Lissy93 / awesome-privacy

🦄 A curated list of privacy & security-focused software and services
https://awesome-privacy.xyz
Creative Commons Zero v1.0 Universal
6.98k stars 316 forks source link

[ADDITION] /e/OS (Complete) #256

Open luxunwansui opened 4 months ago

luxunwansui commented 4 months ago

Category

Operating Systems

Listing Name

/e/OS

Listing URL

https://e.foundation/get-started/

Listing Icon

https://e.foundation/wp-content/uploads/2022/11/e-logo-noir-01.png

Listing Description

/e/OS is an open-source mobile operating system paired with carefully selected applications. They form a privacy-enabled internal system for your smartphone. And it’s not just claims: open-source means auditable privacy. /e/OS has received academic recognition from researchers at the University of Edinburgh and Trinity College of Dublin.

GitHub repository

https://gitlab.e.foundation/e

ToS;DR ID

No response

Is Open Source?

Security Audited?

Accepts Anon Payment?

Justification and Further Info

Ive tested it on my Android device and it performed as well as other privacy-oriented OSs. Pushing OTA updates are monthly.

YAML Content for Addition

- name: /e/OS
  url: https://e.foundation/get-started/
  icon: https://e.foundation/wp-content/uploads/2022/11/e-logo-noir-01.png
  description: >-
    /e/OS is an open-source mobile operating system paired with carefully
    selected applications. They form a privacy-enabled internal system for your
    smartphone. And it’s not just claims: open-source means auditable privacy.
    /e/OS has received academic recognition from researchers at the University
    of Edinburgh and Trinity College of Dublin.
  github: https://gitlab.e.foundation/e
  subreddit: eeol
  openSource: true
  acceptsCrypto: true

This ticket was submitted via awesome-privacy.xyz/submit

Final Checklist

liss-bot commented 4 months ago

If you're enjoying Awesome-Privacy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated

ltguillaume commented 4 months ago

This description is some first class marketing bullshit imho.

And it’s not just claims: open-source means auditable privacy.

If no one does the auditing, it's an empty claim.

They form a privacy-enabled internal system for your smartphone.

"privacy-enabled"? "internal system"? Those are some made up terms for ya. Pure marketing, no substance.

/e/OS has received academic recognition from researchers at the University of Edinburgh and Trinity College of Dublin.

Logical fallacy. https://en.wikipedia.org/wiki/Argument_from_authority

/e/OS is nothing more than a regularly outdated LineageOS, a Nextcloud server and some (rebranded and, again, regularly outdated) apps. I mention outdated twice, since because of this you're running software - for months at a time - with known 0-days that have already been fixed for others. See for instance https://divestos.eeyo.re/misc/ch-dates.txt

luxunwansui commented 4 months ago

Im so sorry for my copied description.

I found a paper linked to the website of this program,heres it : https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf It compared /e/OS and LineageOS at table one.About auditing I have no answer yet now.

There is a simple detail : I found "- /e/OS 123.0.6312.122, downstream Cromite https://gitlab.e.foundation/e/os/browser/-/commits/master" appears on the given link https://divestos.eeyo.re/misc/ch-dates.txt , thus I also suggest considering adding iodéOS to our list : "- iodéOS tracks LineageOS/master https://gitlab.com/iode/os/public/manifests/android/-/blob/v4-staging/snippets/lineage.xml"

ltguillaume commented 4 months ago

While it might be possible that /e/OS has applied some patches to minimize communication with Google servers compared to LineageOS, the only difference with between them in that paper is that the researchers just installed the Google ecosystem (opengapps) on top of LineageOS, which isn't the default. No wonder LineageOS sends data to Google in that case.

What can be found in that text file is that the /e/OS browser (indeed a rebranded Cromite) is updated very irregularly, often with gaps of multiple months. I would recommend using Cromite instead. However, this does not update the WebView renderer, often used inside other apps, so you'll still be vulnerable (assuming they use the Cromite WebView: it'll be less outdated, but also less privacy-friendly, if they just use LineageOS's own WebView and indeed provide monthly OTA updates).

I have no info about iodéOS.

luxunwansui commented 4 months ago

Thanks again for your patient review.

I cant resolve those essential privacy problem youve mentioned,but there are features about /e/OS I can see: https://doc.e.foundation/what-s-e They offer a more delightful User interface,some advanced privacy features without root. https://e.foundation/ecloud/ And a set of fully deGoogled online ecosystem called Murena cloud,supporting self-hosting and its original servers hosted in Europe with GDPR complied.

About iodéOS , see https://iode.tech/iodeos-en/ and I think it also belongs to the family of Lineage (Just in the meaning of privacy focusing). They also offer pre-installed fairphone in their shop.

That my simple suggestion above,if these cant help construct our project and Ill close this issue.

ltguillaume commented 4 months ago

Well, the problems I mentioned are security problems, not privacy problems, but yeah, apart from that there's a lot to say for /e/OS's approach of providing people with a more complete alternative to the Google ecosystem.

Disclaimer: these are just my 2 cents, I'm not in the position to officially review anything here 🙂