How good is /e/ privacy based LineageOS fork?
1y 4mon ago by sopuli.xyz/u/TuxEnthusiast in privacy@lemmy.ml from sopuli.xyz
I'm looking to get a custom ROM that has good compatibility with my device. Would you recommend /e/? I couldn't find a tutorial on how to install it with Linux but I don't think it should be that hard to figure out.
/e/os is often behind on Android monthly security patches (sometimes up to a month or more!) and the apps they fork I have heard also often lag behind upstream. It also doesnt do much to deblob the ROM if proprietary binary blobs.
Comparison table of Android ROMs: https://eylenburg.github.io/android_comparison.htm
Came here literally to comment this. Hooooly fuck, I would not trust /e/ as far as I can throw a Fairphone. Good thing they're compostable, becauze that's the only up they have on a Graphene flash.
Until I can take a basic actionable step to ensuring my information is safe like LOCKING MY BOOTLOADER... I am good over here.
It’s pretty solid. I use it daily and don’t have any big problems. Install is simple. Just install adb and fastboot from your linux repository. This should cover the most of the installation requirements.
I don't know if installing from the repositories is such a fantastic idea. I've had instances where I've almost fucked up a device because I installed the ones from the repositories and they weren't new enough. I would recommend downloading the ones from Google directly.
Edit: the cli platform-tools
Sounds like either a terrible bug or user error. Which in both cases should be fixed.
Well, when I tried the one directly from the repository, my version of Android would not boot, but then I downloaded the one directly from Google and did the same commands. And it booted. So yeah, either it was a bug or something.
Sounds pretty straight forward. What is compatibility like? Have you tried any banking apps?
I have ING app, it works seamlessly through microG but I don't need it for basic use of the app. I don't use my phone to pay for stuff.
Haven't had any major apps not work on it. Except one banking app for a while in the beginning, but works now
I have no banking apps on that phone, sorry. So I don’t know if they work.
Their easy installer is why many people I know installed it, but it only supports 21 devices and mine wasn't one of them, so I can't say much about usability or security. If yours is one of them, there's also a Linux guide on their website: https://doc.e.foundation/easy-installer
Yeah. I love the idea of the easy installer. Mine isn't listed either.
I love the idea of the easy installer.
looks at GrapheneOS installer.... Literally just 3 buttons on a Website you have to click, all of the steps easily written with clear instructions for Linux as well as windows
looks at /e/ installer
- finds 5 Websites with installers for /e/, all of them apparantly official ones, decided to use https://e.foundation/installer/
- Site dosent let you view this instructions without JavaScript.
- enabled JS
- Cant even use fcking Firefox to view this installer because a fcking pop-up Blocks my sight
- goddamn privacy oriented Android Rom Website recommends using Microsoft edge or Opera (both of which are privacy nightmares, especially opera)
- smashes pillow against the wall
I give up. If you call that bloated peace of dierrhea an „Easy installer”, you could just as well say that gentoo is easier to install than mint.
I know that GrapheneOS is really easy to install. Problem is that I don't have a Pixel.
My Problem is not that you dont have a Pixel, but that /e/ 's Website is literal dogpoop, and that already tells a lot about their OS. Like, they are in a literal conflict to support other, maybe even more privacy friendly backup for cloud systems because the already have their own
Does your phone support anything else? LOS, Calyx, etc
Does your phone support anything else? LOS, Calyx, etc
Yes only LOS
Thats still better than using /e/. Just download the one without MicroG
I've used it for almost five years, flashed it myself on my FP3. I disabled microG and I'm very careful & strict about what I install on my phone, also their Advanced Privacy set of tools is pretty good. For my threat model is more than enough and I am very happy overall. Never had any serious issues, or even mildly serious ones tbh, despite people yelling about Android security updates arriving late. There was an outage in their cloud services in October that required a complete revamping of their server infrastructure and that took months but I don't use their cloud so I wasn't affected at all.
Here is a good comparison. As a reminder, there is no privacy without security, so if you live in the US (or anywhere that illegal searches happen regularly), I'd argue a less secure solution is by definition a less private solution.
From the looks of it GrapheneOS still seems like the beer choice by far..
Basically, but not everyone has a pixel or can afford to buy a new device.
I recently picked up a pixel 7a on ebay. $200 for like new condition. Probably the current sweet spot for value and remaining years of support.
$150 for a refurb Unlocked Pixel 6 from eBay. That's both cheaper, more ecologically friendly, and better for your privacy than /e/ can ever hope for.
GOS team are some elitist jerks, sure, but what they make works well. And I respect the fuck out of Calyx for being committed to making something like MicroG work.
GOS or Calyx, either is gonna be miles better than /e/. /e/ is running their 'native IP scrambler' on a two-year old commit of TOR. Fuck everything about that.
/e/ has good but not perfect privacy. It still contains connections to Google and they added a tracking parameter to their update calls.
Their update cycles are very slow. You are usually one to two months behind monthly security updates. Full bulletins are a year behind and Webview is a problem as well. They ignore this point and do not realize, that Insuffizienz security is a privacy risk AS well.
So if you want good privacy with a convenient user experience and without thoughts about security, here you go.
Depends on how far you want to go. From what I've been able to tell, they pedel a lot of flashy metrics and still had a bunch of google calls. Some of which you can manually remove, same as LOS. I would avoid buying into their cloud and keeping an eye on things yourself, if you want to install it. I saw them rebrand a bunch of OSS tooling as their own products back then. Don't know if things changed since then, but I don't trust the marketing.
Im using it for a couple of years. I flashed my fairphone 3 by my self back then, before the easy installer. It was the first time i did something "advanced" with a phone, but it worked quite well. After my fairphone 3 died, I bought a Fairphone 4 via murena. So everything was already installed etc In total I am happy with the Os. Their goal, the release of privacy oriented OS for everyone (so f.e. even my parents could use them) is quite of a utopia I suppose. But still, the team and community are doing a good job.
Yeah I already heard about grapheneOS, but its not working well with fairphone right? So murena it is for me :) And I would recommend to people, who are aware of the downsides and are little enthusiastic :)
After my fairphone 3 died, I bought a Fairphone 4 via murena.
wait you didn't buy a replacement battery? 🤨
It wasnt the battery, sadly. Some Fairphone3 have the issue, that their mainboard(?) is breaking down after a couple of years without any clear reason - and I was the lucky one. Its the only "unreplaceble" part and kind of phone breaker. Sure, you can replace this too, but it would somheow be like buying a new phone. At this point, the fairphone 4 was alreasy released, so I took the upgrade. Fairphone 4 and 5 have now a waranty of 5 instead of 2 years. So at least on this point ill be save for 3 years more :>
Oh ok 👍
What phone do you want to flash on? Is it in this list? https://doc.e.foundation/devices
Doesn't support Galaxy phones unfortunately.
I kinda took out my old phone (Sony) and flashed on that.... And running parallel while I degoogle myself.... Takes some time to change all email registrations from govt. And tax authorities to other external services like docs, banks and stuff....so doing dual phone for a fee weeks and then dropped main phone (fairphone5) to fully shift on e/os phone (sony).. And then will reset the ex-main phone (ff5) when degoogle is complete... I am too busy these days so it's taking very long. (Also clean up Google inboxes and then back up vs. Backup and then clean up old inboxes is a struggle for me). Once fully complete I will flash ex-mainphone FF5 with e/os as well and switch to it And then use the 2nd phone to shift my partner and kids slowly. And in a year or next upgrades I think I might buy my family older pixel phones and flash e/os on them.
Maybe you should also get a side phone to start the project.
Not bad idea.
I think it supports Galaxy S9
A couple of my coworkers use it they are pretty happy with it and it works good from what I’ve heard :)
On the surface. DivestedOS has a whole laundry list of bugs and defects that /e/ hasn't patched in yeeeeaarrs. Including how many holes their so-called 'IP scrambler' actually has.
Your coworkers would be safer with stock. Or Lineage. Or literally anything else.
Personally I hear it had been a mixed bag. Hopefully time has refined this... Old stories about digging up old LOS images, bare minimal patches, and release under e branding with no consideration for security/hardening. Buuut that was info from a grapheneos vs eos forum, or something. Do your research, you know what sub you're in.
I used it for a few years on Oneplus Nord, and a few days ago switched to pixel7 with LineageOS. First impressions are that e/os was much more usable out of the box.
I surely have worse experience with banking: Revolut and SmartID app just refuse to work due to rooted phone (worked well on e/os). Other bank app is somewhat more broken - on e/os it didnt fully load but at least showed notificatioms on each transaction, now doesnt and is useless.
Could be due to newer android version on LineageOS though, I didnt investigate that.
very very bad
very very bad
Care to elaborate?
/e/ greatly reduces security vs. AOSP via added attack surface, weakened security model and slow patches.
https://eylenburg.github.io/android_comparison.htm
https://privsec.dev/posts/android/choosing-your-android-based-operating-system/
Damn. That's such a shame, I was considering the fairphone with /e/ os but it's looking less and less appealing. I guess flashing it with CalyxOS and removing/replacing microg might be the better option. Either that or bite the bullet and get a pixel n' flash GrapheneOS to it.
I deeply aplreciate your expansion on the matter :)
GrapheneOS is the best option we have today.
Don't forget to donate to the project.
Even at the cost of using a Google phone? In any case if I decide to go with it I'll be sure to donate match the price of whichever pixel I end up with ty :)
Hard truth: outside of GrapheneOS there is very little security and privacy gains from a custom Android OS over stock.
From best to worst:
Graphene OS
iOS
Stock Android / non rooted custom OS
Branded stock android
Rooted phones of any type
EOL phones
iOS second? What a joke.
Sorry its true. The app sandboxing and private relay alone are better then anything stock or these lower tier custom android os provide.
I'm pretty sure you implied that the ranking was based on security and privacy. I don't see the privacy benefits of using iOS over a custom privacy OS.
Do your research then. I'm not here to hand hold you through this.
Privacyguides.org is a great place to start for beginners.
Their forum is also a much more informed community then what you will find here or god forbid r/privacy
👍
That seems like an overly black and white position over something that can be either quite valid or entirely nonsense depending on the situation and/or threat model.
Something's are just more secure and private then others. That's just a fact. For example, as of now GrapheneOS is the most secure and private consumer mobile OS. There is no gray area.
Now whether your threat model requires it, can be much less black and white.
But users here tend to gamify privacy and think they should get whatever the "best" one is. They tend to do whatever the most upvoted github list tells them to do.
Rarely do I see someone like yourself, who considers threat model.
GrapheneOS wins, but whether iOS is more private than CalyxOS or /e/OS I think is very gray, and depends on the threat model, and on most devices they are going to be a significant improvement in privacy, and often security, over stock Android.
And privacy may not be the only consideration when choosing a device.
Since my threat model includes mainly surveillance capitalism (and no evil maids or targeted attacks) I don't particularly feel like trusting a big tech that's running their own targeted advertisement system.
Personally I think if you look at what privacy features CalyxOS actually offers or read reviews from someone like kuketz you realize its pretty lacking in both privacy and security.
What Calyx does offer is a decently degoogled experience for people who don't have the budget, access, or want for a Pixel with GOS.
I understand your issues with Apple, that's fair. OTOH I think their offerings, such as private relay, RCS messaging by default, properly implemented sandboxing are objectively better privacy features then what most android operating systems can offer. They also are much more reliable in terms of security updates.
I also have had issues with Calyx using pretty obvious lies to market themselves such as saying the OS can't be tampered without your knowledge. Not that Apple doesn't have its fair share of blemishes.
And you think degoogling offers no obvious benefits in terms of privacy?
I do. I think its a bit overblown as none of these operating systems are completely degoogled.
I think its much better to focus on things like not having apps with privileged access this includes, a lot of peoples go to play services replacement, MicroG.
I can empirically say, that just switching from stock to a degoogled ROM gave me a significant battery boost. I have no idea what that thing was doing in the background, but it's already doing a lot less of that.
For microG... Until UnifiedPush becomes more widespread the choice between having your notifications go through FCM and halving your battery life is going to be a tricky one.
Good call deleting that trash comment.
Yeah I would put it #1.
Why?
When a mobile hardware is only from Apple.
I have read this several times, and still have no clue what you're trying to say.
iOS should be number one when limiting hardware only made by Apple.
root allows system-wide adblocking. thus more privacy, not less privacy
Root also adds massive attack surface which easily outweighs those benefits. Not to mention non rooted DNS solutions provide a similar benefit.
Security != Privacy
That's idiotic. Your data being insecure is inherently not private.
They are two sides of the same coin.
So more security equals more privacy? Is that why iOS is second in your rankings?
Not necessarily, there are tons of things that are very secure but not at all private.
But.. having a massive attack surface and known security issues and thinking your data is somehow private because you use a FOSS application is silly.
EDIT to answer your edit: partly. I mean regular timely security updates seems to be a struggle for most of these android OS but also because it provides a bunch of privacy by default options that these other android ROMs don't such as a private relay, default RCS messaging, and makes them easy for users.
You do have a good point. However, I can’t consider a proprietary operating system like iOS truly private. It may be secure (certainly more so than stock Android and some random custom Android based ones) but if I can’t be sure that my operating system isn’t spying on me, then security alone doesn’t matter much for me tbh. Apple’s operating systems are no exception to this.
So, in a ranking that considers both security AND privacy, iOS being the second one is questionable. However, if the ranking is based solely on security, then I have no issue with it.
sigh
My evidence is something being proprietary and in the hands of big tech (in this case Apple). What makes you blindly trust in Apple's words?
I didn't like my tone in my last response so I apologize.
Something being propriety isn't evidence of anything nefarious nor is something being from a large company. That's not evidence at all.
I'm not trusting Apples word, the privacy feature examples I've mentioned are proven working methods. Unless you have some source showing that RCS or their private relay don't work in someway.
I don't know about you but if I don't know what a program that I can't inspect the code of does, I'll just assume the worst case scenario. I can't prove it but you also can't prove that it isn't doing something shady, can you? So what if I am using Private Relay? Apple will know what websites I visit or what I do with my phone as long as I use their proprietary operating system and who knows who they'll give it to. And with this, I am saying it again: Apple's operating systems are no exception to this rule.
So you actually inspect the source code of everything you use?
This whole line of reasoning really only works if you have the expertise to understand the code in the first place. Otherwise you are just shifting trust from what the company tells you to what a third party looking at the source tells you. Sometimes that works but its in no way fool proof.
There is open source malware. FOSS /= trustworthy the same as closed source /= not trustworthy.
If you don't trust Apple that fine. Some people won't ever use a Pixel because they don't trust Google. It doesn't change the fact that Google currently makes the most secure, hardware wise, consumer smart phone. The point being this shift in trust is more of a personal choice then a good privacy or security practice. Just as using something like e/os or lineage over iOS is.
No, of course I don't. I am not as paranoid as Richard Stallman, but I am also not as pronoid as the average human to just use proprietary software when there are similarly functioning open source software. With open source software, you can inspect the code and compile the code that you inspected. This is not true for something like iOS.
And of course, FOSS malware also exists (for example the recent xz data compression program). But guess what? You can find if it is really malware or not because you ultimately can inspect the code and compile the code you inspected. That is also why the malware in xz was found out. Who knows what there is in closed source software you can't inspect the code of. Do you perhaps believe in security through obscurity?
Using open source software is always an advantage. Praise for privacy software should be earned through the ability to verify them, and not granted by default.
Windows is rooted by design, and that's completely fine by everyone and their dog
Lol nobody is calling windows secure or private. Nobody even mentioned it.
Companies literally pay thousands of dollars a year in hardware and enterprise software to make up for its deficiencies.
It's hard to compare the security of systems. Also how is IOS number2!? Theres a lot of research put into finding holes in hardware and software since they are so popular, also they have backdoors for the government baked in along their walled garden.
Speaking about privacy, there are alot of gains from passing from a closed source ROM to a open sourced one. Or even better to an open sourced phone running Linux(yes I know very few can daily drive them).
On security it's complicated and depends on many factors.