I was taking a look at the Naomi Wu situation (A Chinese DIY tech youtuber who went missing after being watched by the government) and in one part they mentioned that she was concerned about her privacy, so started using Signal, but had a default chinese keyboard that had a keylogger and the police had looked into what she was talking on there.

I’m not sure if it was a mobile only thing, but it was mentioned that the keyboard app was used in like 70% por chinese smarthphones.

Now, I use AnySoftKey and refuse to use default keyboard apps, but how far can we reach on the keyboard security thing? Is typing on a computer or using a physical keyboard on a mobile device 100% safe? I think the keyboard issue is often overlooked and would like to know what recommendations your have? Or what should be known more?

@jet@hackertalks.com
link
fedilink
8
edit-2
1Y

All that comes down to your threat model.

If you’re very concerned about sophisticated actors getting effectively keyloggers on you. Install a privacy focused operating system on your phone, like graphene os (fixed spelling). Don’t change the keyboard. Keep the default secure keyboard.

For your physical computer, uses very standard keyboard. Nothing fancy nothing that’s reprogrammable. Most people have USB keyboards nowadays, make sure you plug your keyboard and mouse into their own USB controller, so nothing can snoop those keystrokes. Don’t use a KVM, don’t use a fancy monitor that basically got a computer inside of it.

If you think you might be a target, buy your keyboard with cash, in fact by all of your electronics of cash, don’t order anything for delivery. They could get tampered with on the way to you.

I mean if you’re that concerned get a thinkpad X200, libre boot it, and run qubes OS

god
link
fedilink
21Y

Qbues on whonix is even better

This Tails if you dont got the time

@jet@hackertalks.com
link
fedilink
7
edit-2
1Y

Good idea, if it fits your threat model.

If your threat model trusts google, then a locked down Chromebook is fine too

The EFF has some good guides to help you design your threat model and tolerances.

https://www.eff.org/deeplinks/2020/06/digital-security-advice-journalists-covering-protests-against-police-killings

Https://ssd.eff.org

At least we could name things properly. I’m 120% sure people who don’t know graphene os have no idea what you mean by grafine os, and by searching they may even find something that’s a bad knockoff or something like that.
Please always type names correctly, and also include a link to the official website, so that people don’t install some literal spyware because they don’t know better.


The commenter was meaning refer to graphene os: https://grapheneos.org
It’s important to mention that it is only available for Google Pixel phones, and as such it is also unfit as a general recommendation that “you should install this on your phone”.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog