guardianproject / proofmode-android Goto Github PK

We need a bit more handholding around the key process and what it all means

If location or other sensor not available, no permission, etc, we should add that to the proof data

do we want all these proof files all the time?

for proof

Currently it is a unix timestamp

The second step of sharing, after you tap ShareProof - how can we make the user experience of that step more intuitive - Eg, ShareProof should not appear as an option at that second step. Also can we limit the number of apps that appear at the second step? Can we make that window look a bit different so users don't get confused with previous step?

Investigate blockchain based and other solutions.

Stampery
OpenTimestamps: https://petertodd.org//2016/opentimestamps-announcement

-- Add content to website on "what to do with data"?
-- Promote the use of Tableau, Google Sheets/Fusion, or other data
processing features? How to for websites?

WhatsApp is on longer compressing shared media, so we can do more things, yay!

Someone sends media via WhatsApp or other secure channel. Receiver then wants to "proofmode" it, as a secondary source.

If "Include Mobile Network" switch is on and device's location setting is off, ProofMode doesn't work.

we should not auto-publish
we should only share when the user wants to
but how / where should we publish or include?

Let's figure out what we need to protect and when

When trying to share via ShareProof on Nexus 5x & Pixel, Android 7, I get error message: "The proof does not exist or has been modified" .

• Should support real-time backup of proof files and media to external storage (via USB or SD Card) and through remote cloud sync of some kind with minimal user interaction

• It is published publicly automatically?
• how do we explain users what is happening?

"visibleWifiNetworks", "lightMeterValue" and "bluetoothDeviceAddress" have been dropped. Any particular reason for that? They were useful piece of information to corroborate the evidence

It'd be nice if I could add my proofmode pubkey to my keybase account. Even nicer if I could set it to auto-upload proofs of everything I take to my keybase FS private directory. I don't know how possible it is for you to make this happen... should I instead be barking up the keybase tree?

People want to be able to add a name of source, description, other non-sensor driven data

hey! we were just testing camerav through guardian project's f-droid repos only to discovered after some poking around that camerav's being replaced by proofmode.

but there was no sign of this anywhere the camerav's announcement nor the repo itself, and proofmode isn't included in that repo :)

"Modified" or "Last File Modification Time"

Is GPS mode not being activated, only relying on actual satellite GPS

Confusion about where some of the fields comes from in the proof data

This would allow Signal to handle "share all" method

-- start with work on one pager
-- write content, feature app, library and partners
-- Case studies, demos of sample data
-- Nathan to start posting on how-to things on the github

One problem using FileObserver is that you have a bit of a race condition between your app and anything else (e.g., malware) that is also observing the filesystem. If the malware gets in first, it can tinker with the image before you sign it.

An alternative flow is to use ACTION_IMAGE_CAPTURE and a FileProvider, directing the camera app to save the photo to ProofMode's internal storage. Many camera apps will support this, though some won't. Then, the photo initially is purely under your control (barring root-powered malware), and you can do whatever you want with the image and proof process safely. Then, when ready, you can copy the photo out to DCIM/ProofMode/ or something. As an added bonus, this will work even if the camera app is configured to save its images by default somewhere other than DCIM/, missing your FileObserver.

Attached is a sloppy proof of concept, based on one of my book examples. It uses ACTION_IMAGE_CAPTURE to take a photo, directing the results to the app's internal storage. It then updates an EXIF header, copies the modified image out to DCIM/ChainOfCustody/, indexes it, and brings it up in an image viewer activity. This code sucks (e.g., won't handle configuration changes well with the background thread), but it demonstrates the concept. Where I have the background thread, you would tie into your existing ProofMode flow.

ChainOfCustody.zip

This is just a thought -- obviously, this is your app, and you may have your reasons for not wanting to have this option.

I'm sure I'm not the only one who is wondering "Why not put the proof in the image metadata?" and "Okay, I grant that you can't have the signature be part of the thing signed, but you could just have the final signature mean 'the signature of this file when this signature is removed', or am I missing some nuance somewhere?"

It might save some work to have a place for those answers to live.

Add additional onboarding to setup names

• provides verification that official ProofMode app was used
• provides information about if device is rooted or otherwise modified
• provides signed auto notarization of hashes by Googles server with timestamp and certificate

We won't use it to block use of ProofMode, and the user can disable it, but if this extra blob of data is not in the proofmode.csv it is a warning sign that the content should be closely scrutinized by the receiver by a human.

https://developer.android.com/training/safetynet/index.html
https://www.howtogeek.com/241012/safetynet-explained-why-android-pay-and-other-apps-dont-work-on-rooted-devices/

hello @guardianproject sir i want to contribute in logo if you want new logo its free for you

Some people want a more "blackbox" type loop of sensor data running all of the time, so that we can see a bit before and after a media capture event takes place

We should generate a password for the private key, instead of using a static one, and store than in the Keystore. That seems like the quickest way forward, instead of storing the entire key.

Usability concerns here:
open-keychain/open-keychain#1642

Docs here:
https://doridori.github.io/android-security-the-forgetful-keystore/

Zip + PGP Sig?

just loading and not going anywhere

"Import key.." ?

multiple select too!

show local time /dates with offset info

"The current date/time is showing a placeholder (January 1 1970) instead of an actual time"

Hi, OpenTimestamps dev here, I was just wondering why OpenTimestamps is included as sources and not as maven/gradle library

how can we make the user experience of that step more intuitive - i think that it is the weak link in the current workflow from user perspective. Eg, can we not have ShareProof appear as an option at that second step? Also can we limit the number of apps that appear at the second step? Can we make that window look a bit different so users don't get confused with previous step?

Need to allow both, but don't want it to be a whole for criticism

Need more info, but definitely need to focus on proof mode not being activated due to power saving