#orangeisthenewblack. All jokes aside whichever side you are on, don’t play the race card rn. FFS it’s a tech forum 
5 Likes
agree but orange race fits nicely 
Yes!
Governments don’t have rights, only individuals do.
3 Likes
You know what I meant. I even agree with that sentiment. but once again I keep having to state this is a tech forum… not your favorite image board.
1 Like
Regarding why you should not get notified if you made the conscious decision to not be notified:
Have you considered that what you might be ignorant about might affect the welfare of other citizens? Do you have the right to be willfully ignorant when that ignorance affects others?
3 Likes
Nope. Back channel exploits aside, the modem has no official control over the high-level OS. All that the modem does is to pass this particular broadcast SMS to the OS along with the “this is an alert message” flag.
You can disable this on any reasonably friendly OS. On my phone (Samsung Galaxy S5, running LineageOS 7.1.2), you can go to Settings --> (wireless and networks) More --> Emergency Broadcasts and switch everything off (including region-specific settings for alerts in Brazil and India).
It looks like this:
8 Likes
Thanks for posting the image - I did not know what “presidential” alerts should be. In my German settings it’s only called “official warnings” instead of presidential alerts.
Apart from that I think the same that these alerts do not have any more chance to hack the phone than any other sms in general and that this is probably like radios in the car which are able to detect traffic news from the broadcast radio while listening to your music on a different medium.
In the context of presidential alerts we have to distinguish two different scenarios:
- Adversaries try to attack your phone via presidential alerts as input / attack vector.
- Adversaries try to attack a country by compromising the presidential alert system to send fake warnings.
There was at least an accidental misuse of the alert system:
Also in general: I see the modem / base band module is on a separate chip / board. So there is a certain degree of separation. On the other side there has to be some communication going on between the base band module / modem and the main system.
So theoretically there might be some room left for attacks of the main system via the base band module / modem. I want to say again: At this stage it is just a theoretical consideration. I did not investigate for myself, yet, which interfaces (hardware and software) are in use. I do not want to spread any FUD.
Regardless this might be some interesting point for (security) investigation. Probably there are people (e.g. the developers and engineers of the L5) which did that and know more about it already (and carefully designed the interfaces).
1 Like
Any way you look at it or regardless of what excuses are offered, these forced alerts are wrong. From an ethical perspective, the government has no rights to notify me about anything that I do not want to be notified about. And I don’t care what the stakes are. They have no rights to any back-channels in to any technology that I possess, simply because they have the capabilities to do it and that I can’t stop them. The next things you will see are far worse. A gps built in to your car could report speeding infractions to traffic enforcement’s, who issue you a ticket every time you speed. The government could routinely scan every banking transaction you make, searching for suspicious activity. It could get far worse than that.
All governments need to stay the hell out of my phone unless I consent to let them be there. It’s all about boundaries and principles.
5 Likes
boom !
give consent … like buying and using a digital-walled-off-garden product ?
1 Like
To me it is a bit strange with “presidential alerts”. In Sweden there is Swedish Civil Contingencies Agency (official name in English) which is a rescue service. I got in touch with it as there was a (slight) water pollution in our area and my phone received a SMS warning to drink tap water without cooking it. The warning was withdrawn rapidly and I think they only wanted to test the system.
I can see no problem with those warnings because it is not the government but the (very independent) rescue service sending warning messages (not political propaganda). But then again USA is very different from Europe.
I just have a hard time believing people’s complaints about Presidential Alerts aren’t politically driven by hatred for President Trump. I’d be willing to bet the vast majority of those complaining haven’t turned off AMBER alerts or severe weather alerts. To my knowledge there’s only been one use of the system when it was initially tested anyway.
From a security perspective, sure, I get the concern that it could be a backdoor you can’t disable. Its implementation needs to be thoroughly audited.
From an ethical perspective, it doesn’t seem any different from someone sending you a text or calling you, which you already can’t stop. The SMS system as a whole needs to be reworked, but that’s a different issue from these alerts.
@szopin
It’s a surveillance issue, thus a security and privacy issue. I had a problem with then and do now. No one cares about what color of the crayon-box a person is when it comes to issues like this. Stupid comes in all colors. Now back to the privacy concerns of such Alerts. It should be left up to the individual to opt in. If people believe it’s of value then great, they will have it on. Others do not. No one has the right to decide for them. Like any choice, those people chose to accept the consequences of those choices. However it is something I never liked or wanted. If it’s a requirement then it’s not much Purism can do about it, however I am sure there has to be away to address the privacy issue.
3 Likes
In addition to plain vanilla LineageOS (as in TungstenFilaments post above), /e/ OS (a fork of LineageOS) also maintains this functionality.
It’s only an ethical to everyone if they agree with your assumptions about government. Dude you’re injecting politics where they don’t belong. You could have just asked if you could turn off alerts.
2 Likes
WARN: Warning, Alert and Response Network (Act)
Seems like it’s not mandatory. Hard to tell, full of lawyer double speak. Section 3, (d), (2).
1 Like
If I recall correctly, these alerts are usally send out over a specific protocol vastly different to SMS (Not sure as I’m in the UK we have no such system).
The protocol is enabled by default in most modern smart phones but can be disabled as well.
If this is the case and it is already being done I see no reason Purism can’t do it.
1 Like
Yes, there most certainly is the prospect for this. In fact, it was a large factor in the design of the L5. Pretty much every phone you get these days has the modem integrated on the same silicon as the CPU and they communicate via a shared memory interface. Very fast, very low power… but potentially very destructive. There is no real information about which parts of the system such a modem can access on its own - whether the memory controller only allows access between the two components in a narrow window, or whether the modem can just see, read and write to everything.
It used to be the case (2013 or thereabouts, Samsung’s last iteration of this was the Galaxy S4) that modems were a whole separate chip from the CPU, soldered on to the board. Some of them would also have had a shared memory device to communicate, others would have used something called HSIC (basically hard-wired USB). Better, but not perfect - because the modem also had direct access to the sound chip (greatly simplifies the software for the OS when you want to make phonecalls, very bad if someone takes over the modem and uses it to eavesdrop) and to the GPS chip (useful if you dial 112 with both legs broken and want them to know where to find you, not useful if someone’s trying to hunt you down and getting the modem to send its position ever so often).
The Librem 5 has its modem as a completely separate, removable package (one of the M.2 cards) and is connected via USB only. It doesn’t have access to any other part of the system except by asking (this includes sound - the OS needs to explicitly route audio over the USB connection). This means that to gain some control over the system, there will need to be a vulnerability in the kernel drivers for the modem which can be remotely exploited, or perhaps in the SMS receiving software. Both of these things are something that we have control over and can fix.
Actually, I started hating the Presidential alerts when Obama was President. I don’t mind them so much now that Trump is President. But that is beside the point. The point is that the Government has decided to use my hardware in a way that I do not consent to and on top of that, they’ve made a concious choice to force the matter against my will. This isn’t like a safety issue on a given model of automobile or a Surgeon General’s warning about smoking. It’s more of a case of the government feeling entitled to use my property against my will because they can. Whether or not it’s for my own good isn’t the issue since it’s not their job to decide for me against my will, what is good for me. By what authority should they be able to do this?
2 Likes