[ajdhsjakafjt]

The open source world isn't prepared for large-scale software delivery either.

It works with the core software of Linux distributions, who deliver to administrators around the world. But userland software and dependencies are a mess. Distributions ship old software, developers don't know the target their application will run on, and we all know what's going on with the PIP/NPM/... package managers.

Moreover, we have pretty much no sandboxing and userland permission management (camera access for browser? file access for your instant messenger application? calendar access?) on any Linux Desktop.

While lawmaking and IT-security must grow up and open source is indeed a nice third player - it does not solve the immediate issues we have.

[astazangasta]

These are all valid problems but don't seem to me to preclude the original underlying premise - open source seems a necessary, if not sufficient condition. While OS might not solve all of our current issues, it seems to me that there cannot be any solution that depends on opaque software delivered by suspect entities with known surveillance agendas.

[ajdhsjakafjt]

The software is shipped by those who create the phone itself. If you don't trust anybody, you can't get a piece of silicon to connect to mobile networks and draw a website on a screen. Any open source hardware eventually depends on the promise that the thing does what it promises.

The commercial world has these trust issues as well as the open source world. Maybe the underlying issue is: how can we test devices and software that is incredibly complex?

[beagle3]

We can’t test it properly after it is done. And unless we can peek and change (which is what open source provides) we can’t ever.

I think the only dependable way forward is by separating the RF/modem parts from the rest, through a standard (e.g. WiFi or Bluetooth) protocol.

I already assume anything I do on my phone is compromised. And I would assume the same about my laptop, if I connectsd it to an untrusted hardwares and unfirewalled networks. With the laptop, I have an option; with the phone, I don’t.

I would gladly move to a dumb phone (for POTS) and an LTE access point, and a smart open source phone that uses it for connectivity, if such a thing were remotely practical. I already carry two phones for security and compartmentalizations.