Random idea I had while thinking about this project. I recently realized how invasive cell phones are. Having your phone turned on means that your carrier knows approximately where you are. Given...
Random idea I had while thinking about this project. I recently realized how invasive cell phones are. Having your phone turned on means that your carrier knows approximately where you are. Given how people try their best not to let their battery die that means that your location is known pretty much all of the time that you're carrying your phone. Your government can request this information. Even if they are supposed to have a warrant, it's better for this information to not exist in the first place.
One alternative is to keep your phone off or in airplane mode most of the time. But a privacy-focused FOSS phone could add an "outgoing only mode" where it will stay in airplane mode until you make a call or send a text message (and then return to airplane mode after a few minutes of inactivity on the cellular connection).
Edit:
Maybe there could also be functionality that would use GPS (which I understand to be completely passive and thus non-intrusive) to enable/disable "outgoing only mode". Maybe you feel comfortable leaving your GSM connection open while you're at home.
Really the best thing they can do right now with existing technology is to support WiFi SMS and Calling. We can use IP VPNs to mask our location and encrypt our calls and messages (at least in our immediate vicinity).
Maybe if I get one I'd look into modifying the GSM driver. Something like Windows' UAC ("Are you sure you want to enable cellular connectivity? [no], [yes - for 15 minutes]") would be great.
Maybe if I get one I'd look into modifying the GSM driver. Something like Windows' UAC ("Are you sure you want to enable cellular connectivity? [no], [yes - for 15 minutes]") would be great.
The issue with not doing it at a driver level is that applications could be running in the background and enable your GSM connection without your knowledge. Just like those webcams that have a...
The issue with not doing it at a driver level is that applications could be running in the background and enable your GSM connection without your knowledge. Just like those webcams that have a light to tell you if they're on, but the light is software controlled. If it's controlled at the kernel level you could hopefully require user feedback to confirm.
Of course, even without performing the change at the driver level a user-space script would be better than nothing. Essentially it's just automating good op-sec.
It's more than that. I use an Android phone. That means Google knows: The emails I send and receive. My appointments - what, where, who, and when. Every internet search I make on my phone. Every...
Having your phone turned on means that your carrier knows approximately where you are.
It's more than that. I use an Android phone. That means Google knows:
The emails I send and receive.
My appointments - what, where, who, and when.
Every internet search I make on my phone.
Every website I visit on my phone.
The contact information for my friends (their names, phone numbers, email addresses, and even dates of birth if I want to keep track of their birthdays).
My location at all times.
I can't use many of the features on my phone without enabling this access for Google. I'm NOT comfortable with that, but there are very few other options.
I already:
Don't use my gmail account for any personal emails. Only phone-related maintenance, like subscriptions and app purchases. I have a private email account that I pay for to handle my actual correspondence.
Use my desktop computer for the internet stuff I don't want Google to see.
Keep the information in my appointments as minimal as possible. I don't need to add addresses or personal information about the people I'm meeting.
But there's only so much I can do to restrict what Google sees about my life.
I have therefore occasionally wished for a phone that wasn't just a data-vacuum. Maybe a Linux phone is what I'm looking for.
I remember reading science fiction as a youngster with clever AI assistants who would run your house and answer your mail and handle your appointments. Noone warned me that the real versions would be just front-ends for corporations to watch everything I do. I'm therefore also keeping half an eye on the Mycroft digital assistant.
I can understand why you'd want a greater degree of privacy for location based services and such, but I think for wide scale adoption (and regulatory requirements on the carrier's side), the gps...
I can understand why you'd want a greater degree of privacy for location based services and such, but I think for wide scale adoption (and regulatory requirements on the carrier's side), the gps or location based services would need to be enabled by default.
There's no way any carrier would support a device on their network that by default obfuscates its location, preventing people from being able to properly route calls to the appropriate 911 PSAP, or requires someone in an emergency to disable its anonymizing features before a PSAP can dispatch emergency services to help you out. You're much more likely to have to call 911 for a heart attack or injury than you are going to need to keep your location anonymous from the government.
This would not obfuscate your location. It's just more convenient than switching airplane mode on and off. In addition, this is entirely implemented client-side. The carrier doesn't have any say...
This would not obfuscate your location. It's just more convenient than switching airplane mode on and off. In addition, this is entirely implemented client-side. The carrier doesn't have any say in when you power on and off your SIM card (well, except for maybe informing you that it's illegal to use your SIM to cause interference with other devices).
Edit:
If you're referring to what I said about WiFi calling + VPNs I admit that's not really the same as what I'm proposing. However, a good solution would probably whitelist 911 to bypass the VPN.
Sorry, maybe you can help me out a bit as I wasn't immediately able to find the information on the site, but are they also creating the RTOS? If they're using one of the existing ones, carriers...
Sorry, maybe you can help me out a bit as I wasn't immediately able to find the information on the site, but are they also creating the RTOS? If they're using one of the existing ones, carriers can still enable basic location tracking regardless of what the user-side OS is doing.
I'm not 100% certain of what you're referring to. Do you mean the software running inside of the SIM? Or is there software baked into the other GSM hardware? The purism guys are big supporters of...
I'm not 100% certain of what you're referring to. Do you mean the software running inside of the SIM? Or is there software baked into the other GSM hardware?
The purism guys are big supporters of libreboot, so they're not opposed to flashing custom firmware.
To my understanding, every phone has a lightweight RTOS in addition to the user-facing GPOS, that runs to control the time-sensitive radio functions, and that's the component that carriers can use...
To my understanding, every phone has a lightweight RTOS in addition to the user-facing GPOS, that runs to control the time-sensitive radio functions, and that's the component that carriers can use to remotely activate and track your location, even if you think your phone's been powered off.
Honestly I hope librem 5 succeds and if it's at least decent I'm going to buy it, but I'll probably just run lineageos on it. There are a few apps(mostly non free ones) I need on my phone and I...
Honestly I hope librem 5 succeds and if it's at least decent I'm going to buy it, but I'll probably just run lineageos on it. There are a few apps(mostly non free ones) I need on my phone and I can't really use them on Linux.
Anyways the idea of running a full blown Linux distro on my phone is great. Imagine all the things you could do with like running a SSH server on it and mounting it on your PC with sshfs or when I change phone I could just reuse it as a seedbox.
I also like the idea of their Google/Apple pay alternative using Monero but I don't think it's gonna succed
A full linux computer in my pocket, not tied to invasive technologies, with open code at every level? Hell yes, sign me up. I wonder if their phones are truly, fully open, though. There's an...
A full linux computer in my pocket, not tied to invasive technologies, with open code at every level? Hell yes, sign me up.
I wonder if their phones are truly, fully open, though. There's an entire separate OS in the radio on every cell phone, all closed, proprietary, and inaccessible. If they are using anything like an off-the-shelf chip for that, it's not fully open.
Random idea I had while thinking about this project. I recently realized how invasive cell phones are. Having your phone turned on means that your carrier knows approximately where you are. Given how people try their best not to let their battery die that means that your location is known pretty much all of the time that you're carrying your phone. Your government can request this information. Even if they are supposed to have a warrant, it's better for this information to not exist in the first place.
One alternative is to keep your phone off or in airplane mode most of the time. But a privacy-focused FOSS phone could add an "outgoing only mode" where it will stay in airplane mode until you make a call or send a text message (and then return to airplane mode after a few minutes of inactivity on the cellular connection).
Edit:
Maybe there could also be functionality that would use GPS (which I understand to be completely passive and thus non-intrusive) to enable/disable "outgoing only mode". Maybe you feel comfortable leaving your GSM connection open while you're at home.
Really the best thing they can do right now with existing technology is to support WiFi SMS and Calling. We can use IP VPNs to mask our location and encrypt our calls and messages (at least in our immediate vicinity).
Maybe if I get one I'd look into modifying the GSM driver. Something like Windows' UAC ("Are you sure you want to enable cellular connectivity? [no], [yes - for 15 minutes]") would be great.
The issue with not doing it at a driver level is that applications could be running in the background and enable your GSM connection without your knowledge. Just like those webcams that have a light to tell you if they're on, but the light is software controlled. If it's controlled at the kernel level you could hopefully require user feedback to confirm.
Of course, even without performing the change at the driver level a user-space script would be better than nothing. Essentially it's just automating good op-sec.
Hardware kill switches don't accomplish this. For automatically turning stuff on/off as wanted/needed, you need software killswitches.
It's more than that. I use an Android phone. That means Google knows:
The emails I send and receive.
My appointments - what, where, who, and when.
Every internet search I make on my phone.
Every website I visit on my phone.
The contact information for my friends (their names, phone numbers, email addresses, and even dates of birth if I want to keep track of their birthdays).
My location at all times.
I can't use many of the features on my phone without enabling this access for Google. I'm NOT comfortable with that, but there are very few other options.
I already:
Don't use my gmail account for any personal emails. Only phone-related maintenance, like subscriptions and app purchases. I have a private email account that I pay for to handle my actual correspondence.
Use my desktop computer for the internet stuff I don't want Google to see.
Keep the information in my appointments as minimal as possible. I don't need to add addresses or personal information about the people I'm meeting.
But there's only so much I can do to restrict what Google sees about my life.
I have therefore occasionally wished for a phone that wasn't just a data-vacuum. Maybe a Linux phone is what I'm looking for.
I remember reading science fiction as a youngster with clever AI assistants who would run your house and answer your mail and handle your appointments. Noone warned me that the real versions would be just front-ends for corporations to watch everything I do. I'm therefore also keeping half an eye on the Mycroft digital assistant.
I run Lineage with Micro G on my phone. A meager effort, but it's something.
I can understand why you'd want a greater degree of privacy for location based services and such, but I think for wide scale adoption (and regulatory requirements on the carrier's side), the gps or location based services would need to be enabled by default.
There's no way any carrier would support a device on their network that by default obfuscates its location, preventing people from being able to properly route calls to the appropriate 911 PSAP, or requires someone in an emergency to disable its anonymizing features before a PSAP can dispatch emergency services to help you out. You're much more likely to have to call 911 for a heart attack or injury than you are going to need to keep your location anonymous from the government.
This would not obfuscate your location. It's just more convenient than switching airplane mode on and off. In addition, this is entirely implemented client-side. The carrier doesn't have any say in when you power on and off your SIM card (well, except for maybe informing you that it's illegal to use your SIM to cause interference with other devices).
Edit:
If you're referring to what I said about WiFi calling + VPNs I admit that's not really the same as what I'm proposing. However, a good solution would probably whitelist
911
to bypass the VPN.Sorry, maybe you can help me out a bit as I wasn't immediately able to find the information on the site, but are they also creating the RTOS? If they're using one of the existing ones, carriers can still enable basic location tracking regardless of what the user-side OS is doing.
I'm not 100% certain of what you're referring to. Do you mean the software running inside of the SIM? Or is there software baked into the other GSM hardware?
The purism guys are big supporters of libreboot, so they're not opposed to flashing custom firmware.
To my understanding, every phone has a lightweight RTOS in addition to the user-facing GPOS, that runs to control the time-sensitive radio functions, and that's the component that carriers can use to remotely activate and track your location, even if you think your phone's been powered off.
I'd love to have them make a statement on this. Blog posts like this one give me some confidence that they're already working on this.
I guess the dream dies here :(
Honestly I hope librem 5 succeds and if it's at least decent I'm going to buy it, but I'll probably just run lineageos on it. There are a few apps(mostly non free ones) I need on my phone and I can't really use them on Linux.
Anyways the idea of running a full blown Linux distro on my phone is great. Imagine all the things you could do with like running a SSH server on it and mounting it on your PC with sshfs or when I change phone I could just reuse it as a seedbox.
I also like the idea of their Google/Apple pay alternative using Monero but I don't think it's gonna succed
A full linux computer in my pocket, not tied to invasive technologies, with open code at every level? Hell yes, sign me up.
I wonder if their phones are truly, fully open, though. There's an entire separate OS in the radio on every cell phone, all closed, proprietary, and inaccessible. If they are using anything like an off-the-shelf chip for that, it's not fully open.
While the odds are rather against it, and I prefer iOS due to its idiot-proofing, I’m glad to see this project coming along.