Hacker News new | more | comments | ask | show | jobs | submit login
[dupe] Open source, privacy-enabled smartphone operating systems (e.foundation)
190 points by DyslexicAtheist 27 days ago | hide | past | web | favorite | 81 comments

"We build open-source mobile operating systems that respect users’ data privacy." yet your website pulls gstatic.com.

How can I trust the project when I can't even visit the official website without being logged by the biggest company of online tracking?

Dismissing privacy projects because the website pulls from google fonts or analytics is a recent favorite behavior here. It’s become a sort of inspector fueled “first!”.

When someone shows me an: open sourced, graphical, log based, spam ip filtering, self hosted, server alternative to GA that I can set up in < 10x the time I will happily switch to it. In the meantime, if I want to know how my website performs I don’t know of privacy-forward competitive options.

> When someone shows me an: open sourced, graphical, log based, spam ip filtering, self hosted, server alternative to GA that I can set up in < 10x the time I will happily switch to it.

If privacy is your core business you make compromises, and you should be prepared to spend some time to set up something like a self hosted piwik instead of using GA.

This should be obvious.

Of course if your site is about your new facebook app, just go ahead and use GA, nobody will bother you about it.

>If privacy is your core business

Privacy in abstract is not their core business. A clean, privacy friendly fork of Android is.

In fact, it's not even a business, is a non-profit effort.

> When someone shows me an: open sourced, graphical, log based, spam ip filtering, self hosted, server alternative to GA that I can set up in < 10x the time I will happily switch to it.

https://goaccess.io/ ?

I would pick it over Google Analytics for any privacy-focused open-source project even if it doesn't tick every single box in your list.

You have to be willing to pay the price. If you want privacy for your users from $E_CORP then you have to protect yourself from becoming the $E_CORP.

How can you say "Privacy is important! $E_CORP is tracking you! - btw, here run this script so I can track you"?

Don't know if the above is meant seriously or not (the reason people don't switch from a piece of software is lack of familiarity, never ignorance), but I've had luck installing Piwik (which has now changed name to Matomo) for a few clients.

It works very much like Google Analytics and is not log based but should otherwise tick all your boxes. Installation is very straightforward but the using the dashboard, reporting etc. has a bit of a learning curve.

Nothing can ever compete with Google if you need statistics for "single middle aged mothers in a major city" simply because few others can profile users at that level but although it looks impressive it's not always correct and can be hard to use correctly. Piwik has great reporting tools and is easy to integrate with other systems.

It's also less likely to be blocked by adblock lists.

I understand where they are coming as often it's convenient to know from where visitors come from - that's how you can find threads in here, Reddit and elsewhere, and then contribute to the discussion. There aren't good alternatives to GA for this unfortunately, even paid options aren't as convenient. As a user though you can choose to block GA using various extensions so that's always an option.

Every once in a while I see someone talk about how a page loading loads a bunch of tracking elements from various known tracing sites and things like scripts. I don't suppose you could head me in the right direction as to where I could read a bit on how to do this myself? Thanks for any help

A good place to start is https://www.privacytools.io/#browser

Spend some time using uMatrix (much better than NoScript these days). If you're running uMatrix you do not need NoScript.

Some good documentation in regard to uMatrix:





Chrome has developer tools which allow you to see every request a page makes.


You can trust (or not) the project, because what BS their website uses is not relevant at all to what the project is making.

The website could just have been some pages thrown together by someone with a ready made template or a total afterthought...

Their value proposition, good or bad, is on their main focus: an FOSS/clean Android fork.

Not on how privacy friendly their website is...

> How can I trust the project

Simple. Just scroll through the source code.

Is anyone else really excited about pureOS (https://pureos.net/) as a mobile OS? It seems to completely sidestep all of this BS by being actual Linux.

My Google pay was recently locked, probably as a result of moving countries and using VPNs. To make matters worse, with a locked account I can't change play store countries and access the local play store, so I can't get the app from my accounting firm (Which would seriously make my life easier). It finally hit me that I don't own my phone.

I have (own is the wrong word) a pixel 2 and used to pay Google ~$400/year for YouTube, domains, gsuite, hangouts dailer...

My next phone will be a librem, though I'm going to wait until my pixel dies. I'll probably also buy a cheap iPhone for apps I can't get on the librem.

Could you not download the APK for that apps and installed directly?

Don't get me wrong, I had not realised google was locking the play store and totally agree that it is an issue, but wondering if that could have helped you at the time.

Also, I run lineageOS to be able to update old phones with recent Android version, and tend to get better battery life and faster boot!

I have a "workaround" for you: On another phone, download the apps, and you can transfer the APK to your phone to install the app without the play store. You can also download alternative to google play store.

Unfortunately there's no Google Pay equivalent, right?

To pay for Google's services? Yes, you would be right.

I meant for contactless payment - I'd be interested to see how an open version of that could ever develop.

Why not just use the contactless card your bank gives you? Or, if you don't want to pay directly out of your checking account, get a credit/pre-paid card? They are all contactless these days, and even the small tea shop that processes card payments through an Android tablet and a small Bluetooth reader is able to accept the contactless cards.

Two reasons:

1. My bank doesn't give me a contactless card

2. It's much more convenient anyway, I don't have to reach into my wallet.

I am, although being Gnome 3 based it won't be the snappy experience one would expect. I can understand their choice though: having to liberate a tablet recently (Asus T101) I tried at first to use XFCE as I do on all my other hardware, but though it ran really fast that was a usability nightmare: absolutely no way to have a reliable screen rotation and trackpad management without patching here and editing there with the risk that it would lose the functionality at the first upgrade. I also tried lxde, mate and other light desktops with results from bad to very bad (wrt screen rotation, all hardware except camera runs fine) then just before giving up I threw Gnome3 at it which worked immediately, but it's definitely a resource hog.

the Librem 5 phone will actually be using their own Phosh [1] shell - made for mobile devices. It's targeting GTK3+ apps but it is not GNOME 3 based.

[1] https://source.puri.sm/Librem5/phosh

It's "GNOME 3 based" in that they're working within the GNOME project and using their apps, but it doesn't use GNOME-Shell which is the resource-hog part of GNOME 3.

Thanks for correcting me, that's really good news. And besides, porting this to non mobile devices would be a lot less stupid than it might appear.

pureOS not so much, but the potential of a mainlined mobile device, yes.


According to them the only proprietary component is their map app (https://gitlab.e.foundation/e/wiki/en/wikis/maps). It would great if they could expand on the reasons why OpenStreetMap (which is available in F-Droid) is not a good option for them.

I also doubt they are completely free of proprietary components beyond this app, and that they managed to get rid of all the proprietary blobs to support the devices they currently support.

In summary, I'm not convinced this brings anything compared with https://lineage.microg.org/ but I'd love to be proven wrong.

Their maps app is Magic Earth which _is_ OSM-based. I presume when you say "OpenStreetMap (which is available in F-Droid)" you mean OsmAnd?

Indeed, thanks for the clarification!

OSM is not a good option because it doesn't do transit. Oeffi is a FLOSS alternative that does do transit but is not a good option because the developer doesn't answer calls to update backends when they change (in the case of Poland's switchover, for example).

this is a step in the right direction.

but your carrier is also constantly tracking you physical location via triangulation of your cell signal.

in the states, we really need stronger legal protections on how this data is collected, stored, etc.

So... If I use plain AOSP without the Play Store and the likes (this is even an officially provided image by my phone's manufacturer) - what tracking would still be left? Until now I was under the impression that there was none.

By default it still uses google dns I think. But other than that, not much. What you describe is what this project is about though, i don't think they are saying that alternatives like lineageos are tracking you, they just compare to stock operating systems

I actually think AOSP uses whatever DNS is given to it. I use AOSP plain and network info says I am using the DNS server that my router gives it.

Talking about cellular/mobile connection here.

I am showing fd00:976a::9 and fd00:976a::10 for my cell DNS servers. A quick search says these are my cell provider's DNS servers.

Maybe both my cell and my home ISP use google dns then... I tend to use a VPN (wireguard) to use my own DNS (without my server having to be public)

Heh, interesting. Out of curiosity, where did you get the ROM you are using? I just bought a Sony phone and I compiled the AOSP image myself. Maybe the difference is based on where you got it.

I use lineageos, unmodified (on an oneplus 3T)

Heh, weird. I think lineage is fixed for my device now, so I'm going to try and install it. I'll see if it changes when it i s installed.

Thanks, I'm quite curious if it would be the same for you. Since it didn't use the server DNS I had set on my router, I assumed it was always using google DNS, I didn't look further.

I have a tablet that has vanilla LineageOS, and it is also using the DNS server that my router provided.

Out of curiosity, are you using DHCP? If you are then maybe the router you have is just forwarding the DNS setting it was given, and that is Google's DNS server.

Yes indeed, I'll double check. I have one router (my ISP one) that is definitely using google DNS. My other router is supposed to provide DNS and forward it to my own sever, but I'll have to double check my setup then...

I just installed vanilla lineageOS and I still have the same DNS servers I outlined earlier.

I am now wondering why yours are different.

I was wondering that as well. I think they mean things lime AOSP still connects to Google's 204 page to see if your online.

My thought is, if I was Google, why would I embed any tracking in AOSP? It's right in the source code for people to see and remove (not to mention the PR headache it would cause if offending code was found). It's far easier to embed in Googly Play Services, where its far harder to find, nearly impossible to remove, and any phone that wants to use Google services has to use.


"We've implemented several /e/ online services, with a single /e/ user identity (user@e.email). This infrastructure will be offered as docker images for self hosting: drive, email, calendar... to those who prefer self-hosting."

This reminds me CyanogenMod which after they shutdown and shutdown their services, the phone became unuseable, I assume because they kept trying to sync to dead services.

Self-hosting would be a solution to this, but you are never guaranteed continued development though.

As long as it's open source it should be fine however.

Great. Now how to get the closed source drivers that are essential for actually using your device for anything?

Wifi, cell, gfx, camera, video enc/dec drivers in any android device are just binary bundles and neither in the kernel or in the AOSP.

Project website at: https://e.foundation/

Underwhelming and doomed to fail. Questionable, if any, value over standard AOSP. Microg, while technically an interesting solution, is a violation of google's ToS, and cannot really make it into any sort of a real product. And microg itself seems to have slowed down/stalled anyway.

Edit: I should add some context since their site doesn't have much. Per their faq (https://gitlab.e.foundation/e/wiki/en/wikis/faq), it's a fork of lineage without any clearly stated benefits other than bundling of microg, which is arguably a worse stance to take for privacy (their goal) than lineage since microg implements a subset of google play services, is not exactly legal in its use of google apis, and opens up other security issues.

I'm curious to know why one has to fork Android instead of fixing it to provide privacy out of the box?

AOSP is a respectable open-source project, yes? If patches were submitted to make google tracking optional and improve privacy for privacy minded folks, would they not accept those patches?

Also see Ungoogled Chromium: https://github.com/Eloston/ungoogled-chromium

srware's iron has been out there since the beginning: https://www.srware.net/en/software_srware_iron.php

>January 2019: smartphones with /e/ OS start selling

So where can I buy it?

Previously it was known as Eelo, see https://news.ycombinator.com/item?id=16062659

How does it compare with Replicant (https://replicant.us)?

Where does it mention Replicant?

It doesn't. Replicant is a much more ambitious project. They (replicant) received $200k recently in donations. Hopefully, they can get one reasonably new device up and running in good shape. The galaxy s3 is close, but it's really old at this point.


I can't even imagine what went through the head of whoever chose the name of that project. Literally ungoogleable. Congratulations.

They did want to remove all the tracking by Google...

He tried to say that it is a difficult name to find in search engines.

He tried to make a joke

He was just being nice.

Can’t we just enjoy the sarcasm?

Also, don't downvote James Bond from sussex's post, he was just being nice.

He tried to make a joke

It was a joke.

It is the first organic result if you search for '/e/': https://www.google.com/search?&q=%27%2Fe%2F%27

Granted, not how most people would search.

"It's the current project codename, we will probably introduce a new and more convenient name for our mobile ROM in a few months."

I searched "e foundation" on Google, DuckDuckGo and Bing and this was the first result on all of them. Yeah, "/e/" is atrocious, though.

Same with just “e os”. Name is fine.

It is described here: https://www.indidea.org/gael/blog/leaving-apple-and-google-e...

They had to get rid of the trademark Eelo.

All potential jokes around escaping Google aside, searching for it was easier than expected: https://www.google.com/search?q=e+os


Kinda clever if you ask me.

deeply needed. Happy to see that more and more individuals realize how Google and other Adtechs are not a net benefit for humanity.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact