We have moved to a new Sailfish OS Forum. Please start new discussions there.
41

sailfish X - still private?

asked 2017-10-10 20:58:04 +0300

sfinnie gravatar image

updated 2017-10-11 13:28:09 +0300

jiit gravatar image

Hello, I'm considering updating my Jolla 1 to a Sony Xperia X with Sailfish X. Privacy is one of my key motivators - and was similarly so when I bought my J1 in the first place.

Invasive data collection is the norm on all other mobile platforms (even so-called "open" variants - see e.g. here). I can imagine that, for a small company like Jolla, the option to sell data must have very tempting financial rewards.

So: I'd be very grateful if someone could confirm. Does Sailfish X on an an Xperia track behaviour, use, or send any other kind of telemetry to Jolla or any other party? If so, can it be stopped?

As someone who believes in the right to privacy, this is a critical question for me. And, to be clear, it is something I believe in sufficiently to pay money for. So: I would happily pay an annual "subscription" fee for Sailfish in return for a privacy guarantee.

[And in case anyone is wondering: it's not because I want to do illegal things. I simply believe that I should have a choice in what data I share, with whom, and when].

Thanks.

edit retag flag offensive close delete

Comments

12

Now this is a great question!

tortoisedoc ( 2017-10-10 21:28:10 +0300 )edit
1

Good question but in my opinion its not there business plan to sell data. User data is escpecially usefull if you get a lot of data sets at once and jolla don't have the numbers of users to make this profitable. The big players in the web can provide data for advertising in a much better quality then little jolla. IMO the biggest threat to privacy lays in the usage of third party software and onlineservices in general. If privacy is extremely important you can use a unregistered sim, vpn and no personalized services (email,shopping) on your phone.

h.berd ( 2017-10-10 22:31:36 +0300 )edit
3

What made you doubt it will be the same as before?

attah ( 2017-10-11 09:58:17 +0300 )edit

@attah: several things. (1) the world has moved on a lot since I bought my J1. (2) A data sharing agreement is a plausible part of an agreement between Jolla & Sony. Not saying it is, just that it's never been stated either way as far as I can find. (3) I'm deciding on my next phone. If sailfish continues to respect privacy, then that means I'm willing to consider a (much) reduced set of phone options and features compared to Android/Apple. If it doesn't then I see much, much less justification.

sfinnie ( 2017-10-11 10:58:46 +0300 )edit
6

If in doubt, tcpdump.

gabriel ( 2017-10-11 11:29:43 +0300 )edit

2 Answers

Sort by » oldest newest most voted
21

answered 2017-10-10 21:56:36 +0300

mattl gravatar image

updated 2017-10-10 21:57:05 +0300

To my knowledge Jolla as a comppany is registered to Finland so they are under Finnish laws. My understanding of our laws is that if some one is keeping a registery of you, they are obligated to share a copy of that data to you on request. I think this is the law on EU in general.

On their privacy policity on their site Jolla Privacy Policy they say that "We do not share your personal data with third parties without your express authorization"

But then when you read on they collect all kinds of data, anonymously they say.

edit flag offensive delete publish link more

Comments

7

Thanks, particularly for link to the privacy policy. It gets into very grey territory on 3rd party / anonymous use as you say.

It would be great if someone from Jolla gave a definitive statement.

sfinnie ( 2017-10-10 22:22:19 +0300 )edit
16

They only collect data through the *jolla.com websites. There's nothing to track in the OS itself - only the Store application phones back home to get the available applications/software updates. That said Sailfish is still (and looks like it will forever be) partially proprietary software, so can't really be trusted in general, and there are also barely any security measures in the OS itself.

nthn ( 2017-10-10 23:26:20 +0300 )edit

The question still remains if maybe the Xperia X does something in the network related parts of its hardware that SailfishOS cannot control.

ossi1967 ( 2017-10-11 13:40:41 +0300 )edit
2

@ossi1967 there's always a concern with closed binaries and inaccessible baseband firmwares. Jolla 1 used a Snapdragon 400 SoC from Qualcomm, which has a Gobi GSM/UMTS/HSPA radio with a - you guessed it - closed baseband. The Xperia X is no different. Sailfish or not, there's no way to tell what that stack is doing.

deprecated ( 2017-10-11 15:57:10 +0300 )edit
9

answered 2017-10-18 13:20:31 +0300

sfinnie gravatar image

updated 2017-10-18 18:53:11 +0300

Having had no official answer here, I asked Jolla directly via support. Quoting:

Short answer: No, we are not selling personal data. Our privacy policy - describing the personal data we collect and how we use that data - is here : https://jolla.com/privacy-policy/ .

Note this was specifically in response to whether data was being shared with commercial organisations. There was no response on sharing with nation state agencies (NSA, GCHQ,...). However, that could well be symptomatic of legal restrictions (in which case the lack of response is possibly a canary in itself).

Personally, I'm more concerned about my data being sold or made available to commercial organisations. So the official response is what I wanted to hear. YMMV of course.

Postscript: it seems narcissistic to accept my own answer. However, it's replaying the official Jolla response, which is what I was looking for.

edit flag offensive delete publish link more

Comments

4

Jolla is based in Finland and NSA and other similar foreign agencies doesn't have legal way to force Jolla to give them any information (they can always hack and use other dirty ways etc.). Also current laws gives Jolla an option to deny any finnish authorities requesting information without court order.

EU laws topped with Finnish privacy laws are pretty strict atm, but they are in the talks of renwing the local intelligence laws, so that might change at some point if they manage to drop some trojan horse inside the law package.

avhakola ( 2017-10-18 13:33:45 +0300 )edit
Login/Signup to Answer

Question tools

Follow
8 followers

subscribe to rss feed

Stats

Asked: 2017-10-10 20:58:04 +0300

Seen: 2,052 times

Last updated: Oct 18 '17

Related questions

Browser: Support for custom search engines [answered]

Bug: Gallery photos cannot be shared without metadata to Twitter/Facebook [released]

Private mode in web browser [released]

Enhance security & privacy options for native Apps

Mail application should not load external references (e.g. images) automatically [released]

How to reset device lock-code? [answered]

Permission control for apps

refresh tracker [answered]

Enhance basic privacy

ipv6: cannot set use_tempaddr

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49