Re: [PLUG] /not/ OK, Google
On Thu, 2 Jul 2015, Louis Kowolowski wrote: ... is the issue that debian packaged things wrong, getting a lot of people in a huff, or something else? Why is this news now? To answer the last question, consider what Google and Apple are now doing, and the business case for the different approach of each: http://tinyurl.com/pk2cngv. Guess I'm too old to think that a computer or tech company knowing all about me and making its own recommendations for my actions is kewel. I find the idea intrusive and too remenicient of 1984 and Brave New World. Shudder! Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
Article says issue has been addressed in Debian and compiled with flags that exclude issue. On Thursday, July 2, 2015, Rich Shepard rshep...@appl-ecosys.com wrote: On Thu, 2 Jul 2015, Keith Lofstrom wrote: In the long term, though, we cannot maximize privacy without maximum transparency. So, is anyone cognizant of what the linux community is doing / might do about the chromium black box? Is there reaction in the tech world beyond that blog post to which you pointed us? Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org javascript:; http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Fri, 3 Jul 2015, Louis Kowolowski wrote: Sure, but my point is that this kind of thing should’ve been discussed a year and a half ago when they blogged about it publicly. Louis, I'm one of those linux users who's business uses F/OSS applications as tools, means to an end rather than as an end in themselves. I don't track such blogs. I count on you whose business is computers to let me know when to duck. Carpe weekend, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Jul 3, 2015, at 6:47 AM, Rich Shepard rshep...@appl-ecosys.com wrote: On Thu, 2 Jul 2015, Louis Kowolowski wrote: ... is the issue that debian packaged things wrong, getting a lot of people in a huff, or something else? Why is this news now? To answer the last question, consider what Google and Apple are now doing, and the business case for the different approach of each: http://tinyurl.com/pk2cngv. Google and Apple have done things differently for as long as I can remember. The companies have different roots, different goals, different ways of making money. Google mines devices, people for information that it sells. That is fundamentally at odds with privacy, since its well known that it only takes a couple data points on the internet to uniquely identify a person. Guess I'm too old to think that a computer or tech company knowing all about me and making its own recommendations for my actions is kewel. I find the idea intrusive and too remenicient of 1984 and Brave New World. Shudder! Sure, but my point is that this kind of thing should’ve been discussed a year and a half ago when they blogged about it publicly. -- Louis Kowolowskilou...@cryptomonkeys.org mailto:lou...@cryptomonkeys.org Cryptomonkeys: http://www.cryptomonkeys.com/ http://www.cryptomonkeys.com/ Making life more interesting for people since 1977 ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] /not/ OK, Google
Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Will we need a no Android policy for PLUG meetings? My doctor wife may no longer allow smart phones into the patient exam room. Keith -- Keith Lofstrom kei...@keithl.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Wed, 1 Jul 2015, Keith Lofstrom wrote: Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: Keith, Disturbing, and puzzling. Because I'm ignorant of the underlying code and processes a few thoughts about this rise to the surface. In my situation, neither desktop nor portable computers have cameras or microphones, and my cell phone was considered a 'smart' phone prior to Apple and Android (the equivalent of a rotary dial phone, I suppose) and runs PalmOS. So, while I have chromium installed here, it is my third choice of browser and is rarely invoked. If it ain't running it can't try to listen via a non-existent microphone. Does Google being a trusted source mean no one external to the company has closely examined the chromium code? Now that this information has been disseminated, what might the open source communiity's responses be? For example, could the proprietary listening chunk of code be be subjected to a lumpectomy and the remaining code be included in distributions? This seems to be a very important issue (yet I might be wrong in my assessment) and I, for one, would greatly appreciate this thread continuing with contributions by you folks who are much more knowledgeable than I on the underlying issues and potential responses. Thanks for the post, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
Certainly bad news but not too surprising. Two questions: How/why did Debian permit black-box code? Can a smart phone be turned off (other than removing the battery)? -Denis On Wed, Jul 1, 2015 at 11:19 PM, Keith Lofstrom kei...@gate.kl-ic.com wrote: Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Will we need a no Android policy for PLUG meetings? My doctor wife may no longer allow smart phones into the patient exam room. Keith -- Keith Lofstrom kei...@keithl.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
Given that this was announced over a year ago (http://chrome.blogspot.com/2014/02/hands-free-google-voice-search-in-chrome.html http://chrome.blogspot.com/2014/02/hands-free-google-voice-search-in-chrome.html), is the issue that debian packaged things wrong, getting a lot of people in a huff, or something else? Why is this news now? On Jul 1, 2015, at 11:19 PM, Keith Lofstrom kei...@gate.kl-ic.com wrote: Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Will we need a no Android policy for PLUG meetings? My doctor wife may no longer allow smart phones into the patient exam room. Keith -- Keith Lofstrom kei...@keithl.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug -- Louis Kowolowskilou...@cryptomonkeys.org mailto:lou...@cryptomonkeys.org Cryptomonkeys: http://www.cryptomonkeys.com/ http://www.cryptomonkeys.com/ Making life more interesting for people since 1977 ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Wednesday, July 1, 2015, Keith Lofstrom kei...@gate.kl-ic.com wrote: Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Will we need a no Android policy for PLUG meetings? My doctor wife may no longer allow smart phones into the patient exam room. Keith link above points to a bit of a sensationalist rag; here's a better one with better comments: https://lwn.net/Articles/648392/ Although troubling, this is not as scary as some claim, just a new feature forvoice command activation. Now that its been identified, the offending code can be easily stripped out. the basic take away is this: all corporations are not our friends and are suspect and guilty until proven innocent. By law and legal precedent, corporations are people and free speech == money and thus are more powerful than us meat-bags. we may have one small power left: don't buy. -Ed -- You! What PLANET is this! -- McCoy, The City on the Edge of Forever, stardate 3134.0 ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Thu, Jul 02, 2015 at 07:59:37AM -0700, Denis Heidtmann wrote: Can a smart phone be turned off (other than removing the battery)? The power switch is not direct. Without a chip teardown and trace of the logic (which nobody cares enough to participate in) we have no idea what logic paths control power to the system. This is an opportunity for a hack - two tiny pixel-sized microwatt LEDs added to the phone, one connected physically to the phone power supply, the other to phone transmitter power. The smallest LEDs I know about are 0.5 x 1 mm and draw 30 mW - does anyone make LEDs 200 times smaller, with built-in ballast resistors? A powered-but-not-transmitting phone could still store voice data in the capacious memory, but this would be easy to spot. A small modification to the operating system to zero any unused memory before data service would help protect privacy. Thus justifying this posting as linux related. In the long term, though, we cannot maximize privacy without maximum transparency. That includes both software AND hardware. There are many out-of-work chip designers who would be glad to help design open hardware smart phones, and help teardown and validate what the chinese semiconductor fab actually makes. But that will involve equipment, CAD tools, and manufacturing cost, which is dreadfully expensive. Keith Keith Lofstrom kei...@keithl.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Thu, 2 Jul 2015 07:59:37 -0700, in message caarut0hznoh1dlc4au_vyytmtz7xega+3vprbrl8mstgkv+...@mail.gmail.com, Denis Heidtmann wrote: Certainly bad news but not too surprising. Two questions: How/why did Debian permit black-box code? I don't know. I have to wonder the same thing about Fedora. Can a smart phone be turned off (other than removing the battery)? To the best of my knowledge, no. Several years ago, Motorola introduced a smartphone that responded to voice commands. Including, IIRC, something on the order of phone on. (This was, as I recall, before Apple introduced Siri to an unsuspecting world.) --Dale -- Daniel: This tastes like chicken. Sam: So what's the matter with it? Daniel: It's macaroni and cheese. pgpM0bIdF6rUw.pgp Description: OpenPGP digital signature ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Thu, 2 Jul 2015, King Beowulf wrote: link above points to a bit of a sensationalist rag; here's a better one with better comments: https://lwn.net/Articles/648392/ Although troubling, this is not as scary as some claim, just a new feature forvoice command activation. Now that its been identified, the offending code can be easily stripped out. Ed, Except for those who use chrome rather than chromium. Does this apply to all those using phones with android? Thanks for the URL to a less excited report. I suspect that AlienBOB will fix his Slackware chromiums to disable this feature. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Thu, Jul 2, 2015 at 11:59 AM, Keith Lofstrom kei...@gate.kl-ic.com wrote: On Wednesday, July 1, 2015, Keith Lofstrom kei...@gate.kl-ic.com wrote: Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Will we need a no Android policy for PLUG meetings? My doctor wife may no longer allow smart phones into the patient exam room. On Thu, Jul 02, 2015 at 11:11:23AM -0700, King Beowulf wrote: Now that its been identified, the offending code can be easily stripped out. This is true for properly developed Chromium on a Linux non-phone computer, but what about Android, which is what I wrote about? Are there functional open-source builds that can replace stock AndroidOS on a store-bought Android phone? My concern is living in a sea of spy phones operated by the clueless for the benefit of the spy agencies. I worry enough about my ancient Nokia flip-phone. Keith P.S. not relevant to much, but my wife's office has ancient Cisco VOIP phones which are poorly designed, and make loud noises when a cell phone operates nearby. Nearby cell phones generate a lot of RF when they transmit, so this can be detected easily. This would be a handy feature for a later version of the Blackphone. -- Keith Lofstrom kei...@keithl.com I don't know about Chrome/Chromium replacement, but there are several other browsers available including FireFox for Android, but not sure if this kind of shenanigans is going on there as well or not. As far as replacing Android OS, there are (depending on your device), many ROMs available out there, which are for the most part based on Android Open Source Project (AOSP), which is the most open and pure version of Android available, it is what Google develops directly, and is similar to what you would find on a Nexus device. A store bought branded Android phone runs the carrier/manufacturer's modified version (Samsung, Moto, LG, HTC, all add their own touches, as well as the carriers VZW, ATT, TMo, Sprint, etc). There is a fork I suppose you could call it, of AOSP, called Replicant, and is meant to be as open as possible. http://www.replicant.us/ As for the apps, you could use Google's aside from Chrome, or you could go with F-Droid, which is a completely open source repository. https://f-droid.org/ HTH and FWIW Matt M. LinuxKnight ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Thu, 2 Jul 2015, Keith Lofstrom wrote: In the long term, though, we cannot maximize privacy without maximum transparency. So, is anyone cognizant of what the linux community is doing / might do about the chromium black box? Is there reaction in the tech world beyond that blog post to which you pointed us? Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
On Wednesday, July 1, 2015, Keith Lofstrom kei...@gate.kl-ic.com wrote: Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Will we need a no Android policy for PLUG meetings? My doctor wife may no longer allow smart phones into the patient exam room. On Thu, Jul 02, 2015 at 11:11:23AM -0700, King Beowulf wrote: Now that its been identified, the offending code can be easily stripped out. This is true for properly developed Chromium on a Linux non-phone computer, but what about Android, which is what I wrote about? Are there functional open-source builds that can replace stock AndroidOS on a store-bought Android phone? My concern is living in a sea of spy phones operated by the clueless for the benefit of the spy agencies. I worry enough about my ancient Nokia flip-phone. Keith P.S. not relevant to much, but my wife's office has ancient Cisco VOIP phones which are poorly designed, and make loud noises when a cell phone operates nearby. Nearby cell phones generate a lot of RF when they transmit, so this can be detected easily. This would be a handy feature for a later version of the Blackphone. -- Keith Lofstrom kei...@keithl.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /not/ OK, Google
Top alternative ROMs for your android include http://www.paranoidandroid.co/ and http://www.cyanogenmod.org/ More information on rooting your phone, backing it up first, installing roms, etc can be found at http://www.xda-developers.com/root/ and in their forums, http://forum.xda-developers.com/ I suggest looking up your particular phone's model in the forums, and see what they have for you. Be aware that some of the roms in there can be a little buggy, maybe stick to the established ones? On Thu, Jul 2, 2015 at 12:29 PM, Matt McKenzie lnxkni...@gmail.com wrote: On Thu, Jul 2, 2015 at 11:59 AM, Keith Lofstrom kei...@gate.kl-ic.com wrote: On Wednesday, July 1, 2015, Keith Lofstrom kei...@gate.kl-ic.com wrote: Google can use a closed source binary module in Chrome and Chromium(!) to eavesdrop: https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Will we need a no Android policy for PLUG meetings? My doctor wife may no longer allow smart phones into the patient exam room. On Thu, Jul 02, 2015 at 11:11:23AM -0700, King Beowulf wrote: Now that its been identified, the offending code can be easily stripped out. This is true for properly developed Chromium on a Linux non-phone computer, but what about Android, which is what I wrote about? Are there functional open-source builds that can replace stock AndroidOS on a store-bought Android phone? My concern is living in a sea of spy phones operated by the clueless for the benefit of the spy agencies. I worry enough about my ancient Nokia flip-phone. Keith P.S. not relevant to much, but my wife's office has ancient Cisco VOIP phones which are poorly designed, and make loud noises when a cell phone operates nearby. Nearby cell phones generate a lot of RF when they transmit, so this can be detected easily. This would be a handy feature for a later version of the Blackphone. -- Keith Lofstrom kei...@keithl.com I don't know about Chrome/Chromium replacement, but there are several other browsers available including FireFox for Android, but not sure if this kind of shenanigans is going on there as well or not. As far as replacing Android OS, there are (depending on your device), many ROMs available out there, which are for the most part based on Android Open Source Project (AOSP), which is the most open and pure version of Android available, it is what Google develops directly, and is similar to what you would find on a Nexus device. A store bought branded Android phone runs the carrier/manufacturer's modified version (Samsung, Moto, LG, HTC, all add their own touches, as well as the carriers VZW, ATT, TMo, Sprint, etc). There is a fork I suppose you could call it, of AOSP, called Replicant, and is meant to be as open as possible. http://www.replicant.us/ As for the apps, you could use Google's aside from Chrome, or you could go with F-Droid, which is a completely open source repository. https://f-droid.org/ HTH and FWIW Matt M. LinuxKnight ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
