Questions about Jolla C2 and SailfishOS

Hi all!

Let’s say I’m an independent journalist and I’m looking for a moderately safe smartphone for myself. Some time ago I learned about the existence of Sailfish OS, and then the release of a new smartphone was announced. Please tell me how things are going with the following functions?

• Randomize Wi-Fi MAC?

• Average battery life is 2 years. How is Jolla C2 doing with this? Can I change the battery myself? What kind of battery is used?

• Is there support for Shadowsocks (and optionally with Cloak/V2Ray support)?

• Is it possible to isolate Android applications from each other? For example, so that the Facebook application cannot find out that the Instagram application is installed on the same smartphone, and even more so, find out under what login it is authorized.

• Is it possible for Android applications to return different DUIDs? So that they think that they are installed on individual devices.

• I looked at the screenshots, but I didn’t see the download speed displayed next to the mobile data icon. Does she even exist? When your connection is unstable, it can be very helpful to understand whether you need to turn your mobile data service on and off again to get it working again. Or wait a few minutes to figure it out yourself.

• Is there a night mode that makes the colors warm? People’s eyes often hurt from the blue color of modern smartphone screens.

Hey,

I’m by no means an expert, but I do like fiddling with stuff and I’ll try my best to answer as much as I can figure out:

• Randomizing Wi-Fi MAC I’ve looked into for my own purposes; does not seem possible in any built-in fashion, meaning you’ll need to manually implement something via CLI

• From what I can figure out on the Reeder S19 phone battery replacement videos, the back of the phone is glued, it’s not impossible to replace, but my no means user friendly either or up to Fairphones levels of serviceability. You may prefer a look at another kind of supported device or community device for battery serviceability.

• Shadowsocks and V2Ray seem available on Openrepos, but I’m not sure if they’re currently in working condition or not, I’ve not personally tried!

• Work profiles do not seem to be implemented, and the F-Droid app Shelter notifies me it’s not compatible, so I don’t think this is possible.

• I don’t think returning different DUIDs per apps is possible either, but have not looked into this

• Bandwidth indication in the top bar is something I also miss, loved it on Android, but doesn’t seem to be available on SFOS either natively or with a patch

• To your final question, there is a patch that allows you to set an overlay effect with colours and strength of choice:

Screenshot_20240807_104153_0011080×2520 178 KB

Hopefully that answers some questions, and please bare in mind I might be wrong about some answers

Thanks for answers. Perhaps someone can add something else to what you said?

Are there any SFOS developers here?

Over lunch I had a bit more time to think the situation over that you had laid out in your original post.
If I were an independent journalist going to quite an extend to protect my privacy I would see if it were possible using alternatives to the big tracking networks like the Meta products you’ve mentioned.

If that’s not possible I’d definitely avoid using their own proprietary apps, and use open source alternatives for Facebook and Instagram instead, or a (TOR) browser with container tabs.

I would probably keep WiFi disabled and use mobile data with a VPN or TOR, no hassle with MAC addresses then either, just your ISP that can triangulate your position.

Having thought more on it, I’d say using the Android layer with a form of spoofing or Waydroid perhaps with multiple containers or spoofing should cover your points 4 and 5 as well.

If you get that deep into it, I’m not sure any regular hardware or software is going to cut it anymore either, I’d probably want open source hardware with kill switches per function such as the PinePhone Pro, which might even work with SFOS and has replaceable batteries which are separately rechargeable.

Always fascinating thinking of the options, though I’m glad I’m not depending on them. Good luck with your search, hopefully this helped!

Thanks for your thoughts. I’ll have something to think about. Now, whenever possible, I also launch applications from the browser, rather than native ones. I was interested in the words of the guys from Jolla that their smartphones are primarily about privacy, not customization. I would like to understand what they mean by these words. Of course, there is no such thing as absolute privacy, and therefore I would like to get an idea of ​​how much better SFOS is in this regard than Anoroid.

I remember a post here or even the old forum about network access with the default settings over Wireshark. They compared Andy, Apple and SFOS. There were orders of magnitude difference. Unfortunately I can’t find it.

A lot: No G**gle account necessary, therefore no legal contract with G., no licence agreement with big tech, SFOS can be modified and adapted for your preferences, SFOS is Linux, root access possible, wide variety of tweaks possible,…

I remember a post here or even the old forum about network access with the default settings over Wireshark. They compared Andy, Apple and SFOS. There were orders of magnitude difference. Unfortunately I can’t find it.

A lot: No G**gle account necessary, therefore no legal contract with G., no licence agreement with big tech, SFOS can be modified and adapted for your preferences, SFOS is Linux, root access possible, wide variety of tweaks possible,…

Well, Sami Pienimäki talked as if they were investing their resources into privacy instead of adding functionality. So far it looks like they just haven’t implemented telemetry. That’s not exactly investing resources into privacy, is it? So far, the answers to my questions from the opening post suggest that no special work is being done. Either we don’t know something or we misunderstand it.

People here seems to be beating that with quite a wide margin on the Sonys, so i think your info is a bit outdated. As with any glued phone, battery replacement will be a niche occurrence.

I’m not sure i would equate those two very Android-centric “cloaking” features with being privacy focused.
Especially not that they would be top-of mind.
The best privacy is to not (over-)use silly Android apps in the first place.
Personally i find it silly/funny/sad that this is what comes to mind for most people. Privacy is the absence of tracking and just bog-standard reasonable security. If we think we need active measures, we have already lost.

A term used a way back was “fundamentally uninterested in your data”. This is very different from a “hardened” phone like some less than stellar companies try to make people believe they need.

I don’t hear anything about any targeted investment like what you describe when i play that. Rather i hear that “privacy is not a feature”. What you ask for sounds an awful lot like (quite niche) features.

So you found your own personal coping mechanism for some niche issue with what was available on Android, and then you come expecting the exact same solution on SFOS? With this attitude you only set yourself up for disappointment.

I have never had anything like the issue you describe, except that sometimes you get stuck on 2G or 3G - but this of course shows clearly.

You could of course always hack something together yourself and maybe it gets a following. Though if it is a 100s of thousands of users sort of niche thing in Android, that translates to basically just you in SFOS terms.

They haven’t implemented telemetry - good so. That’s exactly privacy!
“Investing”… nonsense, buisness talk, ignore

edit: also I’m sure (trust) that SFOS and Sailfish apps both don’t phone home and grab datas from the phone and send it to God knows who. That’s enough for me. I’m aware that the SFOS phone surely is not hardened against strong and targeted hack attacks and a serious attack from a secret service of a state or authority.
But this is anyway senseless, because what shall one do if he is threatened by police or ask by court to surrender the data? In this case, what does a hard to crack phone help?

With SFOS I have my peace from advertising and a very beautiful OS / UI that I can also modify for my preferences and so I’m happy with it.

One can modify the threshlod to which the battery is charged in settings, so it is possible to fluctute energy state between 20–80% of battery, which helps to keep battery health a great deal.

I’m not sure i would equate those two very Android-centric “cloaking” features with being privacy focused.
Especially not that they would be top-of mind.
The best privacy is to not (over-)use silly Android apps in the first place.
Personally i find it silly/funny/sad that this is what comes to mind for most people. Privacy is the absence of tracking and just bog-standard reasonable security. If we think we need active measures, we have already lost.

This is the complication of tracking me as an individual through different apps. Let’s say I have a work account on Facebook and a personal account on Instagram. But even if I have different accounts, Meta will easily determine that I am the same person, and somewhere deep inside it will link both accounts into one, my work and personal life. I only use Facebook and Instagram as examples.

I don’t hear anything about any targeted investment like what you describe when i play that. Rather i hear that “privacy is not a feature”. What you ask for sounds an awful lot like (quite niche) features.

Well, it would be weird for a CEO to make the fact that a smartphone doesn’t have any features an advantage, no? It’s just logic. “We don’t monitor users and we don’t add functionality, we don’t do anything at all and our smartphones don’t do anything, so we’re the best.” No, that doesn’t sound like what he meant.

So you found your own personal coping mechanism for some niche issue with what was available on Android, and then you come expecting the exact same solution on SFOS? With this attitude you only set yourself up for disappointment.

I have never had anything like the issue you describe, except that sometimes you get stuck on 2G or 3G - but this of course shows clearly.

If there are better options, I’ll be only too happy. How can the problem I described be solved on SFOS?

You may be lucky, but the first person who answered me in the thread also wrote that he would like to have such a function. Not everywhere in the world is the connection stable. And not all mobile operators work the same way.

That’s not really privacy. It’s like you have no door at your house, and because nobody is looking you consider that you have privacy.
He is an independent journalist. Biggest threat for him are not the corporations, are the governments. And they are looking into your doorless house even if you like it or not, more so when you are a ‘person of interest’ who doesn’t accept the official narrative.

I assume that governments have enough leverage to interfere in the affairs of corporations. We can recall the same PRISM.

It doesn’t matter what you do, Meta’s algorithm will make the dots between your private and work accounts (through same ip, same pattern in writing, same interests, etc.). At some point in time you will do a mistake and Meta will see it.
Don’t look here for privacy&security, cause sooner or later Jolla/Jollyboys they will sell your data. If they will not sell it, they will be force to do it cause this is how business is done in this part of the world.

Then you should put them on different phones and try to basically never carry them at the same time.
Spoofing of some little identifier will probably help for all of one day.

But doing mental-gymnastics to call your pet features non-features doesn’t mean that’s what they’re doing either.

It will depend on the actual root cause. If it is indeed not stuck on a legacy technology like what would be the normal case.

Well, basically, everything you said is true.

As I already said, I’m not looking for a completely secure smartphone, I’m trying to understand for myself what the security of SFOS is, since the CEO himself talks about it. At a quick glance, it turns out that there is only no telemetry, but even basic things like a random MAC are missing.

With Android and iOS, everything is more or less clear to me - I’ve been using them for a long time.

Or Anom Phone. I trusted more Sailfish when there were russians involved, cause there was an interest to be independent OS, and not have spywares inside. But now…is becoming more and more like Anom.

Rostelecom is completely controlled by the government. And the Russian government is obsessed with spying on its citizens. I have no trust in AuroraOS at all.

That’s not basic, that’s misguided.
Given the other possible problems above, it would not achieve much and thus be nowhere near the top of the list. Surely the silly apps are a much bigger vector than some open WiFi. So as long as you still insist on using them, it’s a lost cause.
WiFi clients also already broadcast requests for SSIDs they have config for to make scanning more responsive. You’d need to nuke that too.