Interested in a more security/privacy-focused phone
bump , I use iphone and have some questions.
More and more program about privacy/security , how can we choose one and believe some it never collect our data?
Comment has been collapsed.
Sorry, I missed this last night. You are absolutely right! There is no way to be absolutely sure...
TL;DR - pretty much there isn't a perfect option. Scroll to bottom, get link to funny picture
Ultimately, it all comes down to how much do you trust the other party and how sure you are that the guy on the other end of the wire is who you think it is. And sometimes it is even more than that. For instance, I more or less trust Google as far as companies go. But feel free to mentally replace 'Google' with 'Apple'. Anyway, that doesn't mean that I should trust every individual at Google or that I should trust that Google will always put my best interests above their own (after all, at the end of the day they are a business and have to make money through ads or whatever other means). But it's more than that too... in the U.S. and probably other countries as well, the government could in theory force companies to build in back doors to their operating systems or other software and threaten the company with legal again if they should ever disclose the existence of said back doors. Now I may sound like someone wearing a tin foil hat but a) I said "in theory" so of course its only an example :-D and b) it's really not all that far fetched if you are familiar with how government hush orders on VPN eavesdropping work (google "vpn warrant canaries" if you are curious), have read some of the leaked documents such as from Edward Snowden, and/or seen news articles about governments officials such as in Russia or Australia talking about building in back doors. And the thing about back doors is that even if they're only intended to be used by specific entities (e.g. a particular government) that doesn't mean they can't or won't be exploited by malicious users (aka "hackers" or more correctly "crackers"), malware/botnets/etc, or even other governments.
Even being a programmer isn't always enough. Many programmers often specialize in one or several areas but rarely does one individual know all programming languages and have the time to research all of the many different libraries etc available, let alone keep up with all the emerging technologies.
That's why I feel that open-source is such a huge thing. If we can be reasonably sure who someone is (e.g. is this me, zpangwin, typing now or did someone hack my account?!) and we have multiple individuals who vouch for code that anyone else is free to come and look at and independently verify, that drastically reduces the chance of foul play or hidden back doors. Does it fix everything? No. Even Linux and Mac still have bugs and viruses, if not quite so many as Windows does. But I am pretty damn confident that if someone wants to break into my Linux box, that they'll have to find an exploit and won't just have a back door built in for them out of the box. I don't have that level of confidence on Windows machines
Then again, whenever I talk about this kind of thing, I always remember this:
xkcd security... a cryptonerd's imagination vs reality
Comment has been collapsed.
If anyone was looking for an update, it was successfully crowdfunded ... or, well, they reached their goal.
Comment has been collapsed.
25 Comments - Last post 13 minutes ago by UnrealBattousai
5 Comments - Last post 36 minutes ago by Golwar
81 Comments - Last post 1 hour ago by popocho
8,437 Comments - Last post 1 hour ago by VicViperV
41 Comments - Last post 2 hours ago by pawelt
1,367 Comments - Last post 20 hours ago by thatotherone6
102 Comments - Last post 20 hours ago by BlazeHaze
75 Comments - Last post 20 seconds ago by PatchmaN
13 Comments - Last post 6 minutes ago by GangsterJochen
52 Comments - Last post 8 minutes ago by Myrsan
270 Comments - Last post 18 minutes ago by davidpfarrell
347 Comments - Last post 37 minutes ago by Strategius4
642 Comments - Last post 48 minutes ago by IronKnightAquila
123 Comments - Last post 1 hour ago by DrAlexander
UPDATE (2017-10-11):
So as noted, Purism reached their funding goal. It will be a while till the devices are ready to ship but I was very happy to hear this and hope it opens the door for additional open-hardware phone projects in the future. I would also be great to be able to continue getting OS patches for a long time... I know it has been common practice in the Android world for big companies to stop pushing updates after awhile; really hoping this will take the traditional desktop Linux update approach to phones too.
ORIGINAL:
So I recently backed a crowd-funding project for Purism's Librem 5 privacy-focused phone and I'm waiting to see if it makes it's funding goal. I've been wanting to see open-source hardware and Linux smartphones in particular get even a small foothold in the mobile market for a LONG time now. I don't expect that most people care about that....I even did some GA's recently for my Linux groups but only got a couple responses... But maybe people care about privacy/security more than they care about Linux...
Anyway, I figured in the true SG-fashion, I needed an official poll with some gibs X-D.
L0:
Pang Adventures
L1:
Mainlining
VoidExpanse
L2:
Septerra Core
Konung 3: Ties of the Dynasty
L3:
Hero of the Kingdom II
Two Worlds II: Velvet Edition
Flame in the Flood
EDIT Sept 24:
Emailed the Purism team to request some more info related to some of the points below and they responded pretty quickly (unfortunately I was sleeping in and did not see till just now :-D). To the folks at Purism, if you happen to be reading this, thanks for the fast response and I wish you the best of luck in the crowdfunding so that I too can look forward to a Librem 5 :-)
In response to asking who their security expert is, they responded
With regards to the bulleted list that Movac asked about below, the response was:
Finally, they said they will see about getting some more details added on the main Librem 5 page as well.
EDIT Sept 25:
Got some additional details shortly after my last edit. Here's what they said (this was second hand)::
I too was somewhat unclear on what layer was being asked about for 'central management' but as I said in my comment below, most Linux distros handle both OS updates and software updates through package management. PureOS is based off of Debian so I would expect it to be somewhat similar to other Debuan based Linux distros like Ubuntu or Linux Mint (in Mint, I usually see an icon by my clock when updates are available and when I click on it I can select which updates to apply and/or change my source servers from where I download updates from. Meaning I can use official Linux Mint servers or if I live far away I can instead select an unofficial source that I trust but which us geographically closer to speed up download times).
Comment has been collapsed.