you should know /e/os is highly insecure
you should know /e/os is highly insecure
redlib.tiekoetter.com
Custom ROMs such as e/os (Murena) are highly insecure. - r/BuyFromEU
Sorry if Reddit links are disallowed, but it has important information
22 comments
-
-
I mean /e/ isn't fantastic but its better than stock as long as you don't use their built in open ai stt.
-
This. It's weird how a particular GrapheneOS supporter keeps arguing how awful /e/ and CalyxOS are/were, and how microG is the worst thing ever. But then offers only native Google or nothing for Play Services (sandboxed mind you). The very first fallacy you learn in Cybersecurity is that if it can't do what someone needs, it's not secure because it's not viable. Having nothing for Play Services is often not an option for many people. And when Google itself is one of your threat actors, literally the world's worst solution that provides the barest modicum of protection against Google is by definition more secure. Just allow Sandboxing MicroG as an option already for those of us with a bigger threat surface from Google than from Cellebrite-using nation-state actors.
Full disclosure: I've looked at using their absolutely excellent build tools to create a fork with MicroG allowed. But it turns out to be non-trivial to add the signature spoofing permission to the system and grant it to only MicroG, and conflicts with the custom Google Play config that allows Sandboxing.
-
I've done something similar trying to get root on Graphene OS, since I'm more far more concerned about corporations than nation-state actors. It can be done, but isn't worth the trouble, especially since it doesn't completely work and GOS updates may break it. Long story short, GOS wasn't for me.
For anyone else who might be interested in trying to root GOS, take a look here: https://github.com/schnatterer/rooted-graphene I believe this to be likely the most comprehensive source for getting started.
-
Thank you for writing my thoughts into words in such a beautiful and understandable way. I've been trying to figure out how to say exactly this for months. As someone who was using CalyxOS until the hiatus, ive found it hard to find a proper home on any other ROM.
-
-
-
And I think what people really want to avoid is the pre-installed operating system. That has all kinds of stuff in it and no one except the manufacturer knows what's inside. And Google's Play services are deeply embedded into the system and will leak lots of personal data and metadata or outright copy them to Google's servers. For the regular user that means Google has all your pictures, 24/7 location data, your contacts... None of that is E2EE either. We don't know what happens wit the data from all your contactless payments... It's really a privacy nightmare. And I'd say security isn't great either if 2 parties already have pretty much complete access to the device out of the box. They can wipe it, remote install or remove apps... Everything. They do offer secure boot, though...
-
Source? Trust me bro
22 comments
The OP's account is now deleted, but:
GrapheneOS astroturfing has been happening on Lemmy too, recently. It all feels very similar to their unprovoked war against CalyxOS a few years ago.
Graphene is the most secure Android OS, hands down. Nation State actor tools like Cellebrite (and others) have difficulty or an impossible experience trying to Crack it. No saying it can't be done or ain't done already, but they claim an inability to do so.
That ranks pretty high and counters the FUD.
Someone related to the GOS project was caught red-handed calling for this just a few years ago. Both Louis Rossmann and Techlore did videos on the whole situation with Micay and the drama surrounding him, including that bit (I forget which video showed that particular bit), and brought receipts.
I have no doubt in my mind that GOS is a solid OS, being created by someone so obviously paranoid. But that paranoia is causing a lot of other issues and infighting within the ROM community.
I wonder what motivates it, are they being paid off by some other organizations?
You can't sneeze in this sub without someone complaining about evil Google and pushing Graphene as the solution to all our problems. I wasn't sure if it was astroturfing or whether Lemmy was just hardcore about FOSS.