GrapheneOSPositon (https://positon.xyz/) is a geolocation service closely tied to a group of people targeting our team with harassment. We urge people to avoid submitting their sensitive location data to this service. People involved in it have supported doxxing and swatting attacks.
They intend to lock people in to the service by keeping a lot of the data proprietary. They've repeatedly talked about locking people into it and avoiding having alternatives to it. Their priority is having control and ownership of data while sabotaging decentralized approaches.
rock eater@GrapheneOS do you have a source for these doxxing, swatting, or lock in plans….?
@GrapheneOS or the security claims about eOS either? i cant find any information about it online
Look at the DivestOS site and particularly the posts by SkewedZeppelin (security researcher and lead developer of DivestOS) about /e/OS on their forum and elsewhere.
You can find lots of information about it online beyond that. You can easily confirm that they're consistently way behind on security patches for the OS and browser, set an inaccurate security patch level, downplay it / mislead users about it and massively roll back security beyond how much LineageOS already does.
@GrapheneOS yeah, no, sorry. This is not a source. I asked for a source and you basically responded with “look it up”.
Just because you’ve given me more instructions on what exactly to look up (in this case the security researcher) that doesn’t mean you’ve provided a source. That’s like if someone comes up to you and starts parroting some random political talking point and when you ask where they heard this they just say ‘Biden said it in 2023’.
That’s not a source, it’s a guide to find more information.
@kali We're speaking about it as a privacy and security research/development project with a long history of discovering vulnerabilities and working with upstream projects. Our statements are based on the /e/OS source code and their public statements including marketing. You can confirm which Android version it's based on which patch level is provided for different components, and how they present that to users. It's completely verifiable information. Do you want us to link to a bunch of it?
@kali This shows how quickly operating systems ship the Android Security Bulletin patches for the Android Open Source Project, which is a small portion of the overall security patches. Around half of the important patches are for firmware, drivers, HALs and the Linux kernel which are not automatically obtained by applying these patches:
https://divestos.org/pages/patch_history
This shows /e/OS consistently lags behind around 1.5 to 2 months on this easiest portion of the patches. That's one part of it.
@GrapheneOS This is useful. Thank you.