GrapheneOSJul 23, 2025

Information from the privacy and security researcher who founded the divested projects on the insecurity of /e/OS including hard data on update delays and skipped updates:

Issues with /e/OS: https://codeberg.org/divested-mobile/divestos-website/raw/commit/c7447de50bc8fadd20a30d4cbf1dcd8cf14805a0/static/misc/e.txt

ASB update history: https://web.archive.org/web/20241231003546/https://divestos.org/pages/patch_history

Chromium update history: https://web.archive.org/web/20250119212018/https://divestos.org/misc/ch-dates.txt

Chromium update summary: https://infosec.exchange/@divested/112815308307602739

For the Chromium update summary from July 2024, note 128/135 was shipping each update on a given update path. /e/OS only shipped 12/135.

Show threadsuomynona1405Jul 23, 2025
@GrapheneOS I wish the people would realise that privacy ≠ security. If they want both they need a Pixel phone with your custom rom.
Show threadBatiste ⁂Jul 23, 2025
@suomynona1405 @GrapheneOS well, security is a superset of privacy. I guess you really could call privacy "information security". You can't have your information secured (spoiler: the best way to secure information is to have no information to secure) unless you have broader robust security.
So saying "we secure your information (as in privacy) but also we're not security focused" makes no sense.
Privacy is not a secret third thing, it's applied security.
Show threadGrapheneOS

@batist3 @suomynona1405 The purpose of security for an end user is to protect their privacy. It's a huge part of providing privacy.

The delayed and skipped patches along with many other issues covered in the documents above are both privacy and security issues. The patches are fixing both privacy and security issues. Many directly fix privacy issues while the rest are protecting privacy through fixing security issues. There's no clean line between them. Security is not a separate topic.

Jul 23, 2025 at 1:43pmWeb