Hacker News new | ask | show | jobs
by kbart 3498 days ago
Get a phone that supports CyanogenMod. Sure, baseband still remains a blackbox and possibly backdoored, but at least you can get rid of most spyware/adware that comes preinstalled with Android. While we don't have fully open source OS with open drivers for smartphones, you cannot trust any manufacturer.
2 comments
jwfxpr 3498 days ago
Baseband concerns are legitimate. A good tinfoil hat approach is to use an iPod touch running an end-to-end encrypted messaging/calling app of your choice, connected to a secure hotspot. Cuts out most baseband vulnerabilities (since your data is encrypted before touching any hardware or software connected to a potentially compromised baseband).

All other concerns raised elsewhere here still apply, but the baseband threat is mitigated. Worth it...? Check that threat model again.

link
kbart 3498 days ago
"A good tinfoil hat approach is to use an iPod touch running an end-to-end encrypted messaging/calling app of your choice, connected to a secure hotspot."

Yes, but it's not much of a phone if it's WiFi only. You could use any laptop for such scenario as well.

link
jwfxpr 3498 days ago
You could, though the attack surface on a laptop is arguably much larger than that on an iPod. And considering most security-conscious users are unlikely to use a classical cellular phone call for a sensitive conversation, it's actually pretty comparable to a phone, considering your hotspot can be as dumb as you like. An iPod + a prepaid portable hotspot is a damn sight more usable on the go than a laptop.
link
mnw21cam 3498 days ago
Or simply skip that step and get a phone that comes with CyanogenOS installed.
link
kbart 3498 days ago
How do you know then that CyanogenOS itself was not modified to include unwanted software?
link
dandelion_lover 3498 days ago
I guess one could believe the commercial companies whose revenue depends on the trust and on the ethics, such as https://tehnoetic.com/mobile-devices.
link
jlgaddis 3498 days ago
Like this exact article/submission that we're all commenting on, where a commercial company did exactly that?
link
dandelion_lover 3497 days ago
Not exactly. I would not say their revenue depended on ethics...
link