| So you want a $100 feature phone that has serious security features like monthly security patches and dedicated security coprocessors? It's tough to make the economics of that work out. All the serious security features costs money to implement, either in the form of development costs or added costs to the BOM. Those costs can be absorbed if you're selling a $600 phone, but not a $100 phone. If you try to add those features to a $100 phone, it'll end up making the phone more expensive, which means nobody but security freaks would buy your phone, and you lose economies of scale that's needed to make a phone at all. Back to your point, there's already a "split of hardware and software" in the PC market, and we know how it works out. Security there is a joke. Windows might be getting monthly security patches, but the same can't be said of the panoply of third party drivers/firmware. Whenever microsoft tries to push for better security they get shouted down by people claiming it's some sort of conspiracy to implement DRM. |
| |
| ▲ | arcane23 2 days ago | parent | next [-] | | You missed my point, a simpler hardware/software phone needs less resources to maintain. No eyecandy/cushy features to maintain, security becomes easier to maintain by the community. No constantly added features and gimmicks which break and introduce weak points. Let's not forget that all these "features" which enable corporations like Google take complete control over the project also end up driving price up, constantly. Cheap phones are a sh*t iteration of more expensive phones, instead of being simpler more basic implementations of must have features without the "quality of life" bloat on the top tier models. They should have a different tier OS rather than the same one. I would also not make the parallel between comms devices and PCs, they're different beasts. | | |
| ▲ | gruez 2 days ago | parent [-] | | >a simpler hardware/software phone needs less resources to maintain And a such a product is going to absolutely niche, which means no economies of scale producing or maintaining it. You try to justify that by saying it'll be maintained by "the community", but who's going to want to do unglamorous work fixing security issues, compared to developing features? Mainstream phones have dedicated security teams and freelance vulnerability researchers going after them for fame/clout. Who would want to do security research for what's essentially a glorified nokia 3310 that maybe 1000 people use? | | |
| ▲ | aspenmayer 2 days ago | parent | next [-] | | The Flipper Zero and its success through direct crowdfunding proves that if you build it, and this next step is equally important to the first, if you build a community around it to directly market it effectively with reversible crowdfunding, you don’t have to wait for them to then come, as they’re already here, right there with you. | | |
| ▲ | gruez 2 days ago | parent [-] | | Flipper zero doesn't really have a competitor, aside from maybe a bunch of bulky equipment that fits on a table. Such a feature phone would be competing against iPhones/Pixels, both of which are pretty secure and have dedicated security teams. Any new product would have to compete on price/feature/reputation, which would be tough. | | |
| ▲ | aspenmayer 2 days ago | parent [-] | | The success of the Raspberry Pi proves that existence of competitors is no impediment to success with the proper connections with vendors and with the community. The OpenWRT One is another example of collaborating with community trusted vendors to build a niche community based hardware product. https://openwrt.org/toh/openwrt/one |
|
| |
| ▲ | arcane23 2 days ago | parent | prev [-] | | Ignoring how strangely against this idea you are, for no justifiable reason, it wouldn't look like a 3310, it would still look like a smart phone, probably OLED so more battery life. It would just miss a lot of modern features which are absolutely irrelevant to anyone who wants a privacy/security focused mobile phone.
Probably not the latest CPU, not the latest mobile chip, but still decent for what it has to do. | | |
| ▲ | aspenmayer 2 days ago | parent | next [-] | | I have crossed paths with them before. Yellow rock approach. https://danieldashnawcouplestherapy.com/blog/yellow-rock-met... | |
| ▲ | gruez 2 days ago | parent | prev [-] | | >Ignoring how strangely against this idea you are, for no justifiable reason Ignoring how you assert this, when I outlined plenty of reasons which you've yet to rebut... >it wouldn't look like a 3310, it would still look like a smart phone, probably OLED so more battery life. It would just miss a lot of modern features which are absolutely irrelevant to anyone who wants a privacy/security focused mobile phone. Probably not the latest CPU, not the latest mobile chip, but still decent for what it has to do. Sounds like a $200 mid-range phone that's sold in much of Asia. Question is, who's going to make it? How are you going to amortize the development costs? You mentioned that it's going to use custom software/hardware to keep security maintenance burden low, but how would that be funded? Most of the SoC vendors are going to be providing kernels/drivers to you with the expectation that you're going to use it to build an Android phone. Good luck convincing them to provide engineering support for your custom software/hardware stack. Not to mention the questions about maintenance you haven't addressed aside from some handwaving about it'll be simpler and therefore can be "community maintained". |
|
|
| |
| ▲ | salawat 2 days ago | parent | prev [-] | | >Whenever microsoft tries to push for better security they get shouted down by people claiming it's some sort of conspiracy to implement DRM. Mainly because it is, and you can go Q.E.D. all you like, but there doesn't need to be a bunch of mustachioed villains explicitly making evil plans when everyone's ultimate aims align. They're going to get theirs, and the rest will just be a long for the ride while those people in a position of power continue to weave a collective path through the space of "conspicuously unimplemented features". The computer was meant to be as a calculator. An unassuming tool to automate the mundane, not as a link in the chain of techno-fascism/feudalism/tyranny. The only thing that will ward off that eventuality is how we as people embrace and guide it's further usage & implementation. The tech is currently here for every bad ending. I want to make that clear. It has already arrived. The knowledge of it's configuration to bring those ends are the part that isn't quite realized yet. I pray that it won't be unearthed, but with the way things are currently going, I have serious doubts. | | |
| ▲ | gruez 2 days ago | parent [-] | | >Mainly because it is, and you can go Q.E.D. all you like, but there doesn't need to be a bunch of mustachioed villains explicitly making evil plans when everyone's ultimate aims align. They're going to get theirs, and the rest will just be a long for the ride while those people in a position of power continue to weave a collective path through the space of "conspicuously unimplemented features". Like it or not, TPM was meant to increase security by deterring evil maid attacks. If you can't stop this sort of attack, your device doesn't offer serious security, and a feature phone with wifi/bluetooth/cellular data turned off probably has similar security. Moreover TPMs were introduced over a decade ago and there's still no DRM that's based on it. People did forget about SGX though, which came and went but had actual DRM built for it. I've also never heard a peep about HDCP which is specifically for DRM purposes and is built into every GPU/monitor. | | |
| ▲ | IlikeKitties 2 days ago | parent [-] | | Okay, so there's so much wrong here i don't know where to start. > Like it or not, TPM was meant to increase security by deterring evil maid attacks. If you can't stop this sort of attack, your device doesn't offer serious security, and a feature phone with wifi/bluetooth/cellular data turned off probably has similar security TPMs in their commercial implementation do not deter any evil maid attack. Only some special cases like HEADS Firmware actually protects you from an evil maid attack. TPMs, Secureboot, etc. merely prevent non-signed code from booting when the hard has not been tampered with. Tamper with the hardware and make it show a green "everything is fine" screen while booting a tainted kernel and device drivers and a tpm won't save you. > Moreover TPMs were introduced over a decade ago and there's still no DRM that's based on it. Google Play Integrity API is essentially this. Can't run certain apps on devices that don't pass TPM based attestation. Not exactly DRM but something akin to it. > People did forget about SGX though, which came and went but had actual DRM built for it. People didn't forget, it got broken so badly intel gave up on it. > I've also never heard a peep about HDCP which is specifically for DRM purposes and is built into every GPU/monitor. You've just not been listening. It's just that HDCP also has been bypassed a lot. |
|
|
|
