A few questions of a newbie

Hi, Iam using Lineage OS (CyanogenMod) since quite a few years. Now Im thinking about switiching to e. While informing about the rom, there came up three questions.

  1. When Im buying for example the Pocophone F1 and install e on it, will it have the current security Patch?
  2. When Im using the e-cloud in which country is my data stored and how it is secured? Is there an end-to-end-encryption?
  3. Is there a root functionality like magisk or the standard lineageos root integrated? I want to use apps like AFWall+ and AdAway

Hi,

To 1: I don’t understand this run for the newest security patch. Be careful on internet, don’t install unkown things fron unkown sources and no security patch es needed. On my phone alk security patches are very, very old and SeLinux is disabled. But on my phone is no keylogger, virus or malware.
But … you will get with eOS the same security patches as with LOS

To 2: the e.foundation server is located in europe as far as I know. If you want be secure, you can host your e.drive on your own home server. Howto you will fin in forum

To 3: eOS has no root as default, but you can flash magisK for your own.

1 Like

The question of the server location is also very important to me.

According to IP 51.75.90.184 the server location is in Kassel, Germany.

The requirements of the regulation (EU) 2016/679 General Data Protection Regulation GDPR [EU Data Protection Basic Regulation (EU-DSGVO)] should be complied with.

Why the important aspects of /e/ cloud services are not clearly communicated remains an open question for me. If /e/ is fully committed to data protection, then transparency is an important askept.

P.S. In my opinion, Self-hosting /e/ Cloud Services is not suitable for laymen or “Mom and Dad”.

On the servers we had a response from Gaël here… quoting the same response in full …

e.foundation is at 51.15.109.81
There are servers in quite a few different places, depending on wether they are used for compilation, website, community, gitlab…
They are all in the EU, hosted at OVH, Scaleway and Hetzner, or lent by companies such as Webaxys and Nexedi.
The main website is at scaleway. As it’s using Wordpress, it propably still has some links to 3rd party content providers / CDNs. It’s a shame but unless we switch to another CMS, we don’t have the resource to fork and maintain all the wordpress source code and the plugins that are used, and unfortunately, wordpress developers don’t seem to do any effort to provide an option to disable all these options…

Will check if there are more detailed references on the website as well …

Yes, you’re right. The “right” search with the /e/ search function depends on the relevant search word. I can do this better in German than in English.

My IP 51.75.90.184 research comes from utrace*.

Yeah, data collection’s the big deal. I cannot judge whether Wordpress is necessary to operate the /e/ a safe home for all your data.

Thank you for all your answers.
But one question is still remaining.
How is my data secured? When im uploading a vid in ecloud, will it be end-to-end-encrpyted so no one but me can access it?
I dont understand why such an important point isn´t adressed on the official page or in faq. At least for a cloud, that promises data safety and stuff.
And how are the contacts and calendar secured?

Mhm, what kind of files are you backing up? Strictly secret ?? And have you thought about why someone would want to ‘steal’ your calendar dates?
I mean, security is good and you should take care of your things, but … you shouldn’t overdo it.
Or are you an activist like me and have to protect yourself from the ‘law’, the executive and your opponent?
Then again, like me, you shouldn’t store files in the cloud. And action dates should not be in a foreign cloud and the contact data of your comrades should not be at all.

You didn´t answered my question. I asked about how my data is secured. It was a simple question. Is my data end to end encrypted or is it not? Is there an encryption during the transport to the servers?
Im not an activist but I want my data to be secured. And it is possible to store data online with a high level of protection during End-to-End-Encryption. Without End-To-End-Encryption every admin or someone who has access to the cloud servers can access my vids or pics.
This is not about data about a new weapon system. But it is a matter of privacy.
So please just give me information which steps ecloud is taken to protect the userdata.

1 Like

There is not E2E yet.
Adding E2E to each /e/ service like online storage, calendar, mail, notes… is very complex in term of secret key management for instance, and compatibility with existing clients.
We have this in our roadmap, but probably not short term.

The status on this is:

smartphone data <- TLS encrypted -> /e/ cloud servers decrypted/encrypted <-> storage & backups (encrypted)

Therefore /e/ admins have a responsability because they could read some user data.

That’s the reason why we now offer the ecloud part available for self-hosting, for users who wouldn’t trust us.

2 Likes

Yes, that’s right, because I’m only a user like you. But Gael has answered now, so everything should be clear for you.

Thank you for your reply.
Im happy to hear that you plan to adding EtoE.
With this replys i think it the right choice for me to use Eos and cloud services.