I kinda agree with the sentiment in the articles from an AOSP/lineage/cyanogen perspective.
They should definitely embrace the Telegram FOSS fork [1] and OSMAnd~ [2] (which is a superb offline navigation tool btw) and remove all Apps that require the Android 10 firebase hockey-based notifications. [5] and [6]
A lot of apps use this for convenience and because it was _required_ since AOSP 10 but there are ways to work around that requirement with a high priority notification.
I would additionally recommend to use AppWarden [3] and Blokada [4], because both are amazing additions for an Android device.
Firefox for Android, though, is still a nightmare with all the telemetry. The old TOR Browser 9.5 series is based on old Firefox pre-quantum, 10 is based on Firefox post-quantum.
The issue with current Firefox and TOR Browser is that Mozilla decided to include the Adjust-, Firebase- and LeanPlum-SDK which introduce now more user tracking than ever before. You'll even sometimes see different A/B UIs based on your browsing behavior (not kidding) and geolocation, and of course this happens more often with Orbot being used as a Proxy.
(You can verify this via AppWarden if you don't trust me)
Besides, some of their practices like redirecting every blocklist through their own mirror (blokada.org/mirror) and in some cases through their URL shortener (go.blokada.org), makes me think they're not really as private as they claim to be.
Also, Blokada leaks DNS connections over TCP and doesn't let you set your own DoH resolver.
Those SDKs have indeed no place in Tor Browser, though at least they appear to be disabled. Have you witnessed Tor Browser sending telemetry data to these services on Android?
The issue I have with their response is that they argue that it's disabled because it has no API key. I think that's not a real solution because that can change at any time. A request sent is a request sent, relying on the server to block it is the opposite of what TOR initially stood for.
I witnessed at least the Leanplum SDK taking action, and I thought I broke the App tbh. After a restart of the phone and clearing all caches via the Settings App I could verify that it happened a second time.
But I have no idea whether it was a "chrome://" Page with an externally included JS - or triggered by the underlying SDK directly. In Firefox pre-quantum (pre fenix 9.5), the Extensions Page included Google Analytics for a while, so I was assuming that my installation process of uBlock Origin and uMatrix triggered it somehow down the line.
I decided to roll back to TOR 9.5 after it happened the second time on the same day and now I'm building my own Browser (Tholian Stealth) anyways... so I didn't decide to investigate further than a casual look at the codebase where LeanPlum still seems to be littered all over the place. [1]
Thanks for the details, I think this should be properly investigated, and if you find any request to telemetry services in Tor Browser, your findings should be made public.
The description of the package on fdroid literally states that it still connects to mozilla's and google's services. [1] So yes. It probably also includes the firebase and adjust sdk.
> Please don't post insinuations about astroturfing, shilling, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
One of the things that feels a bit problematic here - the webpage is avoiding mention of the fact that this is still Android. In essence, this is still Google's OS and the team has decided to start a fight against Google by taking their opensource and perpetually fight against the main developer by removing their proprietary component.
I don't think this is a fight that's sustainable - a giant graveyard of Android privacy forks shows that. In the end, the major contributor to this OS is and will remain Google.
In that respect, Purism's PureOS seems like a more sustainable effort.
I don't think the graveyard of Android privacy forks is that big? All I can think of is CopperheadOS which died because it was company-backed. You could argue CyanogenMod died, though really it's still well alive in LineageOS. (and CyanogenMod wasn't really privacy-focused)
I have a very high respect for all the work that's been done on the various GNU/Linux mobile distributions, but it's still so far away from Android wrt usability...
I agree there is something weird about fighting Google with Android, but still it makes perfect sense.
From a business or engineering PoV, you want best features for the fastest MVP. Android gives you just that. Actually it goes way beyond, /e/ didn't do much of engineering, they mostly re-used what's done by the Android FLOSS community. (Honestly I don't really like /e/ because they basically don't give anything back to the community but well).
If /e/ is ever successful, they can hire many engineers to actually fork Android to have their own. That's what Android did for Linux in the first place anyway! Most OEMs have a lot of changes to their Android, even though they keep using Google apps, and they are just fine. I'm pretty sure that Samsung have an order of magnitude more changes in Android than LineageOS (which /e/ is a pretty direct fork of), and they maintain it just fine.
The original developer of CopperheadOS is continuing the work as GrapheneOS, after a split with his former business partner, over dilutions of the privacy guarantees, among other things. https://grapheneos.org/
Micay, of GrapheneOS and original creator of CopperheadOS, is not some random.
They have pushed AOSP security ahead and have made many upstream contributions over the years.
I remember when Micay first released CopperheadOS.
I spent most of early 2015 learning enough about kernels to eventually successfully port it to the OnePlus One in November of 2015 with near full PaX support.
https://github.com/Divested-Mobile/DivestOS-Build/blob/c0083...
Micay originated the Android Hardening Project, I believe it was called, and is the brains behind what was CopperheadOS, and now the superior GrapheneOS.
CyanogenMod, as the name suggests, was explicitly a nod to add in features that didn’t exist before.
That was indeed a losing battle because Google has far more resources to add features ans beat CyanogenMod.
On the other hand, a de googlized and privacy focused platform provides something that Google can never provide.
There’s also a change in the environment surrounding all
Of this. Thanks to the weaponization of Android by the American government, every country and company in the world is looking for a De GoogliZed alternative.
Cyanogenmod is still alive and thriving as LineageOS. The goal was never to beat (Google) Android, it's just a custom ROM that provides many desirable features.
/e/ mostly uses LineageOS code without providing attribution. They have a fair fight ahead of them and the Android FLOSS community benefits from this internal competition.
This was the conclusion I came to after using android 4-5 for a while.
Android is not designed for the community to be hacking on it. While these projects occasionally appear they don't last because of the incredible amount of work required to maintain them. You're much better off finding a normal Linux distro/phone pair that can make phone calls etc.
Nowadays I single-handledly (well almost, I do have some contributors, thanks to them) maintain a pure unmodified Android that works on hundreds (probably thousands) of different devices.
It has become a lot easier thanks to Project Treble.
Thanks for the ROMs you produce. Do you recommend any particular devices (phones and tablets) to use a device-independent ROM?
As far as I could see in your GitHub project wiki, most devices tend to have a few glitches (probably due to issues in the hardware abstraction layer from the manufacturers side?): https://github.com/phhusson/treble_experimentations/wiki
I could see some that look mostly flawless, like Samsung Galaxy Tab 8.0 2019. It'd be good to have a curated list of preferred devices. Buying Android devices with ROMs in mind is quite frequent, and your generic ROMs are a huge leap ahead!
Doesn't the DRM stop working once the bootloader is unlocked? That'd be a big concern since most streaming apps would refuse to install or work in that case.
What other such changes is Google pushing into Android that discourages unlocking the bootloader / rooting?
That's a globally incoherent mess, I'll try to summarize, but the TL;DR is that depending on the device and on the streaming service, it ranges from "it'll just work after bootloader unlock" to "nope, there is no way to get it to work", with an intermediate of "shitload of hacks are required".
So first point about the DRM itself:
- Google here is "benevolent". Devices are allowed to keep working Widevine L1 working after bootloader unlock (without needing relock), and it does work just fine on Pixels.
- Some devices clears their key after bootloader unlock, so unlocking means you'll never get Widevine L1
- Some devices have the key tied to being locked, to relocking will work
- Some devices doesn't have restrictions, but have poorly written drivers that need to be hacked around to allow to work on unlocked bootloader
And then, there is the extra issue of what streaming apps decide to give you. For instance Netflix will not use Widevine L1 even if it works unless your device is whitelisted. So if you flash a "simple" alternative ROM on a Pixel 5, you still would get only 480p. The ROM needs to lie, and tell it is the original Pixel's ROM. (Also Netflix won't be listed from PlayStore unless the ROM lies and says the app that yes the bootloader is locked)
In my opinion, the biggest vendor lock-in about bootloader unlocking is that you'll loose all your data when unlocking, with no way to properly backup your data on stock ROM.
I guess it depends where your priorities lie, but this effort seems _more_ sustainable to me because it can run most proprietary android apps, and everything on F-Droid right out of the box.
PureOS has to try and reimplement an entire mobile app ecosystem just to get to parity with existing competitors.
The way to go, IMO, is having Android emulation on your device for backwards compatibility.
SailfishOS has this, and doesn't do tracking.
PureOS and Purism One implement some FOSS techniques and rebrand them. I believe Nextcloud does this as well. Not sure why projects don't clearly mention what they're based upon, especially when its a lot like original.
The thing is, there aren't any desktop apps—much less Linux desktop apps—for the types of things I need to do on my phone. On an Android phone, I can buy train tickets (NJTransit), deposit checks (Chase), and have telemedecine appointments with my doctor (MyChart).
I don't know if all of these would work in e.foundation, but presumably at least some would run.
Unfortunately, I chose all of those examples explicitly because they can't be done on the web—they can't be done on a desktop device at all! :(
The telemedecine app is a big one I think about. I don't know what I would have done if I hadn't had a modern iOS or Android device when the pandemic hit in March, and my doctor appointments suddenly moved to this remote system.
On the other hand by being Android you get to run all the Android apps out there.
What I seek in a phone is control over my privacy, not necessarily a vegan FOSS system.
What that means is things like:
- Fine-grained control of permissions to apps (e.g. access to rear camera only, access to only city-level accuracy of locations, access to read from only directories I specify)
- For apps that insist on having permissions to things like location and wi-fi scans to use them, the ability to make the app think it got said permissions, but receives fake data. And no, Android's mock location feature doesn't work, because apps can check if the feature is enabled or not
- The ability to fake IMEI, phone number, contact list, installed apps, and other identifying data
- Ability to generate fake IMU, proximity, temperature, barometer, and all other sensor data that could conceivably be used for fingerprinting
izacus' comment is exactly about that. That keeping it deGoogled is a constant uphill battle, and it sounds good in theory, but as previous forks show - according to izacus - it's eventually a losing strategy.
LineageOS does not support MicroG officially, you will not receive support from them so I don't know what your benchmark for sustainability is.
The officially stated reason (I'm paraphrasing) was because it allows for fudging the signatures of apps and services on the OS, and this breaks the security model.
What do you mean? LineageOS currently supports 164 devices, and LineageOS 17.1 was released a few months ago with 75%[0] of devices moved over to it currently. LineageOS 18.0 is in the works as well [1].
Why do we have to give access to our entire hard-drive to share one file once? How is it legal for someone else to give away your phone number, your addresses for the last 30 years, your email addresses, and the rest of your personal contact information, along with all the contact information of everyone else they ever met to any app they like? Why can apps run your mic and camera 24 hours a day in the background because you wanted to record a gif once? Why should an app be able to read every sms for all eternity because they wanted to verify your phone number once?
Ungoogling is a fine step but the whole thing needs to be rebuilt:
- Sharing Contacts: Should be illegal and removed as an option. Apps shouldn't be able to trick/coerce/incentivise people to harvest and sell other people's private information. When people give out their phone numbers and addresses they do it with some expectation of care, not with the intention of having it immedietly uploaded to Flappy Bird. The most that should be allowed is perhaps some sort of hash of contacts to be able to bootstrap some friend graph, but that's it.
- Sharing Files: There should be a single general default "file manager" app that acts as the intermediary between your files, and other apps, giving them only the files they need for the specific task at hand. Permission for the filemanagers themselves can be given with multiple ALL CAPS permission warnings not to do it.
- Camera/Mic/Location: Trusted intermediate app should capture and provide the data needed for the task at hand. At the absolute minimum, permissions should default to only recording while the app is open (like android location now). Persistent background recording should only be allowed after multiple ALL CAPS stern warnings and suggestion to reject unless absolutely necessary.
- SMS/etc: Have intermediate trusted apps select and share the specific messages you need to share for the task at hand.
In short, data access should be handled by few, trusted, vetted, intermediary apps, with heavily gated permissions for those apps themsevles; and sharing other people's private contact information should be illegal.
Because J Random Grandma just wants to share photos of her grandkids or whatever and doesn't understand all this "computer nonsense". I agree that security needs to be rethought, but putting more moats / popups in the way is not going to work. We already learned that from the past- it doesn't matter how many warnings you put in a web browser, those that are uneducated are still going to mash the install button to get those Comet Cursors or whatever.
I'm curious how this will change when the entire populate has more tech knowledge in general. A few decades, and everybody on the planet will have grown up with computers, and a couple more past that and everyone will have always had a smart phone.
I'm not super hopeful though. Security and Privacy are always a tradeoff with convenience. And if I've learned anything during my revolutions on this planet, it's that we humans really love convenience. I'd say this will keep getting worse until we get a massive data breach... but we've already had a few of those and aside from it being on the news and maybe a congressional hearing, nothing changes. So I think it will keep getting worse until we find out what the market will bear. And I'm morbidly curious what that will be, even as I scream into the wind attempting to prevent it.
Good point but one additional advantage on mobile is the app stores. Currently apps are (supposed to be) rejected if they ask for more permission than their app requires. The problem is that the permissions themselves are too broad. If permissions were divided between regular permissions and super permissions where the latter were flagged for extra approval time and care in approval, it seems like you could have a scalable system vetting the handful of apps that risk asking for them.
Additionally it seems like you could design proper super warnings that get adhered to. Do you know of any interesting examples of really severe/gated warnings that are consistently ignored? If you try to visit a website with a bad certificate, for example, it's almost impossible to get to it.
>Good point but one additional advantage on mobile is the app stores.
True. That, however leads down the walled-garden path. Which honestly might be our best bet, but I'm not comfortable with that thought. In order for the walled garden to work, you have to trust the gardener, and I don't trust any of the current ones.
This is sort of how iOS works(worked?). To share a photo, you had to go find the photo you want to share, then pass that photo explicitly to the app/context you wanted to share it. So a model where you push the content you want into the share app, the app itself was unable to request (pull) data.
I'm using e.foundation for a while now on my Moto G3 (osprey) and it's working ok despite a few camera/gallery crashes here and there.
The only thing I'm not really fond of, is that the apps come from an opaque source (https://info.cleanapk.org/). I also found no information on how those apps are signed, and how this is checked. Upon asking them, someone pointed me to a git commit where an outdated public key of F-Droid was used.
Yeah, that's the thing that would worry me the most: it's nice and all that I can use many regular Android apps, but how do I know that that's safe? In practice, I'd probably still restrict myself to F-Droid, like I do today - the only app I'd like to use in addition is our Corona warn app.
Yeah I'm following that, but I'm from the Netherlands. I do hope that once the German app works, the Dutch one will follow - the issue tracker of the Dutch app has an issue, which links to the German one.
Doesn't /e/ just take Lineage OS, install microg on top of it add their crappy launcher, and then take $$$ as donations. If anyone deserves donations its Lineage or MicroG. Donate upstream instead of this.
I think part of their approach is also to sell refurbished phones (or, in partnership with Fairphone, new ones) with /e/ preinstalled, lowering the barrier to entry. There might be more, but I'm not too familiar with them.
I've been using /e/ as my primary smartphone for a couple months now. It's certainly usable: The experience is more pleasant and integrated than stock LineageOS + MicroG, but there's still quite a few rough edges.
I hope they can make a go of it, but I think it'll take adoption by a deep-pocketed sponsor (Samsung? Huawei? The German government?) before it would be polished enough to be a real contender for non-technical users.
But I do think the idea of an Android fork that maintains some compatibility with existing apps is more likely to find success than something like Sailfish OS, that's entirely distinct.
I have been using it for I think over a year now as my only phone, on a Samsung Galaxy S9+. It's honestly not much different from Android (although a little out of date), and the only real issue I have is that installing software is a little inconvenient. (The built in app store doesn't work reliably.)
Right. It's fine for me since I use free software as much as possible anyway. The only applications I've sideloaded are WeChat, Teams, Discord, Target, Instagram, and WhatsApp, all of which work fine.
Edit: and Google Maps. The built-in mapping software doesn't have good enough traffic estimation.
I like Waze because it tells you where speed cameras and cops are. I've used osm+ and maps.me before. They are decent but google maps and Waze have much better routing and directions.
I've been using it for a few weeks: It doesn't force you to put anything on the cloud. If you choose to create an /e/ account, it makes it easy to sync/backup to their cloud services, but it's completely optional.
Unlike Google or Apple, you're not required to create a cloud account just to use your own device.
The cloud "just" uses davx5, which you can ignore, or use to sync to your own nextcloud server, or you can create an account on their nextcloud instance.
I obviously use my own nextcloud.
Some mircrog stuff is enabled by default, which means it does allow apps to talk to Google for eg. push messages. It's not much work to disable, though.
I looked at /e/ extensively before buying a new phone and ultimately settled on GrapheneOS. I'd much prefer the de-Googling to be combined with a focus on security, where Google has admittedly done some important work for Android. I'm sure it's not quite as functional as /e/ given the lack of integrated Google services and other bits and pieces, but a surprising number of apps work perfectly without these things and I rarely miss them.
I would also recommend Shelter for a work profile for non-open source apps, which one can install on one of the Play Store clones such as Aurora.
Thanks for posting this. I spent some time looking at how "de-Googled" GrapheneOS is. If you define "de-Googled" as meaning the phone makes no connections to Google servers that you do not explicitly acknowledge/permit, then GrapheneOS is still far from "de-Googled". Just to give one example, SUPL. There are also plenty of unGoogled-Chromium patches GrapheneOS doesn't apply. I'm not saying GrapheneOS isn't way better than the Android that ships on phones, but it's misleading to pretend they care about de-Googling as a first tier priority.
GrapheneOS does do some privacy oriented work, but it's far more focused on hardening.
I look forward to examining /e/ and CalyxOS since their focus is more heavily on privacy. For my use cases, I'm less worried about hardening than privacy.
Also, it's a lot of work to keep Android both up-to-date and de-Googled. I started patching GrapheneOS and realized I did not have the bandwidth to maintain the patchset. And still had no good answer for SUPL. Hopefully CalyxOS and /e/ have maintainers with the bandwidth.
/e/ uses all of Bromite's patches as well; I asked them to mention this in the About section, since it is basically a rebranded Bromite that they are shipping.
I am using /e/ for quite some time now, and I'm really happy.
Both articles seem like intentionally done by someone trying to scare people away from trying privacy-friendly and easy to use OS.
About https://intangiblesheep.neocities.org/rants/eelo.html:
- Most users would prefer Magic Earth even though being not open sourced, because AndOSM sucks, and Magic Earth is much close to Google Maps quality.
- No one is forced to create an /e/ account, but if you decide to create one it is much less likely your data to be used, because /e/ doesn't sell ads like Google.
- Lineage OS has no privacy enhancing features, while /e/ removed all calls to Google servers. This improves privacy a lot!
About second article which is not even published anymore.
- Since when collecting money by crowdfunding makes a company bad?
- It is a lie that /e/ doesn't do anything new. Check here:
https://doc.e.foundation/faq#is-e-lineageos--microg
- the ROM still falls back to google’s DNS : This have been fixed many months ago.
- th/e/y don’t accept negative feedback : I have been in /e/ chat and there is so much negative feedback there and no one gets kicked out, I wonder what he did to get kicked out.
Seriously, this all looks like someone who doesn't like privacy trying to scare people away. Admit it no one is going to use a hard to install or hard to use OS. /e/ is the best option if you want your grandmother to have some privacy while still being able to use android apps.
I got the Silent Circle Blackphone [1] (or silent phone) back in 2016.
My experience was terrible battery life, slow to update operating system, overall lack of attention.
E Foundation strikes me as quite similar, I have high hopes for privacy in the mobile space but unless someone really can fund that indefinitely, I don't see updates going out for a $600 smart phone (499 euros) for the lifetime a phone should have.
/e/ don't have their own device. You can for example buy a Fairphone 3 with Android and get /e/ on it, or buy a Fairphone 3 via /e/ with /e/ on it. The battery life of Fairphone 3 is good with Android, and good with /e/.
Duval will cash in on this using every trick and loophole he can. The "3rd party" app store is shady as h/e/ll, and they know no limits to deceit. If you trust th/e/m, you probably trust Wikipedia too, which is just one place they tried and failed to take advantage by breaking rules and using sock puppets.
If you don't have a 'droid device supported by GrapheneOS or CalyxOS, have a look at DivestOS for something more original, and privacy and security focused, without cloud "services."
I vouched for your comment, since the linked article does bring up some good concerns and I see nothing wrong with your comment. The only one I dug into further was the connectivity check, which appears to have been resolved. I can't speak to any of the other issues that are raised in that article.
Sounds really nice to me. I recently bought another LG V20 and had a small adventure installing LineageOS to it. The phone reboots randomly at times, which is unfortunate, but I haven't explored the possibility there's a fix for it out there somewhere.
How can this be "de-googled" but I can also use "all my favourite apps"? I'd love to step away from Google, but I have some requirements on apps from the play store for work (slack, okta) and personal communication (whatsapp).
WhatsApp actually provides an APK download on their website[0]. I'm not entirely sure whether they keep it as up-to-date as the version on the play store though.
/e/ provides its own Apps store, which have many apps including ones from F-Droid, but if you like you can also install something like Aurora and install any app. Not 100% work with MicroG but it is still great for privacy.
How did he manage installing applications such as banking apps from the place store?
Unless you’re going to be sideloading the app how do you know that you’re getting official banking app and not just downloading some file online.
What's to prevent me from buying this phone for its modularity and repairability, and installing lineageOS for their (presumably better) software support?
Last I checked /e/ sells devices with unlocked bootloaders, known vendor security flaws, and known vulnerable kernels.
They also include a number of proprietary apps.
And at one point were sending off your exact location for weather lookup over HTTP to a proprietary service.
Extremely immoral.
Here's some reading that covers the basic points though:
https://intangiblesheep.neocities.org/rants/eelo.html
https://web.archive.org/web/20191224031946/https://ewwlo.xyz...