I might try it out then. I’ve heard mixed things on e, something about security patches coming months later than other ROMs, but I see murena claim that they are in line with most android manufacturers, just not as quick as hardened ROMs like graphene. Maybe I’ll see this week about swapping over.
The Graphene team seems very busy trash talking /e/OS and Fairphone on social media (at least Mastodon) for not being secure enough.
Their criticism boils down to how nothing except GrapheneOS on a Pixel phone can ever be “secure enough”, but they are weirdly aggressive and insistant about it targetting /e/ specifically.
I used to care when I saw their posts as of course I want my phone to be reasonably safe, but the more I looked at it the more it boled down to bullshit.
Furthermore:
They insist one should buy a Pixel phone produced by Google - avoiding Google is my #1 priority from the start. Clearly my values don’t overlap with theirs
They pretend like /e/ is super dangerous because non-0-day exploits can get patched later. Yet /e/ provides software updates for much longer, while in the past all my phones that didn’t break right away have immediately stopped receiving updates. Longer software support = more security.
Contained apps is not so important if you don’t install random bullshit on your phone. I get as much as possible from f-droid, which is very well screened.
The communication of the GrapheneOS team around this has been pathetic to the point where I have frankly lost trust in the project. I struggle to trust a team I don’t respect. /e/OS was started by the founder of Mandrake Linux, and as far as I’ve seen he seems to have values that align with mine.
I like /e/OS. It lets me avoid companies like Google, block trackers, and just use my phone free of things I hate and cannot control or understand. For me, that is security.
From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.
Thanks, a good rant is nice to read sometimes. Completely agree on Pixels – even if I got second hand, they seem so unreliable based on having one in the past and knowing a few that have had one. There seems to be so much toxicity coming from that project.
Since /e/OS is not a security-hardened mobile OS, it is targeting standard industry practices. Therefore, for a given release on month N, our current work-flow is to integrate Android security patches from month N-1. As a result, in the worst case, it will take up to 9 weeks to roll out the latest available security updates.In most cases, it will be much sooner.
An exception is made for 0-day exploits: in this case our policy is to build and roll out a patched version of /e/OS as soon as possible.
/e/OS is a pretty good de-Googled alternative, fully supported. :)
I might try it out then. I’ve heard mixed things on e, something about security patches coming months later than other ROMs, but I see murena claim that they are in line with most android manufacturers, just not as quick as hardened ROMs like graphene. Maybe I’ll see this week about swapping over.
A little rant about that, sorry in advance:
The Graphene team seems very busy trash talking /e/OS and Fairphone on social media (at least Mastodon) for not being secure enough.
Their criticism boils down to how nothing except GrapheneOS on a Pixel phone can ever be “secure enough”, but they are weirdly aggressive and insistant about it targetting /e/ specifically.
I used to care when I saw their posts as of course I want my phone to be reasonably safe, but the more I looked at it the more it boled down to bullshit.
Furthermore:
From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.
Thanks, a good rant is nice to read sometimes. Completely agree on Pixels – even if I got second hand, they seem so unreliable based on having one in the past and knowing a few that have had one. There seems to be so much toxicity coming from that project.
Exactly.
/e/OS and security updates
And based on lineage!