The Images links html is very long, and therefor less readable by humans.
This is to have more readable git diffs.
Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@no-log.org>
---
freedom-privacy-security-issues.php | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/freedom-privacy-security-issues.php
b/freedom-privacy-security-issues.php
index 1cdd5a1..7def689 100644
--- a/freedom-privacy-security-issues.php
+++ b/freedom-privacy-security-issues.php
@@ -12,7 +12,8 @@
</p>
<h3>A simplified overview of mobile devices</h3>
<p>
- <a
href="images/freedom-privacy-security-issues/hardware.png"
data-lightbox="overview" data-title="Hardware-side overview"><img
src="images/freedom-privacy-security-issues/hardware.png" alt="Hardware-side
overview" style="width: 250px; float: left;"/></a>On the hardware side, mobile
devices are built with a system on a chip (SoC) that includes a processor (CPU)
and various other fundamental components, around which are found various
integrated circuits, memory (RAM), storage, user input/output (I/O), etc.
+ <a
href="images/freedom-privacy-security-issues/hardware.png"
data-lightbox="overview" data-title="Hardware-side overview"><img
src="images/freedom-privacy-security-issues/hardware.png" alt="Hardware-side
overview" style="width: 250px; float: left;"/></a>
+ On the hardware side, mobile devices are built
with a system on a chip (SoC) that includes a processor (CPU) and various other
fundamental components, around which are found various integrated circuits,
memory (RAM), storage, user input/output (I/O), etc.
When the device is telephony-enabled, it also
features a modem, which is the component in charge of dealing with the mobile
telephony network.
Nowadays, it is usually a powerful processor,
sometimes with its own memory and storage.
</p>
@@ -20,7 +21,8 @@
Regarding the software side of things on mobile
devices, the main CPU (inside the SoC) starts by executing initial boot code,
often known as the bootrom.
This code will look up various places such as
NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware
configuration, to load a bootloader.
The bootloader, which is in fact often split in
different stages, is in charge of bringing up and configuring various aspects
of the hardware and eventually starting the operating system by loading and
running its kernel.<br />
- <a
href="images/freedom-privacy-security-issues/software.png"
data-lightbox="overview" data-title="Software-side overview"><img
src="images/freedom-privacy-security-issues/software.png" alt="Software-side
overview" style="width: 250px; float: right;"/></a>The kernel itself, among
other things, deals with the hardware directly and provides ways for other
programs (running in user-space) to access it.
+ <a
href="images/freedom-privacy-security-issues/software.png"
data-lightbox="overview" data-title="Software-side overview"><img
src="images/freedom-privacy-security-issues/software.png" alt="Software-side
overview" style="width: 250px; float: right;"/></a>
+ The kernel itself, among other things, deals
with the hardware directly and provides ways for other programs (running in
user-space) to access it.
In user-space, hardware abstraction layers are
programs specific to each device that know how to properly drive the hardware.
They use the kernel to communicate back and
forth with the hardware and implement the proper protocols for it.<br /><br />
The actual knowledge of how to drive the
hardware is split between the kernel and the hardware abstraction layer
libraries: both are needed to make it work properly.
@@ -48,7 +50,8 @@
However, it is not always possible to even
replace those firmwares: some are loaded to the integrated circuit by the main
CPU but some others are pre-installed in the circuit (in that case, they almost
seem to behave like hardware) and cannot be updated to a free replacement.
</p>
<p>
- <a
href="images/freedom-privacy-security-issues/bad-modem-isolation.png"
data-lightbox="current-situation" data-title="Bad modem isolation"><img
src="images/freedom-privacy-security-issues/bad-modem-isolation.png" alt="Bad
modem isolation" style="width: 250px; float: left;"/></a>The modem system on
telephony-enabled mobile devices is always proprietary.
+ <a
href="images/freedom-privacy-security-issues/bad-modem-isolation.png"
data-lightbox="current-situation" data-title="Bad modem isolation"><img
src="images/freedom-privacy-security-issues/bad-modem-isolation.png" alt="Bad
modem isolation" style="width: 250px; float: left;"/></a>
+ The modem system on telephony-enabled mobile
devices is always proprietary.
While <a
href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it
only runs on old feature phones, currently requires a host computer to operate
and is not certified to run on public networks.
Despite this situation, the modem remains a
crucial part for privacy/security: it is nearly always connected to the GSM
network, allowing for <a
href="//www.gnu.org/philosophy/malware-mobiles.html">remote control</a>.
The modem can be more or less damaging to
privacy/security depending on what hardware it has access to and can control.
@@ -56,7 +59,8 @@
A device with bad modem isolation would allow
the modem to access and control key parts of the hardware, such as the RAM,
storage, GPS, camera, user I/O and microphone.
This situation is terrible for privacy/security
as it provides plenty of ways to efficiently spy on the user, triggered
remotely over the mobile telephony network.
Those are accessible to the mobile telephony
operator, but also to attackers setting up fake base stations for that purpose.
- <a
href="images/freedom-privacy-security-issues/good-modem-isolation.png"
data-lightbox="current-situation" data-title="Good modem isolation"><img
src="images/freedom-privacy-security-issues/good-modem-isolation.png" alt="Good
modem isolation" style="width: 250px; float: right;"/></a>On the other hand,
when the modem is well-isolated from the rest of the device, it is limited to
communicating directly with the SoC and can only access the device's microphone
when allowed by the SoC.
+ <a
href="images/freedom-privacy-security-issues/good-modem-isolation.png"
data-lightbox="current-situation" data-title="Good modem isolation"><img
src="images/freedom-privacy-security-issues/good-modem-isolation.png" alt="Good
modem isolation" style="width: 250px; float: right;"/></a>
+ On the other hand, when the modem is
well-isolated from the rest of the device, it is limited to communicating
directly with the SoC and can only access the device's microphone when allowed
by the SoC.
It is then strictly limited to accessing what
it really needs, which considerably reduces its opportunities to spy on the
user.
While it doesn't solve any of the freedom
issues, having an isolated modem is a big step forward for privacy/security.
However, it is nearly impossible to be entirely
sure that the modem is actually isolated, as any documentation about the device
cannot be trusted, due to the lack of effective hardware freedom.
@@ -74,7 +78,8 @@
Allwinner Ax, TI OMAP General-Purpose).
</p>
<p>
- <a
href="images/freedom-privacy-security-issues/operating-system.png"
data-lightbox="current-situation" data-title="Mobile operating system"><img
src="images/freedom-privacy-security-issues/operating-system.png" alt="Mobile
operating system" style="width: 250px; float: left;"/></a>The biggest part of
the software running on a mobile device is the operating system, that runs on
the main CPU.
+ <a
href="images/freedom-privacy-security-issues/operating-system.png"
data-lightbox="current-situation" data-title="Mobile operating system"><img
src="images/freedom-privacy-security-issues/operating-system.png" alt="Mobile
operating system" style="width: 250px; float: left;"/></a>
+ The biggest part of the software running on a
mobile device is the operating system, that runs on the main CPU.
It has access to most integrated circuits (I/O,
camera, microphone, GPS, etc) as well as the user's data and communications.
It is the most critical part for
privacy/security and is also very important for free software as it interacts
with the user directly and holds knowledge about communication with the
hardware.
Many mobile operating systems are mostly free
software (e.g.
--
2.7.4
_______________________________________________
Replicant mailing list
Replicant@lists.osuosl.org
http://lists.osuosl.org/mailman/listinfo/replicant
