please check out the anti-mandate news »

« prev   random   next »

6
0

A phone which does not spy on you

By Patrick follow Patrick   2018 Aug 19, 10:49am 4,563 views   92 comments   watch   nsfw   quote   share      


https://puri.sm/shop/librem-5/

Librem 5, the phone that focuses on security by design and privacy protection by default. Running Free/Libre and Open Source software and a GNU+Linux Operating System designed to create an open development utopia, rather than the walled gardens from all other phone providers.

A fully standards-based freedom-oriented system, based on Debian and many other upstream projects, has never been done before–we will be the first to seriously attempt this.

The Librem 5 phone will be the world’s first ever IP-native mobile handset, using end-to-end encrypted decentralized communication.


Many others have attempted Open Source phones and failed. I hope this one works, especially since I just discovered that you cannot turn off wifi or Bluetooth on Android or iOS. "Turning it off" in the controls on those phones merely disconnects you from current access points, but leaves them on so they can spy on your location with great precision and open you up to various exploits:

https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off

On iOS 11, pressing the wifi toggle immediately disconnects the iPhone or iPad from any wifi networks, but leaves the wireless radio available for use by location services, scanning for the names of nearby wifi access points. The Bluetooth toggle operates in a similar fashion. ...

A similar thing happens in Android smartphones, which use wifi as part of their location services. Switching wifi off prevents it from connecting to wifi access points, but allows it to continue periodically scanning for access point names to help pinpoint its location.

« First    « Previous    Comments 53 - 92 of 92    Last »

53   Patrick   ignore (1)   2021 Aug 12, 10:54pm     ↓ dislike (0)   quote   flag        

https://puri.sm/posts/internet-of-snitches/

Imagine an Internet of Snitches, each scanning whatever data they have access to for evidence of crime. Beyond the OS itself, individual phone apps could start looking for contraband. Personal computers would follow their lead. Home network file servers could pore through photos, videos and file backups for CSAM and maybe even evidence of copyright infringement. Home routers could scan any unencrypted network traffic. Your voice assistant could use machine learning to decide when yelling in a household crosses the line into abuse. Your printer could analyze the documents and photos you send it.
54   SumatraBosch   ignore (9)   2021 Aug 13, 12:54am     ↓ dislike (1)   quote   flag        

I want a phone that kicks larry and serge in the nuts and take a massive shit on their faces every time I make a call and hundreds of times a second when I don't/
56   Eric Holder   ignore (1)   2021 Aug 20, 2:48pm     ↓ dislike (0)   quote   flag        

Patrick says
Your printer could analyze the documents and photos you send it.


Already does to some extent.
57   richwicks   ignore (2)   2021 Aug 20, 5:15pm     ↓ dislike (0)   quote   flag        

WookieMan says
richwicks says
I worked on the XBox project.

Fuck that device. Fuck it hard. Apple can take all my shit for all I care, new devices are set up in minutes not hours. I don't game but my kids do, it's the worst platform I've ever encountered. So convoluted and retarded to be honest. I'm no techie, but I've build mediocre websites that worked well for real estate. Xbox (currently) is not intuitive and is a shit show. Maybe it was better when you worked on it, as again I don't play video games.


I am unoffended. I'm a contractor. Some people would call me a mercenary for hire, but I know what I really am. I'm a prostitute. I'm a whore.

If your kids like video games, look into the retroarcade. Maybe your kids need the "latest and greatest", but if they just want to play video games, I have a library of over 10,000 of them, not to play (my life isn't that long), but to preserve.

For < $100, you can have a raspberry pi, running retroarcade with more video games on it, than any one person can play in a lifetime. Also, it burns less than 10 watts.

https://retropie.org.uk/

The last time I tried to play a modern arcade game was 10 years ago. When I was a kid, a video game was a 10 minute distraction, that at worst could be a 2 hour struggle to win. Today, video games are just ordeals, that take WEEKS to get through. Want a blast from the past?

http://impossible-mission.krissz.hu/

That's one of the toughest video games I conquered as a kid. I can still beat it, and I recently have, but there's no enjoyment in it.
58   AmericanKulak   ignore (1)   2021 Aug 20, 5:38pm     ↓ dislike (0)   quote   flag        

Stay awhile, Stay Forever!!!
59   Patrick   ignore (1)   2021 Aug 20, 5:39pm     ↓ dislike (0)   quote   flag        

richwicks says
I worked on the XBox project.


That's interesting.

One fun thing about tech is that your work is often used by millions of people.

I worked on a phone (the Nextel phone) that was used by millions. And many well-known websites. Not that I did a huge part of any of them.
60   richwicks   ignore (2)   2021 Aug 20, 6:27pm     ↓ dislike (0)   quote   flag        

Patrick says
richwicks says
I worked on the XBox project.


That's interesting.

One fun thing about tech is that your work is often used by millions of people.

I worked on a phone (the Nextel phone) that was used by millions. And many well-known websites. Not that I did a huge part of any of them.


It's a feather in your cap to work on something that nearly everybody knows about.

I just did DV - Design Verification. I wrote tests to confirm the hardware worked properly, in simulation and emulation - the emulator is the size of 2 refrigerators, that ran at 100 Khz that could accept PORTIONS of the design and arrangements needed to be made to power it, and ventilation had to be constructed to keep the lab cool. That machine was as expensive as a 20 room mansion is.

I honestly find technology boring today. Why get an XBox or PS5 or whatever? The only advancement in these systems is better graphics, but shit - they're good enough now. The difference in graphics from XBox1 and the 360 - it's minimal. Sure, it's better, but not the difference between a PS1 and a PS2.
61   Patrick   ignore (1)   2021 Aug 20, 6:56pm     ↓ dislike (0)   quote   flag        

I wrote the AT command set parser on the Nextel phone. Not that anyone uses a modem with a phone anymore.

I also rewrote the credit card form on Craigslist which all their revenue goes through.
62   richwicks   ignore (2)   2021 Aug 21, 12:23am     ↓ dislike (0)   quote   flag        

Patrick says
I wrote the AT command set parser on the Nextel phone. Not that anyone uses a modem with a phone anymore.

I also rewrote the credit card form on Craigslist which all their revenue goes through.


This is why I hated DV. It needs to be done, but none of my work is used by the public.

If you ever use a DC fast charger from ChargePoint - I wrote the communication stack for that. I'm probably North America's expert on that communication protocol, and it's a TERRIBLE protocol. So terrible that I quit in disgust that there was no pushback on it. My superiors simply didn't understand there was an intent to make a monopoly on several fronts. The whole "green energy revolution" is rife with corruption, and I know corruption having volunteered for a few charities, which are mostly just ways to take donations for a problem, when there is no intention of fixing the problem.

Electric cars, in my opinion, are a total scam - but my code is everywhere now. Have to find something more worthwhile to do with my limited time on earth than to work for the mafia.
64   Patrick   ignore (1)   2021 Nov 11, 9:24pm     ↓ dislike (0)   quote   flag        

https://reclaimthenet.org/data-broker-handed-over-smartphone-gps-data-to-dc-government-for-covid-research/


The EFF, a digital rights group, says it has seen public records (obtained here) that show location data broker Veraset and the District of Columbia (DC) government had struck a deal early in the Covid pandemic last year, allowing the latter full access to highly sensitive, individually identifiable GPS data, harvested from people’s mobile devices in the DC area.

Veraset made the offer and DC authorities accepted it, which was followed by half a year of updates coming from the company – that operates a proprietary database for this data, meaning that Veraset’s tools cannot be audited or scrutinized by the public – tracking hundreds of thousands of people going about their day.
65   AmericanKulak   ignore (1)   2021 Nov 11, 9:32pm     ↓ dislike (0)   quote   flag        

At 3AM in the morning, I often wonder if going after Craigslist and others for "Pushing Prostitution" was an excuse to clear the path for for-profit companies, like Facebook Marketplace (which I refuse to use) and even Zillow.
66   Patrick   ignore (1)   2021 Nov 13, 11:21pm     ↓ dislike (0)   quote   flag        

I used to work at Craigslist and I believe that was indeed the case.

It was purely an anti-competitive move by bigger companies like Facebook.
67   Patrick   ignore (1)   2021 Dec 1, 1:40pm     ↓ dislike (0)   quote   flag        

https://reclaimthenet.org/israel-is-using-counter-terrorism-phone-surveillance-to-track-omicron-carriers/


November 30, 2021
Israel is using counter-terrorism phone surveillance to track Omicron carriers
The implementation could be illegal.
69   NuttBoxer   ignore (3)   2021 Dec 13, 10:48pm     ↓ dislike (0)   quote   flag        

I'm fucking sick of smartphones. My work seems to have endless reasons why they want me to use my personal phone. So far I've told them I don't have a data plan, but there's wifi, so sure that won't hold up forever. As soon as I have time, going to look into prepaid shit phones that don't have app capability. The internet and cellphones have become so locked down it's ridiculous.
70   seesaw   ignore (0)   2021 Dec 14, 5:25am     ↓ dislike (0)   quote   flag        

Time to De-Google.. See Rob Braxman on Youtube.
https://www.youtube.com/watch?v=HVL1Xr7IEsY&source=patrick.net
Best Privacy phone. Rob seems very intelligent
71   Bd6r   ignore (1)   2021 Dec 14, 12:35pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
As soon as I have time, going to look into prepaid shit phones that don't have app capability.

L8star Small Mini flip Cell Phone Magic Voice Changer Bluetooth Dialer Cellphone BM60 ca. 35 $
your employer's brain would freeze - they would have no idea what to do with this!
72   Eric Holder   ignore (1)   2021 Dec 14, 12:50pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
I'm fucking sick of smartphones. My work seems to have endless reasons why they want me to use my personal phone. So far I've told them I don't have a data plan, but there's wifi, so sure that won't hold up forever. As soon as I have time, going to look into prepaid shit phones that don't have app capability. The internet and cellphones have become so locked down it's ridiculous.


Motorola F3: no GPS, no contacts, no nothing. =))
73   NuttBoxer   ignore (3)   2021 Dec 14, 1:04pm     ↓ dislike (0)   quote   flag        

Finding a non-smartphone that is supported by carriers is tricky. Was looking at nokia 3310, but not sure there's any carriers who support it, and will allow me to remain anonymous.
74   Eric Holder   ignore (1)   2021 Dec 14, 1:44pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
Finding a non-smartphone that is supported by carriers is tricky. Was looking at nokia 3310, but not sure there's any carriers who support it, and will allow me to remain anonymous.


If a phone is capable of using US GSM frequencies it will be supported by the carriers.
75   joshuatrio   ignore (0)   2022 Jan 3, 6:31am     ↓ dislike (0)   quote   flag        

Anyone found a good privacy friendly phone yet?

My moto g5 plus is flaking out and I don't want another phone that constantly spies on me.
76   clambo   ignore (5)   2022 Jan 3, 7:15am     ↓ dislike (0)   quote   flag        

I was looking at Ubuntu touch which can run on my Pixel.
77   WineHorror1   ignore (1)   2022 Jan 3, 8:41am     ↓ dislike (0)   quote   flag        

Is there any truth to a new Tesla phone coming out? It is supposed to be 100% private.
78   FuckCCP89   ignore (5)   2022 Jan 3, 10:36am     ↓ dislike (0)   quote   flag        

joshuatrio says
Anyone found a good privacy friendly phone yet?

My moto g5 plus is flaking out and I don't want another phone that constantly spies on me.


Motorola F3.
79   Hircus   ignore (0)   2022 Jan 3, 3:56pm     ↓ dislike (0)   quote   flag        

NuttBoxer says
I'm fucking sick of smartphones. My work seems to have endless reasons why they want me to use my personal phone. So far I've told them I don't have a data plan, but there's wifi, so sure that won't hold up forever. As soon as I have time, going to look into prepaid shit phones that don't have app capability. The internet and cellphones have become so locked down it's ridiculous.


I started accumulating cheap smartphones and tablets for this reason (can often buy them for $30-50). Sometimes its tough to avoid installing an app to use some handy device, but I refuse to allow some chinese app to invade my phone. So I just keep a dummy device that uses a throwaway email address and no contacts / personal info etc... and install the apps on that, keeping my real phone clean. I don't even bother with a sim, just wifi.

2FA is becoming popular, especially for those who work in tech companies, and they seem to want their employees to use their personal phones to either install the 2FA app, or to receive text messages. A 2nd dummy device can work well for this use case too.
80   Patrick   ignore (1)   2022 Jan 4, 12:31am     ↓ dislike (0)   quote   flag        

Hircus says
I started accumulating cheap smartphones and tablets for this reason


I like this idea.

Hircus says
2FA is becoming popular, especially for those who work in tech companies, and they seem to want their employees to use their personal phones to either install the 2FA app, or to receive text messages. A 2nd dummy device can work well for this use case too.


At one previous company, I just ran a phone emulator on my laptop to run the 2FA app.
81   NuttBoxer   ignore (3)   2022 Jan 4, 9:42am     ↓ dislike (0)   quote   flag        

clambo says
I was looking at Ubuntu touch which can run on my Pixel.


Ubuntu is less privacy focused than they used to be. Started when they introduced their new app store, wanna say it's called Unity back in lts16 I believe.
82   NuttBoxer   ignore (3)   2022 Jan 4, 9:44am     ↓ dislike (0)   quote   flag        

Hircus says
2FA is becoming popular, especially for those who work in tech companies, and they seem to want their employees to use their personal phones to either install the 2FA app, or to receive text messages. A 2nd dummy device can work well for this use case too.


For this I signed up for 1Password using an email not associated to me. Works well, and if my employer removes that option, will insist they send me a fob.
83   NuttBoxer   ignore (3)   2022 Jan 4, 9:45am     ↓ dislike (0)   quote   flag        

WineHorror1 says
Is there any truth to a new Tesla phone coming out? It is supposed to be 100% private.


I would trust Tesla anything as much as Windows anything. Musk is a wolf in sheeps clothing, and possible the first AI human due to his neural net implants.
84   WineHorror1   ignore (1)   2022 Jan 4, 12:05pm     ↓ dislike (0)   quote   flag        

Could anyone explain what 2FA is please?
85   NuttBoxer   ignore (3)   2022 Jan 4, 12:23pm     ↓ dislike (0)   quote   flag        

Simplest explanation, it's bullshit. A lazy man's excuse for not making a good password.

Longer explanation, it's a second authentication method meant to verify only you have access to that site/account/data. First method is your password, second can be a text, push notification, or randomly generated code sent to your fob or password manager.

But if you use a password manager to create unique passwords of 20+ characters for every account you have, that is WAY better security than any secondary authentication.

My opinion, and I think there's a strong case, is dual auth/2fa was created to track us. 99% of people who use 2FA do it from a personal cellphone.

2FA = Two Factor Authentication.
86   Hircus   ignore (0)   2022 Jan 4, 7:08pm     ↓ dislike (0)   quote   flag        

NuttBoxer says

But if you use a password manager to create unique passwords of 20+ characters for every account you have, that is WAY better security than any secondary authentication.


I dont see how one could backup such an argument. 2FA clearly offers meaningful security benefits that you cannot get by just making your password stronger. Whatever strong password you use, will always be improved upon by adding 2FA to it.

A strong password ONLY defends against attackers who try to guess your password. It does nothing to prevent them from copying your password. 2FA adds strong protection against both. 2FA defends against a different category of attacks that using only a strong password cannot help with. It's a fact.

Here's an example: a strong password is easily copied and successfully reused by an attacker some minutes/hours/days in the future. If the account had 2FA enabled, the attacker could not succeed merely by copying attacks, because they cannot copy a 2FA token, because they're 1 time use and expire in a short period of time.

The typical setup where people use a laptop/desktop with a password manager program locally installed as their main computer / web browser benefits by using 2FA on a separate device. There's many cases where an attack / compromise may be made on the laptop, even if just temporarily, or partially, but the attackers ability to gain access to their online accounts is still not successful because they have not also compromised the separate 2FA device.

Even power users, like us software engineers, benefit from 2FA. There's so many attacks that a keen eye just cannot avoid, much less realize they have even occurred.

Using 2FA on a physically separate device is a significant security boost.
87   WineHorror1   ignore (1)   2022 Jan 4, 7:31pm     ↓ dislike (0)   quote   flag        

Ok, I understand what 2FA is now. I have a Stripe account for my business. Every time I log in, I get a text with a code which I then have to enter in order to complete the log in. How could a person defeat that? No one else has my phone.
88   NuttBoxer   ignore (3)   2022 Jan 4, 10:20pm     ↓ dislike (0)   quote   flag        

Hircus says
It does nothing to prevent them from copying your password. 2FA adds strong protection against both. 2FA defends against a different category of attacks that using only a strong password cannot help with. It's a fact.


How will they copy my password? You're talking about a key logger? Or physically stealing my device? Neither of those would work since I copy my password from a password manager that's set to wipe it from clipboard five seconds after I copy it. My password manager password you say? I don't have one. USB key. And my laptop is encrypted. So unless they jack my laptop while I'm on it, and make sure to get my usb card, they won't have shit.

But what about 2FA, you think it's fullproof? Texts can't be intercepted? Apps can't be spoofed? Any good security expert will tell you another layer of complexity, poorly implemented is actually providing a bigger attack surface, not making you more secure. And if you're not using a password manager(offline preferably), I fucking guarantee your 2FA implementation will leave you exposed.
89   NuttBoxer   ignore (3)   2022 Jan 4, 10:24pm     ↓ dislike (0)   quote   flag        

WineHorror1 says
How could a person defeat that? No one else has my phone.


You are aware cellphones get hacked just like any other computer right? Texts are not a secure method of communication. You are now dependent on Stripe, AND your mobile carrier to keep things patched and up to date.

Also, most hacking is social, or contains huge social components. Years ago I was able to get concert tickets sent to a new email just by calling ticketmaster, without providing any proof I had purchased them, or owned the existing email.
90   Hircus   ignore (0)   2022 Jan 5, 12:52am     ↓ dislike (0)   quote   flag        

NuttBoxer says
How will they copy my password? You're talking about a key logger? Or physically stealing my device? Neither of those would work since I copy my password from a password manager that's set to wipe it from clipboard five seconds after I copy it. My password manager password you say? I don't have one. USB key. And my laptop is encrypted. So unless they jack my laptop while I'm on it, and make sure to get my usb card, they won't have shit.


Sounds like you put some good effort and thought into it, and have a good setup that reduces the number of attack vectors. But your password can still be copied, and 2FA would help in many of those scenarios. Exploits have existed in the past, and will exist in the future for your OS, browser, extensions, and other software. Every bit of software is a potential vector. Sometimes they allow an attacker root access, but more often they dont - they allow some limited access that lets them read or write a file, or trigger an action, and they get clever and combine things to manipulate other software on the system to do their dirt for them. This is the magic of additional security layers - it makes it more difficult for someone w/ non root to do these things, and often still helps even when they get root. Additional security layers are the safety net for when something goes wrong, and things do go wrong.

Even if the copying doesn't occur on your computer, it can happen in transit, or on the remote server.

Anyway, I don't think were really talking about you specifically, are we? Were talking about users and 2FA in general.

NuttBoxer says
2FA, you think it's fullproof?


I never said that, nor did I imply it. I always used relative improvement terms like "security boost".

NuttBoxer says
Any good security expert will tell you another layer of complexity, poorly implemented is actually providing a bigger attac...


Ya, poorly implemented. I would bet BIG BUCKS that the vast majority of users of the vast majority of 2FA implementations significantly enhance security. And I bet security experts would bet with me, not against me on that.



NuttBoxer says
I fucking guarantee your 2FA implementation will leave you exposed.

How? The benefit of using 2FA is they need both the password and the 2FA token. Exploiting 2FA alone buys you nothing.
91   NuttBoxer   ignore (3)   2022 Jan 5, 9:08am     ↓ dislike (0)   quote   flag        

Hircus says
Ya, poorly implemented. I would bet BIG BUCKS that the vast majority of users of the vast majority of 2FA implementations significantly enhance security. And I bet security experts would bet with me, not against me on that.


When I used to post on reddit in the subs concerning privacy/security, I usually got support for my outlook on 2FA being BS. 2FA users are unlikely to use a password manager, because they will think as you say, that the additional prompt will protect them, and thus they are more likely to-reuse passwords, or use shitty passwords. And that exposes them to more security risk than if they simply used good passwords, and NEVER re-used them.

Hircus says
Exploiting 2FA alone buys you nothing.


Session hijacking? XSS? I don't need your password, I just need to access your account once and I can change it. Worse, if I steal your mobile device(more likely since you probably take it everywhere), I now have access to all your 2FA codes. I simply go to your sites, click the forgot password link, and easily gain access.

And you haven't addressed the HUGE loss of privacy 2FA entails. I don't see enough advantages over the method I've proposed that would ever justify giving up my privacy/freedom.
92   Patrick   ignore (1)   2022 Jan 18, 12:44pm     ↓ dislike (0)   quote   flag        

https://notthebee.com/article/oh-canada-canadian-government-admits-they-secretly-tracked-87-of-canadians-cellphones-without-consent-during-the-covid-19-pandemic?source=patrick.net

Oh, Canada! Canuck Government Admits It Secretly Tracked 33 MILLION Cellphones Without Consent Due to Covid, Representing 87% of The Population 👀

« First    « Previous    Comments 53 - 92 of 92    Last »


about   best comments   contact   one year ago   suggestions