[Replicant] Are smartphones any good? (was Re: Oneplus One support)

Spacefalcon the Outlaw falcon at ivan.Harhan.ORG
Mon Jan 5 18:55:03 UTC 2015


Dimonik wrote:

> Free dumb phone is not enough for freedom/privacy.

Please don't mix freedom and privacy together; they are two different
concepts.  To me personally, the most important freedom is the freedom
to fix bugs.  If my dumbphone is misbehaving because of a firmware
bug, I want the freedom to fix it myself, instead of being beholden to
vendors' firmware "upgrades" that introduce 3 new bugs for every old
one fixed.

> Lets assume freecalypso-sw reached the goal and produce this phone in the
> pocket:
>
> 1. You still will be tracked by telecom network (exposed location);

So what?  The laws of physics are the same for everyone; it should be
obvious to a hedgehog (Russian expression) that if I wish to talk to
my significant other while driving on a highway, I'm going to have to
use a device that acts a radio transmitter, and by the laws of physics
the location of a radio transmitter can be trivially determined by
anyone who takes the effort to trilaterate.  Again, so what?

Having one's location known to anyone who cares to know is the price
one has to pay for the convenience of making it possible for the
important people in your life to be able to reach you instantly at any
time.  Again, it all stems from universal laws of physics, no need to
invoke conspiracy arguments here.

> 2. Your voice will not be encrypted using trusted algorithm (End-to-End)
> because this is dumbphone as thus will obey badly broken standard GSM A5/1
> - A5/3 algos with SIM card's loosy 64bit keys;

Again, a reality I am perfectly willing to accept.

I may be able to implement end-to-end encrypted voice calls over CSD
(mobile-to-mobile transparent CSD calls work just fine in my part of
the world), even on a dumbphone - but that is a much lower priority
for me; I won't start working on it until *after* I have solved the
far more pressing (for me) moral problem of proprietary firmware w/o
source code.

> 3. Your calls/sms'es will travel across telecom network and will easily be
> accessible for prepared adversary (SS7 hacking);

Again, something I am perfectly willing to live with.

> So your data still completely insecure, and you better not to use this
> phone.

*You* don't get to tell me what *I* should or should not use.  If you
are willing to give up the ability to call your significant other on
the phone or have her/him call you, that's your choice.  Mine is
different.

For me it is of utmost importance for the special people in my life to
be able to call me at any time, wherever I am.  Yes, it would be
wonderful to have these conversations encrypted end-to-end, but I am
still many years away from even starting to work on that part,
therefore, in the meantime we simply accept the fact that all of our
conversations are being listened to by some dude in a suit at FBI/NSA/
whatever.  It's mostly just lovers' talk, no military or business or
other real secrets.

> Better goal is probably dumb-smartphone at least capable to send traffic
> over data-connection and able to run free OS/crypto software for end-to-end
> encrypted communication.

One does not need a smartphone to do what you are describing; I plan
on doing end-to-end voice encryption over CSD on a dumbphone platform.
But as I said, it is an extremely low priority for me personally, thus
I won't even start seriously looking into it until I have solved
everything else that is far more important to me personally.

SF


More information about the Replicant mailing list