Dimonik wrote: > Free dumb phone is not enough for freedom/privacy.
Please don't mix freedom and privacy together; they are two different concepts. To me personally, the most important freedom is the freedom to fix bugs. If my dumbphone is misbehaving because of a firmware bug, I want the freedom to fix it myself, instead of being beholden to vendors' firmware "upgrades" that introduce 3 new bugs for every old one fixed. > Lets assume freecalypso-sw reached the goal and produce this phone in the > pocket: > > 1. You still will be tracked by telecom network (exposed location); So what? The laws of physics are the same for everyone; it should be obvious to a hedgehog (Russian expression) that if I wish to talk to my significant other while driving on a highway, I'm going to have to use a device that acts a radio transmitter, and by the laws of physics the location of a radio transmitter can be trivially determined by anyone who takes the effort to trilaterate. Again, so what? Having one's location known to anyone who cares to know is the price one has to pay for the convenience of making it possible for the important people in your life to be able to reach you instantly at any time. Again, it all stems from universal laws of physics, no need to invoke conspiracy arguments here. > 2. Your voice will not be encrypted using trusted algorithm (End-to-End) > because this is dumbphone as thus will obey badly broken standard GSM A5/1 > - A5/3 algos with SIM card's loosy 64bit keys; Again, a reality I am perfectly willing to accept. I may be able to implement end-to-end encrypted voice calls over CSD (mobile-to-mobile transparent CSD calls work just fine in my part of the world), even on a dumbphone - but that is a much lower priority for me; I won't start working on it until *after* I have solved the far more pressing (for me) moral problem of proprietary firmware w/o source code. > 3. Your calls/sms'es will travel across telecom network and will easily be > accessible for prepared adversary (SS7 hacking); Again, something I am perfectly willing to live with. > So your data still completely insecure, and you better not to use this > phone. *You* don't get to tell me what *I* should or should not use. If you are willing to give up the ability to call your significant other on the phone or have her/him call you, that's your choice. Mine is different. For me it is of utmost importance for the special people in my life to be able to call me at any time, wherever I am. Yes, it would be wonderful to have these conversations encrypted end-to-end, but I am still many years away from even starting to work on that part, therefore, in the meantime we simply accept the fact that all of our conversations are being listened to by some dude in a suit at FBI/NSA/ whatever. It's mostly just lovers' talk, no military or business or other real secrets. > Better goal is probably dumb-smartphone at least capable to send traffic > over data-connection and able to run free OS/crypto software for end-to-end > encrypted communication. One does not need a smartphone to do what you are describing; I plan on doing end-to-end voice encryption over CSD on a dumbphone platform. But as I said, it is an extremely low priority for me personally, thus I won't even start seriously looking into it until I have solved everything else that is far more important to me personally. SF _______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant