• catacomb@beehaw.org
    link
    fedilink
    English
    arrow-up
    66
    ·
    1 year ago

    As the owner of a Fairphone 4, don’t get one.

    It’s sold as a 5G phone but crashes intermittently if you actually enable 5G. I bought a 5G phone and I’m still on 4G. I wish I could say that’s the most of the problems, I could live with that.

    The software support, in my opinion, is falsely advertised. You do get 5 years of kernel and Android updates but the system-on-chip updates, which aren’t made by Fairphone, end October of this year. That’s a whole important part of the updates which cease only 2 years into support.

    Then, there’s the real kicker; the hardware root of trust has the (publicly available) AOSP test keys installed. This means anyone can sign and flash a verified ROM if they have access to the unlocked phone. That’s perhaps not too important for most people, but it screams incompetence and it means you cannot trust a second hand device.

    When the SoC support is up, I’m moving to a Pixel. I’m done rolling the dice on Android phone manufacturers and I want a well implemented device.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      the hardware root of trust has the (publicly available) AOSP test keys installed

      Has anyone independently verified that this is the case for the FP4? It’s well known that the FP3 accepts testsigned ROMs, but all discussions regarding the FP4’s trusted keys points back to the same FP3-specific thread on Fairphone’s forum.

      Personally I’m happy that I can sign and run my own ROM on my FP3 when the device’s OS reaches the end of the runway. The privacy concerns are valid, but personally I’d just reflash the onboard storage using FP’s tools if I was concerned about OS tampering

      Hot take:

      The Fairphone isn’t privacy-focused, it’s just a highly repairable device for what it is. I think it’s difficult to have both a privacy-focused & repairable platform in the form factor of a mobile phone right now - no manufacturer cares to make such a device, and if they did would you trust it? So many mobile hardware components are closed source and proprietary, so if they’ve got a vulnerability, the device is compromised anyway.

      Pixels and iPhones are really the only exception to this that I’m aware of, but those aren’t really comparable to the Fairphone for repairability, with serialised components and difficult battery replacement being high up on the list.

      It is definitely possible to have a well-implemented device from a privacy perspective, but I think it would be difficult to make a justifiable business case for one. The current Pixel+GOS model is the closest we’ll get for privacy IMO.

      • HughJanus@lemmy.ml
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        The Fairphone isn’t privacy-focused, it’s just a highly repairable device for what it is.

        The Fairphone is just hardware. Privacy is mostly about software.

        I think it’s difficult to have both a privacy-focused & repairable platform in the form factor of a mobile phone right now - no manufacturer cares to make such a device

        FFS did no one actually read the OP?

        • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          The Fairphone is just hardware. Privacy is mostly about software

          I was thinking more from the perspective of how much the closed-source proprietary hardware in the Fairphone can be trusted to guarantee your privacy. I had devices like the Pinephone and Librem phone in mind, which provide physical switches for the camera, microphone, GPS and mobile modem.

          Another user gave the example I would have used here, where the GPS subsystem in Qualcomm devices freely uses the mobile modem mostly outside of the OS’s control to download satellite almanac updates whenever it needs to, and submitting identifiers for your device over unencrypted HTTP

          FFS did no one actually read the OP?

          Yep. Personally I see e/OS on the Fairphone as a solid combo for allowing someone to slowly degoogle and take back control without giving up too many creature comforts. It 100% fulfils the software aspect of privacy IMO for the intended user.

          It’s primarily the hardware trust aspect that I was thinking about when I wrote my earlier response. Personally, I’m just interested in privacy from the perspective of controlling my data and knowing what’s done with it

      • catacomb@beehaw.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Has anyone independently verified that this is the case for the FP4? It’s well known that the FP3 accepts testsigned ROMs, but all discussions regarding the FP4’s trusted keys points back to the same FP3-specific thread on Fairphone’s forum.

        It seems so.

        I don’t know, it does make flashing custom ROMs easier but I would rather have to install my own signing keys or signing keys for the ROM as this way renders a part of the device security completely useless. I’d at least like to have known when I bought it.

        I’m not paranoid which is why I’m still using the device but these three points were each huge disappointments which make me not want to buy another Fairphone.

    • Onii-Chan@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Yep. Pixel, GrapheneOS, be harsh and restrictive with permissions, and intuitive with the apps you install. Simplify your digital life - it’s much easier and less of a hindrance than you’d think.

    • HughJanus@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      5G is a joke and I disable it on my Pixel anyway.

      The phone in question does not come with Android installed, it comes with /e/OS

    • strainedl0ve@beehaw.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      What baseband silicon does it mount ?

      As a Pixel user I don’t know if I would class the Pixel as a better choice to anything, but I still haven’t moved to Graphene admittedly (my bad).

      • catacomb@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I think it’s a Qualcomm Snapdragon SM7225.

        It’s not really about better, it’s more knowing what I’m getting. It’s not their fault that Qualcomm’s support is only 3 years (at the time) or that it takes them 10 months to develop support for the chosen SoC which eats into part of that 3 years. Still, I got the phone thinking I would have a reasonably secure device for 4-5 years which wasn’t entirely accurate.

        I love the idea and, if you’re willing to sacrifice some security for sustainability, that’s great. I just want people to know what they’re getting into because I didn’t.