Hallo,
Vandaag ontving ik bijgevoegd mailtje van Purism, dat ik de geďnteresseerden niet wil onthouden.
Lang verhaal, maar ik vind het bere-interessant
Bij de weg:
Inmiddels pakweg een jaar geleden de Librem 5 besteld, na een suggestie van een Fokker en de verwachting is nu dat ik hem half november zal ontvangen.
Tot die tijd doe ik het nog met mijn
Huawei P6, die teruggeschakeld is van 3G naar 2G. Is te doen, maar sites openen is inmiddels een ramp. Routeplanner Here werkt met off-line maps wel enigzins.
Al met al vind ik het heel interessant om ook al die beperkingen mee te beleven
En nu het ontvangen verhaal:
I
n This IssueIn today's newsletter we cover a large range of topics from privacy concerns, GPS tuning and Anbox on the Librem 5, porting postmarketOS to the Librem 5, making 3D graphics with open software, and Librem 14 shipping updates.
Your Phone Is Your Castle
A Brief History LessonThere is a saying “A man’s home is his castle” that derives from an even older British saying “an Englishman’s home is his castle” from hundreds of years before. Putting aside the history of male and female ownership of property for the past few hundred years, this statement came about as a matter of common law in the 17th century that enforced the right that no one–even the King–may enter a British person’s home without their invitation. As stated famously by Prime Minister William Pitt in 1763:
"The poorest man may in his cottage bid defiance to all the forces of the crown. It may be frail – its roof may shake – the wind may blow through it – the storm may enter – the rain may enter – but the King of England cannot enter."
This right influenced the United States founding fathers and became a right against unreasonable search and seizure enshrined in the fourth amendment in the US Bill of Rights.
Ultimately this statement is one about personal sovereignty over your property: that you should be able to control what happens with your property, should be able to control who is allowed to enter it, and should be allowed to defend it from intrusion.
Your Phone Is Your CastleIf your home is your physical castle, your phone is your digital castle. More than any other computer, your phone has become the most personal of personal computers and holds the most sensitive digital property a person has, including:
• Detailed contact lists of friends and colleagues
• The contents of private communications
• Personal photos (sometimes including very intimate ones)
• Personal files (sometimes including financial documents)
• Health and biometric information (sometimes including personal heart rate, blood pressure and exercise regiment)
• Passwords to online accounts
• Often even a database (if not multiple databases) of everywhere the phone has (and therefore you have) been.
So to extend the metaphor, if your phone is your digital castle, it means you should be able to control what happens with it, who is allowed to enter it, and should be allowed to defend it from intrusion.
Well, Maybe Not Your PhoneThe unfortunate fact is, for most of the people reading this article, your phone is not your castle. In many ways, your phone isn’t yours at all, at least if we are using these same traditional definitions of property. Instead, you happen to live in a castle owned by your phone’s vendor. It’s
Apple or Google, not you, who decides what is allowed to enter the castle, and what happens inside its walls. They are the ones who are allowed to defend it from intrusion, and more importantly they are the ones who define what counts as intrusion to begin with.
Your phone is their castle, you just happen to live inside their walls subject to their rules.
The recent epic battle between
Apple and Epic over the tariff
Apple charges for merchants to sell goods inside the castle walls illustrates how
Apple markets their castle’s defenses as protecting the castle residents when in reality it’s about controlling all that goes on inside the castle.
If you haven’t been following the case, Epic is objecting to the 30% cut of their revenue that
Apple gets from processing payments within the App Store. Epic has added an alternate payment processor within their popular game Fortnite that competes with
Apple’s App Store payment processor by charging a lower price for purchases made through the game since Epic avoids
Apple’s 30% processing fee.
Apple has responded by threatening to remove Epic’s software from the App Store as well as revoking their ability to use
Apple’s development infrastructure.
A customer can only install apps that are in the App Store, so by removing Epic’s app from the App Store,
Apple removes them from the full iOS ecosystem. Customers who own iPhones and who have paid for and installed Fortnite would then have the application removed from their phones. In a court filing,
Apple argues that the requirement that customers may only install software through the App Store is needed “for security and privacy.”
There is some truth to this statement. Because iOS software, backed by
iPhone hardware, actively prevents a customer from installing any software on an
iPhone outside of the App Store, it does also prevent attackers from installing malicious software. Because the App Store has rules about how applications (outside of their own) can access customer data, if
Apple discovers a competitor like Google or Facebook is violating its privacy rules it can remotely remove their software from iPhones, even internal corporate versions of software owned by Google or Facebook employees.
In all of these examples, though, the “security and privacy” of customers happens to also coincide with restricting a competitor. While
Apple markets themselves as welcoming competition on the App Store,
Apple has a long history of resisting competition with their own products from the App Store such as when it banned parental control apps around the same time it released its own, only to remove the ban a few months later after its own app had sufficient market share.
I should note that
Apple isn’t the only company that does this, it’s just that their control is a bit more advanced than Google’s. In my Consent Matters series I elaborate on a number of different companies that take remote control of customer computers including the now-famous example where Google was forced by the US Government to remove
Huawei’s ability to update Android on their own hardware.
Huawei has since responded by building their own OS so they have control over their own castle (and subjects).
Well, Maybe Not Their CastleIf you live inside a strong, secure fortification where someone else writes the rules, decides who can enter, can force anyone to leave, decides what things you’re allowed to have, and can take things away if they decide it’s contraband,
are you living in a castle or a prison? There is a reason that bypassing phone security so you can install your own software is called jailbreaking.
These companies have built very sophisticated and secure defenses all in the name of protecting you from the world outside their walls, yet in reality the walls are designed to keep you inside much more than they are designed to keep attackers out. The security community often gets so excited about the sophistication of these defenses backed by secure enclaves and strong cryptography that their singular focus on what those defenses mean for attackers blinds them from thinking about what they mean for everyone else.
The biggest threat to most people ends up not being from uninvited hackers, it’s from the apps
Apple and Google do invite in that capture and sell your data. This has resulted in a multi-billion-dollar app ecosystem built around capturing and selling your data. If
Apple or Google let someone in you didn’t invite, whether through pre-installed applications or new features embedded in an OS update, you can’t tell them to leave. Your security and privacy aren’t really protected inside these walls because the main point of these security measures is to enforce control, security against attackers and protecting your privacy is mostly marketing spin.
Make Your Phone Your CastleIt doesn’t have to be this way. We believe your phone should be your castle and that you should be in control of your own computer, not us and not any other vendor. This doesn’t mean sacrificing security or privacy, on the contrary it means putting your security and privacy in your own hands by building a strong foundation of trustworthy free software anyone can audit, while rejecting security measures that build a stronger cage around you than attackers. It means controlling your hardware with hardware kill switches so you can disable your camera and microphone, your WiFi and Bluetooth, and even your cellular modem and all of the sensors on your phone and know they are truly off.
You should decide which software is allowed on your system, not Purism. While other vendors often are paid to bundle third-party applications you aren’t allowed to remove, all of the software on the Librem 5 including pre-installed software is fully under your control. There’s no “rooting” or “jailbreaking” required to install or remove the software of your choice or even to install a different OS. While we will provide you with a list of trusted, curated free software in our PureOS Store, if you want to invite some other software into your home, even software that violates Purism’s Social Purpose, you can.
The current phone market is centered on vendor control and is only getting worse with each iteration and advancement. We had to design and build the Librem 5 from scratch, because no other combination of hardware and software on the market met our high standards for freedom, security, privacy, and user control. What we have built with the Librem 5 is a phone that works the way your most personal of personal computers should work–your own digital castle where you can store your most sensitive digital property, control what happens with it, and decide who’s invited in.