How much of the /e/ ROM is degoogled? Webview, A-GPS, DNS, captive portal

Interested on whether the /e/ project already addressed or have it on their to-do list the degoogling of the following:

  1. Webview. Lineage OS uses AOSP Webview, but there is also the Bromite System Webview, which is actually degoogled.

  2. A-GPS. Lineage OS by default uses Google for their A-GPS SUPL servers (supl.google.com).

  3. DNS. Probably a non-issue with ROMS based on Android 9, but anything before that defaults to Google 8.8.8.8

  4. Captive portal. Default checks go to connectivitycheck.gstatic.com.

There are probably other components of the ROM that might need degoogling, but this seem to be the big ones for now.

3 Likes

Hi,

here you go:

Tom

3 Likes

Awesome, thanks for the link.

  1. Webview.

an an ungoogled fork of Chromium, built from Bromite patch-sets with specific /e/ settings

That’s perfect for the browser, but could not find any info on the system webview. What is listed under Settings->Developer options->Webview implementation?

  1. A-GPS

Geolocation is using Mozilla Location Services in addition to GPS

I take it this replaces supl.google.com? Any idea with what server?

  1. DNS

DNS settings can be enforced to a specific server

Awesome!

  1. Captive portal.

Google servers are not used anymore to check connectivity (ongoing)

Looks like this is also being addressed. Any idea on what servers /e/ uses for this?

Seems this is a perfect 4/4. Honestly, I thought /e/ was just another ROM with ‘privacy’ in its description, but it looks like this ROM is the real deal.

Probably should find a device to try it on and answer my own questions (if I do, will post back here). Still, thanks for the link.

I found a device to test on, so can report directly (as of e-0.7-n-2019071716984) the following for others that might be interested:

  1. Webview. /e/ is using AOSP Webview like LOS instead of Bromite System Webview NOT using AOSP Webview. I will try replacing with the Bromite version, but question is if Bromite System Webview should be default.

  2. A-GPS. /system/etc/gps.conf mentions supl.google.com just like in LOS. I wonder if the Mozilla MicroG backend bypasses this, because SUPL is hardly talked about online and when it is (source 1, source 2), the privacy implications are more serious than with DNS or Captive portal.

  3. DNS. Looks to be resolved. Settings -> Wireless & Network -> More -> DNS -> Disable network DNS & set DNS to use. Tried to check but nslookup is not working for me.

  4. Captive portal. Being addressed.

EDIT: Correction about Webview = it does not look to be stock AOSP version.

2 Likes

Regarding the webview, how did you determine we’re using AOSP Webview as opposed to Bromite? Note that on Nougat and Marshmallow developer options will only show AOSP Webview. Bromite webview uses the same package name also, com.android.webview. In /e/OS’s case if the webview is based on Bromite’s it won’t be named as such in AppInfo.
One way to tell is to check the useragent string. If using regular webview it will return your actual device and Chrome version. If webview is based on Bromite’s it will return a different device and Chrome/71.

Using a webview-based browser, head on over to


and have a look see.

On my Essential PH-1 with webview 73 I get…

That’s a Samsung device in the string. Almost all of my ROMs use Bromite webview, be they Google or microG, Lollipop thru Oreo, having similar output. I’m quite sure /e/OS’ webview is based on Bromite’s.

2 Likes

Thanks for the correction. I get the same user-agent as well on the Nexus 4, so it does look like the System WebView is not stock AOSP. I should have checked in more detail. I just looked in dev settings and saw AOSP Webview, while on my LOS device, where I installed Bromite System Webview manually, it actually showed up there as such, so assumed that it would here as well.

1 Like

Can someone please explain what is happening here?

I was about to link to a post in this thread in which I compiled a detailed list of non-google captive portal servers, but that post is gone along with at least two follow ups (me asking about how to ping a person and then someone helping me out with that).

I swear I am not making this up.

Hi @user1651 one explanation for this would be that at time some users request that their accounts be deleted from the forum - some are removed after complaints from other users about their comments being abusive or not in line with forum rules.This action cleans out all posts written by them including links and responses. This may result in some posts being automatically deleted.

about their comments being abusive or not in line with forum rules

I am certain my post was not abusive and almost certain it did not violate forum rules. Also, this would not explain the two follow up posts, which were just a “hey, how do I ping a user to let them know about this” and someone else replying “like this, @user”.

These posts were part of this thread, so no more than a month old and I did not, as you can see, request for an account delete.

This may result in some posts being automatically deleted

So auto-deletes happen and that’s it? No moderation or way to put them back by forum mods? Seems strange.

As I mentioned a user account delete along with posts removes all connected posts including responses. Your post may not have been abusive but if there were links to the deleted user they all get deleted. Some of my posts also got deleted in the past few weeks as we deleted some user accounts on their requests.

You can ask queries on this forum and the support team members will provide answers.

Let’s break it down.

I believe there were three subsequent posts that seem to be missing in this thread.
The first (and the one I care about, as it had the most substance) was by me. It was an addition to the queries I made at the start of this thread. Specifically, it was an offering of ~4 alternate, non-Google captive portal check servers that would be fitting for the /e/ project to use as fallback servers in both technical terms (they provided a HTTP 204 response) and ethical (who was responsible for these servers and where they were hosted).
There were links to the servers, obviously, but in terms of links, that is it.
I get that messages get deleted and that sometimes that can even happen in error, but there is always some explanation or at the very least evidence. I have zero notifications in my user account here or in my email. The posts just vanished.
If that is the result of an automated system, then clearly that is a sign of a major issue on the side of this forum that needs to be addressed. Forums of a ROM that focuses on privacy cannot have auto-censuring bots that roam free without prejudice or reason. Would you not agree?

2 Likes

Thats terrible, you lost those valuable text replies. I`m sure it had lots of pertainant info we all could have read. The time spent researching and typing here sadly lost forever :frowning:

I`m very slow typing sometimes it takes me over an hour to compose a small paragraph. /e/ should value our valuable contibutions of info, especially if its going to help others.

Yes i agree they should have notified you the topic was to be deleted, then if you had know you could have salvaged the important info.

I feel all comments the user has personally posted should be accessed through the profile activities log, regardless of chain-related deletion. If a topic is to be deleted, i think commentors should be given a chance to salvage vital info that they have taken the time to author!

We will check if such information can be passed on to users whose posts may be impacted by such cascade deletes.

At the end of the day, the loss of data was of a lesser effect for me than I believe it to be for the project.

Don’t get me wrong, it wasn’t a cure for cancer (or whatever the degoogling equivalent is), but it was a list that took me quite some time to compile. The post itself was not as time-consuming as the research for non-google captive portal servers. First you have to find them, then test them if they’re the right type (needs to respond with a HTTP 204, which not all do, e.g. the one firefox uses gives a HTTP 200 and it’s hosted with Google cloud, go figure), then you have to see what sort of people are behind the server and where the server is hosted.

/e/ is thankfully using it’s own as primary, but google is still fallback, so I wanted to post what I had here over on the relevant github issue. Oh well.

I have zero reason to suspect this was intentional, but seriously, learn from this, because such mistakes should not happen. Otherwise, you run the risk of having people think twice about contributing.

1 Like