It looks like the current plan for the phone is to disable GPS when all 3 switches are off. Presuming there is time to make changes like this, what else do you think should be disabled, if anything? I think it would be nice if it also disabled the accelerometer, gyroscope and magnetometer component. Is there anything else worth disabling? Any thoughts?
As @Caliga said in another thread, you could remove for example the modem and leave that switch enabled if you need only those features (assuming power would still be supplied with the modem removed).
for paranoids:
the motion sensors can be used to find out a drawn pattern on the lockscreen in android terms this is as simple as installing a malicious app, but i believe its not a useful attack, and a malicious app is a bigger issue than whatever…
Paranoia aside, if setting the 3 switches to off disables baseband, wifi, bluetooth, mic, camera and gps, it seems logical to me that the other sensors would also be disabled.
You don’t have to use the touch screen to use the device though and it is used for basic functionality so that doesn’t seem logical. Computers and phones in the past didn’t have an accelerometer, gyroscope etc. It would allow you to use it like a pre sensor-for-everything era device.
You should better buy a device design for this use than trying to transform a smartphone into blind air gaped computer.
This goes against the very principle of the smarphone.
Perhaps I should rephrase the question then. Is there any reason you would want the gyroscope, accelerometer etc to still be enabled when baseband, wifi, bluetooth, mic, camera, gps are all disabled?
I would disagree because this is specifically a privacy and security based smart phone.
In most (all) modern mobiles, the porwer button does not switch off the phone, but sends it to suspend mode. And if the cam or mic is still collecting data depends of the installed software. Only taking off the battery would really help.
That doesn’t cover the potential gyroscope issue I linked to before, hence my proposal. That’s fine if you disagree with my suggestion. I’m just interested to hear everyone’s opinion on the subject.
The point is that you will have the same kind issue with all equipements: touchscreen, proximity sensor, usb keyboard / mouse, thermal probe, loudspeaker (it can be used as a mic much more easily than accelerometers), notifications leds, etc.
Accelerometers are far from being the main threat.
It doesn’t make sense to add physical switches for all the components of a smartphone.
If it’s really worrying you, then it’s not a smartphone you need.
Especially since multiplying the switches is the best solution to make a mistake and put yourself in danger if you are under surveillance. The best solution us to keep things simple.
Plus I can only imagine it being a nightmare to design a smartphone with more that 3 killswitchs, as a bonus: the more you add the more it can potentially break.
uhmmm i coined that for fun, but my conclusion is kinda much the same after all. sensors arent an issue as far as the device is not compromised, but in that case ur screwed anyhow and the sensors will b the least important, but ur data is a thing. killswitches are for blocking communication, and cuz there are firmwares that are still not ensured (and whatever app that use those), but even if they would be ensured, cutting off communication is a good thing to know (4sho) the current abilities of ur device.
btw for more fun, airgapped computers are not totally isolated, there are nasty ways (far not general, but mayb nsa and the like use such techniques, not just scientists) 2 get some info or even interact… the keyboard have sound and electromagnetic signs, and both can be recognized as ur pw and there are stuffs that can send/receive sound and communicate with airgapped machines (if they are compromised already), a hdd can be wrecked with sound and also can play some music, ur leaving ur fingerprints all around (btw there are techniques that use ultrasound and that scan the deeper layers of ur skin when ur using ur fingerprint to unlock ur phone, but mayb these are in research only currently, and there are master fingerprints that can match with urs in a relatively big amount of times) … but b4 these could hit u anyhow, u will download that random spam malware with cute kittens; ull show ur pw’s for cameras (mayb not ur fingers but ur arm movements only); ull try that fancy new game; ull open a port for ur server; ull have apps with unpatched cve’s; ull have a s***load of apps that communicate with servers; u wont care about punnycode; u will click that link; and so on! (like u already do.) most importantly U WILL SURF THE WEB! fun fact: after blackhat conf, every yr firefox gets some sec patches, while its kinda much the best available browser currently, right after libcurl, thats funny, cuz it had much vulners by the time even with its relative simplicity. what about rowhammer from js? the never totally fixed spectre/meltdown stuffs? can we live without js? uhmmmm… yes but no! otherwise ull feed evilcorps with all ur precious data on ur own on a daily basis. cameras everywhere (dont forget about the satellites, and the windows of ur house and car); services everywhere; cops, spies and thieves anywhere, vulners everywhere… safety is just an evil dream in the phisycal world, but at least u can try, and id suggest 2 start with the basics!
ive seen the electromagnetic approach from the next room and i think 6-8 meters btw ive seen a handheld parabola like device in movies that is for listening stuffs from greater distances, mayb thats a thing that could b used, but i dunno whats that or if its real but i think such stuff exists… and anyway i just gave some weird examples for the case that security is a very hard stuff if u wanna b sure in everything
In none of the posts in this thread have I suggested adding more switches.
I need a phone, and I don’t know of any others that offer as much freedom, privacy and security as this one. I’m not overly paranoid about it, more like, I think it would be a ‘nice to have’ assurance. Actually I think that all of the switches are ‘nice to haves’, my current phone doesn’t have any. Freedom is the reason I am buying this phone. Privacy is a bonus.
I think that ‘all 3 switches being off = disables everything that can be disabled’ is pretty straight forward from a users point of view. I can’t speak for the developers obviously, but from an implementation point of view, I can’t see why it would be difficult to cut the power to both the GPS and the 9-axis IMU instead of just the GPS.
I can’t think of a use case that I would actually want to use only those sensors. It seems logical to me to disable them as well if it’s not significantly extra work for the Purism team to do so.
I figured you were being facetious. I had written something else to you originally but I removed it before I posted in case you were actually being genuine.
Microphone, camera and GPS aren’t communication components but it will be possible to disable them.
Even if your device is compromised, you can still have privacy from those sensors by switching them off. That’s the whole point of the switches. I don’t think that is a good argument against my suggestion.