If you could go back in time and talk to your former "owned" self

18 risposte [Ultimo contenuto]
hack and hack
Offline
Iscritto: 04/02/2015

I was still thinking on the subject of :
security,
privacy,
anonymity and
software freedom
(and hardware freedom in some ways).

Here's my conclusion, after a couple of years:

- First, I can't and won't ever go back to a proprietary OS/software in general.
Never say never? Well, try me :)
A non-libre OS is rigged, and it's been proven many times (examples: https://www.gnu.org/proprietary/proprietary-surveillance.html).
It's relatively safe from other users (secure/private if you work for it), but not from companies.
It's also rigid, and can force unacceptable limitations on the user (that's me).

- It's possible to use non-libre hardware and still be safe, have privacy and be anonymous (if Snowden can do it that way, so can anyone).
but AMT and other remote control tools are still unacceptable (even if realistically a limited number of people can make use of it, I suppose).
So for most users, even if it's not a "real" threat, it's still not ok.
Yet it's better than having non-libre hardware AND non-libre OS and software.

- Security is rarely an issue, but it can always be improved. Mainly system hardening/reducing the attack surface.
An average user don't really need it, though improving it can't hurt.

- Privacy from other users and from companies takes some more work/education, even on a vanilla Trisquel and/or Replicant and other libre OS.
Full disk encryption in case your machine is stolen, browser plugins (cookies, refferers, profile spoofing, checking requests, https, local emulation of files, ad blocking, no javascript...), specially if Javascript is on, properly checking software, e-mail encryption,
Proper Tor BB behavior (no video/torrent/connecting to accounts unless created anonymously from the Tor network...), installing and using a VPN... Definitely not an exhaustive list, but it's a solid base IMHO.

- Anonymity is still achievable on a non-free OS in a limited way (Tor), if no other means are available at hand in the moment, but it's obviously immensely better on a libre OS.

About the hardware:
- any hardware will work (minus the wifi problem sometimes. But since switching to Trisquel takes some effort anyway, it's a minor obstacle).
- a Librebootable machine is best (eliminates the remote access threat). It is relatively affordable, and powerful enough for the average user.
- More libre hardware (or maybe 100% free but I'm not sure) like that POWER8 motherboard and Neo900 are unfortunately luxury items.
But I'm confident we'll find solutions, as more people become aware of all this. And maybe with some luck, someone will leak Intel programs, who knows :)

- E-readers, music players any other connected hardware really: get rid of those who are too intrusive. For others, I guess turn the wifi off and hope for the best. Or use real paper books.

- About tracking in general: smartphones, anything with a chip in it (public transportation card, maybe credit card, whatever), implants under the skin for the most idiotic ones...
Well, you can simply make sure to not use them too often if that matters to you.
I came to the conclusion that even if it's not acceptable to track people down (it doesn't even improve security against crime, as far as I know), I feel it's not as important as the rest since 90% of the time (arbitrary number obviously), people go from home to work, go buy some stuff, go meet other people (friends, family, whoever), and go back home.
The data is useful for target advertising, and this bothers me though.
But if you are a journalist (for example) that needs to go off the grid, then we're not talking about most people. And with some logic, there are obvious ways, like temporarily getting rid of the tracking sources when needed. Maybe there's more to it, but this makes sense to me.

- Other users : after all, it's the weakest link in the communication chain. Fortunately, e-mail encryption works.
But multiplying social medias isn't acceptable for most users, so Fecesbook and all this garbage will live on for now (even if it will be without me: e-mail is enough).
What to answer to those who rightfully say that it's no big deal if companies know which music I listen to, which books I read etc. ?
Easy: it's not about the isolated data or metadata, it's about the big picture that's made of all that data. Powerful entities having such files in their hands is only a disaster waiting to happen, even if you know very little about humanity's History.

I think I reviewed it all.

In essence,
as most people can mainly own non-free hardware (since hardware that can be used with Libreboot or Replicant is ultimately limited in quantity),
It's realistic to invite them to use free software anyway.
Not using a phone is nearly impossible anymore for most people.
But encrypted e-mails still work on non-libre phone OS.
And living with e-mails on the go is something I'm willing to try, but it's not for most people (too much effort and inconvenience).

Bottom line, if I could talk to myself from 2 years ago, I'd say :
- take as much software freedom as you can afford. Any is better than none.
- know that there's no 100% of reliability in anything, which applies to software too. Real example: unsafe Tor exit nodes.
- ultimately, a machine is only a tool, though free software makes it how it normally should be.
- take the time to learn about at least setting up your system for improved privacy. I wanted to write a basic guide (explaining and detailing what I've listed about improving vanilla Trisquel), though it might be outdated fast if it's not written with principles in mind.
Then, don't spend so much time on configuration, and just use it, and go on with your life, just as it should be.

And take some time off the damn screens whenever you can ;)
don't spend so much time on configuration, just use it, and go on with your life.

Ok I'm done.
Feel free to correct me, or to disagree if there's nothing to correct (which I seriously doubt). I wish such posts could be stickied, but since it's not gonna happen, I'll probably compile additional data from your answers and put an entry in the wiki for example.

So what about you? What would you say to your old self on this matter?

vita_cell
Offline
Iscritto: 07/19/2015

Thanks you!

SuperTramp83

I am a translator!

Offline
Iscritto: 10/31/2014

>So what about you? What would you say to your old self on this matter?

I would say to my older self to read the book "Free as In Freedom". That is exactly how I decided to go libre, I just wish I've read it 15 years ago.

hack and hack
Offline
Iscritto: 04/02/2015

I just started reading it. First 2 chapters are a bit boring, but the 3rd one is very interesting. I'm definitely gonna be reading more of it.

hack and hack
Offline
Iscritto: 04/02/2015

And living with e-mails on the go is something I'm willing to try, but it's not for most people (too much effort and inconvenience).
What I meant by this unclear sentence is this:
ditching the smartphone and relying on a laptop to exclusively communicate via e-mail.

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

- E-readers, music players any other connected hardware really: get rid of those who are too intrusive.

They need not be connected. What would I do in the bus without my Sansa Clip Zip running the 100% free RockBox firmware? Recently, e.g., I downloaded the videos in https://media.libreplanet.org/videos and converted them to Ogg with SoundConverter: that makes educative bus trips!

Real example: unsafe Tor exit nodes.

Just to be clear: running an exit node is not enough to de-anonymize anyone. Attacks are usually based on correlating the timing and sizes of the packets entering Tor and those exiting it. The more users of Tor the harder it gets.

vita_cell
Offline
Iscritto: 07/19/2015

I think that my iPod 5g is better, you can open it easily, replace battery easily (I tested it to soldering a 18650 battery on it, 4-5 times more mah), replace screen, and upgrade to CompactFlash or SSD. It is fully compatible with all features with RockBox. Except video.

hack and hack
Offline
Iscritto: 04/02/2015

Interesting. It's better than a smartphone in that matter.
Sure, it means several devices instead of one, but maybe the separation of power is maybe worth it in electronics too :)

About Tor: So Tor popularity would make it even more effective? But still not 100% safe, I assume.

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

Interesting. It's better than a smartphone in that matter.
Sure, it means several devices instead of one, but maybe the separation of power is maybe worth it in electronics too :)

It does not mean several devices for me: I have no cell phone.

About Tor: So Tor popularity would make it even more effective? But still not 100% safe, I assume.

Yes and yes.

hack and hack
Offline
Iscritto: 04/02/2015

How do you deal with not having a smartphone in your daily life?

Here's a weird auto Q&A where I try to answer to my own questions, but I'm really interested to hear your (and others) real-life experience, and cases where you miss having one :

Emergency contacts with friends and family? Well, they're probably better off calling professionals (firefighters, police etc.), but still. What about making the call yourself, if needed? That's a tougher one.

Agenda reminders? Taking notes? Ok, root_vegetable suggested a paper version. This could work for me, although it's a bit annoying. I'd need to have a bag with me at all times. Or not, If I use super small items.

Playing chess? Better play at home, focused.

Alarm clock? Just have a dedicated one. What if you don't sleep at home but you need to wake up? There are probably easy ways, but not as convenient.

Various timers? For sport, cooking... Again, possible to have a dedicated item. And on the go, it's possible 'and welcomed) to train without a timer once in a while.

Music player? You answered that one, but the downside is having to use one more item instead of just one.

Web? E-mail? At home, at work, a wifi hotspot.

Calculator? Fingers. Just kidding (well, partly...).

Jabjabs
Offline
Iscritto: 07/05/2014

I will say that personally, I do still use a smart phone (no Google, only f-droid stuff) but that is part a requirement of my job and secondly - this is one point where I am directly trading privacy for convenience. Having a phone in an emergency situation (it has happened before) was literally a life saver. I understand that relationship and the issues of these devices but sometimes you have to make the personal choice of what means the most to you.

I do not endorse these things but I am somewhat forced into the position of using them, I hope it isn't forever.

hack and hack
Offline
Iscritto: 04/02/2015

Same here, I could survive without it if it weren't a job requirement.

Plus it's nice to have some form of back up plan if I need to reach someone ASAP, to change plans when going out etc. Sometimes people don't read their mail, text messages go through more often/faster.

But since I'm going to remove my battery as often as possible, I'll experiment a bit with how it feels like to be "out of the Matrix" (funny, they actually use phones to get inside the Matrix in the movie).

Magic Banana

I am a member!

Offline
Iscritto: 07/24/2010

How do you deal with not having a smartphone in your daily life?

Very well, thank you.

I'm really interested to hear your (and others) real-life experience, and cases where you miss having one

You do not miss what you have never owned.

That said, the moments where I most recognize a cell phone would be convenient is when I get lost (I have no sense of direction) and when I am late (to warn whoever waits for me). The two situations often usually are combined. I could carry a GPS (just a GPS, no cell phone around!).

Also, some people are mad at me, because they want to warn me that they are going to be late or because they want to change plans at the last minute, but cannot contact me.

Emergency contacts with friends and family?

Everybody asks me that. In 33 years, I have never had to make an emergency call. Maybe I am lucky. But I spend most of my time at home (with a land line) and at the university (with a land line too). If in the street, there would usually be people around. With cell phones.

And public phones still work (I must be the last one to use them, rarely though).

So, I do not see many situations where I could save a life with a cell phone...

Agenda reminders? Taking notes?

All in my laptop. I work on my laptop.

Playing chess?

I do not play chess but I believe Rockbox has a chess game. It has a Frozen Bubble game for instance. And even Doom! But the Sansa Clip Zip has such a small screen...

Alarm clock?

Rockbox (the free operating system for my music player) has an alarm clock. I connect the player to a pair of speakers I put on my bedside table and wakes up every morning with a shuffled playlist that I specially made for this purpose.

What if you don't sleep at home but you need to wake up?

I have my laptop with me, let it on, and install a crontab (here to wake up at 8am):
DISPLAY=:0
0 8 * * * rhythmbox-client --play

Various timers? For sport, cooking...

There is a clock in the kitchen. And sports, well, I do not do any. I should...

Music player? You answered that one, but the downside is having to use one more item instead of just one.

Again, I only carry the Sansa Clip Zip: it is tiny and can be clipped on your pocket. Very convenient. And Rockbox simply is great: http://rockbox.org

Web? E-mail?

The laptop. My wife complains that I spend too much time on that forum already!

Calculator?

There is a Rockbox application for that. But the Sansa Clip Zip is not made to be used as a calculator (arrows to move from a key to another). Anyway, I do not really need a calculator unless I am working on my computer, where I sometimes use enhanced "calculators" such as Scilab or Maxima!

Well, in pubs and restaurants, there always is the famous division to make but since everybody (but me) has a smartphone, I do not take care of those calculations. Anyway, since, usually, I am as well the only one paying cash, I just pay "the rest" at the end (in Brazil, tips are included in the checks).

hack and hack
Offline
Iscritto: 04/02/2015

Many thanks for the Rockbox ideas,
I'll have my own alarm-clock ready in no time (I have an old device which is supported) !

For emergency, I mostly agree with you, except that when out, you need to rely on others.
Calling the police when witnessing an agression, I wonder how many people do so under pressure
(I'm not even talking about direct assistance).
Counting on public phones is random at best (how Superman would do his thing these days?).
OTOH, Never had to use mine for such an emergency.

Reminders on the laptop, why not, but it needs to be on, and if you have to move often, it's not the most practical.
But I see it's perfect for your professional lifestyle.

Thanks again for the Rockbox ideas, cheers !

vita_cell
Offline
Iscritto: 07/19/2015

I using a Sony eReader, yes, it has a wifi, but I never connect it (obviously)(why do I need wifi in eReader?), plus, I disabled Adobe DRM shit. This eReader worked fine with all formats. So, is here some ethical problem?

I have no choice, no reverse-engineered eReaders available. But this Sony doesn't DRMing me.

hack and hack
Offline
Iscritto: 04/02/2015

Same here, owning a Kobo. The wifi is made to allow browsing (there's a super slow web browser), and to download books from their shop. So I just turned it off. I found there are ways to hack it to some extent, but it doesn't seem like it's worth the effort.

But I just opened up mine to see if I can manually disable wifi (unplug or rip it off). A bit extreme, but more like "it's fun to see what's inside".
But I can't recognize much, battery and flash memory aside.

And even if I find it, maybe the machine is programmed to stop functioning if wifi is off. So I better not rip it off :)

EDIT: I found it, it's the cyberTAN little module on another model. But it looks soldered. Uh, I've just broken the metal cover (so thin that it snapped). Ok, I have no way to solder back, and it's probably here for a reason. No turning back, hopefully it will still work :(

hack and hack
Offline
Iscritto: 04/02/2015

I'm no expert, but as long as you can read any format you want, it should be fine. It's not free software maybe, but I think it's acceptable since it has a very limited scope.

I've seen some managed to install Debian on their e-reader.
Personally, I don't think it's worth it. But it's fun.

hack and hack
Offline
Iscritto: 04/02/2015

About smartphones, I forgot to add something:
Firmwares and bootloaders aside, the real threat is the modem integration inside the machine. Unproven bad modem isolation, I'm not sure what this means, but it's not really convincing.
Which leads me to to use it (turn it on) as little as I'd have to (that includes no e-mails, even encrypted, and no real personal data because of the tight modem integration).
When I think about it, since it's unsafe to use personal data on a smartphone, the only useful features compared to a dumbphone are the apps.
Like reminders, quite useful.

So I'd say to my older self to:
The smartphone is in essence an emergency phone.
Phone calls, text messages, maybe an app or two, period.
Keep the battery off as often as possible.
ideally get a Replicant phone anyway, but if it's not possible, any smartphone will do, according to the use I make of it.

If possible, get some very small and disconnected device that can run Android/Cyanogenmod/Replicant for F-droid apps.

Turtleman
Offline
Iscritto: 05/22/2013

I would tell myself to visit http://www.gnu.org/philosophy/ and try out Linux Mint (I know it's not the best but it would help my transition to learning the new software).