SoylentNews is people
SoylentNews
Replicant is a fully free Android distribution running on several devices, a free software mobile operating system putting the emphasis on freedom and privacy/security. It is based on CyanogenMod and replaces or avoids every proprietary component of the system, such as user-space programs and libraries as well as firmwares.
Replicant aims to be an ethical system: it does not ship nor recommend the use of non-free software.
...and that The Replicant blog reports on devices which are now available with Replicant pre-installed:
[More after the break.]
A few months ago, we were contacted to discuss the endorsement of an online shop selling mobile devices pre-installed with Replicant. [...] We asked for some conditions to be met before endorsing the shop, especially conditions that have to do with informing final users:
- Users should not be mislead into believing that the devices are fine for freedom and privacy/security. There are plenty of issues remaining, that are explained in general on the Freedom and privacy/security issues page of the website and in greater details on each device's wiki page (when documented).[...]
- The devices should ship with the official version of Replicant, not a version that was built from source and signed with different keys. However, it is fine to pre-install free applications originating from F-Droid on top of the system, as long as users are made aware of it.
[...] At this point, the following devices can be bought pre-installed with Replicant:
Replicant gets kickbacks donations from sales of the Qibre devices. Both Replicant and the F-Droid app repository benefit economically from sales of the Tehnoetic devices.
[1] Redirects to a numerical IP address for me. (...and that's a dead link. 8-() [Takes me to http://92.19.232.58:59999/ and that DOES work for me. -Ed.])
WRT blogs: Does it irritate anyone else when comments are numbered top-to-bottom but are listed chronologically bottom-to-top?
Does anyone know of a trick to make those paradigms work together seamlessly?
(Score: 0) by Anonymous Coward on Tuesday December 08 2015, @01:46PM
This is going to give users a false sense of security which can be even more dangerous than having no security at all.
What about device drivers? Android ones are closed as hell. Both on phones/tablets and PCs, device drivers are the most dangerous place to install spyware into, and the most looked for by famous agencies: they always run, they always have the highest privileges, they get installed by default on every device and they're nearly impossible to replace with alternative ones, ie the perfect place to plant spyware code.
Want to snoop what an user writes in a highly encrypted application? No need to crack the encryption, just call a well hidden function in a driver and snoop the keyboard or the touch screen *before* it gets encrypted: instant access to personal data, emails etc. Same thing for accessing files or networked devices: hard drives have closed firmwares as well as wireless cards. Processors have their binary blobs too, and don't get me started on UEFI for motherboards.
Need a proof of concept? Do a search for the infamous "Interbase backdoor". It's like 15 years old stuff that should be taught as an example on why having access to source code is so important. TL;DR version: Interbase was a well known database engine used also by corporations and governments, Borland decided to open its source and in a short time a
backdoor that went unnoticed for almost eight years is discovered and fixed.
So we better stop talking about secure devices, especially when referring to mobiles. If it's Android or Apple or any other not 100% open operating system then it's neither secure nor reliable, no matter how much rooted it might be.
(Score: 0) by Anonymous Coward on Wednesday December 09 2015, @01:46AM
Windows Vista and up actually keep most driver code in ring3.