Ability to prevent encryption to become enabled

Hello,

Please, add an option to the very first boot, that will completely disable encryption of phone system.

I am big fan of Jolla, but I am totally uninterested in this kind of privacy on mobile phone. For me, this encryption layer is just another trouble-maker, and this really is in the case of C2.

Regarding banking and similar questions, nowadays always exist solutions that even if somebody have acces to the phone , he will not be able to use my account. If there are no viable safe solution for your particular service, then you simple do not install it on the phone. Problem solved.

10 Likes

After installing Sailfish enter recovery mode before first boot rename ‘/var/lib/sailfish-device-encryption/encrypt
-home’ to disable encryption. Doesn’t work on the C2 at the moment.

6 Likes

Disregarding the C2 startup problem, what other problems have you encountered?

2 Likes

If i understood it right, this is not possible anymore. Like encryption is required by the system in newer versions. You could flash back to a version where encryption wasn’t enabled. But this would mean that you couldn’t have the latest SFOS release. Or tell me if i say something wrong, compose the system yourself from the sources available. But that needs deeper programming and IT skills :slight_smile:

Understand. Not good preposition, somehow pushed by reading to much about C2 on this forum and being nervous with waiting :frowning:

My C2 arrived today and it is working. During the setup, it happens three times that touchscreen was unresponsive, last time immediatelly after updating to 5.0.21, when I was unable to enter PIN - reboot solved.

I agree that in regular use the encryption layer is not a problem. What I can learn is that in beta version this would better to be disabled. Also entering PIN after restart is not needed for beta - oh, I cannot disable this in 5.0 as it was possible on XA2, maybe that phone is not encrypted? All this security are adding complexity and could be enabled later when basic functionality is succesfuly tested - at least for me, phone is a communication device needed for calls, messages, and browsing, and not a vault for secret data.

But for curiosity, it may be completly ireleveant, If every data readed and written must go through encryption layer, how much battery is consumed for this? Do encrypted data need more space? How much is processor loaded with the encryption and how much extra RAM is consumed? I remember, on this forum, sometimes users complains about short battery time and short resources.

2 Likes

I thought if you flash an old version without encryption, this dtate would be persistent through the updates. At least I had XA2 Ultra without encryption up to sfos 4.5 until the upgrade to 4.6 crashed my system and I had to do a reflash

1 Like

It is also my impression that upgrading will not encrypt existing storage, but reflashing will. My Xperia X has been upgraded many times since encryption was introduced and now runs the latest (last! for this device) available version of SFOS. It is still unencrypted.

(Edit to clarify that last version applies to this specific device)

2 Likes

Those questions depends on hardware vs software encryption, if it is hardware it can reduse power consumption and increase speed. Energy-efficient encryption for the internet of things | MIT News | Massachusetts Institute of Technology

Encryption needs more space but is not really a problem, just for fun i used 7-Zip, to compress the Signal setup file with the very secure password: a

As you can see the size increases, but the disk use stays the same :slight_smile:
image

1 Like

SFOS uses LUKS Encryption of User Data | Sailfish OS Documentation . This should be applied from the beginning, i.e. at first installation time. You may find further information on LUKS here: Home ¡ Wiki ¡ cryptsetup / cryptsetup ¡ GitLab
For me to not encrypt mobile devices by default seems to be outdated in 2024. Especially for the privacy-aware SFOS this feature request seems odd for me and I hope for most users also.

2 Likes

The answers are:

  1. Not significantly on modern smartphones.
  2. No. Only the metadata for encryption needs a few hundred additional bytes.
  3. Not significantly on modern smartphones.
4 Likes

I am generally against encryption and would undo it on my phone in particular if I could. Why is this forced on the user if you have to reflash the OS?

2 Likes

Because users are unknowledgeable. There are hardly any downsides (for the devices owner) to it, only huge upsides.
That’s why every OS, especially on a mobile device, should by default use storage encryption (and something like TPM, so encryption key is not a 5 digit pincode). And ‘by default’ means: really hard to disable.
And my point is: people who want to disable encryption(and other forms of rudimentary security), because of ‘i want to have the choice’, do 99% of the time not know enough of this subject. It’s not an educated decision. It like saying my car doesn’t need good brakes, because i dislike brakes o n a car(they are not only there for you personally of course). And then it’s bad for those people, and worse, it’s bad for other people (like hackers/botnets impersonating other users by using their stolen accounts and data for criminal activities).

4 Likes

On all my devices the encryption never made any troubles and always worked in a way that I never was annoyed from it, not even saw that it’s there, it just did it’s work. But on a highly experimental device like C2 in this early stage of development it’s really bad if just this part in early stage of setup fails. On my working devices I’m happy that encryption is there.

3 Likes

LOL: If anything goes wrong with the encryption, including forgetting the passphrase, all your data is (very safely) inaccessible forever, i.e. this is equivalent to “erased”.

Hence it is absolutely O.K., if the encryption of the /home volume can be disabled by some deliberate action, e.g. after installing SailfishX enter recovery mode and rename before first boot /var/lib/sailfish-device-encryption/encrypt-home.

P.S.: There seems to be a misconception here: LUKS encryption cannot be easily switched on or off to your liking. SailfishOS implements it by creating either an encrypted or unencrypted /home volume on the first boot (i.e. when running the setup wizard). Hence to switch /home volume encryption on or off later, one would have to perform a “factory reset” of SailfishOS (or reflash it) and run the setup wizard again, which does not seem to be possible with the Jolla C2 AFAIU.

3 Likes

Seriously Olf, you apparently have very important data on your phone, so important you’re not willing to risk 1/1000000 chance drive encryption fails BUT you are not worried that someone steals your device or you lose it in the train or whatever(chance 1/3)? You know that when that happens all that data is accessible without restrictions?

1 Like

i dunno about SFOS 5.0 or the C2, but this script i wrote has worked for me all the way up to 4.6.0.15 on Xperia 10 III.

it modifies the sfos image before you flash it, and it works on official licensed images as well as community images. i use it to change defaultuser to nemo, disable encryption, and enable flashing of docomo-branded SO models. it is pretty simple, but i make no guarantees about its functionality or safety.

the script is only tested on debian gnu/linux, and maybe only works on debian. it is a perl wrapper around guestfish, img2simg, simg2img, and bbe.

4 Likes

I just wanted to put another vote for leaving the decision about encryption to the user. I never enabled it and hopefully will never have to use it with a future SFOS version.

2 Likes

Agree. Why buy a Sailfish device then?

Their homepage

The mobile OS with built-in privacy

you have to do your bit too…

3 Likes

Yeah, they should call it the “unknowledgeable stubborn, I want it because i want it, dumbassery botnet enabling mode”

1 Like

As this thread contains many users that would like to allow to disable default encryption of user data in SFOS for unspecified reasons I would like to clearly disagree to this Feature Request.

I hope that other users follow.

(edit log: changed “… to roll-back encryption…” to “…to allow to disable default encryption of user data…”)

5 Likes