Cellphone shopping for the paranoid android

If it doesn't relate to Debian, but you still want to share it, please do it here

Cellphone shopping for the paranoid android

Postby n_hologram » 2017-11-21 21:06

The other day (in the Intel ME thread, I think), someone mentioned how they use a "normal" cellphone instead of a smartphone; their approach is to keep a "phone as a phone, and a computer as a computer."

I find this approach agreeable, since recent exploits, like krack and shellshock, are proving that companies don't need to update firmware when their clientele are neither aware nor interested in advocating for their security and/or privacy. This goes hand-in-hand with the impetus for Purism's librem phone, which offers, albeit at an audacious price, some semblance of freedom -- primarily, through free hardware. Of course, hardware has always been a major crux of the modern cellphone. In addition, consumers face issues like SIM-based exploits, the unexplored exploits in ARM firmware, the inability to hard-disable network hardware. Not to mention that, in the US, a looming vote against net neutrality (which could easily axe many smartphone benefits).

In light of reality, cellphone shopping in contemporary times can get pretty disorienting pretty quickly.
Back to the original sentence.
For the sake of this argument, let's assume that one might "need" a cellphone (in the same way that one "needs" a computer).

If you were shopping for a cellphone in 2017, what would you buy, and why? What criteria do you find the most important when shopping for one? What features or qualities would you never want in a phone?

I'll give a baseline: for personal reasons (few of which are related to exploits and surveillance), I was looking at a Plum Play. Now, let's say ARM has some latent ME-caliber exploit, which I don't know about because ARM is licensed, and because of that, I avoid smartphones -- unfortunately, even dumbphones like the Plum contain a chipset (Spreadtrum sc6531da) which contains an ARM9 processor; a couple other phones ship with the same caveat.

See what I mean?

I'm not actually wearing a tin-foil hat, I promise. I'm just curious what informed users would choose.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 256
Joined: 2013-06-16 00:10

Re: Cellphone shopping for the paranoid android

Postby debiman » 2017-11-22 06:01

i'd say not running android (or another "smart" phone os) is a very good start.
of course the hardware is a bother, too.
unfortuantely prices for safe open hardware have no relation to my income.
otoh, i've seen various how-to's for building phones out of tiny SBCs. viable solution, with a 3d printer for the case?
User avatar
debiman
 
Posts: 1626
Joined: 2013-03-12 07:18

Re: Cellphone shopping for the paranoid android

Postby Head_on_a_Stick » 2017-11-22 06:19

n_hologram wrote:If you were shopping for a cellphone in 2017, what would you buy, and why?

Two options for me:
  • Sony's XZ1 Compact (because it plays high resolution audio and runs Android 8)
  • Google's Nexus 5X (because it runs CopperheadOS)
I don't use my phone very much though.

EDIT: I do actually "need" a smartphone for $DAY_JOB (Google Maps are v. useful for a despatch rider) but if I didn't then I would have one of these instead:

https://www.nokia.com/en_int/phones/nokia-3310
"Only the mediocre are always at their best." — Jean Giraudoux
User avatar
Head_on_a_Stick
 
Posts: 6792
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Cellphone shopping for the paranoid android

Postby alan stone » 2017-11-22 08:52

n_hologram wrote:If you were shopping for a cellphone in 2017, what would you buy, and why?

I don't shop for a cell phone. :wink:
Debian 8.9 32bit, WM: Openbox
Computers are like air conditioners. They work fine until you start opening windows. - Author Unknown
Programming is like sex. One mistake and you have to support it for the rest of your life. - Michael Sinz
User avatar
alan stone
 
Posts: 221
Joined: 2011-10-22 14:08
Location: In my body.

Re: Cellphone shopping for the paranoid android

Postby Lysander » 2017-11-22 10:18

I switched my smartphone a couple of years ago for a 'dumphone'. This was mainly because of privacy concerns but also because I feel that smartphones do too much, and I don't like all the different ways that people are able to contact the user. Multiple contact applications and social networking make it harder to get away and have some privacy - by which I mean personal privacy, solace - and this can get scarcer and scarcer if left unmonitored. I have only three criteria in a phone - phone calls, text messages and music playback. A torch is also a very useful addition. My Nokia 108 is getting too battered so I will soon move onto the newer version of the 130.

For some people a smartphone is vital in their job, for me it isn't. I spend my working day in front of a computer, and a lot of time in front of a computer at home. When I'm out, I don't want to be online.
User avatar
Lysander
 
Posts: 364
Joined: 2017-02-23 10:07
Location: London

Re: Cellphone shopping for the paranoid android

Postby pylkko » 2017-11-22 11:59

n_hologram wrote:
I'll give a baseline: for personal reasons (few of which are related to exploits and surveillance), I was looking at a Plum Play. Now, let's say ARM has some latent ME-caliber exploit, which I don't know about because ARM is licensed, and because of that, I avoid smartphones -- unfortunately, even dumbphones like the Plum contain a chipset (Spreadtrum sc6531da) which contains an ARM9 processor; a couple other phones ship with the same caveat.

I don't know if you realize this but a sim card has microcontrollers in it. So a SIM card is a computer. It has a processor, RAM, storage and I/O capabilities. It is 100% out of your control. So, I guess avoiding using a smart phone for security might not be enough?

https://en.wikipedia.org/wiki/Universal ... rcuit_Card

https://en.wikipedia.org/wiki/Subscribe ... ity_module

Everything depends on how paranoid you are.

One thing that normal phones have over so called smart phones is phenomenal battery life.
User avatar
pylkko
 
Posts: 1213
Joined: 2014-11-06 19:02

Re: Cellphone shopping for the paranoid android

Postby alan stone » 2017-11-22 12:44

alan stone wrote:I don't shop for a cell phone. :wink:

Some further clarification why I label these things being a "cell phone": Google collects Android users’ locations even when location services are disabled.

Oops!

EDIT:
n_hologram wrote:If you were shopping for a cellphone in 2017, what would you buy, and why?

This (click on the image): Image

:mrgreen:
Debian 8.9 32bit, WM: Openbox
Computers are like air conditioners. They work fine until you start opening windows. - Author Unknown
Programming is like sex. One mistake and you have to support it for the rest of your life. - Michael Sinz
User avatar
alan stone
 
Posts: 221
Joined: 2011-10-22 14:08
Location: In my body.

Re: Cellphone shopping for the paranoid android

Postby fmp » 2017-11-24 01:25

i purchased a new smart phone this year, i first looked at the non-apple & google options (rules out nexus devices) out there & with lineage os being a top contender (virtually one of the only options): https://lineageos.org/ i went through their list of compatible phones to find one that fit my needs & budget - and made sure it was unlocked, to avoid the hassle of being unable to unlock the bootloader or any other walled-garden nonsense.

i'm 100% google-free, yet i still have access to all of the google play store apps via yalp and microg (yalp and microg are "apps")
open source apps via f-droid: https://f-droid.org/

also pluses for being listed on privacytools: https://www.privacytools.io/

it's a bit of extra effort if you want to retain your privacy, but it's completely worth it, in my opinion.
when krack was released, lineage was patched within a week for most devices (i got mine about 2 weeks after the initial release) whereas google didn't patch stock android until the november release.

lineage also updates phones that google's stock android does not. a lot of folks are using old samsung devices with lineage, now running android 7. if they were on stock android, they'd still be stuck on a substantially older version.
fmp
 
Posts: 26
Joined: 2017-09-09 04:01

Re: Cellphone shopping for the paranoid android

Postby hrsetrdr » 2017-11-24 05:43

**subscribed**

My dumbphone does what I expect a mobile phone device to do, with extraordinary battery life, especially for a 9 yr. old phone.

My Nexus 5X provides the mobile data services I sometimes need. However security and being smothered in Google services are a real downside.

I'll have to look into CopperheadOS.

The Librem 5 phone sounds a bit pricey, but being Debian based is an attractive feature.
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein).
User avatar
hrsetrdr
 
Posts: 168
Joined: 2007-03-17 15:14

Re: Cellphone shopping for the paranoid android

Postby n_hologram » 2017-11-29 15:51

I took these comments into consideration last week. There was a used 5X sold in my area for cheaper than usual, so I picked it up and flashed Copperhead. It seems like the project modifies, strips, and patches the original firmware/kernel; I'm not thrilled to be using oreo (android 8 ) because it seems more power-hungry than its predecessor, and there aren't sensible cpu throttling settings. The responsiveness is also less-so than stock or lineage, but nothing crazy. I'm annoyed that they force you to use their version of f-droid, though, and I can't tell if the newest fdroid version is buggy, or if copperhead is presenting its own problems. Aside from that, it seems like a solid, secure, and minimal project -- which is nice. I just wonder if lineageos could be modded to accomplish the same goals.

One thing I saw advertised that isn't available on the 5X is mac address randomization, but I need to do some more research.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 256
Joined: 2013-06-16 00:10

Re: Cellphone shopping for the paranoid android

Postby debiman » 2017-11-29 19:25

n_hologram wrote:I'm annoyed that they force you to use their version of f-droid, though, and I can't tell if the newest fdroid version is buggy, or if copperhead is presenting its own problems.

many people were dissatisfied with the UI changes to the f-droid app that came around version 1.0.
i am one of them.
not sure if that's the trouble you're experiencing.
User avatar
debiman
 
Posts: 1626
Joined: 2013-03-12 07:18

Re: Cellphone shopping for the paranoid android

Postby n_hologram » 2017-11-29 19:30

debiman wrote:
n_hologram wrote:I'm annoyed that they force you to use their version of f-droid, though, and I can't tell if the newest fdroid version is buggy, or if copperhead is presenting its own problems.

many people were dissatisfied with the UI changes to the f-droid app that came around version 1.0.
i am one of them.
not sure if that's the trouble you're experiencing.

Well, that's a different grievance :D I've been considering forking the original as another project, per the advice of a developer (and I have an old apk of the pre-1.0 release if you're interested).

The issue I'm experiencing is that, on copperheados, the behavior is just really weird; for example, an app will install, and I'll be bombarded at random intervals about how it's ready to install or it successfully installed -- all the behaviors one might expect from an alpha-quality app. In addition, copperhead built fdroid into its system apps, so you can't completely remove or downgrade it; and, the developers take a pretty strong position about never allowing "su" into its releases, due to security reasons, so I couldn't manually weed it out from a privileged shell. I'm sure I could pull apart the rom and replace the apk, but god only knows if it'll break other programs. I don't have another phone to test, so I can't tell if it's fdroid 1.0, or if it's interference from the system because copperhead has locked-down and patched so many vulnerabilities that might otherwise go unnoticed in other android systems.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 256
Joined: 2013-06-16 00:10

Re: Cellphone shopping for the paranoid android

Postby debiman » 2017-11-29 19:52

i may have spoken too quickly; f-droid 1.0.x has a shitty UX, but it isn't really buggy.
sorry to hear that copperhead is like that.
i hope it's worth the additional hassle, security- and privacy-wise (as that is copperhead's main focus afaics).
User avatar
debiman
 
Posts: 1626
Joined: 2013-03-12 07:18

Re: Cellphone shopping for the paranoid android

Postby HuangLao » 2017-11-29 22:02

simple answer...don't shop on your cellphone, no matter what brand or carrier. If you must shop online then use your computer or a trusted friend/family members computer. cellphones are for talking and texting only IMO. not even for maps/GPS, use a portable GPS for that.

FYI: https://www.newsmax.com/TheWire/google- ... id/827703/

go back to flip or "dumb phones" and even then, remove the battery when you do not absolutely need the phone to be on....
User avatar
HuangLao
 
Posts: 340
Joined: 2015-01-27 01:31


Return to Offtopic

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable