/e/OS is not fully degoogled, as DNS connectivity checks, hardware attestation provisioning, and eSIM activation all go through Google.

It is often many weeks or months behind on security updates, especially in the WebView, which makes it easy to exploit.

It doesn’t support bootloader locking on many devices, and if you lock the bootloader on a phone that does support it, it could brick if /e/OS is on an older security patch than the stock ROM was.

It doesn’t use a lot of the hardening in GrapheneOS such as hardened_malloc which prevents memory corruption exploits, even if the hardware supports it.

And finally, /e/OS’s text-to-speech sends what you say to OpenAI, despite local options being available.

If you want a properly secure Android phone, the best option is GrapheneOS, however it only supports Pixel phones and future Motarola phones due to its high security requirements.

If you can’t get a Pixel then iOS in lockdown mode is the next best option, however if you can’t replace your phone, LineageOS is much worse than Graphene although it is still much better than /e/.

  • machiavellian@lemmy.ml
    1·
    16 days ago

    Looks like you’re worried about highly motivated hackers targeting you specifically.

    Not really, no.

    Not patching security vulnerabilities leaves you open to not just targeted attacks but also wide spread attacks, which also use the same exploits that nation states use. Just look at the recent Coruna debacle.

    Let me bring another analogy. You live in a town where theft and burglary is rampant. You have a lock on your front door but the lock is based on a legacy design which is not hard to pick. Sure, no one has broken into your home yet but if you keep using an antiquated lock, it’s a matter of when not if. And it’s not like only rich and important people’s houses are broken into. Everybody who’s vulnerable can and eventually will get attacked. If I had to choose between risking burglary and paying a little extra for a better lock, I’d choose the latter.

    Maybe you’re a political activist or just very rich.

    I don’t have to be a political activist to take measures to protect myself online nor rich to afford a used Pixel.

    Sacrificing all this just to be protected from very unlikely attacks is simply not worth it.

    To each their own, I guess.

    You can permit some connections temporarily or permanently for specific apps only.

    So you mean like OpenSnitch? If so, Rethink also has that.

    EDIT: grammar