Blog Post: Your Phone Is Your Castle

A Brief History Lesson

There is a saying “A man’s home is his castle” that derives from an even older British saying “an Englishman’s home is his castle” from hundreds of years before. Putting aside the history of male and female ownership of property for the past few hundred years, this statement came about as a matter of common law in the 17th century that enforced the right that no one–even the King–may enter a British person’s home without their invitation. As stated famously by Prime Minister William Pitt in 1763:

“The poorest man may in his cottage bid defiance to all the forces of the crown. It may be frail – its roof may shake – the wind may blow through it – the storm may enter – the rain may enter – but the King of England cannot enter.”

This right influenced the United States founding fathers and became a right against unreasonable search and seizure enshrined in the fourth amendment in the US Bill of Rights.

Ultimately this statement is one about personal sovereignty over your property: that you should be able to control what happens with your property, should be able to control who is allowed to enter it, and should be allowed to defend it from intrusion.

Your Phone Is Your Castle

If your home is your physical castle, your phone is your digital castle. More than any other computer, your phone has become the most personal of personal computers and holds the most sensitive digital property a person has, including:

  • Detailed contact lists of friends and colleagues
  • The contents of private communications
  • Personal photos (sometimes including very intimate ones)
  • Personal files (sometimes including financial documents)
  • Health and biometric information (sometimes including personal heart rate, blood pressure and exercise regiment)
  • Passwords to online accounts
  • Often even a database (if not multiple databases) of everywhere the phone has (and therefore you have) been.

So to extend the metaphor, if your phone is your digital castle, it means you should be able to control what happens with it, who is allowed to enter it, and should be allowed to defend it from intrusion.

Read the rest of the article here:

22 Likes

i love it when free-software leads to poetry and philosophy … or was it the other way around ? :stuck_out_tongue_winking_eye:

in the hopes that everyone reading this will see the SAME thing i’ll link to the following :

from the reception :

A review in the Los Angeles Times stated that “while most people are aware that they’re being mined for data while on these sites, few realize how deep the probe goes […] if you think the trade-off is merely getting targeted ads for your favorite sneakers, you are in for a big shock”.[6]

2 Likes

You should decide which software is allowed on your system, not Purism. While other vendors often are paid to bundle third-party applications you aren’t allowed to remove, all of the software on the Librem 5 including pre-installed software is fully under your control.

this might sound stupid but how do i remove and purge the video app named “Totem” through the CLI ?

i’d rather use GNOME-mpv which i already have installed on my PureOS amber …

#sudo apt purge totem

That’ll remove the application and all related files from your computer.

3 Likes

Good article, written in a way my friends could grasp the issue.

1 Like

odd. that worked now but when i tried it some time ago it didn’t … oh well it’s gone now.

What I really need is a reliable device and OS that I’m in charge of instead of another lecture on why I should be using a device and OS that I’m in charge of.

[edit] Sorry for the attitude. I’m just frustrated with still having to be under the thumb of Google.

I do not disagree with the article and I really am looking forward to the Librem 5, but not because I feel it is the only phone that allows me to own a castle of my own.

To that end, I’m curious how AOSP Android that is absent of Google (de-googled) and only using F-droid fits into this analogy. See I know what the response is going to be, at least in part. What about the hardware? What about not being able to trust that GPS, wifi, bluetooth, etc. are truly off?

Only the security rabbit hole, as has been demonstrated on this forum repeatedly, goes infinitely deep, and is a lost battle that always succumbs to attrition. So security can’t be the pinnacle that the Librem 5 stakes its claim on. Really most of the the things useful for security are really more relevant to privacy anyway.

Convergence is the claim to fame. The Librem 5 isn’t like a desktop in your pocket, it IS a desktop in your pocket.

I believe this is the angle Purism should be focusing on.

That said, the article isn’t wrong.

1 Like

Believe it or not, the former takes more time to produce than the latter. I see that you’ve edited and I kind of regret my answer too. We want the same thing. It’s taking a frustrating amount of time but I’m very grateful that somebody is trying to give us all the option to get out of the duopoly :slight_smile:

Very good article! The castle analogy makes it accessible to people who don’t have an existing interest in alternative options. That’s going to be very helpful.

I especially liked “If you live inside a strong, secure fortification where someone else writes the rules, decides who can enter, can force anyone to leave, decides what things you’re allowed to have, and can take things away if they decide it’s contraband, are you living in a castle or a prison ?”

3 Likes

That’s the setup which I have on my phone (Samsung Galaxy S5), so I can try and answer those questions.

First off would be automatic and mandatory updating of the OS and any installed software.
I’m using LineageOS 14.1 (Android 7.1.2), which is several years old. While there is an option in the settings for OS update checks, I never turned it on and it has never bothered me.

As for the software, I’m actually using an old version of the F-Droid software (0.102.3, dating from 2017-09) because I don’t like the UI change they made in the next version. There is an option for automatic updates, but I never turned that on. There’s even an option to mark an installed program so that it never looks for updates (which is what I’ve done for the repository software itself, so that I don’t click on it by mistake when updating the rest). When picking something to install, you can scroll down through a huge version history to get previous versions. I don’t know whether they have any kind of forced remote erase functionality, but I would be very surprised if that were the case.

Software devouring your data and spying on you: the first line of defence here would be F-Droid itself, which a) only accepts things with publically accessible and changeable source code, so you would not be able to sneak something in there easily and b) is very trigger happy with big red warnings (eg. Firefox has a warning for “promotes non-free addons” and “this app tracks and reports your activity”). It’s highly unlikely that Farcebook or any other spying organisation is going to put their software on F-Droid.

The second line of defence would be the OS itself, which has something called “Privacy Guard” for managing permissions and brings up prompts when software wants to access some information (eg. the built-in camera software wanted location information for some reason, that got an immediate “block and never ask again” response from me).

Finally, there’s other software that you can install. From F-Droid, I’ve installed AFWall (application-level firewall) to keep software off the Internet unless you explicitly desire it and XPrivacy to get finer control over permissions granted to installed software (eg. I’ve read that some software hard crashes if denied access to your contact list, XPrivacy’s method is to intercept the request and return an empty list, it can also supply randomised or weird values for other queries like the MAC address, GPS location or IMEI).

As far as I know, the L5 doesn’t have anything like XPrivacy yet, but that can be explained quite handily by the phone not actually existing yet (I define Evergreen’s release to be that point). I’m not sure what the interfaces for storing and requesting data are (or what kind of protection things like the contact list have against being read out), so I don’t know how easy it would be to create a piece of “man in the middle” software like that.

Hardware isolation is the biggest difference.

Pretty much every single modern Android phone has the modem and the CPU on the same chip and using the same RAM. While the manufacturers swear up and down that it’s all isolated and secure and whatnot, we have no way of knowing that for sure. Whether it’s something maliciously hidden at the request of some acronym organisation or just some bug in the ROM/firmware, there remains the possibility that malicious messages sent over the cellular network could take control of your system. Not only that, but the GPS chip often has a direct path to the modem as well and will take requests for your location without you ever knowing about it. Likewise, I believe that it’s also quite common to connect the audio chip and the modem directly - this means that the OS barely needs to do anything when handling phonecalls, but is an obvious security hole if the modem is compromised.

Apple devices have separate modems (and that’s only because Apple don’t make their own at the moment), but I have no idea how they’re connected to the rest of the system (it is likely, but not guaranteed, to be a USB interface; I also don’t know how they route audio and therefore whether the modem can arbitrarily decide to start listening) and the complete lack of control that you have over “your” iThing is another matter entirely.

Older (~2013 and before) Android phones did have separate modems which had no direct access to main memory or the CPU - this is one of the criteria that Replicant used when selecting “worthy” devices.

The switches and the component isolation are a key feature for me. If the modem’s got no power, it can’t betray me in any form. Even if it’s active, it can’t get GPS data or silently transmit audio without explicit co-operation from the software running on the CPU. It’s not just software that might be hostile, the networks can quite easily be the enemy as well.

1 Like

Unfortunately, watching that documentary legally would require pretty malicious propreitary software and DRM, that tries to control what I do on my own computer, only works on certain browsers with Widevine included and only works on certain instruction set architectures that support the propreitary Widevine module, and limits the resolution to 720p because they cannot get enough control to trust the user with full quality. For these reasons, I boycott Netflix, and am therefore not willing to watch this documentary unless it is officially released on a more open platform. Plenty of great documentaries exist on YouTube that don’t require me to break the law to get a half-decent experience, so I have plenty of alternative sources of content.

3 Likes

Big discussion on Hacker News: https://news.ycombinator.com/item?id=24463347.

2 Likes

completely agree … however i linked to a wikipedia page NOT directly to sh!tfl!x (i would never do that unless i’m near comma drunk and even then it would be a pretty hard try to get it right the first time)

there are other … LESS :stuck_out_tongue_winking_eye: mainstream methods to grab that AV-docu’ nice and fast (it’s not hard to figure out where and HOW to do just that). i could provide detailed instructions and link directly to it but i don’t want to insult your intelligence nor the audience. just make sure to use encryption at the network level (at least as far as that is allowed to go :sweat_smile: )