[Replicant] [PATCH v2][ 02/11] freedom-privacy-security-issues: Split into new lines after images links

Paul Kocialkowski contact at paulk.fr
Wed Apr 20 07:56:54 UTC 2016


Le lundi 28 mars 2016 à 20:50 +0200, Denis 'GNUtoo' Carikli a écrit :
> The Images links html is very long, and therefor less readable by humans.
>
> This is to have more readable git diffs.
> 
> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
Acked-by: Paul Kocialkowski <contact at paulk.fr>

> ---
>  freedom-privacy-security-issues.php | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
> 
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-
> issues.php
> index 1cdd5a1..7def689 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -12,7 +12,8 @@
>  			</p>
>  			<h3>A simplified overview of mobile devices</h3>
>  			<p>
> -				<a href="images/freedom-privacy-security-
> issues/hardware.png" data-lightbox="overview" data-title="Hardware-side
> overview"><img src="images/freedom-privacy-security-issues/hardware.png"
> alt="Hardware-side overview" style="width: 250px; float: left;"/></a>On the
> hardware side, mobile devices are built with a system on a chip (SoC) that
> includes a processor (CPU) and various other fundamental components, around
> which are found various integrated circuits, memory (RAM), storage, user
> input/output (I/O), etc.
> +				<a href="images/freedom-privacy-security-
> issues/hardware.png" data-lightbox="overview" data-title="Hardware-side
> overview"><img src="images/freedom-privacy-security-issues/hardware.png"
> alt="Hardware-side overview" style="width: 250px; float: left;"/></a>
> +				On the hardware side, mobile devices are
> built with a system on a chip (SoC) that includes a processor (CPU) and
> various other fundamental components, around which are found various
> integrated circuits, memory (RAM), storage, user input/output (I/O), etc.
>  				When the device is telephony-enabled, it also
> features a modem, which is the component in charge of dealing with the mobile
> telephony network.
>  				Nowadays, it is usually a powerful processor,
> sometimes with its own memory and storage.
>  			</p>
> @@ -20,7 +21,8 @@
>  				Regarding the software side of things on
> mobile devices, the main CPU (inside the SoC) starts by executing initial boot
> code, often known as the bootrom.
>  				This code will look up various places such as
> NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware
> configuration, to load a bootloader.
>  				The bootloader, which is in fact often split
> in different stages, is in charge of bringing up and configuring various
> aspects of the hardware and eventually starting the operating system by
> loading and running its kernel.<br />
> -				<a href="images/freedom-privacy-security-
> issues/software.png" data-lightbox="overview" data-title="Software-side
> overview"><img src="images/freedom-privacy-security-issues/software.png"
> alt="Software-side overview" style="width: 250px; float: right;"/></a>The
> kernel itself, among other things, deals with the hardware directly and
> provides ways for other programs (running in user-space) to access it.
> +				<a href="images/freedom-privacy-security-
> issues/software.png" data-lightbox="overview" data-title="Software-side
> overview"><img src="images/freedom-privacy-security-issues/software.png"
> alt="Software-side overview" style="width: 250px; float: right;"/></a>
> +				The kernel itself, among other things, deals
> with the hardware directly and provides ways for other programs (running in
> user-space) to access it.
>  				In user-space, hardware abstraction layers
> are programs specific to each device that know how to properly drive the
> hardware.
>  				They use the kernel to communicate back and
> forth with the hardware and implement the proper protocols for it.<br /><br />
>  				The actual knowledge of how to drive the
> hardware is split between the kernel and the hardware abstraction layer
> libraries: both are needed to make it work properly.
> @@ -48,7 +50,8 @@
>  				However, it is not always possible to even
> replace those firmwares: some are loaded to the integrated circuit by the main
> CPU but some others are pre-installed in the circuit (in that case, they
> almost seem to behave like hardware) and cannot be updated to a free
> replacement.
>  			</p>
>  			<p>
> -				<a href="images/freedom-privacy-security-
> issues/bad-modem-isolation.png" data-lightbox="current-situation" data-
> title="Bad modem isolation"><img src="images/freedom-privacy-security-
> issues/bad-modem-isolation.png" alt="Bad modem isolation" style="width: 250px;
> float: left;"/></a>The modem system on telephony-enabled mobile devices is
> always proprietary.
> +				<a href="images/freedom-privacy-security-
> issues/bad-modem-isolation.png" data-lightbox="current-situation" data-
> title="Bad modem isolation"><img src="images/freedom-privacy-security-
> issues/bad-modem-isolation.png" alt="Bad modem isolation" style="width: 250px;
> float: left;"/></a>
> +				The modem system on telephony-enabled mobile
> devices is always proprietary.
>  				While <a
> href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it
> only runs on old feature phones, currently requires a host computer to operate
> and is not certified to run on public networks.
>  				Despite this situation, the modem remains a
> crucial part for privacy/security: it is nearly always connected to the GSM
> network, allowing for <a href="//www.gnu.org/philosophy/malware-mobiles.html">
> remote control</a>.
>  				The modem can be more or less damaging to
> privacy/security depending on what hardware it has access to and can control.
> @@ -56,7 +59,8 @@
>  				A device with bad modem isolation would allow
> the modem to access and control key parts of the hardware, such as the RAM,
> storage, GPS, camera, user I/O and microphone.
>  				This situation is terrible for
> privacy/security as it provides plenty of ways to efficiently spy on the user,
> triggered remotely over the mobile telephony network.
>  				Those are accessible to the mobile telephony
> operator, but also to attackers setting up fake base stations for that
> purpose.
> -				<a href="images/freedom-privacy-security-
> issues/good-modem-isolation.png" data-lightbox="current-situation" data-
> title="Good modem isolation"><img src="images/freedom-privacy-security-
> issues/good-modem-isolation.png" alt="Good modem isolation" style="width:
> 250px; float: right;"/></a>On the other hand, when the modem is well-isolated
> from the rest of the device, it is limited to communicating directly with the
> SoC and can only access the device's microphone when allowed by the SoC.
> +				<a href="images/freedom-privacy-security-
> issues/good-modem-isolation.png" data-lightbox="current-situation" data-
> title="Good modem isolation"><img src="images/freedom-privacy-security-
> issues/good-modem-isolation.png" alt="Good modem isolation" style="width:
> 250px; float: right;"/></a>
> +				On the other hand, when the modem is well-
> isolated from the rest of the device, it is limited to communicating directly
> with the SoC and can only access the device's microphone when allowed by the
> SoC.
>  				It is then strictly limited to accessing what
> it really needs, which considerably reduces its opportunities to spy on the
> user.
>  				While it doesn't solve any of the freedom
> issues, having an isolated modem is a big step forward for privacy/security.
>  				However, it is nearly impossible to be
> entirely sure that the modem is actually isolated, as any documentation about
> the device cannot be trusted, due to the lack of effective hardware freedom.
> @@ -74,7 +78,8 @@
>  				Allwinner Ax, TI OMAP General-Purpose).
>  			</p>
>  			<p>
> -				<a href="images/freedom-privacy-security-
> issues/operating-system.png" data-lightbox="current-situation" data-
> title="Mobile operating system"><img src="images/freedom-privacy-security-
> issues/operating-system.png" alt="Mobile operating system" style="width:
> 250px; float: left;"/></a>The biggest part of the software running on a mobile
> device is the operating system, that runs on the main CPU.
> +				<a href="images/freedom-privacy-security-
> issues/operating-system.png" data-lightbox="current-situation" data-
> title="Mobile operating system"><img src="images/freedom-privacy-security-
> issues/operating-system.png" alt="Mobile operating system" style="width:
> 250px; float: left;"/></a>
> +				The biggest part of the software running on a
> mobile device is the operating system, that runs on the main CPU.
>  				It has access to most integrated circuits
> (I/O, camera, microphone, GPS, etc) as well as the user's data and
> communications.
>  				It is the most critical part for
> privacy/security and is also very important for free software as it interacts
> with the user directly and holds knowledge about communication with the
> hardware.
>  				Many mobile operating systems are mostly free
> software (e.g.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20160420/32ca3969/attachment.asc>


More information about the Replicant mailing list