Debian User Forums

[n_hologram]

The other day (in the Intel ME thread, I think), someone mentioned how they use a "normal" cellphone instead of a smartphone; their approach is to keep a "phone as a phone, and a computer as a computer."

I find this approach agreeable, since recent exploits, like krack and shellshock, are proving that companies don't need to update firmware when their clientele are neither aware nor interested in advocating for their security and/or privacy. This goes hand-in-hand with the impetus for Purism's librem phone, which offers, albeit at an audacious price, some semblance of freedom -- primarily, through free hardware. Of course, hardware has always been a major crux of the modern cellphone. In addition, consumers face issues like SIM-based exploits, the unexplored exploits in ARM firmware, the inability to hard-disable network hardware. Not to mention that, in the US, a looming vote against net neutrality (which could easily axe many smartphone benefits).

In light of reality, cellphone shopping in contemporary times can get pretty disorienting pretty quickly.
Back to the original sentence.
For the sake of this argument, let's assume that one might "need" a cellphone (in the same way that one "needs" a computer).

If you were shopping for a cellphone in 2017, what would you buy, and why? What criteria do you find the most important when shopping for one? What features or qualities would you never want in a phone?

I'll give a baseline: for personal reasons (few of which are related to exploits and surveillance), I was looking at a Plum Play. Now, let's say ARM has some latent ME-caliber exploit, which I don't know about because ARM is licensed, and because of that, I avoid smartphones -- unfortunately, even dumbphones like the Plum contain a chipset (Spreadtrum sc6531da) which contains an ARM9 processor; a couple other phones ship with the same caveat.

See what I mean?

I'm not actually wearing a tin-foil hat, I promise. I'm just curious what informed users would choose.

[debiman]

i'd say not running android (or another "smart" phone os) is a very good start.
of course the hardware is a bother, too.
unfortuantely prices for safe open hardware have no relation to my income.
otoh, i've seen various how-to's for building phones out of tiny SBCs. viable solution, with a 3d printer for the case?

[Head_on_a_Stick]

If you were shopping for a cellphone in 2017, what would you buy, and why?

Two options for me:

• Sony's XZ1 Compact (because it plays high resolution audio and runs Android 8)
• Google's Nexus 5X (because it runs CopperheadOS)

I don't use my phone very much though.

EDIT: I do actually "need" a smartphone for $DAY_JOB (Google Maps are v. useful for a despatch rider) but if I didn't then I would have one of these instead:

https://www.nokia.com/en_int/phones/nokia-3310

[alan stone]

If you were shopping for a cellphone in 2017, what would you buy, and why?

I don't shop for a cell phone.

[Lysander]

I switched my smartphone a couple of years ago for a 'dumphone'. This was mainly because of privacy concerns but also because I feel that smartphones do too much, and I don't like all the different ways that people are able to contact the user. Multiple contact applications and social networking make it harder to get away and have some privacy - by which I mean personal privacy, solace - and this can get scarcer and scarcer if left unmonitored. I have only three criteria in a phone - phone calls, text messages and music playback. A torch is also a very useful addition. My Nokia 108 is getting too battered so I will soon move onto the newer version of the 130.

For some people a smartphone is vital in their job, for me it isn't. I spend my working day in front of a computer, and a lot of time in front of a computer at home. When I'm out, I don't want to be online.

[pylkko]

I'll give a baseline: for personal reasons (few of which are related to exploits and surveillance), I was looking at a Plum Play. Now, let's say ARM has some latent ME-caliber exploit, which I don't know about because ARM is licensed, and because of that, I avoid smartphones -- unfortunately, even dumbphones like the Plum contain a chipset (Spreadtrum sc6531da) which contains an ARM9 processor; a couple other phones ship with the same caveat.

I don't know if you realize this but a sim card has microcontrollers in it. So a SIM card is a computer. It has a processor, RAM, storage and I/O capabilities. It is 100% out of your control. So, I guess avoiding using a smart phone for security might not be enough?

https://en.wikipedia.org/wiki/Universal ... rcuit_Card

https://en.wikipedia.org/wiki/Subscribe ... ity_module

Everything depends on how paranoid you are.

One thing that normal phones have over so called smart phones is phenomenal battery life.

[alan stone]

I don't shop for a cell phone.

Some further clarification why I label these things being a "cell phone": Google collects Android users’ locations even when location services are disabled.

Oops!

EDIT:

If you were shopping for a cellphone in 2017, what would you buy, and why?

This (click on the image):

[fmp]

i purchased a new smart phone this year, i first looked at the non-apple & google options (rules out nexus devices) out there & with lineage os being a top contender (virtually one of the only options): https://lineageos.org/ i went through their list of compatible phones to find one that fit my needs & budget - and made sure it was unlocked, to avoid the hassle of being unable to unlock the bootloader or any other walled-garden nonsense.

i'm 100% google-free, yet i still have access to all of the google play store apps via yalp and microg (yalp and microg are "apps")
open source apps via f-droid: https://f-droid.org/

also pluses for being listed on privacytools: https://www.privacytools.io/

it's a bit of extra effort if you want to retain your privacy, but it's completely worth it, in my opinion.
when krack was released, lineage was patched within a week for most devices (i got mine about 2 weeks after the initial release) whereas google didn't patch stock android until the november release.

lineage also updates phones that google's stock android does not. a lot of folks are using old samsung devices with lineage, now running android 7. if they were on stock android, they'd still be stuck on a substantially older version.

[hrsetrdr]

**subscribed**

My dumbphone does what I expect a mobile phone device to do, with extraordinary battery life, especially for a 9 yr. old phone.

My Nexus 5X provides the mobile data services I sometimes need. However security and being smothered in Google services are a real downside.

I'll have to look into CopperheadOS.

The Librem 5 phone sounds a bit pricey, but being Debian based is an attractive feature.

[n_hologram]

I took these comments into consideration last week. There was a used 5X sold in my area for cheaper than usual, so I picked it up and flashed Copperhead. It seems like the project modifies, strips, and patches the original firmware/kernel; I'm not thrilled to be using oreo (android 8 ) because it seems more power-hungry than its predecessor, and there aren't sensible cpu throttling settings. The responsiveness is also less-so than stock or lineage, but nothing crazy. I'm annoyed that they force you to use their version of f-droid, though, and I can't tell if the newest fdroid version is buggy, or if copperhead is presenting its own problems. Aside from that, it seems like a solid, secure, and minimal project -- which is nice. I just wonder if lineageos could be modded to accomplish the same goals.

One thing I saw advertised that isn't available on the 5X is mac address randomization, but I need to do some more research.

[debiman]

I'm annoyed that they force you to use their version of f-droid, though, and I can't tell if the newest fdroid version is buggy, or if copperhead is presenting its own problems.

many people were dissatisfied with the UI changes to the f-droid app that came around version 1.0.
i am one of them.
not sure if that's the trouble you're experiencing.

[n_hologram]

I'm annoyed that they force you to use their version of f-droid, though, and I can't tell if the newest fdroid version is buggy, or if copperhead is presenting its own problems.

many people were dissatisfied with the UI changes to the f-droid app that came around version 1.0.
i am one of them.
not sure if that's the trouble you're experiencing.

Well, that's a different grievance I've been considering forking the original as another project, per the advice of a developer (and I have an old apk of the pre-1.0 release if you're interested).

The issue I'm experiencing is that, on copperheados, the behavior is just really weird; for example, an app will install, and I'll be bombarded at random intervals about how it's ready to install or it successfully installed -- all the behaviors one might expect from an alpha-quality app. In addition, copperhead built fdroid into its system apps, so you can't completely remove or downgrade it; and, the developers take a pretty strong position about never allowing "su" into its releases, due to security reasons, so I couldn't manually weed it out from a privileged shell. I'm sure I could pull apart the rom and replace the apk, but god only knows if it'll break other programs. I don't have another phone to test, so I can't tell if it's fdroid 1.0, or if it's interference from the system because copperhead has locked-down and patched so many vulnerabilities that might otherwise go unnoticed in other android systems.

[debiman]

i may have spoken too quickly; f-droid 1.0.x has a shitty UX, but it isn't really buggy.
sorry to hear that copperhead is like that.
i hope it's worth the additional hassle, security- and privacy-wise (as that is copperhead's main focus afaics).

[HuangLao]

simple answer...don't shop on your cellphone, no matter what brand or carrier. If you must shop online then use your computer or a trusted friend/family members computer. cellphones are for talking and texting only IMO. not even for maps/GPS, use a portable GPS for that.

FYI: https://www.newsmax.com/TheWire/google- ... id/827703/

go back to flip or "dumb phones" and even then, remove the battery when you do not absolutely need the phone to be on....