Request for comment: highly secure /e/ profile

e-comments
e-roadmap
app-settings

#1

Hi everyone,

I’m launching a discussion thread to get your ideas and comments about what we should put in a “super secure” profile for /e/.

Let me elaborate: we plan to introduce a new feature, by the summer, that will allow /e/ users to select a usage profile at installation time. The goal is to offer different set of preinstalled apps, and different settings, to users, depending on their needs.

The reason is that usability often goes against security and privacy, so to different kind of users, we can offer different sets of apps and settings.

The “James Bond” profile for instance, could have TOR browser by default, Silence as SMS app, an ultra secure IM app (Wire?), a nice password manager, maybe a BTC wallet with transaction mixing capabilities, SIM disabled until the user actually enables it, etc.

What do you think should be default apps and settings for a “James Bond” profile?


#2

I think that’s no good idea. You will never found a solution with fits and people who want have a high secure phone / profile will be able to install what the really need. Every apps which comes with e will be a "system app"and not easy to remove.
Better make a e version / profile for mom and dad and one clean version without any preinstalled app.

That’s what I prefer.


#3

I agree. The most privacy friendly OS flavor is probably one that comes with as little preinstalled apps as possible. Disabled SIM by default is a good idea. Also if microG is present (which I think it shouldn’t for this version) it should come with every setting disabled, so e.g. Cloud Messaging is opt-in and not opt-out.


#4

I think the choice of profiles could be nice for beginners. But for advanced users (it could be an advanced mode during installation), they may have the choice between several apps and a “no default app” option.


#5

"Every apps which comes with e will be a “system app"and not easy to remove.” <- you forget that soon, most default apps in /e/ can be uninstalled.


#6

A no default app mode (but the app store?) is an interesting idea, though it may be somewhat tricky for the dialer.


#7

What I meant is not really a no default app mode, but for each category (SMS, browser, music player…) a list of apps with a “no app” option.


#8

I’d prefers the possibility to switch between a high secure profile and a normal profile, with option to clear data…

Something similar at use Mozilla Firefox…

This because sometimes you may need to use a specific app or website


#9

i think it’s a intersting option cause there is users that care about the best privacy but without technical skill. the /e/ store can get his part of the job to, for exemple spotlighting the best privacy friendly app alternative for most knowed app like wire instead of skype can be shown when searching for skype etc …


#10

Is it possible to implement something like OpenSnitch for non-rooted devices? This would enhance privacy for many users.

For your set of of preinstalled (non-system) apps you might include Blockada. I never used it myself, as my phone is rooted and I’m using AFWall, but Blockada seems to be the next best thing without root.


#11

Setting up a profile at the time of installation would prevent the use of the phone.
Introduce new security and privacy features to create new profiles and adjust settings according to user needs with the ability to switch to a blank profile with only system applications or a normal profile.


#12

There is good possibilities to come from this idea, but I’d keep it simple. Say 3 or 4 profiles.

  1. bare bones and add what you want.
  2. privacy from corporate / private surveillance (google facebook tracking etc)
  3. more serious anonymity with Tor.

There are plenty of people globally who really don’t have a clue as to the workings of data surveillance. So if you offer them a preset package they’ll likely install it and feel pretty good.

For the really serious security needs there is Copperhead OS. No need to go there.

I think /e/ should stay focused on privacy from data surveillance designed to make us the product rather than offering protection so someone can become the next Edward Snowden. Though…both areas do overlap in some respects.


#13

I agree. Like @hellaconfused says: “There are plenty of people globally who really don’t have a clue as to the workings of data surveillance”; maybe, up to three profiles.

I would like for:

  1. “Normal” profile
  • Browser: Mozilla Firefox
  1. “James Bond” profile
  • Browser: TOR

#14

I think privacy and security are very importend.So I like a “James Bond” setting ,I don’t want my data on the street.


#15

I agree that’s not a good idea.

/e/ has to stay a very simple operating system for mum and grand-pa.
Follow another way will just make /e/ one more OS for geeks.

Don’t forget, /e/ is starting and current users are not end users.

In my mind, a power user has already another choice (LineageOS, Copperhead OS, …) for its very specific needs (Firewall and so on), and still he could find his favorite apps in /e/ apps store or any third party store anyhow.


# Manifesto

On my opinion if we want /e/ to spread, it’s now and we have to focus on :

  • one version (simplicity)
  • smart and easy interface (Bliss launcher)
  • core stability (apps will rely on)
  • to remove any request to GAFAMs

nothing more.


# /e/ Out of box

Some users won’t connect to Internet, that’s why we need a set of preinstalled applications, those which works at least offline:

  • Dialer, SMS, Gallery, Contacts, Agenda / Tasks, Clock, Music, File browser, Recorder, …

But for connected apps, none of them should be installed by default :

  • Weather, Maps, Internet Browser, Mail, and so on

# Installation process

While setup process, we could provide a guideline for each online ‘basic’ need :

  • Mail : K-9, Protonmail, …, nothing/i’ll see later
  • Browser : Firefox, Chromium, …, nothing/i’ll see later
  • Maps : Sygic, Magic Earth, OpenStreetmap, …, nothing/i’ll see later

#16

/e/'s purpose isn’t to let expert have privacy but bring privacy to all people. A complete functionnal phone with a lot of free and open-source applications pre-installed is better. It’s easy to delete useless application, but more difficult to find or discover new one, especially when you know nothing about open-source and privacy.

I think that doing an “expert mode”, a “normal mode” and a “noob mode” is actually a defeat. Everyone should have the “expert/James Bond” mode, and /e/ has to make that mode easy to understand and use for everyone. Of course, a “Privacy Level” section should be added in the settings, in order to let people with less concern about privacy automaticaly activate the SIM card for exemple. But it’s a bad idea to make different pre-installed settings. All pre installed settings should be strict for privacy, with a question mark next to each settings in order to inform people of the purpose of that setting, and let them learn more about it. You can’t just say : “Okey, you know nothing so take the normal mode, don’t touch the settings and stay idiot using a phone with settings you don’t understand”. Human doesn’t like what he doesn’t understand anyway.

So, first of all, a detailed and cleared explanation of why privacy is important is needed in order to move forward and make people want to use /e/. For instance, how google and others track you in your web browser, how they track you in your phone (with unique identifiers, etc), what big company know about you, how many trackers can be hidden in an application, what your ISP can see, etc. Like all demoniac political movement, the secret is to scare people.

Then, the “James Bond” mode should include an ad/tracker blocker (like blokada) AND the ability to configure a VPN. For now, you can’t use a VPN and an ad/tracker blocker at the same time (without rooting your device or using a big raspberry pi ad-blocker or VPN router), so you have to choose between trackers or ISP breach.

That version should also come with :

  • Signal,
  • OsmAnd (normally, no trackers with the premium version available freely here),
  • NewPipe,
  • an RSS agregator (mainly because the NewPipe’s feed doesn’t work so in order to know if a video is out, an RSS app is needed. And people will probably be happy to learn that they can easily be informed of the latest article about they favorite topics),
  • Tor Browser (with a big explanation of how it works, why the pages are ugly and not functionnal with strict setting etc),
  • Mozilla,
  • ProtonMail (even if they don’t have a ProtonMail account, they will know that it’s easy to create one and replace Gmail),
  • K-9,
  • VLC,
  • Yalp Store (in addition to the /e/ store, because if people aren’t able to download their bank apps (wich isn’t open-source) or something else easily, they won’t use /e/),
  • Scrambled Exif.

Like I said, having a lot of preinstalled apps isn’t a problem because it can easily be deleted. So let people have all the keys of their private lives. That’s what shoud /e/ do.


#17

"Don’t forget** , /e/ is starting and current users are not end users .

In my mind, a power user has already another choice (LineageOS, Copperhead OS, …) for its very specific needs (Firewall and so on), and still he could find his favorite apps in /e/ apps store or any third party store anyhow."

Relax :wink: We will add user profiles exactly for this purpose. The “entry level” will offer the same set of apps we have now. But advanced users will benefit from extra choices.

Maybe we could have 3 levels:

  • default (like now)
  • secure profile with specific set of apps and settings for increase security/privacy
  • virgin profile: as few default apps as possible

#18

Understood, i just meant, i’m scared that our developping forces are dissolved on “profiles stability” instead of “core stability”. Apps developpers need strong foundations :relaxed:

To start, if we get a “virgin profile” image, then that’s a excellent basis and coming profiles will be much more reliable :slight_smile:

Also, why not to offer (instead of profiles) “packages groups” on /e/ app store.
On setup process, you will choose your package group (nothing, basics, child, gamer, developper, privacy paranoiac, …) :thinking: :sunglasses:


#19

TBH, I like the idea of picking my own apps upon startup (after creating an /e/ profile) so that way it’s all ready to go. I know the app repository will allow me to locate more apps but it’s good to at least set defaults (e-mail, browser, dialer, messaging, etc).


#20

Another default browser, something like Firefox Klar or IceCat mobile. When it really has to be webkit, another search engine: SearX calls Google when you tap on “Images”.
But I agree with the people who want to focus on an easy to use phone “for mom and dad”.
We’ll play ‘double o seven’ by ourselves :sunglasses: