How much of the /e/ ROM is degoogled? Webview, A-GPS, DNS, captive portal

Interested on whether the /e/ project already addressed or have it on their to-do list the degoogling of the following:

  1. Webview. Lineage OS uses AOSP Webview, but there is also the Bromite System Webview, which is actually degoogled.

  2. A-GPS. Lineage OS by default uses Google for their A-GPS SUPL servers (supl.google.com).

  3. DNS. Probably a non-issue with ROMS based on Android 9, but anything before that defaults to Google 8.8.8.8

  4. Captive portal. Default checks go to connectivitycheck.gstatic.com.

There are probably other components of the ROM that might need degoogling, but this seem to be the big ones for now.

3 Likes

Hi,

here you go:

Tom

3 Likes

Awesome, thanks for the link.

  1. Webview.

an an ungoogled fork of Chromium, built from Bromite patch-sets with specific /e/ settings

That’s perfect for the browser, but could not find any info on the system webview. What is listed under Settings->Developer options->Webview implementation?

  1. A-GPS

Geolocation is using Mozilla Location Services in addition to GPS

I take it this replaces supl.google.com? Any idea with what server?

  1. DNS

DNS settings can be enforced to a specific server

Awesome!

  1. Captive portal.

Google servers are not used anymore to check connectivity (ongoing)

Looks like this is also being addressed. Any idea on what servers /e/ uses for this?

Seems this is a perfect 4/4. Honestly, I thought /e/ was just another ROM with ‘privacy’ in its description, but it looks like this ROM is the real deal.

Probably should find a device to try it on and answer my own questions (if I do, will post back here). Still, thanks for the link.

I found a device to test on, so can report directly (as of e-0.7-n-2019071716984) the following for others that might be interested:

  1. Webview. /e/ is using AOSP Webview like LOS instead of Bromite System Webview NOT using AOSP Webview. I will try replacing with the Bromite version, but question is if Bromite System Webview should be default.

  2. A-GPS. /system/etc/gps.conf mentions supl.google.com just like in LOS. I wonder if the Mozilla MicroG backend bypasses this, because SUPL is hardly talked about online and when it is (source 1, source 2), the privacy implications are more serious than with DNS or Captive portal.

  3. DNS. Looks to be resolved. Settings -> Wireless & Network -> More -> DNS -> Disable network DNS & set DNS to use. Tried to check but nslookup is not working for me.

  4. Captive portal. Being addressed.

EDIT: Correction about Webview = it does not look to be stock AOSP version.

2 Likes

Regarding the webview, how did you determine we’re using AOSP Webview as opposed to Bromite? Note that on Nougat and Marshmallow developer options will only show AOSP Webview. Bromite webview uses the same package name also, com.android.webview. In /e/OS’s case if the webview is based on Bromite’s it won’t be named as such in AppInfo.
One way to tell is to check the useragent string. If using regular webview it will return your actual device and Chrome version. If webview is based on Bromite’s it will return a different device and Chrome/71.

Using a webview-based browser, head on over to


and have a look see.

On my Essential PH-1 with webview 73 I get…

That’s a Samsung device in the string. Almost all of my ROMs use Bromite webview, be they Google or microG, Lollipop thru Oreo, having similar output. I’m quite sure /e/OS’ webview is based on Bromite’s.

2 Likes

Thanks for the correction. I get the same user-agent as well on the Nexus 4, so it does look like the System WebView is not stock AOSP. I should have checked in more detail. I just looked in dev settings and saw AOSP Webview, while on my LOS device, where I installed Bromite System Webview manually, it actually showed up there as such, so assumed that it would here as well.

1 Like

Can someone please explain what is happening here?

I was about to link to a post in this thread in which I compiled a detailed list of non-google captive portal servers, but that post is gone along with at least two follow ups (me asking about how to ping a person and then someone helping me out with that).

I swear I am not making this up.

Hi @user1651 one explanation for this would be that at time some users request that their accounts be deleted from the forum - some are removed after complaints from other users about their comments being abusive or not in line with forum rules.This action cleans out all posts written by them including links and responses. This may result in some posts being automatically deleted.

about their comments being abusive or not in line with forum rules

I am certain my post was not abusive and almost certain it did not violate forum rules. Also, this would not explain the two follow up posts, which were just a “hey, how do I ping a user to let them know about this” and someone else replying “like this, @user”.

These posts were part of this thread, so no more than a month old and I did not, as you can see, request for an account delete.

This may result in some posts being automatically deleted

So auto-deletes happen and that’s it? No moderation or way to put them back by forum mods? Seems strange.

As I mentioned a user account delete along with posts removes all connected posts including responses. Your post may not have been abusive but if there were links to the deleted user they all get deleted. Some of my posts also got deleted in the past few weeks as we deleted some user accounts on their requests.

You can ask queries on this forum and the support team members will provide answers.

Let’s break it down.

I believe there were three subsequent posts that seem to be missing in this thread.
The first (and the one I care about, as it had the most substance) was by me. It was an addition to the queries I made at the start of this thread. Specifically, it was an offering of ~4 alternate, non-Google captive portal check servers that would be fitting for the /e/ project to use as fallback servers in both technical terms (they provided a HTTP 204 response) and ethical (who was responsible for these servers and where they were hosted).
There were links to the servers, obviously, but in terms of links, that is it.
I get that messages get deleted and that sometimes that can even happen in error, but there is always some explanation or at the very least evidence. I have zero notifications in my user account here or in my email. The posts just vanished.
If that is the result of an automated system, then clearly that is a sign of a major issue on the side of this forum that needs to be addressed. Forums of a ROM that focuses on privacy cannot have auto-censuring bots that roam free without prejudice or reason. Would you not agree?

2 Likes

Thats terrible, you lost those valuable text replies. I`m sure it had lots of pertainant info we all could have read. The time spent researching and typing here sadly lost forever :frowning:

I`m very slow typing sometimes it takes me over an hour to compose a small paragraph. /e/ should value our valuable contibutions of info, especially if its going to help others.

Yes i agree they should have notified you the topic was to be deleted, then if you had know you could have salvaged the important info.

I feel all comments the user has personally posted should be accessed through the profile activities log, regardless of chain-related deletion. If a topic is to be deleted, i think commentors should be given a chance to salvage vital info that they have taken the time to author!

We will check if such information can be passed on to users whose posts may be impacted by such cascade deletes.

At the end of the day, the loss of data was of a lesser effect for me than I believe it to be for the project.

Don’t get me wrong, it wasn’t a cure for cancer (or whatever the degoogling equivalent is), but it was a list that took me quite some time to compile. The post itself was not as time-consuming as the research for non-google captive portal servers. First you have to find them, then test them if they’re the right type (needs to respond with a HTTP 204, which not all do, e.g. the one firefox uses gives a HTTP 200 and it’s hosted with Google cloud, go figure), then you have to see what sort of people are behind the server and where the server is hosted.

/e/ is thankfully using it’s own as primary, but google is still fallback, so I wanted to post what I had here over on the relevant github issue. Oh well.

I have zero reason to suspect this was intentional, but seriously, learn from this, because such mistakes should not happen. Otherwise, you run the risk of having people think twice about contributing.

1 Like

I hope I am not unintenionally hijacking this thread, but if I am, sorry, it is because I am not technically expert enough to understand all that is being discussed here. But, it “sounds” very similar to a question I have.

I read this article, https://www.usnews.com/opinion/articles/2016-06-22/google-is-the-worlds-biggest-censor-and-its-power-must-be-regulated , admittedly it is a few years old now. But, what caught my eye was the last item on his list, #9, " The quarantine list". As I understand it, Google maintains a “blacklist” of sites they deem to be too dangerous to allow browsers to access (and somehow Google is able to enforce that).

From what the article says, no matter which broswer you use, they all are designed to access Google’s quarantine blacklist in order to protect the user from dangerous sites. But, this means that Google knows about the user, his phone information, which sites he is trying to access, etc. Am I understanding the author correctly?

If I am… How, if at all, can /e/ get around this? I mean, even if I use /e/, if the browser I use is relying on contacting Google in order to make sure I am not inadvertantly accessing a dangerous site, then Google has the information about me that /e/ was designed to protect. Isn’t this a major problem?

In the build instructions we find this:
CUSTOM_PACKAGES= com.google.android.maps.jar
Will my build fail if I leave it out? I’ll find out soon… Because this is G00gle, I’m trying right now to build without it.

1 Like

In your CUSTOM_PACKAGES you can select apps as you want to choose - there is a similar change you will need to make under vendor/lineage/config/common.mk file . The build should not fail . It becomes a custom ROM…in theory

Yes, thank you, that will be it, I’ll try again

In reality, Android = G00gle, it can only be ‘ungoogled’ as much as possible



https://gerrit.googlesource.com/git-repo/clone.bundle
https://gerrit.googlesource.com/git-repo
Screenshot_2019-09-06_09-29-12
No Android, and also no Lineage or /e/ without G00gle, is the plain truth: also /e/ = G00gle

Here you can check the lineageOS-Settings in this link you can get ride of all things in Eelo: Webview change to bromite, A-GPS(Eelo Save), DNS(Eelo Save), capital portal:

degoogle - Degoogling LineageOS instructions - August 2019 ttps://www.reddit.com/r/degoogle/comments/clcgtl/degoogling_lineageos_instructions_august_2019/

->In this Tutorial above is something missing!:

Use this code with “adb shell” and “su”:

settings put global captive_portal_mode 0
settings put global captive_portal_detection_enabled 0
settings put global wifi_watchdog_on 0
settings put global wifi_watchdog_background_check_enabled 0
settings put global captive_portal_server f-droid.org
settings put global captive_portal_https_server "https://f-droid.org"
settings put global captive_portal_http_server "http://f-droid.org"
settings put global captive_portal_fallback_url "http://f-droid.org"
settings put global captive_portal_other_fallback_urls "http://f-droid.org"

In /system/etc/host.config you can set adressen to block all the time! Use Amaze FileManager to edit it with root! Install TWRP like in the install guide and after installing the rom zip install Magisk zip too!

PS: I use Orbot with Adblock Plus and k3pler to watch network and block adresses :slight_smile:, you can use openvpn too, if Orbot is to slow for you!