sailfish OS

grayway2

Did any of you try sailfish OS ?

How would you rate their new Jolla phone and OS in terms of security ?

de0u

grayway2 How would you rate their new Jolla phone and OS in terms of security ?

Which of these features does the device have?

https://grapheneos.org/faq#future-devices

For example, how about MTE, wrapped keys for storage, and hardware-element key-derivation throttling?

GrapheneOS

grayway2 They're missing the most basic software privacy and security features. They're also missing the most basic hardware-based security features. They're highly insecure devices not able to stand up to attacks. They have awful privacy too considering the lack of proper sandboxing, permissions, etc. They're using firejail...

fph

grayway2 How would you rate their new Jolla phone and OS in terms of security ?

If you mean the Mind2, I don't think it's a phone, is it? It's a very thick brick, and the hardware specs do not mention phone connectivity, just wifi and bluetooth.

AlphaElwedritsch

I think you confused the community

grayway2

GrapheneOS thank you for your feedback. I was expecting poor hardware-based security features but very surprise to learn about the lack of proper sandboxing or permissions.

The worst part is probably the fact that this company is marketing Sailfish OS as a secure mobile operating system with modern security functionalities

Xtreix

grayway2 The worst part is probably the fact that this company is marketing Sailfish OS as a secure mobile operating system with modern security functionalities

These companies sell false marketing in most cases, according to some of my research, selling unsecured phones and making them look private has become a business since Edward Snowden's revelations in 2013, or it's simply that these companies have always been interested in making money first.

Linux has a positive image among some people concerning security and privacy, which is probably why they use it, but Linux is not secure with its monolithic kernel and memory-unsafe C language, as well as other problems, we need to stop relying on the Linux kernel as the core of the operating system and the foundation of the security model and move towards a microkernel-based model with a Linux compatibility layer etc.

While AOSP at least deploys modern security techniques such as authorization control and appropriate application sandboxing, Sailfish OS is similar to Ubuntu Touch, i.e. it lacks even the most basic security and privacy features.

DeletedUser64

I tried Sailfish on a Volla22 phone, for about 20 minutes then wiped it. It was all I could take... Frustrating user experience.
The phones on their web site look marvelous but I found it was a bit like, you purchase a Lamborghini and find its a kit car based on a VW beetle...

grayway2

Xtreix They might be only interested in making money or simply doesn't understand what is or should be a secure phone and secure os. Maybe like for murena adding kill switches to camera and mic is enough to think and say " hey we are selling a privacy security phone " and at the same time not providing latest security patches, verified boot, adding microG, no possibility to lock the bootloader after flashing e/os and so much others problems.

Linux has a positive image but yes it's insecure. The only thing that is good with Linux distributions is telemetry. Privilege escalation or sandboxing are something very problematic on Linux.

grayway2

fph no, the Jolla community phone : https://shop.jolla.com/details/d8a71f1b-5593-4085-bec0-ee00b4710d3c/

phone-company

grayway2 don't buy it. This phone has massive problems from the beginning.... Just do a little research yourself pls

grayway2

phone-company I know that they have a lot of problem. The first Jolla phone that was manufactured could not even be reset if a user forgot his passcode without sending the device to Jolla

grayway2

I'm a happy grapheneOS user, what Micay and others devs created is simply unbeatable. However, I'm a curious person and I just look around to find a serious alternative to test but does is even exist, I guess no.

GrapheneOS

grayway2 GrapheneOS is a Linux distribution.

Many traditional desktop Linux distributions have both their own telemetry and telemetry in lots of the packages they provide.