DivestOS vs. /e/ OS - security and privacy easy

Other than CalyxOS are there any mainstream/semi that aren’t forked from LOS?

@Pingo

Here is a good high level video on /e/ in my opinion. The concern on this thread regarding personal data in /e/'s cloud services starts at about 3 minutes 55 seconds. When you use /e/ you are not forced to use their cloud.

Where your data goes depends on self education and learning, it is completely subjective. What is right for me will not be right for you. A couple resources to learn about to help:

-/e/'s own cloud, it isn’t end to end encrypted (E2EE) yet but it is on the roadmap. If this worries you maybe consider one that is E2EE, MEGA or pCloud Crypto (pay extra for client-side encryption drive, main drive is server side encrypted similar to /e/'s currently), or Cryptomator preupload.

-Reading at PrivacyTools, Mike Kuketz, EFF, and searching the forum here.

Very good comparison.

About Cloud, I’ll add my 2 cents : /e/ is the only Android ecosystem I know providing a self-hosting solution.
Very usefull about confidentiality concerns :wink:

4 Likes

I have appreciated this statement because it has made my mind work. At the same time it is very depressing. I say this because it makes me believe there is zero (or close to it) probability any of us can go to be completely anonymous online, either with DivestOS, /e/ or any OS without EXTRAORDINARY effort. The amount of effort very few will go to, including myself, because I am just an average cellphone user who wants privacy.

If you watch the video below with CalyxOS’ lead engineer he explains at the 17 minute and 30 second mark why they leave NTP, Connectivity Check, and Captive Portal with Google’s default Android servers. He says its because the only info transmitted is the phone’s IP address and a common user agent. Can this combination not be used by Google to further fingerprinting in accordance with with this statement?

  • “If you can’t think of ways Google may correlate all the sources of info’ they have to de-anonymize you when you’re not logged in to a google service, then you haven’t heard of Total Information Awareness or Edward Snowden. Does your ISP or phone company know who you are? Do they know your IP address when you are online? Would they sell this info’ to make more profit?”

Another point, if you download Privacy Breacher from F-Droid and choose “Phone Information” it clearly shows you all the fingerprinting information applications can see, again going back to the quote above. How much of this is sent to Google/other tracking entities by basically any app from Aurora? Seems we all are 100% confined to verified open source apps to escape this. How probable is this for you? Again, its subjective. This coupled with your internet browser fingerprint and whatever other information from your phone is providing I don’t think it is realistic to believe anyone using /e/ or DivestOS is completely anonymous. If I completely disable microG on /e/ am I now more anonymous than DivestOS because DivestOS is sending my IP address and a common user agent to Google every time a captive portal check takes place when /e/ isn’t? One can go to great lengths to stay private, make one small mistake and the cover is blown, you’ve been " de-anonymize"d. As we see this quickly gets into the weeds.

If all this is correct much of our decisions on what OS to use are subjective and may or may not change as we gain more knowledge and understanding of how these intricate systems all work together. For me I like microG for a couple apps that I sandbox in Shelter and one I don’t. Other than that I use FOSS apps that shouldn’t be leaking fingerprinting info. But based on “Total Information Awareness” and what Google is collecting from what I have already outlined, my cover is blown. Again, my subjective desire is to minimize what’s being captured.

Hoping people can lift and not pull down while at the same time showing with genuine information why something could be improved and back it up with facts or data. /e/ is great, its not perfect but I like the direction its going in. I am going to flash DivestOS and give it a drive. Edit: I just don’t have the time to learn how to build DivestOS custom, I need microG for a couple apps and there is no native support. After reading a bit SkewedZepplin/Tad seems pretty cool. I love how engaged Tad is on the F-Droid forums.

5 Likes

Totally agree.

About MicroG, i asked something simular here but never got answered.

Sometimes i get the feeling those kind of questions are received as an “/e/ attack”, thats not my intention.

2 Likes

@newts

I will have to look into push notifications. I thought they would come from individual app based servers and had no idea everything is google.

It depends which apps. If the app requires microG to work, yes. Some apps can send notifications outside google, with no microG. Conversations is an example. It is recommended by DivestOS.

@egx470

Can you outline for DivestOS as well? What connectivity checks exist, as well as back up? Why is this better than /e/'s approach?

You found a good description link. Also, DivestOS has a user setting: choose connectivity check On or Off. Adb commands can do it, but a setting is easier. If On, your requests look identical to billions of other devices, except IP address. If Off, you can have difficulty using open Wifi. Who trusts those?! See GrapheneOS FAQ “What kind of connections do the OS and bundled apps make by default?” GrapheneOS gives choice: Google or GrapheneOS servers. I hope DivestOS will soon offer Off-On, and a list of several servers to choose.

Thank you for the CalyxOS video. Of network tradeoffs, DNS is a weaker or more intrusive area, as said there. Whoever you use for DNS, they get a lot of tracking info. Proprietary apps from playstore or apk mirror sites are a bigger concern. DivestOS host file method of blocking tracker sites at system level is good for stopping some of it IMO.

There are more ways for more privacy, but that is beyond the scope of this topic.

I agree it is personal choice what is important and how to balance it. IMO E talks too much about the “bare” OS, and not enough about what happens after users install all their favorite apps and re-Google.

a good high level video on /e/ in my opinion. The concern on this thread regarding personal data in /e/'s cloud services

It’s a good overview. He falsely says E staff do not have access to data on their cloud servers, because it is “encrypted.” As already said, this is false. On possible selling data, he only talks about e foundation. Not the partner companies. I feel he is guessing, and does not know the markets for data.

“You can kinda trust that” app store did not inspire trust. I do not trust people who give me reasons to doubt they can be fully trusted.

4 Likes

/e/ lets me have a smart phone that doesn’t require a Google or apple account (or any account for that matter) and which is privacy conscious enough to calm my anxiety and which can be incredibly private if I am sensible in what apps I install. Yet I can also install a couple of apps that unfortunately I need like WhatsApp and slack. I’m not going to use something like divestos because I still need to live my life, communicate with family etc. I like /e/ a lot.

1 Like

@headwaters

Thanks for the dialogue. I appreciate your point of view and info you shared, helped me learn more. There is clearly a market for both products. :+1:

1 Like

FLOSS at its best:

https://divestos.org/index.php?page=our_apps

Many of the nice tools, like Hypatia, are useable in /e/ too. Can be easily installed via f-droid.

3 Likes

I installed Hypatia, “scan done”, well thats usefull feedback…, uninstalled within 2 minutes, sorry but that App is an UX nightmare.

:point_up_2: This would be a great addition to /e/OS for those of us that would appreciate not needing a connectivity check but would still like to have the option to turn it on. It would be nice to have it turned off by default. The more information leakage we can control the better. This also would be nice given the current fallback from /e/'s servers are Foogle’s which is verified on the "What is the current state of De- googlisation on /e/ ?" document. Note that it admits, “This is a temporary, not ideal, situation because this solution relies on the confidence users can have in our project and infrastructure.”

@Manoj do you know if such has been discussed or considered?

1 Like

A lot of options are discussed and where applicable implemented. You can also raise this issue in gitlab where the developers can comment on it.

1 Like

Why still the google fall-back? seems to be very easy to create a second connectivity check… /e/ Source here (Pie)

2 Likes

Looks like this could be done from an in home, self-hosted NextCloud, no? Add the PHP 204 file or Apache webserver config. (both ate present in self hosted NextCloud, correct? ie can create PHP files in server OS and/or Apache database)

Can the terminal commands to the phone be done via ADB without root?:point_down:

“Then, in a root terminal on the phone I entered the following two commands, from pat_512 in the Fairphone Forum (see links below).”

settings put global captive_portal_http_url "http://198.51.100.24/204"
settings put global captive_portal_https_url "https://example.com/204.php"

This might be easy for you but average user… A bit overwhelming :+1:

Thank you for sharing.

2 Likes

Oh i did not mean every user should do this, just wanted to share knowledge ;). By the way i tested this in my custom build and it works ok (the php way). So what i think /e/ should do is fix this, and remove the Google link in the source. I also got annoyed about the private dns calling home thing which i reported a year ago!, and this is also easy fixable…

evil code here

3 Likes

Do you know of a published list of hosts to manually block in NextDNS or do you just manually watch the logs?

I just went into the log and found ......dnsotls-ds.metric.gstatic.com getting through so I added metric.gstatic.com to the denylist. Now to see if all sub-domians are blocked as well. I do have a number of blocklists already enforcing…maybe I need to add more?

You sparked me to check this with this👇 so THANK YOU!

Edit. Just found this as well👇

1 Like

With NextDNS, connectivitycheck.android is blocked.
I have decided to trust NextDNS even if it is not open source. Before, I used Quad9. But in any way, one have to trust a DNS server, so why Quad9 should be more trustable that NextDNS ? So let’s go for NextDNS.
Any opinion ?

1 Like

Hello.

https://www.fdn.fr/actions/dns/

:wink:

4 Likes

I like the FDN.
But NextDNS allows to filter and monitor.

Something I have notice in NextDNS : we have to allow “mtalk.google” in order to have Signal notifications work properly.

2 Likes