Savez-vous vraiment comment est fabriqué votre smartphone? Vous connaissez à coup sûr le nom des grandes marques (de Samsung à Apple, en passant par Huawei, Motorola ou OnePlus), vous n'ignorez sans doute pas que l'assemblage est généralement effectué en Asie et vous vous doutez que les composants en plastique et métaux rares polluent la planète.

Motivation and challenges building a mobile phone that respects your freedom, privacy and digital rights - and is hackable. This talk will present a summary of a two year journey, which is still ongoing.

Today mobile phones are the computing device of the decade, maybe even of this century. Almost everyone carries one, every day to every place. They are pretty much always connected and we entrust almost our entire digital life to them - any form of communication (voice, text, video), all kinds of entertainment (reading, web surfing, video/movies), personal information (address books, social media), location (navigation, location sharing) etc. Pretty much our entire digital life is mirrored by these devices and to a growing extent happening right on them.
What is often not fully recognized is that this huge ecosystem of mobile hard- and software is controlled by only a very few globe spanning companies. Our digital life is to a large part controlled by these companies and currently there is little way around them.

This talk will present the experiences we had and have in this industry creating a mobile phone that is running 100% free software, respects the user's digital rights and gives back full control over data and communication to the user - by separating radios from the main CPU, by providing hardware kill switches and by using only free software for the full stack. We will also talk about the huge challenges encountered, from CPU choice to radio choice up through the software stack. It will also share our approaches to solve these challenges and share experience in working with hardware manufacturing companies (globally), from electronics design to product manufacturing.

via @wongmjane

Facebook scans system libraries from their Android app user’s phone in the background and uploads them to their server
This is called "Global Library Collector" at Facebook, known as "GLC" in app’s code
It periodically uploads metadata of system libraries to the server

There doesn’t seem to be an opt-out option for Facebook Global Library Collector, nor does it not seem to be possible to view what they have >uploaded from our devices

Not sure what’s the purpose of GLC, but I guess it can be used for determining system integrity, compatibility

When I came across this, the optimist in me thinks this is an unorthodox way to gather data for debugging, optimizations, sec, etc

Somewhere in my mind thinks this is a little off

Thank you for pointing out the aspects I didn't think of before! This is certainly a can of worm..

If GLC is created to help to make the app runs better, I think an engineering blog explaining GLC, or other ways to transparently elaborate what Facebook app can collect could clear up some speculations :)

Even better, it will be reassuring to provide an opt-out option from GLC

Pas vu de confirmation, une seule source pour le moment.

Une photo sur Facebook, un mot-clé dans un moteur de recherche, un achat dans une boutique en ligne, un trajet en voiture en VTC, etc. Sur Internet, via votre ordinateur, votre smartphone ou vos objets connectés, vous communiquez chaque jour des dizaines d’informations sur vous – nom, photographie, coordonnées, numéro de Sécurité sociale… – et sur vos habitudes de consommation.

OK, then why is everyone saying it’s hard ?

The first reason, is because no one claims otherwise and, since Big Mailer Corps benefits from this situation, they’re not going to contradict it either. Big Mailer Corps BENEFIT from the myth that mail is hard as this means more people rely on them, they control more of the e-mail address space, and this translates to more e-mails being analyzed for targeted advertisement. The more people are discouraged, the more people will eventually subscribe to their services, and since they already control a large share, they can make mail slighly more difficult by making their requirements higher (harder, not hard). This is not something they do in some kind of conspiracy, this is just the result of them obtaining more power because people stay away from self hosting.

Another reason is because it used to be hard a long time ago. People got traumatized by how hard it was to not screw up and never reevaluated the situation. Some people today genuinely discourage other people from running their mail server, citing the very real difficulties they faced over a decade ago, far before some of today’s tools even existed.

And finally, another reason is that people keep repeating it without actually trying themselves. I know this for a fact because people have been telling me that mail is hard for the last ten years, and for the last ten years I asked what they found hard in order to try improving the situation. A VAST majority of these people confessed that they never actually tried: they read or heard that mail was hard, often from a source they trusted, then accepted that claim and started telling others that mail was hard. We can’t really blame them when that myth has been around for so long, if I had no previous knowledge of mail and did a quick search today to find out how to setup my server, I might just decide not to do it given how difficult it seems from reading others.

Le rapport est pourtant avare de détails, notamment techniques, sur le mode de fonctionnement exact du logiciel. A-t-il détecté par erreur des personnes qui n’étaient pas recherchées, ce qu’on appelle un « faux positif », l’un des principaux défauts de cette technologie ? A-t-il manqué dans la foule une personne pourtant recherchée ? Qu’a-t-il été fait des données biométriques (captation du visage des 5 000 participants) à l’issue de l’expérience ?