Hardwired software or functionality imposed by companies or authorities
#1
One thing I can't stand about conventional smartphones, from Android to Apple and pretty much all of them these days, is the practice of hiding or forcing certain software in the device either for the sake of a company or that of the government. There's been news in recent years that some devices made it impossible to uninstall Facebook if you don't want to use it: Obviously there's no such issue with the Pinephone thank goodness... I take it there isn't even a Facebook app to begin with, you probably use that from a web browser like on a normal computer the way it's meant to be.

But I was also wondering about things some pesky governments have been pushing smartphone manufacturers to include in their devices. I know encryption backdoors aren't a risk thankfully; They haven't gotten their way with that and never will... especially not on open-source devices where it wouldn't even be possible to maintain them, people would find out and the community wouldn't accept it thus replacing any compromised software packages.

On the other side, there was talk many years ago about the government of South Korea doing the extremely creepy thing of trying to force phone manufacturers to install tracking software on every teenage user in the country, even threatening teens or their parents with arrest if the state's spying software is removed from any device. I take it Koreans can still buy Pinephones despite this, which of course don't come infested with such a disgusting product thank the gods.

Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.

So other than compliance with certain radio frequencies and normal technical stuff: Is all top level software in the device free from services or practices that can't be disabled, based on the desire of any authority other that the user of each device? I don't doubt it should be so but asking just to ensure there's no such risk.
  Reply
#2
(05-30-2021, 09:21 AM)MirceaKitsune Wrote: Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.
AFAIK this is done by pushing a text to all devices connected to a tower from which someone wants to send the alert. And triangulation of an individual is possible by checking nearest tower connections. It's not super accurate but enough. If someone knows your IMEI - you can be tracked.
  Reply
#3
(05-30-2021, 09:21 AM)MirceaKitsune Wrote: One thing I can't stand about conventional smartphones, from Android to Apple and pretty much all of them these days, is the practice of hiding or forcing certain software in the device either for the sake of a company or that of the government. There's been news in recent years that some devices made it impossible to uninstall Facebook if you don't want to use it: Obviously there's no such issue with the Pinephone thank goodness... I take it there isn't even a Facebook app to begin with, you probably use that from a web browser like on a normal computer the way it's meant to be.

But I was also wondering about things some pesky governments have been pushing smartphone manufacturers to include in their devices. I know encryption backdoors aren't a risk thankfully; They haven't gotten their way with that and never will... especially not on open-source devices where it wouldn't even be possible to maintain them, people would find out and the community wouldn't accept it thus replacing any compromised software packages.

On the other side, there was talk many years ago about the government of South Korea doing the extremely creepy thing of trying to force phone manufacturers to install tracking software on every teenage user in the country, even threatening teens or their parents with arrest if the state's spying software is removed from any device. I take it Koreans can still buy Pinephones despite this, which of course don't come infested with such a disgusting product thank the gods.

Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.

So other than compliance with certain radio frequencies and normal technical stuff: Is all top level software in the device free from services or practices that can't be disabled, based on the desire of any authority other that the user of each device? I don't doubt it should be so but asking just to ensure there's no such risk.

for that facebook app. it's system app versus ordinary app in android. system apps cannot be removed but can be updated or disabled. i think it's extremely stupid to have facebook app by default because is totally third party app (not google or oem). many default apps need to be updated from default anyway, so is there point to have them anyway.

some twisted humor:
dictator (probably in north korea or belarus):
i want system in my country where i and agencies can monitor all citizens, their locations and what they do. system reports location and activity data all time to central servers what we can use. it's probably expensive but i want it. it probably needs to be forced onto citizens.

adviser: that system already exits. in western countries. it's called ios and android and people even line up for these devices and pay more than 1000 u.s. dollars.
  Reply
#4
(05-31-2021, 10:16 AM)Skraaj Wrote:
(05-30-2021, 09:21 AM)MirceaKitsune Wrote: Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.
AFAIK this is done by pushing a text to all devices connected to a tower from which someone wants to send the alert. And triangulation of an individual is possible by checking nearest tower connections. It's not super accurate but enough. If someone knows your IMEI - you can be tracked.
The only true way of remaining private is by leaving your phone at home, and just bring a paper-based book with you to read on your train commutes instead.
母語は日本語ですが、英語も喋れます(ry
  Reply
#5
(05-31-2021, 04:01 PM)ryo Wrote:
(05-31-2021, 10:16 AM)Skraaj Wrote:
(05-30-2021, 09:21 AM)MirceaKitsune Wrote: Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.
AFAIK this is done by pushing a text to all devices connected to a tower from which someone wants to send the alert. And triangulation of an individual is possible by checking nearest tower connections. It's not super accurate but enough. If someone knows your IMEI - you can be tracked.
The only true way of remaining private is by leaving your phone at home, and just bring a paper-based book with you to read on your train commutes instead.

That's what I do ...my smartphone is used as a land-line.  I rarely take it with me unless I'm driving and even then I switch it off until I want to use it - no call is THAT important, that I must be in contact 24 hours a day so that I can answer and deal with it as soon as it rings.  

Maybe it's an age thing - I am in my 50's - but I simply don't see what is great about being connected to the world 24-7, and I certainty don't like the idea of transmitting my location to those that think it important enough, that they go to great lengths to ensure it's as hard as possible not to.

And that's where the PinePhone comes into the picture, because all I want a phone to be - is a phone.  Apps, Bluetooth, Wi-fi ...I won't be using any of it (although, the calculator and torch apps do come in handy ...oh, and a good spell checker).  Before I discovered the PinePhone, I was looking to buy a simple flip-phone - but after some research, found that the powers that be are trying their hardest to make old tech obsolete as soon as possible (something to do with changes to LTE, FDD and TDD ...can't remember the details, but old tech will be screwed as soon as they can manage it - if not sooner).

While I know the PinePhone can (or will) do all the things a smartphone is made to do, I'm actually buying it because it gives me the true choice not to do any of those things... It won't be beeping all the time, saying "DOG HOUSE, THERE'S A NEW VERSION OF SOFTWARE THAT YOU SIMPLY MUST HAVE - BLEEP- DOG HOUSE!!! ARE YOU LISTENING TO ME?" - it will simply be sat in my pocket, saying "Yo, Dog House, your Bluetooth and Wi-fi are switched off... cool man, like your style... you know where I am if you need me... peace out, dude".

I'm also a big Linux fan, so instead of reading a paper-based book on the train, I'll be practicing my use of Systemctl service commands in the terminal ...just because I can ;-)
  Reply
#6
(05-30-2021, 09:21 AM)MirceaKitsune Wrote: Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.

This is kind of mixing two different things: cell-based location tracking and wireless emergency alerts (WEA).
Cell-based location tracking is pretty much just a fact of life with cell phones. The carrier knows your IMEI and they know your signal strength at all their various towers, so they can triangulate your position any time your modem is online. This has nothing to do with the software on your phone; it's inherent to the structure of the network. It would be possible in theory to architect a network that does not allow this kind of location tracking by the carrier, but there seems to be less than zero interest in this (since the carriers profit from this location data and want to keep getting it).

Wireless emergency alerts are a strange one (at least in the US, unsure about elsewhere). Last I heard, there wasn't much hope of ever getting support for it on the Pinephone, in no small part because the system probably has no anti-spoofing security at all and relies entirely on the obscurity of its technical details to prevent abuse (basically, we're not allowed to learn how it works in order to implement it). It's possible the proprietary modem firmware does or could support it, but I know very little about that.

The weirdest part of WEA in the US is that Presidential Alerts are required by law to be mandatory and impossible for the end user to disable. Aside from being invasive, this law is not really aligned with the reality of how computers (including cell phones, and especially the Pinephone) actually work. It's effectively impossible for Pine64 to comply with this rule, because it doesn't even directly develop an OS for the device at all, let alone a locked-down one that has any provisions for restricting what the end user can do. Pragmatically speaking, this is probably just another reason why supporting WEA on the Pinephone isn't going to happen, because legal authorities will probably interpret the law to mean that a vendor who cannot guarantee that end users will see Presidential Alert messages may not implement WEA at all.

Yeah, cell phones are pretty messed up.
  Reply
#7
(06-01-2021, 12:32 PM)diodelass Wrote: This is kind of mixing two different things: cell-based location tracking and wireless emergency alerts (WEA).
Cell-based location tracking is pretty much just a fact of life with cell phones. The carrier knows your IMEI and they know your signal strength at all their various towers, so they can triangulate your position any time your modem is online. This has nothing to do with the software on your phone; it's inherent to the structure of the network. It would be possible in theory to architect a network that does not allow this kind of location tracking by the carrier, but there seems to be less than zero interest in this (since the carriers profit from this location data and want to keep getting it).

Wireless emergency alerts are a strange one (at least in the US, unsure about elsewhere). Last I heard, there wasn't much hope of ever getting support for it on the Pinephone, in no small part because the system probably has no anti-spoofing security at all and relies entirely on the obscurity of its technical details to prevent abuse (basically, we're not allowed to learn how it works in order to implement it). It's possible the proprietary modem firmware does or could support it, but I know very little about that.

The weirdest part of WEA in the US is that Presidential Alerts are required by law to be mandatory and impossible for the end user to disable. Aside from being invasive, this law is not really aligned with the reality of how computers (including cell phones, and especially the Pinephone) actually work. It's effectively impossible for Pine64 to comply with this rule, because it doesn't even directly develop an OS for the device at all, let alone a locked-down one that has any provisions for restricting what the end user can do. Pragmatically speaking, this is probably just another reason why supporting WEA on the Pinephone isn't going to happen, because legal authorities will probably interpret the law to mean that a vendor who cannot guarantee that end users will see Presidential Alert messages may not implement WEA at all.

Yeah, cell phones are pretty messed up.

This clarifies a lot, thanks! Indeed signal triangulation is normal and unavoidable and perhaps sometimes useful, it's an effect of how transmissions work and common with all devices. As for WEA, good: I'm glad to hear it wouldn't even be possible to support it on the Pinephone at all, as the way they implement and enforce it is scary and dystopian and opposite of what a FOSS device is meant to achieve, I'll be happy knowing no such things exist on my device.
  Reply
#8
(06-01-2021, 09:34 AM)Dog House Dave Wrote:
(05-31-2021, 04:01 PM)ryo Wrote:
(05-31-2021, 10:16 AM)Skraaj Wrote:
(05-30-2021, 09:21 AM)MirceaKitsune Wrote: Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.
AFAIK this is done by pushing a text to all devices connected to a tower from which someone wants to send the alert. And triangulation of an individual is possible by checking nearest tower connections. It's not super accurate but enough. If someone knows your IMEI - you can be tracked.
The only true way of remaining private is by leaving your phone at home, and just bring a paper-based book with you to read on your train commutes instead.

That's what I do ...my smartphone is used as a land-line.  I rarely take it with me unless I'm driving and even then I switch it off until I want to use it - no call is THAT important, that I must be in contact 24 hours a day so that I can answer and deal with it as soon as it rings.  

Maybe it's an age thing - I am in my 50's - but I simply don't see what is great about being connected to the world 24-7, and I certainty don't like the idea of transmitting my location to those that think it important enough, that they go to great lengths to ensure it's as hard as possible not to.
Well, I'm still in my 20's, I used to be that guy that's connected 24/7, but most of it is because it's a habit in this country among pretty much everyone.
If you're on the train, you either take out your smartphone, or you sleep.
And occasionally someone reading a book or playing a game console like a 3DS, Nintendo Switch, or PS Vita.

And it doesn't help with ads like these:
https://www.youtube.com/watch?v=Zlzx_oOKopo

I've been meditating in trains recently, makes me way less stressed out once I step off the train.
母語は日本語ですが、英語も喋れます(ry
  Reply
#9
(05-31-2021, 10:16 AM)Skraaj Wrote:
(05-30-2021, 09:21 AM)MirceaKitsune Wrote: Another big example closer to home is an alert system that was discussed a few years ago if I'm not mistaken; Something that allowed authorities to track where your phone is located, and if you're in an area where a calamity is happening they'd have the ability to force a message on your device and you couldn't disable the thing. As an optional service I'm definitely not against it, quite the contrary... but forced and hardcoded into my device, no way I don't want any of that stuff.
AFAIK this is done by pushing a text to all devices connected to a tower from which someone wants to send the alert. And triangulation of an individual is possible by checking nearest tower connections. It's not super accurate but enough. If someone knows your IMEI - you can be tracked.

I encourage those with these concerns to view this thread.
https://forum.pine64.org/showthread.php?tid=11264
The idea, going back to the failed(medical issues of main engineer who also brought you the OpenMoko) Neo900 project includes hardware switches on the modem and radios as well as a hacker-interface allowing a future receive-only POCSAG pager receiver module which allows you to be passively 'online' especially if you can redirect incoming calls to your regional commercial(or amateur radio, or low power local) paging service where you receive a 'text message' via POCSAG service that you can call back immediately or whenever you feel safe to power up your telephony modem or VOIP modem.
Back to the thread above, we need a good low power receiver IC to build a reference dev kit so the software devs can integrate stealthy operation into the OS.
  Reply
#10
biketool Wrote:The idea, going back to the failed Neo900 project includes hardware switches on the modem and radios as well as a hacker-interface allowing a future receive-only POCSAG pager receiver module which allows you to be passively 'online' especially if you can redirect incoming calls to your regional commercial(or amateur radio, or low power local) paging service where you receive a 'text message' via POCSAG service that you can call back immediately or whenever you feel safe to power up your telephony modem or VOIP modem.
Back to the thread above, we need a good low power receiver IC to build a reference dev kit so the software devs can integrate stealthy operation into the OS.

I've been doing something like this for nearly 30 years, though not quite the way you describe. My provider has a feature where when someone leaves a voice message an external device (receive-only pager) is notified. This is a legacy feature from the days when range was limited, there were lots of areas without service, and airtime and roaming charges were expensive. (In those days many times one would return the call via land line or pay phone rather than firing up the cell phone.)

This feature still works. So what I do is leave my phone off with the battery removed most of the time and just leave the pager on. When I receive notification that someone has left a message I can choose the time and place for checking it and responding.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  "Repository" for Safe Software/Apps? MarsColonist 2 1,487 05-12-2022, 06:29 PM
Last Post: MarsColonist
  Favorite software? Scary Guy 0 938 02-16-2022, 01:28 PM
Last Post: Scary Guy
  unable to install any software pine-user1 2 1,442 11-09-2021, 01:07 AM
Last Post: ryo
  software jesica 3 2,937 10-30-2021, 08:27 AM
Last Post: beta-user
  jumpdrive software might be faulty (or my pinephone hardware) zetabeta 3 3,196 07-20-2021, 03:14 PM
Last Post: zetabeta
  Latest PinePhone CE Manjaro - Charging issues: hardware or software? kern707 5 4,682 11-20-2020, 12:09 AM
Last Post: bcnaz
  Mobian on SD Card or Flashed To eMMC For Better Functionality . . . NobodyNew1 3 4,224 09-17-2020, 11:40 AM
Last Post: LinAdmin2
  Software options for thermal throttling? e1337 5 6,977 06-10-2020, 04:39 PM
Last Post: dukla2000
  Software back to basics Zweitaktmotor 4 6,483 12-13-2019, 03:57 PM
Last Post: bcnaz

Forum Jump:


Users browsing this thread: 1 Guest(s)