[Freedombox-discuss] School intimidates girl to give up Facebook password

James Gilmore james.d.gilmore at gmail.com
Tue Mar 13 21:39:45 UTC 2012


Going along with this line of thought from a slightly different angle,
what if there were a device, also plugged into the wall, which you
would plug in somewhere else in your house, that would establish a
secure connection to the freedombox by modulating the AC power like
the homeplug does? It's sole purpose would be to act as a key. It
would be similar to how Keepass uses key files, except instead of
files, it would be gpgAuth-style tokens. (http://gpgauth.org/) That
would allow authentication to be location-based without involving
(spoofable) GPS data.

Carrying this idea just a little further, if that handshake were
constantly required, say every 5 seconds or so, this could harden the
Freedombox against forensic attacks, because transferring the
freedombox from the local power to a battery for transport would break
that encrypted link, causing the freedombox and the key device to
forget all passphrases in memory.

Bonus round: what if part of the handshake or encryption involved the
electrical distance between the freedom box and the key device? This
would make it nearly impossible to move even if they found the
freedombox and the key and moved them simultaneously while maintaining
electrical connectivity between the two devices. At the very least,
transporting the freedombox to a lab would require some very custom
equipment and know-how that is far beyond local- or state-level law
enforcement's capacity. Well, I think so, anyway.


On Tue, Mar 13, 2012 at 1:34 PM, Bob Mottram <fuzzgun at gmail.com> wrote:
>
>
> One possibility would be to have the ability to lock the login to your account to a certain geographical location.  If that location is your house, then it doesn't matter if someone else coerces the password out of you, because they have to be in a certain location to be able to use it.  There may be much stronger legal grounds to refuse someone entry to your house.
>
> This would of course only work if you were using a mobile device with a GPS receiver to access your account.
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss



More information about the Freedombox-discuss mailing list