Thankfully, the internal battery in your N900 is probably dry by now (and has only enough power to run the RTC chip)

Heck, it doesn't even have to be running on your phone.
"Lawful Intercept" interfaces in cell tower software or Stingray-type intercept devices can do this easily, assuming you're being monitored by LEOs (or other entities)

/tinfoil

In all seriousness, the only piece of software you should worry about if you were privacy-conscious is the baseband, which is closed for obvious reasons.

However, unlike some Android devices, the CPU talks to the baseband over SSI, and not thru a memory device.
It should be doable to audit the communication between these two.

If you were truly a paranoid tinfoil hatter, you'd be running an obscure microkernel OS on a synthesized OpenCores IP block on an FPGA with an open compiler, interfacing on GSM networks with a USRP and OsmocomBB.

Oh, and a 500-pack of one-time-use SIM cards.

First of all, thank you for taking my questions seriously, and thank you for discussing it with me.

They may cooperate, or they may not.
May be the system administrator who works for carrier may want to know something about me. May be friend of him.

As I said I don't believe I am too important person, I just care about security to some extent.
I don't think I worth to set bugs in my apartment, I don't think someone is out to get me - just would like to minimize possibilities of data interception to be on the safe side.
Who uses telnet if there is ssh?

What I want is not to use telnet when there are safer ways.
I don't expect to be %100 safe.
I try to not do things which are %100 unsafe.

However what I send and receive is encrypted. Yes I understand what you've said about why it may not be enough. I know if I use my own email server - then I can only be sure that connection between my client and my server is secure, and I know that I have configured it to send email unencrypted if encrypted connection to other email server fails. I know that if I use some provider's email service like google's then google may, or may not, share this information with some other parties. I am asking here on maemo forums because I would like to discuss mobile specific security issues. And I have mentioned that I don't use sms messaging or voice communication which means I don't give unencrypted data right in the hands of carriers (like I don't use telnet) and in the same time I know that using encrypted xmpp connection does not guarantee a complete safety of communication.
What I question is for example - is using Nokia conversations (it is non-free software, right?) less secure than using Maemo Pidgin port? Is it probable that Conversations have a feature to send data to the carrier before encrypting it and sending to xmpp server?
I wonder what do we know and what we don't about staff like this.

I don't consider RMS's approaches to be extreme (:
Okay - so this is also what I would like to understand clearly - does tablet mode indeed turn n900 into a small laptop with Linux?
We had just NITs before - without GSM/UMTS so can we consider n900 in tablet mode is as safe as Linux laptop, or as safe as N810 in terms of what carrier can know about you?
Does enabling tablet mode mean that carrier cannot get my location? Does enabling offline mode?
So if I connect to wifi - there is no much difference if I connect with laptop or n900. But if I use cell towers in order to get connection then carriers can get my data.
That's why I was talking not about security in general, but about security by using GSM/UMTS and about Maemo/MeeGo operating systems.
What do we know about GSM?
We know that carrier can track my location.
Okay, then when they can do that? How can I prevent it, and does tablet mode prevent it?
What do we know about Maemo/MeeGo? We know that both Fremantle and Harmattan contain non free software and free software.
Which parts are non-free? As far as I know this are GSM chip driver, GPS chip driver, GSM chip firmware. And as far as I know the same non-free software is used in Nemomobile hardware adaptations. So does this mean that we have the same security threats when using Nemo vs using Maemo?
So if we don't use free GSM firmware and drivers we don't know what can do carrier. And I wonder, what does this tablet mode, and this offline mode? What can do carrier when n900 is in tablet mode? Does it take the GSM chip to sleep mode? How GSM chip gets out of this mode? By signal from the board or by radio signal?
Can the carrier get stream from microphone when the tablet mode is used or when the phone is in offline mode?

Okay, I think I see what you're getting at. Simply put, you'd like to know about the security-related issues a device such as the N9(50) brings along as a result of it being not only a computer, but a mobile communications device.

I think I've jotted down the most important of them in my post above - personally, I force 3G as a countermeasure against IMSI catchers since GSM is not up to snuff. The two aspects I consider the most important right now are that

• the N9 has a lot more means of receiving and sending data to/from the outside, so many more attack vectors
• many of the most crucial software components, such as baseband firmware, are closed-source and probably not too well audited, with questionable accountability

You hint at the latter with your question about Nokia Conversations. With closed source, we don't know too much at all until someone whips out IDA Pro . So, can't really say much about your specific questions. And firmware issues persist across operating systems, of course. Mitigation would in most cases be hard-as-nails to downright impossible.

With any untrusted network, you can gain some measure of privacy and security with virtual private networks or tunnels. You're not safe against traffic analysis, but it helps against eavesdropping and in-transit manipulation.

The Fremantle list of closed source (and unreplaced) software is well-documented - the dialer UI, tklock (key lock daemon) and the browser UI.
Most of these have open replacements, actually I think the only large user-facing app that hasn't been replaced is the dialer UI (Not the dialer stack - it's exposed over the D-Bus CSD interface, so anyone can make an open dialer UI.)

As for the firmware that's non-free, practically all the blobs are. Camera firmware, bluetooth and WiFi firmware (WL1251 chip), GSM, GPS.

The SGX (GPU) driver is also closed. You can opt to use the OMAP framebuffer instead, however there is a performance penalty in doing so.

And the primary and secondary bootloader's closed (NOLO), but the secondary bootloader is possibly replaceable. IIRC Pali already tried running u-boot as secondary bootloader.

As for what the carrier can do in tablet mode (GSM radio off), they can't do jack. It's been verified that it is in fact turned off (by the OS), and cannot receive signals.

For Nemo, it communicates with the radios in exactly the same way. Except for the fact that there are less closed userland blobs. Over SSI, no shared memory, and definitely cannot execute binaries on the CPU (you can browse the Ofono code if you want to verify this)

IIRC, aside from the firmware, the only closed bits in Nemo is the SGX driver, without which performance would be more unusable than it already is.

To be serious, arent google and facebook the ones that you really want to protect yourself from?
Their businessmodel is to harvest information about people and sell that to advertizers and others that is willing to pay for it.

The new question is

Why do you trust more a WIFI network? Where ANYONE could make you a MITM attack?

If you use SSL/TLS *and* verify the validity of the certificates then you should be OK.

Unfortunately not all programs care about checking the certifiicates.

not only. I am more concerned with local carriers who can share information with local government, or that people who work for carrier can expose some info to some other people, rather than google or facebook.
However that does not mean I have google or facebook account - I don't. For example, to not use google latitude, I have been written Meridian23

Thank you! I would like to read the source, if possible. Not that I don't trust you, just for the sake of interest - how they did it, and how it works in details.

yes (:
thank you for comments.