If you have one of the few newer phones supported by GrapheneOS, the developer of DivestOS recommends use GrapheneOS: https://forum.f-droid.org/t/divestos-long-term-device-support-with-enhanced-privacy-and-security/10105/54
If you have an older device, not supported by GrapheneOS, DivestOS is an option.
AOSP → LineageOS → DivestOS (and e)
AOSP → GrapheneOS
Okay, thanks. What about security wise? From what I read LOS is not built for security, why is DivestOS built on LOS if security is the main a major focus?
Edit: Deductive reasoning tells me the reason for this 
is likely because the DivestOS own developer points potential DivestOS users directly to GrapheneOS unless the more rare circumstance that someone doesn’t want to buy a phone supported by GrapheneOS. Thank you for the information shared, I see more clearly (other than question at start of this post, still trying to understand that. Maybe the LOS base is hardened?)
Edit: I must say DivestOS clearly should be given praise, very cool what has been done. It is nice to see people work hard to give back to FOSS community, props! (sorry, USA slang for “respect”)
I need microG for a couple apps otherwise I would flash and try. I have flashed HavocOS and microG myself but that was too much work for me, good learning, but too long of process. 
/e/ fits well for me.
I need microG for a couple apps
Sorry, so sad you cannot be Free of google.
@ Pingo
What about Long term?
Pinephone 2 or 3 (or anything else that is affordable) with AOSP, or Fedora, or Arch Linux ARM, or postmarketOS.
Private company in the back
Not a company. There is no legal entity behind me, and it is just me by the way. Divested Computer Group is just a nicer more professional name I chose.
@ headwaters
#8 is an great comparison, thank you!
with inspiration from Daniel Micay
Micay helped me port the original CyanogenMod 13.0 based CopperheadOS to the OnePlus One with full PaX support.
Furthermore many GrapheneOS patches are included in DivestOS.
DivestOS targets more advanced users
I do try to target more then that.
DivestOS had an optional F-Droid repository, and those apps are being added to the main F-Droid
Just one left! 
includes cloud services […] DivestOS does not.
I have no plans to offer such services in the future.
DivestOS sells a few used phones
These are basically all the unused test devices that I no longer need.
Maybe in the future I will turn it into a model, but I would still stick to minimal margin.
DivestOS adds many security updates.
Every DivestOS device has its kernel run against my automated kernel CVE patcher, patching between 50 and 600 vulnerabilities.
That alone is in my opinion an absolute game changer for devices using old kernels.
See the CVE_Checker on my GitLab/GitHub and the Patch Levels page on the DivestOS website.
Additionally removing proprietary blobs also removes various known vulnerabilities in those components.
See Deblob.sh in DivestOS-Build repository.
The 14.1 branch is patched against CVE-2017-0592.
All branches are mostly patched against against CVE-2019-2306.
N and R have some added A2DP security related patches.
N also has a (likely) no-op FFMPEG patch and a TI WLAN patch.
That is just some of the patching/mitigation of known issues, furthermore there are lots of added security hardening and security re-enablement (-user, relocking, verified boot).
See the Technical Details page on the DivestOS website.
DivestOS has changed some old names of apps, before being public.
connectivity checks
All branches have an option in Settings app to disable these checks.
If you leave them enabled it uses the default Google servers.
Changing it leaks your usage patterns to other third parties and stick out from normal Android’s to network observers.
@ newts
Any idea how many people use each OS for their daily driver?
I have no hard analytics on this.
It is probably somewhere between 600 and 4,000.
@ andrelam
See a lot of patches, /e/ maybe can use some of them
I encourage /e/ to do so.
I would especially like to see them (and others to) adopt my kernel CVE checker/patcher into their build process.
Hypatia […] that App is an UX nightmare.
Hypatia works as it does and I don’t plan all that much to work on it.
I’d rather spend that time providing more security updates to devices via DivestOS.
There is an unfinished recode with an overhauled UI in another branch that I started back in 2018.
Contributors welcome.
NextDNS
They offer a neat service.
But when you can perform host blocking locally why divulge information to a third party?
@ egx470
DivestOS is completely anonymous
DivestOS does not have the goal of making you completely anonymous or completely secure.
Nor does any other implementation provide such an offering.
DivestOS is sending my IP address and a common user agent to Google every time a captive portal check takes place
All branches have an option in Settings to disable these.
Do you know if this is needed for Silence as well?
Silence only uses internet for MMS (to your carrier’s servers) as all SMS apps do.
Might be time for me to move to Silence and bring people (family/friends) with by showing this
I do not recommend this.
Silence is not maintained and is not cross-platform and still divulges information to your carrier.
Please use Conversations or take a skim through other options on my Messengers page.
why is DivestOS built on LOS if security is the main major focus
As mentioned on the FAQ page, DivestOS is based on LineageOS for device compatibility.
Furthermore as also documented on the website, DivestOS enables/restores many if not all security features that LineageOS has disabled.
Not to mention all the additional security features that DivestOS adds.
@ Taurus
an old flip phone
I do not recommend this, especially because it gives you less control into an equally proprietary system.
@all
microG
Maybe too opinionated of me, but I believe most users can get by without microG just fine if they gave it a try.
Signal
Friendly reminder that Signal contains many proprietary libraries whether you download it from Play Store or their website.
Those are:
Furthermore:
–
/e/ team (assuming still true, I haven’t thoroughly checked):
–
Lastly I really do encourage you to take a skim through the DivestOS website.
It has a lot of information on it with a fair bit that is relevant even if you don’t use DivestOS.
DivestOS has the goal of adding more security and more privacy to primarily older devices.
If you have or can afford a Google Pixel, I strongly recommend you use GrapheneOS.
Otherwise, DivestOS is likely the most secure ROM available for devices no longer supported by their manufacturer.
–
I want to additionally note that DivestOS is more then just a ROM, under my FOSS umbrella:
–
Any questions feel free to ask.
Regards,
Tad.
Thanks for this info!
Thanks you coming here, you are welcome.
I like the ton, the form and the content of your post,
Because you can’t easilly whitelist. I used hardcoded hosts file but was not happy with it, a symlink to a external host file would introduce security issues.
I’m sure it works great, but to me it is not clear what it does, and what exactly is scanned. I see this a lot, putting a lot of effort to create an “engine” and then the “car” has to be build quickly around it using cardboard :). But i think you taking the time here to answer some questions and statements is quite nice, thanks.
Dear Tad
thanks for your time and insights. I enjoyed reading your post and I’m happy that we, as in users, are in such a lucky position to be able to choose between different OS’ with different takes on similar problems.
Very nice from you sharing your knowledge with other projects. This is what makes FOSS great and I’m more than not jelly, as I’m not able to contribute due to my poor coding skills.
Dear all, the /e/ team brought this interesting discussion thread to my attention.
So I want to explain something about privacy vs security, because there is often a lot of confusion between the two concepts.
Though they are linked together, you can have excellent security without privacy, and you can have decent privacy without hardened security.
The perfect examples are Apple and Google. They put a lot of effort into security and they call it privacy for marketing purpose.
If you take Google, this translates into: “we are hardening the security of your devices so that you can send us all your personal data in a safe way”. For Apple it’s a little bit different, but not so much in the end, if you consider the recent news about iOS, and if you consider that all your browsing searches on iOS, which is a big part of your life, goes through Google.
Where does /e/OS stand in this story?
The purpose of /e/ is to provide users an option to break free from the permanent and industrial data collection that happens in iOS and Android, for the profit of Google and Apple and a few other big techs. We think that this situation is bad and is a threat to our freedom, to our democracies, and has other bad side effects.
So I want to be clear that /e/OS is currently NOT a security-hardened system. This means that if your device is stolen/lost (1) or if you are targeted (2) by a powerful organization like govs, secret services, mafia… which can happen because of your sensitive activities, /e/OS won’t offer you an extra protection.
Why?
The reasons are :
However we will improve security for the cases we think we can bring an interesting and realistic answer. That is the case for the example (1), when you lose your phone for instance. In this case we will offer users the opportunity to wipe their device remotely, that’s in our development roadmap.
My overall point here is that there are different products for different purpose. /e/OS is designed for a general audience that wishes to regain some control on their personal data, but that is not particulary threatened because of sensitive activities.
Have a good day everyone!
Gaël
Thank you for taking the time to personally respond here Gaël, I truly appreciate it.
But for lack of better words I genuinely believe that /e/OS is actively neglecting users with regards to security. I kindly ask that you and your team take a strong look at what the others in this area are doing and take it into account.
Best regards,
Tad.
So /e/OS is exactly what I use and want to have.
I am a normal citizen who is not afraid of the secret services, but would like to prevent the rapidly growing collection of data, which is often unnecessary for the use of mobile phones.
Keep it up
It would be interesting to know how well the Foundation is growing.
Thanks to your support /e/ OS team is growing at a slow but steady pace.
As a person who has been directly or indirectly connected with the organization from the start I am a witness to this growth. We have a list of team members on our website. Some of the team members mentioned there are not active now but we have retained the names as they contributed to the growth of the organization.
We have a number of new team members who have joined the team full time but their names are missing. I can see at least 10 names missing from the list . Expect the web site team will update the list soon.
A summary of the details of how the finance is managed is also provided on our website - mostly salaries and infra maintenance.
As Gaël mentioned /e/ is not a security hardened OS. Casual browsers who are looking for an absolutely secure OS would do better to try out other options.
/e/ will not change its focus from the average users who want to keep their data safe but at the same time due to personal reasons use popular social media apps. It is a contradiction of choices but most of our users face this dilemma. We at /e/ remain committed to this user group.
Our priorities remain to make the user experience better, increase the coverage of applications for this group of dedicated users and ease up the setup and configuration process as much as possible. It is a tough ask and one that keeps the teams busy.
I agree on that. The interface is simple and not distracting. As a matter of fact, users should only become aware of a threat in case there is one. This is basically the behavior of Hypatia.
Thanks for this nice software.
Thanks for this comment. Maybe there are some simple additions that may help. My uneducated guess is that the Divested Computing Group did a nice service to the community by building Hypatia (A real-time malware scanner) - https://f-droid.org/packages/us.spotco.malwarescanner
Linux users are familiar with ClamAV and might appreciate this tool. Maybe it is worth to be considered for optional inclusion in /e/.
So far I can confirm the claims (fast, low energy consumption, simple) by the Divest developer(s) (albeit I cannot say if it is really working).
did a nice service to the community by building Hypatia
Hypatia is absolutely completely useless compared to my CVE checker/patcher program
It allows any developer to patch any kernel against hundreds of known vulnerabilities with only a few minutes of trivial work. It is the best thing we can do for these old devices with old and outdated kernels.
There should be no misunderstanding. A maleware scanner has a slightly different purpose.
A patched system is the foundation.
I think the ability for /e/ users to re-lock the bootloader would be a big security improvement wouldn’t it? Not trying to sound sarcastic - genuine question/suggestion. From what I read online it is a big security risk to leave bootloader unlocked.