Tweaking user-hostile OSes into user-friendly ones is impressive, but not sustainable. Even worse, it slowing us down from leaving Android entirely.
Look at the AdBlocker crackdown of Google Chrome. Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it, because it is impossible to maintain features that complex on a browser that Google spends >$1B/year to develop.
Same story for /e/ and GrapheneOS, the day Google pulls the plug on source code releases, god knows how long they will last. We should focus our efforts on truly open platforms.
>Even worse, it slowing us down from leaving Android entirely.
There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing. Running Ubuntu Touch isn't a viable option. Neither is postmarket, librem, tizen, they're all terrible. Security wise, for something as critically important in our lives as a smartphone, I am also not trusting any new pet project that won't be stable for 10 years.
Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour because you know how to SSH on it from your watch and put it in sleep, but that's not a viable option. Leaving Android is suicide. A large part of its critical underpinnings are already into the kernel anyways, just disabled. (although a distro running binder could be a fun project). APIs are reverse engineerable generally speaking, except for the server part of play services. But then, if your issue is "my bank won't let me access their app without play services attesting me", I have great news, you won't even have an app for it on your new OS anyways, so it will not work by default. There's already not enough people working on GrapheneOS _or_ on mainstream linux OSes, what makes you think the sitation won't be ten times worse for your custom made mobile OS ?
>We should focus our efforts on truly open platforms.
Android is one, and that can never be taken away. Google pulls the plug ? cool, you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community. Hell, for all the shit that Google is doing, they're still constrained by having to work with other vendors: the system privileged notification receiver is swappable at build time, the recent app signing/verification system also is, because Samsung wouldn't let them control it all.
I do agree, mobile OSS OSes are rough. My point is that we should help them instead of helping Google's toxic relationship. It happened with Chrome/Blink, and everyone already forgot that lesson.
About hard-forking Android, no one was brave enough (pun intended) to do that for Chrome, considering the insane complexity and engineering costs (>$1B/y). (Only Apple was able to affort it with Webkit/Safari, but they are in the ad business too.)
I kinda dont see how both of you cant be right. We need a mobile OS that google isnt involved in. Why not use pure open source android to do it. It can only be cheaper than making it from scratch, since it has alot of work already done on it
Building and maintainance cost are not linear, especially when you inherit legacy code. The AOSP codebase isn't great, is 4x bigger than the Linux Kernel, and full of "Ship now, patch later" mess.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
> Even worse, it slowing us down from leaving Android entirely.
I appreciate the vibes where this is coming from, but does it really? I think that assumes that everyone that works on this would work on a true open source OS otherwise, and that if they did, that would result in us breaking free from Android where we otherwise wouldn't. I'm not confident about either of those assumptions.
Meanwhile I'll keep complaining to orgs that don't allow me to work through their website, and tell them that their app won't work on my phone.
There are more OSS devs active on Android ROMs than OSS devs working on independent mobile OSes. We are running out of time, and we are misallocating ressources.
It's like bailing out water from the Titanic. We should prepare the lifeboats instead.
(GNU/)Linux on mobile is the true sustanable, independent OS. It relies on the existing, strong Linux development, natively runs existing Linux apps and guarantees you lifetime updates. What else do you need?
Brave said they'll try to maintain limited support for MV2 for only 4 specific extensions, but recommend Brave Shields as the go-to adblocker for the future. Google is about to remove most of the MV2 code from the codebase, which will explode the complexity soon.
Brave has perverse incentives to discontinue it because of their BAT crypto business model that rewards looking at ads.
Unfortunately even the fully open source Firefox isn't immune to the pressure from the advertising industry, with all their Google funding and their purchase of anonym.
That's a bizarre one. 'You need Chrome' is bad enough, which even the bloody NHS are guilty of, but I always assume that's 'just' an assumption that not Chrome means IE or something, and they haven't woken up even to the proliferation of mobile Safari users.
How do they do that? I'm not doubting that, it's an honest question. I understand how this works on Apple phones but I don't understand why an identity or attestation service cannot be replaced by another one by the alternative operating system when the hardware is not controlled by Google. Does Google have keys in tamper-proof chips? How else would those banks determine their apps are on the right phone? Or do those apps use Google authentication directly over the Internet, using hard-coded Google public keys?
Depending on the level of security you ask for Play Integrity, it can be:
* is this device rooted, is it an unsigned build ?
* Device is signed, but is it part of the blessed signing keys ? is play services untampered with ?
* Additional checks over the lifetime of the device.
You could fully trust the results of Play Integrity on device, but you can also send the returned token to your server, and your server then contacts play integrity to validate that token. So unless you know how to spoof those encrypted tokens, you won't go very far.
So basically an alternative OS can offer a service like Play Integrity and the only problem is that those banks hard-code a dependence on Google's Play Integrity and Google has a monopoly for that service?
This is something that could be addressed at least in the EU by mandating banks to allow alternative services or not use this service at all.
Chrome is just an example. Google stopped pretending Android is a general purpose OS and started cracking down on what is possible without Google’s approval. See developer verification, everything within Google services, etc.
> We should focus our efforts on truly open platforms.
But currently AOSP is very much open. That's also what the GrapheneOS devs say and why they want to continue using Android. Until it becomes clear that they will completely stop releasing the source code under a free software license i dont see why one should not use Android.
AOSP dev went private, and Google is slower and slower at releasing the source, now twice a year. Worse, many stock apps like the Dialer and Gallery went closed-source years ago.
But the source isn't the point, it's the governance. Just like Chrome, having the source is not enough to guarantee an open platform. Sure you can disable telemetry flags. But you cannot afford to maintain an important feature Google wants to remove, like MV2.
Building and maintainance cost are not linear, especially when you inherit legacy code. The AOSP codebase isn't great, is 4x bigger than the Linux Kernel, and full of "Ship now, patch later" mess.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
"Google built Android to be impossible to maintain without them."
Could be a very genuine answer to that question. Do you really need all of Android? What if you can build a very similar thing at a fraction of the size.
The irony of advertising a privacy-enabled de-googled system, and then telling me that my Firefox browser is not support, and that I should use Edge, Opera or Chrome instead....
This is related to Firefox unwilling to add support for WebUSB because, I suppose, they believe that a browser is not a general purpose application launcher and the scope of what it can do should be limited. As such, it should not be allowed to e.g. control peripherals like the USB devices.
Which is in my opinion a fairly reasonable take.
But given the current situation, I would assume that the companies providing WebUSB tools like installers would also spend a few moments to create e.g. a Python script that would do the same thing but locally. So that anyone unwilling to use WebUSB within their browser can have a vetted and transparent way to get the same thing done.
It's the specific functionality needed here that Firefox lacks that makes the /e/ page show the warning, unlike the lineage page that does not have the problem in the first place.
Google's hardware is just hardware. It is not locked down like the hardware of many other manufacturers. Moreover, it's the only such hardware which also allows you, the user, to lock it down for your own security. GrapheneOS is not just focused around avoiding Google, it's more accurately focused around security and user choice.
The goal is to give you the option to avoid needing to rely on Google's spying or services while not having to compromise on security.
None of these other solutions regularly get included in Celebrite's documentation as being an explicit benchmark of their software's ability to break into phones. And that's almost certainly due to the fact that unless you leverage hardware security features like what GrapheneOS (and stock Android on a Pixel, and iOS on an iPhone) utilises, you have no chance of going against any actual adversaries.
And I'm not just talking about state actors here, even drive-by opportunistic attacks are likelier on a random other phone running some other Android build.
So yeah, you are running Google hardware, that doesn't make you "googled". It's just a sad reflection on the reality of the hardware landscape. If you want the same security as what GrapheneOS offers, you will currently need to use a Pixel.
I'd be curious to see what comes out of their Motorola partnership though.
I must agree, you are right, GOS is only on Pixel phones.
But we have to keep in mind that /e/ has a lot of problems, the only one solved is sending data to Google. The security aspect of the OS is problematic and some key elements of a privacy seem questioning (IA integration, commercial collaborations, ...).
Uploading speech-to-text to OpenAI? Regular communication with Google? Using Google for assisted GPS? Giving a bunch of Google apps privileged access (if you need them for e.g. Android Auto)?
Well and besides that only shipping ASBs and no other security updates outside major Android releases (and both usually late). Using heavily outdated kernel trees (e.g. FP4 is using a Linux kernel patch level that hasn't been updated since 2020!), outdated vendor firmware blobs, etc.
It might work, but it is not very secure, nor very private.
/e/OS is Android, meaning it's still critically dependent on goodwill of Google to continue releasing their work as part of AOSP.
So if you're trying to be a silly purist, then /e/OS doesn't fit either. If you're not, getting a Pixel will significantly enhance your safety since they're better supported for security patches and better designed in hardware when it comes to security.
I think it is legitimate to be a purist about smartphones, but I don't think the GP is. So, let's talk about the non-purist situation: Users like us want to de-google. But we are not willing to make all of the sacrifices that purists do. The question is then, what can we use (and - what projects can we support financially).
Now, we can use GrapheneOS if we have Google Pixel's. But - most people don't have those phones, for any number of reasons. One of them is price, by the way: You can get a decent smartphone for under 100 USD and even a half-decent one for 70 USD. And most people in the world are not in an economic situation where you can tell them "shell out 300 USD and buy a Google Pixel".
Moreover - suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic. Even if we're not going all the way, we are striving to distance ourselves from them.
So, an imperfect software solution for a wider selection of phones does sound quite useful. Change my mind! :-)
GOS is degoogled in all the ways that I care about - it's about the data they can gather. Among all the smartphone options that I consider usable day to day (leaving only Android and iOS at the moment), GOS is the most private and secure.
The post about Graphene partnering with Motorola is right about this one, currently, (Lenovo bought Motorola from Google in 2014.), so that point will no longer be valid as soon as they ship something.
If you can use GrapheneOS, good for you but what /e/OS offers is:
- Usable Android with your usual Android app (banking, etc)
- No data sent to Google by default
- Easier interface with nearly no bloatware
- Available easily on many smartphones, including older ones
- Extending the life of some smartphones
The price to pay is:
- Some Murena cloud bloatware
- Android security patches are sometimes delayed
- Security is not on par with GrapheneOS
If your main concern is protecting your privacy from Google and extending the life of your smartphone without breaking a sweat, /e/OS is probably the best option.
If your main concern is protecting against state actors attacks or very specific threats, then GrapheneOS might be better.
/e/OS works really great for non-techie users. I’ve done it in my family.
Even on non-pixel devices, unless you really want to use the /e/ "ecosystem, there are probably better options like LineageOS for microG iodéOS.
(/e/ used to be heavily based on an outdated version of LineageOS for microG. I'm not sure what the current state is after I settled on second-hand pixel with graphene)
iodé is available for my device as well, but it looked fairly similar to /e/OS to me (and the latter has an official partnership with my phone's manufacturer). What makes it a better option - should I switch?
Because upstream LineageOS doesn't support microg out of the box. You can install it but it needs signature spoofing to pass Google's SafetyNet garbage.
Bonus point for some roms that allow you to relock the bootloader after the install (iodéOS, CalyxOS).
I'm currently looking for a new Android phone. I don't like the Pixel and deep integration with Google. I looked at the Fairphone with /e/OS and the Pixel with GrapheneOS, but unfortunately there's no certainty that everything will work or where the boundary is between Google Android and "clean" Android. For example, it turned out that Android Auto is essentially Google Auto and I don't what find out what is dependent on Google. I want something that just works. A phone isn't something I want to tinker with like Linux ten years ago. So basically the choice comes down to Samsung and Chinese brands.
I get the appeal of degoogling, but this seems to just be replacing that with alternatives run by another commercial company, just one I've never heard of before.
Why does it even need "One account for your privacy" ... "Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem" when it'd be even better to have everything on-device without an account at all.
Even more, Murena seems to be owned by Qwant who seem to be in the business of selling a search engine, and while they currently claim to be all about user privacy, this is basically exactly how Google started nearly 30 years ago.
I wonder if they'd be happy if, for instance, somebody took this system and debundled Murena and switched it to using duckduckgo. Would they embrace that too, or sue them into oblivion?
I have been using e/OS but moved away when an upgrade to the next version required to manually wipe the device. I could cope with the little inconveniences of a degoogled phone, but wiping the device myself following a unclear procedure was too much for me. My phone is not a hacking subject. It's a tool. Still, it worked reasonably well and I would have upgraded and kept using it if the upgrade had been easier.
I am on e/OS since 2021 with a FP3 and, for what is worth, I never had to reinstall, wipe or anything. My phone just had it's 5th birthday and it has been a single continuous set of updates.
I know the versions differ by model, so perhaps your model was not as well supported.
That is all nice and well, but Google is primarily an advertisement business. A huge corporation that gained enormous power that operates only to satisfy its own self interest. So that gives us non-Googlers more to think about than just that consideration to take into account.
I wonder how this compares to GrapheneOS in practice.
>Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem, allowing to store, back up and retrieve your data safely on remote servers.
This sounds like their version is somewhat married to Murena. While probably better than Google, still not independent.
They're also advertising features such as "hiding your IP address [...] when you feel like it" – which sounds a lot like a VPN – without mentioning much about who the traffic is going through or how they might log it.
> I wonder how this compares to GrapheneOS in practice.
https://eylenburg.github.io/android_comparison.htm is a fairly complete comparison. One of GrapheneOS' biggest features is that they sandbox Google services (if you choose to install them), whereas e/OS gives them privileged access by default (via microG). Calling it a "degoogled" OS while microG uses Google's proprietary blobs is... a choice.
I'm on /e/OS and don't use Murena Workspace (which I think is just a Nextcloud instance that they host). For the past couple of years in which I've used it, I have felt zero pressure to use Murena Workspace. Though I imagine it might be neat if you host your own Nextcloud instance, which might be nicely integrated too.
(That said, yes, I don't quite trust their VPN or app store, since it's unclear who's running it - in the latter's case, I imagine that's also a legal matter.)
I have both a Jolla C2 phone, and an E/Os device, on a nothing CMS1 phone. Both are great. I like the Jolla Phone for its SailfishOS, which has great UI/Ux. I am less enthusiastic about the hardware. (good enough though) The E/OS really is good, all apps work good, and really much is done for privacy protection. But if the hardware is more performant, and with a few extra features i'd still opt for SailfishOS
Not that it matters but I just noticed certain titles on their website can be edited. For example the text "Use our /e/OS Installer" can be modified and I noticed it because I accidentally pasted my clipboard there. I suppose contenteditable should be set to "false".
fuck me i'm doing work even though i should be working right now
Overall, everything works pretty well for me (user for multiple years), except all apps which are too bound too Google Play Services as microG is not stubbing/implementing all APIs.
So all apps with premium subscription you can only handle through in-app purchase, usually won't work.
I've heard that some banking apps are not working correctly either as not "secured" enough device, in my personal experience, they all worked, it's really a case-by-case logics here.
For the upgrade, OTA upgrade around every month, and it has always worked smoothly
* /e/OS sends user speech data to OpenAI without consent [1], and thought this was ok until they got caught [2].
* /e/OS massively delays security patches, and calls this a "standard industry practice" [3]. Meanwhile, GrapheneOS' opt-in security preview releases provide early access to security updates prior to official disclosure [4]. Also see [0] (Security update speed) and [7] (WebView being 40 security updates behind).
* microG downloads and executes proprietary Google binaries in a privileged environment [5] [6]. You can obviously not audit these, nor should this count as "degoogled".
* microG still phones home to Google by default (android.clients.google.com for device registration check-in, mtalk.google.com for FCM push, firebaseinstallations.googleapis.com for SIM activations) [7].
[0] has a comparison of popular privacy and security-focused Android-based OS, which paints the whole picture. Privacy-friendly does not necessarily mean secure, but in this case "privacy-friendly" is quite a stretch already.
At the link, I see a lot of text about a company called Murena. Including:
> Operated by Murena, your Murena Workspace account @murena.io is at the
> centre of the ecosystem, allowing to store, back up and retrieve your
> data safely on remote servers.
That seems to suggest that we would be replacing one large overbearing corporation with a smaller and less-evil overbearing corporation. Is e/OS an open-source facade for Murena?
The timing of this post right below the Motorola/GrapheneOS partnership is pretty funny.
I've been running /e/OS on a Fairphone for about a year now. The experience is... fine. Not great. App compatibility is the main pain point. Banking apps are hit or miss even with microG. Updates lag behind GrapheneOS significantly.
The Murena cloud stuff is the part that bothers me most. You're trading one cloud dependency for another. At least with GrapheneOS you get a clean slate and can choose your own sync solution (Nextcloud, whatever).
That said, /e/ supports way more devices than GrapheneOS does. For people who can't or won't buy a Pixel (or now Motorola), it's one of the few options. The real question is whether the Motorola partnership changes the calculus. If GrapheneOS gets proper OEM support, the device limitation argument mostly goes away.
Look at the AdBlocker crackdown of Google Chrome. Every single chrome-fork has shut down MV2 extensions, even Brave is about to do it, because it is impossible to maintain features that complex on a browser that Google spends >$1B/year to develop.
Same story for /e/ and GrapheneOS, the day Google pulls the plug on source code releases, god knows how long they will last. We should focus our efforts on truly open platforms.
To what?
There are zero OSes that are 1/ open source 2/ appropriate for phones 3/ with good hardware support. There's absolutely nothing. Running Ubuntu Touch isn't a viable option. Neither is postmarket, librem, tizen, they're all terrible. Security wise, for something as critically important in our lives as a smartphone, I am also not trusting any new pet project that won't be stable for 10 years.
Sure, you might be a poweruser that doesn't care about your phone burning its battery in your pocket after 1 hour because you know how to SSH on it from your watch and put it in sleep, but that's not a viable option. Leaving Android is suicide. A large part of its critical underpinnings are already into the kernel anyways, just disabled. (although a distro running binder could be a fun project). APIs are reverse engineerable generally speaking, except for the server part of play services. But then, if your issue is "my bank won't let me access their app without play services attesting me", I have great news, you won't even have an app for it on your new OS anyways, so it will not work by default. There's already not enough people working on GrapheneOS _or_ on mainstream linux OSes, what makes you think the sitation won't be ten times worse for your custom made mobile OS ?
>We should focus our efforts on truly open platforms.
Android is one, and that can never be taken away. Google pulls the plug ? cool, you're stuck on Android 17, which is centuries of work ahead of literally anything else in the open source community. Hell, for all the shit that Google is doing, they're still constrained by having to work with other vendors: the system privileged notification receiver is swappable at build time, the recent app signing/verification system also is, because Samsung wouldn't let them control it all.
About hard-forking Android, no one was brave enough (pun intended) to do that for Chrome, considering the insane complexity and engineering costs (>$1B/y). (Only Apple was able to affort it with Webkit/Safari, but they are in the ad business too.)
Building and maintainance cost are not linear, especially when you inherit legacy code. The AOSP codebase isn't great, is 4x bigger than the Linux Kernel, and full of "Ship now, patch later" mess.
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
I appreciate the vibes where this is coming from, but does it really? I think that assumes that everyone that works on this would work on a true open source OS otherwise, and that if they did, that would result in us breaking free from Android where we otherwise wouldn't. I'm not confident about either of those assumptions.
Meanwhile I'll keep complaining to orgs that don't allow me to work through their website, and tell them that their app won't work on my phone.
It's like bailing out water from the Titanic. We should prepare the lifeboats instead.
Sent from my Librem 5.
Source?
https://brave.com/blog/brave-shields-manifest-v3/
Unfortunately even the fully open source Firefox isn't immune to the pressure from the advertising industry, with all their Google funding and their purchase of anonym.
8 of the 10 top smartphone manufacturers are Chinese, there's no going back from that.
https://e.foundation/installer/
I get a pop-up telling me that my browser is not compatible, and I should use Edge, Opera or Chrome. See [1]
[1] https://imgur.com/a/al1Q9DM
But on mobile, my bank and my government force me to use the Android/iOS duopoly.
* is this device rooted, is it an unsigned build ?
* Device is signed, but is it part of the blessed signing keys ? is play services untampered with ?
* Additional checks over the lifetime of the device.
You could fully trust the results of Play Integrity on device, but you can also send the returned token to your server, and your server then contacts play integrity to validate that token. So unless you know how to spoof those encrypted tokens, you won't go very far.
https://developer.android.com/google/play/integrity/overview
This is something that could be addressed at least in the EU by mandating banks to allow alternative services or not use this service at all.
>it is impossible to maintain features that complex on a browser
While Chromium is complex, it is modularized which does make it possible for teams to maintain features.
But currently AOSP is very much open. That's also what the GrapheneOS devs say and why they want to continue using Android. Until it becomes clear that they will completely stop releasing the source code under a free software license i dont see why one should not use Android.
But the source isn't the point, it's the governance. Just like Chrome, having the source is not enough to guarantee an open platform. Sure you can disable telemetry flags. But you cannot afford to maintain an important feature Google wants to remove, like MV2.
https://arstechnica.com/gadgets/2025/03/google-makes-android... https://www.androidauthority.com/android-16-qpr1-source-code...
But I agree that it is a significant endeavor. But the OSS community succeeded in similar projects before, and the current state of the Linux desktop makes me hopeful.
"Google built Android to be impossible to maintain without them."
Could be a very genuine answer to that question. Do you really need all of Android? What if you can build a very similar thing at a fraction of the size.
Browsing:
https://e.foundation/installer/
Reply:
https://imgur.com/a/al1Q9DM
Which is in my opinion a fairly reasonable take.
But given the current situation, I would assume that the companies providing WebUSB tools like installers would also spend a few moments to create e.g. a Python script that would do the same thing but locally. So that anyone unwilling to use WebUSB within their browser can have a vetted and transparent way to get the same thing done.
No, it's security concern.
https://github.com/mozilla/standards-positions/issues/100
Compare: https://wiki.lineageos.org/devices/tokay/
It's the specific functionality needed here that Firefox lacks that makes the /e/ page show the warning, unlike the lineage page that does not have the problem in the first place.
So I was actually expecting a device page, not a WebUSB program..
https://eylenburg.github.io/android_comparison.htm
The goal is to give you the option to avoid needing to rely on Google's spying or services while not having to compromise on security.
None of these other solutions regularly get included in Celebrite's documentation as being an explicit benchmark of their software's ability to break into phones. And that's almost certainly due to the fact that unless you leverage hardware security features like what GrapheneOS (and stock Android on a Pixel, and iOS on an iPhone) utilises, you have no chance of going against any actual adversaries.
And I'm not just talking about state actors here, even drive-by opportunistic attacks are likelier on a random other phone running some other Android build.
So yeah, you are running Google hardware, that doesn't make you "googled". It's just a sad reflection on the reality of the hardware landscape. If you want the same security as what GrapheneOS offers, you will currently need to use a Pixel.
I'd be curious to see what comes out of their Motorola partnership though.
If I have to give Google a lot of money every 4-6 years to remain "de-googled" then I never was.
But we have to keep in mind that /e/ has a lot of problems, the only one solved is sending data to Google. The security aspect of the OS is problematic and some key elements of a privacy seem questioning (IA integration, commercial collaborations, ...).
https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
https://gitlab.e.foundation/e/os/GmsCore/-/blob/a9e102567518...
https://forum.fairphone.com/t/e-os-betrays-users-privacy-ope...
https://eylenburg.github.io/android_comparison.htm
Well and besides that only shipping ASBs and no other security updates outside major Android releases (and both usually late). Using heavily outdated kernel trees (e.g. FP4 is using a Linux kernel patch level that hasn't been updated since 2020!), outdated vendor firmware blobs, etc.
It might work, but it is not very secure, nor very private.
So if you're trying to be a silly purist, then /e/OS doesn't fit either. If you're not, getting a Pixel will significantly enhance your safety since they're better supported for security patches and better designed in hardware when it comes to security.
I think it is legitimate to be a purist about smartphones, but I don't think the GP is. So, let's talk about the non-purist situation: Users like us want to de-google. But we are not willing to make all of the sacrifices that purists do. The question is then, what can we use (and - what projects can we support financially).
Now, we can use GrapheneOS if we have Google Pixel's. But - most people don't have those phones, for any number of reasons. One of them is price, by the way: You can get a decent smartphone for under 100 USD and even a half-decent one for 70 USD. And most people in the world are not in an economic situation where you can tell them "shell out 300 USD and buy a Google Pixel".
Moreover - suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic. Even if we're not going all the way, we are striving to distance ourselves from them.
So, an imperfect software solution for a wider selection of phones does sound quite useful. Change my mind! :-)
suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic
You may have seen that they are working with Motorola to release GrapheneOS-capable phones.
So is GrapheneOS
I don't think they use this term anywhere.
It also now works on Motorola devices, it's on my HN feed literally right above this post.
[1] https://grapheneos.org/releases
Did you read the article you mentioned? There's not yet a single non-Google device that can run GrapheneOS.
It is going to become available on selected Motorola devices at some point in the future.
https://news.ycombinator.com/item?id=47214645
For some user, /e/ is more approachable (Friendly and colorful UI)
I could not get my mother to use GrapheneOS, /e/ is a lot simpler.
Still miles better than to use a Default ROM from most OEM.
If you can use GrapheneOS, good for you but what /e/OS offers is:
- Usable Android with your usual Android app (banking, etc) - No data sent to Google by default - Easier interface with nearly no bloatware - Available easily on many smartphones, including older ones - Extending the life of some smartphones
The price to pay is:
- Some Murena cloud bloatware - Android security patches are sometimes delayed - Security is not on par with GrapheneOS
If your main concern is protecting your privacy from Google and extending the life of your smartphone without breaking a sweat, /e/OS is probably the best option.
If your main concern is protecting against state actors attacks or very specific threats, then GrapheneOS might be better.
/e/OS works really great for non-techie users. I’ve done it in my family.
(/e/ used to be heavily based on an outdated version of LineageOS for microG. I'm not sure what the current state is after I settled on second-hand pixel with graphene)
I get the appeal of degoogling, but this seems to just be replacing that with alternatives run by another commercial company, just one I've never heard of before.
Why does it even need "One account for your privacy" ... "Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem" when it'd be even better to have everything on-device without an account at all.
Even more, Murena seems to be owned by Qwant who seem to be in the business of selling a search engine, and while they currently claim to be all about user privacy, this is basically exactly how Google started nearly 30 years ago.
I wonder if they'd be happy if, for instance, somebody took this system and debundled Murena and switched it to using duckduckgo. Would they embrace that too, or sue them into oblivion?
EDIT: maybe I was too hasty. I've just seen that it's open source and it seems like you can self-host the required cloud parts: https://gitlab.e.foundation/e/infra/ecloud-selfhosting
I know the versions differ by model, so perhaps your model was not as well supported.
Very poor first impression.
>Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem, allowing to store, back up and retrieve your data safely on remote servers.
This sounds like their version is somewhat married to Murena. While probably better than Google, still not independent.
They're also advertising features such as "hiding your IP address [...] when you feel like it" – which sounds a lot like a VPN – without mentioning much about who the traffic is going through or how they might log it.
https://eylenburg.github.io/android_comparison.htm is a fairly complete comparison. One of GrapheneOS' biggest features is that they sandbox Google services (if you choose to install them), whereas e/OS gives them privileged access by default (via microG). Calling it a "degoogled" OS while microG uses Google's proprietary blobs is... a choice.
The GrapheneOS developers are very sceptical of e/OS (https://xcancel.com/GrapheneOS/search?f=tweets&q=e/os), but you should obviously take biases into account here. Murena's CEO occasionally participates too: https://xcancel.com/gael_duval/search?f=tweets&q=grapheneos
You can do this on any other android device using an app like Orbot or Tor VPN beta
(That said, yes, I don't quite trust their VPN or app store, since it's unclear who's running it - in the latter's case, I imagine that's also a legal matter.)
This is usually not a good sign.
I'd prefer to have an OS provider that does one thing well.
fuck me i'm doing work even though i should be working right now
This seems like the worst of both worlds.
So all apps with premium subscription you can only handle through in-app purchase, usually won't work.
I've heard that some banking apps are not working correctly either as not "secured" enough device, in my personal experience, they all worked, it's really a case-by-case logics here.
For the upgrade, OTA upgrade around every month, and it has always worked smoothly
This is what that auditing actually reveals:
* /e/OS sends user speech data to OpenAI without consent [1], and thought this was ok until they got caught [2].
* /e/OS massively delays security patches, and calls this a "standard industry practice" [3]. Meanwhile, GrapheneOS' opt-in security preview releases provide early access to security updates prior to official disclosure [4]. Also see [0] (Security update speed) and [7] (WebView being 40 security updates behind).
* microG downloads and executes proprietary Google binaries in a privileged environment [5] [6]. You can obviously not audit these, nor should this count as "degoogled".
* microG still phones home to Google by default (android.clients.google.com for device registration check-in, mtalk.google.com for FCM push, firebaseinstallations.googleapis.com for SIM activations) [7].
[0] has a comparison of popular privacy and security-focused Android-based OS, which paints the whole picture. Privacy-friendly does not necessarily mean secure, but in this case "privacy-friendly" is quite a stretch already.
[0] https://eylenburg.github.io/android_comparison.htm
[1] https://grapheneos.social/@GrapheneOS/114880528716479708
[2] https://community.e.foundation/t/clarification-about-voice-t...
[3] https://community.e.foundation/t/e-os-and-security-updates/7...
[4] https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
[5] https://github.com/microg/GmsCore/blob/e19a9985204ec8329c1d9...
[6] https://github.com/microg/GmsCore/blob/e19a9985204ec8329c1d9...
[7] https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
But then again, maybe that's the point :)
> Operated by Murena, your Murena Workspace account @murena.io is at the > centre of the ecosystem, allowing to store, back up and retrieve your > data safely on remote servers.
That seems to suggest that we would be replacing one large overbearing corporation with a smaller and less-evil overbearing corporation. Is e/OS an open-source facade for Murena?
> a unique privacy enhanced environment.
... consider proofreading.
I've been running /e/OS on a Fairphone for about a year now. The experience is... fine. Not great. App compatibility is the main pain point. Banking apps are hit or miss even with microG. Updates lag behind GrapheneOS significantly.
The Murena cloud stuff is the part that bothers me most. You're trading one cloud dependency for another. At least with GrapheneOS you get a clean slate and can choose your own sync solution (Nextcloud, whatever).
That said, /e/ supports way more devices than GrapheneOS does. For people who can't or won't buy a Pixel (or now Motorola), it's one of the few options. The real question is whether the Motorola partnership changes the calculus. If GrapheneOS gets proper OEM support, the device limitation argument mostly goes away.