FP4 - very privacy-friendly custom ROM iodéOS

I agree with @hirnsushi in principle about the possible security risks and trustworthiness.

I for one have decided to trust iodé at this point, despite the closed source blocker. I was helped by the following review: https://tarnkappe.info/test/iodeos-does-the-data-saving-android-operating-system-fulfill-its-promise-155022.html which has a paragraph about the iodé app.

But honestly: of course I don’t know the person who wrote the review personally, so I can’t say for sure that it wasn’t the developers of iodé who reviewed their own product… The trust thing is obviously not that simple :wink:

3 Likes

Hmm, with the command “adb shell pm uninstall --user 0 nameoftheapp” you can also deinstall all the apps you want within e/OS/.

Anyway: I don’t have the time right now, to spend another whole day to install a new OS with all the deinstalling and installing the apps, the FP4 being my main smartphone. And as e.foundation is an official partner of Fairphone, I trust them and give them this try. And it is working nicely, especially with the new release of yesterday.

1 Like

Everything’s fine… :grinning:
No one is forced to use iode.
Everyone can and should use what he likes, gets along best with it, comes closest to his requirements.
If you are happy with /e/, then I am happy for you… :+1:

1 Like

That is all true unfortunately, no disagreement from my side. As the maintainer of FP3 the best I can offer users is full transparency on how the system you received was put together out of individual open-source and proprietary components. Besides that, there is so much open-source code (millions of lines) that I have no hope of understanding all functionality in detail.

8 Likes

Isn’t Google one too? I think that an official partner doesn’t imply that they’re a trustworthy company.

Hopefully /e/ isn’t bad though, but I still don’t get why they needed to fork LOS rather than contribute to it.

2 Likes

I shared the same sentiment when they started out as “eelo” back then.
But it makes sense. Some thoughts …

LineageOS will not allow the pre-integration of microG in the way /e/OS or LineageOS for microG (another fork) do it.

LineageOS will not take further degoogling steps like /e/OS does. It’s not their priority and not why they exist. And it keeps LineageOS compatible with the genuine Google Apps and services, e.g. via installing Open GApps.

And then the e foundation sells phones with /e/OS on them. When doing this, you’d better have some non-volunteer developers at hand and full control over the OS you use.

4 Likes

Oh Google is immensely trustworthy. Their security is second to none. Any data you give to Google is totally safe. I have no worries keeping my passwords and credit card data on a google doc.

1 Like

For me this feels more like a Debian → Ubuntu situation (will probably only make sense to Linux users…).
Neither /e/ nor iode seem to be hostile forks to the upstream. As long as there isn’t anyone actively blocking it, there’s still the possibility both sides profit in the end :crossed_fingers:

9 Likes

1 Like

I’m not sure if I should like that post, someone might think it’s the way to go :rofl:

1 Like

Pretty funny. :laughing:
I would state that Google is competent at keeping your data safe from other users.

5 Likes

Competence is rare in this field. Apple for a long time didn’t have any rate limiting for login attempts, for example. The result: thousands of iCloud accounts got hacked. And then there are password managers like lastpass which seem to get hacked quite regularly.

If i really wanted to keep information safe, i’d have no qualms saving it on google drive.

Perhaps the official statement from iodé is interesting on this topic. It was published in the iodé-forum:

vince31fr, 05.02.2022:

Hi,
iodé is based on LineageOS and partially open source (iode · GitLab ).
We’re a still a young project with original features such as the built-in adblocker we’re developping, and we’re trying to find an answer to the following question: is it possible to live from this activity/passion? That’s why we’re extremely cautious about releasing what makes our difference, are still thinking about the global strategy, but may open source the entire code in 2022.
We are slowly open sourcing though, each month adding code to our repos, and we will soon publish most of the modifications we made on common LineageOS repositories.
If you want our project to develop and survive on the long-term, please patient a bit more :wink:

5 Likes

I get their reasoning, a lot of small (open source) projects struggle to keep the lights on. This has been an issue for the FOSS community for quite some time. Nothing wrong with exploring different ways of monetization.

But if the goal is privacy, then at least the core should be open. As a privacy conscious users I already don’t trust the companies out there, why add another layer I have to trust as well?

They are selling hardware, so hopefully at one point they’ll earn enough from that to completely open source their software, I’d really like them to succeed :slightly_smiling_face:

5 Likes

Therefore, it would also be important and wishful that everybody who installs iodéOS himself and uses it permanently would support the project with a suitable donation.

Let’s keep our fingers crossed that the project will be successful in the near future! :slight_smile:

3 Likes

The tricky part is, they want to be successful before they open source everything. But with the “we’re looking for privacy” crowd, it’s very very hard to be successful if your not transparent or if you’re using closed source components. Especially for something like an OS.

Personally, I would never consider an OS that’s not open source. Not just because of trust, but also because if something is broken, I want it to be fixable.

It’s also a principles thing; I’ll support an open source project, but won’t support a closed source which promises to one day be open source.

4 Likes

Not yet is also vague. It might imply it is going to be, but when? And why?

1 Like

Thank you all for the interesting discussion here. Without having used it, functionality-wise and regarding its privacy-focus, I really like iodeOS. However, I also agree with @hirnsushi and I will not use it as long as the project is not open-sourced, simply since I cannot trust proprietary software. Even if the developers act with good intents, it is simply impossible to check and balance their product and there is no chance to discover possible weaknesses.

Thus, my personal choice is to use CalyxOS. It has a focus in terms of privacy similar to iodeOS, but is open source with no proprietary apps being part of their builds.

I hope, the iodeOS project finds a way to financially sustain without keeping parts of their OS proprietary, then I would be happy to give it a try and supporting the project.

3 Likes

ok, I can understand your thought.

You only accept FOSS software, because the source code is open and can be transparently traced and therefore can be considered safe (at least safer than closed source).

But let me still ask two questions:
You check all source codes of all your used apps and programs by yourself? Line by line?
OR do you rely on someone else to do it and uncover any security holes?

Only the first approach would be the consistent one.
The second approach is pure weighing in security without certainty.

But if you really do it right and consistently, then all my respect.

That’s sound’s like a wind up. Could anyone do that ?

1 Like