The author argues that open source magically creates a wonderful world of security and privacy. Quotes like the following make me wonder if the author every touched a software project:
"Like the Linux and open source world at large, security and privacy are not automatic features of open source. Rather, it is open source that enables those features, by allowing developers and users to keep a watchful eye on the code.
[...]
Code isn’t always understandable, even to seasoned Linux users."
I more and more think this is a harmful view on open source. It's a reason for projects to skip best practices, tests and professional audits. I follow a few projects very closely so I'm familiar with the code. But should others really rely on that in terms of security? Absolutely not.
When you ask the "binary people" if they need the source code for an audit, well, they don't.
It's not about the source code, but about control. You can't have much privacy or security if you are living one third party update away from a government backdoor, like all android, ios, windows, macos users today.
The open source world isn't prepared for large-scale software delivery either.
It works with the core software of Linux distributions, who deliver to administrators around the world. But userland software and dependencies are a mess. Distributions ship old software, developers don't know the target their application will run on, and we all know what's going on with the PIP/NPM/... package managers.
Moreover, we have pretty much no sandboxing and userland permission management (camera access for browser? file access for your instant messenger application? calendar access?) on any Linux Desktop.
While lawmaking and IT-security must grow up and open source is indeed a nice third player - it does not solve the immediate issues we have.
These are all valid problems but don't seem to me to preclude the original underlying premise - open source seems a necessary, if not sufficient condition. While OS might not solve all of our current issues, it seems to me that there cannot be any solution that depends on opaque software delivered by suspect entities with known surveillance agendas.
The software is shipped by those who create the phone itself. If you don't trust anybody, you can't get a piece of silicon to connect to mobile networks and draw a website on a screen. Any open source hardware eventually depends on the promise that the thing does what it promises.
The commercial world has these trust issues as well as the open source world. Maybe the underlying issue is: how can we test devices and software that is incredibly complex?
We can’t test it properly after it is done. And unless we can peek and change (which is what open source provides) we can’t ever.
I think the only dependable way forward is by separating the RF/modem parts from the rest, through a standard (e.g. WiFi or Bluetooth) protocol.
I already assume anything I do on my phone is compromised. And I would assume the same about my laptop, if I connectsd it to an untrusted hardwares and unfirewalled networks. With the laptop, I have an option; with the phone, I don’t.
I would gladly move to a dumb phone (for POTS) and an LTE access point, and a smart open source phone that uses it for connectivity, if such a thing were remotely practical. I already carry two phones for security and compartmentalizations.
I'm personally looking forward to the purism phone. If they are successful enough, their v2 will be especially interesting. Its a fairly important project
Absolutely. I would love to buy a Purism phone if A. they make it usable as a daily driver and B. they actually follow through with making it secure. Say what you want about Google and Apple but iPhones and Pixels are relatively secure, but some may consider the code running on them to not be trustworthy.
Your phone is probably your most valuable device, with more private information than many others. It seems especially important to ensure that it is secure and trustworthy.
I was involved with a open source phone OS and things went great - until we tried to take it to market. In order to launch the OS we decided to partner with telecom providers, and it was their requirements which threatened the project’s integrity. I fear this barrier will be present for other phones in the future. Open source hardware is really important. The closed source baseband blob compromises the security of the device. We were unable to audit it, so we could not trust it.
Just a couple of years ago, there would be no appetite for this type of phone, as Google, Apple and the tech press made it seem like having less than 1 million apps available meant that the phone was worthless.
Thankfully, we're now at a stage where people largely have all the apps they need, and rarely download new ones if a website alternative is available (think online store or news publication).
I'm giving serious thought to buying one of these phones, especially since Uber and Lyft's mobile web sites are sufficient to book rides on. That was the biggest hindrance to making a move away from Android/iOS. I don't really watch streaming video on my phone, so Netflix/PrimeVideo aren't needed.
12 comments
[ 2.7 ms ] story [ 26.4 ms ] thread"Like the Linux and open source world at large, security and privacy are not automatic features of open source. Rather, it is open source that enables those features, by allowing developers and users to keep a watchful eye on the code. [...] Code isn’t always understandable, even to seasoned Linux users."
I more and more think this is a harmful view on open source. It's a reason for projects to skip best practices, tests and professional audits. I follow a few projects very closely so I'm familiar with the code. But should others really rely on that in terms of security? Absolutely not.
When you ask the "binary people" if they need the source code for an audit, well, they don't.
It works with the core software of Linux distributions, who deliver to administrators around the world. But userland software and dependencies are a mess. Distributions ship old software, developers don't know the target their application will run on, and we all know what's going on with the PIP/NPM/... package managers.
Moreover, we have pretty much no sandboxing and userland permission management (camera access for browser? file access for your instant messenger application? calendar access?) on any Linux Desktop.
While lawmaking and IT-security must grow up and open source is indeed a nice third player - it does not solve the immediate issues we have.
The commercial world has these trust issues as well as the open source world. Maybe the underlying issue is: how can we test devices and software that is incredibly complex?
I think the only dependable way forward is by separating the RF/modem parts from the rest, through a standard (e.g. WiFi or Bluetooth) protocol.
I already assume anything I do on my phone is compromised. And I would assume the same about my laptop, if I connectsd it to an untrusted hardwares and unfirewalled networks. With the laptop, I have an option; with the phone, I don’t.
I would gladly move to a dumb phone (for POTS) and an LTE access point, and a smart open source phone that uses it for connectivity, if such a thing were remotely practical. I already carry two phones for security and compartmentalizations.
Your phone is probably your most valuable device, with more private information than many others. It seems especially important to ensure that it is secure and trustworthy.
Thankfully, we're now at a stage where people largely have all the apps they need, and rarely download new ones if a website alternative is available (think online store or news publication).
I'm giving serious thought to buying one of these phones, especially since Uber and Lyft's mobile web sites are sufficient to book rides on. That was the biggest hindrance to making a move away from Android/iOS. I don't really watch streaming video on my phone, so Netflix/PrimeVideo aren't needed.