Things to improve and a question

I was very disappointed that /e/ is not mentioned in privacytools.io. I discovered that there are some disputes (see https://github.com/tycrek/degoogle/issues/55 and https://github.com/privacytoolsIO/privacytools.io/issues/864) about the actual security of /e/. In particular please see this external report https://infosec-handbook.eu/blog/e-foundation-final-look/ that points out improvements, things to improve and questionable choices.
Then I wonder if /e/ is ready yet. And I ask you, who are so demanding with other services like email providers (see Looking to replace your goolag/outlook/yahoo email with a privacy-focused email service? for example), why you have decided to use and trust /e/.

Thank you for pointing out those links!
When I decided for /e/ I was not aware of the hefty and jaw-dropping allegations made on all of those websites.
Back then, actually just in December I decided for /e/ because:

• It is based on MicroG for LineageOS, but keeps supporting phones that aren’t supported by LineageOS anymore
• Full integration of their cloud solution based on nextcloud. Nextcloud is a plus too, although root right on the Nextcloud account would be preferred.
• Approachable and responsive community, unlike LineageOS!
• Claims to even have further degoogled LineageOS
• OTA updates. which were back then not supported by LineageOS. I’m not talking about MicroG for LineageOS, because back then I had only used pure LineageOS.

Albeit all those allegations I really like the project and would like to keep using it, because I believe their intentions are good and only hope all the points mentioned were simply mistakes that can and will be corrected.

@Manoj what is /e/ doing to correct the mistakes made and by that starting to build up credibility and trust?

You can check in gitlab we have created issues for all the points and most of them have been addressed.
The base source code we all use be it LineageOS or /e/ comes from AOSP which is from Google. Most of the apps available for download for users are written so that they will run using Google’s framework . Removing or ‘cleaning’ them is not exactly easy. The /e/ dev team has been working on it and will continue the clean up as long as it is necessary.
Remember Google will also try its best to keep its dominance in the market. We keep up the efforts to improve.
I leave the judgement of how effective we are to our users.

Thank you Manoj for the quick reply. I’m happy /e/ is constructively empracing criticism and puts pro-active actions in place to simply solve the issues mentioned.

Browsing through the list of issues, it only refers to issues mentioned on this infosec handbook. What about allegations made on this entire page, e.g. their recent update ewwlo.xyz/2019-winter-update.html ?

Most critical issue I see and in my feeling this contributes big time to those peoples anger and hate, is section where they explain how “/e/ steals code from LineageOS”. I feel if /e/ woupd resolve this and pro-actively contributes back to LineageOS then problems should be solved. Right?

Personally I switched to /e/ because it enabled me having a proper android experience without getting a gmail account. I’ve managed to avoid google so far with relative success, but was sick of the iphone ecosystem and philosophy.
Regarding the infosec page, afaik a lot of those issues raised either have been addressed or are in progress. The response to that article has been largely positive (from what I can see) and the more security audits we can see, the better for the project.
The stealing code allegation is in my view somewhat childish (and over-dramatised), Lineage OS is open source and as such its in the nature that code is available for forks and separate projects. That being said, I’m not too familiar with the actual development side, but I am sure closer collaboration can be benefitial to both teams. In a response to LOS claims on reddit Gael pointed out that LOS and /e/ have separate goals, and are therefore not in competition with each other.
So far I’ve been very happy with the direction the project is taking and the steps it has taken so far. There are some kinks here and there, but that is to be expected, after all /e/ does not have the funding that giants like google or apple have.

The fact is, trying to get rid of Google is a rabbit hole. It’s just too much, too many things to consider and you cannot afford to neglect this effort otherwise it was all for nothing. /e/ is a company that backs these ideals and makes them easily available without me having to worry every single day about it.

That’s is. I’m sure I could come up with more reasons, in fact one that I really like is that, unlike with LineageOS, there’s a friendly and active community that I can learn from. But for me it all comes down simply to ‘delegate’ the endless surveillance watch on my devices for security vulnerabilities, etc, etc… Otherwise it’s just too much, I have way too many things to think about already, but I still care about my privacy enough to invest some time into looking for alternatives. I found /e/ and I’m happy with it thus far.

Thank you for replying!

• I know it is difficult to remove all Google references and it takes time. But i think it should be clear on the site that it is a project in progress, not yet completed. In the website however you can read “/e/ is an “unGoogled” version of Android OS.” Unfortunately it is not yet ungoogled but it’s going to be.

• According to infosec-handbook report, "the preinstalled weather app (foundation.e.weather, version 4.4) still leaked our location in real-time. Each time, we searched for a location to get the current weather, the app sent a GET request to api.openweathermap.org in cleartext. " So, why did you add unsafe apps?

• About the e app store, “e/‘s Apps store uses cleanapk.com to get applications. However, nobody knows the operator of cleanapk.com, and their privacy policy doesn’t comply with current GDPR requirements. Moreover, some users raised legal concerns regarding the applications that seem to originate from F-Droid and APKPure.” So, again, why did you release an unsafe app while good alternatives exist?

• What about “sock puppet abuse and blocks at Wikipedia”? I don’t know what to think

Thanks

On the question why ‘unsafe apps’ check this poll that was conducted here. The consensus was that users want unsafe apps. The applications on Apps Installer are requested by users. It is not mandatory to use Apps Store you are free to use FDroid or any other app store you want. We have a plan to come out with a FOSS only ROM this year.
Using Maps or Weather was done because of lack of better options available in the FOSS world. IF we find better alternatives we will happily switch over to using them.
About wikipedia I wrote the original /e/OS related wikipedia article. I do not hide it in fact on wikipedia I use my own user name and do not hide behind a pseudonym…would have loved to use manojnair but the name was already taken!. You can even get my details on my user page. That includes my name and even my photo if you do some clicking around the page! I wrote that at a time when I was volunteering and did not take any money for that. This is also mentioned on the page. There was a discussion if the page should be retained or deleted and that topic attracted a number of /e/ team members. We were told not to make edits as that constitutes a violation of wikipedia rules. Post that warning I gave up any edits on any /e/ related pages.
There is a full fledged campaign to discredit /e/ and its team members by getting to ban us on wiki or delete our pages and it is being run by the xyz site folks.Good luck to them !
Now I am not sure if that comes under wiki’s policies but I think if writing in favor of an organization is wrong so is writing against or vandalizing pages of that organization by a group which even maintains a website dedicated to hate /e/ topics! Anyway that is for wikipedia to figure out.

All I can say is use your own discretion and try to figure out what is right and what is wrong. Do your own research and find out what suits you and follow that route.

hi Manoj, perhaps it would be a good idea if /e/ invites Infosec to do another review, once all the final little issues in the project have been resolved, perhaps just before v1?

We do not need to invite them , my guess is they keep doing it on their own. It should be a surprise inspection to be correct not an arranged one.

haha OK, well it would be good if they come again - the previous review is often cited as a problem, it would be good if /e/ could show a newer review where the problems of the former review are solved.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.