[FEATURE PROPOSAL] Provide a simple, reliable and secure way to wipe the device

Start with the why:
It is safe to say that /e/ users are somewhat sensitive to privacy and security aspects. Therefore, the tagline “my data is my data” should also apply from a physical perspective.

Use case rough:
Sadly, it is probable that one loses its device or the device gets stolen. Surely, storage is encrypted, and one can add a relatively secure PIN, but there should still be the possibility to wipe the device → peace of mind.

User journey:

  • User enrols his device - voluntary
  • Trigger: User loses its device :frowning:
  • User can login to /e/ web interface
  • User can hit a wipe remotely button - should need to confirm
  • Bonus: User gets confirmation if the device has acknowledged the command

Some assumptions and remarks:

  • I think the implementation could be pretty basic → peace of mind

  • Android seems to support a remote wiping feature since version 2.2 - questionable, if still around? Google Find My Device?

  • Generate or use a device-specific signature - trust

  • Build enrolment backend service, which is associated with /e/ user account

  • Maybe a simple native app for enrolment and periodically listening/requesting for a wipe request

  • Enhance the current /e/ web app with a management view or build a dedicated web app accessible via /e/ web interface - it probably depends a bit on how loose or tight this is coupled with Nextcloud.

  • I would assume that the request is triggered via mobile data connection but could also be done via SMS but would then require mobile number registration with /e/ and may also be less secure

1 Like

Good idea. A few corresponding apps:
FindMyDevice Open Source
Prey Freemium Open Source

I’ve not tried both of them so I don’t know if they will work with /e/OS.
There are a few more]such apps, but at least some of them may require Google services
alternativeto .net/software/prey/?platform=android

Tried Kaspersky’s solution a while ago, worked as expected.

Hi folks, thanks @Lyerbird & @smu44 for your inputs. Much appreciated!

I’d love to go for OSS, but if you look at the reviews/value propositions of both tools, one remains a bit unimpressed.

These days, Kaspersky seems to have a somehow questionable reputation. I think, I would then rather opt for Bitdefender. But as you also mention, no guarantee that this will actually work with /e/.

If there would be an easy way to backup and restore the device, I could give it a try. But I think this would be a hassle.

So long story short: I still think that this is an essential feature and should be well tested. But this might be a minority opinion.

Consider: Somebody just needs to visually hack you while you are entering your PIN, steal your phone and then bye bye data with no way back. You could of course still app lock every critical application, but the UX takes a big hit…

1 Like

Yes and no but…but it needs all sort of ressources: Expertise in different areas, time&money. To quote the developer of fmd:

I am working full-time.
This project is my free-time and i have spent a lot of time in this and still will.
If there are bugs i will try to fix them as soon as possible, but my full-time job has priority. If it takes too long to fix something you can of course try to fix it by yourself and contribute to this project.

It is “easily” done with TWRP but some effort and considerations still necessary

@Doppel-D thx for your feedback.

Sure thing, it is a challenging feature. And I also think Nulide’s initiative is highly laudable - going to donate some. But at the same time, he also mentions: “If this app doesn’t work, it’s not my fault, it’s the fault of the holy Satan and the missing lines that weren’t on the right spot.”. And I think this is NOK for a security relevant core feature. Maybe /e/ could also collaborate with Nulide? /e/ doesn’t need to go all Purism, but my data should be my data… :wink:

I love and support FOSS initiatives like Pine, /e/, Mozilla, Ubuntu Mate, etc. But also my time is limited. It takes a lot of effort and time to get things to a good state - if you have a certain set of requirements. At the same time, it is of course also highly impressive what has been achieved - especially in the context of /e/.

For me, the migration is adjourned for now. I’ll continue to use my /e/ Fairphone as testbed - thanks for the input regarding TWRP - but going to stick in the golden cage for a little bit longer. Cheers!