
We need open source smartphones now more than ever - jrepinc
https://osjournal.com/we-need-open-source-smartphones-now-more-than-ever-372/
======
jammygit
I'm personally looking forward to the purism phone. If they are successful
enough, their v2 will be especially interesting. Its a fairly important
project

~~~
bpye
Absolutely. I would love to buy a Purism phone if A. they make it usable as a
daily driver and B. they actually follow through with making it secure. Say
what you want about Google and Apple but iPhones and Pixels are relatively
secure, but some may consider the code running on them to not be trustworthy.

Your phone is probably your most valuable device, with more private
information than many others. It seems especially important to ensure that it
is secure and trustworthy.

------
xfitm3
I was involved with a open source phone OS and things went great - until we
tried to take it to market. In order to launch the OS we decided to partner
with telecom providers, and it was their requirements which threatened the
project’s integrity. I fear this barrier will be present for other phones in
the future. Open source hardware is really important. The closed source
baseband blob compromises the security of the device. We were unable to audit
it, so we could not trust it.

------
rchaud
Just a couple of years ago, there would be no appetite for this type of phone,
as Google, Apple and the tech press made it seem like having less than 1
million apps available meant that the phone was worthless.

Thankfully, we're now at a stage where people largely have all the apps they
need, and rarely download new ones if a website alternative is available
(think online store or news publication).

I'm giving serious thought to buying one of these phones, especially since
Uber and Lyft's mobile web sites are sufficient to book rides on. That was the
biggest hindrance to making a move away from Android/iOS. I don't really watch
streaming video on my phone, so Netflix/PrimeVideo aren't needed.

------
ajdhsjakafjt
The author argues that open source magically creates a wonderful world of
security and privacy. Quotes like the following make me wonder if the author
every touched a software project:

"Like the Linux and open source world at large, security and privacy are not
automatic features of open source. Rather, it is open source that enables
those features, by allowing developers and users to keep a watchful eye on the
code. [...] Code isn’t always understandable, even to seasoned Linux users."

I more and more think this is a harmful view on open source. It's a reason for
projects to skip best practices, tests and professional audits. I follow a few
projects very closely so I'm familiar with the code. But should others really
rely on that in terms of security? Absolutely not.

When you ask the "binary people" if they need the source code for an audit,
well, they don't.

~~~
zzzcpan
It's not about the source code, but about control. You can't have much privacy
or security if you are living one third party update away from a government
backdoor, like all android, ios, windows, macos users today.

~~~
ajdhsjakafjt
The open source world isn't prepared for large-scale software delivery either.

It works with the core software of Linux distributions, who deliver to
administrators around the world. But userland software and dependencies are a
mess. Distributions ship old software, developers don't know the target their
application will run on, and we all know what's going on with the PIP/NPM/...
package managers.

Moreover, we have pretty much no sandboxing and userland permission management
(camera access for browser? file access for your instant messenger
application? calendar access?) on any Linux Desktop.

While lawmaking and IT-security must grow up and open source is indeed a nice
third player - it does not solve the immediate issues we have.

~~~
astazangasta
These are all valid problems but don't seem to me to preclude the original
underlying premise - open source seems a _necessary_ , if not _sufficient_
condition. While OS might not solve all of our current issues, it seems to me
that there cannot be any solution that depends on opaque software delivered by
suspect entities with known surveillance agendas.

~~~
ajdhsjakafjt
The software is shipped by those who create the phone itself. If you don't
trust anybody, you can't get a piece of silicon to connect to mobile networks
and draw a website on a screen. Any open source hardware eventually depends on
the promise that the thing does what it promises.

The commercial world has these trust issues as well as the open source world.
Maybe the underlying issue is: how can we test devices and software that is
incredibly complex?

~~~
beagle3
We can’t test it properly after it is done. And unless we can peek and change
(which is what open source provides) we can’t ever.

I think the only dependable way forward is by separating the RF/modem parts
from the rest, through a standard (e.g. WiFi or Bluetooth) protocol.

I already assume anything I do on my phone is compromised. And I would assume
the same about my laptop, if I connectsd it to an untrusted hardwares and
unfirewalled networks. With the laptop, I have an option; with the phone, I
don’t.

I would gladly move to a dumb phone (for POTS) and an LTE access point, and a
smart open source phone that uses it for connectivity, if such a thing were
remotely practical. I already carry two phones for security and
compartmentalizations.

------
madsid
Reading this and with all the things Microsoft doing lately. I wish they
create a new os and make it open source.

~~~
pettern
Microsoft open Windows

