View Single Post
joerg_rw's Avatar
Community Council | Posts: 1,842 | Thanked: 9,744 times | Joined on Mar 2010 @ SOL 3
#1501
Originally Posted by wicket View Post
The FSF has quite a large following and their endorsement and publicity could help this project a lot. I'm not asking you to change anything to comply with the FSF. As I see it, you both strive for user privacy and that's why I'm interested in their opinion of the differences. Maybe it's a lack of understanding on their part or maybe they're just being stubborn. Do they realise that the Neo900 is the best we are going to get in terms of user privacy? Maybe they can be swayed - even RMS used computers before the existense of the computer that meets all of his criteria.
Wicket,
Mr Stallman mailed me, asking about all the FSF rules and if they are satisfied by Neo900. I answered that all are met but the modem firmware update that we will offer (according to what the modem module can do: update firmware via USB), that we can't change that since we can't evaluate the hardware internals to make sure whatever we do will reliably forbid manipulations to the firmware (write-enable pins may not have the expected effect, even if they existed), and that I think the firmware must be considered "rogue" by definition (you never know what's in there, even on genuine firmware) and thus we follow another approach of tight monitoring of the modem's activities from very beginning, which will tell us when the modem misbehaves even with genuine firmware.
I received no answer to that from Mr Stallman yet, after one week.

So that's what you might assume is what FSF and Mr Stallman think about Neo900:
They like our project since it's striving for freedom and openness, but they don't want to further care about it and answer to us, when we can't fulfill their requirements, even when those requirements are impossible to fulfill.

Here a complete quote of my 2 original answers to first and second mail from Mr Stallman (I received and answered 2nd mail first, thus my answer to 1st mail refers to my answer to 2nd):
On Sun 08 December 2013 00:50:37 Richard Stallman wrote:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> If the modem firmware is an installable program, then the fact that
> it is nonfree means the machine is running some nonfree software.
>
> If the modem firmware can't be changed, it is effectively in ROM, so
> it might as well be a circuit. It doesn't need to be considered
> as software. For instance, the FSF can disregard it when judging
> whether to endorse a product.

There are no modem chips that have a write-once or mask programmed ROM for
their firmware. And probably never will be.


> Could you possibly design the machine with a wire which, if cut,
> prevents flashing the modem software? Or some other way a user
> could prevent further reflashing of the modem software?

Since we don't know of the internal configuration of the modem hardware, we
can't ensure we actually forbid all changing of the firmware, no matter by
which means. Even an explicit WriteEnable pin on the modem chipset's flash chip
(if it were a separate chip) is not guaranteed to work the way it's advertised
by the chip manufacturer.

Also see my reasoning in other mail I sent, about program code generally
loaded to RAM before execution, and about initial genuine firmware not approved
for absence of any backdoors or other undesirable functions.

Sorry when I'm less concerned about FSF approval and whether the firmware of
modem is considered software or blackbox - what worries me is user's privacy
and that the user at all times has absolute control over what's going on with
her/his device. Firmware in ROM is an inapt means to ensure that privacy and
control.

best regards
jOERG
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
On Sun 08 December 2013 00:51:37 Richard Stallman wrote:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> Can the radio modem processor modify its own program?
>
> If so, the universal back door will be able to reload it.

Yes, most likely the modem CPU can write the modem internal flash where the
firmware with the backdoor is stored, so they can replace backdoor A by
backdoor B or any other "malware".

Forbidding rewrite of the firmware doesn't ensure there's no backdoor or other
nasty tings in it from very beginning. Also usually the "firmware" gets loaded
from flash storage to RAM for execution, this opens up an option to load other
executabe code to RAM without even changing "the firmware" as stored to modem
"in an immutable way" at all.

The only thing that helps make sure the modem behaves is tight monitoring of
the modem's behavior ;-) and all applicable means to block behavior we don't
like to see.
In particular: check modem RF output to learn when it's sending though it
shouldn't, monitor modem's power consumption and compare to a sane profile,
make sure the modem is OFF when we expect it to be (trivial), make sure the
modem cannot get a GPS fix when we don't want it to do (also trivial, cut/short
GPS antenna), separate mic from modem audio input so user has full control
over what the modem "hears" (up to the point where you feed it with fake audio
of your choice), monitor the clock of modem's digital audio input which
indicates modem is listening.

If you know further parameters that should get controlled to stay "on top of"
what modem does, please let me know.
I hope to create a device you wuld be willing to at least consider carrying
:-)


Best Regards
jOERG
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
And here as an example a complete quote of my answer to another mail I received at 2013-12-07 03:58 from "anon" user [color and bold added by me for this post]:
Hi!
Though we are not really interested in complying with somebody else's
definition of a good, user friendly, secure and free hardware, we seem to
follow mostly the same rationale in most points.

On Sat 07 December 2013 03:58:13 Anon wrote:
> I wrote an e-mail to Richard Stallman asking about what he thought about
> the Neo900 because I was thinking about backing the project. He asked
> some points about the phone that I couldn't answer but maybe you could.
> The following is what he wrote to me:
>
> This is a big step forward in privacy. Whether it is good enough that
> I would be willing to carry one, I don't know. Nonetheless, I am
> strongly in favor of it, and I am willing to say so. Where and how
> should I say so?
>
> >Neo900 can be used with 100% Free Software stack.
>
> I am not sure exactly what the "stack" includes, and this issue calls
> for precise answers. Could you tell me which parts of the points
> below it will satisfy?
>
> * The radio modem should be on a separate chip.
>
> * The main computer should be able to turn the radio modem on and off.
>
> * The microphone and the GPS should be connected to the main computer,
> not to the radio modem.
>
> * The software on the main computer should be free -- all of it.
>
> * The radio modem should not be able to control the main computer
> or alter its memory.


All of the above points are 100% satisfied.

>
> * It should be designed so that nothing short of physical manipulation
> can alter the radio modem's own software. This program must not be
> updatable through software.


Here we disagree and take pride in announcing that our modem presumably can
receive firmware updates by a process commonly known as "flashing", which is
done exclusively under absolute control of the user. This allows the modem
software to get updated to fix bugs or implement new features (like e.g. done
for the GLONASS functionality).
If the flasher used to do this counts as "updating software" in the sense of
above, or if changing the charge in flash cells is a "physical manipulation"
that would be allowable according to above requirement is beyond our
knowledge.

Anyway we fail to understand the rationale that results in above requirement
spec. We can't see how such a restriction in user's freedom to do whatever
possible with the hardware she owns and controls is a good and beneficial thing
for the device's privacy or freedom or security or whatever. Thus we reject
any change of our product requirement specifications regarding this.


Best Regards
Joerg Reisenweber
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments

Last edited by joerg_rw; 2013-12-16 at 09:35.
 

The Following 20 Users Say Thank You to joerg_rw For This Useful Post: