Fairphone doesn't design or make their smartphones. The devices are designed and made by a large ODM. It's entirely feasible to use a modern SoC with current generation security features and provide proper updates. Their ODM isn't doing it to cut costs.
Fairphone quickly stops providing Linux kernel updates and has months of delay for Android userspace backports along with driver/firmware backports. The delay for yearly updates typically starts at a year and gets longer as devices get older and they've always skipped the quarterly updates.
Using a modern SoC, properly configuring it, using proper signing keys (Fairphone has repeatedly used publicly available sample private keys) and providing proper updates is most of what's needed to meet the requirements. That's entirely doable by the few OEMs designing their devices in-house such as Motorola Mobility. Samsung and Google along with many of the ODMs making devices for Nothing, Fairphone, etc.
> If 97% of your users are on mainstream OSes, and the rest also account for disproportionately high numbers of bug reports, why should they bother supporting alternatives?
Obviously I want banks to support alternatives, but I can understand if they only want to support secure OSes. Some banks support GrapheneOS remote attestation besides Google Play Integrity at the strong level.
By your reasoning, 99.9% of people use awfully insecure OSes on desktop and servers. And yet, the world hasn't collapsed. My bank account is not hacked regularly, too (actually, not at all).
This is a personal anecdote and you are making up an absurd conclusion. No one said things would collapse. Security can be evaluated objectively, and the better the security, leads to fewer instances of exploitation. I'm certain the actual data around InfoSec would support that idea.
No, but all of the kernel drivers are open source and always were. The closed source userspace libraries such as the Mali GPU library aren't a barrier to porting to a new kernel version which is what was said above. We could move to 6.12 ourselves but we choose to wait for them for much broader testing which is happening with Android 17 QPR2.
The kernel drivers are all published in the GrapheneOS kernel repositories. A subset of the libraries/services in the vendor partition used with those drivers are closed source.
Pixels were headed towards all of the device support code for the OS being open source along with open sourcing large portions of the firmware including for the TEE (Trusty OS) and secure element (OpenTitan). It was ended after the launch of Android 16. It's a major factor in why GrapheneOS is going to be focused on future Motorola Mobility devices. You can still see a large portion of the Pixel userspace driver libraries and services in the AOSP source tree but they stopped pushing new releases for a lot of it.
If you value freedom to do what you want on your devices, then you may want to consider Librem 5 instead. It runs a desktop Debian derivative with full root access.
You have the ability to do what you want on your device. Root access in AOSP is just used as a hacky shortcut to achieving specific functionality. To do it properly while maintaining the security model would be to build it into the OS itself. The same concept applies to desktop platforms and the Librem 5. This isn't related to freedom.
That device, and the Debian derivative it runs, are not private or secure.
What do you mean when you say "not private"? Are you accusing the company of sending private data to their servers, as Google and Apple do?
Freedom of computing on Librem 5 doesn't end with the root account. It also allows to natively run any desktop software and develop it in any language, without reliance on Google's decision on how one must use the phone, how your OS must evolve and when you may get your updates. Or install a completely different OS from different developers, because there is no reliance on anything proprietary at all.
How you can call a device with a ton of opaque binary blobs more private and secure without mentioning this fact is beyond me. I do not call Librem 5 more secure. But its security depends on what I choose to run on it. And I only run trusted software, so it can be secure.
Maintaining one's data as private requires that it is protected as a baseline. Privacy violations do not solely exist as telemetry or data offered up by the platform to some other party.
The protection is achieved through security. The major goal of something like GrapheneOS is privacy, which needs solid security as a prerequisite.
The blobs, while proprietary, are not opaque. They are able to be examined and they are.
The security of a device should not be dependent on what you choose to run on it. You should trust and be able to verify that the platform on which you are running the software prevents something malicious from accessing data which doesn't belong to it or otherwise violates the rules set by the platform (OS).
In this respect, the Librem 5 would do a horrible job compared to even stock AOSP. Thinking that you are secure because you only run "trusted" software on an insecure platform is cope.
> No invention was able to steer the psychopaths away from waging wars.
Nukes and MAD did a pretty good job of that.
Your model, that psychopathy is the necessary precondition to war, is a popular one, but it's not grounded in reality or history very well at all. It's a harmful view when broadly held, on balance.
Nations have interests, and nations sometimes go to war to pursue the geopolitical imperatives they rationally believe serve their interests. Computer-controlled drones notwithstanding, there's nothing new under the sun. The unprecedented (and likely transitory) period of peace and prosperity during the Cold War was the anomaly, and we're now reverting back to the mean.
No, and we have wars no one in their sane mind would even imagine 20 years ago, like that of Russia vs Ukraine.
See, it's easy to speculate how there are less wars when you live in a place which haven't seen war for decades or cenuries, but it's a complete game changer when it's 150 km from where you live, and it's not just some regular war, but a long play intentional meatgrinding AI drone debugging polygon.
> it's easy to speculate how there are less wars when you live in a place which haven't seen war for decades or cenuries, but it's a complete game changer when it's 150 km from where you live...
I can appreciate how having skin in the game makes it feel different, but that's like saying, "I know crime isn't down, because somebody broke into my car last week." That's faulty on several levels.
By many--most, even--measures, wars since WWII are massively down globally. I don't expect that to hold as the US strategically disentangles itself from the globe, though.
Many analysts of very sane mind imagined exactly that war 20 years ago, or longer.
The geopolitical fact is that Russia lacks strategic depth, which has bitten it badly multiple times in the past. From their view, that's something to be remedied to prevent future occurrences.
For Russia to gain strategic depth, there are a few lines which it needs to control. There are ~6-10 gaps, depending on how you count them, and on what net importance/counter-productiveness you assign to some of the more marginal and fraught ones. Holding any is better than holding none.
The big surprise is that Putin left Ukraine so late, when many of his best-trained ex-Soviet personnel had already died. Had he done it even just a few years earlier, the outcome would have likely been very different. The only analysts who thought it wouldn't happen thought so precisely because he left it too late.
Regardless, the best time for Europe to get serious about this war was before it started, unfortunately, and there was ample warning.
Enshittification can only happen in case of the centralized architecture like one in Twitter, Facebook and co. It's not happening in Mastodon or Matrix - and this is where the nerds are.
reply