Forced Presidential Alerts on your Librem 5


#1

I haven’t yet fully figured out why the forced Presidential Alerts must get pushed out to my Android phone against my will. Is it done voluntarily by Verizon? If so, what’s in it for them? Does the Federal Government require either the carriers or the Manufacturers to comply and lock us out of turning off the Presidential Alerts on our own phones? On my verizon Note 9, that setting is there but it is greyed-out with the setting in the “on” position. I called verizon and they said it can’t be turned off and that that is how it is supposed to be, by design. If the carriers are forced to do this by law, what would keep the government from forcing Purism to disable for us, our ability to change that setting on the Librem 5?

If the world is coming to an end and I have decided in advance that I don’t want to be notified about it, why should I not have the right to not be informed? What right should the government have to force this on us against our will.


#2

Because they are the government? If it was Obama letting you know about a huge tsunami wave coming your wave against your will, would you also be so against it? (btw I would also like to know how to stop it and what the code is behind it, but it’s most likely in the gsm blob, non-free like calling 112, even purism doesn’t break that wall afaik)


#3

It can probably be circumvented in the SMS software.


#4

Nah the alerts are using sms channel but have a flag to show it no matter what candy crush you’re playing, you can’t override it in software as it’s the gsm blob that gets triggered, it’s like with those simjacker exploits, your phone OS doesn’t have control over it


#5

I think it’s a legal requirement.

This post is loaded with ethical assumptions, not everyone will agree about what the government should or shouldn’t do, or even if it has the right to exist.

Also I get hints that you are trolling.

Either way there is a toggle switch in android there should be in the librem. I get that the guy is a super stable genius and that the presidential alerts are really serious and never have anything to do with narcissism or anything, but in the grand scheme of things this is minor. I bet you could turn it off. Although emergencies that fema will warn you about might not save you, it can save you lots of pain. TBH if imma die I’d rather a shotty than being ripped apart :joy:


#6

Kudos to you to noticing it’s only big bad orange guy being able to send sms that can save your life being an issue, if it was the black guy before him noone even raised that as an issue, like why be racist if you can just be silent right, open source should not be about orange vs black guy, but here we are


#7

#orangeisthenewblack. All jokes aside whichever side you are on, don’t play the race card rn. FFS it’s a tech forum :joy:


#8

agree but orange race fits nicely :smiley:


#9

Yes!

Governments don’t have rights, only individuals do.


#10

You know what I meant. I even agree with that sentiment. but once again I keep having to state this is a tech forum… not your favorite image board.


#11

Regarding why you should not get notified if you made the conscious decision to not be notified:

Have you considered that what you might be ignorant about might affect the welfare of other citizens? Do you have the right to be willfully ignorant when that ignorance affects others?


#12

Nope. Back channel exploits aside, the modem has no official control over the high-level OS. All that the modem does is to pass this particular broadcast SMS to the OS along with the “this is an alert message” flag.

You can disable this on any reasonably friendly OS. On my phone (Samsung Galaxy S5, running LineageOS 7.1.2), you can go to Settings --> (wireless and networks) More --> Emergency Broadcasts and switch everything off (including region-specific settings for alerts in Brazil and India).

It looks like this:


#13

Thanks for posting the image - I did not know what “presidential” alerts should be. In my German settings it’s only called “official warnings” instead of presidential alerts.

Apart from that I think the same that these alerts do not have any more chance to hack the phone than any other sms in general and that this is probably like radios in the car which are able to detect traffic news from the broadcast radio while listening to your music on a different medium.


#14

In the context of presidential alerts we have to distinguish two different scenarios:

  1. Adversaries try to attack your phone via presidential alerts as input / attack vector.
  2. Adversaries try to attack a country by compromising the presidential alert system to send fake warnings.

There was at least an accidental misuse of the alert system:

Also in general: I see the modem / base band module is on a separate chip / board. So there is a certain degree of separation. On the other side there has to be some communication going on between the base band module / modem and the main system.

So theoretically there might be some room left for attacks of the main system via the base band module / modem. I want to say again: At this stage it is just a theoretical consideration. I did not investigate for myself, yet, which interfaces (hardware and software) are in use. I do not want to spread any FUD.

Regardless this might be some interesting point for (security) investigation. Probably there are people (e.g. the developers and engineers of the L5) which did that and know more about it already (and carefully designed the interfaces).


#15

Any way you look at it or regardless of what excuses are offered, these forced alerts are wrong. From an ethical perspective, the government has no rights to notify me about anything that I do not want to be notified about. And I don’t care what the stakes are. They have no rights to any back-channels in to any technology that I possess, simply because they have the capabilities to do it and that I can’t stop them. The next things you will see are far worse. A gps built in to your car could report speeding infractions to traffic enforcement’s, who issue you a ticket every time you speed. The government could routinely scan every banking transaction you make, searching for suspicious activity. It could get far worse than that.

All governments need to stay the hell out of my phone unless I consent to let them be there. It’s all about boundaries and principles.


#16

boom !

give consent … like buying and using a digital-walled-off-garden product ?


#17

To me it is a bit strange with “presidential alerts”. In Sweden there is Swedish Civil Contingencies Agency (official name in English) which is a rescue service. I got in touch with it as there was a (slight) water pollution in our area and my phone received a SMS warning to drink tap water without cooking it. The warning was withdrawn rapidly and I think they only wanted to test the system.

I can see no problem with those warnings because it is not the government but the (very independent) rescue service sending warning messages (not political propaganda). But then again USA is very different from Europe.


#18

I just have a hard time believing people’s complaints about Presidential Alerts aren’t politically driven by hatred for President Trump. I’d be willing to bet the vast majority of those complaining haven’t turned off AMBER alerts or severe weather alerts. To my knowledge there’s only been one use of the system when it was initially tested anyway.

From a security perspective, sure, I get the concern that it could be a backdoor you can’t disable. Its implementation needs to be thoroughly audited.

From an ethical perspective, it doesn’t seem any different from someone sending you a text or calling you, which you already can’t stop. The SMS system as a whole needs to be reworked, but that’s a different issue from these alerts.


#19

@szopin
It’s a surveillance issue, thus a security and privacy issue. I had a problem with then and do now. No one cares about what color of the crayon-box a person is when it comes to issues like this. Stupid comes in all colors. Now back to the privacy concerns of such Alerts. It should be left up to the individual to opt in. If people believe it’s of value then great, they will have it on. Others do not. No one has the right to decide for them. Like any choice, those people chose to accept the consequences of those choices. However it is something I never liked or wanted. If it’s a requirement then it’s not much Purism can do about it, however I am sure there has to be away to address the privacy issue.


#20

In addition to plain vanilla LineageOS (as in TungstenFilaments post above), /e/ OS (a fork of LineageOS) also maintains this functionality.