Raspberry Pi and spyware

[Bongocat]

Google isn't giving me much of anything on this, even when searching through specific sites. Though, google's core product is so neutered these days that it's hard to know if that's intentional or not. Other search engines don't pull up much either.

People on this site seem to be particularly spyware/telemetry conscious (for good and obvious reasons). I was wondering if there have been red flags/telemetry concerns with raspberry pi or raspbian in general. A lot of people here have pointed out to me that despite Brave being a 'privacy oriented browser', there's still a lot of creepy telemetry, even if you can opt out. Has anybody raised concerns about similar stuff on Raspbian?

 

[cjöcker]

just use arch

 

[AmpleApricots]

The PI needs proprietary software to even boot the GPU which in turn controls the ARM cores IIRC. What's in that software is anyones guess. I heard there's a free stack but a quick google didn't tell me anything about it's usefulness. All ARM SoCs really share that problem to some degree besides some of the very old SoCs. I mention this specifically because they are often advertised as "open source" because somebody uploaded the Gerber files of the PCB or some ancient 3.x linux kernel somewhere. If you think free, blob- and potentially backdoorless besides some very very few and old exceptions, don't think "ARM". It's in no sense better than what's going on in the x86 World. Sometimes even worse.

Nobody will be able to give you a serious, well-researched answer if some government or three-letter-agency has implemented a hidden backdoor in some popular userland software or maybe the Linux kernel itself. The reason is that this software is way too complicated and in the hands of too many people to reasonably vet. Attempts have been known. Not surprisingly, getting a backdoor in e.g. the kernel is a low risk/big reward thing for a big gov. player.

If you're concerned, stay offline. If that's not good enough (wtf are you doing) look for older and more simple systems.

 

[Sam Losco]

You don't have to use Raspbian.

 

[Pee Cola]

If you're that concerned about privacy on a RPi, try a non-Linux OS on it. I'd be inclined to try RISC OS (arguably the purest of all RPi OSs), but I'm pretty there's at least one *BSD for the RPi.

 

[Trans Fat 41g]

What hasn't been compromised eventually will be. Just don't keep everything on an active device you main.

 

[Never Scored]

Full disclosure: I am a huge fan of the products the Raspberry Pi foundation produces and am biased.

I've read that there is proprietary code that is executed on boot and no one knows quite what it is similar to @AmpleApricots. I have to be honest, I trust the Raspberry Pi Foundation more than I trust Intel and whatever's on the Pi's SOC can't be any worse than Intel's shit with a full version of Minix baked into every processor.

I don't think the Pi itself phones home. I have a Pi 3B, 3B+, Zero, Zero W, 4 and 400 all for different shit and I casually monitor my network traffic but have not personally seen any evidence of any of them phoning home. Given all that, it would seem to me that there is no continuous remote data collection happening as is present in say, Mac OS or Windows. It is possible the Raspberry Pi foundation takes the time and money to bake some kind hidden chip that connects to cell-phone networks and phones home, but this seems like an unrealistic amount of effort and money to monitor $50 board that most people use to play old Nintendo games. Even in shit like smart phones which spy on you a lot, that stuff seems to be generally rolled into the OS as opposed to being built right into the hardware and then they lock the boot-loader to prevent you from changing the OS, as opposed to implementing some secret OS that independently connects to a network and sends away data on you.

I think if there is something nefarious in the propitiatory code it's more likely some kind of backdoor a law enforcement agency can use to access your device in person after arresting you for a serious crime and seizing it. I would actually bet every piece of hardware and OS still actively maintained outside maybe BSD has something like that built into it. So you might say, "But Never Scored, what if leftists get in office and change free speech laws to the point where my Pi seized and they use a back door to prove my internet post history and indict me." If it gets to that point my advice would be to maybe forget about the internet and maybe take up fishing.

 

[Bongocat]

I've been doing some investigation, and it turns out that RPi is really not appropriate for what I was wanting to do anyway for a myriad of reasons. I think what I'll do instead is shift some more appropriate tasks to it and use a laptop that gets freed up from that.