I might try it out then. I’ve heard mixed things on e, something about security patches coming months later than other ROMs, but I see murena claim that they are in line with most android manufacturers, just not as quick as hardened ROMs like graphene. Maybe I’ll see this week about swapping over.
The Graphene team seems very busy trash talking /e/OS and Fairphone on social media (at least Mastodon) for not being secure enough.
Their criticism boils down to how nothing except GrapheneOS on a Pixel phone can ever be “secure enough”, but they are weirdly aggressive and insistant about it targetting /e/ specifically.
I used to care when I saw their posts as of course I want my phone to be reasonably safe, but the more I looked at it the more it boled down to bullshit.
Furthermore:
They insist one should buy a Pixel phone produced by Google - avoiding Google is my #1 priority from the start. Clearly my values don’t overlap with theirs
They pretend like /e/ is super dangerous because non-0-day exploits can get patched later. Yet /e/ provides software updates for much longer, while in the past all my phones that didn’t break right away have immediately stopped receiving updates. Longer software support = more security.
Contained apps is not so important if you don’t install random bullshit on your phone. I get as much as possible from f-droid, which is very well screened.
The communication of the GrapheneOS team around this has been pathetic to the point where I have frankly lost trust in the project. I struggle to trust a team I don’t respect. /e/OS was started by the founder of Mandrake Linux, and as far as I’ve seen he seems to have values that align with mine.
I like /e/OS. It lets me avoid companies like Google, block trackers, and just use my phone free of things I hate and cannot control or understand. For me, that is security.
From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.
Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I would say this depends on how you perceive threats. For me the one risk I am worried about is surveillance capitalism, and I want to be safe from that above all else. I don’t care about locking the bootloader because local threats is not a concern for me. I just don’t want any data on my phone usage to end up with capitalists. For me that is safety, as nobody else has any interest in or capacity to spy on me.
If I was a target of Russian or American intelligence officers I might see it differently of course, but in that case I would probably be reluctant to use a phone much at all.
@cabbage
Hi cabbage! Can’t see what you are replying to from my instance, so don’t know what “about that” in your first sentence refers to. But anyway, your post contains more falsehoods than correct things. I’ll quote every part of your post below and give corrections and accurate information:
> The Graphene team seems very busy trash talking /e/OS and Fairphone on social media (at least Mastodon) for not being secure enough.
You are maybe unwillingly, maybe willingly, heavily misportraying what GrapheneOS does across social media. /e/OS and Murena have heavily attacked and harassed the GrapheneOS team and its founder over the last few years. You also have to look at the personal accounts of the /e/OS and Murena founder, Gaël Duval, to get an overview of that. GrapheneOS responds to shis harassment, which is not really “trash talking” but defending their own project. GrapheneOS most often does this in replies to other people that mention GrapheneOS and /e/OS in the same post/thead and unfairly compare to the operating systems. Sometimes they also make standalone posts, which is in response to harassment and misinformation that has been going on for long. This is a good example of a long-form post explaining using objective facts why this OS is not recommended: https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private
Note that /e/OS started this by sharing misinformation about GrapheneOS on their forum in response to /e/OS users questioning certain security practices by the developers.
> Their criticism boils down to how nothing except GrapheneOS on a Pixel phone can ever be “secure enough”, but they are weirdly aggressive and insistant about it targetting /e/ specifically.
Not at all the case, GrapheneOS sometimes even praises other operating systems and devices. They have said many positive things about iPhones and iOS. They also regard the stock Pixel OS on Pixel phonse as relatively secure. If you can’t run GrapheneOS, iOS or PixelOS, they recommend sticking to the stock OS of your manufacturer, that is because most other OSes regress privacy and security compared to the factory OSes that ship with them. Regarding targetting /e/OS that has to do with their own behavior (see earlier in my reply).
> They insist one should buy a Pixel phone produced by Google - avoiding Google is my #1 priority from the start. Clearly my values don’t overlap with theirs
They are not uniquely against Google. Avoiding Google is not the goal of GrapheneOS. Achieving privacy and security while retaining usability compared to mainstream OSes is the goal. They are not uniquely wanting to protect users against Google. Many companies have privacy-invasive practices and it wouldn’t make sense to overfocus on Google. There are even companies that handle privacy and especially security much worse than Google. Because GrapheneOS doesn’t want to overfocus on Google specifically, they have nothing against users deciding to install and use Google apps. They only want Google to be treated as others if users decide to use it. This is evidenced in how they handle sandboxed Google Play, they just want those Google apps, if users decide to install them, to be treated the same as any other user-installed app. This is different from other Android OSes that treated Google Play as priviliged instead of regularly sandboxed.
They also don’t insist on you buying one. Other phones just happen to not meet the hardware requirements which are listed on the FAQ on their website: https://grapheneos.org/faq#device-support
> They pretend like /e/ is super dangerous because non-0-day exploits can get patched later. Yet /e/ provides software updates for much longer, while in the past all my phones that didn’t break right away have immediately stopped receiving updates. Longer software support = more security.
They don’t give longer software support. /e/OS is constantly lagging behind Android releases. They also lag behind on the (incomplete/partial) backports of security patches to older Android releases and on browser engine patches. Note that many of these patches despite being called “security” patches are also privacy patches.
Also, if devices are EOL, you can’t properly support the device, even if you are giving software updates to it (which /e/ would give out way too late). Device support by a manufacturer delivering firmware and driver patches are needed for proper security. And, even if a device is still supported in that way /e/OS has historically failed to deliver those firmware and driver patches.
The founder of divestOS has made multiple publications about these update problems in the past. They were harassed heavily by /e/OS in response which is one of the main reasons why they stopped their divestOS project. Luckily, some of this stuff is archived or still available:
GrapheneOS has also offered some extended support to devices after they’ve gone EOL because of the drop of support by Google, but has always been honest about the fact that this isn’t complete support and is less secure. They’ve always pointed out to users that this is a “stopgap” to give users time to move towards a fully supported device. This extended support is also completely going away because Pixels have much longer support time since 6 series (5 years) and 8 series (7 years).
> Contained apps is not so important if you don’t install random bullshit on your phone. I get as much as possible from f-droid, which is very well screened.
Sandboxing is a standard Android feature. It’s not unique to GrapheneOS. GrapheneOS does harden the Androiid sandbox though and has a compatability layer to learn Google Play apps to also run within the sandbox, instead of running priviliged. Containing apps in a sandbox is important, it’s the basis of making sure malware doesn’t escape to more priiviliged levels within your phone.
F-Droid isn’t a good app source for having security. They don’t screen their apps properly at all. They just build and sign the apps themselves on outdated and poorly secured infrastructure, often lagging behind on the upstream app updates.
> The communication of the GrapheneOS team around this has been pathetic to the point where I have frankly lost trust in the project. I struggle to trust a team I don’t respect. /e/OS was started by the founder of Mandrake Linux, and as far as I’ve seen he seems to have values that align with mine.
Sad you lost trust when people communicate accurate information in a honest way. The founder of /e/OS acts as an immature bully on social media and heavily mismarkets his OS and uses this mismarketing in order to obtain funding from several institutions trying to support software projects. If those are you values, okay.
> I like /e/OS. It lets me avoid companies like Google, block trackers, and just use my phone free of things I hate and cannot control or understand. For me, that is security.
You don’t avoid Google with /e/OS. It uses MicroG and microG connects to Google services and runs as a priviliged app. Also, AOSP is largely written by Google employees and /e/OS is based on AOSP… Mike Kuketz, a privacy and security researcher, has covered this usage of Google services. In addition to that, he also covered how /e/OS tracks users via their update client and has also talked about the patch delays I mentioned earlier: https://kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/
Note that /e/OS also adds many things on top of AOSP which signficantly hurt privacy and which probably don’t align with your values at all. For Speech-to-Text, /e/OS sends user data to OpenAI without consent: https://community.e.foundation/t/voice-to-text-feature-using-open-ai/70509
Google offers to do this locally and Apple does it locally by default. GrapheneOS is currently working on the development of its own STT which will also be private.
Thanks, a good rant is nice to read sometimes. Completely agree on Pixels – even if I got second hand, they seem so unreliable based on having one in the past and knowing a few that have had one. There seems to be so much toxicity coming from that project.
Since /e/OS is not a security-hardened mobile OS, it is targeting standard industry practices. Therefore, for a given release on month N, our current work-flow is to integrate Android security patches from month N-1. As a result, in the worst case, it will take up to 9 weeks to roll out the latest available security updates.In most cases, it will be much sooner.
An exception is made for 0-day exploits: in this case our policy is to build and roll out a patched version of /e/OS as soon as possible.
I might try it out then. I’ve heard mixed things on e, something about security patches coming months later than other ROMs, but I see murena claim that they are in line with most android manufacturers, just not as quick as hardened ROMs like graphene. Maybe I’ll see this week about swapping over.
A little rant about that, sorry in advance:
The Graphene team seems very busy trash talking /e/OS and Fairphone on social media (at least Mastodon) for not being secure enough.
Their criticism boils down to how nothing except GrapheneOS on a Pixel phone can ever be “secure enough”, but they are weirdly aggressive and insistant about it targetting /e/ specifically.
I used to care when I saw their posts as of course I want my phone to be reasonably safe, but the more I looked at it the more it boled down to bullshit.
Furthermore:
From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.
I would say this depends on how you perceive threats. For me the one risk I am worried about is surveillance capitalism, and I want to be safe from that above all else. I don’t care about locking the bootloader because local threats is not a concern for me. I just don’t want any data on my phone usage to end up with capitalists. For me that is safety, as nobody else has any interest in or capacity to spy on me.
If I was a target of Russian or American intelligence officers I might see it differently of course, but in that case I would probably be reluctant to use a phone much at all.
@cabbage
Hi cabbage! Can’t see what you are replying to from my instance, so don’t know what “about that” in your first sentence refers to. But anyway, your post contains more falsehoods than correct things. I’ll quote every part of your post below and give corrections and accurate information:
> The Graphene team seems very busy trash talking /e/OS and Fairphone on social media (at least Mastodon) for not being secure enough.
You are maybe unwillingly, maybe willingly, heavily misportraying what GrapheneOS does across social media. /e/OS and Murena have heavily attacked and harassed the GrapheneOS team and its founder over the last few years. You also have to look at the personal accounts of the /e/OS and Murena founder, Gaël Duval, to get an overview of that. GrapheneOS responds to shis harassment, which is not really “trash talking” but defending their own project. GrapheneOS most often does this in replies to other people that mention GrapheneOS and /e/OS in the same post/thead and unfairly compare to the operating systems. Sometimes they also make standalone posts, which is in response to harassment and misinformation that has been going on for long. This is a good example of a long-form post explaining using objective facts why this OS is not recommended: https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private
Note that /e/OS started this by sharing misinformation about GrapheneOS on their forum in response to /e/OS users questioning certain security practices by the developers.
> Their criticism boils down to how nothing except GrapheneOS on a Pixel phone can ever be “secure enough”, but they are weirdly aggressive and insistant about it targetting /e/ specifically.
Not at all the case, GrapheneOS sometimes even praises other operating systems and devices. They have said many positive things about iPhones and iOS. They also regard the stock Pixel OS on Pixel phonse as relatively secure. If you can’t run GrapheneOS, iOS or PixelOS, they recommend sticking to the stock OS of your manufacturer, that is because most other OSes regress privacy and security compared to the factory OSes that ship with them. Regarding targetting /e/OS that has to do with their own behavior (see earlier in my reply).
> They insist one should buy a Pixel phone produced by Google - avoiding Google is my #1 priority from the start. Clearly my values don’t overlap with theirs
They are not uniquely against Google. Avoiding Google is not the goal of GrapheneOS. Achieving privacy and security while retaining usability compared to mainstream OSes is the goal. They are not uniquely wanting to protect users against Google. Many companies have privacy-invasive practices and it wouldn’t make sense to overfocus on Google. There are even companies that handle privacy and especially security much worse than Google. Because GrapheneOS doesn’t want to overfocus on Google specifically, they have nothing against users deciding to install and use Google apps. They only want Google to be treated as others if users decide to use it. This is evidenced in how they handle sandboxed Google Play, they just want those Google apps, if users decide to install them, to be treated the same as any other user-installed app. This is different from other Android OSes that treated Google Play as priviliged instead of regularly sandboxed.
They also don’t insist on you buying one. Other phones just happen to not meet the hardware requirements which are listed on the FAQ on their website: https://grapheneos.org/faq#device-support
> They pretend like /e/ is super dangerous because non-0-day exploits can get patched later. Yet /e/ provides software updates for much longer, while in the past all my phones that didn’t break right away have immediately stopped receiving updates. Longer software support = more security.
They don’t give longer software support. /e/OS is constantly lagging behind Android releases. They also lag behind on the (incomplete/partial) backports of security patches to older Android releases and on browser engine patches. Note that many of these patches despite being called “security” patches are also privacy patches.
Also, if devices are EOL, you can’t properly support the device, even if you are giving software updates to it (which /e/ would give out way too late). Device support by a manufacturer delivering firmware and driver patches are needed for proper security. And, even if a device is still supported in that way /e/OS has historically failed to deliver those firmware and driver patches.
The founder of divestOS has made multiple publications about these update problems in the past. They were harassed heavily by /e/OS in response which is one of the main reasons why they stopped their divestOS project. Luckily, some of this stuff is archived or still available:
- https://codeberg.org/divested-mobile/divestos-website/raw/commit/c7447de50bc8fadd20a30d4cbf1dcd8cf14805a0/static/misc/e.txt
- https://web.archive.org/web/20241231003546/https://divestos.org/pages/patch/_history
- https://web.archive.org/web/20250119212018/https://divestos.org/misc/ch-dates.txt
- https://infosec.exchange/@divested/112815308307602739
GrapheneOS has also offered some extended support to devices after they’ve gone EOL because of the drop of support by Google, but has always been honest about the fact that this isn’t complete support and is less secure. They’ve always pointed out to users that this is a “stopgap” to give users time to move towards a fully supported device. This extended support is also completely going away because Pixels have much longer support time since 6 series (5 years) and 8 series (7 years).
> Contained apps is not so important if you don’t install random bullshit on your phone. I get as much as possible from f-droid, which is very well screened.
Sandboxing is a standard Android feature. It’s not unique to GrapheneOS. GrapheneOS does harden the Androiid sandbox though and has a compatability layer to learn Google Play apps to also run within the sandbox, instead of running priviliged. Containing apps in a sandbox is important, it’s the basis of making sure malware doesn’t escape to more priiviliged levels within your phone.
F-Droid isn’t a good app source for having security. They don’t screen their apps properly at all. They just build and sign the apps themselves on outdated and poorly secured infrastructure, often lagging behind on the upstream app updates.
> The communication of the GrapheneOS team around this has been pathetic to the point where I have frankly lost trust in the project. I struggle to trust a team I don’t respect. /e/OS was started by the founder of Mandrake Linux, and as far as I’ve seen he seems to have values that align with mine.
Sad you lost trust when people communicate accurate information in a honest way. The founder of /e/OS acts as an immature bully on social media and heavily mismarkets his OS and uses this mismarketing in order to obtain funding from several institutions trying to support software projects. If those are you values, okay.
> I like /e/OS. It lets me avoid companies like Google, block trackers, and just use my phone free of things I hate and cannot control or understand. For me, that is security.
You don’t avoid Google with /e/OS. It uses MicroG and microG connects to Google services and runs as a priviliged app. Also, AOSP is largely written by Google employees and /e/OS is based on AOSP… Mike Kuketz, a privacy and security researcher, has covered this usage of Google services. In addition to that, he also covered how /e/OS tracks users via their update client and has also talked about the patch delays I mentioned earlier: https://kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/
Note that /e/OS also adds many things on top of AOSP which signficantly hurt privacy and which probably don’t align with your values at all. For Speech-to-Text, /e/OS sends user data to OpenAI without consent: https://community.e.foundation/t/voice-to-text-feature-using-open-ai/70509
Google offers to do this locally and Apple does it locally by default. GrapheneOS is currently working on the development of its own STT which will also be private.
Thanks, a good rant is nice to read sometimes. Completely agree on Pixels – even if I got second hand, they seem so unreliable based on having one in the past and knowing a few that have had one. There seems to be so much toxicity coming from that project.
Exactly.
/e/OS and security updates