(Recording of Livestream Event from earlier today)
Vimeo:
The biggest flaw I see with /e/OS is that they do not have admin control enabled by default for device owners (like, for example, CyanogenMod did). Because of that, Librem5 and PinePhone are far superior for a device owner to control their own device and protect their own interests, including privacy.
Except for that fatal flaw, I love what /e/ foundation is doing.
As in “rooting” the device?
1 Like
Right. As it is, seems like /e/ is placing significant restrictions on what you can/cannot do with your own device by default.
Isn’t it still possible to root an /e/phone? I’ve never looked into it myself.
I just posted instructions a few days ago on the Teracube community forum for rooting my Murena Teracube 2e (/e/ OS preloaded) using Magisk. This is the second phone running /e/ that I rooted. It is pretty straightforward, you just have to have a little proficiency at command line, to use fastboot.
In Murena’s (e foundation’s) defense, they are looking for a secure, private, MAINSTREAM user experience, and a rooted phone can be pretty insecure if the user doesn’t know what they’re doing. While they strive for it to work, “out of the box” they don’t throw up any barriers to you doing what you want to do. They even ship their phones with bootloader already unlocked, which makes rooting much easier if you want to do it.
2 Likes
More generally, I now have their “v1.0” installed on my phone. The biggest change with v1.0 is the “Advanced Privacy” setting, and it is pretty impressive. It allows:
- built-in tracker blocking that can be done wholesale, by individual app, or by individual tracker within the app.
- It also allows built-in GPS spoofing (all or nothing, not sure this can be done on a per-app basis), and
- built-in IP address spoofing, where you can select the country you want to spoof, and select/deselect specific apps that can access your actual IP address.
2 Likes
Very glad to hear of these features. Like I said, I mostly love what /e/ is doing.
It’s not that they are necessarily intending to do anything malicious with no admin control for the device-owner by default–it is just a dangerous precedent to follow along with, because it can be so easily abused. It seems like a very basic digital right to allow a device owner to control their own device. Magisk is great as long as it is not intentionally thwarted, but control by the device owner should be the default. There are ways to structure the defaults to help protect people from misusing root control: for example, big, flashy warnings or a hidden menu. I think most of the concern over the relative insecurity of rooted devices can be traced back to PR-washing by Google and Apple to justify locking people in to ecosystems for the sake of profitability.
1 Like
I think one fairly common issue, though, is that some banks (for example) won’t allow their app to run on rooted devices.
Does this fully replicate the protection of apps such as Blokada 5 and TrackerControl. I use Blokada 5 and I know that I can load any number of specific block lists suited to my needs (i.e. “extremely-overkill-anti-Facebook-anti-Google” types) 
I’m on v1.0 also, but I havent activated Advanced Privacy. I think it needs the VPN slot, right? Like the anti-tracker apps.
Yes, I think it basically does what Blokada and TrackerControl do, but one-stop shop. I tried both of those separate apps before, but didn’t stick with them for various reasons. I had been using the DuckDuckGo browser tool for tracker blocking, as it caused fewer conflicts (subjective, it may also have been my inexperience with earlier versions of TrackerControl).
Advanced Privacy does use the VPN slot, so I had to stop using the DuckDuckGo tool, but I find the interface on Advanced Privacy to be more nimble and user-friendly, so I’m going to stick with it for now. I’ll update here as I find out more.
1 Like
One other thing I was reminded of this morning – without “root by default” you have to re-establish Magisk-based root with a new modified boot.img file each time you upgrade your system (or maybe it’s just on major updates, we’ll see). Fortunately, if you have good instructions (yay me!), it only takes about 10 minutes.
This is a valid critique, and unfortunately, this tactic is not limited to only the rationale for not giving users root. A rooted phone is technically less secure, but in most use cases, the difference is negligible.
1 Like
Works on websites, but how did you block trackers in apps? (If you had any with built-in tracking.)
Do we have any insight into which trackers exactly Advanced Privacy blocks? Does it use a standard block list, such as those that are widely available? I actually use several block lists with Blokada, because one is never enough for me. Lol!
I just saw this entry on the /e/ community forum from someone who has apparently dug into the code (it’s open source, but apparently contains some proprietary code). The poster doesn’t sound all that impressed, but doesn’t give any real critique except the age of some contributing code. The functional aspects of the apps are mostly adapted from existing open source solutions (yay open source). Hopefully, the increased use of this code will lead to improvements all around.
1 Like
Does anyone know if /e/OS for mobile has all incoming connections blocked by default? Trying to find this basic bit of information has been near impossible.
Not sure. Can you elaborate on “incoming connections?”
I mean blocking any and all unsolicited incoming network traffic. Like how UFW in Linux has a default policy to deny all incoming. Aka no open listening ports.