More to the point, the FCC will not approve open source radio drivers. Your baseband will either be closed and under the control of your carrier and various government spies or it will be illegal in the USA.

The official reason is that open source radio firmware would be too easy to alter to violate FCC regulations on power, frequency band, and such. It's the same reason that non-proprietary antenna connectors are mostly prohibited.

Is this actually true? I've seen this repeated in many comments over a decade, and whenever it's researched it turns out there is no basis for it.

The usual conclusion is that the manufacturer claims that they cannot allow open access to their radio because of licensing restrictions, but that no restriction actually exists. It's a lazy way for them not to bother.

No it isn't, well not in the US anyway.

You can buy a board from Ettus Research and write your own baseband software. The trick is that you need a license to operate a radio at those frequencies, if you buy a phone you get to tag along on the phone company's license because they have made sure that you can't do anything that they didn't show the FCC they could do. If you have an Ettus board and you want to run a base station or an edge device you need to get a license from the FCC to use it.

Strictly speaking, the phone company could have an "open source"[0] baseband stack and they would need to provide some way for the phone to know that it is running the approved version. And that is where it gets tricky, how do you do that? You could provide some sort of EFI type signature on the baseband bits that proved they were the right bits, and you could provide instructions on how to compile to exactly those bits, and while that would help folks understand what could and could not be done with the firmware it wouldn't help them fix problems. And of course people would scour it for vulnerabilities. So we're left with the current situation.

If you're interested in playing around with radio stuff though it is pretty straight forward to get an amateur operators license and a Gnu radio kit and start exploring.

[0] -- Not 'freely licensed' so much as 'you can read the source code, and it is compilable from source'.

You would still have to trust the manufacturer that it didn't implement fake reporting of well-known signature while in fact using something different. Pointless.

Well there ARE FCC restrictions on what frequencies you're allowed to transmit on. Most frequencies are "owned" by someone that has the right to transmit cell phone, radio, television, or other data across them. You may recall, for example, that there was a big bidding war several years ago when some of the old UHF bands were sold off. There are some open frequencies which you're allowed to broadcast without a license on, these are the ones that your cordless house phone and such will transmit on. Whether or not this is a legitimate reason for the closed source antenna code is beyond my scope of knowledge.

Maybe it is, maybe it isn't, but it certainly seems like the very first thing anybody who installs dd-wrt does is increase the Tx power tenfold.

That's funny. One of the first things I did was turn mine way down.

what good is such increase, if client (un-altered, standard Tx power) devices will hear router from afar, but router will not hear their replies from the same distance?

I think the truth lies somewhere in between, so you'll never find an explicit 'basis' - manufacturers are worried that publishing radio source code and encouraging open access will subject them to FCC requirements for any possible "end user modification" rather than just for the straightforward simple behavior they've programmed.

If they don't approve, could we still use them? I mean, they could hardly check people for proper radio driver if they behave, or could they?

We will never know, as the baseband driver is not free ;)

I belive in you creative, skilled guys to find a way someday ;)

Yeap. BUT between trashing your phone and filling it with proprietary apps there is a huge gap. This is what this post is about. I don't claim you'll get ultimate privacy. I'm sure that most people reading my post or commenting here are using a smartphone.

Well the post mentioned NSA several times as a motivation for those privacy changes. But the NSA can "talk" to cell operators, and cell operators can talk to baseband chips, and baseband chips can "talk" (DMA) to the rest of your phone, so let's be explicit here: this will not protect you from intelligence agencies / state actors. This only might protect you from overly targeted ads.

True, but NSA is mentioned just because it made these discussions more vivid and relevant over the last months. The post doesn't claim that you get an NSA-proof phone. I don't think such thing exists.

Not sure if you really did this by accident, or if you're playing dumb, but the article does sound like claiming it'll make a phone NSA-safe. Yeah, now that you said so, I notice that it doesn't explicitly claim so, but first paragraphs are sure sprinkled with the name; if you really cared about the reader's safety, it would be responsible then to explicitly state that this advice does not protect against NSA.

Well, if you already mention the NSA to make discussion "more relevant" to recent events (which were about... NSA surveillance), then it would be also good to mention that the advice from your article are not meant to secure you from the NSA :).

It's good for people to know exactly how much security they get by following particular advice :).

Just like Private Browsing Modes in Chrome/Firefox tell you that they won't protect from agents.

I mention NSA to point out that you should at least avoid Companies that cooperate with them. Nothing more, nothing less.

What, like your phone company? Hmmmmm...

Agree, but when discussing privacy/anonymity it would be good if people talked more explicitly about the end result. Because most of the solutions that "will improve your privacy" and/or "security" will do so only against targeted ads and technically inept stalkers. Without calling out limits to which the solution improves our "privacy", we're just creating false sense of security in people.

The real question is, would there be demand for it?

Is there any reason in particular that Twitter is one of the apps that you're putting on your ideal privacy-phone? I would've imagined that stuff like http://dcurt.is/twitter-is-tracking-you-on-the-web would would put them in the same boat as the other services that were rejected.

In theory , for phones with cortex-a15 cpu, one could use ARMORED[1] , which encrypts the content of ram, with keys saved outside the reach of the baseband, inside registers. But still, CPU backdoors are possibility.

[1]http://www1.informatik.uni-erlangen.de/filepool/projects/arm...

I agree, but I think the value of such initiatives is the awereness it brings to the table _and_ the implications of that to manufacturers, that is, the fact that an increasing number of people may care for privacy. Your point certainly adds to the discussion, but we have to start somewhere.

Free-restricted is a spectrum. You shouldn't dismiss people's effort to move toward the free end. Rome was not built in a day. May be one day grid will help us get rid off carriers.

There's a closed-source firmware running on your PC mainboard, HDD/SSD/SD card, mouse, keyboard, GPU, Ethernet card...

All of it can be rather nefarious. Get rid of the PC? (or simply use phones which connect their modems as a peripherals and implement monitoring, like Neo900, not as a master with DMA as most phones today do)

Same goes for your computer. You'd be surprised at what's running in your North & South bridges

Even if you had open source baseband firmware, the NSA is still willing and able to impersonate and/or infiltrate cellular operators sufficiently to listen to just about any cellphone conversation it wants to.

It's still useful for tablets. There could be other back doors, but, without a PLMN-connected radio it will be harder to find you in order to backdoor you.

Exactly my thought!