Quoting Andrew McGlashan (andrew.mcglas...@affinityvision.com.au): > But whilst I still can, I'll at least run my own servers and rely on the > "cloud" as little as possible.
Indeed, outsourcing in general is pernicious enough, but outsourcing to unknown infrastructure run by unknown strangers seems worse. > Librem 5 phone coming next year for me. Ah, Librem. Let's see: https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/ https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/ Internet Archive links because someone (guess who?) raised a stink, and Alex Gagniuc's comments were then taken down. > Opting out of the big 5 is also very much something I would like to do: > > 1. Google (including Android) > 2. Apple > 3. Microsoft (including LinkedIn, Skype and other privacy nightmares) > 4. Amazon (including AWS) > 5. Facebook > > Oh and Twitter would make it six... One coping strategy that I continue to think works pretty well is to keep one's digital footprint spread around so that minimal concentration of that data ends up with any potential opponent -- in the sprit of Self's Law. http://linuxmafia.com/~rick/lexicon.html#selfs-law Self's Law "Large, low-entropy pools are inherently dangerous." Karsten M. Self originated this observation in the 1990s. Here's an example [link] of his comments on this syndrome, following the attack that destroyed the NYC World Trade Center: "Firm belief that large pools of low entropy are inherently dangerous: tall buildings, large crowds, nuclear power, comprehensive databases, absolute power, monopolies. Seek the mean, keep energies and potentials balanced. Bipolar constructs are inherently more stable than monopolar (hegemonical) ones, and multipolar (diversified) structures better than both. That's not total anarchy — nexuses of power or control within a larger pool are OK, and virtually requisite. Should probably add universal networks and software monocultures to the list, as well." Vodaphone Greece furnished [link], in 2005, a fine example with its large, invisibly tappable digital access to all cellular telephone traffic in Athens. Towards the goal of minimising concentration of data from one's digital footprint, IMO it's worth paying very close attention to the abuse of Javascript and browser user state data, and take active measures to curtail and interfere with those activities. About smartphone security. Ahem: https://blog.torproject.org/mission-impossible-hardening-android-security-and-privacy https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor Note that the key and unsolved challenge is the baseband controller, a remotely vulnerable blackbox device that prevents any smartphone OS, no matter how good and 100% ope source, from having reliable security against even a modestly funded opponent (such as, these days, a motivated medium-sized business). Personally, my interim solution is to _eschew_ smartphones and, for now, use a 2000s-decade Motorola 3g flipphone without any sensitive data on it and assume that the device could be compromised and put under remote control by a motivated opponent via its baseband chipset. Sensitive data I have remain entirely on other, non-cellular-based devices. The Tor Project people mentioned a clever workaround: Install/configure hardened Android such as they describe on a wifi-only tablet computer, and use it on cellular networks only via a separate (e.g., USB-connectable) mifi 'modem'. Which means that the baseband controller cannot compromise the Android device's security from underneath, and you can always just disconnect the mifi 'modem' any time you want to make sure it can't do anything with/to the tablet at all. want to Otherwise, IMO, cellular device 'security' is a mirage. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
