Lewis

<g.k...@gmail.com.dontsendmecopies> said:

>Okay, so one time? In band camp? DevilsPGD <booga...@crazyhat.net> was all, like:

>> In the last episode of <290120151409092248%Your...@YourISP.com>, Your
>> Name <Your...@YourISP.com> said:
>
>>>In article <mabtmg$k4e$2...@news.albasani.net>, Adair Bordon
>>><Adair@not_my_real_email.com> wrote:
>>>> Lewis wrote, on Thu, 29 Jan 2015 00:02:30 +0000:
>>>> >
>>>> > You can't. SMS/MMS has no ability for encryption.
>>>>
>>>> Someone said it did.
>>>
>>>An know-nothing idiot implied it did, but it doesn't.
>>>
>>>To send encrypted messages you and the receiver need to use the same
>>>third-party messaging app instead of the phone's standard SMS.
>
>> SMS/MMS doesn't have any native support for encryption, true. However,
>> if I were to ROT13 a message before sending it, and you know to ROT13
>> the same message, we'd be able to communicate while an especially stupid
>> observer would be unable to understand the contents of the message.
>
>> Now swap out ROT13 for strong encryption using keys we exchanged
>> manually, outside of SMS, and you're good to go.
>

>That's going to be tricky in 160 characters.

There's a neat trick, you can send more than one message. In fact,
within reason, you can send as many as you want.

And MMS isn't limited to 160 characters either.

Finally, not all encryption schemes increase the size of the message
(although many do, for a number of reasons)

--
Nothing is fool-proof to a sufficiently talented fool.

[Frank Slootweg]

> Nope, because even if they did, and they don?t, no one except

> them gets to use the content

Well, we just ask nicely and if they don't give it, we will say that
we will snoop on *their* head of state! :-)

> because if they allowed that,
> that would be an admission that they do keep the content.

They don't have to admit what is common and proven knowledge.

[nospam]

In article <civ1t1...@mid.individual.net>, Jolly Roger

<jolly...@pobox.com> wrote:

> >
> >> iTunes backups can
> >> be encrypted, but this encryption is not well documented (at least to my
> >> knowledge), so you may or may not be able to trust this. I'd recommend
> >> using full disk encryption, or foregoing backups entirely, if security
> >> is worth more than convenience to you.
> >
> > if someone is the target of a criminal investigation, their phone *and*
> > computer will be seized and the cops will be looking for text messages
> > and a whole lot more, plus, once they have the computer they now have
> > access to the phone.
>
> Yep, assuming the phone has been synchronized with the computer before
> and assuming the authorities have access to the hard drive in unencrypted
> form.

actually once the phone is paired (no sync needs to be done), they can
get access to just about anything on the phone.

they only need a backup if the phone no longer exists.

[Rod Speed]

"Frank Slootweg" <th...@ddress.is.invalid> wrote in message

news:civhu1...@mid.individual.net...

They do have to admit that they keep the content if its presented in a
court.

[John Hasler]

Rod Speed writes:
> They do have to admit that they keep the content if its presented in a
> court.

It would not be admissable as evidence in court, which is, IIRC, the
subject of this thread.
--
John Hasler
jha...@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

[Jolly Roger]

On 2015-01-29, nospam <nos...@nospam.invalid> wrote:

Ok, but they still need to be able to boot the computer and access the
account to which it is paired, right?

[nospam]

In article <civqd3...@mid.individual.net>, Jolly Roger

<jolly...@pobox.com> wrote:

> >> >
> >> >> iTunes backups can
> >> >> be encrypted, but this encryption is not well documented (at least to my
> >> >> knowledge), so you may or may not be able to trust this. I'd recommend
> >> >> using full disk encryption, or foregoing backups entirely, if security
> >> >> is worth more than convenience to you.
> >> >
> >> > if someone is the target of a criminal investigation, their phone *and*
> >> > computer will be seized and the cops will be looking for text messages
> >> > and a whole lot more, plus, once they have the computer they now have
> >> > access to the phone.
> >>
> >> Yep, assuming the phone has been synchronized with the computer before
> >> and assuming the authorities have access to the hard drive in unencrypted
> >> form.
> >
> > actually once the phone is paired (no sync needs to be done), they can
> > get access to just about anything on the phone.
> >
> > they only need a backup if the phone no longer exists.
>
> Ok, but they still need to be able to boot the computer and access the
> account to which it is paired, right?

they do, but that is likely since few people encrypt their home system.

for those who do encrypt and if is already up and running (i.e.,
decrypted), the system can be seized without powering it down.

[William Unruh]

Common knowledge need not be true. And that they keep everything is not
only not proven but illegal, and thus will never be proven, unless
someone like the government takes them to court. Which will not happen.

[John Hasler]

Lewis writes:
> How do you figure that? SMS messages *HAVE* been used as evidence in
> court.

Messages retrieved from the NSA's supposed archive of SMS messages would
not be admissable in court as evidence because they were intercepted
without a warrant.

[Jolly Roger]

What gives you that idea? Is there data on this someplace?

> for those who do encrypt and if is already up and running (i.e.,
> decrypted), the system can be seized without powering it down.

I can see them doing that for laptops, but they'd still have to get past
the login screen. And what about desktops? Do authorities carry portable
UPS batteries to transport desktop systems back and forth?

[nospam]

In article <cj04aa...@mid.individual.net>, Jolly Roger

<jolly...@pobox.com> wrote:

> > for those who do encrypt and if is already up and running (i.e.,
> > decrypted), the system can be seized without powering it down.
>
> I can see them doing that for laptops, but they'd still have to get past
> the login screen. And what about desktops? Do authorities carry portable
> UPS batteries to transport desktop systems back and forth?

some do, including being able to unplug it without losing power:

<http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/>

[Rod Speed]

John Hasler <jha...@newsguy.com> wrote

> Rod Speed writes

>> They do have to admit that they keep
>> the content if its presented in a court.

> It would not be admissable as evidence in court,

Wrong.

[Rod Speed]

John Hasler <jha...@newsguy.com> wrote
> Lewis wrote

>> How do you figure that? SMS messages
>> *HAVE* been used as evidence in court.

> Messages retrieved from the NSA's supposed archive
> of SMS messages would not be admissable in court as
> evidence because they were intercepted without a warrant.

You've mangled that utterly. That isnt true of all
jurisdictions and isnt absolutely true of the US either.

[David W. Hodgins]

On Thu, 29 Jan 2015 06:11:04 -0500, Ant <a...@zimage.comant> wrote:

> On 1/28/2015 1:24 PM, Baker Charles wrote:
>
>>> For Windows, Linux, and so on, there's also full disk encryption, like
>>> TrueCrypt
>> I think truecrypt was deprecated & replaced by cryptmount, but I may be wrong.

> But it is only for Linux. :(

See http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[Ant]

On 1/29/2015 2:21 PM, David W. Hodgins wrote:

> http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html

Thanks. Too bad there is no single program that is crossplatforms
between Windows, Linux, and Mac OS X like TrueCrypt. :(
--
"... Here's intelligent things, and it seems they want us for food.
First, they'll smash us up -- ships, machines, guns, cities, all the
order and organisation. All that will go. If we were the size of ants we
might pull through. But we're not. It's all too bulky to stop. That's
the first certainty." Eh? ..." --H.G. Wells' The War of the Worlds

[Your Name]

In article <op.xs8wd8a...@hodgins.homeip.net>, David W. Hodgins

<dwho...@nomail.afraid.org> wrote:
> On Thu, 29 Jan 2015 06:11:04 -0500, Ant <a...@zimage.comant> wrote:
> > On 1/28/2015 1:24 PM, Baker Charles wrote:
> >>>
> >>> For Windows, Linux, and so on, there's also full disk encryption, like
> >>> TrueCrypt
> >>
> >> I think truecrypt was deprecated & replaced by cryptmount, but I may be
> >> wrong.
> >
> > But it is only for Linux. :(
>
> See
> http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternat
> ives-that-can-lock-down-your-data.html

Apple has FileVault built into Mac OS X, so no need for extra
third-party applications.
https://www.apple.com/osx/what-is/security/

iOS devices being handheld and single user simply lock the entire
device when not being used, with a choice of passcode and/or
fingerprint recognition needed to unlock it.

[nospam]

In article <300120151617371629%Your...@YourISP.com>, Your Name

<Your...@YourISP.com> wrote:

> iOS devices being handheld and single user simply lock the entire
> device when not being used, with a choice of passcode and/or
> fingerprint recognition needed to unlock it.

it's not fully encrypted unless it's off.

[Adair Bordon]

Your Name wrote, on Fri, 30 Jan 2015 16:17:37 +1300:

> iOS devices being handheld and single user simply lock the entire
> device when not being used, with a choice of passcode and/or
> fingerprint recognition needed to unlock it.

Does it additionally work for a single mount point?
That's my preferred use model (and that of many others).

[Adair Bordon]

Lewis wrote, on Fri, 30 Jan 2015 02:45:47 +0000:

> The NSA provides illegal evidence to police and then the police
> manufacture an evidence trail. This is documented fact, btw, not
> tin-foil-hattery. The NSA provides training on how to do this.

I don't know if it was the NSA, but this happened, in effect (the
details may be what's important though) in Florida.

Googling, I couldn't figure out the keywords to find that case,
but I did find the "exclusionary rule" listed here...
https://en.wikipedia.org/wiki/Exclusionary_rule

[Your Name]

In article <maf5db$9sa$4...@news.albasani.net>, Adair Bordon

What "mount point"?? When you stop using the device, it simply locks
(depending on user preferences). You then have to unlock it when you
want to use it again.

[nospam]

In article <maf5db$9sa$4...@news.albasani.net>, Adair Bordon
<Adair@not_my_real_email.com> wrote:

> > iOS devices being handheld and single user simply lock the entire
> > device when not being used, with a choice of passcode and/or
> > fingerprint recognition needed to unlock it.
>
> Does it additionally work for a single mount point?
> That's my preferred use model (and that of many others).

not many others at all. in fact, almost nobody uses it that way.

[Jasen Betts]

On 2015-01-29, Lewis <g.k...@gmail.com.dontsendmecopies> wrote:
> Okay, so one time? In band camp? DevilsPGD <booga...@crazyhat.net> was all, like:
>> In the last episode of <290120151409092248%Your...@YourISP.com>, Your
>> Name <Your...@YourISP.com> said:
>

>>>In article <mabtmg$k4e$2...@news.albasani.net>, Adair Bordon

>>><Adair@not_my_real_email.com> wrote:
>>>> Lewis wrote, on Thu, 29 Jan 2015 00:02:30 +0000:
>>>> >
>>>> > You can't. SMS/MMS has no ability for encryption.
>>>>
>>>> Someone said it did.
>>>
>>>An know-nothing idiot implied it did, but it doesn't.
>>>
>>>To send encrypted messages you and the receiver need to use the same
>>>third-party messaging app instead of the phone's standard SMS.
>
>> SMS/MMS doesn't have any native support for encryption, true. However,
>> if I were to ROT13 a message before sending it, and you know to ROT13
>> the same message, we'd be able to communicate while an especially stupid
>> observer would be unable to understand the contents of the message.
>
>> Now swap out ROT13 for strong encryption using keys we exchanged
>> manually, outside of SMS, and you're good to go.
>
> That's going to be tricky in 160 characters.

No. A one-time pad would be ideal here, and there's no stronger crypto
than that.




--
umop apisdn

[Adair Bordon]

Your Name wrote, on Fri, 30 Jan 2015 19:02:17 +1300:

> What "mount point"?? When you stop using the device, it simply locks
> (depending on user preferences). You then have to unlock it when you
> want to use it again.

That's not my use model.

For me, my use model is that the device is unlocked and there is
a single directory for storage of sensitive files (that's what I called
a "mount point" since, on Windows, it's a file that appears as a
new drive, and on Linux, it's a file that appears as a mount point).

Then, anything I want encrypted goes into that mount point (or drive,
on Windows). The encryption/decryption happens automatically, once I
type the initial password, so, everything works perfectly.

Then, when I'm done, I unmount the mount point, voilà, that mount
point reverts to an encrypted file.

That's the most common use model, anyway, for both Truecrypt and
cryptmount (and GnuPg I think) encryption. There are other use models,
but that's the most convenient for me.

I certainly don't want the ENTIRE thing encrypted. Been there, done
that. Lost too much data, over time, mostly due to OS crap (Windows
and Linux) so I'll NEVER encrypt the entire disk ever again.

I just want a mount point encrypted.

[Adair Bordon]

nospam wrote, on Fri, 30 Jan 2015 01:04:31 -0500:

> not many others at all. in fact, almost nobody uses it that way.

Almost everyone using Truecrypt & cryptmount uses it that way.
There are other use models also.

[nospam]

In article <mahggd$boh$5...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> I certainly don't want the ENTIRE thing encrypted.

why not?

someone as paranoid as you who goes to great lengths to anonymize
browser identification (which doesn't do all that much) would leave a
trail of unencrypted data??

how can that be?

> Been there, done
> that. Lost too much data, over time, mostly due to OS crap (Windows
> and Linux) so I'll NEVER encrypt the entire disk ever again.

then you used super-shitty encryption software.

you might also want to know that the *entire* iphone is encrypted. all
of it.

> I just want a mount point encrypted.

only if you aren't interested in security.

[nospam]

In article <mahghi$boh$6...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> > not many others at all. in fact, almost nobody uses it that way.
>
> Almost everyone using Truecrypt & cryptmount uses it that way.
> There are other use models also.

like i said.

[Your Name]

In article <mahggd$boh$5...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:
> Your Name wrote, on Fri, 30 Jan 2015 19:02:17 +1300:
> >
> > What "mount point"?? When you stop using the device, it simply locks
> > (depending on user preferences). You then have to unlock it when you
> > want to use it again.
>
> That's not my use model.
>
> For me, my use model is that the device is unlocked and there is
> a single directory for storage of sensitive files (that's what I called
> a "mount point" since, on Windows, it's a file that appears as a
> new drive, and on Linux, it's a file that appears as a mount point).
>
> Then, anything I want encrypted goes into that mount point (or drive,
> on Windows). The encryption/decryption happens automatically, once I
> type the initial password, so, everything works perfectly.
>

> Then, when I'm done, I unmount the mount point, voil胃, that mount

> point reverts to an encrypted file.
>
> That's the most common use model, anyway, for both Truecrypt and
> cryptmount (and GnuPg I think) encryption. There are other use models,
> but that's the most convenient for me.
>
> I certainly don't want the ENTIRE thing encrypted. Been there, done
> that. Lost too much data, over time, mostly due to OS crap (Windows
> and Linux) so I'll NEVER encrypt the entire disk ever again.
>
> I just want a mount point encrypted.

iOS devices don't normally mount as storage devices at all when plugged
into a computer, and the directory structure isn't accessible by the
user. You transfer files via Apple's iTunes software.

There is some third party software that will mount iOS devices on a
computer and let you access the directory structure (some only for
devices that have been hack with "jailbreak" software). Technically you
probably could use one of these and some sort of encyption / protection
software to create protected folders and files, but they wouldn't be
accessible by any software on the iOS device itself.

[David W. Hodgins]

On Fri, 30 Jan 2015 22:00:30 -0500, Adair Bordon <Adair@not_my_real_email.com> wrote:

> I just want a mount point encrypted.

For windows, see https://github.com/t-d-k/doxbox
For linux, see http://ody.ca/~dwhodgins/Luks-Howto.html

I haven't tested doxbox, as I don't have a working windows system
anymore. With it's predecessor, freeotfe, the cipher has to be
changed from --cipher aes-xts-benbi to --cipher aes-xts-plain,
so that the same mount point can be read from either linux, or
windows. The filesystem has to be vfat or ntfs-3g, for windows
to be able to read it.

[Adair Bordon]

nospam wrote, on Fri, 30 Jan 2015 23:06:06 -0500:

>> I certainly don't want the ENTIRE thing encrypted.
>
> why not?

Because I'm not running from a state-sponsored adversary, and,
because I can lose my data, but I wouldn't want to lose the whole
thing when the OS crashes. Been there. Done that.

[Alan Browne]

Backups for computer data were invented in the 1940's.

Surely you got the memo?

--
"Your net worth to the world is usually
determined by what remains after your
bad habits are subtracted from your good ones."
Benjamin Franklin

[nospam]

In article <mailid$ior$1...@news.albasani.net>, Adair Bordon

<Adair@not_my_real_email.com> wrote:

> >> I certainly don't want the ENTIRE thing encrypted.
> >
> > why not?
>
> Because I'm not running from a state-sponsored adversary,

yet you want your browsing anonymized and you use multiple bogus names
on usenet?

> and,
> because I can lose my data,

you can lose your data for all sorts of reasons, including if it is
lost or stolen.

that's what backups are for.

not only that, but if your phone or computer is lost or stolen, someone
else may choose to paw through your unencrypted data.

> but I wouldn't want to lose the whole
> thing when the OS crashes. Been there. Done that.

if you lost data because the os crashed, then you were using shitty
encryption software and/or a shitty operating system.