From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.
Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I would say this depends on how you perceive threats. For me the one risk I am worried about is surveillance capitalism, and I want to be safe from that above all else. I don’t care about locking the bootloader because local threats is not a concern for me. I just don’t want any data on my phone usage to end up with capitalists. For me that is safety, as nobody else has any interest in or capacity to spy on me.
If I was a target of Russian or American intelligence officers I might see it differently of course, but in that case I would probably be reluctant to use a phone much at all.
From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.
I would say this depends on how you perceive threats. For me the one risk I am worried about is surveillance capitalism, and I want to be safe from that above all else. I don’t care about locking the bootloader because local threats is not a concern for me. I just don’t want any data on my phone usage to end up with capitalists. For me that is safety, as nobody else has any interest in or capacity to spy on me.
If I was a target of Russian or American intelligence officers I might see it differently of course, but in that case I would probably be reluctant to use a phone much at all.