Good for you Patrick. Asking people for trust in an area where trust was/is constantly broken just because you say so, is the way to go. Providing some actual data is a waste of time indeed.
I see the benefits of /e/ with regards to security is in the services it will provide to secure our data. LineageOS has done a great job of giving us the option of getting rid of google, but what do we replace it with? Right now I have cobbled together various email services, secure messengers, online encrypted storage, peer to peer systems in an effort to secure my data online. The average person won’t be able to do that. What /e/ adds is a secure online data package that is integrated into the OS, it will work with secure online systems right from the first boot.
And yes there is a certain amount of trust you will need to put into e foundation, just like any other service you use. If you are not able to do that then you need to host all your own systems.
The average person doesn’t have security concerns, this is tested and proved not only by me.
Secure is the key word here, how do I know it’s secure, because they say so? Facebook says it’s secure, Google says it’s secure, read the news.
I would love to but given the lack of technical details, evasive answers to pointed questions from the staff, the “I would not encourage /e/ developers” to provide answers, also from the staff, I think it is /e/'s job to convince me with more then just their word to trust them.
In other words I applaud the initiative and I would gladly support it but with a more mature level of accountability.
True, and the average person counts on governments/politicians to take on the big tech companies.
@andu , although you might have phrased your initial query a little differently so as to not push the wrong buttons with a couple of the devs here (although, maybe their responses could also have been framed a little differently), I think the issues you raise are valid and I think it’s a mistake to alienate enthusiasts such as yourself.
The onus should not be on the user to trust the product, but the product to offer hard guarantees of privacy. Can /e/ be private by design?
As far as security is concerned, there are some concerns when it comes to the inherent security of LineageOS. See the comments by Daniel Micay (founder of Copperhead OS) here:
https://www.reddit.com/r/CopperheadOS/comments/917yab/can_anyone_technically_explain_why_lineageos_as/
Since eelo is a fork of LOS, I’m also curious to know if there might be any mitigations to these problems in the pipeline.
I don’t think anyone is questioning the passion and the commitment of the devs toward producing an original product that pushes back against the privacy-invading devices we have to put up with everyday, but in my opinion, for what it is worth, perhaps this forum is the perfect place to discuss the technical details of the project and build enthusiasm around /e/ precisely by embracing the opportunity to address constructive critiques (I’m not talking about addressing snide comments).
Just my 2 cents.
p.s.: @patrick , can you provide a link to the FAQ. I can’t seem to find it.
2 Likes
Thanks for the link, I’ll read it properly. It is that kind of argumentation I was expecting from /e/ team and it looks like I’m not the only one. As for my tone it’s a result of following chat on Telegram and answers given on this forum. And all the publicity around /e/ which is in the same manner, no mention that /e/OS is ATM just LOS and some apps from FDroid as if they just invented hot water. It was all like a conversation with tech support from Microsoft and I’m sick and tired of that stuff.
Nevertheless I will follow the project given that facts/data become more important then rhetoric.
So the best thing to do, in my own opinion, is to join us and kindly advise/guide us to make this project better in communication maybe? Is this the matter, the communication method? Content?
1 Like
In some way I have to agree with @andu. I am quite enthusiastic about having another choice for a mobile operating system. But even though I read a lot about /e/ and the idea behind it, it is not really clear what the aim is and where /e/ is different from LineageOS for microG, technically speaking.
A lot of focus seems to go into aesthetics and building an easy to use branded product, bundled with integrated online-services (mail, storage, etc.). This is nice to look at and already pleasing to use, but does not address the real problem - if we just replace Google or Apple by /e/ nothing is gained in terms of privacy or choice. Also, with limited resources re-inventing the wheel (such as forking the K9 mail client instead of contributing to its core code or building yet another launcher) seems a waste to me.
I doubt /e/ can build enough critical mass to start a real 3rd OS in the market, where heavyweights such as Microsoft, Samsung (Tizen), Intel and former Nokia guys with Sailfish have failed. So what exactly is /e/ trying to build? Something like a linux distribution (but for android), gluing together a number of well known apps + some individual aesthetics?
What I think is really needed instead is a solid base with an open ecosystem:
- a mobile base system that does not spy on me
- ability to run any android app (well, maybe except those very much tied to Google Services), but stopping them from spying on me
- ability to use mail/calendar/contacts/storage/etc provided by a broad range of providers (or self-hosted for geeks)
This would require a large effort, but could maybe be pulled off based on Lineage for microG. But for this to work, it needs to be clear what the focus of /e/ is and where others from the community (such as the microG devs) are needed.
1 Like
These are exactly the plans. I suggest you to read these articles (the project was called eelo but had to change name because of trademarks issue):
https://hackernoon.com/leaving-apple-and-google-my-eelo-odyssey-introduction-d22741f990d7
https://hackernoon.com/leaving-apple-and-google-my-eelo-odyssey-part2-web-services-4c01bb838279
1 Like
I disagree. With corporations your data is their bread and butter, how they make their money by using your data. By leaving them you are choosing to take a stand and using systems that respect the security of your data. That is what privacy in the context of information security means, that your data is secure from abuse.
The e foundation tag line is “Your data is your data”. That is the goal, to protect your data from misuse in ways you do not approve or control.
4 Likes
You are welcome. I’m happy that I have you useful information. Cheers 
After reading that reddit discussion I now have a thirst to know more about how /e/ intend to address the security side. The ultimate goal is to have /e/ shipped by OEMs on their devices, so these security issues need to be addressed at some point.
Is the approach going to be
- Get /e/ v1.0 stable
- Address all the security issues
Or the other way around?
My use case for /e/ is to replace Google-Android on out-of-support phones used by members of my family, for which I need stability and security.
Good: you are at the right place. The V1 is planned to be stable because it won’t be a beta anymore + clear of Google stuff + pipes shouldn’t leak to any Google servers so it’s a good beginning to have a secure OS.
Well, I just worked out that the phone I want to run /e/ v1.0 on will probably not get v1.0 as there is currently no LOS 15.1 build and it’s looking unlikely that it will be built.
Still, more information on what the /e/ team are doing to address the security issues raised in that Reddit thread would be appreciated.
I found this discussion as I’m interested in verified boot (relocking bootloader after installing the OS). This is one of the points raised by the Copperhead Person on the linked comment on reddit.
I searched for it and it seems that LineageOS will not support verified boot as it would make using gapps harder. My theory (not a developer here) is that’s because any change on the system partition needs to be signed by the same key and they can’t distribute gapps for licensing reasons. Following this logic it should not be a problem for /e/ to support verified boot (like CopperheadOS did).
This would be a nice selling point for technical/paranoid users to distinguish /e/ from LOS. Please consider this.
And of course: thanks to everyone for putting your energy into this project. It’s urgently needed.
regards,
hex
2 Likes