For those of you who are as confused as I am, I think they're making a new phone, but I'm not really sure about that.
posted by benito.strauss at 12:08 AM on September 30, 2014 [8 favorites]

I'm not nearly enough on top of the tech to know what's what here, but I nevertheless love this kind of logic ...

The important point here is that the new people are honestly committed to the underlying goals of the old guard [...] but not the old guard’s way of articulating that message. And while that should get applause, what it gets is resentment.

Ind.ie is the same. [...] That is, they’ve articulated the value of being open, and of your data being yours without it being sold to others or kept as commercial advantage, but have not done so by pushing the existing open source message, which is full of people who start petty fights over precisely which OS you use and what distribution A did to distribution B back in the mists of prehistory.
posted by philip-random at 12:22 AM on September 30, 2014

For those of you who are as confused as I am, I think they're making a new phone, but I'm not really sure about that.

the phone is secondary i think. the idea is rebranding open source without any involvement from the open source community.
that and usings macs, cuz macs are open source friendly yo!
posted by xcasex at 12:29 AM on September 30, 2014 [4 favorites]

I'd love to see a secure, private, independent Facebook alternative that doesn't suck. Not sure how I feel about the phone.
posted by ob1quixote at 12:36 AM on September 30, 2014

the phone is a red herring.
a phone cannot be a tool of empowerment for privacy by virtue of the baseband firmware.
posted by xcasex at 12:43 AM on September 30, 2014 [13 favorites]

As I understand it, this is a new kind of phone for people with right-wing politics.

It's a Blackberry without the Black.

It has a Bluetooth connection, but only with heterosexuals.

Data is unlimited, unless it involves evolution. There are no evolution minutes.

The phone cannot be used if purchased in Mexico and taken across the U.S. border.
posted by twoleftfeet at 12:59 AM on September 30, 2014 [11 favorites]

The important point here is that the new people are honestly committed to the underlying goals of the old guard (real ale is good!)

Jesus... Jesus... just.. Jesus..

And with that I summon Richard M. Stallman.

Because the free software community has had this conversation before. When the whole term "Open Source" was coined over a decade ago and the concept of free software was diluted. And it looks like "Independent Technology" waters it down even further.

From the ind.ie "manifesto":

Design does not bubble up an organisation, it must trickle down from the top.

That's not a fucking manifesto.

Our fundamental freedoms and democracy are under threat from the monopoly of a business model called corporate surveillance.

Why so specifically limit yourself to fighting only corporate surveillance?

We are to corporate surveillance what organic farming is to factory farming.

This is, in its final form, a brilliant piece of neck-beard trolling. The Portlandia of software manifestos. A slow clap to the the writers, because the trolling is exquisite.

I swear to fucking God, do I need to go over to the UK and show them how to do freedom correctly? Here's a clue, it's not via phone sales.
posted by formless at 1:04 AM on September 30, 2014 [33 favorites]

good form there formless ;)

i also have a hard time understanding how they will protect the user/s from surveillance, as there's already mil-ind companies selling multiple baseband firmware penetration and payload suites, not to mention the existing 0days for baseband firmware. it's just.. dishonest.
posted by xcasex at 1:08 AM on September 30, 2014

Awww, I was hoping that schnail mail was a real thing. I'd totally be willing to sacrifice someone opening my mail and putting offers into it and reading it if I got free physical mail for life.

(also, I may be sending pictures of ciphertext ready to be photographed/decrypted).

:(
posted by el io at 1:37 AM on September 30, 2014

am i the only one that gets weird unsettling vibes from this twitter convo by the founder of ind.ie and .. whoever the other one is?
posted by xcasex at 1:47 AM on September 30, 2014 [1 favorite]

someone should dub that twitter conversation onto the Simpsons' couch gag from a recent mefi post
posted by kokaku at 1:51 AM on September 30, 2014 [1 favorite]

Open source is not a monolith - the motivations of one person or organization can be very different from another. Some care about privacy and some don't. That said, I don't think open source movements have given this project much thought or notice, as it's a way overly ambitious concept by someone with no track record of pulling off large scale projects (I can't actually find *anything* that he's completed in the first couple pages of search results) that's almost certainly going to fizzle out pretty quickly. Canonical dropped their phone; Mozilla and Jolla haven't gotten traction with their phones; OpenMoko fizzled.

The larger issue has been kind of beaten to death here before which is that the average person just doesn't care that much about privacy. It's free and relatively easy to tell most credit card companies to not sell your purchasing patterns and only a tiny portion of people bother to do so, so I have a hard time believing that there will be a groundswell of people willing to pay for privacy.

We must work to change this so that your sim is eventually afforded the legal rights of a person.

Uh huh....
posted by Candleman at 1:56 AM on September 30, 2014 [4 favorites]

formless: And with that I summon Richard M. Stallman.

Not that I really disagree with anything you wrote, but so did they. They spoke to him for all of half an hour at their big hootenanny summit in July.
posted by ob1quixote at 1:57 AM on September 30, 2014

uhm.
i'm not getting the.. whatchamacallit.. right vibes..

Richard:
Others, you can get help, you know. I've never installed the GNU plus Linux system on a computer myself.

Aral:
Really?

Richard:
I always found someone who knew how to do that. Got someone to do it for me.

Aral:
So it was so difficult that you have not installed… .

posted by xcasex at 2:14 AM on September 30, 2014 [1 favorite]

and furthermore, i'm well versed in who's who. and there's a lot of.. i have no idea who they are at the summit.
posted by xcasex at 2:15 AM on September 30, 2014 [1 favorite]

"Today, there are really two consumer platforms that are battling it out in consumer space. That's Apple and Google right now; two companies that get user experience and are creating some amazing, amazing products that happen to be closed. One of which happens to be leading the way in corporate surveillance, so we need to build a platform that can compete, and to do that, we need to be able to control all of the components that go into the user experience, because it is those components combined that creates the experience. We have to stop conflating components of a consumer product with a consumer product itself; we do that a lot. "

"I do hope that once we start that, you will join us and make a huge amount of noise so that when we reveal the phone on November 8th, which happens to be Aaron Swartz's birthday, which I also found…well, I realised was Aaron Swartz's birthday when I looked it up, because it's also my birthday, and we're exactly ten years apart in age apparently. And I just watched Internet's Own Boy and I think I'm still getting over it. "

Complete with Real Tears(tm)

"But we need to be optimistic. I prefer the term realistic with an imagination. We need to be that, and we need to create alternatives, because I don't want to live in a world where I don't have the option of owning my own tools and data, because that will be a world where I don't enjoy any fundamental freedoms"
source

uhm. hi freedom0.

anyway, this comes off as the worst snakeoil to me, its the showmanship as a salespitch that makes it ott.
posted by xcasex at 2:27 AM on September 30, 2014 [5 favorites]

This leaves a worse taste in my mouth than Stallman ever has. Stallman can be ridiculous, but I have never had reason to doubt that he means exactly what he says.

This... Promising a phone as the first product (don't worry, they know it won't be easy!), invoking Aaron Swartz, not really adhering to your own stated principles when it's not convenient (when your message is "independent technology" not even trying to use a free OS… dilutes your message), all point to an operation that will gladly take your crowd sourced funds and produce fuck all with them.

I'm skeptical.
posted by conorh at 2:48 AM on September 30, 2014 [3 favorites]

Maybe i've just had too much internet, but i can not get by how pretentious and stupid of a domain name this is. It's like something a lazy satirist would come up with. We're really through the looking glass on that front.

Especially because you know they dropped like 20k+++ on it since it's such a short, desirable one.

When you combine that with how confusing whatever the hell they're doing is, it's just completely beyond parody.
posted by emptythought at 3:13 AM on September 30, 2014 [9 favorites]

I work in the industry these guys are trying to "disrupt", and really they sound like they want to write phone software rather than make phones. Being successful at making phones is mainly about solving a lot of boring logistical and technical problems, like getting a decent price on a certain part or figuring out how to do the board layout in a way that doesn't cause calls to drop if you hold the phone the wrong way.
posted by burnmp3s at 4:15 AM on September 30, 2014 [8 favorites]

I read the fucking links, I've contributed to open source projects, and I still don't know what the goal of this post is. Is this supposed to be like a reddit thread where somebody links to something they don't like and tries to whip up a crowd against?
posted by ardgedee at 4:15 AM on September 30, 2014 [2 favorites]

Aral is a nice fella, but he has spent the last twenty years talking about doing rather than doing, and carved out a career talking about doing things, too.
posted by bookbook at 4:30 AM on September 30, 2014 [1 favorite]

I'm SELLING a product and will stop at NOTHING including revisionist history and MASSIVE oversimplification to market it.

WOW.
posted by clvrmnky at 4:56 AM on September 30, 2014 [3 favorites]

I am with xcasex on this. He does not control the chip manufacture, nor the firmware. This has been a known concern with solutions such as, very private chip factories to straight up denial of US market entry for certain firms.

I got no pitchfork nor torches on this, but some skepticism.
posted by jadepearl at 5:12 AM on September 30, 2014

As usual, replacing the word "design" with "marketing" works really well in explaining these things.
posted by Poldo at 5:23 AM on September 30, 2014 [2 favorites]

Are the guys who made "Spinal Tap" and "Best in Show" doing online performance art now?
posted by jbickers at 6:07 AM on September 30, 2014 [3 favorites]

Extremely vague product announcement about (maybe?) a phone that they won't show you and it won't ship for two years and anyway the phone isn't really the point, this is bigger than that but we're not being specific about how other than to say "privacy", and also we're going to conveniently ignore the part where Google proved that much of open source's strength gets gutted when you hand the software to handset makers and wireless carriers before it gets to the consumers.

I'm really not trying to be "meh" guy about this, but hyping a product this much that's that far away with those hills to climb before you can get there? And you don't even have a prototype to show me?
posted by middleclasstool at 6:11 AM on September 30, 2014 [1 favorite]

I don't know. A secured phone with trustable baseband firmware would be the best possible solution. But personally I'd be thrilled with one that made even just the application space more respectful of privacy: ditch the cloud services, locally-encrypt any data put into any remote service that it does use, anonymize searches, monitor the baseband status to yell about any cell (or cell-simulator) that's asking it to send voice with encryption disabled. It would be a partial solution, but much better than we have now.

Currently, evaluating any new software for my personal phone involves a half-day process of revoking permissions, seeing if it runs without them, and deciding if I can live with the amount of information it wants to send home to the mothership. I'd love a phone firmware that didn't require all of that, even if it meant using an oddball off-brand OS with very limited app availability.

I know that lots of people don't care about this, but there's got to be at least a niche. And once the ability exists, I'd think a lot of people would look at and think "Hey, that sounds like a good idea. What does a puzzle game maker need with all my friends' phone numbers, anyhow?"

Whether the person who wrote this is really capable of introducing that capability is another, more difficult question.
posted by CHoldredge at 6:12 AM on September 30, 2014 [1 favorite]

I first found out about ind.ie when Shanley started mocking them on twitter. Her points were valid and mild by her standards, but Aral did have the decency to try and stop the trolls who started retaliating against her.
posted by tofu_crouton at 6:18 AM on September 30, 2014

Well, I should say the alleged trolls. I certainly didn't go looking to see them or what they were doing.
posted by tofu_crouton at 6:19 AM on September 30, 2014

Thanks for digging that explanation out, xcasex. It sets my teeth on edge when folks who don't know what they're talking about start spouting off about what they imagine free software advocates want and do. That is one of myriad examples as to the very practical concerns that bring many of us to it.

> Canonical dropped their phone; Mozilla and Jolla haven't gotten traction with their phones; OpenMoko fizzled

Also, the promise of the Spark/Vivaldi/Plasma Active tablet didn't pan out due to the inherent difficulty of doing this sort of thing. And even though you can now play Quake using free-as-in-freedom drivers to run the GPU on the Raspberry Pi it still requires a bg, opaque, proprietary binary blob to boot the general-purpose processor on the Pi through that GPU. In this way, the GPU is a bit like the baseband processors on phones.

But folks working on the above projects haven't stopped wanting the privacy benefits that freedom brings to mobile device owners, and there remain other bright spots all around. With enough people huffing and puffing maybe they can make one of them catch in a sustainable way.

I recognize a lot of the skepticism here as being similar to that I had for Canonical when they first started out. That has been a rocky road, for sure, but it's been far from the once-release-cycle vaporware I feared. Canonical has brought real infrastructure to the scene, managed to help pay people comitted to free software, allowing them to move out of the proverbial parent's basement[1] into Real Jobs™ and draw some people to free and open source software, sometimes even in a useful way.

So, I don't know. Maybe this is an attempt to set off a large enough hype bomb to launch the project over all the huge obstacles and into sustainable orbit in one go. I don't know that they'll reach escape velocity without blowing the whole thing up on the launch pad, though. Also, I don't know if the increase in cynicism will be worth whatever resources the hype draws in (eg, through Stallman's participation in that summit).

[1] Perhaps more usually, out of dorm rooms or out of jobs which were only marginally involved with free software, if at all.
posted by one weird trick at 6:25 AM on September 30, 2014 [1 favorite]

OpenGuarden's mesh networking app FireChat is being recommended by student leaders in the Hong Kong protests out of fear authorities may shut off communications.

Just remember cannot trust closed source crypto products including OpenGuarden if your adversary has any political connections in the U.S.
posted by jeffburdges at 6:59 AM on September 30, 2014

It's funny how I know nothing about the guy to hearing twice about him in one night. I just got done reading his goodbye to Ello (because they took vc money)
posted by cendawanita at 7:06 AM on September 30, 2014

So we're okay with posting crowdfunding appeals if they haven't actually started taking money yet, then?

The ind.ie thing sets off all my onboard jerkwad alert systems, but I did get to try out a blackphone yesterday and I was pretty impressed. The hardware is pretty nice, and they've fixed my biggest gripe about the android security model (giving you the ability to install an app and restrict its individual permissions instead of just a go/no go on the entire app).
posted by phooky at 7:10 AM on September 30, 2014 [4 favorites]

Is it just me or is he essentially saying that this (privacy) is a marketing problem in search of a solution?
posted by echocollate at 7:33 AM on September 30, 2014 [4 favorites]

I'm paid to work on an open source software, and I'm also a top-5 contributor to several other open source projects in my copious spare time - so I'm the sort of person they want to attract.

But this seems like a non-starter to me. Where's the code? Where's their source control (git, subversion, hg, etc) repository? Where are their design documents?

How exactly are they going to ensure privacy? It isn't something that you put into a program or library by writing the word "privacy" a lot - you need a coherent, systematic strategy to accomplish it. We are still in the very early days of the digital world - there isn't some "privacy" ingredient you can pull out of a box - we honestly haven't fully resolved even what the word means! I'd be perfectly willing to believe they have a better definition of the term - if they showed me that definition, manifesto or whatever.

It seems to me that they are hopelessly naïve, and in a Dunning-Kruger way. ("We can design a whole phone, even though no one here in the room has been involved in such a project before, because we're such good programmers!" "I know - let's put PRIVACY in the phone! No one else ever thought of putting any privacy in their phone! It'll be great!")
posted by lupus_yonderboy at 7:35 AM on September 30, 2014 [20 favorites]

I will be amazed if a group of people who mostly appear to blog about solving fairly trivial HTML/JS problems have the wherewithal to design, test and distribute a functioning smartphone.

Building complicated electronics is *HARD*. Really, really hard. Even ignoring the possibly greater feat of developing a viable mobile operating system, you're talking years and years of effort by hundreds or thousands of people.

So basically that means that they're either full of shit or reselling somebody else's hardware and software. If the latter, how do they know that their phone respects your privacy? How can a team of people who have no real understanding of their product sell it as something that protects privacy?
posted by leo_r at 7:36 AM on September 30, 2014 [6 favorites]

The hardware is pretty nice, and they've fixed my biggest gripe about the android security model (giving you the ability to install an app and restrict its individual permissions instead of just a go/no go on the entire app).
posted by phooky at 9:10 AM

towelroot (by GeoHot) (a super easy way to root) + xposed installer + xprivacy does what you want.

Granted it's not *default* but it is possible, and it honestly is much easier than rooting used to be with towelroot.

If that is a feature you want, and didn't know about it I recommend it. That said, the UI for xprivacy, frankly, sucks. I'm still not sure I'm using it right.

---------
I'm with formless and xcasex. Funny thing is that I didn't realize this aral dude was the one who wrote the Ello thing. I mean, clearly his point worked with me. I'm just not so sure I like the weaselly slick presentation. It's like they only know how to talk in corp-speak. SYNERGY. PARADIGM. 2.0.
posted by symbioid at 8:00 AM on September 30, 2014 [3 favorites]

It seems to me that they are hopelessly naïve

It feels hopelessly naive to me to think that any device, ever - regardless of who is working on or auditing its code and hardware - is going to provide durable privacy.

The constant stream of zero days aside, the NSA has, in the past, silently been two decades ahead of the encryption state of the art. Bruce Schneier, James Bamford and others have repeatedly said that we have no idea how far ahead they currently are. And yet, Apple is able to make loud pronouncements about the iPhone 6's "NSA-proof" encryption, and have them broadcast by the NY Times and the rest of the main stream media.

It's bullshit, and I'm entirely confident that it's going to prove to be either hubris on Apple's part, or part of an elaborate PR strategy that masks the IT industry's continuing collaboration with US intelligence.
posted by ryanshepard at 8:02 AM on September 30, 2014 [1 favorite]

But this seems like a non-starter to me. Where's the code? Where's their source control (git, subversion, hg, etc) repository? Where are their design documents?

Not providing any of this seems like an excellent way to keep the old-guard open source community away. </snark>
posted by metaquarry at 8:32 AM on September 30, 2014

XPrivacy is not the solution to Android's privacy issues.

XPrivacy has two main problems:

1) A terrible, terrible User Interface. As a connoisseur & past perpetrator of bad UIs I know one when I see one & the XPrivacy UI is awful. The gui of the App itself is obtuse, consisting of an enormous laundry list of Android API function calls with no clear explanation of what impact they have on the user's data. The prompts shown to the user when an App asks for access to a resource marked as requiring a user prompt are equally atrocious: decide whether or not to allow some opaque Android function call but you'd better decide quickly because there's a timer running out on the screen in front of you! If you don't decide before the timer runs out then the App will get one-time access to that resource.

Did I mention that this is a terrible UI? It could be the poster child of UIs written by software engineers for people that are exactly like them.

2) It's not actually secure. Because it injects code into the address space of the target App, an App that is "XPrivacy aware" can overwrite that code with it's own code and eliminate the protections that XPrivacy claims to provide. (Technically the App has to load a binary library in order to do this, but many Apps need binary libraries so the user is likely to give permission to issue a loadLibrary() call & once that's happened all the XPrivacy guarantees are dead letters.)

XPrivacy also requires the entire XPosed framework to be installed & I'm not entirely sure I trust that either. I doubt it's ever been audited by a security professional of any stripe.

IMO, you get a much stronger privacy guarantee from either CyanogenMod or one of the other Android forks that build on the AppOp API that Google inadvertently shipped with previous Android versions. Apps cannot circumvent the restrictions and the user is given reasonable control over what data they share with a given App.

On the encryption front, Edward Snowden was pretty clear that to his knowledge, the NSA doesn't have any magic bullets. What they have is a ridiculous level of resources that enables them to do anything you might idly consider possible, but would require a lot of effort. The NSA is quite happy to put that effort in if it gets them nearer to what they want, which is total information awareness.

If there are any breakthroughs in current cryptography, then the NSA is reserving them for the highest possible value targets & they aren't sharing them with any except a very small need to know community within the US intelligence services. They're also quite happy for the rest of the US government to be using those protocols whilst knowing that they're insecure, which seems unlikely to me.
posted by pharm at 8:32 AM on September 30, 2014 [7 favorites]

Last year I got a chance to see Aral speak, and hang out for a few hours to chat about his project/ideas/motivations/dreams. The heart of his message at that time was that the Open Source development community has, by and large, focused on solving technical problems for its own felt needs. There's nothing wrong with that, but many people in the FOSS community also say they want FOSS to be used by a broader mix of people. Often, this doesn't happen. Often, this confuses and frustrates the FOSS advocates.

These advocates often explain that the public is just too dumb to know what's good for them, or that closed-source/nonfree alternatives "just have bigger marketing budgets." Aral argues that the real difference is that those closed/nonfree products have just invested the time and effort in designing for compelling user needs. That isn't just about the appearance of a product, but its operation, the whole experience of using it and the choices about what problems it attempts to solve.

Aral agrees with FOSS advocates in that things like freedom 0, data privacy, and so on are critically important as software and smart devices become more integrated into our lives. But he also points out that things like "freedom 0 and data privacy!" sit at the top of Maslow's Hierarchy of Technology needs, so to speak. They are simply not compelling to people who simply want tools to accomplish tasks. i.e., the majority of the population.

I've written and spoken about this a couple of times; for the vast majority of the population, "Easy" beats "Open" because something must be useable before the FOSS concept openness even matters. Aral argues that if the OSS community and freedom-advocates really want to make a difference, they must begin tackling big-D-design challenges with as much gusto as they bring to BSD vs GPL arguments. He's trying to put his money (or at least his time and energy) where his mouth is, and while I agree that the ind.ie project is a huge undertaking, he's definitely throwing himself at the problem and trying to convince others to as well. If there is fuzziness in the ind.ie messaging, I think it's because Aral doesn't see it as a phone, but as one project in what could be a movement. He wants FOSS to change the world, but but believes FOSS must learn to engage with the world on its terms.

The challenge, of course, is that like most passionate people he can also be antagonistic towards those who don't share his ideals. He personally attacks designers who work for companies like Facebook and Twitter, ascribes malicious intent to people in the industry who don't seem to value the FOSS ideals as much as he feels they should, etc. I don't think he's any more abrasive than most other industry personalities, but the nature of his message means that he's trying to get people to walk a difficult path.
posted by verb at 8:35 AM on September 30, 2014 [6 favorites]

closed-source/nonfree alternatives "just have bigger marketing budgets."

Or were happy to abuse monopoly positions to keep out competitors, whether open source or not.

Computing is not, and never has been a level playing field. Be had great design, and Microsoft still managed to keep them out of the PC market by arm twisting the PC manufacturers & that's just one example out of many.
posted by pharm at 8:55 AM on September 30, 2014 [2 favorites]

> It feels hopelessly naive to me to think that any device, ever - regardless of who is working on or auditing its code and hardware - is going to provide durable privacy.

I would say, "That remains to be proven." I'll bet, for example, the NSA has a system that does an excellent job of providing durable privacy to their operatives - simply because they have a huge budget.

The open source world has nothing like this yet, but we are still in early days - software is by no means a mature field. Wait till we're into our second century of software engineering and then ask again.
posted by lupus_yonderboy at 8:57 AM on September 30, 2014

I guess it says something that I didn't want to sign their manifesto because I didn't want them to have my personal information.
posted by malocchio at 8:59 AM on September 30, 2014 [2 favorites]

If there is fuzziness in the ind.ie messaging, I think it's because Aral doesn't see it as a phone, but as one project in what could be a movement. He wants FOSS to change the world, but but believes FOSS must learn to engage with the world on its terms.

verb: I agree with the general point that free and open source values are typically secondary concerns to the average user, and that the hard work of design and UX should be privileged more in F/LOSS projects as a whole.

I also want to surface this excellent line from your speech: "Open Source, in its majestic equality, guarantees both programmers and non-programmers alike the right to alter and recompile their software."

But that said, I think Steve Job's question very much applies here: can Aral ship?
posted by metaquarry at 9:07 AM on September 30, 2014 [2 favorites]

There are definitely privacy tools like the Tor Browser Bundle that're both opens source and relatively user friendly. Jitsi isn't too bad, ZRTP fires up automatically and the OtR lock at least appears above all conversations. Pond is relatively user friendly once you manage to build it, well except that you cannot restore your state file from backups.
posted by jeffburdges at 9:27 AM on September 30, 2014

Interesting that XPrivacy works by injecting code into the app. I've heard seen Chrome privacy extensions have similar issues with aware sites bypassing them, maybe due to Google not being too quick to provide tools that block ads.

Ideally, you'd want to lie to Android apps about what permissions they finally got. For contacts, you'd provide em' an empty or minimal contacts list, but warn the user that they might be losing functionality, and let the user configure limited contacts lists for applications that actually use the contacts. You'd treat phone and SMS records similarly.
posted by jeffburdges at 9:33 AM on September 30, 2014

I was hoping you folk would be able to clarify what their movement was. Ah well.

I can't say that all they are is bullshit, but I'm going to respect my instinct that says that if someone came up to me on the street and started spouting this kind and this volume of hoo-ha, I might listen but I would definitely put my hand over my wallet.
posted by benito.strauss at 10:15 AM on September 30, 2014 [1 favorite]

We are to corporate surveillance what organic farming is to factory farming.

Everyone feels better about it but the cow still is killed and eaten at the end?
posted by Jon Mitchell at 11:34 AM on September 30, 2014 [6 favorites]

Everyone feels better about it but the cow still is killed and eaten at the end?

... and only the comfortably wealthy can afford to pay for it.
posted by TheKevinFlynnEffect at 12:20 PM on September 30, 2014

also what I don't understand is how the project is receiving awards for building privacy when they have zip-zero-nada-nil out there.
posted by xcasex at 12:53 PM on September 30, 2014

symbioid , thanks for bringing XPrivacy to my attention, and pharm, for pointing out the weaknesses. I can see that it's better to continue using AppOps to lock data away from apps that don't need it and, that will tolerate being told "no" But lots of them will simply halt if you don't let feed them whatever personal information they're hungry for. Xprivacy's approach of offering fake data (like LPG Privacy Guard used to do) is a lot more functional.

Neither one of them meets the the data-protection needs of people whose threat model includes serious attackers: if I were organizing an HK-style protest I'd be very leery of using anything more than a second-hand feature phone burner. But for dealing with the "you want access to WHAT?" issue, I think the combination is going to be more useful than AppOps alone.
posted by CHoldredge at 12:59 PM on September 30, 2014 [1 favorite]

CHoldredge: I've never had any App compatibility problems with CyanogenMod's Privacy Guard implementation - I suspect they are returning empty datasets rather than returning errors from the relevant API calls.
posted by pharm at 1:14 PM on September 30, 2014 [1 favorite]

"U.S. Law Enforcement Seeks to Halt Apple-Google Encryption of Mobile Data"

and that's that.

but i've been reading everything i've been able to find on ind.ie and i'm still stuck at the "need" part.
normal people don't even care about the blanket surveillance, there are some edge-cases i'm sure, but atm ind.ie are doing two things.

* using design as a method to encourage participation in their platform, which .. uhm remains to be actually seen.
* using design as a method to rebrand a "user friendlier" alternative to the open source movement utilizing the FSF definitions.

Neither of which they have a proven track record of.
I found a git server they have, it only has .. . minute commits of the website, which is uh.. open sourcey I guess.

But putting all that aside, it's all just hot air.
nothing but.

to build a secure phone, you need control & understanding of the full stack.

baseband - to build a secure baseband you need to isolate it, reload it, state-management, hash verification of the firmware at different states. then it's a bit more secure.

operating system - ideally, linux based, there's the choice of sailfish and android here, i'd prefer the former even though i've committed to the latter (ARC).

app sandboxing - xprivacy is a good example, i'm not convinced its the right implementation, but ideally this would include some form of process isolation jail as well as priviledge-management.
interface -- i dunno, can icons on a homescreen be any easier? or are we going into information architecture on usable interfaces?

i'm not sure after seeing the team they have the ... right people to pull this off, they have the gusto, but not the knowhow imho.

and to be fair, bringing more user-friendliness to opensource software is laudable, it's not without precedent.

so in the words of havoc pennington, show me the source.
posted by xcasex at 2:04 PM on September 30, 2014 [1 favorite]

"U.S. Law Enforcement Seeks to Halt Apple-Google Encryption of Mobile Data" and that's that.

For the time being, the US intelligence community and its partners are allied, but very different, adversaries of privacy than local police departments. Not "that's that" at all.
posted by ryanshepard at 7:22 PM on September 30, 2014

Yup. Any crypto provided by Apple, Google, Microsoft, etc. is almost surely backdoored for the NSA. Apple and Google are doing this to prevent more trustworthy competitors from doing so, like Internet Explorer vs Netscape. Ain't impossible the NSA even asked them to do it.
posted by jeffburdges at 9:07 PM on September 30, 2014 [3 favorites]

It's a social network folks!

"Heartbeat is a social network client that is private by default. It’s peer-to-peer and uses a distributed synchronisation engine called Pulse. You can use Heartbeat to share your thoughts, photos, or anything else privately across all your devices. You can also share privately with your friends, or publish publicly for the whole world to see via the Web.

You have full ownership and control.

Heartbeat is free as in freedom."

so far so good(tm)

"Keep an eye on us. We’ll be posting updates every week. In November, we are launching a very early pre-alpha of Heartbeat for OS X Yosemite users and for developers to play with."

ehrm.
why'd you have to ruin it?

this here's why i have a hard time understanding the project, they speak about open, participation, free software.
but they dont dogfood it.

also, bonus from twitter:
"@aral: @elimitev Pssst… the business logic is in JavaScript & web client will be in the works :) Very early days. Focussing on experience. +@indie"
source

I don't even...

and some twitter users are finding his criticism of ello a little.. distasteful.
posted by xcasex at 1:55 PM on October 1, 2014 [1 favorite]