this post was submitted on 13 Jun 2024
246 points (99.6% liked)
Open Source
31362 readers
148 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why is /e/ not very degoogled? It is through and through.
Here is a thorough analysis of /os's security and privacy.
https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/
Tldnr: it's alright but but grapheme, divestos or calyxos should be preferred if those are available on your device.
Problematic seems the unique device id /e os generates and sends on every update and also security updates for the integrated webview browser have been severely out of date in the past.
Looks like a good and careful analysis. While I speak German, its a lot to take here, so cannot say much about the articles content (besides some of the concepts are way above my head and understanding).
But the article/analysis doesn't seem to support your claim "not very degoogled"? (Edit: I changed this phrase, it was wrongly phrased.)
The /e/os ID you mentioned, has nothing to do with Google, as the update information is sent to /e/os servers I guess (which in itself is concerning, I'm not saying otherwise). I personally don't see a need to switch to any of the other services (they pretty much also support microG and I can't install them anyway I guess).
Ok, yeah, you've got a point I think. But one could argue if microg is enabled by default, at least some info might leak to google as their push servers are contacted and a device id is created (even if the data is anonymized to some extend.). (Depending on if these settings are enabled by default in microg which I am not sure of).
Here's some info from the divestOS faq (cmp.: https://divestos.org/pages/faq):
"Anything important I should know about microG?¶
It goes on to provide some guidelines if you want to use microg:
How should I configure microG?¶
"Depending on the apps you want to use there are a few different ways you can use microG.
So depending on your thread model, you still would want to disable some of the options in microg to have absolutely no leakage of data to google. For example I am not comfortable any more with using push notifications since it was revealed that state actors use this info to tail users communications.
There is no android ROM that is fully degoogled without losing out on much of base Android's functionality. See the table I link under the other person's comment. I have also heard that /e/ OS falls behind on package updates from its forks of other projects, many of its default apps.