Post reads: "❓ Do you know who are the inventors of the hardware-level kill switch for smartphones?
🤫 Stay tuned! We’re teaming up with them to offer you more privacy.
👇 Share your ideas in the comments! "
Sad that yet another promising phone is “phablet” sized. :(
Too bad its not a foldable.
Site doesn’t load
Can someone clarify: according to Murena’s website, they use /e/OS, which is what they call “degoogled” Android. I would assume degoogled means no Play Store. If that’s the case, what’s going to happen next year, when Google starts blocking installing .apks by unverified developers? Which, I’m assuming, is a good chunk of developers who have apps on F-Droid.
Presumably google is going to block app installation via a google service. If you do not have google services in your phone there’s nothing to block you.
This is exactly what you want, because using a degoogled phone won’t be affected by this change.
It won’t directly affect them because they will not be “Google Certified” devices.
No worries Google’s actions against installing apks from outside the Play Store will only influence Android, not any of the other operating systems that are based on the Android Open Source Project (AOSP)
means no Play Store
Indeed, by default AFAICT they provide
Aurora Store and F-DroidApp Lounge (edited: was a little while so I forgot, I install F-Droid on every Android device I have as a reflex).Regarding the consequence… well I don’t know the future. Maybe alternative stores will have a “trick” so that they are considered verified and thus can install other
.apk, or maybe it won’t matter for rooted phones anyway.e came with App Lounge as their Store last time I installed it, but I got Aurora and F-Droid immediately for redundancy.
I don’t remember exactly so you are probably right, editing my comment.
I think custom android ROMs like /e/os will disable this new “verified developers” check, so no peoblem?
Maybe tone down the emojis, this reads like an MLM post.
All of them have at least one. Usually it’s 2-4 emojis per post, but some have way more. Seems like a deliberate marketing tactic.
Please just officially support Linux mobile on it as an option. I don’t care if it buggy and barely usable, most Android phone companies actively make it almost impossible to install anything other than Android.
They all use the base package from the chipset vendor. It only supports android and only for a given number of years. I wouldn’t be surprised if the license was massively invasive.
Basically, there’s no drivers and no documentation for most mobile hardware outside of manufacturer contracts.
Give me Ubports and an easy way to buy it in North America and we have a deal.
Saw it earlier today, actual phone https://murena.com/shop/smartphones/brand-new/murena-shiftphone-8/ at 730EUR, delivery in October.
Got a CMF1 with /e/OS since ~February (cf my history of comments to see the ups and downs, overall happy with both) … and I admit I’m tempted. I obviously don’t need it and having a relative cheap (~350EUR) feels pretty nice to me. Maybe if I want an upgrade later on but for now I’ll stick to what I have.
Looks slick, sounds sweet. Maybe there’s deeper lore, but all I think of is the Librem 5 when I hear about hardware kill switches. Might consider it if it includes amenities like a decently replaceable battery, headphone jack, micro SD slot, and relockable bootloader.
Jesus, the constant attempt at undermining murena by some users with falsehoods and misrepresentation is quite concerning here. Reminiscent of certain private OS devs having public mtdowns.
Indeed, it’s quite tiring especially when IMHO the goal is to decouple from large dominating actors that are obviously worst. I think the initial motivation is positive, namely genuinely improve privacy, but it goes to such extreme that no compromise is possible (which even that is fine) to actually inventing scenarii that aren’t real to make the point.
TL;DR: let’s focus on doing better than the popular worst offenders (random recent example) and eventually keep on improving without pushing imperfect projects down
So this kill switch will auto delete all the telemetry /e/ collects by default, including the Voice data Sent to OpenAI? right? RIGHT?
Btw, if you dont understand their text, let me translate it for you
We took out loans from a bunch of venture capitalists in order to make a phone with a weird gimmick which is completely unnecessary since our OS collects your Data by default and dosent care about your Privacy at all anyway, just so we can please a crowd of tech hippies who have no idea about actual privacy but want to look cool by switching off their Camera after posting their 24/7 location on facebook and letting ChatGPT analyze their breakup text. (Also btw we have to somehow pay back those millions by raising our stock prizes, so stay tuned for our cloud selling your unencrypted photos because we have to enshittify).
The only reason to have hardware switches is if you fear that you’ve been compromised. And if you’ve been compromised, why would you continue to use a compromised phone for things that need your location or access to your camera?
And if you go in with the expectation of „this phone is going to be compromised”, just remove the Camera and everything and attach a Webcam or Mic for whenever you really need it. This way you can actually verify easily if its on, instead of having a mm button that can be easily toggled while putting the phone away
auto delete all the telemetry /e/ collects by default, including the Voice data Sent to OpenAI?
You are back with your FUD. I don’t know what you have against /e/OS specifically or if you are genuinely paranoid but in this specific instance you are making stuff up! I clarified in https://lemmy.ml/post/35472063 so maybe a language barrier because the post you linked to was in French but the STT service is
- NOT on by default
- for paying customers only (0 chance that a random person would activate it and thus be shocked)
- tries to anonymize the data
So… that’s not even telemetry, that’s like activating a service which the company explicitly said relied on OpenAI in the first place, people STILL paid for it AND activated it. They can’t be surprised that it’s sending anything to OpenAI then.
Come on, help us make this community better. We have enough problems with BigTech, small tech and more that we do NOT need to invent problems!
PS: also the reasoning about the presence on kill switch is … just plain silly. The PinePhones are running Linux, no Android, no /e/OS/ or whoever actor you might dislikes, OSes built by others, e.g. PmOS, Ubuntu, etc and yet still have hardware kill switches.
Not commenting on the other stuff but people should get used to the fact that anonymized private data is still private, so a so-called privacy app should not be leaking or disclosing or selling it. It might be LESS invasive than personally identifiable data, but it’s not NON-invasive.
Who is willing to pay for it after all? Almost certainly, someone who is up to no good. And if you can think of a way it can possibly be misused, then enabling that misuse is invasive.
I’ll preface my answer to clarify that I’m against surveillance capitalism and privacy Zuckering. I say that in the open, do not use Google services, Amazon, have my own PeerTube instance, IoT at home is HomeAssistant with ZigBee, etc. So my goal here is NOT to cut some slack to anyone.
I started with this because I’m not actually sure what you are referring to. Since my initial comment is about Murena STT I’ll assume it’s that but if not please correct me. This specific service… is not a compromise I would accept. So I’m in NO way advocating for me. The only thing I’m clarifying is that this service is not something one can “stumble upon” and enable without paying attention. That’s why I put such recurring emphasis on it. It’s not coherent with “sharing all data” or imagining a scenario where somebody buys an /e/OS phone Murena and somehow ending up getting their data leaked (due to the potentially imperfect anonymization) to OpenAI. One has to activate it and to do so one must be a Murena services paying customer. This is not the case when “just” installing /e/OS. So once again I’m not saying Murena is perfect, not even that it did the right choice (according to my own privacy preferences) my relying on OpenAI, and yet that problem is not relevant to most people who use /e/OS.
To make a quick a analogy it’s like installing WhatsApp on a privacy OS phone. Sure you technically can do that but if you do and complain about how Meta is collecting your data then you did it on yourself, you can’t blame the OS developers.
due to the potentially imperfect anonymization
I don’t understand what you’re saying above, but my point is that disclosing any info to adversaries is invasive even if the anonymization is 100% perfect. The potential imperfection makes it worse, but that’s a side issue.
An example is polling. Some terrible politician X wants to know what voters think of issue Y, like “35% in favor”. So she hires a polling firm to call people and ask their opinions about Y, with the result being completely anonymized and aggregated, again, like “35% in favor”. What will X do with that info? Something bad, of course! We said at the beginning that they are terrible!
So do you want to cooperate with such a poll, that X commissioned to serve an evil purpose? Of course not! Or at least, I hope of course not. In that case, what do you think of software that effectively enrolls you in such a poll against your wishes?
If your private activity is being statistically reported to your adversaries, your privacy is being invaded even if there is zero PII in what the adversary gets. This is infosec 101. A quotation due to Silvio Micali is “a good disguise does not reveal the person’s height”. Statistically summarized information is still information, and calling it otherwise is self-serving nonsense. You want to give the adversary NO information. Anonymization is irrrelevant.
My point isn’t really about the implementation per se (I’m aware of the limitation since at least 2011 by reading then Link Prediction by De-anonymization: How We Won the Kaggle Social Network Challenge so more than a decade ago) but rather that the “solution” Murena offers is not a mandatory service. If people want to use it, they can. I do not want to, I do NOT have to. I’m not arguing that their solution is good, or bad, only that it’s optional.
You are back with your Spam
NOT on by default
This is a Private OS. They should not have this integration, since there are more than enough FOSS alternatives.
for paying customers only
Dosent change my point.
tries to anonymize the data
Tries. Tries. Tries.
They claim to be private. They incorporate a non private Service even though there are valid alternatives. Thats where this discussion starts and ends.
back with your Spam
Try it, report me for spam to the mods I’d be curious to hear their opinion.
?? Murena is a privacy-first company with a degoogled android rom
privacy-first company
is a Privacy first company.
They are worse then Linaege. Linaege at least supports local system backups. With /e/, you have to use their own unencrypted servers.
(Also btw they support Phones with not anymore updated firmware, which partially allows script kiddies with a flipper zero to exploit your chipset)
I can tattoo „privacy first” on the inside of my asscheek. Dosent mean it actually means anything.
Like I said, /e/ is not at all better than LinaegeOS, but instead takes the OK LinaegeOS, adds their own insecure services, removes everything that could be more secure, and misrepresents what is essentially a LinaegeOS Flavor as
- uLtRa gIgA sEcUrEeweeeeeee!!!;111! V. 1211 b !!!
With /e/, you have to use their own unencrypted servers.
Stop making stuff up… you do NOT have to use Murena services.
Please tell me, where I can enable Seedvault or another local backup service without having to root my phone first or use apps like shiziku.
YES, I HAVE to use Murena services in order to back up my /e/ is phone without compromising security via root or shizuku. Prove me wrong, and send me a fucking video about it.
I am using e/os on a fairphone so Settings > System > Backup > Choose Seedvault as Backup provider. Done.
At least that works for me
Edit: And no I dont have the time to create a video of it
While I appreciate your desire to improve privacy for yourself and others, you are again inventing things (optional service as if everybody using /e/OS had it, relying on Murena services where not everybody does it) from your very narrow perspective as if it was the truth. Again I imagine your ultimate goal is to help people to find a better alternative (which is something I hope too) but I can’t spend more energy arguing with made up problems. I hope others who do read your words and are exhilarated by your passion and the strength of your words do still go check the source of the claims you make but I don’t want to have this kind of conversations again so safer to block. Take care of yourself.
Edit: to clarify, Google is the enemy. Meta is the enemy. Amazon is the enemy. etc, not you, not me, not Murena, not LineageOS, not whatever tiny project of the Internet is trying to do slightly less worst than BigTech and surveillance capitalism.
I feel like that’s way too easy to accidentally flip.
Well they say “kill switches are located beneath the battery cover and can be switched with a paperclip or similar tool, so it is not easy to switch them regularly, but for shifting the camera and microphone OFF for longer times they are very suitable”
