[conspire] Fw: The Freedom Phone is not great at privacy

Rick Moen rick at linuxmafia.com
Wed Apr 20 14:10:36 PDT 2022


Quoting Syeed Ali (syeedali at syeedali.com):

> Given some recent discussion..

"mjg59.dreamwidth.org" is Matthew Garrett's blog, and he's an
interesting character -- in that he's an expert coder and open source
/ Linux distro insider.  Profile here:
https://en.wikipedia.org/wiki/Matthew_Garrett Many of us noticed him
particularly when he was (or at least seemed) instrumental in getting
tolerable solutions to the Secure Boot/UEFI problem (signed bootchain).

And, another thing Garrett is known for is being a stickler for checking
compliance with copyleft licensing terms and business / legal
irregularities -- as he does, here.

I'm _not_ surprised at problems / limitations with Freedom Phone.  There
has been a sad recent history of overpromising, in the area of new phone
handset hardware claimed to be, or aspiring to be, open hardware with
open software.  I could go on at some length, for example, about the
(IMO) deceptive stream of rhetoric from Purism about the (very
expensive) Librem 5 phone -- but won't, here.

Summarising as I read:

Freedom Phone is billed as including Signal (strong cryto messaging),
but instead has a weird fork called ClearSignal -- for which 
_no source code is evident_, despite being GPLv3.  Uh-oh.  _And_
ClearSignal is also "instrumented", to use the popular euphemism, to
send detailed privacy-violating crash reporting (RM: and what else?) to
some bunch of clowns.  Uh-oh uh-oh.

Also, ClearSignal implements forced upgrading by self-disabling if it
detects a new version is available.  This is a huge red flag, for lots
of reasons.  E.g., 1.  I'm sorry, but if it's allegedly open source,
isn't it _your_ business when/if you are willing to upgrade to their
whatever?  2.  The very existence of that mechanism raises nasty
suspicions about its use to force users to accept upstream-dictated
changes whether willing or not.  For what purpose, then?  To compell
further violations of privacy?  To compell more-restrictive terms in
newer versions?  This was one of the huge red flags in BitKeeper, that 
was gradually employed to force more-and-more-restricted "new versions" 
on the userbase -- until Torvalds had enough of BitMover/Larry McVoy's
bullshit and coded git in a moby frenzy of coding, in order to no longer
need BitKeeper.

Also, ClearSignal's built-in network backup seems to go to, again, some
bunch of clowns.

Also, looks like there's nosy behaviour involving lulling users into
providing other people's telephone numbers, which are used to get their
e-mail addresses, which are then used for some suspicious conduct
related to a multi-level marketing (MLM) scheme called Clear United,
which additionally has some even more bizarre weirdness "combining
blockchain and MLM" -- good grief!

The "membership agreement" for Clear United is also _seriously_ 
wack-a-doodle, and someone pasted excerpts from it into the comments.
(Run away!)




More information about the conspire mailing list