Building a new totally free phone

Fri Aug 23 15:47:50 CEST 2013

Am 23.08.2013 14:41, schrieb Dr. H. Nikolaus Schaller:
>> However, can GSM really be a base for secure communication anyway?
> IMHO the need for the GSM stack being open sourced is largely overestimated.
>
> Security experts say that the question is how to secure communication over an unsecure communication medium.
>
> Depending on which level you want to work, you can try to make GSM more secure because it is communicating over an inherently unsecure/open medium (electro-magnetical wave broadcast).
>
> Or you can just use what others have built into a black box (i.e. a modem with some AT commands). They promise that it is "secure enough". But if you want to be really secure, just wrap the potentially unsecure channel and encrypt the data sent over it.
>
> BTW: all the recent nsa/prism things have shown that it is not sufficient to make a fully transparent (aka open sourced) terminal - if it is easy enough to tap the network nodes. Or the servers you are communicating with. I.e. securing yourself is best done if you put yourself into eremitage...
>
> So in my view, spending additional work to get an open sourced GSM or even UMTS firmware stack is a nice excercise for embedded and real time communication protocol engineering, but does not make anything more safe or secure than using a black box module, because it just tries to increase security of one small hop instead of end-to-end.
>
> In other words: security measures must be done on the highest layers of the OSI reference model, not on the lowest ones. And that is the area of the application processor and OS. And of course documented schematics help to understand if there are potential backdoors to circumvent the OS or not. So we need a device where you have control over the OS, but not necessarily over the inner workings of all peripherals.
>
> -- hns
> _______________________________________________
> Openmoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
>
I think so, too. At first, everyone is complaining about NSA/PRISM and 
"Orwell". And then, same poeple discuss this topic on "Facefuck" and 
other social media sites, there they have to make an "total data strip". 
It does not make sense! So, the better way is to create an phone with an 
free and save OS, reliable hard- and software, without spyware infected 
apps. I think, this can make the Moko interessting for "bussiness use"! 
One major problem for companies is, the data security (contacts, dates, 
...). Most spyware apps send the data from infected phones via internet 
connection to the criminals/ competitors. Reaching this potential market 
can acquire customers, those are willing and able to  pay more for an 
smartphone.
The idea of getting an communication over GSM/ UMTS without the ability 
of being observed by the secret services can not be realized, because 
they have not to "crack" Your phone, they can get an link into Your 
communication at the next router in Your carriers network (the provider 
are forced by law to make this possible). So do not waste time in this 
idea, there are other issues to solve:

- ability to use the Moko in sunlight (!) => other display (other case 
is required!)
- reliability of hard- and software
- other display, so then change to Multitouch (I do not need it really, 
but needed for creater market acceptance and increasing number of users)
- greatest issue: marketing! (actually there is a real chance to place 
the Moko- idea in peoples mind: [1] so apple and co. are loosing there 
cool image bit by bit)
- maybe, HDMI-output
- working cam, not usable right now :-( (still "pin striped picture")
- better support for data sync (adressbook, dates, ...), not only with 
Google (everyone using this, should not discuss about security!)
- maybe: LTE
- ......[to be continued]......


[1] http://www.cinema.de/film/apple-stories,5693840.html

-- 
Regards

Sebastian Reinhardt