RE: I trust this Covid19 tracking software...

Just to let you know that I changed my mind about this kind of app after reading this document (in french), showing many security problems inherent to any app like this:

https://risques-tracage.fr/docs/risques-tracage.pdf

Just to let you know that I changed my mind about this kind of app after reading this document (in french), showing many security problems inherent to any app like this:

https://risques-tracage.fr/docs/risques-tracage.pdf

@magdesign
Yes yes I tend to agree that the we should not exaggerate gravity of covid-19. But this question of app is not only covid-19 but also any possible future epidemic. Imagine tomorrow we face a similar virus but it kills 50% of people infected, or worse 90%, would you really say we should not use such an app, even though it is harmless for privacy?

Also it is always quite easy to say this kind of things about natural selection, when ourselves face a low probability of death (because we're young, that's my case, I guess it's yours), and others face a way higher probability. We might not say the same thing if we were facing death directly. And also it's not only a question of dying, but also dying in terrible conditions, if heath systems are overwhelmed. We have been habited not to face this anymore, these last decades.

And also do not forget that this app would not only save lives or give us security, but help us get back our freedoms, freedom to go out, and to meet people, while we are already confined.

@magdesign I've actually switched to ubports from flip phones, I never used Android for privacy and freedom reasons. And I'm looking forward to getting rid of Android blobs, with pinephone and/or librem5.

But think of one thing: If you had a notebook in paper and every-time you approach someone you note his name in it, in case you have to warn people you where in contact with, in case you are sick. But none else than you have access to that notebook. Would you find this problematic?

The app I described, is basically that except that it is automatic, and more privacy-friendly, because I don't actually note the name of the person, but a random string that only the associated person knows it is associated to him.

And I guess privacy and freedom activists especially in the field of mobile phones, might have interest in being proactive and proposing solutions at the edge of privacy protection, rather than letting others propose solutions that are not so good for privacy.

And I guess privacy and freedom activists especially in the field of mobilephones, might have interest in being proactive and proposing solutions at the edge of privacy protection, rather than letting others propose solutions that are not so good for privacy.

If others want to do it, I'm willing to participate in developing such an app.

Just to make things clear it seems possible to build an app that would be usefull for contact tracing concerning covid-19 (or any other future epidemic), without being at all a threat for privacy. And it is quite simple, and we can imagine many methods. Here is a simple example of a method that I think would work:

• Suppose that 2 nearby device can exchange messages wireless probably with bluetooth, but we could also imagine wifi in theory. They should only exchange this message not any other info (We should check that mac addresse are not a privacy problem, they should be regularly changed randomly.)

• Whenever a nearby contact is made, between 2 devices, both devices generate a random string (RS) and exchange it with the neighboor. Both record in their local memory the locally-generated RS, and the remote received RS, and the corresponding date (not the time), and nothing else. It's kept only locally not sent to anybody else.

• RS that are too old (>14 or 21 days) are automatically erased.

• If someone is detected positive, with his approval, all RS remotely received are published anonymously in a central server, to alert people.

• Now the person who generated a RS corresponding to a contact with an infected person can know he was in contact with an infected person (simply by consulting the public server and checking if one of its own RS is there or not). But only him can know, nobody else. And no private data is disclosed!

I really do hope things are going to go towards something like this, and if so that we could have a compatible app for Ubports.

@Lakotaubp

I really hope that what will be massively used will be FOSS, and veritably harmless to our privacy. In that case to me this is an issue that we cannot use it, if it is privacy protecting.

Just to make things clear it seems possible to build an app that would be usefull for contact tracing concerning covid-19 (or any other future epidemic), without being at all a threat for privacy. And it is quite simple, and we can imagine many methods. Here is a simple example of a method:

• Suppose that 2 nearby device can exchange messages wireless probably with bluetooth, but we could also imagine wifi in theory. (We should check that mac addresse are not a privacy problem, they should be regularly changed randomly.)

• Whenever a nearby contact is made, between 2 devices, both devices generate a random string (RS) and exchange it with the neighboor. Both record in their local memory the locally-generated RS, and the remote received RS, and the corresponding date (not the time), and nothing else. It's kept only locally not sent to anybody else.

• RS that are too old (>14 or 21 days) are automatically erased.

• If someone is detected positive, with his approval, all RS remotely received are published anonymously in a central server, to alert people.

• Now the person who generated a RS corresponding to a contact with an infected person can know he was in contact with an infected person (simply by consulting the public server and checking if one of its own RS is there or not). But only him can know, nobody else. And no private data is disclosed!

I really do hope things are going to go towards something like this, and if so that we could have a compatible app for Ubports.

Hi,

As you know one option studied to fight covid-19 is contact tracing. It may at first appear as a privacy-violating measure. However I've hear that some people have worked on a design that is privacy-protecting, with all the data kept locally only and use of encryption to make sure that no private data is leaked at no stage of the process. It seemed quite convincing to me.

However one thing I'm afraid is that if such an app is developed, and is fully privacy-protecting, it may not be available for ubports.

Any thought on that?

Thank's a lot for the answer and for your work!

He are photos of the strange display colors.

Hi,

i've received my pinephone today. I've installed the latest revision from https://ci.ubports.com/job/rootfs/job/rootfs-pinephone/ (rev 201).

However it seems a lot more buggy that's what is seen on videos showing ubports on pinephone:

• A lot of display issues with strange colors
• Keyboard not showing at critical moments, when it should.
• Very often random freezes: touchscreen becomes totaly unresponsive.
• Often random restart of the shell

Is there a specific revision which works better?

@advocatux said in Not enough free space in /var/cache/apt/archives:

@gb making the system rw is not really a good idea for many reasons. If you want to use apt it's better to do it inside a contained environment, like Libertine for example.

Yes but I want to be able to use CLI tools on the real system to control the real system, control the machine, not be sandboxed in a container.

Can you explain what is insecure about "legacy packaging" (i.e apt ), and why it would be more insecure on the phone than it is on a laptop or a server?

@dobey

Actually I got the above problem trying to install a console program (dig) to do some in-field testing. To me all console programs make perfect sense being run on phones as they are on desktop, server, router, super-calculator, robot ... . And they can be used to really control the system.

On the other hand, on the graphical side, lately purism seems to make a great job adapting gnome apps for phone, so I guess we just have to wait and see.

@pparent This is not a good idea to do.

No disrespect, but I think this is why I will choose pureOS in the long run, whenever I receive the phone and it is usable.

As users I want to be able to do the same things we can do on our computer, and be in control of our device, without being artificially limited, and not being sandboxed into a container. Otherwise I would use Android!

sudo rm -r /var/cache/apt
sudo tune2fs -m 0 /dev/loop0

Concerning purism, I think they go beyond what I expect in terms of freedom. This post shows it:

https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurdle/

Not sure why replicant guys are mad. But on a fully free software phone I would definitely not like replicant, I want a real Gnu/Linux! Also they are reproaching Intel's management engine in purism's laptop, saying it would be impossible to disable, but they actually succeed in disabling it:

https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/

I recently learned about this project which seems very interesting, and allows clear control about non-free software and firmware installed. Could be usefull for a web consultation device on N900 or Sony Xperia Z2:

http://postmarketos.org/
https://wiki.postmarketos.org/wiki/Devices

I don't know if unity/ubuntu touch could be ported on it at some point.

@flohack said in How much of non-free software is there in UBports images?:

If you think our documents are misleading please point out the respective text parts so that we can make it more clear. Thanks!

No, no I did not mean to say that you were misleading. Sorry if I seemd otherwise.

But reading a little bit the documentation I did not find immediatly an answer to this question so I asked it. I recently understood a little bit halium and so on, but that's a bit tecnhical at first.

So yes, each device that we port from Android to UT has a sinificant amount of non-free firmware and userspace services running.

Ok thank's for the clear answer!

As Android uses Linux kernel which is GPLed

Still contains non-free firmware blob though (which is nothing in comparison to Android Blob though). And Kernel allows non-free module, so I'm not sure to understand why they did this userspace trick

Librem 5 might be the answer

Yes I preorderd it!

Hi,

I'm wondering how much of non-free software is there in UBports?

I guess that there must be at least non-free firmware blob in the kernel, as only few distributions remove them ( e.g Debian, Trisquel, Pureos ). Are there also non-free drivers in the kernel for some devices? Are there other non-free software unrelated to the kernel installed by default?

I think it would be most interesting to have a most precise view on this question, since the free and open-source software argument is the main advantage of UBports against Android.

Also note that Replicant maintans a list of "Freedom and privacy/security issues" for each of its targeted devices. None of them is completly free of issues.

Thank's in advance for your reply!
PIerre.