[kwlug-disc] cell phone security and privacy
Mikalai Birukou
mb at 3nsoft.com
Tue Jul 26 22:16:06 EDT 2022
Very nice expose. Thank you. I'll adopt style of quoting particular
thing to discuss it, one per message.
> After researching cell phone OSes and installing Graphene, I suddenly
> have a lot of opinions about privacy and security in cell phone
> operating systems. I now have a fully degoogled Android phone, and
> I'll talk about that.
> ...
>
> [*Footnote: Interestingly, locking my phone would violate the GPL 3
> (by denying an adversary with temporary possession of my phone the
> right to hack it and insert malware), but only if Graphene used GPL 3.
> Graphene uses a permissive licence specifically to ensure my right to
> protect myself.]
> ...
We are so used to someone else locking out our devices, that I think we
might be throwing a baby with the bath water here.
You take some blank slate device, put os on it, locking out everyone
else. And you use this device yourself. It sounds like what we wanna do,
and what you have done by placing Graphene onto your device.
This is different from provider/manufacturer locking a device without
your ask, and giving it to you with software on it, which makes it
"conveying a (software) work". Manufacturer/provider conveys work in
locked form. And when you lock your own device for your own use, you are
not conveying it.
Quote from GPL 3, section "3. Protecting Users' Legal Rights From
Anti-Circumvention Law.", start of the second paragraph:
"""
When you convey a covered work, you waive any legal power to forbid
circumvention of ... blah, blah, blah.
"""
You aren't conveying your locked phone/data, hence this doesn't apply.
Now. May be we should create an explicit flow for user to understand
what and who is locking things, to have a visceral impression of who
owns what:
- Explicitly blank slate device with an option to lock it.
- User locks it. Not the vendor, not the provider.
Done.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20220726/d20af6cb/attachment.htm>
More information about the kwlug-disc
mailing list