First: He is also a known privacy expert.
He critizizes that the “fully” degoogled /e/os is not fully degoogled.
@Shakatus “there is simply nothing better”, with such a statement is not compatible.
Other critizized points:
- The usage of microG should be chosen by the user to ensure that connections to google are really deactivated if the user wants to
- On each update request a unique identifyer is sent to server which is definitely a huge drawback in terms of privacy and it is not necessary. It was hided from GUI which seems a bit suspicious
- The updates take too much time. It is maybe not possible to ensure immediate updates but the last periods 40 - 50 days is too long even when saying “we are not secure but privacy friendly”. There is a minimum requirement for an OS to be useable. And this crosses the red line. And this does not include the unbelievable delay for webView.
- When using “unterstütztes GPS” (supported GPS (don’t know the exact translation)) supl.google.com is called. A better approach is to use a proxy server so google is not able to identify the device/user (like Graphene does with supl.grapheneos.org). The same goes for “https://agnss.goog/rtistatus.dat”
- A filter list is downloaded using bromite.org which is outdated (the filter list nearly one year old)
- Lack of information about dev team
- Not easy to install (harder than other custom ROMs)
- No defined update times
- Verified Boot is only supported for a few devices
Summary:
Security:
- Increase speed of updates
Privacy:
- Do not enable microG per default but on users decision
- Eliminate the OTA-ID for update requests