The headline improvement is one that was already trailed by Ville in his recent Sandboxing blog post. From now on, any app that defines an application profile will be automatically sandboxed. This is currently an opt-in process; any app that isn’t updated in this way will still run outside the sandbox. As a user this means you will start to see some third party apps bring up the sandboxing dialogue on first run. You should already be familiar with this from 4.2.0, in which the Jolla apps were already sandboxed. In 4.3.0 Suomenlinna you’ll start to see this more often. Users can of course still run apps however they want, but can feel more confident when running apps inside the sandbox.
This is an important security advancement, and follows the roadmap Ville described towards having all apps sandboxed. We’ve been careful to increase security without compromising user-control, and we think you’ll appreciate the extra peace-of-mind that sandboxing brings.
That’s a big new feature, and a welcome one, too. As usual, this new version also includes improvements to Sailfish’ Android application support and its web browser, among other things.
I still want a Sailfish phone… it still mostly seems beta for any phone that works for carriers in the USA.
I’ll preface this by agreeing that no phone is secure or immune to interference from coercion by any of government. None of them are. But as far as I can tell Jolla must be almost entirely dependent on the Russian government for funding. So take that into consideration along with any claims of security they are adding, just as you would with Google, Huawei, Apple, Amazon or Microsoft.
Jolla is licensing their technology to the commies.
Ha, I am still waiting on my Librem 5. By the time that shows up, it may be based on Debian 15…
It’s good to be sceptical when it comes to security. You can, if you like, review changes being merged into the operating system in the Sailfish OS repositories; you’ll find the sandboxing code there. It’s true this doesn’t give you a full picture, or a guarantee of non-interference from any particular party, but it may help increase your confidence.
https://github.com/sailfishos
https://github.com/sailfishos/sailjail
https://github.com/sailfishos/sailjail-permissions
As long as the network stack and driver models are not secure and updatable the potential for forcing obsolescence as well as bad security via “no longer being updated” arises. None of the big players want to address this as they want to keep selling us solutions to problems they created or admit they are selling us junk the first time around. I cannot think of a single vendor which is honest about this.
It naturally follows on that “economic security” (which is a real thing) is translated into security for the big monopolies so the whole thing perpetuates.
If the Russians funded a genuinely open and secure and end user updatable platform you can guarantee the President of the US would start making allegations and threats and hurl blacklisting and sanctions around. You know it. This is not to say the Russians are innocent of everything because they are not. It just shows how vested interests get away with it even where that directly harms security and wellbeing of citizens.
On this note… everyone seems to have moved away from Kaspersky, which historically has been one of the best Anti-virus pieces of software, purely on the fact it is a Russian company. All other AV are differebt levels of trash. Either they take too much CPU/RAM, or don’t protect enough..
I use Kaspersky Security Cloud on my Windows 10 PC. Not letting it add its security extensions to Chrome or Firefox, though. Not using its password manager either.
Johann Chua,
It’s hard to know what’s trustworthy anymore. Software used by US Military & Pentagon was attacked not long ago. Ironically a lot of high profile breaches happened thanks to the security software they installed. The Russian government were suspected of doing it.
https://siliconangle.com/2020/12/14/us-government-software-provider-solarwinds-confirms-hacked/
https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little
This raises suspicion that any security software from russia could be compromised (justifiably or not), Yet this isn’t unique to Russia, we know that other countries are guilty of the same thing. Companies from Israel and Signapore were caught bugging software used by foreign governments. China is often accused of bugging products. The US Snowden leaks revealed the scope of US guilt and corporate accomplices.
https://www.cnn.com/2021/11/03/tech/nso-group-us-blacklist/index.html
https://www.cyberscoop.com/android-malware-china-huawei-zte-kryptowire-blu-products/
It’s difficult to trust any products anymore. I think that proprietary products are especially problematic because any government pressure will happen behind the scenes without a public record. Also, with telemetry & tracking becoming normalized, it is opening up more opportunities to leak information without detection because it’s encrypted and the code is proprietary.
It’s understandable being wary of the Russians especially given the politics but I don’t trust the US an inch either. The US snooping on Merkel, using dirty tricks against Airbus, unexplained deaths around the Greek Olympics, the attempt to push the appalling TTIP behind closed doors, Microsoft and Google telemetry and data snooping, the appalling social media companies, the collapse of the European IT and IC manufacturing industries… Then there is the Far East with its state subsidies and dumping practices to gain market share.
I hope we get to a better place because I find the current zeitgeist utterly depressing.