
Linux PinePhone has physical kill switches for its cameras, mic, data, BT, Wi-Fi - ashitlerferad
https://www.androidpolice.com/2020/08/15/this-smartphone-has-physical-kill-switches-for-its-cameras-microphone-data-bluetooth-and-wi-fi/
======
noisy_boy
I get the point of low cost phone to keep the price low. I also know that
there is a group that, rightfully, enjoys hacking on low-powered hardware to
push it to limits. However, I wonder if there is also an opportunity to also
sell high spec hardware, maybe in limited quantity. These phones are not for
the masses anyway and I'm sure there is a Linux enthusiasts segment with
pockets deep enough to afford the hardware - they know what they are getting
into. Atleast what works will work fast and the software will only improve as
we move along - which means improved overall experience. Plus it helps with
the project funding too.

~~~
davidhyde
The iPhone 1.0 came out in 2007 and it ran on a single core arm cpu under
clocked at 412mhz and with 120MB of ram and the scrolling was butter smooth. I
remember being shocked at how responsive the touch screen was compared to
other smartphones at the time. The PinePhone contains an AllWinner A64 Quad
Core CPU with 2GB of Ram. Sure, its a crappy 5 year old Soc but it is MUCH
faster than the original iphone. I know, modern smartphones have a much higher
screen resolution, but still. I mention iPhones instead of android phones
because it took quite a few years for Android phones to achieve that same
butter smooth experience.

The perceived slowness of the PinePhone is due to layers upon layers of
software used to draw simple 2D stuff to the screen. I think a really simple
bare metal GUI would be better than running a full blown linux desktop
environment like GNOME. Even if you "skin" and strip it down for mobile, it is
still laggy as hell.

Linux on a smartphone => yes

Linux desktop environment on a smartphone (even with Wayland support) => no

I am less interested in the "daily driver" part of the PinePhone and more
interested in the power consumption and responsiveness of the device itself.
Stuff like this is exciting (extending the standby time of a PinePhone to 100
hours): [https://github.com/crust-firmware/crust](https://github.com/crust-
firmware/crust)

~~~
zatop
During Librem 5 development, they considered using GNOME but, after talking
with the upstream devs, they abandoned the idea.

Gnome is slow even on laptops, it was made for X and later ported to Wayland,
it uses Clutter/Mutter, JavaScript, etc. So here yes definitively it's layers
upon layers.

On the other hand, Posh is based on Wlroots and there is no layers. It's pure
C code talking directly to EGL/DRM/KMS (And in the future Vulkan) stack.

Even more interesting, Wlroots allows the use of hardware layers and with that
you directly write to the screen and compositing is done in hardware. You
can't go more optimised than that.

With this kind of approach you can totally write a convergent, both phone &
desktop, environment which is butter smooth on low spec mobile.

But of course then the whole question is which apps you run on that
environment, the typical Electron app won't run smoothly (but it wouldn't
either on a IPhone 1).

On the other hand, GTK 4 should be GPU accelerated and Qt too so those could
run pretty smoothly

~~~
cuu508
> You can't go more optimised than that.

Phosh uses GTK, right? That's a pretty thick layer right there. You used to be
able to put pixels on screen with a handful of ASM instructions
[https://www.cprogramming.com/tutorial/tut8.html](https://www.cprogramming.com/tutorial/tut8.html)

~~~
zatop
Yes this is totally true, I should've been more precise.

There are two parts : 'Phoc' and 'Posh'. Phoc is the Wayland compositor
(Wlroots & C), Posh is the launcher UI (GTK).

Phosh is just "an app" (with special privileges to talk to Phoc). All it does
is display app icons and windows thumbnails (which are not actual live windows
but just screenshots of the apps (like on Android)) it does not composite
windows, it does not stand between the apps and Phoc.

This is unlike Clutter & JavaScript which do stand between the apps and the
Wayland compositor (Mutter) on GNOME.

So my point is that apps on the Librem talk directly to Phoc (not Posh) which
is a super minimal layer and can draw pixels on screen with almost no overhead
(and potentially none at all when they'll support hardware layers)

(Note : this is the Librem architecture as far as I understood, maybe I missed
something)

~~~
davidhyde
Very interesting, thanks! I wish there were more videos focusing on UI latency
and snappiness for the Librem 5 but all you see are "feature" videos. It's
hard to tell if the phone is laggy (finger move to eyeball time) or not.

~~~
zatop
Once hardware acceleration is enabled it will be very snappy :) :
[https://social.librem.one/@dos/104218666011152589](https://social.librem.one/@dos/104218666011152589)

------
Cantbekhan
Off-topic but IMHO what is really needed these days is a privacy feature
allowing all the UIDs to be changed freely by the user (without the need for
rooting and firmware thinkering).

Including randomized IMEIs and randomized Android ID (In addition to the
already offered randomized MAC and Ad tracking ID changes). Especially IMEIs
which are commonly used by many applications and law enforcement to track
users (see Banking apps for instance that all require your phone permissions
to read such IDs).

Nor Librem nor Pinephone offer this functionality from what I know.

And no, it's not (yet) illegal (but might be against some ToS) in many
countries to change your IMEI including the US (see
[https://en.wikipedia.org/wiki/International_Mobile_Equipment...](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#IMEI_and_the_law)).

~~~
autisticcurio
Changing the IMEI is illegal in the UK FYI and has been since 2002.
[https://www.legislation.gov.uk/ukpga/2002/31/introduction](https://www.legislation.gov.uk/ukpga/2002/31/introduction)

Perhaps this legislation gives you a clue about how on the ball some Govt's
are when it comes to security matters?

What you are suggesting is a phone that changes its obvious identifiers, but
the problem with that is some services may not work, maybe an app purchased
from an app store, or the network services you get from your cell provider,
like answer phone facilities when you are in a dead zone. So if your phone is
acting like a character out of Scanner Darkly, just how will it operate? How
will your friends know its you calling if they dont recognise your number?

To have a cellular network that allows random identifiers, you would need a
system which accepts prepaid communication time, but in todays age, just like
bitcoins is a public ledger how would you convince someone to build a cellular
network that accepted untraceable communication time tokens?

Whether you like it or not, Science stole your privacy the day you were born
and continues to steal your privacy including your thoughts. Perhaps your best
bet for some privacy is to limit your contact with other entities whilst also
trying to change the laws for the better but as this requires interaction with
other entities, it seems like you want a paradoxical situation to exist.

~~~
GekkePrutser
The IMEI just identifies your phone. The IMSI identifies your number.

So it's perfectly possible to change the IMEI if you leave your IMSI alone.
The network will think you just stuck your SIM in another phone. Everything
will work fine. You can't change your IMSI as it's hardcoded on the SIM
(technically you could with an eSIM but it simply would be unrecognised and
just not work then).

Of course they still know who you are, and they need to to connect your calls.
But apps that look at the IMEI for identification will be confused. Not sure
how much it helps in terms of privacy. I doubt it helps a lot as any app can
just make up a random number and dump it in their long-term storage to know
it's you (just like a cookie).

And yeah the illegality of changing it is an issue in some countries. Also, if
you 'clash' with another live IMEI weird things happen :)

PS: IMEI changing was outlawed in those days to stop people stealing phones
and changing IMEIs to resell them and bypassing carrier blocks of the stolen
phone. It was never that successful as thieves are lawbreakers by nature and
don't care at all whether they break an extra law or two. Apple and Google's
activation lock were much more successful. I'm personally not a big fan of
laws when there are technical solutions that are equally or more effective.

~~~
labawi
AFAIK, a SIM card itself has a card id (ICCID), which should not be changed
and is not used often. The subscriber id (IMSI) is in the "application" layer
of the card and theoretically could be changed by the provider, or as a
speciality, multiple ones installed.

That being said, I've never actually seen a card's IMSI changed. They usually
give you a new sim and IMSI, even for a replacement card.

~~~
extrapickles
Most SIM cards are one-time programmable, so they can’t change anything on the
card. They do still have a small RW area, but thats generally for user data
(contacts).

You can get SIM cards that have large amounts of storage for running applets
and have better support for OTA, but most carriers don’t like the extra
expense.

~~~
dogma1138
Aren’t most SIM cards today use over the air provisioning since networks
employ thin provisioning theses days?

~~~
GekkePrutser
Yes they do almost all support it (with many security vulnerabilities as a
result, Karsten Nohl did a really great presentation on this at OHM2010). But
the IMSI is almost always provided at manufacture time.

I think it's also because the card would not be able to be provisioned over
the air without getting connected to the network first, and without an IMSI
there is no network connection :)

------
prox
Is anyone usimg a linux phone? Love to hear use cases. I know about the
PinePhone and the Librem, don’t know if there are others.

~~~
mpol
I am using Sailfish OS on a Sony Xperia XA2. I am using it now for about 1
year. Before that I used Sailfish OS on the original Jolla 1 for 5 years. I
have also used a Nokia N9 with Meego Linux, which can be considered a
forerunner of Jolla/Sailfish.

It uses Qt, Wayland, Systemd. The original Jolla 1 even used Btrfs, which was
deemed a mistake. Sailfish OS is available on more devices, like the
Pinephone, Fxtec, Cosmo Communicator and others. If you have the official
version for Sony Xperia, you get Alien Dalvik, with which you can run Android
apps. I am using Whatsapp and Firefox as Android apps this way. I am still
hoping that Signal takes off for mesaging, a native app like Whisperfish is
something I would really enjoy. With Whatsapp a native app is not possible,
there have been threats for lawsuits.

I am very happy with Sailfish, and have been for 6 years. I enjoy having plain
linux on my phone, being able to use ssh as root and having a device that I
trust. There are some 'costs' involved, like having less shiny bling and less
apps available. Companies like Apple and Google can spend billions on their
phone platform. Jolla only has about 100 employees in total. You do have to
adjust your expectations somewhat.

Jolla have received criticism about not having open sourced all their
software. I do understand that criticism, but that argument doesn't make Apple
or Google look any better :) I am curious about where linux phones will go in
the next years, but currently Sailfish is good for me.

~~~
solarkraft
> The original Jolla 1 even used Btrfs, which was deemed a mistake.

Why is that? Was it too young or is it generally impractical on a phone?

~~~
mpol
What I remember (not a linux developer) is that sometimes you have to
rebalance the filesystem. You can have free space in megabytes, but no inodes
left. (If I am wrong someone might correct me). There have been instances,
especially later on in its lifecycle, where a system update was aborted due to
no space (inodes) which ended in a lot of trouble.

~~~
solarkraft
I've been using btrfs as my main file system for about 6 years now and have
run into the "no free space" issue about twice.

It's horrible. Everything stops working and freeing space is quite hard.

Other than that I had no issues with it. Subvolumes and snapshots are pretty
cool to me, but I can see how the added overhead might not make sense in a
processing power and space constrained environment.

------
fsflover
GNU/Linux Librem 5 phone not just has the kill switches, but they are easily
accessible and therefore more useful:
[https://puri.sm/products/librem-5/](https://puri.sm/products/librem-5/)

~~~
Y_Y
The librem phone is $750 and the pinephone is $150.

~~~
input_sh
Also a crucial difference: You can get your hands on a Pine Phone, while
Librem has yet to ship a phone.

~~~
kop316
??? They have shipped a number of phones? Or do you mean they haven't entered
production?

~~~
input_sh
Yes, "shipped" refers to in the hands of customers.

~~~
kop316
I mean, I am holding one right now, and I am a customer (Well technically it's
next to my laptop, typing with one hand is hard). So I don't understand what
you mean.

------
627467
So, I like the accessibility of physical switches but how are they more
trusting than software ones? Or light indicators such as Apple's green Dot?

Already trusting Open Source requires non technical people to trust others who
can read the code to vouch for it. Here, we would need to expect an
electronics engineer to understand (from looking at a disassembled device)
that the switch actually does what it says it does, right?

~~~
ben-schaaf
With software ones you still have to trust the hardware and firmware in
addition to the software. With light indicators like Apple's you also need to
trust the hardware - and since the designs aren't open it's more difficult to
do so - but once verified that they work as advertised having kill switches is
a much more active security function than an indicator light.

~~~
autisticcurio
International standards can also be zero days. For example, the international
standard for called ID, uses a dial up modem protocol which means the hardware
has to have capabilities to read this data which means the hardware has dialup
modem capabilities. So if you can compromise the firmware of the modem, a
backdoor into a device is via the very telephone network you later rely on to
communicate.
[https://en.wikipedia.org/wiki/Caller_ID#Operation](https://en.wikipedia.org/wiki/Caller_ID#Operation)

Chips fall into 3 categories, fused by manufacturer, fused by branding
company, or not fused allowing future updates, like bios chips. Even if the
chip is fused, a backdoor may still exist, in some cases standard behaviour
can be the backdoor.

With zero days appearing in hardware, software and standards, its very easy if
you have the knowledge to get a persistent backdoor into a device beit a
PinePhone, Librem 5 or Necunos to name just a couple.
[https://forums.puri.sm/t/comparing-specs-of-upcoming-
linux-p...](https://forums.puri.sm/t/comparing-specs-of-upcoming-linux-
phones/6827) [https://tuxphones.com/yet-another-librem-5-and-pinephone-
lin...](https://tuxphones.com/yet-another-librem-5-and-pinephone-linux-
smartphone-comparison/) Its probably why people like Cobham, Thales and other
openly public military manufacturers make their own kits for militaries around
the world. [https://www.cobham.com/](https://www.cobham.com/)
[https://www.thalesgroup.com/en](https://www.thalesgroup.com/en)

I even think its possible to hack the communication systems of the new
Lockheed Martin F35, because the manufacturers are walking a logical
development path (their mistake), but I've yet to have a go at it, so cant say
for sure yet.
[https://www.youtube.com/watch?v=_C25CwNlVjA](https://www.youtube.com/watch?v=_C25CwNlVjA)

~~~
Yc4win
Your comment is so in depth thanks. It really opened my eyes to some of the
industrial subversion going on that I was unaware of, especially about the
international standards being a vector for backdoors.

------
damip
What are the killswitches acting on ? Are they acting only on the dedicated
"enable" or "poweroff" inputs of various chips ? Are they cutting the power
supply of the chips ? Are they cutting both the power and logic busses, thus
isolating the target chips (at least electrically) ?

~~~
hawski
From
[https://wiki.pine64.org/index.php/PinePhone_FAQ#What_are_the...](https://wiki.pine64.org/index.php/PinePhone_FAQ#What_are_the_kill_switches_doing.3F)

    
    
      1  Modem | Pulls Q1501 gate up (FET killing modem power) | "On" enables 2G/3G/4G communication and GNSS hardware, "off" disables it.
      2  WiFi / Bluetooth | Pulls up CHIP_EN | "On" enables WiFi and Bluetooth communication hardware, "off" disables it.
      3  Microphone | Breaks microphone bias voltage from the SoC | "On" enables audio input from on-board microphones (not 3.5mm jack), "off" disables it.
      4  Rear camera | Pulls up PWDN on OV5640 | "On" enables the rear camera, "off" disables it.
      5  Front camera | Pulls up PWDN on GC2145 | "On" enables the front camera, "off" disables it.
      6  Headphone | Pulls up IN2 on analog switch BCT4717ETB | "On" enables audio input and output via the 3.5mm audio jack, "off" switches the jack to hardware UART mode.

~~~
KMag
With the microphone bias floating, what prevents some digital signal
processing form recovering faint and fuzzy audio? I'm sure the microphone
loses at least several dB of gain with the bias floating, but isn't it much
safer to either disconnect the bias and tie it to ground, or else pull up/down
the the digital output of the ADC?

I understand that with the bias floating, the microphone output will be a
combination of radio and quantum thermal noise, but won't that noise still be
slightly modulated by the microphone? Or is it that the noise being modulated
will be below detectable by the ADC and the digital output will always be
exactly 0?

~~~
yetihehe
Depends on actual hardware implementation, but those microphones are REALLY
good at picking up audio. I once fiddled with some microphone and wondered why
it works so poorly (lots of "digital" noise, faint audio), maybe cable broke
or smth. Turned ot, it was "disabled" with hardware switch on cable, yet still
picked up enough sound to "somewhat work".

------
Lammy
Thank you for including the name of the phone in the HN title unlike the
clickbaity original.

------
GekkePrutser
This isn't actually 'news'. But Pinephone is ruling the roost where Purism
dropped the ball, sadly.

PS: I love both companies, it's just sad about Purism :)

------
actionowl
In January 2020, Pine Microsystems Inc. was dissolved [1]

Anyone know if they just closed their US entity and now operate from another
country or are they having financial difficulties?

[1]
[https://businesssearch.sos.ca.gov/Document/RetrievePDF?Id=03...](https://businesssearch.sos.ca.gov/Document/RetrievePDF?Id=03928399-27737032)

~~~
syshum
From this Comment on Reddit
[https://www.reddit.com/r/PINE64official/comments/g8dqx9/pine...](https://www.reddit.com/r/PINE64official/comments/g8dqx9/pine_microsystems_inc_in_california_is_dissolved/fonpafp/)

\------

The Pine Microsystems becomes Pine Store Limited. Two reasons on such move:

1\. Increasing complexity of business compliance and reporting paperwork when
operates in California. Since Pine Store primary business is not in
California, no interest to keep continue to have such burden.

2\. Avoid legal mafia similar to what happens to Gnome on Q4 last year.
Unfortunately, there are a lot of such legal mafias operate in State.

This move is not due to financial or politic reason. Pine Store Limited
locates in Malaysia and Hong Kong.

\-------------

Given the state of relations with HK and the US now this may makes things more
complex for them as well

------
stronglikedan
All those fancy physical switches, and none simply for silent mode? My most-
missed physical switch on Android devices.

~~~
yellowapple
These are all behind the back cover, and are (from what I understand) pretty
tiny, so I wouldn't imagine 'em to be all that convenient for toggling silent
mode.

But yeah, my PinePhone's supposed to ship on the 25th and I expect I'll be
missing that feature.

------
NiceWayToDoIT
This is great functionality. But on the other hand I already had Meizu MX4
Ubuntu based phone. Apart of bad network reception, main issue was lack of
application support, literally I was struggling with simplest application. On
positive note I could to development and bash very easy...

------
Yc4win
I would love to buy one for the sake of security (especially the physical kill
switches) but will wait until it is a little more usable.

------
aembleton
No kill switch for GPS though.

~~~
labawi
Modems (LTE modules) often have GPS and that's where it's handled in almost
all phones.

AFAICT, the LTE switch disables GPS.

------
iRobbery
There is no mentioning of NFC, not here, not there? I like NFC for payments
and things?

~~~
GekkePrutser
Not sure if it has NFC but I really doubt you're ever going to find a bank
willing to do payments on a fully open phone.

------
dangus
That’s cool, but hardware kill switches don’t help your privacy.

Why?

Because nobody is ever going to want to turn off that functionality. I don’t
know anyone who turns off the software switches, why would they turn off
hardware ones?

A smartphone without a camera, mic, Bluetooth, cellular data, and WiFi is
basically useless.

What we need is a way to make these technologies more private while they’re in
use.

Also, the PinePhone is barely usable, and I say that as an owner. It’s a neat
toy but it’s got a long way to go.

~~~
unethical_ban
That is a huge, and incorrect, assertion.

If I could hard-off my mic, I would. I don't use it but once a day, maybe,
while I use others frequently. I turn off location manually whenever I am not
using an app that requires it. I leave bluetooth on because I use it
frequently enough, but if it were an easy hardware switch, I could get in the
habit of shutting it off.

~~~
AshamedCaptain
> I turn off location manually whenever I am not using an app that requires it

Which is almost equivalent to teather from a security point of view. Either
you trust the system, in which case you can trust that you can deny location
to the programs that according to you "don't require it"; or you don't trust
the system, in which case it will just broadcast the position whenever you
enable the killswitch to everyone who could be even remotely interested. And
again when you enable it is usually when you are most likely going to leak
something interesting. There is here some usefulness in terms of having
"another layer", but academically this is really debatable.

~~~
def_true_false
Switches are simple and predictable. Permission systems have shit UX, and are
not granular enough anyway. Furthermore, suppose you need different things to
be permitted at different times, e.g. you need the battery to last longer for
a few days... good luck changing all your permissions manually.

------
supernova87a
If you're this worried about leakage from signals, cameras, etc. what about
the tradeoff of security where now you need to patch and monitor for any
attacks on your device, now that you're off of any normal OEM's support?

What's the risk of that being done poorly by you, versus having better control
over these physical switches?

~~~
Erlich_Bachman
> any normal OEM's support?

What "normal OEM support" (like which company, for example?) has been good at
regularly releasing security patches and keeping on top of various
vulnerabilities? Especially past the 1-2 years after the release date of the
device? Especially if you consider those companies that without any real
consent from you install dozens of their own adware and spyware on each update
that you can't even remove (like you can't remove system apps in android, only
"disable" them, to make the phone nag you all the time to re-enable them).

Not having to rely on the joke of the "OEM support" from the big companies is
the very reason to use these open phones.

~~~
kec
Apple’s average full support for iPhone is trending to around 4-5 years since
launch. Several times they’ve issued critical security updates years after
ending official support.

~~~
labawi
To be fair, they are an outlier, so not really normal in that sense.

~~~
fsflover
Not even mentioning that after 4-5 years iphones turn into a brick with no
possibility to install or update anything.

------
m0zg
Too bad the battery "kill switch" seems to be turned on permanently. I don't
blame them - it's a hard problem to solve. Todays higher end phones go as far
as to turn off parts of the chips on the fly, dynamically, on demand. But
until it is solved, the device is more or less a curiosity rather than
something useful in practice.

~~~
fsflover
Why do you need it? You can simply remove the battery (without any tools).

~~~
hoseja
Looks like sarcasm. (Your sarcasm kill switch might be toggled on.)

~~~
m0zg
Sorry, forgot to add /s. Population density rears its ugly head again.

