Notices

I'm not paranoid........... who said I am?

Wow, I had my suspicions about that app. do you have a link to a source on the claims?

From what I know, imhere was using an account owned by the developer in a Polish mail server to forward massages from all mobiles.

Nobody confirmed ever a misuse of the data. The developer disappeared leaving a broken and closed source version in devel that many had problem unistalling.

Since N900 uses deb-packages and not GPG-signed rpm-packages, and people, even and because even developers install software just by wget'ing it and 'dpkg -i'ing it without any way checking the authenticity of the package
and
because there is tools like DNS-spoof and Mallory,
I think almost all N900 users are backdoored long ago.

Sadly, I think, all Linux-users also.
There is an interest, it is cost-effective for the 3 letter agencies and there is examples.

It would be quite huge job to check there is no well hidden Thompson Trojan's in Linux (and Maemo) -code.

Anyway, after these "few" beers :-), I think everything Google knows, knows also these infamous three letter agencies. Information is power and it is never deleted. It is hard to find services or people who wouldn't be connected to Google somehow nowadays and it is practically impossible to stay anonymous in Internet.

The FBI thinks so too...

edit: zimon beat me to it by like 12 minutes.

There are other backdoors supposedly out there, I've always wondered about one that was surrounding the Unix BIND libraries - there seemed to be something around that area that was once questioned, then disappeared back in the early 2000's.

OPEN YOUR EYES, PEOPLE!

I would think if enough demand is there we could do what the others won't or can't ... make a firewall app. Then of course you can be as closed off as you want and would know when the snitch runs for another company with your personal information.

That's the true beauty of the N900

Nailed it there.

<Rather than pointlessly b1tch, moan and complain that
the n900 is compromised and not worth the effort>
An app could be created to address the issue.

I would guess that this could never be done completely
on an iPhone or an Android because backdoor comms
are probably invisible to apps inside their prisoncells.

The n900 could have just such an app to blockade
or at least inform the owner of any nasties being broadcast.

I thought wireshark would be able to show anything being sent,
perhaps there would be an easier way though,
since you would not necessarily need to listen to
anything other than outgoing messages.
For the truly paranoid it might be necessary to do some kind of
traffic monitoring on the inputs to the GSM hardware
to make sure there is nothing extra being generated
beyond what the system network actually generates.
Wish my broken unit was healed so I could check on this..

The start would be if developers would start to GPG-sign their packages with debsig.

Then at least there would be some traces where the backdoor or other type of Trojan horse came from.

It is a fact, people has and will be installing deb-packages also out of apt-repositories.

And we could have something else in /etc/dpkg/dpkg.cfg
Meego will hopefully fix this problem with rpm-package system, which usually has signed packages granted.