How to confirm /e/ is not leaking information

privacy

#1

hi to all
how we can confirm that ./e/ is not gathering user information like google …
i want to monitor network send and recieve in /e/
Suggestions pls

Regards


Data mining proof
#2

There are multiple things to consider:

  1. The servers, with which the device communicates:
    You can use firewalls like AFWall+ or NetGuard on the device to monitor or limit connections. This will help you identify communication endpoints where data might get transferred to.
    Instead of these firewalls on the device you could setup a VPN-Server (for example OpenVPN), over which all transmissions from the device are routed (this requires a VPN client like OpenVPN for Android on the device). This would allow you to monitor all traffic with tools like Wireshark. However this approach makes it more difficult to identify which app sends what data.

  2. Data on the network:
    If the transferred data is unencrypted, then you can monitor the content with the Wireshark-approach.
    If the transferred data is encrypted on a https-connection then the approach described on https://stackoverflow.com/questions/516323/https-connections-over-proxy-servers migh be able to help you get access to the encrypted data.
    In addition to encryption, the transferred data might be encoded by the apps in a way that is not readable by humans. In order to see if the transferred data contains personal data, you need to have a look at how data is encoded. This can be done by looking at:

  3. The Apps on the device:
    Most software used for the /e/-operating system is open source and can be checked by anyone. This open source approach offers an oversight over the software by a worldwide community and helps to verify, that the software does what the developers promise.
    I believe some low-level drivers for hardware are not open source and can not be verified this way.

While 3 is quite reliable, the immense size of the whole source code makes it difficult to verify every aspect of the operating system, so 1 in combination with 2 offers a reasonable alternative for identification of possible data-leaks, which could then be traced down in the source code.


#3

Thanks @Markus for sharing your inputs. Users are encouraged to try out these apps and report issues if any where they feel data is leaking to google or other IP’s. While all attempts has been made by the development team to remove such ’ data leaking’ code if there are some lines still remaining please raise an issue in https://gitlab.e.foundation/groups/e/-/issues. Pl provide screenshots as well as logs of these ‘leaks’ .
Be as detailed as possible with your issue reports mentioning what apps you had on your phone and what it was that you were trying to do.


#4

Thank you Markus. Do I need all this when already using a non-free payed VPN for all devices? And is it necessary to complete OpenVPN with Bitmask? Already using Orbot (and Orfox) should I use orWall too, and eventually Stethox? And where to find Wireshark? It is nowhere to be found in F-Droid, although Wireshark is mentioned under Stethox. Iptables is available in /e/ “# iptables -L” gives a really long list of chains.


#5

According to the documentation android devices allow only one VPN connection at a time. So when you use your non-free VPN service on the android device, you can not use other VPN connections. Some of the firewall-apps on android work in a way, that they create their own local VPN, so these firewall-apps can not be used alongside your non-free VPN service.
In order to access your non-free VPN service from the device, you can use any VPN-client that is compatible with this service.

I did not test the Bitmask App, but from what I just read in the Bitmask description, it seems to be a viable VPN-client on Android.

I do not have any experience with these apps, but Stethox says in it’s description:

ATTENTION:Never leave this Module enabled or installed on day to day use. THIS IS A SECURITY RISK. Only enable this for Development.

So you are probably better off, not using Stethox regularily.

Wireshark is not an app to be used on the device. I use Wireshark as software on the VPN-server in order to monitor traffic, that is routed between the device and the VPN-server.


#6

Another application to use is here on FDroid:

Net Monitor (Shows network connections of installed apps) - https://f-droid.org/app/org.secuso.privacyfriendlynetmonitor
For example:


#7

yes @Tycho this is what i was looking for


#8

Hi, is there a legal page info about /e/ like https://lineageos.org/legal/ ?


#9

You can see a set of links under Settings >>System>>About Phone >> Legal information


#10

in Legal, nothing about Privacy Policy, GDPR, ecc…


One page reference guide for /e/!
#11

A new website is coming up soon should have a lot more details on all topics besides legal…


#12

ok, more info are about website but not about /e/ OS (for example, nothing about /e/ cloud data, contacts, etc…)


#13

@Manoj is the website up now?
What is it?
Thanks!


#14

Not yet, we will have to wait a little :wink:


#15

Perfectly good :+1:
Keep up the awesome work /e/ team!!!:kissing_heart: