**** BEGIN LOGGING AT Mon Oct 01 03:00:02 2018
Oct 01 18:03:23 <traumschule> what is the best option for a secure phone? gta04 offers no hardware atm. fairphone? samsung with replicant? someone recommended ubuntu touch
Oct 01 18:11:26 <PaulFertser> traumschule: probably the sanest way is to avoid smartphones altogether.
Oct 01 18:11:48 <PaulFertser> traumschule: carry a small arm netbook with you if you need a computer.
Oct 01 18:14:05 <PaulFertser> traumschule: all those mass-produced smartphones physically share memory between the radio CPU and application CPU. And radio is running bugs-ridden UMTS/LTE stack and what's not.
Oct 01 18:14:17 <traumschule> that's so cool to get an answer here in time! totally agree and don't wish for a smartphone myself, it's more like a consultation for friends. arm netbook .. do you mean sth like https://www.pine64.org
Oct 01 18:15:01 <traumschule> yea, the baseband processor is hard to isolate, that's what i tell people, but it's hard to put it in words they understand :)
Oct 01 18:16:01 <PaulFertser> traumschule: yes, I've read they planned to produce a nice netbook. There're also some nice chromebooks supported by coreboot.
Oct 01 18:17:49 <PaulFertser> traumschule: but if I am to give an advice, I'd like to suggest reading about Qubes OS, it's general principles. My point is that one can reasonably compose secure and insecure systems, compartmentalise different tasks.
Oct 01 18:18:41 <PaulFertser> traumschule: that requires plenty of thought though, as nothing is inherently secure or insecure, one needs to have a threat model to evaluate all the options.
Oct 01 18:22:18 <PaulFertser> traumschule: and btw, there're some UMTS USB devices that can be used for voice telephony with a SIP server, e.g. chan_dongle in asterisk.
Oct 01 18:22:41 <PaulFertser> Re portable computers, there's another option, GPD Win but it's not supported by coreboot.
Oct 01 18:23:46 <traumschule> mh, i know whonix offers qubes https://www.qubes-os.org/doc/whonix/ - the hint for a arm netbook sounds pretty good, will keep an eye on it. http://armdevices.net/category/laptops/
Oct 01 18:25:05 <traumschule> the person who asked seems to have quite unrealistic expectations of a foss smartphone of below 100€. this article praises already 200$ as special https://www.slashgear.com/wistron-n900z-smartbook-sub-200-arm-netbook-0345776/
Oct 01 18:25:25 <PaulFertser> traumschule: Qubes works on modern Intel x86 and requires full virtualisation support, so not directly applicable to arm netbooks. My point is that different tasks should be probably carried out on different hardware if there's no way to properly isolate them with software.
Oct 01 18:26:15 <PaulFertser> traumschule: the person needs to think about his threat model. And what smartphone is so cheap anyway, some low-end android phone from China?
Oct 01 18:27:34 <traumschule> speaking of coreboot X-ES and purism seem the place to go, like Librem https://puri.sm/products/
Oct 01 18:28:28 <traumschule> 1000$ onwards ..
Oct 01 18:30:46 <traumschule> it's related to activism, so i suggested to keep gsm turned off and only use wifi in combination with a dedicated hardened server as uplink, like RaPI. but they want to be mobile, you know :)
Oct 01 18:32:35 <traumschule> arduino with a gsm shield is an option too. hard to break out from there i guess ..
Oct 01 18:32:38 <PaulFertser> traumschule: with a cheap featurephone one can be online when needed, and fully and reliably turn it off when not needed.
Oct 01 18:34:15 <traumschule> sounds interesting
Oct 01 18:36:02 <PaulFertser> Also, cheap means you just dump it when you think it's time to cut all the ties. And then you just get a new featurephone with new IMEA, plug a new anonymous SIM card into it and off you go.
Oct 01 18:37:21 <PaulFertser> But, again, threat model is the key to evaluate the possibilities in a meaningful way here.
Oct 01 18:39:05 <PaulFertser> And a mobile phone is just a small part of the whole picture anyway.
Oct 01 18:43:11 <traumschule> the setup i like most is a umts stick that can be attached to a lot of things. if you keep it separated from your desktop the attack surface (like getting knowledge of the applications, email providers / addresses you use) is quite low. geolocation is still an issue but switching devices and cards regularly can help.
Oct 01 18:46:50 <PaulFertser> traumschule: umts stick I already mentioned, and with some you get voice telephony support too.
Oct 01 19:01:27 <traumschule> the pine stuff is pretty neat
Oct 01 19:02:18 <traumschule> (turned out they are mostly interested in signal *sigh*)
Oct 01 19:04:18 <traumschule> .. and when one starts explaining attack vectors and prevention methods suddenly attention vanishes :/
**** ENDING LOGGING AT Tue Oct 02 03:00:01 2018