I used e/OS for a very short time a few years ago then learned about some of their security practices. This isn’t a new problem with that version of Android.
care to share what those practices are?
Rtfa?
I did, you said a few years ago. IE not the Fairphone 6.
unless you’re a time traveling scumbag?
What I remember most was having to make an e/OS account a la google in order to be able to use the ROM, and some of the third party apps it shipped with were of dubious origin, mainly Chinese IIRC. I’d heard other sources talking about it being behind on patches then as well. Overall, it gave me the ick, especially the account bullshit, and I continued with Lineage.
Not sure why you feel the need to call me a scumbag.
ryfc.
So what do people run on their fairphone? Graphene has been the only non mainstream commercial mobile os I’ve heard of even on lemmy.
I run CalyxOS on my Fairphone4 and have zero issues.
Aside from /e/OS which was mentioned in the article, Fairphones are also typically supported by LineageOS, iodéOS and CalyxOS.
I run stock, because it’s my work phone. LineageOS would be an option, but I prefer GrapheneOS, which currently limits me to Pixels.
Real title: Graphene OS teams criticizes fairphone for the low quality support of /e/os
Not Fairphone, but /e/, which is a separate company that develops a ROM of their own. I guess the lack of a TPM is a Fairphone design choice that GrapheneOS also doesn’t like but the article describes why that’s hardly a Fairphone only issue.
Maybe Fairphone should criticize Graphene OS for the non existent support of Fairphone devices.
Seriously I’d get a Fairphone with GrapheneOS in a heartbeat should it become available.
for the non existent support of Fairphone devices.
There is a good reason they dont do that. The Fairphone is a real piece of shit from a security (or even a consumer) standpoint, especially because no single phone from the got more than 2 Android versions, and even then they are just months to Years behind(ert) on security updates. The Grapheneos team has a sctrict set of minimums a phone should provide in order not to mislead users by branding an insecure OS with a name associated with security.
GrapheneOS only used Pixel until now was because they a) didn’t have to reverse engeneer that shit and b) it had a few rare security features.
And now that they have to work a lot more to make their OS work, it is a really stupid idea to demand support for an inferior product which they would rule out by default.
But for now, Ill just keep wondering when the EU will Sue Fairphone into bankruptcy for not even obeying the minimum support period
The regulations enforcing a minimum support period won’t go into full effect until 2027. Besides that, new Android versions aren’t obligated as long as security updates are provided (which Fairphone does provide).
The missing hardware support means Graphene won’t work on any device not made by Google (although they seem to invent new requirements every time Google releases a new Pixel so I don’t know why they don’t just say "we don’t want to support other brands), but Fairphone is one of the more open companies when it comes to ROMs.
Fairphone doesn’t have the right hardware support. There’s a good comparison chart here if you aren’t in the market for a new device right now:
gOS threat model is “everything everywhere all at once” - nation state actors et al - and from that standpoint, yeah, eOS and lOS and whoever else is lacking.
but the vast majority of users have a threat model that can be boiled down to two things:
- a lost/stolen device doesn’t compromise me - the fucker can’t get at my stuff and/or impersonate me, and
- free from apple’s/google’s reign - I control what stuff runs on my phone
both easily accomplished with lineageOS and derivatives running on a $50 phone. if you truly want to spend four digits annually on Newest & Best, you do you, I’m good.
e/OS is just particularly egregious. This isn’t about GrapheneOS being paranoid, it’s Murena not delivering the most basic level of security patches, then hiding it.
I’ve got the top end latest Pixel model and it did not cost me 4 digits. Bought one used, so Google never got my money. Immediately put grapheneOS on it, this phone in its pre-gOS spyware form never had access to my actual data in the first place. Or even a real network.
I bought a refurb Pixel 7 on eBay for like ~$150 and put Graphene on it. It’s not like you have to spend four digits unless you want to.
Same old story, GrapheneOS’s self-rightousness has caused them grief before (plenty of times actually), and this is just another example of it. Compare and contrast with something like CalyxOS, or even just Vanilla LineageOS, and it’s night and day for being able to support more devices and be less reliant on Google. And I say that as a guy who loves his Pixel 6 Pro with CalyxOS.
GOS is a great idea, and I’m glad it exists, but ultimately they are their own worst enemies about a lot of things. Micay obviously wasn’t the whole issue there either (though he certainly bears a lot of responsibility for what made Graphene and its community so toxic for several years too…).
Yeah, and I have a hard time trusting a “de-google” os that requires I buy a phone directly from google. I want to be free from google entirely, and that includes not buying their hardware.
as someone who originally chose Calyx out of the perceived toxicity of the community, I really could not have said it better myself.
Honestly I’m with the GrapheneOS team on this one pixels (A series mostly) are relatively cheap and you can easily find them second hand for even a cheaper price so I don’t think you gonna save anything by the repairable Fairphone and on top of all this they lag behind security updates too just more reason to avoid them. Ofcourse that’s just my opinion
Same old broken record as with previous Fairphones.
Their holier-than-thou attitude towards security backed them into the corner of being virtually unable to run GrapheneOS on any platform other than Google’s own Pixel phones, and now Google is pulling the rug from under them.
The GrapheneOS people were tedious when Micay was there, and they haven’t really changed.
I don’t really mind that GrapheneOS excludes other manufacturers/devices based on their extremely strict requirements, it’s good to have a tighter option for those who want it. Their team has always been unnecessarily antagonistic/hostile towards other projects in this space, though. The way they communicate publicly is always so extreme and deliberately lacking in context so that everything is framed as “GrapheneOS = good, competitors = bad”. They won’t acknowledge differing threat models to their own and treat everyone else as a bad actor or a clueless moron, which has led to this very weird cult mentality among the userbase. So many people shill the absolute fuck out of this project online yet have never put any thought into what their personal threat model is or what features they actually want in a custom OS. They don’t even know why they installed GrapheneOS, they just read comments from other people on social media or watched a YouTube video and blindly followed along.
The way they communicate publicly is always so extreme and deliberately lacking in context so that everything is framed as “GrapheneOS = good, competitors = bad”.
To be fair part of your this is sensationalist “reporting” as above where single tweets (or parts of conversations, etc.) are taken and reported on without offering context.
So many people shill the absolute fuck out of this project online yet have never put any thought into what their personal threat model is or what features they actually want in a custom OS. They don’t even know why they installed GrapheneOS, they just read comments from other people on social media or watched a YouTube video and blindly followed along.
Yeah, that tends to happen. Not everyone has the knowledge or the capacity to (learn what a threat model is and) create a threat model and then make calls based on that. But that is not unique to Graphene, that happens everywhere (Streamer promoting/judging video games, Pop stars promoting/judging politicians, etc).
But in this specific case I would argue that is more of a good thing - even if some people don’t understand the fine details and they just heard “more security, more control, more features” . The increased userbase gives Graphene more leverage and in a just world big companies and countries would maybe rethink their approach to data collection.
Personally I also hope that Graphene and Fairphone talk with each other instead about each other, because together they could create a fantastic device.
Personally I also hope that Graphene and Fairphone talk with each other instead about each other, because together they could create a fantastic device.
This isn’t even an issue from Fairphone’s perspective. It’s devices are supported by every other privacy-based ROM out there and its primary focus is on shipping and supporting devices with “stock” Android. As I said above, there is nothing actually wrong with Fairphone devices from a security perspective compared to the majority of its competitors, and even those issues that do exist are fringe cases that consumers do not care about.
The only reason this discussion about “GrapheneOS on Fairphone” keeps resurfacing is because of the cult-like behaviour I described elsewhere in this thread, where GrapheneOS is so widely recommended without context that people new to this space think it is the only solution to stock Android’s privacy issues. So they keep pestering the GrapheneOS team, asking for something that has been resolutely denied on multiple occasions previously, provoking a response that inevitably gets recirculated on social media and run as content on “news” sites. And then we get comments lile yours that frame GrapheneOS on Fairphone as an achievable and realistic thing that could happen with better communication, even though neither party is interested in pursuing that.
This isn’t even an issue from Fairphone’s perspective. […] and even those issues that do exist are fringe cases that consumers do not care about.
There are no issues but those that exist are not important?
there is nothing actually wrong with Fairphone devices from a security perspective compared to the majority of its competitors
Update speed is a major issue and Fairphone is not great at it either. Yeah, it is not the worst offender, but that does not mean that it is good.
people new to this space think it is the only solution to stock Android’s privacy issues
The other solution is not to use Android, but that brings a lot of new problems. That being said, which other rom is on equal footing with Graphene? I am not aware of one. Even if you differentiate between privacy and security: most degoogled roms still connect to google servers - for SUPL, connectivy checks, NTP, etc and that is unnecessary. For security we can basically just reduce it to update time which is atrocious in all of Android Roms with the exception of GrapheneOS. e/os/, the other preinstalled option for fairphone, is especially bad when it comes to this with updates lagging weeks to months behind in critical security updates. It also advertises as “fully degoogled” which simply is not true when it still connects to google servers.
And then we get comments lile yours that frame GrapheneOS on Fairphone as an achievable and realistic thing that could happen with better communication, even though neither party is interested in pursuing that.
So? I’m aware that my hypothetical idea is not the reality. But what hinders it from becoming the reality? As far as I am aware the humans behind each organization have mouths and ears, no?
There are no issues but those that exist are not important?
I’m not sure if you just didn’t read my reply properly or if you’re engaging in bad faith here but you’ve just stitched the first sentence of a paragraph and half of the last sentence of a paragraph together as if they’re related when they clearly aren’t. One is referring to the non-existent issue (from Fairphone’s perspective as clearly stated) of lack of GrapheneOS support, in direct response to you. The other is referring to the perceived security issues with Fairphone devices referenced in the article, and this is clearly stated in the first half of the same sentence which you decided to cut for some reason.
Update speed is a major issue and Fairphone is not great at it either. Yeah, it is not the worst offender, but that does not mean that it is good.
Nice strawman but I never said it was good. Again, respond in full instead of cherrypicking half a sentence. “Slow” updates compared to a Pixel is obviously not a problem considering Google has a minority market share and many people do not even bother to update their phone regularly. It is a fringe issue that is irrelevant to most.
That being said, which other rom is on equal footing with Graphene?
It doesn’t matter whether they’re equal to GrapheneOS. Like I said, if you are new to this space and don’t know anything then you think you need GrapheneOS because an influencer told you “iTs tHe bEsT oNe” and you looked at a comparison chart where it had the most green rows in its column. In reality many of its unique features and differences are well beyond the requirements of most people simply looking to reduce the amount of information big tech holds on them. Threat modelling exists for a reason but unfortunately many people burn out and return to big tech because they listen to bad advice from morons instead of thinking for themselves.
These projects don’t need to be identical to each other, and in fact it’s actually very healthy for the ecosystem and movement if they have differing feature sets and goals. Your utopian dream of GrapheneOS having a market monopoly is a terrible idea because it assumes the people in control are mentally stable and that nothing will ever go wrong, which we already know is a completely unrealistic assumption to have because Micay exists and Google just made custom ROM development much harder for Pixels.
So? I’m aware that my hypothetical idea is not the reality. But what hinders it from becoming the reality? As far as I am aware the humans behind each organization have mouths and ears, no?
Fairphone has zero interest in GrapheneOS and vice versa. Pretending that the only hindrance to this fictional collaboration is a lack of communication is delusional.
I’m not sure if you just didn’t read my reply properly or if you’re engaging in bad faith here but you’ve just stitched the first sentence of a paragraph and half of the last sentence of a paragraph together as if they’re related when they clearly aren’t.
Nah, just thought the phrasing of your first paragraph was fun.
Nice strawman but I never said it was good. Again, respond in full instead of cherrypicking half a sentence. “Slow” updates compared to a Pixel is obviously not a problem considering Google has a minority market share and many people do not even bother to update their phone regularly. It is a fringe issue that is irrelevant to most.
You are introducing your own strawman? I mean the point was: “there is nothing actually wrong with Fairphone devices from a security perspective compared to the majority of its competitors” when clearly there is. Slow security updates are a problem, plaguing basically all of Android. I never stated that you said it was good, but the reality is that Fairphone as well as most other brands are simply bad to awful. Or to get metaphorical: When all competitors drink from the toilet it isn’t a big flex that Fairphone sometimes flushes before doing so - maybe nobody should drink from the toilet.
This might be a fringe issue to most, but I’d argue that most don’t understand the importance of security updates. “Normal people” have no clue what fixing a critical CVE means, and that is absolutely valid as long as they memorize “Fast Security Updates = Good”. Security does not care if people think it is relevant.
It doesn’t matter whether they’re equal to GrapheneOS. Like I said, if you are new to this space and don’t know anything then you think you need GrapheneOS because an influencer told you “iTs tHe bEsT oNe” and you looked at a comparison chart where it had the most green rows in its column. In reality many of its unique features and differences are well beyond the requirements of most people simply looking to reduce the amount of information big tech holds on them. Threat modelling exists for a reason but unfortunately many people burn out and return to big tech because they listen to bad advice from morons instead of thinking for themselves.
Many users who are new to privacy don’t yet know what threats or concerns may affect them now or in the future. Starting with a strong foundation like GrapheneOS doesn’t hurt and can prevent regrettable privacy mistakes later on. Hardened malloc, exec-spawn restrictions, and extensive SELinux policy were designed for high-risk adversaries, yet they also block run-of-the-mill malware and abusive trackers that target average users. Features like per-app network access or verifiable builds address risks some dismiss as unlikely until they occur. Proactive measures often look excessive to those unaware of attack vectors.
As for reducing the amount of information big tech holds: Pretty much every privacy-focused ROM is better than stock Android. But that still does not make them as secure or as private - and as I said, there are some trivialities like changing the URL of the ConnectivityService that just are not done in many ROMs for some mind-boggling reason. The same ROMs then say they are degoogled while also automatically installing MicroG, which transmits some data to Google. While you’re right that threat modeling is important, there’s significant value in starting with robust security defaults rather than working backwards from weaker foundations.
Your utopian dream of GrapheneOS having a market monopoly is a terrible idea because it assumes the people in control are mentally stable and that nothing will ever go wrong
Who is doing strawmen now? 🤡 How in the world did you get to that idea from “together they could create a fantastic device”.
Fairphone has zero interest in GrapheneOS and vice versa. Pretending that the only hindrance to this fictional collaboration is a lack of communication is delusional.
How dare I dream of possibilities? ;) I can even top my previous hypothetical: Aperture Science & Apple & Android could make one hell of a device. Basically triple AAA.
I mean the point was: “there is nothing actually wrong with Fairphone devices from a security perspective compared to the majority of its competitors”
You really struggle with reading, don’t you?
Who is doing strawmen now? 🤡 How in the world did you get to that idea from “together they could create a fantastic device”.
No different to any previous Fairphone, or indeed the majority of Android phones on the market from any manufacturer other than Google. Fairphone is in an unfortunate situation in a way, because its devices have (in recent history) been more open than that of any other manufacturer other than Google, which means there is a thriving custom ROM scene that includes privacy-focused competitors to GrapheneOS, yet its devices have also never met the requirements for the GrapheneOS team and so routinely get “slammed” by its developers who have to respond to requests/questions every time a new Fairphone releases. Clickbait Android “news” sites then run these developer replies taken from social media or forums as “news” and people who don’t bother to read beyond the headline/don’t know anything about the topic (AKA the majority) come away with the completely misguided impression that Fairphone is not just “not as private and secure as a Pixel with GrapheneOS” but is actually “bAd fOr pRiVaCy aNd sEcUriTy” compared to all devices on the market.
The problem is that it would take a ton of effort for fairphone to comply with grapheneOS because they need a separate TPM chip and custom firmware and (likely) a lot of android integration stuff for it that Google has a habit of keeping to themselves for a competitive edge (e.g. new android material designs exclusive to pixels for X years, GCam, etc…)
I have also heard that the Graphene team can be a bit toxic, so those things combined with the fact that they would probably get <1% of their sales with a preinstalled Graphene option makes it likely not worth it for them.
I would also love to get a fairphone and run Graphene on it, but I just don’t see it happening.
As a non-native speaker, I had no idea what this headline is supposed to say. Here is what it is about:
The team behind the GrapheneOS platform has criticized the Fairphone Gen 6 for apparent security issues.
As a native speaker, I also didn’t really get the headline at first
I’d normally interpret “taking the knife to something” as roughly the same as “making cuts”
But graphene doesn’t make the fairphones and doesn’t support them, so nowhere to really make cuts
I feel like maybe they got the message that people are getting tired of headlines over using terms like “slammed” and wanted to do something different but chose a pretty terrible alternative.
At least we all know what “slammed” means now.
I thought it meant that they started investigated porting GrapheneOS to Fairphone. That they meant a surgical knife and getting to work.
Yeah, I tend to over-interpret and am non-native too, how could you tell?
I am a native speaker and this was close to my first interpretation. The headline is just bad.
As a native speaker, thanks for clarifying.
Not necessarily agree with the tone of the headline, but happy they are finally taken into consideration when talking security.
At least they didn’t say “slammed”…? ¯\_(ツ)_/¯
LOL yeah.
