Hacker News new | ask | show | jobs
by raintrees 2475 days ago
I obtained a low-tech phone for SMS and phone calls. I then turned my Samsung Android back into a PDA by removing the SIM chip.

I explain to my clients when they express astonishment at my low-tech phone that I am protecting their security, as I have the PDA sync with my Exchange Server, where I keep sensitive info to provide them support and I do not allow the low-tech phone to access my Exchange Server.

I also tell them that I had based my decision on the track records of Google, Apple, Verizon, etc. in regards to security.

Nothing is perfect, but at least my attack surface is lessened.
3 comments
haydn3 2475 days ago
Isn't connecting to Microsoft being online? Unless you're running exchange on an OFFLINE, LOCAL NETWORK your outgoing traffic to Google will contain metadata and you're not stopping anything by removing the SIM card other than inconveniencing yourself.

It still calls home, it's still online. Lock down Microsoft and Google's IPs permanently, outbound, on all networks you use or this won't work.

link
raintrees 2474 days ago
I run my own servers, so no, no connection to Microsoft except for updates.

Google is not involved, my DNS is my own server with the base servers as their lookups, not Google DNS. My PDA only connects over WiFi, since there is no SIM.

So unless Google is purposely getting involved with a WiFi connection to a local, private server, they are not involved, either.

I stripped off all of the other apps as well.

link
raintrees 2474 days ago
To further clarify, I have been a dev for 30 years, mostly the Microsoft arena, and more recently, Linux. I also run a service business for small business clients, and eat my own dog food. In so doing, I have off and on again been an MSDN member, which included licenses (for development) of the Microsoft technology stack, which until recently included their Small Business Server product. That is how I got my start.

I have run my own Exchange Server(s) since 1995. And DNS, DHCP, etc.

link
snazz 2475 days ago
I would personally much rather have my text messages and VoIP phone calls encrypted (usually iMessage and FaceTime audio, but Signal and WhatsApp are popular with Android users), which AFAIK is only available on smartphones, than split out calling and texting from a primary phone.

I’ve also heard that Apple doesn’t allow the baseband direct access to the application processor’s memory, but I don’t know how true that is. There doesn’t seem to be much thought given to this on Android phones.

link
mkr-hn 2475 days ago
You're still at risk of baseband exploits, but those are less common.
link