Hello Shift-Phones team, I am a big fan of your work and the philosophy behind your products. In times when authorities are increasingly trying to gain permanent access to chat histories and other personal data, protecting users' privacy is becoming more important. Especially in light of measures such as the use of state trojans and other surveillance tools, I am growing concerned about my personal data sovereignty. Therefore, I would like to inquire whether it would be possible to integrate a kill switch in future models of Shift-Phones. Such a switch would allow the phone to go completely offline, similar to what is the case with the Librem 5, for example. This would not only strengthen trust in your products but also clearly position them in favor of users' privacy. Personally, I find this feature very cool, and it could be the decisive factor that motivates me to purchase a Shift-Phone. It would be great to know if you could consider this idea.
Thank you very much and best regards
The SHIFTphone 8 will have kill switches for camera and microphone that work at the hardware level.
We have not integrated switches for BT/Modem/WiFi and they can only be deactivated via software.
The SHIFTphone 8 will have kill switches for the camera and microphone that work at the hardware level.
We have not integrated switches for BT/modem/WiFi and they can only be deactivated via software.
Thank you very much for the prompt feedback and the information that the SHIFTphone 8 will have kill switches for the camera and microphone at the hardware level. I would very much like the kill switch for mobile data, Bluetooth, and Wi-Fi to also function at the hardware level. The reason for this is that software-based deactivations can potentially have security vulnerabilities and could theoretically be bypassed. Is there a technical barrier preventing such a kill switch from being able to deactivate all these components? It would be great to find out if there are ways to integrate this functionality in the future.
Last edited: 5 June 2024
Is there a technical hurdle preventing such a kill switch from being able to deactivate all these components? It would be great to find out if there are ways to integrate this functionality in the future.
Yes, we use SoCs from Qualcomm, which would require major changes to implement such functions. This was too big of a topic for the SHIFTphone 8, and we want to approach it step by step first.
Depending on the feedback on the camera and microphone kill switches, we will expand in that area.
Reactions: privacy
Hello,
The PinePhone has five kill switches, each for camera, microphone, Wi-Fi, Bluetooth, and mobile data.
Deeper knowledge of Linux is recommended when making a purchase.
Wobei man natürlich auch Abschirmende Hüllen nehmen kann um die Funksignale einzudämmen.
Mal schaun wie sich der Verkauf vom Shift8 entwickelt und wieviel Geld und Ressourcen für Nachfolger dann bereitstehen
Hello,
the PinePhone has five kill switches, each for camera, microphone, Wi-Fi, Bluetooth, and mobile data.
Deeper knowledge of Linux is recommended when making a purchase.
Hi Arthur,
From my experience, I can say that the PinePhone is a nice idea, but I really don't like the implementation. With the SHIFTphone, I see great potential. If it really succeeds in deactivating the components individually, the phone has extremely high potential in the security sector. As a manufacturer, I wouldn't miss this opportunity, especially because there are many security enthusiasts. Purism and PinePhone are good examples of how great the interest in such features is. If the phone should enter the international market, I can almost guarantee that sales figures will explode.
Wobei man natürlich auch Abschirmende Hüllen nehmen kann um die Funksignale einzudämmen.
Mal schaun wie sich der Verkauf vom Shift8 entwickelt und wieviel Geld und Ressourcen für Nachfolger dann bereitstehen
Schöne Idee aber löst das eigentliche Problem nicht 
Ich bin auch sehr gespannt, ob es beim übernächsten Modell vielleicht ShiftPhone 9 Integriert wird, das wäre der absolute Knüller
Schöne Idee aber löst das eigentliche Problem nicht
How is the actual problem defined? The utility of a device without an external wireless connection is relatively limited, and the question of whether I should still hold it in my hand on occasions where there is no external connection further limits the opportunities.
How is the actual problem defined? The utility of a device without an external wireless connection is relatively limited, and the question of whether I should still hold it in my hand on occasions where there is no external connection further restricts the opportunities.
The central problem is that users of mobile devices cannot always ensure that their data transmission is completely deactivated when they wish. The standard method, such as disabling mobile data through software settings, may not be sufficient as some applications or malicious programs can bypass these settings. This leads to unwanted data collection and transmission, resulting in user data being stored unauthorized in databases and movement profiles being created (Trojans).
Last edited: 8 June 2024
In Android, you have displays and permissions for sensors and, depending on the operating system, also data transmission. If you can't trust the operating system and the applications, you basically have a problem. I can't make phone calls, surf the internet, or listen to music on the go without a wireless connection. Then I might as well put the device in a radio-opaque case or leave it at home, or as recommended by Shift, remove the battery to truly turn it off.
Then no intelligence service and no mobile phone provider can triangulate my approximate location. Rather pay attention to not granting any application rights to location functions it does not need and where there is advertising. Be cautious about where the applications come from. Encrypt your data, pay attention to your phone. Object to Utiq and other actions where providers want to collect data. Stand up against data retention. There are better ways to do something than turning your device into a useless brick.
Wer das möchte kann auch eine der obigen Möglichkeiten nutzen und braucht keine Schalter
Man hat in Android Anzeigen und Berechtigungen für Sensoren und je nach Betriebssystem auch Datenübertragung. Wenn man dem Betriebssystem und dem Anwendungen nicht vertrauen kann, hat man grundsätzlich ein Problem. Ich kann ohne Funk Verbindung nicht telefonieren, nicht im Internet Surfen und ich kann keine Musik hören unterwegs. Dann kann ich das Gerät auch gleich in eine Funk Dichte Hülle legen oder zu Hause lassen oder wie von Shift empfohlen den Akku rausnehmen um es wirklich auszuschalten.
Dann kann kein Geheimdienst und kein Mobilfunk Provider meinen ungefähren Standort triangulieren. Achtet doch lieber darauf keiner Anwendung Rechte auf Ortungsfunktionen zu geben die sie nicht braucht und wo Werbung drin ist. Lasst Vorsicht walten woher die Anwendungen kommen. Verschlüsselt eure Daten, achtet auf euer Telefon. Wiederspruch einlegen bei Utiq und anderen Aktionen wo Provider Daten Sammeln wollen. Setzt euch gegen Vorratsdatenspeicherung ein. Es gibt bessere Möglichkeiten etwas zu tun als sein Gerät in einen nutzlosen Backstein zu verwandeln.
Wer das möchte kann auch eine der obigen Möglichkeiten nutzen und braucht keine Schalter
I understand your arguments and agree with you that caution in handling permissions and the origin of apps is important. Nevertheless, there are some reasons why a hardware killswitch can be a useful addition:
- Absolute Security: A hardware kill switch provides a definitive separation of power supply to specific components (e.g. microphone, camera, radio modules). Unlike software solutions, no error or backdoor can bypass the separation. This provides an additional level of security that cannot be achieved by software alone.
- Independence from the operating system: Even if one trusts the operating system or certain applications, there is always the risk of exploits or security vulnerabilities. A hardware killswitch remains unaffected by this and provides protection regardless of the software level.
- Usability: A hardware kill switch can be operated easily and quickly without having to navigate menus or use special apps. This is particularly helpful in situations where quick action is required.
- Practicability: A killswitch allows certain functions to be temporarily disabled without completely shutting down the device or placing it in a Faraday cage. You remain reachable and can use basic functions while certain sensors or radio modules are safely deactivated.
- Enhanced Control: A hardware kill switch gives users the ability to maintain control over their devices in a way that goes beyond software settings. It is an additional tool in the privacy arsenal that proves particularly useful for security-conscious users and in sensitive environments.
Ultimately, it is about finding a balance between security and usability. A hardware killswitch is not a substitute for good security practices, but a valuable addition that provides an additional layer of protection.
The affected modems and receivers are part of the main chip (system-on-chip) and cannot be addressed separately. To enable this, the circuits would need to be redesigned, which is not possible for a mass-produced product - especially for a relatively small customer like shift. Google has also removed similar functions from Android, which makes me think that it is not desired by the manufacturer's side (and \[tin foil hat\] legal regulation? at least in China definitely) that these radio adapters can be turned off.
I understand your arguments and agree with you that caution in handling permissions and the origin of apps is important. Nevertheless, there are several reasons why a hardware killswitch can be a valuable addition:
Absolute Security: A hardware killswitch provides a definitive separation of power supply to specific components (e.g. microphone, camera, radio modules). Unlike software solutions, no error or backdoor can bypass the separation. This provides an additional level of security that cannot be achieved by software alone.
Independence from the Operating System: Even if one trusts the operating system or certain applications, there is always the risk of exploits or security vulnerabilities. A hardware killswitch remains unaffected by this and offers protection regardless of the software level.
User-Friendliness: A hardware killswitch can be operated easily and quickly without having to navigate menus or use special apps. This is particularly helpful in situations where quick action is required.
Practicality: A killswitch allows certain functions to be temporarily disabled without having to completely shut down the device or put it in a Faraday cage. One remains reachable and can use basic functions while certain sensors or radio modules are securely deactivated.
Enhanced Control: A hardware killswitch gives users the ability to maintain control over their devices in a way that goes beyond software settings. It is an additional tool in the privacy arsenal, particularly useful for security-conscious users and in sensitive environments.
Ultimately, it is about finding a balance between security and usability. A hardware killswitch is not a substitute for good security practices but a valuable addition that provides an additional layer of protection.
I'm totally with you. Corresponding external hardware kill switches would be a great thing and have absolutely nothing to do with turning a smartphone into a 'useless brick'.
Regarding mobile communications, it will probably be difficult, but if it works on the outside at least for the camera/microphone in later models - preferably even more - that would also be a strong reason for me to support Shiftphone.