Mobile OS

8 Antworten [Letzter Beitrag]
GNUbahn
Offline
Beigetreten: 02/18/2016

It is an ongoing discussion which mobile phone with which OS is the best, i.e. the most secure and private.

Here is a (short) discussion: https://redmine.replicant.us/boards/39/topics/15440
At the bottom there is a link to an overview of pros and cons of various mobile OS

Here, Chaosmonk advocates that " GrapheneOS is the best": https://trisquel.info/en/forum/pinephone-community-edition#comment-151526

I believe that jxself at some point (I can't find it now) claimed that non of the 'newer' solution is 'better than Replicant in the sense, that freedomwise they have not achieved anything that Replicant hasn't already achieved.

I have been using an S2 running Replicant for my main device for some years now. recently (perhaps for nearly a year) I have concurrently used a Samsung N7100 installed with LineageOS as a secondary device, since it gives me hotspot, gps and better performance (and a bigger screen). The gps works poorly though.

Lately I have been looking to PhinePhone and as from today also GrapheneOS.

GrapheneOS looks very convincing, but comes with quite a load of proprietary software.

I guess there isn't really a post here except my frustrations regarding mobile phones...

chaosmonk

I am a member!

I am a translator!

Offline
Beigetreten: 07/07/2017

> Here, Chaosmonk advocates that " GrapheneOS is the best"

Specifically I meant that it is the best privacy and security-wise. Replicant is sort of the best freedom-wise, but on paper only in my opinion. Yes, it excludes non-free WiFi firmware, but that leads to users relying on the modem for Internet access instead of WiFi, which is just as bad freedom-wise and worse privacy-wise. Since Replicant does not supply the non-free modem firmware themselves, their hands are technically clean, but that doesn't make it any better freedom-wise for the end user.

> GrapheneOS looks very convincing, but comes with quite a load of proprietary software.

I did not realize that GrapheneOS came with any proprietary software other that firmware. Is this true? If so I will need to reconsider my recommendation.

GNUbahn
Offline
Beigetreten: 02/18/2016

Reading through grapheneos.org I did not find clear answers as to whether or not grapeheneos includes other non-free software than firmware. According to https://www.kulesz.me/post/110-smartphones/:
All supported devices require vast amounts of closed-source firmware

I do not have the knowledge to validate eiter the author's qualifications regarding this issue or the information itself (that said, Kulesz seems convincing).

On grapheneos.org the only I (with my limited knowledge) was able to find regarding this issue was: https://grapheneos.org/build#extracting-vendor-files-for-pixel-devices

From which information did you get the impression that the only proprietary code grapheneos includes is as firmware?

GNUbahn
Offline
Beigetreten: 02/18/2016

I can't find the site again now, but I read somewhere that (someone says) grapeheos includes approx. 200 Mb of non-free software. I have not been able to validate this information.

chaosmonk

I am a member!

I am a translator!

Offline
Beigetreten: 07/07/2017

> From which information did you get the impression that the only proprietary code grapheneos includes is as firmware?

Only that I know for a fact it includes non-free firmware, but in everything I have read about it have never seen mention of any other kind of non-free software involved, including

> All supported devices require vast amounts of closed-source firmware

That's not to say that non-free firmware is good, but in the context of mobile phones the only way to avoid non-free firmware is to not have a phone. Even Replicant devices require non-free firmware to boot and to access cell towers. None of that firmware is provided by the Replicant developers, but that is irrelevant to user freedom.

GNUbahn
Offline
Beigetreten: 02/18/2016

> That's not to say that non-free firmware is good, but in the context of mobile phones the only way to avoid non-free firmware is to not have a phone. Even Replicant devices require non-free firmware to boot and to access cell towers. None of that firmware is provided by the Replicant developers, but that is irrelevant to user freedom.<

I know and I agree. Still it seems fair to reason that the more non-free firmware the worse.

Thanks for your comments. I will probably try grapheneOS once I get my hands on a compatible device. For testing I will probably go for a Pixel 2. If that turns out to be a success, I will probably want to have a 3a for regular use.

chaosmonk

I am a member!

I am a translator!

Offline
Beigetreten: 07/07/2017

> Still it seems fair to reason that the more non-free firmware the worse.

Depends on what you are optimizing for. All non-free firmware is inherently bad freedom-wise, but when it comes to privacy and security not all firmware is created equal. GrapheneOS supports the limited number of devices that it does because of certain security features of that hardware. There is no free firmware for that hardware, and there is no alternative hardware with free firmware that has the same security features. You can run something else like LineageOS or Replicant on different hardware that might require less non-free firmware, but only at the expense of security.

Depending on your threat model, you may not require the level of security that GrapheneOS requires, in which case go with something else. But if you do require an extreme level of security for some reason it would be irresponsible for me to tell you to use Replicant. By using a cell phone at all, you choose to trade some of your freedom for convenience. That's unerstandable. Sometimes people have to make compromises in order to have a lifestyle they can handle. But people who say it is okay to use Replicant but not GrapheneOS (if you require that level of security) are effectively saying that it is okay to trade freedom for convenience but not for safety. Ideally people would never need to give up their freedom at all, but I consider safety to be much more important than convenience.

GNUbahn
Offline
Beigetreten: 02/18/2016

Thanks to chaosmonk's previous post, it seems we can summarize that when considering the quality of software (and hardware) one should consider these four crucial aspects:

* freedom
* privacy
* security
* convenience

Ideally one would not have to sacrifice any of them, but in reality that is necessary. So, what is the least painful sacrifice?

The answer depends on one's own preferences. Some aspects that will or may influence the answer is (one's own (perception of) one's own ideals, one's principality (i.e. how stubbornly one follows the principles of one's own ideals) and one's own thread model. And in the end, the way one actually uses the software (and hardware).

It is important to realise that freedom, privacy, security and convenience are mutually interdependent.

Due to the circumstances, Replicant against its will sacrifices convenience, security and privacy to some extent.

GrapheneOS on the other hand sacrifice (at least) some freedom.

Can someone here help with information and/or links to documentation about the use of free software and non-free software in GOS?

chaosmonk

I am a member!

I am a translator!

Offline
Beigetreten: 07/07/2017

> Can someone here help with information and/or links to documentation about the use of free software and non-free software in GOS?

I could not find any documentation, but I found this thread[1] which says:

"As a portable operating system, it doesn't depend on closed source software and it doesn't recommend it. Every potential target device depends on closed source firmware. GrapheneOS is certainly going to ship full security updates. Most devices also have closed-source driver libraries / services. This is not part of the base OS and is not included in a checkout of GrapheneOS. None of this is part of the portable OS and it isn't needed for the generic targets. It's something tied to the devices, not GrapheneOS in particular."

So it sounds like the main source tree is free software, but each individual device image contains additional non-free firmware and/or drivers needed for that device's hardware. So if you want to know how much non-free software is involved you'll need to look into the free-software compatibility of the particular device you are interested in using

[1] https://github.com/GrapheneOS/os_issue_tracker/issues/109