So I got Fairphone 4, with /e/ os, a couple of days ago. When I connected it to my NextDNS I saw that it was trying to connect to some weird addresses, like every 5-10 minutes. I searched Internet a bit and found out that it was something with snapdragon cpu and location services. I travel a lot and use Organic Maps for navigation, so location was enabled almost all day on the phone. I turned off location services and connections stopped, and everything was fine for a couple of days.
Today I came home, checked logs in NextDNS and saw that phone started doing the same connections almost constantly even with location turned off.
Can I do something about this, other than allowing these connections? These connections are probably so numerous because they are getting blocked. If I allowed them, phone would maybe call home once in a couple of hours. I would rather not allow them, but I don’t want 20% of battery to be eaten by this.
So fair 😇
I don’t really blame fairphone for this. They would probably have to make their own chips, if they wanted control over that. Almost nobody has money for that.
Naa that’s not something with “snapdragon cpu and location services” it’s something with snapdragon + the OS allowing it and most likely profiting from it. Fairphone guys have been petitioned multiples times to open their platform and/or collaborate with projects such as GrapheneOS and CalyxOS so user can have private and secure phones but they don’t care.
CalyxOS does support the Fairphone 4 however that’s only due to the persistence and reverse engineering efforts of the CalyxOS project / community. If you decide to use it you won’t have a secure bootloader anymore due to a bug in Fairphone’s firmware that they choose not to fix. That’s how “fair” the “Fairphone” really is.
Here is more relevant information for you from here:
Before you say this is the CPU’s fault, it isn’t, at least on its own. GrapheneOS also deals with this kind of stuff and has patches and options so you can block it.
After looking into it more, I don’t think I would use Graphene OS even if it was supported on FP4, main dev seems like a lying man baby.
On the other hand, I didn’t know Calyx OS has support for FP4, I might try it out.
I don’t really remember strcat “lying”, yet there are some evidence of him being… Let’s say unstable. GrapheneOS, tho, is another story as it’s trying to improve the android’s privacy/security model instead of simply not making things worse. For example, they are behind hardened malloc - for security, and have storage & contact scopes (i.e. letting the user choose which files/directories exactly an app can access) - for privacy. While the former feature has been adopted by a few other roms and even desktop Linux distributions, the latter I’ve seen only on graphene so far, which is quite a shame. Same goes for sandboxing play services
Why so much hate towards GrapheneOS? The thing is carefully planned and executed. About Calyx… just don’t forget that you won’t get a secure boot… anyone who gets you phone can temper with your boot.
I don’t hate GrapheneOS, it is probably fine. I just don’t think I would feel comfortable running an OS on my phone when its main dev acts like this. That’s just me and completely subjective.
https://www.youtube.com/watch?v=Dx7CZ-2Bajg
https://www.youtube.com/watch?v=4To-F6W1NT0
Yes I’m aware of his bad soft skills… either way he does good work and he’s capable of working on small details while still seeing the bigger picture - this makes him able to spot and fix stuff others would miss easily. Example that stuff you’ve reported.
Wasn’t that the guy who stepped down from development entirely because of the backlash? Louis himself is still using it afaik
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=Dx7CZ-2Bajg
https://www.piped.video/watch?v=4To-F6W1NT0
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
I bought the ancestor of GrapheneOS (CopperheadOS) for 500 bucks. I paid for two reasons:
Now AFAICT, the team back then was composed of two people: James Donaldson and Daniel Micay. James was the CEO and running operations, while Daniel was the CTO, and focusing on hardening.
Taking care of operations, James was the one who installed the software on my phone (I got confirmation of that fact from James himself). When I received it, it worked perfectly. It was great. I got to enjoy a nice, allegedly very secure OS for a few months.
Then, suddenly, after an OTA update, the microphone stopped working. The fact that it happened immediately after an update prompted me to believe that the OS update broke something.
I reported this to David Micay himself. To my surprise, he didn’t seem concerned at all, and refused outright to even take a look at the code changes in that update, without either having my phone or several MB of logs from the phone. In fact, he strongly implied it must have been user error (i.e. my fault), or hardware failure (i.e. Google’s fault).
The possibility of he himself having introduced a bug, or of his stack having produced a partially failed build, seemed absolutely inconceivable to him.
It was necessarily someone else’s fault.
Neither option was acceptable to me. I wasn’t about to pay for another courier, especially to send a product to be processed without any guarantees, to someone who obviously didn’t give the tiniest fuck; and I surely wasn’t going to send several megabytes of personal, confidential information, to someone who just flat out insulted me, and arrogantly implied that the Google hardware would likely fail sooner than his software (fun fact, that “Google hardware sucks” phone still perfectly works today).
So, instead, I immediately bought another phone, installed lineage on it, and that other phone still works perfectly to this day (microphone included!). Albeit with a pretty weak battery.
Unsurprisingly, some months later, David was canned from the CopperheadOS project. However, to my horror, he destroyed the signing keys in the process. So there was then no way anymore of eventually getting a fix for his bug (I was hoping that, at some point, knowingly or not, he would somehow introduce a change that would fix the bug. After all, this is how the bug first occurred, so it wasn’t unreasonable to hope it could also be how it would be fixed, given that no other fix would happen).
Therefore, the very expensive license was useless to me. I really wish James would have re-signed the software during deployment, and made updates available signed with that same key, therefore preventing David from destroying the entire value of all sales.
Indeed, said keys could only be trusted if the install had been done by CopperheadOS Ltd (and if the device was kept by a trusted supervisor at all times after). In any other case, there could have been tampering, since the bootloader had to remain unlocked.
And leaving the keys with the Ltd was the semantically correct thing to do, for all intents and purposes:
So, pretending to have destroyed the keys “To EnShUeH sEcUrItEh!!!1” was quite clearly a fallacious reason.
What evidently happened is that David was butthurt, sought revenge, and didn’t give the slightest fuck about the damage to other people.
I kept my CopperheadOS phone as a reminder never to trust this dev again. Never to trust anything he has control over. Never to trust any company he works for.
And I salute your indubitably pertinent judgment. I wish I had had the same wisdom, I would have saved a bunch of money in not buying the most expensive paperweight I have ever bought.
Thanks, that was interesting and eye opening read. Do you know if he is still working on graphene os or is he out? Because some users mentioned that he left.
I actually paid negative attention to GrapheneOS. By that I mean actively avoided it. So I wouldn’t know.