In case there's any confusion out there about why the Ubuntu Contributor Community is hard at work building a platform for phones (and other non-PC devices), please allow me to "Amplify the Signal" by presenting "Exhibit A":
"Android developer Trevor Eckhart last week released information and started an uproar about a widespread rootkit, called Carrier IQ, that's capable of logging everything you do and comes preinstalled on a ton of smartphones-including various Androids" (Source: Lifehacker)
That's right. The "Robot that pretends to be free" really isn't.
Oh, one more thing: "Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian, BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone.
(Source: "chpwn blog")
Seems that the "Fruit device from Cupertino" humming away in your pocket isn't so sweet/free either ;)
You'll likely recall that at UDS-P, our self-appointed-benevolent-dictator-for-life raised the bar and encouraged us to get Ubuntu running on all form factors.
Smart move.
--
Steampunk handset image by "urban don", used and modified under Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Generic license. Source: http://www.flickr.com/photos/donpezzano/3257999418/
This post is built on such terribly flawed premises that it's a textbook example of "not even wrong". In addition, the utter immaturity of phrases like "The Fruit Device from Cupertino" and "The Robot that pretends to be free" just compounds the issue. At least Stallman has clever, Adbuster-esque terms for the devices he refuses to name.
@Anonymous:
I beg to differ, and time shall tell. ;)
If the carriers install it, how do you know they won't just install it on Ubuntu phones as well?
I agree. Saying Android isn't free because this third party thing installed by the carrier it's plainly wrong.
If that's the best reason for an Ubuntu phone...
Provided they survive the wave of lawsuits that are about to hit them, and provided that they still have the appetite to spy/prey on customers after that, they might.
And if they do, we'll have a system that *we* build and control that can watch for nefarious programs/processes.
Yes you could put in place protections against this kind of app and then the carrier could remove those protections and add their app anyway.
Ubuntu would be powerless against this kind of thing.
I say it's worth taking the chance. :)
This application was installed as a "maintenance application". Every phone network in the world stipulates what standards a phone has to be built to before it can be connected to their network, and the same applies here: You wouldn't have been allowed to connect to this network until the appropriate "maintenance software" was installed.
I may be wrong, but as I read it CarrierIQ was added to Android phones by some phone companies, not by Google. So, honest question, how would an Ubuntu phone help with that? I'm sure Google is not too happy about this either, and I'd expect Google to have more leverage than Canonical.
Of course I would love an Ubuntu phone anyway.
My assumption is that we (the Ubuntu Contributor Community) are in a position to influence the project and code the lowest layers of the OS to prevent this kind of stuff from happening.
How would this be preventable by technical means?
I'm not a developer, but one idea that comes to mind is to sandbox the apps. Something like AppArmor or SELinux ought to be a good starting point. We should also be able to intercept and block any logging, tracking, recording processes. Ultimately, we'll still need free firmware and hardware though.
We must start by freeing the OS.
Then maybe going back in time 4 years ago and participate to the openmoko project could help.
Or just trying to use the qtopia project too ( given that I found qtopia in a phone around 8 times less powerful than my own galaxy s II, I guess that could be good enough ).
Even better, try to help on freesmartphone.org, and maybe Canonical could help to have data sheets and push drivers in the kernel. There is already lots of thing to do to free the OS? various hackers around the world have been working for that, and warning about the danger of current system of pre installed handset, without being able to convince anyone ( people like free software, but not when it end being more expensive, or less shiny, less stable or anything... )
OK, sounds not wholly unreasonable (though I'm not a developer either). I'd be the first in the customer line in any case :)
How would an Ubuntu-phone be different than Android, considering that stock Android does not have this software installed? Correct me if I am wrong, but isn't this added on after-the-fact by the manufacturer or carrier (not sure which), so it seems they would be able to install something similar after-the-fact on any Ubuntu-phone.
(Also, it appears CarrierIQ is disabled by default in iOS.)
The "Robot that pretends to be free" is not a community-driven nor participatory OS. My assumption is that we (the Ubuntu Contributor Community) are in a position to influence the Ubuntu project and code the lowest layers of the OS to prevent this kind of stuff from happening.
I support the notion of a Ubuntu phone. I would support a Kubuntu phone even more. But, anyone who thinks a K/U buntu phone is going to fix the Carrier IQ problem needs to slow down and think about the problem cause a Ubuntu phone won't address
First, a quick review of how Android/Blackberry/IOS/Windows/whatever phones are made. A manufacturer builds a phone and convinces a carrier to distribute it for use on their network. The carrier takes the phone and, working with the manufacturer, installs extra stuff on it to make integrate it into the carrier's offerings. Example - My Samsung Moment came with this lovely little app to help me watch the NFL and I had to root the phone to get rid of it. I didn't care about the NFL before buying the phone and I still don't, but the NFL and Sprint apparently think I want to watch football on my phone. CarrierIQ is the same idea, in a considerably more sinister format. The carrier/manufacturer install the software on the phone and then sell the phone to consumers.
They could just as easily do this to a Ubuntu phone. I see no reason to think that a Ubuntu phone would somehow be immune to this practice. CarrierIQ isn't malware that slips onto your system when you aren't looking, it is installed by the people selling you the phone. That is a BIG/HUGE/SORRY FOR SCREAMING difference.
I think a Ubuntu phone would be a great thing and I encourage competition in the market, but don't fool yourself or anyone else into thinking that problems like CarrierIQ are going to go away just because the phone runs linux. Such is not the case.
None of the other OS'es you have mentioned are free. Don't let the current non-free landscape drive the vision. The vision is to spread free software everywhere. That includes all layers of the software stack, and eventually the hardware too.
The kernel that is running is irrelevant provided it is free. What matters is the OS.
Android is mostly FOSS. It uses the linux kernel. Admittedly, there are some modules that have not yet gotten into the kernel trunk, but the Carrier IQ issue is separate from the sniping going on between the kernel devs and the Android folks.
My point remains the same. A FOSS OS doesn't solve this problem. The problem lies in a lack of transparency on the part of the carriers. Look at stock Android, Blackberry OS (not sure I have the name right), IOS, Windows etc. NONE of these mobile operating systems transmit this kind of data by default. But, carriers modify the installation ROMs to include this pernicious sort of software. You can sandbox things all you want and it will protect the OS from external threats, but you can't end-run a root-kit. The best rootkits literally sit below the OS. They have more control over the hardware/memory than the OS has.
System76, which sells some very nice Ubuntu based laptops could do something like this just as easily. Users who don't wipe the system and re-install fro a rootkit free media would be pwned from the beginning. I am NOT accusing System76 of doing this, I am simply pointing out that they could. I assume they are respecting their customer's privacy, but there is no way for anyone to know unless you buy a system from them and then use packet sniffing to look for inappropriate communication between your device and the outside world.
The problem isn't the OS. The problem will be dealt with because of people who bring this sort of violation into the light of day and public pressure will eventually eliminate the problem. Our communications systems are primarily run by corporations. These corporations know that they can use our private data to make money in a variety of ways from identifying where there are 3G dead spots to selling off the phone numbers for customers interested in various products. Only the cold hard light of truth and possibly legislation making this sort of behavior explicitly illegal will fix it.
I use Kubuntu on all my desktops/laptop and Ubuntu on my server. I'm about as 100% FOSS as they get - but you are drinking too much kool-aid if you think for even a second a FOSS operating system can protect you from this.
Well said, Andy.
The only thing that can stop this is countersurveillance software that monitors what the hardware is doing and ceases undesirable activity.
Personally, I'd feel safer running Ubuntu on my phone instead of Android or IOS, and I'd want to install it myself. But this only makes sense if there was reliable countersurveillance software that runs on a (hopefully) upcoming phone edition of Ubuntu.
It's tricky to do this, though, because it would have to be able to deal with a good range of proprietary hardware used in phones. Lots of investment in R&D and reverse engineering of proprietary hardware to get the software to work reliably.
Post new comment