Posts by biktorgj@fosstodon.org
(DIR) Post #APvJFebnnPKwHCUARU by biktorgj@fosstodon.org
2022-11-24T08:07:32Z
1 likes, 4 repeats
New firmware for your @PINE64 #PinePhone and #PinePhonePro modem, now with (beta) call recording support!As always, you can get it from #lvfs and GitHub(https://github.com/the-modem-distro/pinephone_modem_sdk/releases/tag/0.7.1)Have fun!
(DIR) Post #ARi2Z4waVIok7F6k3k by biktorgj@fosstodon.org
2023-01-14T09:18:07Z
0 likes, 2 repeats
So... I wanted to publish this one before new year, but ended up missing my own deadline 😅 New release for @PINE64's Pinephone and Pro's modem! Now with Do Not Disturb, better PDU decoding, CB message replay via QMI and quite a few fixes:https://github.com/the-modem-distro/pinephone_modem_sdk/releases/tag/0.7.2
(DIR) Post #ASGJ2LimPIFOCY7dAG by biktorgj@fosstodon.org
2023-02-02T05:30:23Z
0 likes, 0 repeats
I was pissed off when Ubuntu started using apt to promote their stuff, but this is next level. Only thing preventing me from moving my last VMs with ubuntu was laziness, but charging for security updates? Bye Canonical!
(DIR) Post #ASt0uTAuilIF7WhdWS by biktorgj@fosstodon.org
2023-02-20T21:36:04Z
0 likes, 1 repeats
I'm giving myself one week to finish some stuff and get 0.7.3 out. It's easily the biggest release for the Pinephone (and Pro) modem I've done so far... But I don't want to spoil it so I'm going to shut upStay tuned :)For all of you who are stuck on 0.7.1 because you depend on fwupd... It's fixed upstream now, so LVFS updates should work again soon! (If you can't wait, there's always GitHub)
(DIR) Post #ATXxcTfSUkmhHTKhQu by biktorgj@fosstodon.org
2023-02-27T12:21:16Z
1 likes, 2 repeats
Okay, here we go!New release for @PINE64 PinePhone (and Pro) Modem!This one has _so many_ changes that I better flag it as a test release, even if it's working well for me. New test features like Open Cellid database support for network cell id matching, allowing the modem to kill the baseband if it connects to an unknown cell & initial support for internal networking (your distro might not be happy about the new network interface though :)) Have fun!https://github.com/the-modem-distro/pinephone_modem_sdk/releases/tag/0.7.3
(DIR) Post #AV2gIlq8tk8EpfxsQ4 by biktorgj@fosstodon.org
2023-04-26T04:56:25Z
1 likes, 2 repeats
So... With all respect @nitrokey , I'd advise you (mostly your PR department) to fact check your article about Qualcomm's A-GPS data... First because it's a load of trash, but it's also a lie in some many levels that only makes you look bad.First: The qualcomm chipset doesn't send any data. There's a service running in every qualcomm phone's userspace which downloads the A-GPS provisioning data. 1/4
(DIR) Post #AV2gInt3HteDBHLEES by biktorgj@fosstodon.org
2023-04-26T04:56:51Z
0 likes, 0 repeats
Second: The fact that you don't know about Qualcomm's iZat service only means you don't know your phone. iZat is Qualcomm's all in one location solution, and it exists for almost a decade.Third: There's no covert operating system. Qualcomm's AMSS firmware is the _center_ of Qcom's business. They even have an SDK and access to the source code is available for OEMs so they can add whatever they need. 2/4
(DIR) Post #AV2gIpkyKuNAynZnuq by biktorgj@fosstodon.org
2023-04-26T04:59:50Z
1 likes, 0 repeats
The AMSS firmware also controls the sensors, cameras, and plenty of stuff you could know if you looked at even one of Qcom's sales brochures but you don't know becauseFour: Your phone is a rebranded pixel. Which means that, you, unlike Fairphone or Sony, don't actually have access to the baseband source code because you're not the OEM, and depend of Google, from all companies, to provide updated pre-built AMSS, TZ and RPM firmware. 3/4
(DIR) Post #AV2gIrcXPEoYlDe62y by biktorgj@fosstodon.org
2023-04-26T05:00:44Z
0 likes, 0 repeats
So not only this article proves you don't know your stuff, it also proves you have no idea of what is actually running inside _your_ phone, which, to be honest, doesn't help your case in selling a "secure phone", when other companies can actually audit the code that's running in their phones and you can't.DISCLAIMER: I don't particularly like Qualcomm, and I don't work for any of the companies involved in the article. But that article was _so full of lies_ that I had to say something.
(DIR) Post #AV2gIthZfU21DQ19Au by biktorgj@fosstodon.org
2023-04-26T05:18:45Z
1 likes, 0 repeats
Oh, and I almost forgot. If anyone wants to stop using the izat servers to retrieve the almanac (or make some script to download daily and self-host it), you can edit:/vendor/etc/gps.conf and add:XTRA_SERVER_1=[url]XTRA_SERVER_2=[url]XTRA_SERVER_3=[url](Change URL with your own server)NTP_SERVER=time.xtracloud.net (set another ntp server)and /vendor/etc/izat.conf:GTP_PRIVACY_VERSION_URL for some other URL
(DIR) Post #AV2nQWEDWcrMPRrpLs by biktorgj@fosstodon.org
2023-04-26T12:41:07Z
0 likes, 0 repeats
@troed That depends.The builds I have tested didn't send any PII, other builds may, maybe depending on the version of the lowi service and the features enabled by the OEM (You have basic / premium feature settings), but in any case, I'm not even sure it would count as a GDPR violation, because that data by itself can't be used as PII for a specific "person".They may be able to identify a device from the imei/iccid, but from the collected data they can't tie it to a particular person when 1/2
(DIR) Post #AV2phv0As3pC4fiu80 by biktorgj@fosstodon.org
2023-04-26T12:42:35Z
0 likes, 0 repeats
@troed downloading a provisioning file. When actively using the Assisted GPS, especially with wlan scanning, they could build a profile of the location for that user, but that's the same for Qualcomm, Apple, Mozilla NLP or any other service. They still wouldn't know your name from all that. I am not a lawyer though, so I could be wrong on that :)
(DIR) Post #AV2qOvl9vfUysQD4Uq by biktorgj@fosstodon.org
2023-04-26T13:14:27Z
0 likes, 0 repeats
@troed Well, they get the IP address because you connect to their servers, but do we know if they store it? Any company out of Europe would be in violation of the GDPR then if their servers logged the queries, so a little hard to enforce. I don't know fairphone/sony specifics, but for sure my Oneplus, when it was running stock, had a privacy policy from Qualcomm available in the about section. I've never read it though, so no idea if it included it :)1/2
(DIR) Post #AV8wblxdRAdQvNJNrM by biktorgj@fosstodon.org
2023-04-29T11:16:27Z
0 likes, 1 repeats
@nitrokey @chrichri @martijnbraam The problem is, your phone has the same binaries for izat as everyone with a qualcomm from Alcatel to ZTE. And it's OK,this is all part of Qcom SDK and unless you RE'ng all of it you must keep it in place so the phone works as a phone.But accusing others with something that their ODM provides when you are using the same stuff seems unethical.These snaps are from the vendor partition in grapheneOS for the Sunfish (Pixel 4a)https://releases.grapheneos.org/sunfish-factory-2023041100.zip
(DIR) Post #AV8wbmpsBW1JdaghOq by biktorgj@fosstodon.org
2023-04-29T11:26:48Z
0 likes, 1 repeats
@nitrokey @chrichri @martijnbraam And even if grapheneOS has them bundled but doesn't actually use them (which wouldn't make much sense but I don't have the hw),the point still stands.Complain about Qualcomm not being transparent enough, but don't talk shit about other phone makers when it's someone else who wrote that piece of software, just to scrap some sales, I'm sure you can find better ways to show your phone is better for privacy than others without resorting to articles written like that