Fairphone Security and Privacy features

With EU:s Right to Repair legislation closing in by the day and that one of Fairphones unique features soon to become not so unique anymore it is time to add another ethical feature.

Many governments, intelligence agencies and even private companies have been caught spying on civilians, journalists, lawyers, businessmen, scientists, politicians and so on. USA, China, Russia, Saudi Arabia, Israel, Denmark, Hungary, Poland are just to name a few. Often done without a thread of decency and with zero regard for democratic values or human rights. Khashoggi, Nour, Merkel, sound familiar? A drop in the bucket!

In countless cases it’s the users smartphones that have been targeted with spyware like Pegasus (NSO Group), Dropoutjeep (NSA), RCSAndroid, Exodus and so on. Many of these spyware provide full control of the users smartphones, like stealing sensitive information, eavesdropping and viewing through the cameras even when the phones appear to be locked.

For this very reason most business-laptops today have physical camera switches. Why don’t smartphones have these? So the users can decide when and if they at some occasion want to physically turn on/off the cameras, microphones and other sensors that can be used for the same reason. A lot of journalists, researchers, lawyers and politicians could really benefit from this and today there is nothing like it on the market. Our smartphones are with us everyday, always and in most cases know way more about us than any person or other thing.

Since Fairphone is a ethical-minded company… how about doing something about this? I guess that many companies and agencies that handle sensitive information on a daily basis also would line up to buy a device that offers a solution to this security issue, especially when that phone also is the most enviromentaly friendly. Same goes with people living in countries with unhealthy governship.

Have a talk with Citizen Lab (surveillance industry monitor at University of Toronto) or Edward Snowden about what would be the ideal solution for smartphones from a privacy and security perspective. A solution that also keep the smartphone functioning like any modern smartphone - when the user decided that it should.

https://twitter.com/Snowden

Hei and welcome to the Forum!

While I (and many others here, as you will certainly see when you look around a bit) completely agree with you, the unfortunate truth is that at this point, >95% of people don’t care. I have hardly talked to anyone that actually reads the privacy policy before they click on agree, let alone not using a service because of privacy concerns.

Considering this, it would be almost impossible for Fairphone to stay in business if they e.g. ship their phones without Google Apps or some kind of hardened custom rom, since most people won’t buy a phone that doesn’t have Chrome or the Play Store preinstalled. Fairphone did however partner with the /e/ foundation, so you can buy a phone with eOS from them. There are also multiple other alternative OSs listed in the #oslist.

So yes, in theory they should do a lot more in that regard, but they are already producing a niche product, and when you combine the “fair consumer” niche with the “privacy nerd” niche, there will be hardly any people left who would actually want this phone. It’s unfortunately just not feasible for now.

Hi!

I was mostly referring to the ability to turn off things physically while still being able to use the phone, like with all business-laptops nowadays.

I work as a regional security strategist within healthcare and if there would exist an alternative on the market with those features our procurements for smartphones most definitly would include that as a requirement.

And just in our relatively small organisation we buy close to 23000 phones a year.

Most public organisations and agencies within the EU more or less the same legal obligations and the same risk picture as we do. Healthcare, law enforcement, defence, social services and so on. With regard to the time it takes to design a new phone, in the last 5 years the laws regarding security have been more strict and more laws are on its way.

Turning on/off the phone or putting it in some faradays cage-locker does not cut it when more and more of our work get dependable on having our work-related applications at hand.

Since the design of Fairphone is modular there might be some way their designer could do a exchangeable backcase with dip-switches. That physicaly turn off different features.

You can have a look at the feature request thread for a hypothetical Fairphone 5:

there are some posts about hardware switches, and also examples of other phone with these switches.

In that case, you might want to have a look at the Librem Phone and the PinePhone which both have those features. However their hardware is not that powerful and the software is still in early beta, so I wouldn’t recommend using them as a main phone, let alone in a critical business environment.

I hope that your company has more than 50000 employees, otherwise they would buy a new phone for everyone every 1-2 years, which is a complete waste of resources…

On LineageOS you can do this in software and while yes, that’s not nearly as good as physically disconnecting the hardware, it’s better than nothing.

That should indeed not be that hard, I agree.

FP produce a fair phone in terms of manufacturing, human dignity and resources but they have zero in mind regarding security and privacy. that’s fact.
they are using a unmodified AOSP android without any filter, blocker, firewall, de-googling, or whatever.
It is not their business-case

For me, thinking really fair, means using a FP with a privacy/security oriented custom ROM

For me too, but like I said, nobody is going to buy it then since most people are so uneducated on that topic that they want those “features”. Combining a small niche with another small niche is just not economically feasible I’m afraid.

However we do need to think about why both fields are niches at all and work on changing that.

@Stanzi You’ve said multiple times in this thread that there is no market for privacy and security oriented phones which would be a reason why the Fairphone company wouldn’t want to invest effort into this. I find this to be an interesting point.

I haven’t been around since the beginning of Fairphone so correct me if I’m wrong, but wasn’t this the case with self-repairable, ethically manufactured phones too back in 2013 when the project started? They weren’t hungry businessmen looking to fill a hole in the market and make zillions, they were a group of people with strong beliefs wanting to bring a product to the market for their ideological reasons.

Back then smartphones were still relatively new and everyone was just getting the shinier, bigger, faster glass brick with better cameras every year or two because the technology was advancing so quickly.
Smartphones however have quickly plateaued which made people question whether they actually needed a new phone and whether buying a new phone every 2 years is a massive waste of materials. It also upset them when they found out their perfectly adequate phone was no longer usable because a component failed or the battery has worn out and replacement is either not possible or too expensive to justify.
In this regard, Fairphone was able to foresee this and were ahead of their time.

On the other hand, online privacy has been a hot topic for the past few years. Even average people have been turning on Facebook and Google for their invasive, data-hungry ways, Edward Snowden’s Permanent Record was a bestseller, and people are generally waking up on the issues that FOSS and privacy advocates have been banging on about for at least a decade now.
In this regard, focusing on privacy would actually be Fairphone following trends instead of predicting them; granted they would be the first mainstream phone manufacturer (yes, I consider the Fairphone brand to be that at this point) to do so but there have certainly been smartphone projects and startups making privacy promises.
I do recognise their official partnerships with /e/OS and Murena but it felt like a consolation prize after they axed FP Open rather than a step in this direction.

@Fosca2k You’re right about Fairphone’s unique value proposition possibly being diminished by the right to repair legislation. This right now could very well be the peak of Fairphone. Pivoting towards and attracting the privacy-conscious crowd that was so excited before the Librem 5 and PinePhone released (and turned out to be practically unusable) sounds like a logical step, especially considering that they are essentially already halfway there.

SHIFT is currently working on a smartphone (SHIFTphone 8) with hardware kill switches and wants to bring it out at the end of the year. I’m curious to see if they can actually pull this off with the kill switches. This would then be the first phone with kill switches that is suitable for everyday use. SHIFT is also quite a bit ahead of Fairphone when it comes to data protection. Both the website and the forum page are not as Google-infested as Fairphone. Fairphone does not offer ONE privacy friendly channel. SHIFT can be found on Mastodon.

Fairphone is currently, unfortunately, completely overwhelmed with delivering timely bug fixes, security updates and upgrades. Especially security updates for Android, the kernel, baseband, bootloader, drivers, etc. a maximum of a few days (not MONTHS!!!) after release are essential for IT security and privacy. However, I assume that they themselves have understood by now that this can’t go on. I hope they are working on a solution how it can be better implemented in the future (without outsourcing the software development to far away countries). This will certainly take a lot of time. I think only when they finally get this under control at some point, they might have the resources to worry about further data protection. By that, though, I don’t mean that they should develop a privacy-friendly Android. In fact, most people don’t want to do without Google, and the Fairphone needs to sell well to the masses. There are now enough suitable custom ROMs for a privacy-friendly OS. It does not make sense for Fairphone to acquire these complex qualifications and use enormous resources for it. Fairphone should rather stick to its core competence of producing hardware fairly and modularly and expand it further. There is still enough to do there (improve delivery chains, etc.). However, they could implement the above points of SHIFT apart from the update policy, which is in great need of improvement. And better support for privacy-friendly custom ROMs would be urgently needed. This requires making all the closed source blobs openly accessible so that the custom ROMs can solve problems themselves, such as the full usability of third party camera apps. Especially for the privacy-friendly custom ROMs, the very timely security updates are also important. More open and direct cooperation with all custom ROMs would be very desirable. A collaboration between Fairphone and all custom ROMs would release new and great synergies.

By the way, Fairphone is already aware that they could still do something in the area of data protection. On 11/01/2021, c’t magazine (german) did an interview with Eva Gouwens (head of Fairphone).

Translated with DeepL Translate: The world's most accurate translator (free version):

c’t: Soon the EU wants to oblige smartphone manufacturers to provide their devices with updates for five years, to make them more repairable and to keep spare parts in stock. Would Fairphone then still be something special at all?

Gouwens: I think we’re doing more than just making a fair smartphone. It’s not just about using fair raw materials or building a device in a modular way. We haven’t even talked about things like data privacy yet, that could be something that comes more into our focus in the future, as well as better recycling. I see more than enough room.

Sounds the way to go

Here are a few more thoughts:

To improve IT security, Fairphone could put a Titan M chip in the smartphone.

There are many custom ROMs available for the current Fairphone 4. Such as /e/OS, LineageOS, CalyxOS, DivestOS and iodéOS. However, GrapheneOS is missing. This should be the custom ROM that is by far the leader in IT security. They implement many hardening measures. However, it will be difficult for Fairphone to be supported by Graphene one day. There would have to be permanently very fast security updates (in all areas!), a Titan M chip and other requirements. In addition, Graphene usually only supports a device as long as there are security updates for firmware and kernel. Which is often no longer the case after 3 years. However, throwing away the device after 3 years contradicts Fairphone’s goal of benefiting the environment by using the device as long as possible. Only an open source baseband and open source drivers for the rest of the hardware could solve this problem. This will be anything but an easy task. As desirable as GrapheneOS might be on a Fairphone, this will probably not be possible in the foreseeable future. Those who have this need for security will probably have no choice but to buy a Google Pixel.

The points I mentioned here and in the first post regarding privacy and IT security help to massively increase protection against companies like Google or malicious hackers. This should be quite enough for the majority of the general population. However, if you’re targeting protection from governments/intelligence agencies for potentially vulnerable groups of people, these measures are unfortunately not enough. That is far more complex. For that, the baseband, the Titan-M chip and the entire firmware would also have to be open source. For this, Fairphone could team up with the Librem5 and PinePhone projects mentioned above. Precursor might also be helpful. This in combination with GrapheneOS would probably be the optimum at the moment. Apart from the fact that such a mammoth project would take a lot of time without knowing beforehand that it would also be suitable for everyday use and bug-free in the end, it would extremely increase the costs for such a smartphone. This is far from a realistic goal for Fairphone smartphones. At most, such a project could be run in parallel and separately. A correspondingly vulnerable group of people would also spend the very high final price for such a smartphone. All others would probably rather be satisfied with the closed source components (and thus a much cheaper final price for the smartphone!). Even though I would very much welcome such a project, I think it is very unrealistic that Fairphone will ever implement it. But perhaps at least one of the projects already in progress will eventually manage to complete a smartphone suitable for everyday use by vulnerable groups of people.

Did you take Purisms Librem 5 into consideration with this statement?

That should probably be taken with a grain of salt. I would rather say, “they should consider spending the very high final price”, where obviously it makes a huge difference if you’re a defense contractor (or a drug lord!) and have lots of money to spend, or if you’re just an activist, political journalist or some such. And on top of this they are most likely also more or less clueless about the technical aspects of smartphone security. Most people are.

The biggest problem with security isn’t the potential attackers, it’s ignorance and convenience. I know lots of journalists who wouldn’t think of changing their iPhone because a) “I’ve heard it’s safe enough”, and b) “I’m used to it”. It’s not so much their phones which are vulnerable, it’s more their personal work flow, the apps they use, and the mix of uses, professional and personal/leisure.
If you tell them to have two phones, one, secure, for “serious” stuff, and another simple one for personal use, they balk. Too complicated, too expensive, who wants to carry two phones, and all that.

So, concerning a hardware switch for cameras, I’m pretty sure most people wouldn’t be ready to pay a premium for it. After all, you can put some duct tape over the lenses (or, more definitive, some nail polish) if you are so concerned about it.
And even if they got that switch for free, it would probably stay on “on” perpetually, because of convenience. Except maybe for a tiny minority of paranoid or highly endangered people, and for those I would suggest no phone at all anyway, because if you carry a small environment-aware computer with lots of sensors in your pocket the possibilities are endless.

Keep in mind, the biggest enemy of security is convenience, and most of the time convenience wins…

(Not trying to rain on your parade, just stating of real life realities.)

Do you think the Librem 5 is already fully suitable for everyday use? That would be nice, of course. My level of knowledge might actually be a bit old. Spontaneously, I unfortunately did not find any current statements about it. Only some older ones. Golem.de (02/2021) said about it:

Translated with DeepL Translate: The world's most accurate translator (free version):
Even if the Librem 5 only feels like the higher-end and especially higher-priced feasibility study of a Linux smartphone compared to the Pinephone, we also see the approach as a promising process. Provided Purism and the community continue to work on the Linux smartphone ecosystem, our dream of a Linux smartphone might come true after all.
…
In that respect, we’re not giving up hope quite yet that one day we’ll be able to run our favorite distribution on any Linux smartphone of our choice after all…

linux-community.de (05/2022) said about this:

Translated with DeepL Translate: The world's most accurate translator (free version):
The software for both the Pinephone and the Librem 5 has made tremendous progress in recent years. However, they have not yet reached the point where the devices could be certified as suitable for everyday use.

Then you can’t help them either. But there are certainly still people whose lives are really at risk. They would certainly put safety before convenience. But this is, of course, only an extremely small proportion of the world’s population. I also just wanted to say that Fairphone is not the right address for such a need for security, and that it would take some effort to achieve it. A privacy-friendly operating system is not enough.

Of course, this is more than true!
The topic starter then has to think about that himself. Does he manage to get people far enough away from the convenience for his individual use case to gain the privacy and security that is sufficient for him? This is indeed a very difficult undertaking, which requires a lot of willingness to learn and the will to make it happen.

It’s the old (and quite frankly pointless) discussion between the cypherpunks (I’m sympathetic to) and the Great Unwashed, who don’t see the point and who retort that nobody would bother making any effort to steal their data. And they are mostly right too, except when they’re wrong…
On the other hand I’ve seen and advised many people who have things worth stealing they should protect, but it’s too hard, too complicated, and they can’t really make the difference between what I would qualify as technical superstition and any real cause-effect relations.
When you tell them what it really takes, even when keeping it as simple as possible, they don’t like it. Because it’s different, they aren’t used to do it like that (inertia), their friends do it in a different way and didn’t have any problem so far (survivor bias), not to mention a strong Dunning-Krüger and all kind of other reasons to rather do it the way they (or their girl/boyfriend) decided it should be done.

Bitter? Nooo, just a little disillusioned.

But we’re getting OT here. My initial point was that Fairphone should indeed keep an eye on the privacy and security issues, but while the first are difficult to tackle while using a Google OS, and the best solution was releasing the /e/ version, the second start with releasing security updates quickly and often (wink wink…).

Thanks for all the thoughts you share with us. I could not have described and summarized it so well! I see most of the points from your two posts just as you do.

I can totally understand that! Environmental protection has interested far too few people for a very long time, not to mention too long. And slowly something is happening. So: hope dies last! Perhaps the tide will also turn at some point in terms of data protection.

I think we have highlighted some important and crucial points. I hope this has helped @Fosca2k a little.

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.