Guardian Rom - Secure Android OS

Discussion in 'privacy technology' started by x942, Jun 9, 2013.

  1. x942

    x942 Guest

    In order to be able to build our own GuardianPhone we need to hit the target of $100,000. The majority of that will go the manufacturer as part of a contract to get the prototypes made as well as the first batch of phones. The rest will pay the developers, keep the servers and lights running, and cover any other costs we have missed.

    We are NOT doing kickstarter. We are running crowd funding on our website though. We are accepting donations via CC/Debit card and Bitcoin. If you donate using bitcoin e-mail us with the BC Address you used so we can send your perk to you. If you prefer to stay completely anonymous that is okay to, but you won't get a perk as they need to be sent in the mail. You can also use our GPG keys to send it to us securely.
     
  2. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Just donated! Do you think GuardianPhone will include a TPM chip? I was going over Mike Perry's hardening android blog post and saw he talked about that.
     
  3. x942

    x942 Guest

    We are
    We are looking into it. We would like to use a TPM at the very least to have a hardware counter to prevent online brute-force attacks and enforce wiping of the phone after 10 wrong password attempts (or any user set number of invalid attempts). Thank you for the donation! I will take a look at Mike Perrys blog post :)
     
  4. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Just donated as well, I dont think that I will need the phone but wanted to support your work.

    Good luck with the project.
     
  5. x942

    x942 Guest

    Thanks for the donation! It helps alot :)
     
  6. x942

    x942 Guest

    A few reasons:

    1. Moxie won't let us. I have asked multiple times.
    2. Text Secure relies on GCM (Google Cloud Messaging) which needs the play store to be installed
    3. Text Secure REQUIRES data for sending encrypted messages (Or at least it will soon)
    4. We would prefer to build our own solution that will be fully open-source and if you want you can use Encrypted SMS or Data for messaging, as well as setup your own internal server. Which is good for those that would prefer a setup where they control the server. I have it setup on my LAN right now. This means I have to VPN home and then connect. Using this I can talk with my family securely and ENSURE there is no trail anywhere. It is also encrypted twice in my setup VPN -> LAN -> SSL -> Server before you even count the end-to-end crypto.
    Now if Moxie is okay we would be open to making our app compatible like they did with CyanogenMod. I would like to say I have a ton of respect for him though even if we have different views on how it should all work.

    The idea is two-fold:

    1. By using our servers you don't have to trust another party. Only one party. This makes it easier for some people who don't know a whole lot about security.
    2. We are going to charge a small fee to support the project. THERE WILL BE A FREE VERSION!! The free version will just limit the number of minutes per month but the paid version will give you more and support the project.
    Now with that said, our server is just a simple SIP server, so you can still use the OSTel app OR you can use our app to connect to OSTel or ANY OTHER VOIP/SIP provider. We aren't locking you in. Just trying to make it easier for the average user and bring in some funds. OStel and the GuardianProject are amazing. They inspired me to do this so feel free to trust them as well/instead of me ( always do research before trusting anyone).

    Redphone works great. Only issue is AFAIK you can't use your own server or any server but theirs. Which means if Whispersys is forced to close down redphone stops working and is dead. By using OStel you can switch to any SIP provider and still use ZRTP if they do shutdown.
     
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    https://act.eff.org/action/jailbreaking-is-not-a-crime
    "Millions of people jailbreak the phones and tablets they own, in order to run the software they want on their own terms. Whether it's to cut out annoying bloatware, install the latest security fixes, change the home screen, or just to use it in a way the manufacturer hasn't considered, jailbreaking is an important part of how we interact with our devices. But the Copyright Office and Librarian of Congress could cast its future into jeopardy in just a few short months."
     
  8. x942

    x942 Guest

    When I first asked about it this was before the CyanogenMod integration happened and I haven't spoken with him since. I don't want to disclose private e-mail conversations, so the just of it is we have different opinions on how things should be integrated. If he was interested we could integrate it like he did with CM. Originally we wanted to just include text secure directly but that had issues. Anyways now that Text Secure is dropping encrypted SMS I think it's better we don't ship with it but try to be compatible instead. We want people who need SMS to be able to use it. Where I live for example my cell phone bill and the average bill in the country is $80/month with only 100mb of data. We get unlimited SMS and Calls though. Data however is a rip off here. This basically makes textsecure useless once they drop encrypted SMS and I know Canada isn't the only country with this issue either.

    Yeah. Such non-sense. I am going to say this: Stick with Nexus devices. Google will always allow it because they know developers need it. I also can't see this really being enforced as a lot of OEMs allow for official unlocking bootloaders. I don't think the OEMs are going to push against jailbreaking/unlocking bootloaders as the last time they tried it back fired. Almost all the OEMs that locked their bootloaders now offer an official unlocking method.
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Have you though about using Pond for your messaging app?
     
  10. x942

    x942 Guest

    I haven't had a chance to play with Pond yet. It does seem like a good way to go though. I like alot of aspects of pond and I hope it takes off.
     
  11. x942

    x942 Guest

    Updates:

    • We have moved our donations over to pledgie.
    • So far we have received $1000 in donations - Thank you everyone who has donated.
    • We are working hard at adding all pledgies to pledgie so it reflects everyone who has donated.
    • You may still donate via bitcoin if you wish.
    • We have been working hard to finish the final version and we are getting closer.
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Nice, I hope the crowd funding increases when the final version is available.
     
  13. x942

    x942 Guest

    I hope so too! We are working hard towards our final release. We are hoping to release it ASAP here :)
     
  14. Gilion

    Gilion Registered Member

    Joined:
    May 7, 2015
    Posts:
    3
    Hey Kyle,

    I just made a donation. Hope it helps your dream a little closer. BitCoined you.

    Keep up the great work!

    G ;)
     
  15. x942

    x942 Guest

    Thanks! It helps alot. We have been getting closer. I will post some new stuff shortly, including some work we are doing on the hardware side. We have some schematics drawn up now so awesome stuff is happening :)
     
  16. Gilion

    Gilion Registered Member

    Joined:
    May 7, 2015
    Posts:
    3
    Great news, we like awesome stuff happening.... :D

    I also wanted to maybe point you in a direction on the hardware side that you may not have considered. A cheaper alternative than the Nexus 5/6 would be a OnePlus One (One+ One)

    at 350 USD, I guess it would be a cheaper starting point than a Nexus. The downside is it has only 16 Gb & 64 Gb versions and no extra memory card slot. Anyway just a thought.
     
  17. Der_PsYcHoRiSt

    Der_PsYcHoRiSt Registered Member

    Joined:
    Jun 11, 2015
    Posts:
    1
    Hello!

    I am following your Project for about one year now and I really like the idea behind and the big steps!

    My question is more or less simple: would you be so kind and think about a porting of your ROM to HTC's M8 ? It would be awesome!! It would be FREAKING awesome if you would ask GOOGLE whether you could be a development-partner of their ARA-Smartphone to be able to port your Rom to the NEXT BIG THING in the Smartphone segment...

    "Maybe" I will donate something nice... ;)

    Cheers
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    How's development going?
    Btw, do you know if GuardianRom's hardened kernel and GRsecurity would have stopped the exploiting of the stagefright CVE's?

    EDIT:
    Aah, it seems @x942's account here is disabled or something..
    EDIT2:
    shadowdcatconsulting.com and guardianrom.com are down :(
     
    Last edited: Aug 10, 2015
  19. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    i wonder whats happened , hmmm......
     
  20. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Looks like shadowcatconsulting.com is pingable just now, however, no web page rendered.

    I wonder if it is under attack by some third party?

    -- Tom
     
  21. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Id say it is safe to say the project has gone.

    Slightly disappointing if this is the case, particularly for the people who donated money to him. I think at least a communication detailing what happened would be polite.

    Shame, would have been a good OS.

    Now to find an alternative solution which at this stage is very limited.

    The potential Blackberry offering is promising as is Silent Circle or the more difficult custom modifying android myself.

    Blackberry would be good but they have given governments keys to there systems before.
     
  22. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    It appears that x492, aka Kyle, has formed a new business. He does have a gmail address by which he can be contacted. I imagine he still resides in BC, Canada.

    -- Tom
     
  23. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Hi everyone I am going to try and clear some of this up. I know there is no way to verify this is me. If I have a chance I will sign this post with my personal GPG key tomorrow.

    This is what happened. Back in June we were victim to a ddos attack, shortly after this I was contacted by over e-mail from an individual demanding we remove the website. I ignored it of course, assuming it was just nonsense. This individual proceeded to attempt to doxx me, not hard since GuardianRom was tied to my identity since I didn't want a truecrypt issue where people don't trust the product because of anonymous devs. He posted a bunch of info, nothing tied to my address or anything major, but I decided to delete a few accounts to be on the safe side. One of which was my x942 account on this site.

    The attack continued for another couple weeks. I then went to put cloudflare up to help mitigate the attack, but when I logged into my registrar account I was surprised to see that both Guardianrom and shadowdcatconsulting were no longer listed. I reached out to my registrar and they said they were both released and I no longer owned them.

    I have been fighting for over a month to get them back, but no luck.

    The next part sucks but due to the nature of this project we had several dead-man switches in play. They took me and my two other team members to reset it every 30 days. Part of the check is a special TXT DNS record that is supposed to change every 30 days to prove we still own the domain. Since the domains weren't in our possession any more the check failed on the 30th day.

    The dead-mans switch wiped: Our servers, Our newsletter registration list (users emails), and our GPG keys.

    So we were in the dark for a while due to no longer having access to our GPG keys, domains, or servers.

    We are not dead. After the above happened, I called a meeting with the other members, we agreed to go into "Stealth mode" and work on the project without worry. At this time I am working on another startup - any money that I personally make will be poured into GuardianRom's successor. If anyone would like to help us - shoot me an e-mail.

    I still recommend staying away from Silent Circle. Buy a Nexus phone + install stock AOSP/CM (No Gapps) + Silent Circles apps. Cheaper and
    just as secure.

    Yes I have launched a new, unrelated startup in order to bring in money. As I said above, I will taking my money and putting it into a new company that will form the new GuardianRom/Phone. We have exciting work being done right now.
     
  24. Tani

    Tani Registered Member

    Joined:
    Aug 14, 2015
    Posts:
    4
    site server seems to be down :(
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Wow :eek:

    I'm glad that you're OK :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.