im so unbelievably black-pilled on the hardware kill switch concept. you would notice if your phone was recording audio/video and uploading it... if your phone runs a sane OS with good security practices (sooo not any of the Linux mobile solutions rn) apps can't arbitrarily turn your modem/wifi on
idk, change my mind or something
like, IoS and Android (and really just projects like grapheneOS) is the only mobile OS capable of offering something that could hold up against you being actively targeted by hackers.
its gonna be a huuuge effort to get postmarketOS anywhere near the same level (though of course its a long term goal).
hardware kill switches feel like a big misdirect to avoid the real issue which is bad software and inadequate education on attack surfaces.s
@cas I think you're right, but I also think the threat model is not that the apps might be malicious as much as that the baseband might be. but in order for the baseband to usurp control of mics/cameras from the regular OS (enough to enable them and surveil the user) it would need drivers for them, and I'd be astounded if that had ever happened to anyone or ever will
@migratory the exploit chain to do this on a Qualcomm phone would be pretty wild. But the point is that you (as an individual) would need to be actively targeted, which is NOT a realistic threat model for most people.
@cas companies should be able to listen to you in order to better understand what ads to show you. Overall it creates a better online experience where you don't get frustrated by ads, but experience joy.
See, all this time we've been fighting to give the ad sellers less data when in truth what we should have been doing is give them more so they can better serve our needs.
They are doing it for us
@pavel unfortunately not, very sad i couldn't make it to LPC.
I am familiar with these attacks on iOS, hardware kill switches on networking would at best make these attacks harder to pull off, but not impossible especially if you're being specifically targeted. kill switches on the mic might have value in this (extremely abnormal) context (while companies like purism market hw kill switches to normal end users), but I don't think recording audio was the focus of any of these targeted iphone exploits.
@fla i just think its misleading to imply that they in any significant way impact how privacy respecting your device is
@cas I couldn't care less about the security aspect, but I was actually surprised how much I use Librem 5's kill switches. They're so handy! Well, the cellular and WiFi ones at least, I don't think I have ever used the camera one for non-debugging purposes 😜
@cas What I want is the ability to power gate the modules, which has plenty of use-cases, but most importantly it gives me some control over black-boxed peripherals. Whether it's ultimately controlled by a hardware switch or the OS that I actually control doesn't make much difference - or at least that's what I used to think until I started using the L5 and noticed how convenient the switches are. The PinePhone ones are IMO mostly useless though (maybe aside of the UART one).
@rolandlo powering the modem off is gonna stop it from doing anything whether it's done via software (which on modern Qualcomm phones has to load the modem firmware and talk to it over pcie or shared memory) or via hardware.
there's no super secret hidden way the modem can turn itself on and load its (many megabytes) of firmware without a lot of hand holding from the OS.
@dos right, i mean look you can turn all these clocks off, send an irq to kill the modem, keep it in reset....
https://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/qcom/sdm845.dtsi#L3314
there's no fundamental benefit to hardware switches from a privacy perspective
@pavel @migratory if the modem is switched off (something you don't need a hardware kill switch for) it makes no difference
@cas no radio device can broadcast whatever if it has no power?
from bt announcing to the world you are around. To your modem saying hello to cell towers.
runtime battery life? why have the card powered if you are on the street and not using it.
@joao you can just as easily turn it off from software
@cas What about Sailfish? I spent some time looking into it and it would appear it's both daily-drivable and a fully tweakable Linux distro.
I'm waiting on them to release an image for the Xperia 10 V before I make the switch.
@coffee it's fine? idk, it's a fully custom distro with a bunch of proprietary parts that also relies on the proprietary android BSP under the hood (downstream kernel, android graphics/radio stack, etc).
@cas @pavel @migratory I must be missing something. How can the OS make sure the modem stays switched off? That is, how is baseband prevented to switch it back on? I may be paranoid, but I believe this feature is so tempting that it has been implemented by more than one vendor.
@cas I don't think it's about technical details, it's about the human factor.
- it's simple and quick (and pleasing) to turn something off,
- it thus gives even non-technical people a sense of agency,
- it can indicate state (e.g., the ringer switch on iPhones or HKS on the Librem 5 - I can just look at or feel the phones side and see/sense what's up)
So: Humans likey buttons, that's all - and on the Librem 5 you just want to turn unused stuff off to save battery ;-)
@ptesarik @pavel @migratory on Qualcomm devices the modem is either a DSP (which requires a bunch of hand-holding from the OS to boot up and do anything) or a PCIe peripheral (which still requires hand-holding to boot up). you can simply hard reset it and not load the firmware. it can't do anything in that situation
@cas I think the emphasis should be on *hardware* not *kill*. In a world where software tries to be clever physical switches (that are easily operated without even looking at the device) off means of and on means on which is very reassuring when one wants to save power or make sure one doesn't accidentally hit immense roaming fees with wwan on.