Hi, Iam using Lineage OS (CyanogenMod) since quite a few years. Now Im thinking about switiching to e. While informing about the rom, there came up three questions.
When Im buying for example the Pocophone F1 and install e on it, will it have the current security Patch?
When Im using the e-cloud in which country is my data stored and how it is secured? Is there an end-to-end-encryption?
Is there a root functionality like magisk or the standard lineageos root integrated? I want to use apps like AFWall+ and AdAway
To 1: I donât understand this run for the newest security patch. Be careful on internet, donât install unkown things fron unkown sources and no security patch es needed. On my phone alk security patches are very, very old and SeLinux is disabled. But on my phone is no keylogger, virus or malware.
But ⌠you will get with eOS the same security patches as with LOS
To 2: the e.foundation server is located in europe as far as I know. If you want be secure, you can host your e.drive on your own home server. Howto you will fin in forum
To 3: eOS has no root as default, but you can flash magisK for your own.
The question of the server location is also very important to me.
According to IP 51.75.90.184 the server location is in Kassel, Germany.
The requirements of the regulation (EU) 2016/679 General Data Protection Regulation GDPR [EU Data Protection Basic Regulation (EU-DSGVO)] should be complied with.
Why the important aspects of /e/ cloud services are not clearly communicated remains an open question for me. If /e/ is fully committed to data protection, then transparency is an important askept.
On the servers we had a response from GaĂŤl here⌠quoting the same response in full âŚ
e.foundation is at 51.15.109.81
There are servers in quite a few different places, depending on wether they are used for compilation, website, community, gitlabâŚ
They are all in the EU, hosted at OVH, Scaleway and Hetzner, or lent by companies such as Webaxys and Nexedi.
The main website is at scaleway. As itâs using Wordpress, it propably still has some links to 3rd party content providers / CDNs. Itâs a shame but unless we switch to another CMS, we donât have the resource to fork and maintain all the wordpress source code and the plugins that are used, and unfortunately, wordpress developers donât seem to do any effort to provide an option to disable all these optionsâŚ
Will check if there are more detailed references on the website as well âŚ
Yes, youâre right. The ârightâ search with the /e/ search function depends on the relevant search word. I can do this better in German than in English.
Thank you for all your answers.
But one question is still remaining.
How is my data secured? When im uploading a vid in ecloud, will it be end-to-end-encrpyted so no one but me can access it?
I dont understand why such an important point isn´t adressed on the official page or in faq. At least for a cloud, that promises data safety and stuff.
And how are the contacts and calendar secured?
Mhm, what kind of files are you backing up? Strictly secret ?? And have you thought about why someone would want to âstealâ your calendar dates?
I mean, security is good and you should take care of your things, but ⌠you shouldnât overdo it.
Or are you an activist like me and have to protect yourself from the âlawâ, the executive and your opponent?
Then again, like me, you shouldnât store files in the cloud. And action dates should not be in a foreign cloud and the contact data of your comrades should not be at all.
You didn´t answered my question. I asked about how my data is secured. It was a simple question. Is my data end to end encrypted or is it not? Is there an encryption during the transport to the servers?
Im not an activist but I want my data to be secured. And it is possible to store data online with a high level of protection during End-to-End-Encryption. Without End-To-End-Encryption every admin or someone who has access to the cloud servers can access my vids or pics.
This is not about data about a new weapon system. But it is a matter of privacy.
So please just give me information which steps ecloud is taken to protect the userdata.
There is not E2E yet.
Adding E2E to each /e/ service like online storage, calendar, mail, notes⌠is very complex in term of secret key management for instance, and compatibility with existing clients.
We have this in our roadmap, but probably not short term.
Thank you for your reply.
Im happy to hear that you plan to adding EtoE.
With this replys i think it the right choice for me to use Eos and cloud services.
I can imagine that. Protonmail is offering a beta for a calendar now and it took them quite some time as itâs E2E-encrypted. And the problem with these services is: when you loose your password your data is gone.
Clear, thanks.
Here are some ways other projects are working on this:
Yes, thatâs right, but the calendar itself is not useable, no sync, not import. I donât know if it is because encrytion, but I fear thatâs the reason
is not clear for me.
What does âdecrypted/encryptedâ mean ?
Is the storage on the cloud currently encrypted ? Completely, none or some parts of it ?
What userâs data can or cannot be accessed by admins ?
If the servers get hacked what unencrypted data is available to the attacker ?
Thank you for answering this precisely, please.
And have you thought about why someone would want to âstealâ your calendar dates?
So you think people leave google because they have things to hide or have secret calendar dates ?
If /e/ wants to be a serious alternative, they should communicate what happens to the user data, including in the /e/ cloud. How do I know my data is not being sold to third parties for advertising ?
I installed /e/ OS recently and I love the experience, but the poor communication around user data and the defensive replies on this forum are not a good sign.
We all have the same goal of more privacy and more control over our personal data. Letâs work towards that.
Good question⌠I found some answers on the following pages.
Besides this, if your data is used by /e/, this should be written in the agreements the users accepted. If there is no agreement, they are not allowed to use the data in any wayâŚ
The cloud service (e.email account/calendar/ sync) is outsourced to Nextcloud, and my user data is not encrypted there unless itâs on âmyâ server.
(you can find this info in your e.email > settings > Privacy tab)
This adds a layer of Data Risk that I think is not clearly addressed in /e/ 's privacy policy.
Under e.email > settings > Privacy you can see that two people have access to your data (I guess theyâre two Nextcloud admins), and they didnât say where my data is stored.
Trust is everything and /e/ 's approximative communication is not helping to build that trustâŚ
They could show me the ringfence; show me that the Nextcloud guys will be fined into oblivion if my data leaks or is illegally accessed or sold there. A clear chart of where my data goes and who can access it under what terms (including nextcloud), could help. Just my two cents
