Mobile OS

17 respuestas [Último envío]
GNUbahn
Desconectado/a
se unió: 02/19/2016

It is an ongoing discussion which mobile phone with which OS is the best, i.e. the most secure and private.

Here is a (short) discussion: https://redmine.replicant.us/boards/39/topics/15440
At the bottom there is a link to an overview of pros and cons of various mobile OS

Here, Chaosmonk advocates that " GrapheneOS is the best": https://trisquel.info/en/forum/pinephone-community-edition#comment-151526

I believe that jxself at some point (I can't find it now) claimed that non of the 'newer' solution is 'better than Replicant in the sense, that freedomwise they have not achieved anything that Replicant hasn't already achieved.

I have been using an S2 running Replicant for my main device for some years now. recently (perhaps for nearly a year) I have concurrently used a Samsung N7100 installed with LineageOS as a secondary device, since it gives me hotspot, gps and better performance (and a bigger screen). The gps works poorly though.

Lately I have been looking to PhinePhone and as from today also GrapheneOS.

GrapheneOS looks very convincing, but comes with quite a load of proprietary software.

I guess there isn't really a post here except my frustrations regarding mobile phones...

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> Here, Chaosmonk advocates that " GrapheneOS is the best"

Specifically I meant that it is the best privacy and security-wise. Replicant is sort of the best freedom-wise, but on paper only in my opinion. Yes, it excludes non-free WiFi firmware, but that leads to users relying on the modem for Internet access instead of WiFi, which is just as bad freedom-wise and worse privacy-wise. Since Replicant does not supply the non-free modem firmware themselves, their hands are technically clean, but that doesn't make it any better freedom-wise for the end user.

> GrapheneOS looks very convincing, but comes with quite a load of proprietary software.

I did not realize that GrapheneOS came with any proprietary software other that firmware. Is this true? If so I will need to reconsider my recommendation.

GNUbahn
Desconectado/a
se unió: 02/19/2016

Reading through grapheneos.org I did not find clear answers as to whether or not grapeheneos includes other non-free software than firmware. According to https://www.kulesz.me/post/110-smartphones/:
All supported devices require vast amounts of closed-source firmware

I do not have the knowledge to validate eiter the author's qualifications regarding this issue or the information itself (that said, Kulesz seems convincing).

On grapheneos.org the only I (with my limited knowledge) was able to find regarding this issue was: https://grapheneos.org/build#extracting-vendor-files-for-pixel-devices

From which information did you get the impression that the only proprietary code grapheneos includes is as firmware?

GNUbahn
Desconectado/a
se unió: 02/19/2016

I can't find the site again now, but I read somewhere that (someone says) grapeheos includes approx. 200 Mb of non-free software. I have not been able to validate this information.

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> From which information did you get the impression that the only proprietary code grapheneos includes is as firmware?

Only that I know for a fact it includes non-free firmware, but in everything I have read about it have never seen mention of any other kind of non-free software involved, including

> All supported devices require vast amounts of closed-source firmware

That's not to say that non-free firmware is good, but in the context of mobile phones the only way to avoid non-free firmware is to not have a phone. Even Replicant devices require non-free firmware to boot and to access cell towers. None of that firmware is provided by the Replicant developers, but that is irrelevant to user freedom.

GNUbahn
Desconectado/a
se unió: 02/19/2016

> That's not to say that non-free firmware is good, but in the context of mobile phones the only way to avoid non-free firmware is to not have a phone. Even Replicant devices require non-free firmware to boot and to access cell towers. None of that firmware is provided by the Replicant developers, but that is irrelevant to user freedom.<

I know and I agree. Still it seems fair to reason that the more non-free firmware the worse.

Thanks for your comments. I will probably try grapheneOS once I get my hands on a compatible device. For testing I will probably go for a Pixel 2. If that turns out to be a success, I will probably want to have a 3a for regular use.

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> Still it seems fair to reason that the more non-free firmware the worse.

Depends on what you are optimizing for. All non-free firmware is inherently bad freedom-wise, but when it comes to privacy and security not all firmware is created equal. GrapheneOS supports the limited number of devices that it does because of certain security features of that hardware. There is no free firmware for that hardware, and there is no alternative hardware with free firmware that has the same security features. You can run something else like LineageOS or Replicant on different hardware that might require less non-free firmware, but only at the expense of security.

Depending on your threat model, you may not require the level of security that GrapheneOS requires, in which case go with something else. But if you do require an extreme level of security for some reason it would be irresponsible for me to tell you to use Replicant. By using a cell phone at all, you choose to trade some of your freedom for convenience. That's unerstandable. Sometimes people have to make compromises in order to have a lifestyle they can handle. But people who say it is okay to use Replicant but not GrapheneOS (if you require that level of security) are effectively saying that it is okay to trade freedom for convenience but not for safety. Ideally people would never need to give up their freedom at all, but I consider safety to be much more important than convenience.

GNUbahn
Desconectado/a
se unió: 02/19/2016

Thanks to chaosmonk's previous post, it seems we can summarize that when considering the quality of software (and hardware) one should consider these four crucial aspects:

* freedom
* privacy
* security
* convenience

Ideally one would not have to sacrifice any of them, but in reality that is necessary. So, what is the least painful sacrifice?

The answer depends on one's own preferences. Some aspects that will or may influence the answer is (one's own (perception of) one's own ideals, one's principality (i.e. how stubbornly one follows the principles of one's own ideals) and one's own thread model. And in the end, the way one actually uses the software (and hardware).

It is important to realise that freedom, privacy, security and convenience are mutually interdependent.

Due to the circumstances, Replicant against its will sacrifices convenience, security and privacy to some extent.

GrapheneOS on the other hand sacrifice (at least) some freedom.

Can someone here help with information and/or links to documentation about the use of free software and non-free software in GOS?

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> Can someone here help with information and/or links to documentation about the use of free software and non-free software in GOS?

I could not find any documentation, but I found this thread[1] which says:

"As a portable operating system, it doesn't depend on closed source software and it doesn't recommend it. Every potential target device depends on closed source firmware. GrapheneOS is certainly going to ship full security updates. Most devices also have closed-source driver libraries / services. This is not part of the base OS and is not included in a checkout of GrapheneOS. None of this is part of the portable OS and it isn't needed for the generic targets. It's something tied to the devices, not GrapheneOS in particular."

So it sounds like the main source tree is free software, but each individual device image contains additional non-free firmware and/or drivers needed for that device's hardware. So if you want to know how much non-free software is involved you'll need to look into the free-software compatibility of the particular device you are interested in using

[1] https://github.com/GrapheneOS/os_issue_tracker/issues/109

Sabrinakitty
Desconectado/a
se unió: 06/17/2020

How can I safely use the Internet from my phone?
Use VPN? Avoid public Wi-fi?

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> How can I safely use the Internet from my phone?

The answer to this depends on your threat model. What are you trying to protect yourself against?

Sabrinakitty
Desconectado/a
se unió: 06/17/2020

Website tracking
Fingerprinting
Man-in-the-middle attack when using public Wi-Fi
My employer tracking when using my phone from their office

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

> Website tracking
> Fingerprinting

This mostly has to do with your browsing habits and your browser configuration. I don't think that the mobile versions browsers allow you to install addons, so you'll probably want to use one that is already configured against tracking and fingerprinting. I'm not very familiar with what mobile browsers are available, but I think there is an Android version of Tor Browser.

> Man-in-the-middle attack when using public Wi-Fi

A VPN would encrypt all of your traffic, though just note that with a VPN you are shifting trust from the local network and ISP to the VPN provider. Tor also encrypts traffic, and doesn't rely on a single point of trust.

> My employer tracking when using my phone from their office

I'm not sure what you mean by "tracking" here. I presume you don't mean tracking your location, since if you are at work then your employer already knows that your are at the office. Do you want to avoid letting your employer see traffic while connected to their WiFi?

Sabrinakitty
Desconectado/a
se unió: 06/17/2020

> Do you want to avoid letting your employer see traffic while connected to their WiFi?
Yes. What if I need to access my banking account while connected to my employers Wi-Fi?

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

Your bank's website surely uses HTTPS, so your traffic is encrypted. Your employer would see that you are accessing your bank's website, but they would not see what you are doing. Is that good enough for you, or do you want to prevent your employer from knowing which websites you are visiting at all?

Sabrinakitty
Desconectado/a
se unió: 06/17/2020

My employers policy states that everything made using they computers or network belongs to the organization. Our administrator even told me a forum post made from their computer belongs to them.
Is encrypting traffic good enough in this situation (for banking)?

chaosmonk

I am a member!

I am a translator!

Desconectado/a
se unió: 07/07/2017

A forum post on a forum that requires login credentials would presumably also be over HTTPS and therefore with encrypted traffic. What their policy means for banking transactions sounds like a legal question. I'm not a lawyer, so I can't help.

andyprough
Desconectado/a
se unió: 02/12/2015

Firefox allows most addons for mobile, and the "chameleon" addon is top notch for antifingerprinting: https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/
Github: https://github.com/sereneblue/chameleon

Not the easiest interface to use on mobile, but no worse really than noscript or umatrix on mobile. Takes a bit of getting used to. Just remember, your addon options are at the bottom of your main menu. So if you need to adjust umatrix or chameleon, hit the main menu, scroll down to umatrix or chameleon, and all your normal desktop options should be there. Also, firefox mobile now accepts nearly all of my normal about:config privacy hacks. With a liberal use of about:config hacks, I can disable most of firefox's weird non-free and phone-home defaults.

For privatizing my network usage, I use a vpn.