Reality of FOSS projects...A conspiracy?

No offense to the free software community. But this ain’t FUD. This is real possibility. Amd more so when people talk of open source (and platforms that host them) as being totally clean.

With due respect to the community, I don’t see how a free platform or a free product can be sustained purely on voluntary donations. It just doesn’t make for a sustainable business model (even if you argue that this isn’t a ‘business’).

Without sufficient funding, there is no way to have bulletproof security.

1 Like

The need arises only after an unexpected event, which is possible even if you are very careful. This isn’t inevitable, but a possible scenario.

this ain’t FUD. This is real possibility

The real certainty is you are giving your privacy to google for a hope they are more secure. You have no case or evidence of FOSS being less secure. This is FUD by definition.

I don’t see how a free platform or a free product can be sustained purely on voluntary donations.

Many nonprofits are, but I agree that many “successful” nonprofits have some kind of sales, of products, or memberships and services. kernel.org being an exception?

Without sufficient funding, there is no way to have bulletproof security.

Better: Without sufficient funding, there is no way to have bulletproof security, whether FOSS or proprietary.

after an unexpected event,

It should be a very low probability that you lose your phone, one way or another. To me, the low-medium consequence and low probability make it not worth the privacy cost of telling google (precisely) where your phone is located 24/7. YMMV.

2 Likes

As is typical of my me, I’m late to the conversation; but to answer your question:
I think you are correct, unfortunately.

1 Like

You should look up MKUltra and the testimony of Cathy Obrien. It will give you more facts about what your example.

No, I’m glad it went the way it went. I learned stuff, you know, Matrix stuff.

I always assumed you approach any & every app/file as if it could be dangerous no matter what. No different from PC’s… No Conspiracy talk needed…
Lol

1 Like

Challenge accepted

It means different things to different people, but this beat me to it: https://medium.com/@camden.o.b/the-ultimate-one-year-review-daily-driving-the-pinephone-25bc41a05533

I don’t think it’s a conspiracy… Anyway, I wouldn’t want that very much :wink: :smile:

I didn’t mean to imply the entire open source community. Perhaps I should have written my post more clearly to avoid ambiguity.

The article solely mentions the prospect of intelligence agencies or huge corporations funding or founding apps or platforms.

Surveillance systems are more interested in sites like these because the people who come here usually don’t want to be followed. While there may be perfectly legitimate (or legal) reasons for doing so, such platforms are frequently used by users who are ‘persons of interest’ to governments and intelligence services.

The open source community does not have the same financial resources as huge enterprises. They are therefore e

I have yet to see a web browser free from some sort of tracking, fingerprinting, etc.

  1. Agree
  2. Agree
  3. Agree. Also server code.
  4. I am suspicious of any tech we are allowed to use. I am suspicious of LineageOS and its Weather service + more. I want to follow the money.
  5. Permissionless location tracking is a bitch https://m.youtube.com/watch?v=0s8ZG6HuLrU
    and
    https://m.youtube.com/watch?v=3RXs1e7FcJg (great channel for privacy topics)

Custom firmware and an f-droid diet and a (trusted) VPN and a faraday bag might be the closest thing we can get to privacy online, if you want it to fit in your pocket. Virtual machines and a laptop are probably far better. There are never any guarantees, either way.

FOSS code contributors often work for large corps, yes. The push to making the internet reliant on https is a centralising force of no good. If Google is pushing it, you should ask why. The origins of Google itself are from State Intelligence. Life is full of conspiracy facts and I think it’s great that you made this topic. It is very easy to assume open-source code is perfectly safe or will preserve our privacy. It is sometimes not the case, but I can’t think of a better system than the code being out in the open. I personally don’t use any Google services except YouTube videos downloaded with NewPipe. With all the censorhip going on with YouTube (about Covid scamdemic and the rest), I wonder how long that will last.

1 Like

So, you’re concerned about an opt-in open source crash reporter, but you link YOUTUBE.

That code is stubbed in Fennec/Mull. You can help stripping out completly and maintaining. And Mull have resistance to fingerprinting.

How exactly you go online with a faraday bag in the phone? …

Yeah, good luck with that.

Mogroth, yes I prefer to run smaller releases without code I’ll never use and with less scope for possible abuse. Yes, I download YouTube videos. From the nasty profilers at Google. Faraday bag = u don’t go online while it’s in there. VPN = yes, thank you for your condescending well wishes!

I know what is, but is useless. Malicious code that wants to connect to the Internet will do it as soon as it can anyway, if you are worried about the GPS is still the same, at the time you need to use the cell phone will make the supposed report anyway, if you do not use it would be the same as leaving it at home.
And… if we exclude possible and active backdoors in firmware, a phone without Play Services (trusted ROM in) should not be exposed to unwanted GPS tracking.

Faraday bag = prevents all radio tracking plus key fob and bank card skimming. The idea being to use your devices when using them but put them away when desired, without the possibility to track & hack while not in use. Especially as few phones come with a removable battery. Use the device when you want to & put it away safely when you don’t.

Will not prevent nasty code from connecting to internet next time you go online. Will do what it is intended to do. Nothing more.

if you are worried about the GPS is still the same, at the time you need to use the cell phone will make the supposed report anyway,

While your phone is in the bag, accelerometers and barometer may record approximate info on your movements, but less precise than cell, WiFi, or GPS. So only selected end points where you feel safe to use the device will be available to the device with precision.

if we exclude possible and active backdoors in firmware,

Probably a bad idea to exclude, if your precise movements are important to your threat model.

For the OP’er, when your phone is stolen inside the bag, it’s not tracked: more lost, less found, sadly. :slight_smile:

Battery should run out faster in the bag too, unless you set to airplane mode, or maybe then too…

I mean, I am more concerned that it not be actively tracked by private companies.
If I’m being targeted and therefore tracked by backdoors or radio even with airplone mode, I’m probably a spy or something, in which case I wouldn’t be using an android phone without physical switches.
I still think faraday bag is pointless for common people if you have flashed a trusted ROM.

@justsomeguy BTW, I really want PinePhone to be a success.
Although I don’t like that they don’t have clear installation and compilation instructions.
On the page about operating systems, if we go to the Manjaro download, it leads to a precompiled binary installation script which doesn’t even support PinePhone. :man_shrugging:?
Apart from this, I hope that an automatic sandboxing system for applications and system processes will be developed, it seems that it does not exist. This would help make it more accessible to all audiences.

If I’m being targeted and therefore tracked by backdoors or radio even with airplone mode, I’m probably a spy or something,

Or maybe you’re just an ordinary person, who could become a spy or something at any time…

Manjaro on PinePhone

Pine phone wiki is hit or miss, and I dislike Pine64’s choice of Manjaro as a default OS.

Better to use Mobian, or maybe Postmarket, IMO, but there are many OS options available to test.

There are many issues. I wish more good developers would go to work on those.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.