Fairphone 6 is switching to a new design that's even more sustainable

I am still waiting for Fairphone and Graphene OS collaboration. This is match made in heaven.

Any Fairphone/GrapheneOS developer reading this? Just do it, document if something is not secure enough for you, but do it. Nothing to think about, you fit together like hand and a glove and any seconds thoughts are depriving the planet of THE PHONE!

Pick the cash we will throw at you and make second generation with the cpu GrapheneOS wants, that will make the /r/GrapheneOS members eyes shine, drooling and crying of joy at the same time. +throw them in a few hardware switches for camera, mic, connectivity,... disabling. No need to wait to be perfect in first iteration (and due to that craziness and perfectionism will never happen), to gain the possibility to be perfect in second or third.

I would love so much to stop buying Google Pixel phones just to install Graphene OS and protect myself from Google and its ecosystem, it seems so counterproductive.

I, for one, would buy one.

Make it small and I would buy 3.

Fairphones consistently doesn't support a quarter of what graphene os requires. See their FAQ:

https://grapheneos.org/faq#future-devices

Unless Fairphone becomes significantly better in their security and update policy and integrate a whole lot of new features it's not gonna happen.

This is the whole point, they should stop nitpicking and start to do it (GrapheneOS side), even if it is not going to be THE most secure phone, there is enough of features that are far more useful then just security (like privacy). I don't mind if they make it payable. With money they will get (I suspect there will be quite a bit less pixels sold) they can make a new phone that will have all the bells and whistles GrapheneOS wants and on the other side, Fairphone developers will figure out it is $$$ worthy to do it.

GrapheneOS has bunch of requirements that are expensive while Fairphone has zero chance to figure out, if investing would make any economical sense, while their normal users dont really care about that security but might regarding privacy. This is a stale-mate position.

Found info about GrapheneOS installations, 250k users(1). Lets say 25% are on old pixels. This is 60k sold pixels.

All Fairphones sold by 2022 were 400k(2).

1. 2024, https://discuss.grapheneos.org/d/12281-how-many-grapheneos-u...

2. 2022, https://en.wikipedia.org/wiki/Fairphone

> This is the whole point, they should stop nitpicking and start to do it (GrapheneOS side), even if it is not going to be THE most secure phone, there is enough of features that are far more useful then just security (like privacy). I don't mind if they make it payable.

This feels super entitled to me. GrapheneOS Devs have a mission and they get to make that. You get it for free and if you like it you can give them money. If they don't support the hardware you like you are free to fork it and get it to run yourself.

And if security isn't something you care about but privacy is and you feel like there's a difference here you can still install /e/os or lineageos and similar on the fairphone.

Sure they have a mission. But sometimes mission can be done by taking 1 step back to later make 2 steps forward in fast pace.

At the end all profit. While in current state, the culprit, Google profits.

And please keep fallacies like "do it yourself" for yourself, I am talking about collaboration, feel free to open another thread on top level about forks.

Same goes for /e/ ... they just dont compare.

GrapheneOS has two use-cases that are they excelling with, security and privacy.

While security is not really my threat model (some rubber-hose cryptography aka large wrench, solves this issue for any attacker), privacy violations are everyones issue. Even if they dont care.

This went far enough. I have stated my thoughts, if the view doesn't change, GrapheneOS will continue to sell Pixels (lol, SAMSUNGS! Still rather buy them than Pixel) and I will be forced to buy them.

>Please consider the level of retardation this comment requires, it's impressive.

Yes, thats why I have stopped discussing with you and I dont know why I even started - futileness discussing with GrapheneOS evangelists is well known over the internet.

Me 3.

It looks like they really won't though: [0]

It's such a shame, vision-wise the GrapheneOS crew must be much closer to the FairPhone team than they are to Google and Samsung, one would guess... But the GrapheneOS people find security tech (such as secure enclaves) and update cycle very important. After the bad Pixel news, they find Samsung to be the best fit: [1]

I would (as many here) also hope that they could somehow make the FairPhone crew step up in their security practices, help them do it. They would be the golden combo, except perhaps for things like camera quality and raw speed/AI chips. And possible the niche is just to small to be profitable.

But a man can dream... I'd pay 1.5 to 2x normal price for a FairPhone/GrapheneOS combi, it would align with my values in almost all dimensions. And then I'd buy a Pebble and just be happy.

I really don't know what to do when my iPhone 12 mini dies. I do like the iPhone, but I also liked my OnePlus3 with LineageOS. I was originally planning on a Pixel/GrapheneOS after this phone, but that dream has shatter I think...

[0] https://grapheneos.social/@GrapheneOS/114721751616786103

[1] https://grapheneos.social/@GrapheneOS/114721967328643999

> It's such a shame, vision-wise the GrapheneOS crew must be much closer to the FairPhone team than they are to Google and Samsung one would guess... But the GrapheneOS people find security tech such as secure enclaves etc very important.

I seriously doubt that given fairphones track record in regards to updates and security. GrapheneOS Devs value timely updates and integration of security tech. Fairphone does neither.

FairPhone has such limited resources and needs to extract money from such a small niche, that they have hard choices to make. And it's sustainability above all.

But if another party would help with the security aspects, that might change the equation for them.

FairPhone may not be the most attractive partner security-wise but I think that the FairPhone team is much, much less likely to rug pull them like Google did (and Samsung may). Which has got to be worth something.

What about alternatives like CalyxOS or /e/OS?

GrapheneOS is aiming at the best possible security, so they won't compromise. CalyxOS and /e/OS run on FairPhones (though it seems like /e/OS is more into privacy and less into security).

There is no alternative. /e/ and others dont even come close.

Security is one thing, the privacy they(GrapheneOS) provide is another. You can have privacy without every detail of security they require. While they refuse to provide privacy without security.

Thats why I buy Pixels and feel more and more dirty each time I do it.

Had sailfish in between but that is another set of problems, Jolla failing to realize, they need to have strong compatibility Android layer (to use everyday stuff like bluetooth - in my case for paying public transport) until there is enough software for Sailfish. In any case, Sailfish is my FAR prefered option, over GrapheneOS. But unfortunately the spin of the world and my wishes are not aligned.

> There is no alternative. /e/ and others dont even come close.

Can you elaborate on that? Say I install LineageOS without Google Services and without microG, would you say it's bad in terms of privacy?

Or are you saying that microG is the issue?

In your given scenario (no Google Services, no microG), compatibility is the issue.

I dont use Android because I like it. I use it because I am forced to use it, without it I cant connect to corporate VPN, cant even take public transport (actually I can use NFC card and take a lot of care never to lose money on it, to drive to first place where I can charge it). Banking software. Update firmware for my headset.

Then there come the fishy practices of applications, full of advertising kits stealing information, where HelloWorld app is 90MB apk, as it has Facebook SDK included. You can partially protect yourself with https://netguard.me/, but even I can avoid it (wont explain how, typical android developer doesnt know much beyond java and I dont want to shoot myself in a foot helping them).

> Please consider the level of retardation this comment requires, it's impressive.

This is not how we have civilized discussions. To say this just because you disagree with someone about the security of an OS...

Hope the mods see this.

> You can partially protect yourself with https://netguard.me/

Looks good. Another alternative would be TrackerControl.

I recently suggested that GrapheneOS support devices with average security on Mastodon. Much like yourself, I think "moderately okay security" is better than "just use Google's spyware infested OS".

The GrapheneOS folks replied in disagreement, insisting that this is a terrible idea because security would be less than perfect. They then started making up stories about me and throwing around unfounded accusations. I don't trust them in the slightest, and strongly recommend staying away from them.

An OS which focuses on security and privacy with slightly imperfect hardware is much better than an OS which focuses on spyware and tracking from an adtech company on the same hardware.

>Fairphones consistently doesn't support a quarter of what graphene os requires

I expect it's not just a matter of feature support: Fairphone in general seems rather horrible on security, doing things like using test keys for production signatures [1].

[1]: https://forum.fairphone.com/t/bootloader-avb-keys-used-in-ro...

To be fair that's from 2022, I thought they fixed those issues on newer devices.

Respectfully, you did not really give an answer to my question, you elaborated on the complaining.

What is it that makes GrapheneOS "good enough" (Would you say "perfect"? You seem to want "perfect") in terms of privacy, and /e/OS / CalyxOS / LineageOS unbearable?

You're conveniently ignoring everything that came before that, where they deconstructed why the idea does not make sense.

/e/os and LineaseOS are neither, and are both available on the Fairphone.

> They then started making up stories about me and throwing around unfounded accusations.

That sounds oddly similar with Louis Rossmann's video when in disagreement with some (the?) project owner.

https://www.youtube.com/watch?v=4To-F6W1NT0

> I recently suggested that GrapheneOS support devices with average security on Mastodon. Much like yourself, I think "moderately okay security" is better than "just use Google's spyware infested OS".

For most use cases, like mine, I agree. But I understand GrapheneOS disagreeing with that statement. "average security" is not their goal, nor the use case they are working for. GrapheneOS' focus is security. They just happened to make the best AOSP version there is out there. So lots of us wish they better support our use cases disregarding the use case they work for. But they obviously don't want to spend resources on it, and I'd assume they wouldn't even accept extra resources to do those things, as it would dilute their "most secure mobile OS" brand by having less secure versions of it.

For those of us who don't need the best security, another fork of AOSP that incorporates many of the features GOS has, like sandboxed Google Play and contact and storage scopes would do. But we can't expect GOS to be the one doing that.

That part is simple, install it and check the settings.

I use /e/OS without the Google Play Services. I don't use any app from the FAANGs, and /e/OS uses a custom location service and blocks thousands of trackers.

Surely that's better than "nothing", isn't it?

GrapheneOS is more secure, but you're talking privacy here. With GrapheneOS I could run the Play Store or Google Maps in a sandbox, but it would probably not be better than not running them at all, would it?

> Has nothing to do with rudeness. And "deconstruction" was rather narrow mindedness, that is locking GrapheneOS to corporation made phones.

Corporation made phones as opposed to organically grown phones?

Again, no one is locking down GrapheneOS you can literally download the source and try to get it to run on any device you like. You just want someone else to do the work for you because you lack the skills and it's not available for the particular phone you want.

>Please consider the level of <slur> this comment requires, it's impressive.

It'd be nice if you blatantly didn't break HN rules.

> Again, this is a fallacy.

Okay, maybe you are not a native speaker, so you might mean a different thing with fallacy.

Here's the dictionary definition of fallacy

> an idea that a lot of people think is true but is in fact false [0] > a false belief [0]

My comment was

> Again, no one is locking down GrapheneOS you can literally download the source and try to get it to run on any device you like. You just want someone else to do the work for you because you lack the skills and it's not available for the particular phone you want.

Here is the link to the GrapheneOS Source: https://grapheneos.org/source

Here's the GrapheneOS FAQ regarding other Devices [1]

> Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree. Device support repositories for the Android Open Source Project can simply be dropped into the source tree, with at most minor modifications within them to support GrapheneOS. In most cases, substantial work beyond that will be needed to bring the support up to the same standards. For most devices, the hardware and firmware will prevent providing a reasonably secure device, regardless of the work put into device support.

[0] https://dictionary.cambridge.org/de/worterbuch/englisch/fall... [1] https://grapheneos.org/faq#supported-devices

Where's the fallacy?

---

Now after editing he makes this argument instead:

> And while I am searching for a way for GrapheneOS to grow, you are searching for a way to keep it limited to corporation made phones. And it is corporations that have the most interest to make it insecure trough hardware, SOC is just one day to do it. So you are failing even on security perspective.

There are no not-corporation made phones on this planet. Every conceivable part of a phone is made by a corporations from parts extracted from this planet by corporations, shipped and assembled by corporations. Do you think that the Fairphone, made by the fairphone corporation is not made by a corporation? From There Wikipage [2]

> Fairphone B.V. > Company type Privately held company

> And it is corporations that have the most interest to make it insecure trough hardware, SOC is just one day to do it. So you are failing even on security perspective.

So google, spending literally billions [3] on cybersecurity with a direct interest and industry leading track record in keeping pixel devices secure has an interest to make it insecure?

I stand by judgment: The required retardation for this kind of argument is amazing.

[2] https://en.wikipedia.org/wiki/Fairphone [3] https://blog.google/technology/safety-security/why-were-comm...

---

So, i'm dealing with a first grade tech student that learned some cybersecurity words. Here's how you can prove me wrong, answer the following simple questions:

1. Why should the GrapheneOS Developers do the work you want them to do? They seem uninterested and I don't see you paying them the 100s of thousands of dollars to hire someone to do the work for them.

2. Name a Phone that's not made by a corporation.

Okay, i have to admit you got me. 10/10 Ragebait until that last edit I was thinking you were serious, but you cannot be. Thank you gave me a good laugh and I haven't been this triggered in a while. Before he edit's let me copy his last edit for posterity, it's amazing.

---

> 1. Why should the GrapheneOS Developers do the work you want them to do? They seem uninterested and I don't see you paying them the 100s of thousands of dollars to hire someone to do the work for them.

They dont do any work regarding security that would matter. As hardly anyone is using GrapheneOS. Most people use it for privacy, I don't know a one single person that would use it for security, I have bootloader unlocked as I don't care, its not something that would be a reasonable threat to me, while government actors are not something, I can defend against as they will break my legs and I will beg them to allow me to enter pin.

> 2. Name a Phone that's not made by a corporation.

So they can immediately stop doing it. It is futile, insecure and worthless even from perspective of privacy unless they give people a chance to use it. And currently they dont with excuse of security.

---

Something about gay fish.

And CalyxOS

Good for you, I was also doing it when I was a kid. Actually was even cooking roms and removing everything that I didn't need.

Then I got my first banking app and was decompiling it on each new version, removing checks for root, "compatibility" and security checks, and compiling it back. Then another app came, this time for public transport, and I was reversing two apps, once every 2-3 months. Became quite efficient with it.

Then I deliberately bought pixel for GrapheneOS, installed it and never looked back.

As I have already mentioned: I am not using Android because I like it or I would want it. Sailfish has everything, I will ever need. For myself.

But not for living in this world.

Either you can't stay on-topic, or you don't actually know what ROMs like /e/OS or CalyxOS are. They don't require any work: you can buy a phone running one of them and use it just like you use a normal Android. If anything, it's probably closer to Stock ROMs than GrapheneOS is.

I am not interested in your complaints, really. I was interested in your take about the privacy issues on other custom ROMs, but it really feels like you don't know. And that's okay.

I use a Oneplus 9 pro with Iodé OS (based on LineageOS). It comes with Aurora store and MicroG pre-installed. It works very good and I'm very happy with. It is regularly synced with security updates from LineageOS.

That's like suggesting to Formula 1 World Champion to accept not being at the pinnacle of excellence and despite their talent to voluntarily move to a mid tier team because having a moderately okay car is better than not being in the sport. Same for cycling, tell last years Tour de France winner to stop using that light high end carbon fibre bike and just use that heavy 1960s steel bike instead, they both have wheels and get you from the start to the finish after all. Don't aspire to be more than average or the best. Just settle.

I'm the community manager for GrapheneOS. That isn't what happened, and it is very weird to not only see that on Mastodon, but also that you're going around saying it in other places, too.

People involved with the project you're working on have a history of making attacks on GrapheneOS, but what I mostly want to focus on is your suggestion because my goal here isn't to get in a back-and-forth with you or convince you, but rather provide context for others reading this.

Our hardware requirements are not arbitrary. They are what we need in order to be able to provide usable security to people who depend on it. There's no "average security" for devices that are missing patches for known vulnerabilities for months. That's a non-starter, not something imperfect that an OEM can work on improving. Multiple OEMs have reached out to us and actually want to do the work of improving their devices so that we can use them to provide security for people. It's very weird for people to be fixated on this idea that GrapheneOS should instead be supporting devices which can't actually provide what the OS is known for.

Without a secure element, a 6 digit PIN is no longer secure and can be bruteforced. What average person is using a long diceware passphrase to unlock their phone? Our device requirements are reasonable, and can be found at https://grapheneos.org/faq#future-devices. Every time people ask us to support another device, we have to point to that explain that we cannot, because to date, no other devices meet them, and those who do purposefully go out of their way to cripple third-party OS support (Samsung chief among them). Then, we ask people which of our requirements we should drop in order to support that other device, and why people think that requirement is unreasonable. To date, we have received no convincing reply to that.

You think we're chasing "perfection" but Pixels are just the best that exists right now and is extremely far from perfect. Our requirements aren't a wishlist, they're based on what is possible and reasonable today, not in the future.

Hi there, I'm the community manager for the GrapheneOS project. To you, and perhaps others seeing your comment, I would just like to ask that if people are going to watch the video, they should watch it in context, and also read the material that Louis is linking to in the video description, as I'm getting the sense that he's relying on people to not read them.

Our perspective is that Louis was upset with Daniel because we wouldn't do content with him, which resulted in a lot of jabs in his videos preceding that one, along with him expressing support for a video and a creator who has created what is essentially a hitpiece video on the project and its founder.

The main context that seems to be missing is that a supporter of the creator of that hitpiece was raiding our community rooms not longer before Louis' video happened, which culminated in the GrapheneOS founder being swatted by that person 3 times in the span of a few days. Louis Rossmann expressing support (with his large following) for that creator lends credence to their claims and leads more people to attack us. That should hopefully explain why Daniel was upset at Louis (in private, which Louis decided to livestream and leak). If Louis really thinks Daniel is some mentally ill person, is broadcasting him like that really the compassionate thing to do? Even in his version of events, this seems cruel.

Louis is a kiwifarms user, a website dedicated to harassing people (including Daniel). Daniel's thread what started by a self-admitted fan of Louis, shortly after his video, so it has directly led to a bunch more hatred. You can find all of that out yourself.

So for you, and those reading this comment after the fact, I'd encourage you to do your own research, and also to not take what a YouTuber says at face value just because they said it.

> Without a secure element, a 6 digit PIN is no longer secure and can be bruteforced.

Thanks for providing an actual example which we can use as a realistic reference.

Right now such device can run OSs which ship first party spyware. If GrapheneOS supported those devices, they’d be usable with an OS without that spyware, which is a net improvement. The security issue of “a PIN can be brute-forced” exists regardless of OS.

It has always been the goal of the project to provide security and privacy features while maintaining usability. People are expected to acquire a device to use GrapheneOS rather than us supporting as many devices as possible where we cannot offer the same protections.

We're hoping to have a non-Pixel device that actually meets the projects requirements in the near future, potentially. Our requirements aren't exotic and OEMs are confirming that they're well within their capabilities. We'll focus on working with OEMs interested in shipping secure devices in order to expand our offerings, which should offer more choices for potential users as well.