Mobile Devices Respecting Software Freedom (follow-up)

7 respostas [Última entrada]
hack and hack
Desconectado
Joined: 04/02/2015

What a shame. I'm spending some time in China, and I'm really feeling the lack of a handy, handheld device for maps, translation, checking the weather, reading the news while I'm using public transport, listening to music/ talks while I go for walks etc. Everyone uses WeChat for everything here, it's their texting/ Messenger, their Skype, their Twitter, their FarceBook Groups/ GoogleGroupsm their MeetUp etc. It's bad enough being a total noob at the language, and suddenly being illiterate, without also lacking the main tool people use to connect with each other and make arrangements.
I'm tempted to go with a strategy I trialled back home with a 2nd hand Android device a friend gave me:
* have a dumbphone for texting and calling (still a tracking device via triangulation but I tried going without one when I first got here and ...).
* use an Android without a SIM card, using apps that work offline as much as possible, and seeking out wifi when I need a network connection. Turn it off whenever I'm not using it (same with wifi), and use a proper computer running GNU-Linux whenever possible.
If I go with that strategy, it becomes somewhat less important how purely freedom-respecting the device, but giving the sale to a social enterprise, rather than a synthetic psychopath (corporation) is still important to me. I'm thinking about something like the FairPhone, but it would have to be something I can buy in China or get delivered here:
https://shop.fairphone.com/en/buy-fairphone2-2/

What about a faraday cage/pouch?
It's not perfect (it is said that the signals comes through when passing close enough to a "triangulation antenna", whatever this is called).

So the separation of tasks between the dumb and smartphone is to keep apps data from communicating outside ?
But as soon as you use Wi-Fi, isn't the point potentially moot ?

- Weather, well you can check it before going out.
- News on public transport isn't vital either. It can wait a bit.
- Translation? you *could* get a real book version, or even an offline one (pdf, maybe a search by keyword is even possible).
- Music/talks, most phones can handle it. A dedicated player is another way.
- any good replacement app for what'sapp for example would be nice, but the harder part is suggesting it to all your contacts (I mean, them accepting to install it and use 2 apps).

Phone addiction is a thing. That's also why I like thinking of this in terms of having
1. a.
a telephone that can be put off the grid with a faraday cage/pouch (probably...). For calling/texting/emails/photography (for work).
When using it, I give away data : people I communicate with and the content of the communications, my physical locations etc.
It's most likely inevitable, even if the bulk of my communication might go through other means (home phone, emails).
If I want, I can "faraday" it. but then I'm unreachable. It's mostly OK actually. It can be enabled exclusively at work (and rarely anywhere else).

1. b.
Not using a phone is also an option, but not for work in my case. I'd need then to figure out strategies to still stay actively in touch with friends and family.

2.
a lightweight replacement for a computer (offline).
I'm thinking of using a Replicant phone as a portable computer (note taking, offline maps...)
It could be helpful while travelling for example, and still remain private enough.

Handy tools to use, and not to be used by it? I feel I'm not that far from this goal.

nadebula.1984
Desconectado
Joined: 05/01/2018

I'm in China. Yes, nearly everyone are forced to "use" WeChat (a government controlled monstrous surveillance and censorship tool), thanks to the (in)famous Chinese Firewall.

Now I'm using an unlocked Xiaomi Note 4x powered by LineageOS with mostly free/libre software. But I don't know how soon will I be forced to "use" WeChat too. Maybe by the point it becomes the next generation (electronic) ID card?

hack and hack
Desconectado
Joined: 04/02/2015

I see what you mean. The potential end of cash payment would only lead there.
But at least you don't have the "social credit" kind of stuff (yet). That'll be full dystopia level of creepiness.

I don't even understand how such level of power can be allocated to companies and governments even with open arms.
I just don't get it. Comfort? No interest/ignorance of the subject/blind trust?
Anyway, I hope you won't be forced to WeChat. But somehow I seriously doubt it.

In such hypothetic scenario, I for now see no better strategy than the above, which is mainly damage control/making the target smaller, and having other means of communication/payment.
But hey, who knows.

strypey
Desconectado
Joined: 05/14/2015

The OP quoted by hack and hack was by me. A couple of points:

> "So the separation of tasks between the dumb and smartphone is to keep apps data from communicating outside ?"

No, it's to keep any dodgy proprietary code in the cell modem firmware from hijacking or interfering with the apps. Although I guess if I'm using a device with proprietary WiFi firmware, the same risks exist. Perhaps for now the only option is to assume everything that happens on the phone is being monitored, and use it only for non-sensitive purposes?

> "What about a faraday cage/pouch?"

I guess this is a solution for offline apps, like OSMAnd with downloaded maps, so it can work offline. It isn't a solution for any app that requires a network connection to be useful, eg Wire for sending messages to or calling friends and family without using Skype, FB Messenger, or WhatsApp (or expensive international phone calls).

Thanks for the list of suggestions for how to live without a mobile device, but since I've never owned a mobile device, I'm well aware of the work-arounds ;) But a single mobile device can replace a whole backpack full of devices (eg phone, camera, music player) and heavy paper (phrase book, paper maps, bus and train timetables, newspapers/ magazines/ books). It can do many things that can be done with a laptop, but a laptop can't be carried in a pocket, and it's battery won't last all day without a charge.

Also, there are some problems mobile apps can solve that cannot be solved any other way. For example, I often go into restaurant where the menu is all in Chinese characters. There is a mobile app called WayGo that can scan a line of Chinese characters and give a translation. There is no way to do this without a mobile device, except to learn the hundreds of characters regularly used in Chinese writing (or only go to places with English menus, which is *very* limiting and tends to be more expensive)

> "Not using a phone is also an option"

For me, it really isn't, and I'm finding that not having an Android is making it very difficult to inter-operate with people in China. I can't make the most of the opportunities of living in a new country if all I end up doing is sitting at home all day on the internet, reading and writing in English, and watching downloaded videos, because I can't keep in touch with people and make arrangements to meet up.

hack and hack
Desconectado
Joined: 04/02/2015

strypey,

definitely it's safer to assume that (even the Replicant website confirms this).
I also agree that "no smartphone" isn't acceptable for the large majority of people.
Wich is also it's downside since most of what it's used for is private.
I'll ignore everything behavioral linked to smartphones for now (addiction, ego stroking from companies to datamine...)

To illustrate, you said :
a single mobile device can replace a whole backpack full of devices (eg phone, camera, music player) and heavy paper (phrase book, paper maps, bus and train timetables, newspapers/ magazines/ books). It can do many things that can be done with a laptop, but a laptop can't be carried in a pocket, and it's battery won't last all day without a charge.".

This leads to any alternative ways to still use a smartphone (or two), and still keep a good chunk of my data (mostly) private.
The only answer I can come up for now is separation of powers:
1. A faraday pouch? I still feel a bit weird about it (thinking I'm doing too much, paranoid ninja stuff).
If it's a normal phone, for both personal and pro use, the faraday pouch is merely a tool to keep it offline most of the time, like to not reveal your position.
Which is pointless if one uses public transport or a car (in the near future).
Unless living in truly oppressive countries, it doesn't make much sense. Faraday for the phone is 99% of the time overkill.
Yet it's good to know it's here if needed.
Also, all my communications, even if I keep them to the minimum (which is key), are monitored one way or the other (meaning who I talk with is known, but the content, not so much).
What it is: a phone that I can take off the grid if I ever feel the need to. Also can be used for stuff about transport you mentioned as well.
What it's not : a cam, a music player, everything else you listed, which is for a second device (which not everyone can afford, I know)

2. An offline device, ideally with ways to prevent parts of the os and apps to ever connect on their own (not really happening without fully free hardware).
I wonder if a freshly installed Replicant phone, with zero access to the web save maybe occasional tethering, is "undetectable".
The point would be a secure offline PDA (for personal org files, a pdf reader and the occasional offline map).
In that case, the faraday would be pointless. I mean Wi-Fi is disabled, and there's no chip for the modem to identify.
Well sure, if the other phone I have on me is detectable, even if the Replicant isn't identifiable in itself, it can be by association anyway.
Still, I can't find anything safer, save multiplying devices which are modem and wifi-less. Like pen and paper, an e-reader, a music player, etc.
WayGo looks great, although probably non free. But might be OK for privacy since it works offline, and might be prevented to connect on its own.
That's assuming I can install it without connecting to google play...

So to me, there's no escape, which is half-reassuring considering cybercriminality, and half not since power seems to be made to be abused by most companies, according to the news.
But there are ways to leak less, giving up comfort in exchange. But it's pretty obvious that most people will keep on leaking way too much personal data by using proprietary social media. Or social media in general. I wonder how much actual positive thing it brought.

What do you think?

strypey
Desconectado
Joined: 05/14/2015

> What do you think?

I think we all agree that the long-term goal is a touchscreen device with a 100% free code mobile OS (alway-on, with all day battery life), using hardware that can be used to its full capacity with no non-free software of any kind. Ideally based on free hardware designs.

Despite the criticisms folks here make of Purism, I think their Librem 5 will be the closest we've got to this so far. Hopefully progress will continue.

In the meantime, push-button "feature phones" are super cheap. While I was in the UK I got one for 5 pounds (about US$6.50) just to use there. It's totally affordable to own one of these for texts (SMS) and voice calls over the cell network, and have a separate mobile device with no cell modem (a small tablet), or with the cell modem air-gapped or disabled.

However, I now realize using the net on a mobile device over WiFi creates exactly the same risks as using it over the cell modem, and this will be the case until there are mobile devices on the market that have WiFi that works without non-free firmware. For now, nothing is gained by having a separate device, unless I use Replicant and a WiFi dongle, which is impractical and defeats the purpose of having a small, easily portable device.

The faraday pouch doesn't help, because you can't be sure that the cell modem and/or WiFi firmware are not able to store records of what you've done while the device is in the pouch, and wait until it isn't in the pouch to phone home and send those records. Unless we have some way to know exactly what the non-free fireware in a mobile device does and doesn't do, it's very hard to come up with a practical work-around that doesn't devolve into generalized paranoia :(

hack and hack
Desconectado
Joined: 04/02/2015

EDIT: Re-written a bit.

However, I now realize using the net on a mobile device over WiFi creates exactly the same risks as using it over the cell modem, and this will be the case until there are mobile devices on the market that have WiFi that works without non-free firmware. For now, nothing is gained by having a separate device, unless I use Replicant and a WiFi dongle, which is impractical and defeats the purpose of having a small, easily portable device.
First, let's start from the goals to reach.
I want ideally zero tracking.
I need a few tools for work.

Definitely, free hardware would be the best. Next best thing right now:
1 . a portable, always offline computer. I could try an always offline Replicant phone/tablet with zero connection, but with apk downloaded from F-droid.
Also a music player, camera, and many other things.
2a. a smartphone (I need the cam, email and video communication software (I'll try Ring for work).
2b. a dumbphone. Most likely lacks app support (for online use) I'd need for work. So not for me.
Also, no Signal or similar apps, which does take some players out of the snooping game.

The faraday pouch doesn't help, because you can't be sure that the cell modem and/or WiFi firmware are not able to store records of what you've done while the device is in the pouch, and wait until it isn't in the pouch to phone home and send those records. Unless we have some way to know exactly what the non-free fireware in a mobile device does and doesn't do, it's very hard to come up with a practical work-around that doesn't devolve into generalized paranoia :(
Again, let's start from the goals to reach:
Tracking phones physical location at all times is a fact, and a problem. Paranoia?
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
Also, History. Recent History.

Simply put, a faraday pouch is like a hardware switch on the Neo900 and the Librem 5 (much less likely with the schematics not published).
That means anything recorded by the phone would be at point A and point B only, nothing in between.
This much saved privacy is pointless as there are other ways to be tracked (although not by the same companies), unless you walk/skate/roller/bike/moonwalk all the time.
Still, even if the aggregated data says a lot, even with missing data from point A to point B.
That's a bit of privacy saved. Better than nothing.

Last, using a smartphone demands some degree of self-sensorship anyway (if other people don't have a libre phone). Specially for social apps.
Until we can have cheap enough libre hardware, I'll take as much privacy as I can get, even if it looks paranoid.

Keep in mind that many in the latest generations barely use computers. But Smartphones is their life.

hack and hack
Desconectado
Joined: 04/02/2015

I simplified this post also:

What can be done
_Tools_
- Data leakage can be reduced, hardly eliminated. It's about saving some (not all) privacy for now.
A vpn, encrypted libre apps, Replicant or LineageOS. Offline apps (hopefully with libre sandbox, if that exists).
The type of apps: only keep the strict minimum. It's a tool, not a toy.
- Having a Faraday pouch around (phone in airplane mode to keep battery).

_Mindset_
- You're wired. Self-sensorship is inevitable to a degree.
- Keep really personal actions out of the phone (since neither the modem nor OS are trusted)
- photos
- music
- reading (news included, most obvious news aside)
- social media

*Addendum: Emails*
- I'd rather treat my personal email account as pseudo personal, just like the smartphone, but paradoxically with much more personal data given away.
I'd rather limit any personal talk to Ring (not perfect on nonfree OS) or face to face talk (ideally with no phones around).
- emails are nearly the same as communication apps (like Whatsapp. Signal is better though, but getting people to switch is unlikely).
Unless all parties communicate with libre OS, libre hardware, libre decentralised provider, and with encryption (any degree of this is welcome),
setting all this for others is complicated on a bigger scale. Yet we can work toward this goal. Every bit counts.

_Upside_
- I can reach and be reached. Like normal people, yaaay! (damn social pressure).
- I can use some useful tools (say, WayGo).
- If really needed, I can get any useful data giving away my location (weather, transport paths, etc.), since using a phone gives it away anyway.
- Orbot is useable, so I guess it's even fine to browse the web. Well, I'd avoid more sensitive stuff (like reading the news) on a non-Replicant phone (keyloggers etc.).
- Even social media apps on the phone could be used, as long as the goal is to have a simple way to arrange a meeting.
less is more. Nearly everything else should be done IRL, IMO. YMMV (mmmh, acronyms). IRL, or on an offline device, or a libre PC.