Once again N900 apps win!
 

Take a look at this article

http://online.wsj.com/article/SB1000....html?mod=e2fb


In short it says how a lot of apps misuse data and share personal details about smartphone users without their consent.

Only incident that we had was My Nokia introduced in PR 1.2 but that not very serious since info went to Nokia only and it didnt even work in some countries.

Hence, OPEN source RULEZ and N900 is still the best :D

Re: Once again N900 apps win!
 

Only incident... as far as you know. That's kind of the whole POINT of surreptitiousness. Considering the plethora of closed-source portions (despite all the puffery about being open), how do you know there isn't more going on?

Re: Once again N900 apps win!
 

It's a conspiracy...

Re: Once again N900 apps win!
 

Just because you're paranoid doesn't mean they're not out to get you.

Re: Once again N900 apps win!
 

what about the anti-theft app that was sending data to a russian email address? and the maintainer was nowhere to be seen when people found out and wanted to ask a few questions about that...

Re: Once again N900 apps win!
 

That was for the N900?

Re: Once again N900 apps win!
 

i believe it was iamhere, which i actually had installed. as always, i may be wrong.

Re: Once again N900 apps win!
 

Since we are going with the "not mentioned so it wins" -approach, and I didn't see WebOS mentioned in the article either, I'm going to say WebOS rules.

WSJ didn't say anything about Windows Mobile either so maybe this is a Maemo/WebOS/Windows threesome?

End sarcasm.

Re: Once again N900 apps win!
 

Practical use of this would be to conceptualize a framework for detecting eavesdropping/spying by applications and incorporating it into an application to run on the N900 to monitor for the behavior.

The story states:
I suppose something could monitor for outgoing identifiable data, & blacklist ad sites. Choking Google off is more problematic, as exceptions would have to be made for apps which send location data to Google maps, etc.

Re: Once again N900 apps win!
 

I would suggest the opposite firewall: blacklist sites by default, white-list sites you use and trust. It might be a bit tiresome (when browser refuses to open a website until it's white-listed), but you will get no advertisements at all.

Re: Once again N900 apps win!
 

I'm not paranoid........... who said I am?

Re: Once again N900 apps win!
 

Wow, I had my suspicions about that app. do you have a link to a source on the claims?

Re: Once again N900 apps win!
 

From what I know, imhere was using an account owned by the developer in a Polish mail server to forward massages from all mobiles.

Nobody confirmed ever a misuse of the data. The developer disappeared leaving a broken and closed source version in devel that many had problem unistalling.

Re: Once again N900 apps win!
 

Since N900 uses deb-packages and not GPG-signed rpm-packages, and people, even and because even developers install software just by wget'ing it and 'dpkg -i'ing it without any way checking the authenticity of the package
and
because there is tools like DNS-spoof and Mallory,
I think almost all N900 users are backdoored long ago.

Sadly, I think, all Linux-users also.
There is an interest, it is cost-effective for the 3 letter agencies and there is examples.

It would be quite huge job to check there is no well hidden Thompson Trojan's in Linux (and Maemo) -code.

Anyway, after these "few" beers :-), I think everything Google knows, knows also these infamous three letter agencies. Information is power and it is never deleted. It is hard to find services or people who wouldn't be connected to Google somehow nowadays and it is practically impossible to stay anonymous in Internet.

Re: Once again N900 apps win!
 

The FBI thinks so too...

edit: zimon beat me to it by like 12 minutes.

There are other backdoors supposedly out there, I've always wondered about one that was surrounding the Unix BIND libraries - there seemed to be something around that area that was once questioned, then disappeared back in the early 2000's.

Re: Once again N900 apps win!
 

Re: Once again N900 apps win!
 

I would think if enough demand is there we could do what the others won't or can't ... make a firewall app. Then of course you can be as closed off as you want and would know when the snitch runs for another company with your personal information.

That's the true beauty of the N900

Re: Once again N900 apps win!
 

Nailed it there.

<Rather than pointlessly b1tch, moan and complain that
the n900 is compromised and not worth the effort>
An app could be created to address the issue.

I would guess that this could never be done completely
on an iPhone or an Android because backdoor comms
are probably invisible to apps inside their prisoncells.

The n900 could have just such an app to blockade
or at least inform the owner of any nasties being broadcast.

I thought wireshark would be able to show anything being sent,
perhaps there would be an easier way though,
since you would not necessarily need to listen to
anything other than outgoing messages.
For the truly paranoid it might be necessary to do some kind of
traffic monitoring on the inputs to the GSM hardware
to make sure there is nothing extra being generated
beyond what the system network actually generates.
Wish my broken unit was healed so I could check on this..:(

Re: Once again N900 apps win!
 

The start would be if developers would start to GPG-sign their packages with debsig.

Then at least there would be some traces where the backdoor or other type of Trojan horse came from.

It is a fact, people has and will be installing deb-packages also out of apt-repositories.

And we could have something else in /etc/dpkg/dpkg.cfg
Meego will hopefully fix this problem with rpm-package system, which usually has signed packages granted.