Nick <openmoko-commun...@njw.me.uk> wrote: > Your free phone idea appeals to me enormously, Michael.
Yay, one more supporter! > However, can GSM really be a base for secure communication anyway? I see that after your post, the thread on the mailing list veered off into a discussion of security. But that diversion totally misses the point: it isn't so much about secure communication as it is about the Four Freedoms of software: http://www.gnu.org/philosophy/free-sw.html When it comes to the matters of free software philosophy, I am very much like RMS. I have a major problem with carrying a device in my pocket containing firmware for which I lack the source - not because it is a security threat, but because it's morally wrong. The only difference between me and RMS/FSF is on the matter of legalities. While I define free software in terms of exactly the same 4 freedoms as the FSF, RMS and the "conventional" free sw camp add an additional condition that these 4 freedoms be exercised legally - whereas I add no such extra clause: whether it's legally free or illegally free, it's still free software to me. There also are some practical considerations that affect only feature phones and not smartphones. I have yet to encounter a phone UI design that doesn't suck, and I hope that most people on this list will agree with me that being able to customize the UI to one's preferences is an essential freedom that a geeky, empowered phone user should have - and I mean *really* customize the UI, not just twiddle menu settings, but being able to study, modify or even totally rewrite the UI code. Smartphones have a separate application processor to run the UI, so you can indeed play with the UI on Linux to your heart's content while keeping the modem as a black box. But this approach does not work for a feature phone where the UI and the modem are tightly integrated into a single whole. Exercising full freedom over the UI code in a feature phone requires having a complete and rebuildable source for the firmware suite as a whole. (Having the GSM stack pieces as binary objects to be linked with the UI source would work too, but then one gets tied to a proprietary compiler toolchain, etc. In any case we already have full source for the GSM stack thanks to the TSM30 and LoCosto leaks, so it's a solved problem now.) Now look at the situation from the perspective of a user who does NOT want his or her phone to be anything other than a plain phone. For such a user, a non-smart feature phone ought to be ideal, but if the user also wants the freedom to fully own the UI design, s/he currently has to pay for an otherwise completely unnecessary application processor. And when I say "pay for", I'm *not* referring to the purchase price of the device - I would gladly pay a lot more for my ideal Free Dumb Phone than the most expensive GTA04 or Ubuntu Edge or whatever. Instead I mean pay for in terms of carrying extra weight, extra power consumption, extra system complexity otherwise unneeded, many additional points of failure, etc. *That* is what I seek to rectify with my Free Dumb Phone project, aside from the moral issue. Freedom is a right that all phone users should enjoy, not a privilege that's limited to just Linux smartphones to the exclusion of non-smart feature phones. > I've heard that the encryption used is really crappy, and while some > things like MITM forced reregistration to disable encryption and > ease surveillance could be countered by appropriate phone settings, > if the best encryption algorithm available can be cracked by a home > PC in a few days, you're still screwed. The GSM encryption is a red herring - it makes absolutely no difference whether it's there or not. Imagine if the GSM encryption were perfect and unbreakable - what would change? Nothing. The over-the-air encryption is only between the mobile station and the network. In a public phone network, where you can dial the phone number of any stranger and hear each other's voices if the other party answers, encryption can't be end-to-end. The network has to be able to decrypt with one end's key and re-encrypt with a different key for the other end, so the network itself has (and must have) access to the cleartext form of your digitized voice. If I am the world's most wanted criminal and enemy #1 of all major governments, and they want to spy on my phone conversations, they aren't going to bother with cracking GSM over-the-air encryption, they'll just put in a "lawful intercept" at the switch. The only way to render all "lawful intercept" mechanisms ineffective is to use end-to-end encryption. That won't work when calling strangers, or calling the transit line to check bus/train schedules etc, but it's a very feasible mechanism for private and secure communication mechanism among family members, friends etc. Here in USA we have one advantage over the EU etc lands where most people on this list seem to be located: CSD (circuit-switched data) calls still work in this part of the world, and in terms of the Calypso firmware, CSD would be a heck of a lot easier to implement (or rather, integrate TI's existing implementation into freecalypso-sw and get it to work) than GPRS. Cost is not an issue either: here in USA T-Mobile offers unlimited 2G everything, i.e., unlimited calls, SMS and GPRS, for $50/month flat. At least here in USA, CSD calls are billed just like regular voice calls, so if the plan says unlimited calls, then CSD is unlimited-free too. I do greatly look forward to implementing end-to-end-secure calls over CSD in the FreeCalypso project - but it is very far down the line though, my plan is to get all of the standard phone functionality working first. > A truly free phone is a worthy and very important thing for other > reasons, but could such a thing be strongly secure too? See above about end-to-end encrypted voice calls between family members (or other parties participating in the chosen non-standard protocol) over CSD with FreeCalypso. If you live in a place where CSD doesn't work, it can be done over GPRS too, but the software complexity takes a hike upward, so it'll take longer to get working. > Am I correct in > thinking that once the first firmware part of your project was > complete, one could flash load that the GTA02 modem, and have a (far > more 'smart' and Linux-y than you're ultimately planning) free > openmoko phone? Yes, with one caveat: what I'm going to produce will be a proof of concept version, but unless the JR+HW+PF trio changes their policy, I will leave it to someone else to put the finishing touches on it. Because what I'm ultimately after is a non-smart feature phone, I have no plans of using my GTA02 as anything other than a bring-up/testing platform, and for the latter purpose a proof-of-concept version would be sufficient. If there are other people (such as you) who care more about the GTA02 and would like to see my FreeCalypso-sw get to a point where it compiles into a drop-in fw image for the GTA02 (drop-in replacement for the original fw, but built from full source with gcc), I would be willing to donate my volunteer labor to make it happen, but only if the ridiculous NDA worship is brought to a stop and the source+object mix from which calypso-moko11.m0 was built is made public - not otherwise. In the absence of a public release of the "moko" hoardware, my FreeCalypso project will still produce a fw image that can be flashed into the GTA02, but it'll be just enough for me to test and prove that it works. It will likely lack GPRS and other features, and won't be integrated cleanly to serve as a drop-in replacement. It won't be too hard to put those finishing touches in, but I won't need them myself, and I don't feel like throwing pearls before swine - giving something to a "community" that treats me as something beneath dirt. > Or would the modem firmware have to be programmed > differently for the GTA02 compared to your feature phone? It's a build configuration option - think ./configure or make menuconfig. > While I am more interested in a feature phone than a 'smart' phone, Wow, I'm not the only one! > I would be > very happy to have a really free modem firmware on my GTA02 in the > meantime. Then maybe you should try talking some sense into Joerg etc - maybe they'll listen to you more than they are willing to listen to me. > It's interesting to think of the meanings of 'free' in your message. See above: I use exactly the same definition of Free Software as the FSF, in terms of exactly the same Four Freedoms, but *without* adding that silly extra clause that it also has to be legal. > Because one of the nice things of free software traditionally has > been the ability to say "it's free software, so I can do what I like > with it, and you can't invoke state violence against me for doing > so," Counter state violence with your own violence: raise your own army that can challenge the forces of the state on a tactical battlefield. It isn't too hard, we did it successfully back in 1917, and we can do it again. > With this in mind, I do wonder why the OsmocomBB work isn't > appropriate as a base for your work? Can you explain this a bit more > why it isn't? For two reasons: > Is it just that they are quite a long way from > producing a complete firmware for a phone? That's one reason. The other is a personal/moral one. The leader of that project is Harald Welte, and I have strong reasons to suspect that many of its other major contributors are also members of that elite clique of people who are sitting on copies of the Closedmoko hoardware and not sharing. I'm not going to contribute to a project led by such people. But as you can see from the evolution of the freecalypso-sw code over the past several months, I'm not just sitting around waiting for those people to change - instead I'm busily churning along on my own code base, using the sources which are now publicly available as my starting raw material. openm...@pulster.de (Christoph Pulster) wrote: > Just because something is illegal does not prevent it to be crap. > You are not interested to built helpful hardware, Just because a non-smart phone is not helpful hardware to YOU does not mean that it isn't helpful to anyone. As you can see from Nick's on-list response, at least one other person would also apparently prefer a free-firmware-based feature phone over a smartphone. VLR, SF _______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community