Please can we have some articles on this forum from the /e/ technical team on what changes have been made to the lineage code base to make it more secure? What is the difference between an /e/ ROM and a LineageOS4MicroG ROM?
Following paragraph from /e/ FAQ outlines major differences between /e/ and LOS+MicroG (as of today):
/e/ is forked from LineageOS. We’ve modified several parts of the system (and we’re just beginning): installation procedure, settings organization, default settings. We’ve disabled and/or removed any software or services that were sending personal data to Google (for instance, the default search engine is no longer Google). We’ve integrated microG by default, have replaced some of the default applications, and modified others. We have added a synchronization background software service that syncs multimedia contents (pictures, videos, audio, files…) and settings to a cloud drive, when activated.
Also, we’ve replaced the LineageOS launcher with our own new launcher, written from scratch, that has a totally different look and feel from default LineageOS.
We’ve implemented several /e/ online services, with a single /e/ user identity (email@example.com). This infrastructure will be offered as docker images for self hosting: drive, email, calendar… to those who prefer self-hosting.
We have added an account manager within the system with support for the single identity. It allows users to log only once, with a simple “firstname.lastname@example.org” identity, for getting access to /e/'s various online services (drive, email, calendar, notes, tasks).
The question asked was clear enough, there was no need for smoke and mirrors. “What is the difference between an /e/ ROM and a LineageOS4MicroG ROM”. And you answer, “We’ve integrated microG by default” :). Setting the search engine to other then Google, any one who doesn’t use gapps probably does that.
Truth is, as of now /e/ is just LineageOS and microG with a few added apps from FDroid, the rest are just aesthetic touches. I’m sure it will evolve in time.
Regarding “what changes have been made to the lineage code base to make it more secure?” I guess the answer is, none.
This is the problem: you guess a wrong answer instead of going into the /e/ code and see what are the changes. Instead of guessing, speculating with no proof, act and give valuable facts.
As you are convinced by your smoked arguments you also forgot 2 others big differences between LOS project and /e/ project:
- no built-in cloud / mail service with LOS
- LOS is only accessible to people who has the knowledge to flash and set a phone. /e/ prepare a software to install on a computer, people plug their phone and in a few clicks the software will replace the original ROM by /e/ ROM. Even my grandfather would be able to do it. Not with LOS.
Agree with you @Julien that the setup is super smooth. As someone who has flashed LOS multiple times I was impressed with the easy setup process for /e/. The setup process is all the more better if one has a /e/ test email which I have. Having said that it would be good if we could also have some inputs as to where the code has been changed. I was comparing the common.mk inside vendor/lineage and saw some additions/ deletions in line with your requirements. Not exactly easy to go through the entire code to figure this out. This would be a great help to the development community. Also may help those who want to make improvements to pitch in. May be something you could add to the documentation at a later stage.
@patrick, any way to organise/implement this maybe?
Well Julien, why don’t you give valuable facts in order to prove me wrong.
The built-in cloud/mail thing, Google has that, Apple has that, Xiaomi has that and privacy advocates are not happy about it for the well known reasons. What is different with your implementation?
As for the other stuff with unlocking, replacing the bootloader and flashing the phone from the PC at the click of a button so that even my grandfather could do it, I have yet to see it to believe it.
Anyway, I hope you prove me wrong on all these points.
Thanks for good words on ease of install, it is an important aspect to enable /e/ broader adoption.
On changes made to LOS to make it more secure (w.r.t. personal data) let’s acknowledge /e/ developers are currently spending more time doing those changes than documenting or telling about those in a forum. You pitched it well that could be something to add to the documentation at a later stage (with a risk it will always get lower priority than the next critical development).
Regarding comment from @andu who seems not trusting /e/ on its mission and/or added value to los, I would not encourage /e/ developers to prove him wrong debating in a forum. They’ll gain trust keeping on their good work. However on this topic I am quoting below a post from @pjmbraet (in Telegram) hopefully giving a good indication:
Used LineageOS on a Samsung Galaxy tab 2: Lineage was full of Google. Used Fairphone Open on Fairphone 2, and in contradiction to what Fairphone promises it was full of Google. Tried building Sailfish OS for my Fairphone and noticed it is full of Google while the computer was compiling. Finally installed /e/ on Fairphone 2: no Google found, nothing, only microG, wich is a workaround for people who want to keep using Google services. https://microg.org/
Lastly, I agree to your point we need to focus more on engaging with the developer community: developers embracing /e/ vision are more than welcome to join /e/. We will improve our communication and ease of joining /e/ development community. PM me if you read this post and are volunteering!
Good for you Patrick. Asking people for trust in an area where trust was/is constantly broken just because you say so, is the way to go. Providing some actual data is a waste of time indeed.
I see the benefits of /e/ with regards to security is in the services it will provide to secure our data. LineageOS has done a great job of giving us the option of getting rid of google, but what do we replace it with? Right now I have cobbled together various email services, secure messengers, online encrypted storage, peer to peer systems in an effort to secure my data online. The average person won’t be able to do that. What /e/ adds is a secure online data package that is integrated into the OS, it will work with secure online systems right from the first boot.
And yes there is a certain amount of trust you will need to put into e foundation, just like any other service you use. If you are not able to do that then you need to host all your own systems.
The average person doesn’t have security concerns, this is tested and proved not only by me.
Secure is the key word here, how do I know it’s secure, because they say so? Facebook says it’s secure, Google says it’s secure, read the news.
I would love to but given the lack of technical details, evasive answers to pointed questions from the staff, the “I would not encourage /e/ developers” to provide answers, also from the staff, I think it is /e/'s job to convince me with more then just their word to trust them.
In other words I applaud the initiative and I would gladly support it but with a more mature level of accountability.
True, and the average person counts on governments/politicians to take on the big tech companies.
@andu , although you might have phrased your initial query a little differently so as to not push the wrong buttons with a couple of the devs here (although, maybe their responses could also have been framed a little differently), I think the issues you raise are valid and I think it’s a mistake to alienate enthusiasts such as yourself.
The onus should not be on the user to trust the product, but the product to offer hard guarantees of privacy. Can /e/ be private by design?
As far as security is concerned, there are some concerns when it comes to the inherent security of LineageOS. See the comments by Daniel Micay (founder of Copperhead OS) here:
Since eelo is a fork of LOS, I’m also curious to know if there might be any mitigations to these problems in the pipeline.
I don’t think anyone is questioning the passion and the commitment of the devs toward producing an original product that pushes back against the privacy-invading devices we have to put up with everyday, but in my opinion, for what it is worth, perhaps this forum is the perfect place to discuss the technical details of the project and build enthusiasm around /e/ precisely by embracing the opportunity to address constructive critiques (I’m not talking about addressing snide comments).
Just my 2 cents.
p.s.: @patrick , can you provide a link to the FAQ. I can’t seem to find it.
You can find it here: https://gitlab.e.foundation/e/wiki/en/wikis/faq
Thanks for the link, I’ll read it properly. It is that kind of argumentation I was expecting from /e/ team and it looks like I’m not the only one. As for my tone it’s a result of following chat on Telegram and answers given on this forum. And all the publicity around /e/ which is in the same manner, no mention that /e/OS is ATM just LOS and some apps from FDroid as if they just invented hot water. It was all like a conversation with tech support from Microsoft and I’m sick and tired of that stuff.
Nevertheless I will follow the project given that facts/data become more important then rhetoric.
Ahhh. Thanks, @Markus! I totally missed it.
So the best thing to do, in my own opinion, is to join us and kindly advise/guide us to make this project better in communication maybe? Is this the matter, the communication method? Content?
In some way I have to agree with @andu. I am quite enthusiastic about having another choice for a mobile operating system. But even though I read a lot about /e/ and the idea behind it, it is not really clear what the aim is and where /e/ is different from LineageOS for microG, technically speaking.
A lot of focus seems to go into aesthetics and building an easy to use branded product, bundled with integrated online-services (mail, storage, etc.). This is nice to look at and already pleasing to use, but does not address the real problem - if we just replace Google or Apple by /e/ nothing is gained in terms of privacy or choice. Also, with limited resources re-inventing the wheel (such as forking the K9 mail client instead of contributing to its core code or building yet another launcher) seems a waste to me.
I doubt /e/ can build enough critical mass to start a real 3rd OS in the market, where heavyweights such as Microsoft, Samsung (Tizen), Intel and former Nokia guys with Sailfish have failed. So what exactly is /e/ trying to build? Something like a linux distribution (but for android), gluing together a number of well known apps + some individual aesthetics?
What I think is really needed instead is a solid base with an open ecosystem:
- a mobile base system that does not spy on me
- ability to run any android app (well, maybe except those very much tied to Google Services), but stopping them from spying on me
- ability to use mail/calendar/contacts/storage/etc provided by a broad range of providers (or self-hosted for geeks)
This would require a large effort, but could maybe be pulled off based on Lineage for microG. But for this to work, it needs to be clear what the focus of /e/ is and where others from the community (such as the microG devs) are needed.
These are exactly the plans. I suggest you to read these articles (the project was called eelo but had to change name because of trademarks issue):
I disagree. With corporations your data is their bread and butter, how they make their money by using your data. By leaving them you are choosing to take a stand and using systems that respect the security of your data. That is what privacy in the context of information security means, that your data is secure from abuse.
The e foundation tag line is “Your data is your data”. That is the goal, to protect your data from misuse in ways you do not approve or control.