Open Source

45284 readers

726 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

/e/OS is not a secure OS (lemmy.world)

submitted 1 day ago* (last edited 1 day ago) by FG_3479@lemmy.world to c/opensource@lemmy.ml

56 comments fedilink hide all child comments

/e/OS is not fully degoogled, as DNS connectivity checks, hardware attestation provisioning, and eSIM activation all go through Google.

It is often many weeks or months behind on security updates, especially in the WebView, which makes it easy to exploit.

It doesn't support bootloader locking on many devices, and if you lock the bootloader on a phone that does support it, it could brick if /e/OS is on an older security patch than the stock ROM was.

It doesn't use a lot of the hardening in GrapheneOS such as hardened_malloc which prevents memory corruption exploits, even if the hardware supports it.

And finally, /e/OS's text-to-speech sends what you say to OpenAI, despite local options being available.

If you want a properly secure Android phone, the best option is GrapheneOS, however it only supports Pixel phones and future Motarola phones due to its high security requirements.

If you can't get a Pixel then iOS in lockdown mode is the next best option, however if you can't replace your phone, LineageOS is much worse than Graphene although it is still much better than /e/.

you are viewing a single comment's thread
view the rest of the comments

[–] machiavellian@lemmy.ml 5 points 1 day ago* (last edited 1 day ago) (1 children)

Looks like you're worried about highly motivated hackers targeting you specifically.

Not really, no.

Not patching security vulnerabilities leaves you open to not just targeted attacks but also wide spread attacks, which also use the same exploits that nation states use. Just look at the recent Coruna debacle.

Let me bring another analogy. You live in a town where theft and burglary is rampant. You have a lock on your front door but the lock is based on a legacy design which is not hard to pick. Sure, no one has broken into your home yet but if you keep using an antiquated lock, it's a matter of when not if. And it's not like only rich and important people's houses are broken into. Everybody who's vulnerable can and eventually will get attacked. If I had to choose between risking burglary and paying a little extra for a better lock, I'd choose the latter.

Maybe you're a political activist or just very rich.

I don't have to be a political activist to take measures to protect myself online nor rich to afford a used Pixel.

Sacrificing all this just to be protected from very unlikely attacks is simply not worth it.

To each their own, I guess.

You can permit some connections temporarily or permanently for specific apps only.

So you mean like OpenSnitch? If so, Rethink also has that.

EDIT: grammar

[–] ExLisper@lemmy.curiana.net 0 points 1 day ago

Even coruna was specifically targeting crypto wallets. Some articles say it was a 'broad scale' attack but I can't find any info about how it was distributed. Anyway, if you're using crypto wallets you have to be more careful. Traditional banking is protected by TFA and very often additionally insured. Again, risk assessment.

Oh, and I tried Rethink but it works as a VPN so you can't use other VPN apps with it. The app iode has can be used with any other VPN.