This isn’t even an issue from Fairphone’s perspective. […] and even those issues that do exist are fringe cases that consumers do not care about.
There are no issues but those that exist are not important?
there is nothing actually wrong with Fairphone devices from a security perspective compared to the majority of its competitors
Update speed is a major issue and Fairphone is not great at it either. Yeah, it is not the worst offender, but that does not mean that it is good.
people new to this space think it is the only solution to stock Android’s privacy issues
The other solution is not to use Android, but that brings a lot of new problems. That being said, which other rom is on equal footing with Graphene? I am not aware of one. Even if you differentiate between privacy and security: most degoogled roms still connect to google servers - for SUPL, connectivy checks, NTP, etc and that is unnecessary. For security we can basically just reduce it to update time which is atrocious in all of Android Roms with the exception of GrapheneOS. e/os/, the other preinstalled option for fairphone, is especially bad when it comes to this with updates lagging weeks to months behind in critical security updates. It also advertises as “fully degoogled” which simply is not true when it still connects to google servers.
And then we get comments lile yours that frame GrapheneOS on Fairphone as an achievable and realistic thing that could happen with better communication, even though neither party is interested in pursuing that.
So? I’m aware that my hypothetical idea is not the reality. But what hinders it from becoming the reality? As far as I am aware the humans behind each organization have mouths and ears, no?
There are no issues but those that exist are not important?
I’m not sure if you just didn’t read my reply properly or if you’re engaging in bad faith here but you’ve just stitched the first sentence of a paragraph and half of the last sentence of a paragraph together as if they’re related when they clearly aren’t. One is referring to the non-existent issue (from Fairphone’s perspective as clearly stated) of lack of GrapheneOS support, in direct response to you. The other is referring to the perceived security issues with Fairphone devices referenced in the article, and this is clearly stated in the first half of the same sentence which you decided to cut for some reason.
Update speed is a major issue and Fairphone is not great at it either. Yeah, it is not the worst offender, but that does not mean that it is good.
Nice strawman but I never said it was good. Again, respond in full instead of cherrypicking half a sentence. “Slow” updates compared to a Pixel is obviously not a problem considering Google has a minority market share and many people do not even bother to update their phone regularly. It is a fringe issue that is irrelevant to most.
That being said, which other rom is on equal footing with Graphene?
It doesn’t matter whether they’re equal to GrapheneOS. Like I said, if you are new to this space and don’t know anything then you think you need GrapheneOS because an influencer told you “iTs tHe bEsT oNe” and you looked at a comparison chart where it had the most green rows in its column. In reality many of its unique features and differences are well beyond the requirements of most people simply looking to reduce the amount of information big tech holds on them. Threat modelling exists for a reason but unfortunately many people burn out and return to big tech because they listen to bad advice from morons instead of thinking for themselves.
These projects don’t need to be identical to each other, and in fact it’s actually very healthy for the ecosystem and movement if they have differing feature sets and goals. Your utopian dream of GrapheneOS having a market monopoly is a terrible idea because it assumes the people in control are mentally stable and that nothing will ever go wrong, which we already know is a completely unrealistic assumption to have because Micay exists and Google just made custom ROM development much harder for Pixels.
So? I’m aware that my hypothetical idea is not the reality. But what hinders it from becoming the reality? As far as I am aware the humans behind each organization have mouths and ears, no?
Fairphone has zero interest in GrapheneOS and vice versa. Pretending that the only hindrance to this fictional collaboration is a lack of communication is delusional.
I’m not sure if you just didn’t read my reply properly or if you’re engaging in bad faith here but you’ve just stitched the first sentence of a paragraph and half of the last sentence of a paragraph together as if they’re related when they clearly aren’t.
Nah, just thought the phrasing of your first paragraph was fun.
Nice strawman but I never said it was good. Again, respond in full instead of cherrypicking half a sentence. “Slow” updates compared to a Pixel is obviously not a problem considering Google has a minority market share and many people do not even bother to update their phone regularly. It is a fringe issue that is irrelevant to most.
You are introducing your own strawman? I mean the point was: “there is nothing actually wrong with Fairphone devices from a security perspective compared to the majority of its competitors” when clearly there is. Slow security updates are a problem, plaguing basically all of Android. I never stated that you said it was good, but the reality is that Fairphone as well as most other brands are simply bad to awful. Or to get metaphorical: When all competitors drink from the toilet it isn’t a big flex that Fairphone sometimes flushes before doing so - maybe nobody should drink from the toilet.
This might be a fringe issue to most, but I’d argue that most don’t understand the importance of security updates. “Normal people” have no clue what fixing a critical CVE means, and that is absolutely valid as long as they memorize “Fast Security Updates = Good”. Security does not care if people think it is relevant.
It doesn’t matter whether they’re equal to GrapheneOS. Like I said, if you are new to this space and don’t know anything then you think you need GrapheneOS because an influencer told you “iTs tHe bEsT oNe” and you looked at a comparison chart where it had the most green rows in its column. In reality many of its unique features and differences are well beyond the requirements of most people simply looking to reduce the amount of information big tech holds on them. Threat modelling exists for a reason but unfortunately many people burn out and return to big tech because they listen to bad advice from morons instead of thinking for themselves.
Many users who are new to privacy don’t yet know what threats or concerns may affect them now or in the future. Starting with a strong foundation like GrapheneOS doesn’t hurt and can prevent regrettable privacy mistakes later on. Hardened malloc, exec-spawn restrictions, and extensive SELinux policy were designed for high-risk adversaries, yet they also block run-of-the-mill malware and abusive trackers that target average users. Features like per-app network access or verifiable builds address risks some dismiss as unlikely until they occur. Proactive measures often look excessive to those unaware of attack vectors.
As for reducing the amount of information big tech holds: Pretty much every privacy-focused ROM is better than stock Android. But that still does not make them as secure or as private - and as I said, there are some trivialities like changing the URL of the ConnectivityService that just are not done in many ROMs for some mind-boggling reason. The same ROMs then say they are degoogled while also automatically installing MicroG, which transmits some data to Google. While you’re right that threat modeling is important, there’s significant value in starting with robust security defaults rather than working backwards from weaker foundations.
Your utopian dream of GrapheneOS having a market monopoly is a terrible idea because it assumes the people in control are mentally stable and that nothing will ever go wrong
Who is doing strawmen now? 🤡 How in the world did you get to that idea from “together they could create a fantastic device”.
Fairphone has zero interest in GrapheneOS and vice versa. Pretending that the only hindrance to this fictional collaboration is a lack of communication is delusional.
How dare I dream of possibilities? ;) I can even top my previous hypothetical: Aperture Science & Apple & Android could make one hell of a device. Basically triple AAA.
So there is market witn 1000 users. I have 1 user. Tomorrow I have 2 users, so I now have an increased userbase. So according to your logic I have a market monopoly tomorrow.
There are no issues but those that exist are not important?
Update speed is a major issue and Fairphone is not great at it either. Yeah, it is not the worst offender, but that does not mean that it is good.
The other solution is not to use Android, but that brings a lot of new problems. That being said, which other rom is on equal footing with Graphene? I am not aware of one. Even if you differentiate between privacy and security: most degoogled roms still connect to google servers - for SUPL, connectivy checks, NTP, etc and that is unnecessary. For security we can basically just reduce it to update time which is atrocious in all of Android Roms with the exception of GrapheneOS. e/os/, the other preinstalled option for fairphone, is especially bad when it comes to this with updates lagging weeks to months behind in critical security updates. It also advertises as “fully degoogled” which simply is not true when it still connects to google servers.
So? I’m aware that my hypothetical idea is not the reality. But what hinders it from becoming the reality? As far as I am aware the humans behind each organization have mouths and ears, no?
I’m not sure if you just didn’t read my reply properly or if you’re engaging in bad faith here but you’ve just stitched the first sentence of a paragraph and half of the last sentence of a paragraph together as if they’re related when they clearly aren’t. One is referring to the non-existent issue (from Fairphone’s perspective as clearly stated) of lack of GrapheneOS support, in direct response to you. The other is referring to the perceived security issues with Fairphone devices referenced in the article, and this is clearly stated in the first half of the same sentence which you decided to cut for some reason.
Nice strawman but I never said it was good. Again, respond in full instead of cherrypicking half a sentence. “Slow” updates compared to a Pixel is obviously not a problem considering Google has a minority market share and many people do not even bother to update their phone regularly. It is a fringe issue that is irrelevant to most.
It doesn’t matter whether they’re equal to GrapheneOS. Like I said, if you are new to this space and don’t know anything then you think you need GrapheneOS because an influencer told you “iTs tHe bEsT oNe” and you looked at a comparison chart where it had the most green rows in its column. In reality many of its unique features and differences are well beyond the requirements of most people simply looking to reduce the amount of information big tech holds on them. Threat modelling exists for a reason but unfortunately many people burn out and return to big tech because they listen to bad advice from morons instead of thinking for themselves.
These projects don’t need to be identical to each other, and in fact it’s actually very healthy for the ecosystem and movement if they have differing feature sets and goals. Your utopian dream of GrapheneOS having a market monopoly is a terrible idea because it assumes the people in control are mentally stable and that nothing will ever go wrong, which we already know is a completely unrealistic assumption to have because Micay exists and Google just made custom ROM development much harder for Pixels.
Fairphone has zero interest in GrapheneOS and vice versa. Pretending that the only hindrance to this fictional collaboration is a lack of communication is delusional.
Nah, just thought the phrasing of your first paragraph was fun.
You are introducing your own strawman? I mean the point was: “there is nothing actually wrong with Fairphone devices from a security perspective compared to the majority of its competitors” when clearly there is. Slow security updates are a problem, plaguing basically all of Android. I never stated that you said it was good, but the reality is that Fairphone as well as most other brands are simply bad to awful. Or to get metaphorical: When all competitors drink from the toilet it isn’t a big flex that Fairphone sometimes flushes before doing so - maybe nobody should drink from the toilet.
This might be a fringe issue to most, but I’d argue that most don’t understand the importance of security updates. “Normal people” have no clue what fixing a critical CVE means, and that is absolutely valid as long as they memorize “Fast Security Updates = Good”. Security does not care if people think it is relevant.
Many users who are new to privacy don’t yet know what threats or concerns may affect them now or in the future. Starting with a strong foundation like GrapheneOS doesn’t hurt and can prevent regrettable privacy mistakes later on. Hardened malloc, exec-spawn restrictions, and extensive SELinux policy were designed for high-risk adversaries, yet they also block run-of-the-mill malware and abusive trackers that target average users. Features like per-app network access or verifiable builds address risks some dismiss as unlikely until they occur. Proactive measures often look excessive to those unaware of attack vectors.
As for reducing the amount of information big tech holds: Pretty much every privacy-focused ROM is better than stock Android. But that still does not make them as secure or as private - and as I said, there are some trivialities like changing the URL of the ConnectivityService that just are not done in many ROMs for some mind-boggling reason. The same ROMs then say they are degoogled while also automatically installing MicroG, which transmits some data to Google. While you’re right that threat modeling is important, there’s significant value in starting with robust security defaults rather than working backwards from weaker foundations.
Who is doing strawmen now? 🤡 How in the world did you get to that idea from “together they could create a fantastic device”.
How dare I dream of possibilities? ;) I can even top my previous hypothetical: Aperture Science & Apple & Android could make one hell of a device. Basically triple AAA.
You really struggle with reading, don’t you?
“The increased userbase gives Graphene more leverage and in a just world big companies and countries would maybe rethink their approach to data collection.”
Ooh, now it gets personal😘 I am aware of your bold points and I responded to it from a security perspective, but thanks for asking.
So there is market witn 1000 users. I have 1 user. Tomorrow I have 2 users, so I now have an increased userbase. So according to your logic I have a market monopoly tomorrow.