Dear all, the /e/ team brought this interesting discussion thread to my attention.
So I want to explain something about privacy vs security, because there is often a lot of confusion between the two concepts.
Though they are linked together, you can have excellent security without privacy, and you can have decent privacy without hardened security.
The perfect examples are Apple and Google. They put a lot of effort into security and they call it privacy for marketing purpose.
If you take Google, this translates into: “we are hardening the security of your devices so that you can send us all your personal data in a safe way”. For Apple it’s a little bit different, but not so much in the end, if you consider the recent news about iOS, and if you consider that all your browsing searches on iOS, which is a big part of your life, goes through Google.
Where does /e/OS stand in this story?
The purpose of /e/ is to provide users an option to break free from the permanent and industrial data collection that happens in iOS and Android, for the profit of Google and Apple and a few other big techs. We think that this situation is bad and is a threat to our freedom, to our democracies, and has other bad side effects.
So I want to be clear that /e/OS is currently NOT a security-hardened system. This means that if your device is stolen/lost (1) or if you are targeted (2) by a powerful organization like govs, secret services, mafia… which can happen because of your sensitive activities, /e/OS won’t offer you an extra protection.
Why?
The reasons are :
- we currently have more than enough work implementing features and bringing improvements on the privacy aspects, and make it auditable by using open source
- we think that whatever extra security features you put in a computer system, if you are targetted by a powerful organization, you will eventually be compromised. There are hundred techniques for a powerful organization to get their hands on your data, and sometimes the most powerful ones are not the most technical, and history has shown that reaching “perfect security” is an endless mouse and cat game.
However we will improve security for the cases we think we can bring an interesting and realistic answer. That is the case for the example (1), when you lose your phone for instance. In this case we will offer users the opportunity to wipe their device remotely, that’s in our development roadmap.
My overall point here is that there are different products for different purpose. /e/OS is designed for a general audience that wishes to regain some control on their personal data, but that is not particulary threatened because of sensitive activities.
Have a good day everyone!
Gaël