New linux device NC_1 from Necuno





  • Thats interesting! Last year on FOSDEM I already met with their representative, I will try to catch her again this year for some updates 😉



  • I think the problem is the price for this device.

    The first dev batch cost 1.200€ for quite low specs, but at the end its nice to see that people/companies try to bring alternative OSes to smartphones.



  • Everybody which business is security-related in any way has actually a problem - which cannot be solved in several ways. If your CIO will forbid from the next month nearly all android phones -> 1,200 € would be a bargain if the solution works!

    But sure - it's a specific market - also with specific prices - maybe at around 2,000 € for an old Samsung, etc:

    .....



  • @Mic_ said in New linux device NC_1 from Necuno:

    Everybody which business is security-related in any way has actually a problem - which cannot be solved in several ways. If your CIO will forbid from the next month nearly all android phones -> 1,200 € would be a bargain if the solution works!

    What are their actual security features? I see their website promises encrypted communications for the enterprise offering (NE_1), but I don't see mention of encrypted storage on that or the NC_1 (albeit I've not read every page on their website). Does the NC_1 (or NE_1) have file or filesystem encryption? Secure key storage? TPM?

    They state they left out a fingerprint reader for security reasons, which seems mighty odd to me given the problems of securing logons to mobile devices used in public places. (Yes, in the US, biometrics aren't protected from police action in some jurisdictions while passwords are, but Necuno is based in Finland). Maybe they meant because of closed source drivers, but it's again a very questionable decision from the standpoint of security.

    In the end, platform openness, privacy, and security are three different things, and each applies in different ways at the level of the platform, the OS, the software used, and the metadata it leaks (or deliberately places in the cloud). I'm getting leery of seeing the security drum beaten so much for projects that seem more centered on openness or privacy (often "privacy by obscurity" in the case of alternative platforms) without doing much special (or sometimes at all) in the way of security. I feel it harms the cause to promise too much. Someday such devices and their software stacks may be open, private, and secure, but it's hardly the case in these very early days of open mobile hardware.

    It could be I'm wrong and Necuno is actually forging new ground, but if so, I wish they would publish some details of how that is so.



  • I remember our long faces when they told us, it wont have a cellular modem ^^



  • @Flohack
    Well, I suppose that's one way to get around the proprietary blob issue... And, at least in the West, where there tends to be wall-to-wall Wifi, perhaps cell isn't so important.



  • @trainailleur Sounds for me like a new footrace to the most charming solutiuon. And I think (as a one-eyed-person on this area) that every other solution is always better .... ?!

    Is it easier to take standard android and to MAKE it 'safer' (whatever that in detail means) - or to develop something new? I thought UT takes the way of a new developemnt - to have it at the end easier!?



  • "We will be contributing to the open source communities working in the mobile industry. It is still our dream to have an actual privacy respecting mobile device that is in the users control. We will contribute code, devices and in some cases donations for communities in order to boost the ecosystem as whole."



  • @Mic_ said in New linux device NC_1 from Necuno:

    Is it easier to take standard android and to MAKE it 'safer' (whatever that in detail means) - or to develop something new? I thought UT takes the way of a new developemnt - to have it at the end easier!?

    A Pixel 3 or 3a running GrapheneOS or CalyxOS is highly secure, and with carefully chosen apps, highly private, so I think the answer to your question is that making Android safer is easier for now. Of course going that route puts money directly into Google's pocket, which isn't ideal.

    In the long run, I expect open hardware to produce systems which are also both secure and private, but for the time being, I am not seeing the open hardware we've seen so far as secure, nor am I seeing the OSes running on them as being especially so. With regard to privacy, the situation is perhaps better simply because such platforms are so obscure they are not yet major tracking targets, yet even so I suspect the average user of existing alternative phone OSes is highly fingerprintable.

    In order to take back control of mobile computing, we the users need open hardware and we need operating systems under community control, so I don't mean in any way to discourage any open hardware effort. I do wish though that we who are enthusiasts of open systems would be more careful not to overstate the situation as it stands.

    In Necuno's case, they state they are a security company, so perhaps they have baked things into their hardware and software that they haven't explained on their website. I hope that is so, and if it is, I hope they will share info about it.



  • An ex-collegue reported me once about the hardware-testing-department of AVM. So they inspect all components of their routers and only purchase elements which they trust.

    I thought that way brings us secure routers. Want to have the same for phones. Isn't that possible - or at least conceivable?!



  • @Mic_ That doesn't create a fully secured device. It simply means that you can verify the origin of the hardware, and whether it was tampered with in transit. It doesn't mean there are no security flaws in the hardware itself, the firmware, nor the software.

    It is only one of the many steps that need to be taken, to make things secure. And security is not really a binary state in that sense. It's more a sliding scale, and there really isn't anything that is 100% secure.



  • Yes sorry I am very inconclusive at this point. What I mainly mean is the possibility to sell a service which companies allows to massively influence peoples 'opinions' - which at the end bases on the collection of data about these people.

    That specific phones can at the end nearly always been attacked - ok, but that is not my point. Maybe I should call it not 'security' in general.

    As I have heard AVM does really a lot of work to get the right elements from the producers of chips etc. I thought that is the right way.



  • I would like to see some evidence of their claims, from the software side. For example, all over the web site, it talks about this "aera OS" thing, which is supposedly a Linux based OS which they make for the phone. However, despite much searching, I can find absolutely no information about it.



  • I will try to get hands-on on FOSDEM and see. Last year they had a "non-functioning deactivated" prototype, which was essentially a 3D-printed case with nothing inside



  • solutions_overview.png

    "Aera OS can be run on select off-the-shelf devices (e.g Sony Xperia X ) or it can be combined with our third level."

    https://www.f6s.com/necunosolutionsltd

    A part of SFOS maybe?



  • @Mic_ said in New linux device NC_1 from Necuno:

    A part of SFOS maybe?

    There's literally no actual information, so I don't want to make assumptions. There are also old blog posts where they talk about partnerships with pmOS, KDE, etc… similar to how Purism did with the Librem 5, but those are all from before this "aera OS" existed I guess.

    I would much like to know what it is actually though, and what "hardening" has been done.



  • @dobey https://necunos.com/blog/necuno-solutions-and-nemo-mobile-collaboration/

    Nemo based on Mer-core. Mer-core was started as a fork from Nokia MeeGo. Sailfish based on MeeGo.



  • @Mic_ said in New linux device NC_1 from Necuno:

    based

    December 2018

    Again, this is quite old and from a time before this aera os seems to have ever been mentioned by Necuno. Obviously Nemo is not a "hardened Linux" either.

    I'm talking about aera os only, and not the previous "partnerships" with other mobile OS projects like Nemo, pmOS, etc… which were all mentioned in 2018 prior to any claim of Necuno developing a hardened OS called aera os.



  • Well maybe @Flohack will find something out. I don't think I belong to the user group but nevertheless it an interessting topic.


Log in to reply