Look at the AdBlocker crackdown of Google Chrome. Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it, because it is impossible to maintain features that complex on a browser that Google spends >$1B/year to develop.
Same story for /e/ and GrapheneOS, the day Google pulls the plug on source code releases, god knows how long they will last. We should focus our efforts on truly open platforms.
There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing. Running Ubuntu Touch isn't a viable option. Neither is postmarket, librem, tizen, they're all terrible. Security wise, for something as critically important in our lives as a smartphone, I am also not trusting any new pet project that won't be stable for 10 years.
Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour because you know how to SSH on it from your watch and put it in sleep, but that's not a viable option. Leaving Android is suicide. A large part of its critical underpinnings are already into the kernel anyways, just disabled. (although a distro running binder could be a fun project). APIs are reverse engineerable generally speaking, except for the server part of play services. But then, if your issue is "my bank won't let me access their app without play services attesting me", I have great news, you won't even have an app for it on your new OS anyways, so it will not work by default. There's already not enough people working on GrapheneOS _or_ on mainstream linux OSes, what makes you think the sitation won't be ten times worse for your custom made mobile OS ?
>We should focus our efforts on truly open platforms.
Android is one, and that can never be taken away. Google pulls the plug ? cool, you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community. Hell, for all the shit that Google is doing, they're still constrained by having to work with other vendors: the system privileged notification receiver is swappable at build time, the recent app signing/verification system also is, because Samsung wouldn't let them control it all.
World would be better off if they De-Google and De-Apple! You have to pay me to use Google and Apple!
About hard-forking Android, no one was brave enough (pun intended) to do that for Chrome, considering the insane complexity and engineering costs (>$1B/y). (Only Apple was able to affort it with Webkit/Safari, but they are in the ad business too.)
Building and maintainance cost are not linear, especially when you inherit legacy code. The AOSP codebase isn't great, is 4x bigger than the Linux Kernel, and full of "Ship now, patch later" mess.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
And yet the GrapheneOS devs seem to be managing just fine.
> But I agree that it is a significant endeavor.
Yes, in fact it is orders of magnitude more significant an endeavor that just building upon and improving the existing AOSP stack.
We need tablet computers that don't have hostile hardware like cameras and mics and sensor suites that can be remotely controlled, under proprietary firmware, completely out of owner control.
We need radio hardware and software that is entirely under owner control, with protocols and standards based connection controls; the notion that spectrum and cellular make network connectivity magically necessary to put under the draconian gatekeeping and surveillance of cellular carriers is flaming dumpster garbage.
The carriers are a primary threat vector. The hardware is a primary threat vector. The software is a primary threat vector.
There is absolutely no way to fix the current cellular phone security status quo, every single facet is designed to be leaky and allow "good guys" backdoored access "for the right reasons" and so on, whether it's "user experience telemetry" or "we have a warrant".
Running bog standard linux with sensible security defaults and a good softphone over an internet connection would be fine. There's nothing magical about phones or UX or wtfever this month's marketing rationalization is.
Handheld tablet computers with optional hardware, or even modular hardware, are going to be the future. The current paradigm of parasitic cellular carriers, invasive governmental regulatory bodies working on behalf of all sorts of corrupt interests, and complicit hardware manufacturers are 100% all in on milking consumers for every last unearned penny or intercepted PII they can get their grubby hands on.
Sailfish?
In addition, its compatibility with android apps is also chains: why would I bother developing for sailfish (especially since it involves Qt / Qt Creator) when I can just develop an Android app, and say it'll run well enough (unless it needs play integrity, which is the same problem, or somehow falls behind in android/androidx compatibility)
Linux has SELinux as a default option which Android makes good use of, some forks more than others, and setup correctly it is better than user isolation. You could also recreate the protection user isolation provides through policy alone.
Honest question: why are mobile devices more hostile than laptops/desktops?
It's a key to your life. The perfect target for any attacker.
It's far ahead, but at the same time, I think we shouldn't over-emphasise how much. Functionality at the beginning of a project's lifetime is way more important than incremental improvements (or just changes) made later, and thus while much more effort has been invested into Android, new projects primarily need to catch up when it comes to e.g. phone call support and stability, and won't have to redo a lot of the effort of e.g. implementing Material You 3 or whatever.
Which is to say that we're still years out from a viable competitor, but at the same time, there could be one five years from now, which is also not that long.
You're also underestimating the amount of fundamental work that goes in Android. The vast majority is hardware integration. It's not all fancy little bells and whistles. It would have the added benefit of not having to relearn the security mistakes like LIST_ALL_PACKAGES or READ_SMS permissions being open to all, at least.
This is the sad part. I've resisted that slippery slope as much as possible. In part because of ideological reasons, and in part for usability reasons. I have large hands and poor eyesight - using a phone for non-trivial tasks is tedious. I think the only thing I encounter from time to time that requires a smartphone is paying for parking. Everything else I do from a desktop, or don't do at all (doom-scrolling etc.)
I wish society would resist the smartphonification of everything for no reason. A lot of it is marketing- and surveillance-driven.
Not sustainable as opposed to what, exactly? Developing and maintaining a completely different mobile operating system? Focusing on truly open platforms sound nice in theory, but completely falls apart the moment you consider what people want to do with their phones compared to the developing resources available.
> Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it
That's just wrong, there are other forks that still support MV2 extensions right now, and at least brave has no plans of shutting down MV2 extensions even after Google removes MV2 from upstream completely. It will certainly add maintance effort on brave's side, but they already patch a million other things that upstream doesn't support.
Brave said they'll try to maintain temporarily limited MV2 support for only 4 specific extensions, but recommend Brave Shields as the go-to adblocker for the future. Google is about to remove most of the MV2 code from the codebase, which will explode the complexity soon.
The cost of writing code has fallen 100x in the past 3 years, and will likely fall 100x further. So actually, yes, thanks to AI it probably actually is reasonable to launch a fully new stack from scratch.
Maybe, but the cost of actually shipping a product has fallen by maybe 10%. I don't see dozens of production ready mainstream OSes and web browsers popping up because LLM can dump tens of lines of code per second.
Give it 12 months, you will see dozens of from-scratch large scale software projects shipping. New web browsers, new operating systems, new gaming engines, new productivity software, we are at the threshold of having an abundance of software that was previously only available from large corporations.
Multiple open source desktop/laptop operating systems are maintained.
A lot of people don't think this way because they haven't had any problems. But then one day it happens to you and you realize, ok, this is the one thing that matters - you're in a cashless store and the only way you can pay for your meal is to use Approved Apple or Approved Google operating systems.
Where I live, the app my electricity utility provides for viewing and paying my account DISABLES ITSELF FOREVER if you so much as enable USB debugging on your phone (even after you've disabled it again).
To their credit Graphene maintains a global database of which of these apps work and don't. They're the only ones I know of so a thousand upvotes to Graphene OS.
But for my banks, the records in that database are grim. They won't run on Graphene, and they don't respond to reports about it.
One of my banks just discontinued its web UI because "people don't use it anymore, they use the app only."
This is how they're going to get us, folks. This is how we're going to lose it all. Writing code alone will not solve this. It will require some kind of collective action to defend our liberties. Some parts of the world are already lost. So this situation will likely come to a jurisdiction near you eventually: to make a transaction you will need permission from Google, Apple, Visa, Mastercard, or it won't happen. Then that four company list will start to shrink.
These are self-inflicted problems by these apps. Nothing to do with the OS. These apps simply don't work. Complain to the companies that push these broken apps to you.
Would you buy a microwave oven that kills itself if you play the wrong kind of music in your kitchen?
So these problems become problems of the OS, not because the OS has a problem, but because it affects the reality of using the OS.
Send a letter like that certified. It gets attention, and the time to write and mail a check really isn't, if you batch your bills, more than using an app.
We do have ways to push their inconvenience back on them.
It's a big and hairy world out there. Having lived on three continents and traveled to some pretty wild places, I always get a kick out of seeing which rights people have and assume that the rest of the world also has.
We’ve gotten to the point where unfortunately it is a luxury to fight for your privacy and consumer rights.
My utility company, for instance, literally won’t let you navigate their site with a VPN running. These kinds of practices are commonplace and becoming standard.
But I'm OK because one of my banking apps has some method of reading my contract number from the disabled electricity company app, and telling me how much I should pay and then it fires off a payment to them. Even though I can no longer use the electricity app directly because I enabled USB debugging once, the banking app is somehow still able to pick up this info from it.
Of course, said banking app refuses to run on Graphene or any of these other Google Play-less OSes, and the bank doesn't respond to inquiries about that issue, multiple people have tried.
The other bank I use does respond, and says they'll never run on "alternative OSes" because "alternative OSes are too insecure." They don't respond to followups.
I'm just saying man. A lot of people think this stuff is trivially solved because there is an option available to them in their home country. You don't know how big and nuts this world of 8 billion people and 200 countries is. This stuff varies beyond imagination, sometimes for the much worse.
I would say we need both a sustainable free mobile OS in the long term, and a "less worse Android" today in the meantime.
Initiatives like FairPhone paying someone to upstream device support in the mainline kernel / postmarketOS are interesting for both approaches at the same time (but extra effort would be needed, the FairPhone 5 almost working under postmarketOS [1] is kinda irritating, I hope it reaches full support before Lineage OS stops being updated for this device).
Ignoring hardware support, Linux mobile OSes are quite usable now.
Hardware support is the next step, and only then we can imagine the proprietary apps we are forced to use to work there (though Waydroid provides some answer to this as well).
Another way of helping the cause would be, I suppose, lobbying for laws that forbid the dependency on an stock Google or Apple mobile OS. Or, maybe we can dream a bit, mandatory open source releases for those apps and standard APIs.
[1] https://wiki.postmarketos.org/wiki/Fairphone_5_(fairphone-fp...
Let's see...
https://www.techpolicy.press/the-true-cost-of-browser-innova...
* Most of the personnel involved in developing web technologies are engineers, but they also include product managers, sales, marketing, legal, customer support, and other functions.
* Given the complexity of Chrome and web technologies, the engineering teams skew towards higher levels of seniority. Assume that Staff Software Engineer is the most common engineering level represented across the web technologies teams, which is towards the more senior end of Google’s software engineering job ladder.
* The average base salary for Google employees working on web technologies is $240k and the average annual take-home pay is $500k, including salary, bonuses, and stock payments. These estimates are close to the current average base salary and take-home pay for Google Staff Software Engineers listed on industry salary data sites.
* Google has approximately 2000 staff working on web technologies.
Using the above assumptions, the estimated personnel cost for web technologies is 2000 * $596k = $1.2B. Of course there are additional costs associated with these businesses. Based on this sketch, it seems fair to assume that Google spends at least $1-2B annually on Chrome, Chromium, and the evolution of the web platform.
I appreciate the vibes where this is coming from, but does it really? I think that assumes that everyone that works on this would work on a true open source OS otherwise, and that if they did, that would result in us breaking free from Android where we otherwise wouldn't. I'm not confident about either of those assumptions.
Meanwhile I'll keep complaining to orgs that don't allow me to work through their website, and tell them that their app won't work on my phone.
It's like bailing out water from the Titanic. We should prepare the lifeboats instead.
The thing is that those people aren't "resources" that you can just "reallocate". And even if they were, two extra buckets weren't going to save the Titanic.
And yes, people reallocate all the time, it's called a cultural shift, and it's healthy discussion to have.
Sent from my Librem 5.
I’m being gently snarky, of course, but the goal shouldn’t be an MVP that nerds who are deeply into privacy or FOSS or hate Google can tolerate - it should be something that disinterested normies could seamlessly and happily use.
The way to make disinterested normies able to use it is to have lots of nerds capable of fixing various papercuts themselves switch already and contribute rather than complain.
But the reality is that it's not quite that straightforward. Linux desktop is a perfect example of that. We have tons of nerds working on the Linux ecosystem. Many on distros meant to ease transition from Mac/Windows to Linux (like Pop OS).
But if I were to tell my mom to install Pop OS, she would look at me like I'm crazy.
In some ways, Linux has become "cool" — Steam Machine and Steam Deck run Linux, and they're popular. Unfortunately, they're popular within a niche, and even then, they're popular for only a slice of digital life. People don't do work on a Steam Deck and I can't imagine many doing work on a Steam Machine.
Mobile phones are completely different though because most people have one phone. And that phone needs to do everything they need it to do. It needs to run the apps they need. It needs to play the games they want. It needs to integrate into everything. And it also needs to look trendy, because smartphones have become a bit of a status symbol of sorts.
So, while I agree that us nerds must become part of the solution than the problem, it's not enough. We need buy-in from major service providers. We need marketing. That's all stuff that the typical nerd can't/won't do.
What would she say if you asked her to install Windows? It doesn't matter. Normal people should either buy preinstalled or ask technical people for help. Using GNU/Linux desktop is as simple as Windows. It will be the same with phones one day, if we push it.
Username checks out (I kid, I'm also a fan of their work).
Also, if you're using PureOS, what's that like? Have they updated to a debian 13 base yet? Pretty much the only thing stopping me from at least trying it out is the super old version of GNOME
I gave a couple of links to my reviews in another comment here.
> Have they updated to a debian 13 base yet?
No, but they're advancing, https://forums.puri.sm/t/when-and-how-to-jump-to-crimson/300...
> fan of their work
Thanks!
A proper app sandboxing and permissions system?
Increasingly thinking of relegating my iPhone to 2FA and maybe banking only.
Everything that works on desktop GNU/Linux should work on the phone, too. I use Pika Backup app.
> communication
AFAIK none of the apps you listed officially support Linux ARM, so you have to go through some configuration unfortunately. I do not use any of them, I use Matrix.
> Signal
https://forums.puri.sm/t/signal-app-now-usable-in-portrait-m...
https://framapiaf.org/@lolgzs/113010288224110061
> Whatsapp ... Discord
https://forums.puri.sm/t/how-to-install-whatsapp-and-discord...
https://forums.puri.sm/t/librem-5-web-whatsapp-com-not-worki...
https://source.puri.sm/libremos/tasking/-/issues/1
> Media
Are you talking about watching videos and listening to music? It works fine.
At the end of the day, I need a bank account, and access to it, would it only be for buying food, or paying my mortgage.
Too bad dual boot is not an option, or VMs.
What are you even talking about? My non-technical relatives have been using Debian for many years already.
Source?
Unfortunately even the fully open source Firefox isn't immune to the pressure from the advertising industry, with all their Google funding and their purchase of anonym.
If these apps cannot run on deGoogled Android, then deGoogled Android cannot be slowing us down from leaving Android because using deGoogled alternatives is as inconvenient for banking and government services as using a non-Android alternative would be.
interesting tidbit: my bank offers their app from google and from huawei store. it doesn't work on /e/OS however. (but that might also be a /e/OS bug).
this means what we really need is a viable play store alternative. EU regulations could make that happen.
Ungoogled chromium still supports MV2, and uBlock origin extension works fine.
To what?
De-Googled Android was/is a truly open platform. Same result. You're pointing out maintenance issues.
How many developers do we have to maintain this or any other platform without pay? That problem applies to a de-Googled fork of Android, or a complete bottom up build of a new platform.
The benefit of using an Android fork is the labor savings on what's already built.
Maintenance is not going away just because we build a new OS.
8 of the 10 top smartphone manufacturers are Chinese, there's no going back from that.
Basically what you’re implying is that all the people working on Android derivatives like Lineage, Graphene, and /e/ coming together and working instead on a fully open source OS like a Linux mobile distribution would result in better outcomes and actually get us closer to a daily driveable open source environment phone operating system.
That’s analogous to saying that an automotive tuning shop that puts turbochargers and body kits on Toyota Corollas shouldn’t waste their time, and they should instead design and mass produce their own sports car.
The level of effort difference between AOSP derivatives and a fully open source OS is massive.
https://e.foundation/installer/
I get a pop-up telling me that my browser is not compatible, and I should use Edge, Opera or Chrome. See [1]
So I was actually expecting a device listing page, not a WebUSB program.
Anyway, assuming it's for WebUSB flashing, I agree with other commenters it should just explain that's not available and still give the instructions - bonus points for hiding the unusable WebUSB option.
But on mobile, my bank and my government force me to use the Android/iOS duopoly.
* is this device rooted, is it an unsigned build ?
* Device is signed, but is it part of the blessed signing keys ? is play services untampered with ?
* Additional checks over the lifetime of the device.
You could fully trust the results of Play Integrity on device, but you can also send the returned token to your server, and your server then contacts play integrity to validate that token. So unless you know how to spoof those encrypted tokens, you won't go very far.
https://developer.android.com/google/play/integrity/overview
This is something that could be addressed at least in the EU by mandating banks to allow alternative services or not use this service at all.
>This is something that could be addressed at least in the EU by mandating banks to allow alternative services or not use this service at all.
The EU mandates banks to be interoperable, and to guarantee the security of users. You can solve that issue by going through an alternative app that doesn't use play integrity and is PSD2 compliant so other banks let you call their APIs. It usually requires you to be a bank, and as a bank, you're really risk averse. So you use play integrity.
Why anyone ever gave that browser a second of trust is beyond be. The damn thing was built on hijacking ad revenue into some imaginary IOU crypto thing, and built by a creep.
>it is impossible to maintain features that complex on a browser
While Chromium is complex, it is modularized which does make it possible for teams to maintain features.
But currently AOSP is very much open. That's also what the GrapheneOS devs say and why they want to continue using Android. Until it becomes clear that they will completely stop releasing the source code under a free software license i dont see why one should not use Android.
But the source isn't the point, it's the governance. Just like Chrome, having the source is not enough to guarantee an open platform. Sure you can disable telemetry flags. But you cannot afford to maintain an important feature Google wants to remove, like MV2.
https://arstechnica.com/gadgets/2025/03/google-makes-android... https://www.androidauthority.com/android-16-qpr1-source-code...
"Google built Android to be impossible to maintain without them."
Could be a very genuine answer to that question. Do you really need all of Android? What if you can build a very similar thing at a fraction of the size.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
That depends on who "you" is. Maintaining extensive patch sets is still way cheaper than building and maintaining an entire browser.
Do you have details of specific realistic attacks that were possible under MV2 and now impossible under MV3?
I’ve been using a Murena/Fairphone running /e/OS as my primary phone for a while now, and honestly the experience has been much smoother than I expected. My banking apps work, GPS/navigation works reliably, messaging and everyday apps behave normally — I’m not constantly fighting the device or giving things up. After the initial setup, it just feels like a normal smartphone, except noticeably quieter in terms of tracking and background noise.
What surprised me most is that this isn’t a “privacy experiment” anymore. It’s a usable, stable daily driver. I still get the convenience people worry about losing, but with far fewer ties to Google services by default.
I think a lot of people hesitate because they assume moving away from stock Android means breaking essential apps or living with constant friction. That hasn’t been my experience at all. If you’re curious but unsure, it’s genuinely worth trying — the barrier is much lower than it used to be, and you might find you don’t miss as much as you expect.
"I wanted to add a perspective from an LLM sockpuppet, because I know you're all not deeply cynical and mistrustful yet."
Revolut stopped working for me for a while with the error that the bootloader wasn't recognised and rooted phones aren't supported. After about a month an OS update solved it.
I do not understand all the negativity, I think it is a solid alternative in the ecosystem, and choice is a good thing.
I used to only really speak about node.js topics because that was what I had real fighting experience with, at a scale beyond what most webdevs had ever seen. Those were also my most upvoted posts by far.
However, if you haven't already, I'd encourage you to read over their past comments. They all read almost identical to the start of this thread. Before this post they had something like 3 other comments on HN and they were all about how great /e/OS is. All of them have a blurb about the privacy focus of /e/OS. They all read like copy from marketing.
That is bizarre commenting behavior for a niche OS. And these weren't comments about using /e/OS, but rather comments speaking positively about using it.
Your posts on node.js, I assume, weren't all "Node.js is the greatest programming environment I've ever used. It's so smooth and fast." Instead, I'd wager your highly upvoted comments contained useful information about using node.js.
I'd also say, that there are people that work for various software tech companies who post here. The best comments I see almost always start with "Full disclosure, I work for X". Those are far better received.
This is behavior of an astroturfer, that's so what. Which is why you are being accused of that. It looks suspicious.
> should I ask for permission to discuss something?
Nope, the opposite. If you want to look like a non-astroturfer then engagement with other topics on the site would do that.
If you only engage with a single topic over the years and the only thing you contribute is "This is the absolute best working OS I've used, everyone should use it. I endorse it fully". People are going to be, understandably, suspicious of your motivations.
> it's crazy how omniscient people are aggressive on the internet.
We live in an internet filled with advertisements. Most of us have seen astroturfing. That's why we suspect you.
> Is that your normal behaviour IRL??
Absolutely it is! If someone knocks on my door telling me about the wonders of pest control, you'll forgive me for not taking their endorsement for the program they are selling as being solid. Same thing happens in churches. I'm instantly suspicious of someone that starts singing the praises of a product in church and, magically, starts hosting parties where they talk about the wonders of said product (see MLM).
This is a fact of living in a capitalist society. There's always an incentive to sell which makes everyone suspicious of product endorsements. Especially when that seems to be the only thing a person is capable of doing.
when they eventually found a new name "murena" it appears they then decided to use it as a brand for the phones that they themselves sell instead, keeping /e/OS as the name for the operating system
I just checked and Murena is an eel, too. Imho, one of the ugliest fish one could choose as a mascotte :S
curiously i always thought morays look cute.
Astroturfing kills any trust I had in e/OS.
*ios doesnt let you delete Safari so I set a 10 minute timer on it, and i dont have any adblock or content filtering enabled, so it's essentially only good for brief checks (auto-shop phone number, quick news check, etc.) but is useless for anything beyond that.
Browsing:
https://e.foundation/installer/
Reply:
Which is in my opinion a fairly reasonable take.
But given the current situation, I would assume that the companies providing WebUSB tools like installers would also spend a few moments to create e.g. a Python script that would do the same thing but locally. So that anyone unwilling to use WebUSB within their browser can have a vetted and transparent way to get the same thing done.
No, it's security concern.
This is especially strange considering they have the list of supported devices in their docs https://doc.e.foundation/devices
So I think the issue is that the button on the main page is poorly named
main page -> download and try! -> browse supported devices
lands on https://doc.e.foundation/devices which is a list of models, while
main page -> download and try! -> check device compatibility
lands on https://e.foundation/installer/ the chromium-only webusb page. It could be a better page; instead of showing a scary "navigator not suppored" modal demanding you install a particular browser, it could say the automated compatibility tester requires one of these browsers and your phone plugged in with USB, otherwise here's the device finder page
It's the specific functionality needed here that Firefox lacks that makes the /e/ page show the warning, unlike the lineage page that does not have the problem in the first place.
So I was actually expecting a device page, not a WebUSB program..
The goal is to give you the option to avoid needing to rely on Google's spying or services while not having to compromise on security.
None of these other solutions regularly get included in Celebrite's documentation as being an explicit benchmark of their software's ability to break into phones. And that's almost certainly due to the fact that unless you leverage hardware security features like what GrapheneOS (and stock Android on a Pixel, and iOS on an iPhone) utilises, you have no chance of going against any actual adversaries.
And I'm not just talking about state actors here, even drive-by opportunistic attacks are likelier on a random other phone running some other Android build.
So yeah, you are running Google hardware, that doesn't make you "googled". It's just a sad reflection on the reality of the hardware landscape. If you want the same security as what GrapheneOS offers, you will currently need to use a Pixel.
I'd be curious to see what comes out of their Motorola partnership though.
If I have to give Google a lot of money every 4-6 years to remain "de-googled" then I never was.
When you go with an alternative you lose superior privacy and security offered by GrapheneOS and you just end up leaking more data back to Google and other ad-tech companies than you would otherwise, negating any benefits several times over.
See: Advanced features, degoogling, privacy, security, and updates sections of https://eylenburg.github.io/android_comparison.htm
The real profit comes from their advertising business.
Maybe the phones are even subsidized by the ad business.
But we have to keep in mind that /e/ has a lot of problems, the only one solved is sending data to Google. The security aspect of the OS is problematic and some key elements of a privacy seem questioning (AI integration, commercial collaborations, ...).
Fix: IA => AI typo and various English errors.
https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
https://gitlab.e.foundation/e/os/GmsCore/-/blob/a9e102567518...
https://forum.fairphone.com/t/e-os-betrays-users-privacy-ope...
https://eylenburg.github.io/android_comparison.htm
Well and besides that only shipping ASBs and no other security updates outside major Android releases (and both usually late). Using heavily outdated kernel trees (e.g. FP4 is using a Linux kernel patch level that hasn't been updated since 2020!), outdated vendor firmware blobs, etc.
It might work, but it is not very secure, nor very private.
I don't use e/os but it doesnt' seem like a terrible compromise to me personally.
So if you're trying to be a silly purist, then /e/OS doesn't fit either. If you're not, getting a Pixel will significantly enhance your safety since they're better supported for security patches and better designed in hardware when it comes to security.
So is GrapheneOS
I think it is legitimate to be a purist about smartphones, but I don't think the GP is. So, let's talk about the non-purist situation: Users like us want to de-google. But we are not willing to make all of the sacrifices that purists do. The question is then, what can we use (and - what projects can we support financially).
Now, we can use GrapheneOS if we have Google Pixel's. But - most people don't have those phones, for any number of reasons. One of them is price, by the way: You can get a decent smartphone for under 100 USD and even a half-decent one for 70 USD. And most people in the world are not in an economic situation where you can tell them "shell out 300 USD and buy a Google Pixel".
Moreover - suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic. Even if we're not going all the way, we are striving to distance ourselves from them.
So, an imperfect software solution for a wider selection of phones does sound quite useful. Change my mind! :-)
suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic
You may have seen that they are working with Motorola to release GrapheneOS-capable phones.
I don't think they use this term anywhere.
It also now works on Motorola devices, it's on my HN feed literally right above this post.
It is going to become available on selected Motorola devices at some point in the future.
Did you read the article you mentioned? There's not yet a single non-Google device that can run GrapheneOS.
For some user, /e/ is more approachable (Friendly and colorful UI)
I could not get my mother to use GrapheneOS, /e/ is a lot simpler.
Still miles better than to use a Default ROM from most OEM.
If you can use GrapheneOS, good for you but what /e/OS offers is:
- Usable Android with your usual Android app (banking, etc) - No data sent to Google by default - Easier interface with nearly no bloatware - Available easily on many smartphones, including older ones - Extending the life of some smartphones
The price to pay is:
- Some Murena cloud bloatware - Android security patches are sometimes delayed - Security is not on par with GrapheneOS
If your main concern is protecting your privacy from Google and extending the life of your smartphone without breaking a sweat, /e/OS is probably the best option.
If your main concern is protecting against state actors attacks or very specific threats, then GrapheneOS might be better.
/e/OS works really great for non-techie users. I’ve done it in my family.
No data sent to Google by default
Not true. /e/OS does send data to Google by default: https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
They also use Google for assisted GPS when you use it, eSIM provisioning, widevine provisioning. Last time I checked, microG on /e/OS also downloads a Google binary blob for SafetyNet.
Besides analytics, if you install Google Apps (e.g. for Android Auto), many of them get higher privileges on /e/OS.
The price to pay is:
I would also add installing F-Droid apps (if you use App Lounge) through 'CleanAPK', without wanting to reveal why this is necessary or who owns/maintains CleanAPK.
They do quite a lot of fishy stuff. It may be incompetence, but yeah...
If your main concern is protecting against state actors attacks or very specific threats
This always sounds like systems like GrapheneOS are for paranoid people. But this is basically you if you ever go to a demonstration (e.g. in the US) or cross borders of certain countries (e.g. of the US), sadly things like Cellebrite have become very common. Then suddenly layered protection, not running years behind in security patches, a duress pin, or rebooting after not unlocking for a few minutes to get back to BFU aren't so bad. (IANAL, figure out yourself which of these are legal and not destruction of evidence.)
GrapheneOS is just another OS. It's no less usable than /e/ and it is no more difficult to get a phone with it than /e/. You can purchase both preinstalled.
But what I think a lot of people are missing is what you exactly just touched on. We have options! That's a good thing. Yeah, some options are not as good as others if you wanna optimize for X. Then don't use that option! Use the option that works for you.
To me, the fact that alternatives exist on varying spectra of "degoogle-fication" is a win in my book. The fact that we're able to talk about and recommend so many alternatives is a good thing.
(/e/ used to be heavily based on an outdated version of LineageOS for microG. I'm not sure what the current state is after I settled on second-hand pixel with graphene)
There has to be some fresh-out-of-college graphic designer in Berlin ready to make their name by designing a custom icon library for a project like this, ask around.
My only regret is that the simplified installation tool didn't work (my FP4 kept restarting), so I had to install it manually, which makes it inaccessible to users who are even less tech-savvy than me.
Finally, I still think it's an excellent alternative to Android, but we need to go further and allow our smartphones to work with other operating systems, particularly Linux. I am hopeful that one day we will have a Linux OS for our smartphones that performs as well as /e/OS (I have heard about Jolla smartphones and Sailfish OS, but unfortunately I have not tested them).
I get the appeal of degoogling, but this seems to just be replacing that with alternatives run by another commercial company, just one I've never heard of before.
Why does it even need "One account for your privacy" ... "Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem" when it'd be even better to have everything on-device without an account at all.
Even more, Murena seems to be owned by Qwant who seem to be in the business of selling a search engine, and while they currently claim to be all about user privacy, this is basically exactly how Google started nearly 30 years ago.
I wonder if they'd be happy if, for instance, somebody took this system and debundled Murena and switched it to using duckduckgo. Would they embrace that too, or sue them into oblivion?
EDIT: maybe I was too hasty. I've just seen that it's open source and it seems like you can self-host the required cloud parts: https://gitlab.e.foundation/e/infra/ecloud-selfhosting
Source? (would be interesting if it was)
It's just from their website a lot of mentions of Murena seemed to say powered by Qwant, or similar, and so it looked like they were closely linked.
I don't think these projects claim they've got better infrastructure for handling private data, just that they won't sell it to advertisers. I trust Google are experts at handling my data, I just don't want them to.
Very poor first impression.
This is what that auditing actually reveals:
* /e/OS sends user speech data to OpenAI without consent [1], and thought this was ok until they got caught [2].
* /e/OS massively delays security patches, and calls this a "standard industry practice" [3]. Meanwhile, GrapheneOS' opt-in security preview releases provide early access to security updates prior to official disclosure [4]. Also see [0] (Security update speed) and [7] (WebView being 40 security updates behind).
* microG downloads and executes proprietary Google binaries in a privileged environment [5] [6]. You can obviously not audit these, nor should this count as "degoogled".
* microG still phones home to Google by default (android.clients.google.com for device registration check-in, mtalk.google.com for FCM push, firebaseinstallations.googleapis.com for SIM activations) [7].
[0] has a comparison of popular privacy and security-focused Android-based OS, which paints the whole picture. Privacy-friendly does not necessarily mean secure, but in this case "privacy-friendly" is quite a stretch already.
[0] https://eylenburg.github.io/android_comparison.htm
[1] https://grapheneos.social/@GrapheneOS/114880528716479708
[2] https://community.e.foundation/t/clarification-about-voice-t...
[3] https://community.e.foundation/t/e-os-and-security-updates/7...
[4] https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
[5] https://github.com/microg/GmsCore/blob/e19a9985204ec8329c1d9...
[6] https://github.com/microg/GmsCore/blob/e19a9985204ec8329c1d9...
[7] https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
https://gitlab.e.foundation/e/os/GmsCore/-/blob/a9e102567518...
I know the versions differ by model, so perhaps your model was not as well supported.
>Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem, allowing to store, back up and retrieve your data safely on remote servers.
This sounds like their version is somewhat married to Murena. While probably better than Google, still not independent.
They're also advertising features such as "hiding your IP address [...] when you feel like it" – which sounds a lot like a VPN – without mentioning much about who the traffic is going through or how they might log it.
https://eylenburg.github.io/android_comparison.htm is a fairly complete comparison. One of GrapheneOS' biggest features is that they sandbox Google services (if you choose to install them), whereas e/OS gives them privileged access by default (via microG). Calling it a "degoogled" OS while microG uses Google's proprietary blobs is... a choice.
The GrapheneOS developers are very sceptical of e/OS (https://xcancel.com/GrapheneOS/search?f=tweets&q=e/os), but you should obviously take biases into account here. Murena's CEO occasionally participates too: https://xcancel.com/gael_duval/search?f=tweets&q=grapheneos
(That said, yes, I don't quite trust their VPN or app store, since it's unclear who's running it - in the latter's case, I imagine that's also a legal matter.)
This is usually not a good sign.
I'd prefer to have an OS provider that does one thing well.
You can do this on any other android device using an app like Orbot or Tor VPN beta
That does not make it "an OS owned by a search engine".
This seems like the worst of both worlds.
So all apps with premium subscription you can only handle through in-app purchase, usually won't work.
I've heard that some banking apps are not working correctly either as not "secured" enough device, in my personal experience, they all worked, it's really a case-by-case logics here.
For the upgrade, OTA upgrade around every month, and it has always worked smoothly
But then again, maybe that's the point :)
fuck me i'm doing work even though i should be working right now
> Operated by Murena, your Murena Workspace account @murena.io is at the > centre of the ecosystem, allowing to store, back up and retrieve your > data safely on remote servers.
That seems to suggest that we would be replacing one large overbearing corporation with a smaller and less-evil overbearing corporation. Is e/OS an open-source facade for Murena?
> a unique privacy enhanced environment.
... consider proofreading.
I've been running /e/OS on a Fairphone for about a year now. The experience is... fine. Not great. App compatibility is the main pain point. Banking apps are hit or miss even with microG. Updates lag behind GrapheneOS significantly.
The Murena cloud stuff is the part that bothers me most. You're trading one cloud dependency for another. At least with GrapheneOS you get a clean slate and can choose your own sync solution (Nextcloud, whatever).
That said, /e/ supports way more devices than GrapheneOS does. For people who can't or won't buy a Pixel (or now Motorola), it's one of the few options. The real question is whether the Motorola partnership changes the calculus. If GrapheneOS gets proper OEM support, the device limitation argument mostly goes away.
You might be right but there are new /e/OS releases every month, that's enough for me: https://gitlab.e.foundation/e/os/releases/-/releases