especially if it’s using sim/esim card. Those mobile carriers can literally do whatever the fuck they want to your phone and there’s nothing you can do about it.
Google doing this is just the equivalent of what Apple has been doing for a while.
People need to buy more Linux phones. It’s the only way for the tech to improve.
I saw a Defcon talk about SIM cards a few years ago, really interesting stuff.
Most people treat SIM cards as just an ID to get on a carrier’s network, but they are soo much more.
When SIM cards were developed, they were designed to be the core of your phone, your handset would be just that, handset that would only run the software on the SIM card.
SIM cards are small computers, they have a CPU, RAM and storage, they can run apps on the SIM card itself and only present the UI to the phone.
With my first phones, I remember the contacts being stored on the SIM card itself, it usually took 30-60 sec to load them after a phone restart. But bloody convenient when switching phones, this was way before iCloud and other similar services, and moving your SIM card moved all your contacts as well.
Since SIM cards are controlled by the operator, they can do stuff that might surprise you, they can act as a trusted source for signing/encrypting/storing data, the user does not have direct access to tamper with the chip, so security apps have been developed to run on SIM cards, I don’t know the current status on this, but in countries with limited/older infrastructure, this was used for bank security apps, since the SIM is a locked down system, you can use it to securely store a key, and have the SIM use the key to generate a token, sign requests and even encrypt data, all without the key leaving the SIM.
Jolla isn’t in the US at least AFAIK. And outside that I’m not really aware of other similar options available here. I’m looking at maybe getting something I can root and wipe to run linux. But that’s beyond most people’s ability and desire.
especially if it’s using sim/esim card. Those mobile carriers can literally do whatever the fuck they want to your phone and there’s nothing you can do about it.
Wow that’s wild, how does my SIM card allow my carrier to do whatever they want to my phone?
On the face of it, that sounds like a gigantic breach of privacy. Can they look at my photos, capture my screen, read my stored app data, intercept outbound Internet traffic before it’s encrypted, etc? That’s wild.
Not to mention that I bought my phone separately, so it’s got nothing to do with them. As one might imagine, I only added a SIM in order to receive traditional telephone calls, it’s not otherwise useful to me.
Oh how fun is that the definition of “phone” has changed.
This is all speculation on my side but it can’t look into your files or anything. What we call a smartphone today is actually a combination of a very powerful computer and a telephone in the same chassis. The SIM card can do a lot in the phone part of your smartphone: send/receive/process messages, calls, track your location etc. not open and see through your camera though.
More than that. Proper, real, hardware. And a bit more UI polish. The software is inching closer. But hardware wise there’s very little real option. For the time being my existing android devices are going to be demoted to little more than modems for a small Linux portable. I badly want a real good hardware platform to run a mobile linux distro. I have an octo core ARM chromebook tablet running postmarket. It’s a great experience apart from too little RAM. KDE Touch is pretty nice. And sits a bit under 500Mb idle. But the moment Firefox or Chrome launch we’re swapping hard.
I just bought one a few weeks ago, but I haven’t had time to fully set it up yet (my house has been falling apart). I’m in the US with Mint Mobile and calls and SMS work. Camera works. Battery life is pretty decent. They have an Android compatibility layer that integrates pretty well into Sailfish. I was able to install F-Droid on it and then Bitwarden and Molly (Signal client) so far.
One of the more trickier apps I may need to install is Tailscale… but I’m thinking maybe I can switch to Netbird and use their reverse proxy and remove the need to install a VPN client on the phone altogether.
I’m not a heavy smartphone user, so for me I’m thinking this might be a viable path to take.
Unfortunately, Sailfish OS uses a proprietary (closed source) android compatibility layer, as well as a closed source UI.
For the parts they have open-sourced, they implementrd a CLA that contributers must sign. It’s the HA-CLA-I-ANY license, which specifically allows them a perpetual Copyright and Patent license, and permission to relicense your code contributions to a more restrictive license which enables them sell or package it into a closed-source proprietary app.
Personally I’d be more comfortable supporting the development of PostmarketOS instead, since it is completely open-source with no CLA, meaning no chance of any rug-pulling in the future.
It’s unfortunate that it isn’t open source. Their AppSupport feature looks so great though. Hopefully it’s possible to do something similar in postmarketOS.
I know but what I meant is having the Android compatibility layer integrated into the OS itself so that Android apps are available directly in postmarketOS, like they are in SailfishOS. Waydroid is cumbersome since you have to launch that first to then be able to open the app you want.
SailfishOS seems to run quite nicely, but has the limitations listed by you.
PostmarketOS seems to run a tad worse, but is fully open source.
Wouldn’t it make sense to support both, because otherwise there’s some danger of a chicken and egg situation:
people don’t use PostmarketOS, because it doesn’t work well enough. People don’t support PostmarketOS, because they don’t use it.
SailfishOS could pave the way for people using Linux phones and developing the need for completely open source ones after they realize the limitations of SailfishOS.
I can see that happening to me at least, because I ordered a Jolla phone with SailfishOS, which will hopefully be delivered in a few months (batch #3). I chose SailfishOS over PostmarketOS because of their Android app compatibility layer being fully aware this part isn’t open source and that I will eventually trying to get rid of that situation.
The demand for having a Linux phone soon that may be able to become my daily driver was more pressing than facing the risk of getting frustrated by PostmarketOS.
I would like a little more gurantee of effort/return than the TOS of Kickstarter has, but I would totally invest in a Linux phone. I would drop almost the entire cost of the phone down as deposit if it meant I could have it in a year and be guaranteed one.
it’s never been your phone, bruh
especially if it’s using sim/esim card. Those mobile carriers can literally do whatever the fuck they want to your phone and there’s nothing you can do about it.
Google doing this is just the equivalent of what Apple has been doing for a while.
People need to buy more Linux phones. It’s the only way for the tech to improve.
I saw a Defcon talk about SIM cards a few years ago, really interesting stuff.
Most people treat SIM cards as just an ID to get on a carrier’s network, but they are soo much more.
When SIM cards were developed, they were designed to be the core of your phone, your handset would be just that, handset that would only run the software on the SIM card.
SIM cards are small computers, they have a CPU, RAM and storage, they can run apps on the SIM card itself and only present the UI to the phone.
With my first phones, I remember the contacts being stored on the SIM card itself, it usually took 30-60 sec to load them after a phone restart. But bloody convenient when switching phones, this was way before iCloud and other similar services, and moving your SIM card moved all your contacts as well.
Since SIM cards are controlled by the operator, they can do stuff that might surprise you, they can act as a trusted source for signing/encrypting/storing data, the user does not have direct access to tamper with the chip, so security apps have been developed to run on SIM cards, I don’t know the current status on this, but in countries with limited/older infrastructure, this was used for bank security apps, since the SIM is a locked down system, you can use it to securely store a key, and have the SIM use the key to generate a token, sign requests and even encrypt data, all without the key leaving the SIM.
Here is the talk I mentioned:
https://youtu.be/31D94QOo2gY
Also the baseband chip for 4G/5G is yet another self contained computer you don’t control. Shit’s egregious.
Thanks for the video link.
Someone once managed to contain a very small webserver in it.
Jolla isn’t in the US at least AFAIK. And outside that I’m not really aware of other similar options available here. I’m looking at maybe getting something I can root and wipe to run linux. But that’s beyond most people’s ability and desire.
I’ve been eyeing the furi phone. I like the hardware switches for modem/GPS, camera, and microphone.
Wow that’s wild, how does my SIM card allow my carrier to do whatever they want to my phone?
On the face of it, that sounds like a gigantic breach of privacy. Can they look at my photos, capture my screen, read my stored app data, intercept outbound Internet traffic before it’s encrypted, etc? That’s wild.
Not to mention that I bought my phone separately, so it’s got nothing to do with them. As one might imagine, I only added a SIM in order to receive traditional telephone calls, it’s not otherwise useful to me.
Oh how fun is that the definition of “phone” has changed.
This is all speculation on my side but it can’t look into your files or anything. What we call a smartphone today is actually a combination of a very powerful computer and a telephone in the same chassis. The SIM card can do a lot in the phone part of your smartphone: send/receive/process messages, calls, track your location etc. not open and see through your camera though.
Do Linux phones need to run a Kickstarter?
More than that. Proper, real, hardware. And a bit more UI polish. The software is inching closer. But hardware wise there’s very little real option. For the time being my existing android devices are going to be demoted to little more than modems for a small Linux portable. I badly want a real good hardware platform to run a mobile linux distro. I have an octo core ARM chromebook tablet running postmarket. It’s a great experience apart from too little RAM. KDE Touch is pretty nice. And sits a bit under 500Mb idle. But the moment Firefox or Chrome launch we’re swapping hard.
SailfishOS is a (non-Android) Linux phone that may be viable right meow!
SailfishOS runs fine (well?) on the Sony Xperia or the Jolla C2.
I just bought one a few weeks ago, but I haven’t had time to fully set it up yet (my house has been falling apart). I’m in the US with Mint Mobile and calls and SMS work. Camera works. Battery life is pretty decent. They have an Android compatibility layer that integrates pretty well into Sailfish. I was able to install F-Droid on it and then Bitwarden and Molly (Signal client) so far.
One of the more trickier apps I may need to install is Tailscale… but I’m thinking maybe I can switch to Netbird and use their reverse proxy and remove the need to install a VPN client on the phone altogether.
I’m not a heavy smartphone user, so for me I’m thinking this might be a viable path to take.
p.d. Yes, you can bring up a terminal. :)
Unfortunately, Sailfish OS uses a proprietary (closed source) android compatibility layer, as well as a closed source UI.
For the parts they have open-sourced, they implementrd a CLA that contributers must sign. It’s the HA-CLA-I-ANY license, which specifically allows them a perpetual Copyright and Patent license, and permission to relicense your code contributions to a more restrictive license which enables them sell or package it into a closed-source proprietary app.
Personally I’d be more comfortable supporting the development of PostmarketOS instead, since it is completely open-source with no CLA, meaning no chance of any rug-pulling in the future.
It’s unfortunate that it isn’t open source. Their AppSupport feature looks so great though. Hopefully it’s possible to do something similar in postmarketOS.
PostmarketOS has a similar ability thanks to Waydroid, though I’ve never used it myself.
I know but what I meant is having the Android compatibility layer integrated into the OS itself so that Android apps are available directly in postmarketOS, like they are in SailfishOS. Waydroid is cumbersome since you have to launch that first to then be able to open the app you want.
#WorthIt
SailfishOS seems to run quite nicely, but has the limitations listed by you.
PostmarketOS seems to run a tad worse, but is fully open source.
Wouldn’t it make sense to support both, because otherwise there’s some danger of a chicken and egg situation:
people don’t use PostmarketOS, because it doesn’t work well enough. People don’t support PostmarketOS, because they don’t use it.
SailfishOS could pave the way for people using Linux phones and developing the need for completely open source ones after they realize the limitations of SailfishOS.
I can see that happening to me at least, because I ordered a Jolla phone with SailfishOS, which will hopefully be delivered in a few months (batch #3). I chose SailfishOS over PostmarketOS because of their Android app compatibility layer being fully aware this part isn’t open source and that I will eventually trying to get rid of that situation.
The demand for having a Linux phone soon that may be able to become my daily driver was more pressing than facing the risk of getting frustrated by PostmarketOS.
I would like a little more gurantee of effort/return than the TOS of Kickstarter has, but I would totally invest in a Linux phone. I would drop almost the entire cost of the phone down as deposit if it meant I could have it in a year and be guaranteed one.