Hi -
I heard before about /e/os but it looks like that they are launching a de-Google phone and I started wondering if this will be a secure enough option compared to our two OS recommendation that we have here today.
Product Website
https://www.kickstarter.com/projects/murena/murena-2-switch-your-privacy-on
Early Review
Thanks
No uses same shitty hardware like the Brax phone and simple phone.
You should really get a phone with good hardware security: Pixel. Nothing will match the level of security of this phone especially with the option to use GrapheneOS which is simply unmatched.
/e/OS is still shipping a version of Chromium from December of 2022: https://divestos.org/misc/ch-dates.txt
Among other issues: https://divestos.org/misc/e.txt
See also: Comparison of Android ROMs
Also another point: with this Murena l you don’t get Google but you get /e/ you have to trust. What ensures you they are any better? Security wise they simply won’t be able to live up to Google and afaik they don’t use e2ee. Choose your poison imo.
And they already leaked user data to others and just kept saying Nextcloud server-side-encryption is OK.
Thank you. I think you already gave enough reason to ditch this.
Do you have any more info on them leaking user data? I tried googling but found nothing.
https://divestos.org/misc/e.txt
- E2EE isn't offered on their Nextcloud instance, citing data loss concerns, yet they leaked user data to other users
- https://community.e.foundation/t/service-announcement-26-may/41252/27
- https://en.wikipedia.org/wiki//e/OS#Data_leakage_incident
- Nextcloud Server Side Encryption (SSE) is NOT secure as they can trivally record your password on login-flow and decrypt your files
- https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html
- "The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files."
- Furthermore it doesn't encrypt file or folder names
- "It encrypts only the contents of files, and not filenames and directory structures."
- SSE was demonstrated as useless in the leak
They had the wiki section removed: /e/ (operating system): Difference between revisions - Wikipedia
tl;dr their custom login cache mechanism resulted into users being automatically logged into other users Nextcloud accounts and having the another random account’s contacts/photos/files automatically synced to their device, to which they told people to kindly delete anything that wasn’t theirs.
Yikes.
Well I guess I’m abandoning the plans of switching to Murena then.
I think that’s the best you can do
Is /e/ os open-source, so those with the software skills can see what it does? This would mean that verification is possible, so trust is not required in the same way that it is for Apple.
I believe Apple sell information to Google for billions of dollars per year, so iphones are less private than their users may believe.