Found this article, I think it’s am interesting comparison
My source: https://mastodon.nz/@leighelse/115572223821306554
It is still just android garbage.
deleted by creator
The article is not by me, I just posted the link I found.
I’m not expert in this field yet, I am learning this kind of stuff right now from posts and comments around…
Sorry put the reply under wrong comment. Didn’t mean your original post.
Graphene has a lively and accessible discussion forum of its own, and another on Reddit. Unfortunately it’s managed, and somewhat populated, by a community whose rudeness and arrogance is notable even in the weird world of niche open-source projects. It’s not unheard of for the moderators to delete posts that are critical of Graphene, or ban users who post such things.
This is what I love about GrapheneOS. They are not afraid to call Murena and e/OS on their proven false claims about security and privacy. Do some research and you will find that e/OS, same as iodè, are phoning Google from boot. Additionally, Murena is on the take by the French government, which happens to be the most advanced EU country in terms of authoritarian behavior today.
LineageOS would be a way better option to keep private if you don’t have/won’t buy a Pixel phone, otherwise, and with a proven record, GrapheneOS is the only option out there.
Yes, the community is blunt, specially when they are being dragged through the mud by scammers like Murena. But look everywhere, you will not find a mobile OS that even comes close to the security and level of ownership of your device that GOS offers.
That’s not my problem with them. My problem is with their arrogance assuming everyone has the same threat model or same desires when moving to an alternate os.
It’s easily the thing I dislike most about graphene.
Here’s the founder of Murena claiming he never claimed it was about security, it’s for privacy via blocking all mass surveillance.
https://community.e.foundation/t/some-clarification-regarding-security-vs-privacy-in-e-os/51839This is a great example of their BS.
While this isn’t a major security concern and doesn’t impact privacy, it still needs to be addressed. Meanwhile, those not confortable with this situation can download an alternative web browser from App Lounge.
How can he say this about the web browser? The one app that is used all the time to display pretty much everything by almost every other app.
And, of course, there’s all the crying because they are being called out on their lies.
Out there you will find, easily, analysis of technical documentation, developer communications, independent security audits, and user reports revealing a systemic pattern of misinformation, technical obfuscation, and marketing fabrication emanating from Murena’s for years. This has been a problem from the start, for example, this article from 2020:
https://itsfoss.community/t/eos-e-os-e-foundation-disastrous-security-warning-2/4726?hl=en-US
Another thing to keep in mind is that Murena’s marketing strategy relies heavily on the concept of “Sovereignty.” They promise users a “Googless” experience where the user owns their data. This narrative is compelling to a public weary of surveillance capitalism. However, as has been demonstrated in may deep dives into their so-called “OS”, Murena’s definition of sovereignty is superficial, relying on replacing one centralized provider (Google) with another (Murena Cloud/Qwant), rather than empowering the user with autonomous, secure technology. This marketing strategy only works (barely) by demonizing alternatives like GrapheneOS, which offer proven sovereignty through structural security instead of simple service substitution. Smearing is all they have against something of GrapheneOS’s level.
The worst part is that this leaves less savvy individuals open to being exploited by the likes of Murena and Rob Braxman, potentially making them even more vulnerable to having their data extracted because they believe their systems are actually private. It’s just disgusting.
As I said before, the GrapheneOS community is very passionate about the security and privacy we all need, more so now that everything is a data grab, which explains why they fight tooth and nail when their wonderful and unique work is being attacked. Granted, it’s not a justification, but this is a war we’re in right now, and if we keep doing everything with silk gloves instead of displaying the harsh and dangerous reality, we will lose, and I for one don’t want to lose this fight.
Sorry but you seem to be mixing up privacy and security a couple of times. Those are 2 different things.
As you suggested I tried to search about those security issues, but i could not find anything regarding indepent security audits. I would be interested in it, if you have the links.
This article from Golem is from 2020, so not sure if this is still up to date today. I could find something regarding the browser being an issue and the source from the app lounge.
Where are you forced to use the Murena Cloud? I did not have to make an account of anything. I created a folder for all their preinstalled apps and put them there, as they don’t look great. I heard there was an issue with TTS going to OpenAI, maybe you mean that.
To me after reading into degoogling the last couple of months, there seems to be an exchange of accusations going on between Graphene and e/OS. It might be because both support Google Pixel and they fear about market share.
In my opinion there is enough for both of them and this toxic behaviour is not helping anybody, just the two big ones Android and iOS. I really don’t like the toxic sound mainly coming from the Graphene community, that their solution is the only true one. Which to me seems a bit odd, when they still relying on Google. I am interested to see who their 2nd Hardware supplier will be in the future.
As I see it you can simply summarize it this way: You want privacy without relying on Google --> e/OS You want privacy and security but don’t mind using Google --> Graphene OS
For me I am currently using e/OS, as I don’t want to give google any money for a pixel. I might see if the prices drop for a cheap used one to try Graphene.
I am fully aware that e/OS is not as secure as Graphene, but I am no longer relying on Google. But to me this is the compromise I am willing to take.
To this I’d add that it is very common, and very easy, to install either MicroG or the real Gapps (Google Play Services, Play Store, etc) on LineageOS.
GrapheneOS has another added bonus of allowing you to install Google Play Services only in the “work” profile, leaving your main profile Google-free.
Personally, I think everyone should be at least a little worried about their phone potentially being seized by malicious state-sponsored actors. Whether it’s a power-tripping cop, airport security, or the New American Gestapo, this kind of thing is only becoming more common as time goes on. GrapheneOS has repeatedly been shown to be resistant to attacks that stock ROMs are vulnerable to, sometimes for months or years after Graphene patched the holes. LineageOS with an unlocked bootloader is likely to be less secure against any USB attack than stock.
Just my two cents. I love LineageOS but I would never feel comfortable traveling with an unlocked bootloader. Then again, it might be better to take a burner phone when traveling anyway.
Apart from fixing the small privacy leaks in Lineage, ∕e∕OS doesn’t seem to offer much extra in the way of security hardening.
With /e/OS, the bootloader can be relocked on Fairphone, Shiftphone, Teracube, and Google Pixel, and they are sold locked by Murena. https://community.e.foundation/t/list-devices-where-bootloader-can-be-relocked/48424
This means a pickpocket or airport security control can’t take a copy of your system image via USB and brute force your few-digit passcode in a virtual machine without guess rate limiting. If they crack it, they can start using your user accounts and whatever information is on the phone.
With LineageOS, relocking is not so rosy: https://wiki.lineageos.org/faq#canshould-i-relock-my-bootloader
Few devices allow for it and even less work properly after that. Relocking can result in actual unusable devices, so be warned!
https://forum.fairphone.com/t/relock-fp5-keeping-lineageos/108723
If you plan on installing LOS and want to lock your bootloader you’ll have to build your own images, that’s not supported by default.
https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/
With /e/OS, the bootloader can be relocked on Fairphone, Shiftphone, Teracube, and Google Pixel, and they are sold locked by Murena. https://community.e.foundation/t/list-devices-where-bootloader-can-be-relocked/48424
this was one of the things i’ve been waiting for! i was leaning towards graphene because of the bootloader lock, but i don’t want a pixel.
the next problem i have to wait for is better support for the network bands in north america. i know from experience that the bands that fairphone supports are the same that my chinese phones supported in the past; which meant that i got no signal inside of large buildings and had to rely on wifi. i’ve never heard of shiftphone nor teracube, so i hope that their band support is better.
GrapheneOS still does more for security:
- Even if an attacker disassembles a Graphene phone and reads everything off the memory chip, all data will be encrypted with your unlocking passcode. Then it’s just up to how long it takes to brute force it open on a server farm. I’m not aware how exacly /e/OS is encrypted.
On the other hand, Google Pixel phones have suspicious hardware:
https://lemmy.world/post/27344091
Hardware-level components like Titan M can execute processes that users cannot audit or disable, raising concerns about opaque data collection.
- Graphene installs security updates against online attacks the fastest of all. /e/OS promises “typical relaxed vendor pace”.
- Even if an attacker disassembles a Graphene phone and reads everything off the memory chip, all data will be encrypted with your unlocking passcode. Then it’s just up to how long it takes to brute force it open on a server farm. I’m not aware how exacly /e/OS is encrypted.
Nice article.
Good read, it gives a refreshing take on these options.
