Securing /e/OS on the Murena Teracube 2e

One of the newer offerings for the De-Googled smartphone crowd is /e/OS, which runs on Murena’s Fairphone and Teracube, as well as some Samsung phones. Looks to be basically along the lines of PureOS and Lineage OS. Obviously not Librem, but better than Android or iOS.

I’ve read support documentation and asked over on the /e/OS forum but haven’t found much info on these relatively basic but important questions. Maybe someone knowledgeable here can offer some input:

  1. What are the best additional steps to take to make a Teracube 2e with /e/OS as secure as possible against remote intrusion?

  2. Are all incoming connections in /e/OS blocked by default? If not, what is the best way to do that?

  3. Would the stock browser be more secure than Brave browser or no? I ask because Brave seems to have had virtually no reported vulnerabilities, compared to Chrome which has had many and which the e/OS browser appears to be based on.

  4. Any other configuration steps that would be recommended?

https://e.foundation/e-os/

I haven’t used /e/, so I can’t answer any questions about it, but the Brave browser is based on Chromium, which is the open source core of Chrome, but Brave has a better default configuration for privacy. Any security hole reported for Chrome will likely also apply to Brave.

The thing to keep in mind is that there are only three web browser engines + JavaScript engines that are up-to-date and maintaining good security: Blink + V8 in Chrome/Chromium, WebKit in Safari, and Gecko + IonMonkey in FireFox. Most of the the other web browsers in the market are based on Blink + V8, including MS Edge, Opera, Brave, Vivaldi, Comodo Dragon, Epic Privacy Browser, Torch, Yandex, etc.

The modern web browser has to be incredibly complicated to support 30 years of web standards and trying to keep up with the new standards and plugging all the security holes requires a huge team of programmers, which is why there are only three organizations that attempt to do it today. Opera and Microsoft found that it was too expensive to keep developing their own web browser engine which is why they adopted Blink + V8 from Google and why development of most of the other browser engines have stalled or been discontinued (KHTML + KJS in Konqueror, Amaya, Dillo, libwww, etc). It takes over 20 million lines of code to implement a modern web browser and creating one with good performance and good security is extremely hard. Mozilla found it so hard to create secure code with good performance and multithreading with C++, that they decided to create the Rust programming language. In my opinion, Mozilla now has the most efficient engine, but it struggles to keep up with the Google and Apple because it simply doesn’t have the resources.

2 Likes

It actually has official builds for almost 250 devices from 29 different brands, and there are a lot more unofficial builds that work as well as the official ones. The number of devices is constantly expanding, too.

By the way, Samsung is probably the worst phone to choose. The custom ROM can only be loaded on the Exynos variants (i.e. non-U.S.), and after installation, they can’t implement VoLTE, which is mandatory for activating a phone on U.S. networks, and is starting to be needed in many other countries, too, as they shut down 3G networks.

(Samsung’s IMS/VoLTE software is proprietary and can’t be implemented in a custom ROM, apparently.)

Anyone else know about this OS? I’m surprised there’s nothing in the documentation about this.