Hacker News new | past | comments | ask | show | jobs | submit login
Leaving Apple and Google: more devices now supported (e.foundation)
275 points by prince707 3 months ago | hide | past | web | favorite | 183 comments

Dedicated /e/ discussion forum at https://community.e.foundation also.

If you are looking to maintain a secure device similar to stock Android without google services, a Pixel phone with verified boot using your own signing keys, latest AOSP, and up to date drivers/firmware is a far better option. I've been working on a project that automates the entire process in AWS and it supports all Pixel phones now: https://github.com/dan-v/rattlesnakeos-stack.

Frankly all I need my phone for these days is running Firefox.

Locked down computing via proprietary apps is getting less and less appealing by the day.

I think the Firefox OS and phone was just a little too early. We're approaching the point where the web experience of an application is superior to almost every mobile app. There are exceptions, of course, but I foolishly bought an Amazon tablet recently because my brain doesn't work right when it sees a bargain, but the lack of apps isn't such a terrible thing.

I eventually did put the Play store on it so I could get a few must have apps, but, Reddit is better on the web (though it is an absolute pain in the ass about it with constant overlays trying to get you to use the app). Wunderlist is fine, gmail is fine, Twitter is ok, etc. The big win, however, is that I trust Firefox/Mozilla not to sell me out (I have mostly forgiven the Pocket thing), unlike just about anybody else. That has some value...also, all of my accounts and stuff is synced via Firefox, where with apps I have to login on every new device...some apps demand a fresh login every time, like my bank app, so Firefox is a better experience there.

This. I recently got a new Android phone, and decided to go Google-less with microG and LineageOS. Since I had to install everything from scratch anyway, I only installed apps as I needed them, and I've found that I have not reinstalled a large portion of the apps on my old phone—Amazon, Yelp, YouTube, etc all work perfectly fine in the browser, and I now have the added advantage that uBlock in Firefox blocks all of the trackers that are impossible to avoid in native apps. Hell, many of these "native" apps are just the web versions wrapped in a web view, so there is absolutely no discernible difference in functionality or UX between the two.

Ads are impossible to avoid when you have no control over your device. A rooted Android phone can easily block native ads.

I don't know what device you are running but the reddit and twitter websites seem to be built to be absolutely horrible to use. Both get stuck on long loading screens and have constant popups getting in my way.

Try using i.reddit instead of www.reddit not sure how long it will stay up though. When they take those down, I'll leave Reddit (if their main site is still so shit on mobile).

Not sure how long it will last but I still default to https://old.reddit.com/.compact

No pictures and video previews, but I actually like it that way.

There's even a Firefox addon to automatically switch to old.reddit when following links.

Use the ublock origin extension to remove the parts of Reddit that are annoying.

Use the picker to select the problem overlays and create a rule and they will be gone. You have to do this a few times since some seem to be page sensitive.

Even if you insist on having closed-source apps from the Play Store on your device you don't need to install the actual Play Store or any of its dependencies. Use either Yalp [1] (or its derivative Aurora [2] for those who want a more polished interface) and you can install free Play Store apps without ever needing to sign in to Google.

[1] https://f-droid.org/en/packages/com.github.yeriomin.yalpstor...

[2] https://f-droid.org/en/packages/com.dragons.aurora/

Banking apps may be more convenient than their web counterparts, because they eliminate the need for a token device for small payments or checking the balance. Depends on the bank, of course.

Holy freaking paranoid waste of lifespan, i have to admit i thought, partly because i'm 51 now and while I dig what you wrote, I think priorities shift as the rear view mirror shows more. Cool project, though.

Ha, you definitely have some years on me, but I can appreciate that perspective :)

Thanks for the pointer! How slick would it be if someone extended this project to distribute verifiable binaries which then underwent a final, local keysigning step.

So reading through it, my understanding of what is going on is that they use MicroG + LineageOS and provide their own email/app store/other services. I tried to go through to figure out what exactly they did to degoogle /e/ further than that, but I couldn't find the documentation to show me.

If the folks from /e/ are here, is there some sort of documentation of how you degoogled it past LineageOS + MicroG? I would be interested, as I use AOSP without Play Services nor MicroG, and I would be interested in seeing what /e/ gets me that my current set up does not.

I agree that the web site leaves lots for the imagination. For instance, I can't see how 1) this is supposed to be all that different from a typical, yet cleaned up, Android instance, and 2) what does this have to do with Apple devices? Are they going to have a port to iPhones? Or are they just trying to make us think they're going to be an option for people who don't trust Apple?

As it is, Android is already too much of a mess for me to trust. I wouldn't ssh from an Android to an important server, just as I wouldn't from a Windows machine. Too many moving parts into which I have little or no vantage.

The hackernoon article was really good, thank you for that! It looks like it can integrate into a nextcloud installation, and nextcloud appears as the default for the /e/ install . That is a really nice feature for self hosting, but that also means that the data on the back end is accessible to the folks hosting it.

I think your understanding is correct, but what /e/ is trying to provide is a more consistent, unified experience. Lacking Google services, you're sort of on your own trying to get what many people consider "basic" smartphone features: email, maps, cloud backups, etc.

I don't know if they'll succeed, but I fully endorse the idea of some umbrella project trying to put together a pleasantly integrated smartphone experience that doesn't rely on the tech giants.

Maybe /e/ will become the Gnome project of smartphones.

So then that brings a different set of questions. Like how are those things backed up? Is it client side encryption (I.e. they cannot access the data)? Can I point those services to a self hosted solution?

If they had the ability to make a self hosted back end for online services back ups, I would actually be extremely interested.

I think the project is in pretty early days. You could get involved and help build (or at least request) the features you'd like to see.

It has NextCloud support built in and I think they offer a NextCloud account to users (fee?) but hopefully a person could self host.

Can somebody clarify specifically what risks the microg signature spoofing patch might entail in real world use? I know its conceptually bad, but its a bit abstract in terms of my actual phone

The last time this company came up, I said the same thing I believe. I felt it was .. really weird.

My question whenever one of these de-googled google projects comes up is how do they keep up with the security patches released in stock? This is an especially big problem with all the "de-googled" chromium forks, that remove autocomplete from the address bar at the expense of running 3 versions behind stable. The only fork i've seen so far that even came close to keeping up with the average android install was Copperhead OS, and they seem fairly proud of that - it's right at the top of their features overview [1].

Seeing no mention of how up-to-date this OS is is worrying - I have a hard time seeing it as an improvement to reduce the number of calls to google services, while running an OS that's missing the last couple months of security updates.

[1] https://copperhead.co/android/

I am confused. Everything I read on the website is very vague.

What exactly is their issue with Apple? Apple is already privacy focused. I can imagine what it could be (mistrust of closed source, big corporations) but they never say so. What exactly are they building? Are they just a distro or are they building their own software?

EDIT: All the replies focus on Apple. But my point is not that Apple is privacy-friendly. When I say Apple is privacy-focused, I just mean Apple claims they focus on privacy. They can disagree, but should provide some arguments.

Why does everyone keep repeating this idea that Apple is the privacy company? They are just less bad than Google, but that isn't saying much. It's a marketing point for apple, but they still collect hoards of data and work directly with governments and agencies.

Source? Everything we've seen in terms of technical publication about the design of their software and hardware says the opposite. They're intentionally baking privacy into their services where others have done the exact opposite.

Requiring a physical address to create an Apple ID to download free apps doesn’t seem privacy oriented to me.

Sure, I can use a fake address, but what if they start to check against it and then lock me out of my account?

It’s bad enough all the players require my full name. I do use an alias whenever I can, but for vital accounts, I don’t because I’m afraid one day they’ll ask for a government issued ID to verify my account or I get locked out.

Usually “None” is an available option for payment method. This does depend on your region though.

You can do without by using prepaid cards you buy with cash.

> Source?

Exactly. Without source code you have no idea what they're doing. All you know it's what they say they are doing. Two completely different things.

No, you know a lot more than that. Apple is a public company. Take a look at their quarterly reports. Note the distinctive lack of dependence on ad revenue. This alone sets them apart from Facebook and Google.

Apple makes money by selling stuff to people, not selling people to advertisers.

Untrue. You can sniff outgoing connections and reverse engineer whatever you’d like (I sure have and am glad to have a full understanding of everything going out).

Time is another dimension here, you'd have to indefinitely monitor the device to make sure there's nothing sent out. There's also the possibility of stenography and remote-activation.

> (I sure have and am glad to have a full understanding of everything going out).

That's impossible.

There is a finite amount of code on the system. That code would also include any functions related to stenography or remote activation and could be easily called out. However, do not exist in iOS. Anything can happen in the future, and those future versions can also be examined to find out if any such functionality was added.

You're delusional if you think you can audit every line of code running on your iPhone. That'd be something newsworthy.

Your comment contains an insult with no additional substance to back up the claim.

The first part of my sentence only applies if you think you can/have audit(ed) every line of code running on your iOS device. If anything you're the one saying it can be done by you without any substance.

> There is a finite amount of code on the system. That code would also include any functions related to stenography or remote activation and could be easily called out.

Hint: You do not need to manually, personally, audit every single line of code to discover the use of such functionality.

That isn’t an argument for claiming the opposite.

Here's a recent blog post that describes some of the massive amounts of data that iPhones collect: https://www.mac4n6.com/blog/2018/9/12/knowledge-is-power-ii-...

Granted, this data is on-device, and we don't know how much (if any) leaves the device, but if Apple really had privacy as their top priority, they wouldn't collect that data in the first place. Privacy is surely important for Apple, but it's not the absolute top.

Um, on-device means it's not collected. At least not yet. By definition.

The phone collects data and stores it on device. "Collect" data does not mean "transmit" data.

After data is stored, it can be extracted by attackers who exploit a vulnerability in the OS, or by anyone with physical access who finds out the passcode. (eg. by coercion, by camera surveillance, or by simply looking over someone's shoulder)

If an operating system truly put privacy first, all that data would never be stored in the first place.

Obviously it's a tradeoff. If you want smart recommendations and all the "AI" features, you need to collect and store a lot of data.

If you value privacy above all else, you have to store as little data as possible, and you have to say "no" to features that require analyzing a lot of data.

This data is on-device precisely to avoid the usual route of uploading it to the cloud. None of that is uploaded to Apple.

Most of the OS is proprietary, you can't say it isn't uploaded.

I'm generally inclined to believe that companies--and people--aren't lying outright, unless there's evidence to the contrary. Apple seems to be making a real, concerted, and good faith effort in the realm of data privacy. This effort ought to be recognized.

Would it be _better_ if all Apple software was fully open source and could be independently audited by anyone? Yes. Does that invalidate everything else? No.

Also, Wireshark is a good way to monitor what data your phone is sending to what servers, even if it's incredibly imperfect.

With ubiquitous use of TLS and the advent of certificate pinning Wireshark is becoming less and less useful. Even if you convince the phone to accept your man-in-the-middle certificate with a provisioning profile, there's no way to proof that it sends the same data as if it got the real certificate.

If iOS was changing the data it sent out depending on which root certificates were installed, that would be a huge scandal, as I cannot imagine _any_ non-malicious reason to do that.

That's not proof of anything, but again, at some point I feel you have to assume good faith. Apple does not have a history of doing stuff like this.

Exactly, you're assuming good faith. Instead it should be proven good faith.

So to be clear, you are arguing that we cannot blackbox anything and see what network connections it's making or amounts of data being sent to whom or timing of it because proprietary? Nor for that matter find security vulnerabilities that lead to jailbreaks and then further deep dives right? Since it's proprietary that means nobody can possibly find any issues? You might want to think about this one just a little bit longer.

Seriously, the fundamental issue with proprietary is maintenance, ie., not finding but fixing (in a good way) problems and then making those fixes available to other users. Adding features to scratch niche itches is another, though arguably not as critical a matter. But for merely reverse engineering, decompiling, probing memory, fuzzing and all that lack of source code is effectively zero barrier. If it wasn't then source/algorithm obscurity really would be effective for security rather then a bad joke.

You can’t say something isn’t collected either.

I can say that on free (as in freedom) systems.

You can sniff the network traffic.

And all you'll see is a lot of encrypted streams to lots of servers.

Check the NSA PowerPoint that came with Snowden's revelations.

You ask for others to provide sources to back up their comments, but don't provide any of your own.

Ignoring the fact that it's EXTREMELY easy to find links showing Apple's commitment to privacy:




When you are the one making a claim refuting what is generally considered common knowledge, you're expected to provide SOME citation of your disputed claim... not to mention it's such a common internet troll tactic to spew BS just to make people do research to prove you're full of it that it's just kind of common courtesy to start with links (assuming you aren't a troll).

Equally easy to find recent articles outlining Apple is getting billions from Google to have Google search by default in Safari. Doesn’t sound fitting commitment to privacy.


While I'm sure apple's default choices are partially profit-motivated, defaulting to Duck Duck Go would be a poor UX for the vast majority of iPhone customers.

There is a valid discussion to be had as to whether UX or data privacy should be prioritized, but I'm inclined towards UX--most people just want to get the best search results possible.

If anything, on the UX <--> privacy scale, I'd argue Apple has sometimes been prioritizing privacy too highly as of late. As a heavy user of custom Applescripts, the new TCC dialogs introduced in Mojave have been causing me a lot of grief.

You can change that to DDG with a click, if you want.

What about transferring Chinese users' cloud data to a Chinese company? Is it a part of commitment to privacy too?

It’s not possible to prove a negative. Do you want a quote from Tim Cook?

>It’s not possible to prove a negative.

_Of course_ it's possible to prove a negative. Why do people insist on repeating this as if it's actually true?

Because it's shorthand for "the burden of proof is on those making the claim, and negative claims are much harder to prove or disprove." If your rebuttal to my assertion that Taylor Swift is not, in fact a zebra boils down to "you SAY that none of those zebras are secretly Taylor Swift, but maybe that just means Zebra Taylor Swift is just that good," I mean, I can't technically disprove that, but shouldn't the burden of proof be on you?

> negative claims are much harder to prove or disprove.

No, they aren't.

One, disproving a negative claim is exactly proving the opposite (positive, if the same style of expression is used) claim (and vice versa), so it can't be harder to both prove and disprove negative claims, even if they were real distinct classes.

Second, “positive” and “negative” claims are largely phrasing choices; it's quite possible to have positive and negative claims that are semantically equivalent.

If the intention is to talk about burden of proof, then that's what we should be talking about. That's clearly not the case because the parent comment replied asking how it was possible. They seemed to have meant it very literally that negatives are impossible to prove. It's a common saying and it's flatly wrong.

Additionally, in this case, the claim that a company can be trusted is much more difficult to prove than the claim that they cannot be. Burden of proof, difficulty of proof, and whether the claim is expressed as a positive or a negative have no intrinsic link.

"you SAY that none of those Apple devices are secretly spying, but maybe that just means Apple devices are spying just that good"

Are you saying that Apple can be proven a company that can be trusted to keep user data secure?

Could you educate me on how this would be achieved?

And the switch to Apple meme only works for those fortunate enough to live in countries with a monthly wage that actually makes it a viable option.


Exactly. It's one of their main competitive features in each of their annual reports, yet they collect just as much data...

From e Foundation website: "our mobile phones, even when using no Google service, connect to Google Servers tens of times per hour (91 times per hour for an Android mobile with a total amount of 11,6MB of data sent on a single day, and 51 times per hour for an iphone, corresponding to 5,7MB of data sent to Google servers)." With a reference to: https://digitalcontentnext.org/wp-content/uploads/2018/08/DC...

Thanks. I didn't see that. Why exactly do iPhones send data to Google servers? Ads on apps/websites?

Section F, page 4 has a summary:

f. While using an iOS device, if a user decides to forgo the use of any Google product (i.e. no Android, no Chrome, no Google applications), and visits only non-Google webpages, the number of times data is communicated to Google servers still remains surprisingly high. This communication is driven purely by advertiser/publisher services. The number of times such Google services are called from an iOS device is similar to an Android device. In this experiment, the total magnitude of data communicated to Google servers from an iOS device is found to be approximately half of that from the Android device.

From the article, I gather that the traffic is for google ads as you browse the web (AdSense).

Don’t forget Google Analytics, Google Fonts and Google AMP?

iPhone uses Google as built-in search engine in Safari, thus indirectly compromising data privacy. And Apple is reported to get billions from Google for this https://community.e.foundation/t/google-could-be-paying-appl...

Google is "built-in" as far as it's the default. It is changeable and can also be set to Yahoo, Bing, or DuckDuckGo, as well as Google.

>Apple is already privacy focused.

Says you (and say them).

>I can imagine what it could be (mistrust of closed source, big corporations) but they never say so.

Yes, that's exactly it. With proprietary software I have no idea what my device is doing. Maybe they're spying on me! Maybe they aren't! Who knows!

The reasoning behind the people that say "Apple respects privacy" is always "because they say so".

> With proprietary software I have no idea what my device is doing. Maybe they're spying on me! Maybe they aren't! Who knows!

This is entirely untrue. You can sniff the outgoing connections to see what data is being sent. Here's instructions for how to do it on a Mac: https://medium.com/@jamesmarino/monitoring-ios-https-network...

On Windows, a similar thing can be achieved through Fiddler.

Oh please. Take your tinfoil hat off. Hell, take your tinfoil suit off.

Apple's biggest claim to fame in the last few years has been defending users' privacy. It is in their best interest to be as transparent about this as possible because any revelation that they are publicly saying X and privately doing the opposite is going to completely tank them as a company. They're not about to jeopardize their entire company by going so far as concealing tracking information in other information that is transmitted from the device. Especially while at the same time going so far as implementing many security and privacy features like FileVault, E2E encryption, and the Secure Enclave. Everything they have said and done, and analysis of the data that leaves their devices points to them not doing it.

Sure, it's theoretically possible. But it's about as far from probable as Pluto is from Earth.

>Apple's biggest claim to fame in the last few years has been defending users' privacy.

The vast majority of Apple's buyers don't know or don't care about privacy. To assert "this is their biggest claim to fame" is ludicrous.

>It is in their best interest to be as transparent about this as possible

This is still the only argument for Apple that I've ever seen. They maybe aren't doing this, because maybe it doesn't make business sense for them, and maybe we could detect it if they were. Nothing about this is solid; for me it's just wishful thinking.

>any revelation that they are publicly saying X and privately doing the opposite is going to completely tank them as a company

Literally hundreds of companies have been caught doing the exact same thing and next to none of them have "tanked".

>Especially while at the same time going so far as implementing many security and privacy features like [...] Secure Enclave.

The Secure Enclave is an unauditable chip running god knows what software. Completely outside your control; someone else has the power to dictate what it does and doesn't do. The notion of paying money for my device and having it subject to the control of someone else is... like buying a car with my own money and having it be controlled by someone else.

> The vast majority of Apple's buyers don't know or don't care about privacy. To assert "this is their biggest claim to fame" is ludicrous.

The users don't care, but the media and government are going to pounce on whatever they can, especially the government after the FBI debacle and subsequent refusals to cooperate. If you don't think such a revelation isn't going to completely upheave the company, then you're the one that's being ludicrous. Just because the end user doesn't care now doesn't mean they can't be made to care with the right messaging from someone who takes advantage of such a discovery.

> This is still the only argument for Apple that I've ever seen. They maybe aren't doing this, because maybe it doesn't make business sense for them, and maybe we could detect it if they were. Nothing about this is solid; for me it's just wishful thinking.

Did you somehow miss my grandparent comment, or just decide to completely ignore it because it doesn't fit your narrative? If you don't trust them, then go do what I said to do in said comment and audit the data that is being sent by the device to their servers. This isn't rocket science, it literally takes a few minutes to set up. Just because you don't want to doesn't mean that trusting them is somehow the only option you have. And just because you don't see the source code doesn't mean you can't possibly know what data is being collected and sent. That's literally the whole reason these MitM proxies exist -- to inspect data leaving your device for various purposes.

> like buying a car with my own money and having it be controlled by someone else.

So, what already happens today and has been happening for at least a decade now?

"Says you" works in both directions.

Apple at least has that case whith FBI, anti-proprietary activists have just their doubts. Would be interesting to read some story about traffic analysis with some suspicious activities, but all I see is just compilation of doubts and talks about what is possible.

Apple also has a case where it transferred Chinese users' data to China government.

I am very curious to learn more details about how they handled this, with specifics.

Not a lawyer, but I'd assume Apple's marketing, public statements and explicit messaging on device about privacy would restrict them at least in markets like Europe? Surely they'd be into unlawful false advertising at this point.

In the US, you have to do what you say you are doing in your privacy policy, and the government enforces that.

With a billion iOS devices out there, if Apple was truly collecting information about you and selling it to third parties, there would have to be some evidence that compromised data is out in the wild. To date, no one has found any.

So it's pretty safe to say that yes, you can trust Apple.

> Maybe they're spying on me! Maybe they aren't! Who knows!

I suspect we would all know if Apple were spying on us. Really think there still secrets anymore?

Of course there are huge secrets that have yet to be revealed. If there's anything to learn from the 20th century it's that huge projects can be maintained in relative secrecy from the public so long as the denial is plausible. After all, it's become clear that "secret" is not sufficiently revealed when those convinced of its truth are regarded as cranks and crazies.

I'm certain that decades hence we will be shocked to discover what is going on now, under our noses.

Apple costs a fortune and only runs on specialized hardware.

As technologists, I think we should stand against the notion that personal privacy is a luxury feature for those wealthy enough to afford it.

Ethically, I think just about everybody agrees with you. However, as soon as the ad-supported device is 10% cheaper, it's going to capture most of the market.

I don't think the market can solve personal privacy issues - only legislation can.

Nice summary. For example buying an iPhone in Turkey is harder than buying a car in UK in terms of an avarage middle class person's monthly income.

You've met technologists who were for the notion that personal privacy is only for the rich?

I've met a ton of technologists interested in privacy, and none of them were for the notion that only the rich should have it.

All that advocate switch to iOS as solution to the security issues on Android.

On plenty of countries getting an Android device is already a dream come true, let alone being able to get an iPhone.

Since that /e/ thing allows you to self-host the cloud part, you need neither Google nor Apple.

Apple may, of course, be better than Google at defending user's privacy. Apple's efforts are laudable, but Apple still controls access to your data.

With self-hosting everything, you are in control of your data. This may be more secure, or less secure than Apple's cloud, depending on how well you manage it, but now you're in control.

No. You are suggesting that we should trust Apple (why?) and upload all our data to their cloud. By why cannot we just keep our data on our phone without sharing them with anyone.

Nothing stops Apple from becoming a new Google. And nothing stops NSA from installing backdoors in Apple's data centers as they did with Google.

So what’s your threat model here? Are you worried about being targeted individually or in aggregate?

In aggregate it’s not clear that the risks of putting your data in the cloud are as dire as everyone fears. If your worried about being targeted individually then you’re already screwed. There’s no way a single individual can guard against state level actors.

>What exactly is their issue with Apple?


Like seemingly every other post taking this position, again this post totally ignores one of the big problems Apple is solving, which is protecting the interests of the user.

Search the article for these words: roommate. boyfriend. partner. family. household. abuse. abusive. stalking. stalker. spying.

No hits.

The article is 100% free of any mention of one of the top dangers Apple addresses for users with its built in protections. No phone can fix the problem completely, but iOS bends over backwards to ensure that a user who takes an active interest in protecting their own privacy has the tools to do so.

I do not fully understand your point. If you have free software on your phone you can do anything, including protect yourself from a neighbour/partner. All it takes is to find the software and install it. If your phone supports GNU/Linux, it's surely a solved problem.

Apple creates a walled garden, where they decide what you can and cannot run on "your" device. Even if such devices are useful in specific circumstances, the problem of freedom is still there.

It’s not so much that you as a HN user and presumably very computer literate person can protect your own device. It’s more about others who are not like you, and what an evil version of you can install on their devices while tricking them to think there is no problem.

If the phone owner is not knowledgeable about the dangers, they should not be required to become a security expert and download special apps in order to deserve protection from those who would install privacy invading apps on their devices.

Let me remind you that the original question was "What exactly is their issue with Apple?" and the answer was "The lack of freedom".

Now, it seems you are trying to argue that not computer literate people need a single chef (Apple) to tell them what to do and what not to do with their devices. Let me explain to you that freedom, which Apple devices lack, would allow such people to choose, whom they trust, increasing the competition and improving the market situation. For example, you go to a repair shop you trust and ask them to install any operating system they think is reasonable. It also concerns physical repairs. Apple more and more prohibits independent repairs.

Even if Apple is solving "big problems" as you claim, the answer given is still legit. There are people who need freedom and Apple goes against it in many ways. And it is not always possible to switch to other vendors, see "Vendor lock-in" in Wikipedia.

tl;dr: You do not have to be computer literate person to benefit from such freedom.

Sure, but there are tradeoffs that must be dealt with.

Apple is focused (theoretically) on privacy now, but that doesn't mean they won't change, and if they do change, Apple users won't know about it until their information is sold.

(a) it’s not really theoretical, considering both their public stance on it and the design choices that they’ve made; (b) “but they might change” is a bugaboo that could apply to anyone. An open source project could get compromised, taken over or bought by a malvertiser who replaces the software with a signed malware - and we have ample evidence that this has happened before to many projects (e.g. Chrome addons).

To help everyone else out, here is the comprehensive list:


Why use slashes in the name? Why not just E Foundation or something similar?

I agree, it makes me think of 4chan. Not the best brand association.

Same here. Additionally it's pretty dumb to use special characters in an actual name, especially one that short. Search for "/e/" on Google and you should get results for everything about the letter e. What does it even mean?

> search for "/e/" on Google

> Leaving apple and Google..

Maybe they want to leave Google entirely. Maybe they are walking their walk and not just talking about it.

It's applicable for any search engine...

This makes their discovery difficult.

Of course, it could be a subtle reference to 4chan's /e/ board (NSFW), which is certainly best visited in private.

Why not something easy to find with a search engine?

This is why I always wanted the boot to gecko (B2G), also called firefox os, to succeed. It was different and also open source. The concept was also good. But too bad they only released on very low cost, low feature phone like Spice. It was a shit phone with good os.

I don’t know about e foundation, but what I came to know from their mobile phone os page is that they are providing a os with data privacy as main feature. Why cannot they reuse firefox os?

because firefoxOS is no longer under development. /e/ probably doesn't want to take over development of the whole operating system.

also, there is no easy way to collect all FOSS apps available for firefoxOS, because firefox didn't track that information. that is, if the market is even still running.

the goal of /e/ was to start with a fully functional system, and remove the bad bits one by one. lineageOS and f-droid make that easy.

developing firefoxOS would be more like starting empty, and having to develop or port any apps needed to make it good.

Successors to Firefox OS, like B2G and KaiOS are still being developed. The app situation is more of a problem. Web apps are a partial, if imperfect, answer to that.

There's a KaiOS flip phone being sold in the US. As Alcatel Go/Alcatel Quickflip.

It's really really bad. I have one. Like, the basic experience is just bad. Even for a flip phone. There is also no supported way to install apps or anything, even though KaiOS theoretically supports this. I had intended to see if I could find a back channel way to even write my own apps and install them, but the basic experience is so bad I lost interest.

well, if it's not possible to install apps, at least it doesn't suffer from a disappointing app market. maybe that's by design ;-)

oh, i am very happy to hear about that. i'll have to check that out.

This is my first time to not find a Wikipedia entry for a topic.

The only mention that I found was in the founder's wiki[0] page.

[0] https://en.wikipedia.org/wiki/Ga%C3%ABl_Duval

Edit: Well I think I might create one when I have some free time. As it look like a nice project

Gael Duval is the founder of Mandrake which is the predecessor of Mandriva. Mandrake was a user-friendly, newbie-friendly, RPM-compatible Linux distribution which was cheaper than RedHat Linux back in the days.

I think my phone is not just about apps, but also services, tightly integrated with those apps, like chrome's browser history, password manager, Google docs synchronisation etc.

Perhaps the only reason why I cannot shift to other apps is due to the serious is the lack of cohesion across all platforms. Google has It's paws on every device, every platform. Which is a huge selling point.

Half my work is handled by this single Google account. I haven't seen any product lineup that lets me have this kind of one-ness across my devices.

This is what they're trying to achieve: phones are heavily tied to services, so if you want people to break free from Google, Apple, MS, you need strong alternatives. The /e/ Foundation is working on services that will go with their fork of Android. You'll also have the option to self-host those services if you prefer.

This will not be easy to achieve, but I believe it's a great idea.

I didn't know you could self host these services with /e/

If they could support desktop devices, that would be great. It would one more step in the right direction.

Interesting, I don't want my phone to be attached to any other aspect of my life. I want it to be a communications device and that's about it. Maps and navigation are the one other thing that I think is really useful.

I don't want my phone to be able to touch my bank account, my email (other than a phone-specific email account) or any personal or work-related files.

This comment makes me wonder...

What if you can spin up a personal server, and have it connect seamlessly to apps across all devices?

I understand your concern on having 3rd parties touching your personal information, so what if the lineage OS, firefox OS or any other set of "libre" apps, also brought with them libre, self-hosted services?

Yes, that's just it. It's gradually becoming a smart assistant, and that requires cohesion of data and services that Google provides now. I fully subscribe to that vision, and I want to able to participate in it, I just don't want Google, or Apple, or anyone else to control it, and of course it requires a secure foundation. I think there is going to be a new category way of thinking about this soon, for some people at least.

A flipped and mirrored iteration of google's G as their logo doesn't really help to serve the cause.

I think that's the point. They want to offer the same things as Google (search engine, apps, ...) but in a way that respects privacy.

So a logo with the same shape as the Google logo but with a different orientation makes a lot of sense.

Having your logo be not-Google doesn't clarify what you are, just want you aren't.

What you would you expect out of the not-Nike brand?

As Google evolves and changes, the meaning of not-Google branding becomes ambiguous. Does it mean the not-Google-from-2015 or the not-Google-from-2020?

The definition of the "same things as Google" is involving constantly.

Interestingly enough, New Balance positioned itself to be the anti-Nike, touting its shoes as U.S.-made and not benefiting from exploited foreign labor. I read somewhere that the way their N logo is put on their shoes is meant to echo the Nike swoosh. And people have criticized that branding as insufficient, as well.


Interesting, Gael Duval of Mandrake Linux fame I assume.

yes, the very same

I degoogled my phone by installing LingageOS and by not installing any Google app (no play services etc). Everything is great, except one major annoyance: I do not receive any notifications of chat apps, because I am not connected to GCM /Firebase. Does /e/ somehow fix this, e.g. by providing their own cloud messaging services?

/e/ is right now just a fork of LineageOS 14.1 with a bunch of degooglization and microG. microG isn't currently compatible with the latest version of GCM/Firebase. WhatsApp, for example, works around that but that might not be what you want; it is quite the battery drain that way. Although such push messages are as well (like IMAP IDLE is). Depending on your phone, you got LineageOS 15.1 already. Though you might not find the differences between 15 and 14 major. Though the news here seems to be that there's a new version of /e/ based on LineageOS 15.x

WhatsApp and signal both work fine without gapps, using them daily without any issues and any battery drain

The only app that works well for me is Conversations (XMPP client). It's also quite battery efficient. You have to convince people to use XMPP though, that's the hard part. For all apps that requires Firebase/GCM, the only solution is MicroG, but then you have some data going to google. It doesn't require a google account and, depending on how the app is made, it shouldn't contain personal data, but it's still data going to google...

Signal and WhatsApp notifications work fine on my lineage phone without any gapps so you must have done something wrong

Every passing year makes me yearn more for the missed possibilities of the Firefox OS for the phone. It was visionary of Mozilla folks to anticipate the need for it — I wonder whether the project might have been mismanaged due to unrealistic expectations (expecting too much too soon).

It was just difficult to get a FirefoxOS device back then. I had a friend pick one up for free at a trade show at a conference.

I personally want to try going down the KDE Plasma route myself. Device support is still problematic though.

When I was thinking about buying my first smartphone I wanted a Firefox OS device. However devices were underpowered and the OS was too young and heavy on resources. So I bought the original Moto G.

But still if there would be a Moto G of Firefox OS it probably would all end-up the same. But maybe it could at least retain a niche.

My Moto G with current Lineage OS is better than when it was still getting updates, but sadly I broke SIM holder. Maybe I will try to fix it someday with someone's help.

Now I use Nexus 5X and as it will soon receive its last update I'm thinking about alternatives. LineageOS is an obvious choice, maybe with MicroG. But I also am thinking a bit about Plasma Mobile as it is a supported device. If it will not bootloop maybe I will be able to try it.

But I put my hopes in PostmarketOS and when there will be a single device with enough hardware support (I can close an eye on Bluetooth, NFC, accelerometer and gyro) I will buy two such devices even and maybe especially used.

It is going to be a difficult task. Developers won't bother to write or update their apps for a niche OS. But if it at least can run apps from F-droid (and has root access) then it is good enough for me. And if there were a replacement for apps depending on Google Services then it would be perfect.

> office: a set of online office applications (including word processor, spreadsheet and presentation) that you can use for collaborative work also.

Is it really necessary? It might work for a tablet but for example I cannot type anything on small on-screen keyboard. And I don't understand why do that if you have a laptop with a normal keyboard. So I think a document viewer would be more than enough.

Do they really support those devices? or do you still have to install binary blobs (pried from Google/OEM images) for the kernel and/or drivers to have even basic things like touchscreen, radio, etc working?

If it is a fork of LineageOS, I would think it needs the binary blobs you mentioned in order to work.

I just want to buy a phone with this on. Is this possible? I don't want the hassle of finding a phone on Ebay and installing some bundle of software. I just want to plug and play.

Naming your product "/e/" is a good way to de-Google as it ensures your product will never be found in a Google search!

Will it support anything that runs LineageOS? I was going to buy a Xiaomi Pocophone F1, wondering if this is worth trying out.

What are the privacy and security considerations of running an open source operating system with Android 8 (Oreo)? I believe this (as Project Treble) would generally leave the lowest layer of the vendor-supplied Android still in place, potentially giving them some responsibility and control.

How is the /e/ Foundation and the /e/ OS different from Mozilla and the Firefox phone?

Android compatibility and it runs on phones that people actually have.

And it's (so far) not discontinued.

I’m surprised by the number of Chinese phones on the supported list. Does this mean a simple OS reinstall overwrites any backdoors these phones may have, which suggests any backdoor is software related? What about hardware? Dos the new OS inhibit hardware backdoor communications?

In theory but are other things in the phone backdoored? What if the WiFi device is backdoored?

In case it's bugging anyone else: the logo is the reverse of the Ableton Live ligo.

I'm disappointed that this has nothing to do with Enlightenment.


/e/ has a dedicated discussion and support forum at https://community.e.foundation

If they really support Android 8 (Oreo) on the Nexus 5 (Hammerhead), I might give it a try. LineageOS doesn't support this combination yet, at least not officially.

"The /e/ ROM is forked from LineageOS 14.1"

I guess that would be Android 7.1.2 then. [1]

[1] https://en.wikipedia.org/wiki/LineageOS#Version_history

After more investigation: e-0.1 is forked from LOS 14.1 (based on Android 7), e-0.2 from LOS 15.1 (Android 8). The Nexus 5 downloads have an e-0.1 filename, so no Oreo. The website seems to imply that all 49 supported devices can run Oreo which is misleading.

Now there is a release forked from LOS 15, that supports new devices.

Damn, I wish one of such project could do something about my Nokia Lumia 1320 but iirc locked bootloader of Windows Phone is the problem here

It’s not that locked: https://www.windowslatest.com/2017/08/05/install-android-on-...

The problem is device drivers: traditionally, Linux doesn’t have them.

What is the point of this project (and most other Android-ish projects) if you are still stuck with the same binary blobs, modem OS you can't see or change, ROM loaders in the SoC, persistent code running with higher privs than your kernel (which is often woefully outdated and full of holes).

If you simply don't want your phone to talk to google, connect to a WiFi AP you control which also blocks all of Google's AS-numbers and thus the subnets they contain.

Do you maintain such a dynamic blocklist?

No need, IANA does that for you, and via that, ARIN etc. I don't block Google like that myself, but some clients wanted such provisions (sometimes with exclusions which makes it somewhat pointless), just like some do for Facebook etc.

If you have a network that is specialised enough, it becomes a lot easier to do this, you turn it into a whitelist instead of a blacklist.

Or you could, you know, get an iPhone. A product from a company that actually cares about user privacy and also has the resources to do something about it. Unlike this project.

How long before they get sued for their stylized 'e' which is a ripoff of Google's logo? Essentially it's an upside down 'G'.

Any hope on the iPhone front?

Probably not. I don't think booting another OS on an iPhone is doable.

I seem to remember old demos of booting android on old iphones but I doubt it will ever be practical and probably next to impossible these days. Would likely be easier to design and produce a whole new phone than crack the multiple layers of DRM on iphones


Platforms that censor speech:-

* Facebook

* Twitter

* Google

* Youtube

* Pateron

* Stripe

* Paypal

* Twitch

* Spotify

* Apple + apple podcast

* pin interest

* LinkedIn

* Mailchimp

* Wordpress

* mastodon

* azure cloud servers (microsoft)

* Mastercard

* Godaddy (removed alex jones+gab)

* MEDIUM (Banned GAB Oct-2018)

* Shopify (Banned AJ + GAB Oct-2018)

* Cloudflare

* pusher.com


Platforms that DONT censor speech

* Tutanota + Protonmail(email alt)

* Minds +mewe (FB alt)

* Gabai (Twitter alt)

* Bitchute (Youtube alt)

* Wire (skype alt)

* Librepay (Donation alt)

* Startengine (Kickstarter alt)

* peertube (DIY self host youtube stream style server)

Also look into:-

* searX.me or Duckduckgo (search alt)

* OpenStreetmap - instead of Google maps

* imgtc or tineye - free image upload site

* Linux - Win/MacOSX replacement

* f-droid.org - Google Play Store ALT

* Mumble - Discord ALT



The downgrade in security isn't worth it. Too little, too late folks

It's obviously not a finished product yet. Let them try things out! It doesn't seem to be much more than Lineage yet, but this could go some interesting places.

It comes with online services, not sure any other alternative OS does that.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact