this post was submitted on 10 Mar 2026
18 points (59.2% liked)

Open Source

45284 readers
726 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
18
/e/OS is not a secure OS (lemmy.world)
submitted 2 days ago* (last edited 1 day ago) by FG_3479@lemmy.world to c/opensource@lemmy.ml
56 comments fedilink hide all child comments
 

/e/OS is not fully degoogled, as DNS connectivity checks, hardware attestation provisioning, and eSIM activation all go through Google.

It is often many weeks or months behind on security updates, especially in the WebView, which makes it easy to exploit.

It doesn't support bootloader locking on many devices, and if you lock the bootloader on a phone that does support it, it could brick if /e/OS is on an older security patch than the stock ROM was.

It doesn't use a lot of the hardening in GrapheneOS such as hardened_malloc which prevents memory corruption exploits, even if the hardware supports it.

And finally, /e/OS's text-to-speech sends what you say to OpenAI, despite local options being available.

If you want a properly secure Android phone, the best option is GrapheneOS, however it only supports Pixel phones and future Motarola phones due to its high security requirements.

If you can't get a Pixel then iOS in lockdown mode is the next best option, however if you can't replace your phone, LineageOS is much worse than Graphene although it is still much better than /e/.

you are viewing a single comment's thread
view the rest of the comments
[–] BrilliantBadger@piefed.ca 10 points 1 day ago (2 children)

This is honeslty a shameful post. A personal rant with just a nasty agenda

People or projects attacking other privacy focused projects working on good faith intent to help us escape the duopoly are just sad. If a project doesn't fit your personal needs, so be it, move on

As a whole we need as many of these projects to succeed & elevate as possible. Shooting at others because you got your feelings hurt elsewhere is childish and self-defeating for all. Last thing we need is creating a single-opoly of privacy focused options

[–] Tenderizer78@lemmy.ml 3 points 22 hours ago (1 children)

Security is very important.

[–] BrilliantBadger@piefed.ca 2 points 8 hours ago

Sure is. And if you ain't surfing nasty sites, loading 'free' VPN spyware, crap AI dung & scammy apps it's all good

Android OS is a very secure OS. Google recently moved their older devices to quarterly updates versus monthly. Are we now saying those older pixels (still in support life) are insecure because they could go 3 months w/o an update? In itself that move is telling & obliterates the marketing scare tactics used by some & some projects. It's sad really.

Common sense and good online habits will take you further than all else

[–] FG_3479@lemmy.world 1 points 1 day ago* (last edited 1 day ago)

The reason I wrote my post is because there are better alternatives, like Graphene if you have a Pixel and can accept sandboxed Play services, or LineageOS which is less secure but works on many more phones and supports MicroG.

/e/ is very insecure compared to those, and it is likely easy for someone who has bought a used Cellebrite to get into it and make your lockscreen useless.