MicroG /e/OS, LineageOS, Calyx... 📳 Looking for information? A small summary: (...microG is a partial reimplementation of some of the functionality in the Google Mobile Services (GMS) app. Unfortunately, this approach has significant drawbacks. In order to install microG, your version of Android OS needs support for spoofing the cryptographic signatures of apps. Some OSes like LineageOS and CalyxOS allow this. See...) https://news.ycombinator.com/item?id=30170255 (...microG downloads proprietary Google libraries and then uses them...) https://discuss.grapheneos.org/d/10793-clarification-about-microg-what-is-it-is-it-insecure/3 /e/OS is heavily marketed as private but in reality it has enormous privacy issues like this with their default apps and services. It's also heavily marketed as avoiding Google services but yet has privileged integration for Google services and connects to multiple by default. https://grapheneos.social/@GrapheneOS/114880787210183683 /e/OS doesn't keep up with basic privacy or security patches for the OS or browser engine used not only for the default browser but also the WebView used by many apps including email clients and far more for rendering web-based content. For more info see https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private. /e/OS is an extraordinarily insecure and non-private OS. The feature you're talking about heavily misrepresents what it does and doesn't prevent app tracking as it claims. What they provide is a poor implementation of DNS-based filtering to block connections not required for apps to function. The vast majority of privacy invasive behavior is left intact. It's also trivial for apps to fully bypass it for anything they want to do, and many apps do bypass it already. https://grapheneos.social/@GrapheneOS/114881066260884661 Murena is scamming people at a large scale for profit. They're pretending to provide a private OS which is in reality not at all private. We've explained how it lacks the most basic privacy and security. It even sends sensitive user data to OpenAI without informing users, which is far worse than how Apple and Google are handling speech-to-text from a privacy perspective. Contrary to their marketing, it gives extensive privileged access to Google services and always connects to them. https://grapheneos.social/@GrapheneOS/114881101019302892 /e/OS and Murena are scammers causing substantial harm to people through selling them extraordinarily insecure and non-private devices. It's a blatant grift for profit, not a serious attempt to provide people with better privacy or security. They do the opposite of that. @[email protected] We currently support every device meeting the very reasonable requirements listed at https://grapheneos.org/faq#future-devices. The purpose of GrapheneOS is providing people with privacy, not scamming them like /e/OS. https://grapheneos.social/@GrapheneOS/114881674418740613 /e/OS does not provide basic Android and Chromium privacy/security patches without huge delays while misleading users about it. They outright fail to ship huge portions of the patches for many months or even years. They substantially roll back the standard privacy/security model and features too. They aren't doing the bare minimum to protect user privacy and security. They're streaming's people microphone audio to OpenAI without telling them beyond a Terms of beyond https://grapheneos.social/@GrapheneOS/114881915272221151 /e/OS is streaming user's microphone audio to OpenAI without telling them when they use speech-to-text. Meanwhile, Apple and Google at least support doing it locally. /e/OS is misleading users about the many missing privacy and security patches including setting a false Android security patch level and changing the user interface to downplay it. What's that if not having backdoors? /e/OS has repeatedly covered up their security weaknesses and vulnerabilities. https://grapheneos.social/@GrapheneOS/114882333091531816 Here's information from the founder of DivestOS: Issues with /e/OS: https://codeberg.org/divested-mobile/divestos-website/raw/commit/c7447de50bc8fadd20a30d4cbf1dcd8cf14805a0/static/misc/e.txt ASB update history: https://web.archive.org/web/20241231003546/https://divestos.org/pages/patch_history Chromium update history: https://web.archive.org/web/20250119212018/https://divestos.org/misc/ch-dates.txt Chromium update summary: https://infosec.exchange/@divested/112815308307602739 Here's an article from a privacy and security expert (Mike Kuketz) which touches on various issues including severely delayed patches, user tracking in the update client and privacy invasive default connections: https://kuketz-blog.de/e-datenschutzfr https://grapheneos.social/@GrapheneOS/114897292162814250 LineageOS is not a private or secure OS. microG is not a good implementation of providing compatibility with apps depending on Google Play and contrary to many people's misconceptions does not avoid using Google Play code as part of each app using it. We're building our own replacements for Google apps and services with a focus on privacy, security and providing fully comparable functionality and usability. We avoided microG because it doesn't meet our privacy and security standards. https://grapheneos.social/@GrapheneOS/114880999016665611 - eos987
@bastian @Lacze @nerdish_philipp @BrennpunktUA @AwetTesfaiesus
> "Natürlich ist es nicht schön, wenn Sicherheitsupdates verzögert kommen."
Wenn Security Updates monatelang verzögert rauskommen ist das nicht "nicht schön", das ist ein erhebliches Sicherheitsrisiko.
> "aber das ist jetzt keine Abzockbude, die das so macht, weil sie ihren Gewinn optimieren will"
Sich als etwas dazustellen was man nicht ist nennt man Scam, und genau das ist e/OS/.
Sie scammen ihre Käufer und User für ihren Profit.
> " [...] sondern das sind ehrliche Leute [...]"
Die andere Projekte angreifen die ihren Scam aufdecken z.B. hat Tavi (Android Security Researcher und ehemaliger Entwickler von DivestOS) mehrfach die Insecurity von e/OS/ kritisiert. Als Reaktion darauf kamen Anfeindungen seitens Murena und der e/OS/ Community gegenüber Tavi und DivestOS was letztendlich dazu geführt hat, dass Tavi die Entwicklung von DivestOS eingestellt hat.
Des weiterem attackieren sie regelmäßig auch GrapheneOS.
Erst vor ein paar Monaten hat Gaël Duval (Chef von Murena) einen Artikel von einer Neonazi Verschwörungsseite beworben die GrapheneOS und deren Founder Daniel Micay angriff.
https://archive.is/SWXPJ
https://archive.is/n4yTO
> "An GrapheneOS finde ich zum Beispiel nicht gut, dass es nur auf Google Geräten läuft."
1.) Sind Pixel nunmal derzeit die einzigen Geräte die vernünftige Hardware Security bieten und vollständig Custom OSe unterstützen
2.) Kann man Pixel Geräte auch refurbished kaufen, dann geht kein weiteres Geld an Google
3.) Arbeitet GrapheneOS derzeit mit einem OEM zusammen damit ein Teil deren zukünftigen Geräte GOS unterstützt
@Voxelpower @bastian @Lacze @nerdish_philipp @BrennpunktUA @AwetTesfaiesus
1.) Das ändert nichts an dem Punkt
2.) Das ändert nichts daran. Mehr Sichtbarkeit ist gegeben und Geräte, die auch im Gebrauchtmarkt sehr gefragt sind, steigert deren Wert und die Marke (also Google)
3.) Erst mal abwarten, ob das kommt und der Hersteller unproblematischer ist (Ethik, Reperierbarkeit usw.)
@bastian @Lacze @nerdish_philipp @BrennpunktUA @AwetTesfaiesus /e/ heavily misleads people about the level of privacy it provides and about security. A nice example is the speech-to-text service sending user data to OpenAI without consent vs. an iPhone doing it with local processing. They also have mandatory user tracking via unique random identifiers in their update client and other strange choices for an OS marketed as private.
It's a lot less private than AOSP and the security is horrific.
Nerdish Philipp
• Łącze
Bastian Senst
Voxelpower
Underfaker
satmd
GrapheneOS