DivestOS: long term device support with enhanced privacy and security

845

Ok, got my lavender with Stock MIUI 12.5 (A10), unlocked (not so fast/easy with Mi account etc.) flashed divested-18.1-20221209-dos-lavender (A11)

I congratulate everyone involved and I like enhanced
security: Monthly Updates, Automated Kernel CVE Patching, System WebView Mulch
privacy: Tracker Blocker hosts file, Privacy Oriented Browser Mull, Malware Scanner Hypatia, encryption on
Freedom: F-Droid Included, proprietary blobs removed,
Documentation/Suggestions: the homepage with a clean structure and especially Recommended Apps is super and unique!
So far I installed: AnySoftKeyboard, Audio Recorder, Aurora Store (sorry), Conversations, DAVx5, Gcam Services Provider (Basic), Hypatia, K-9 Mail, KeePassDX, Mulch, Mull, VLC, GrapheneOS-PdfViewer, Signal, Snapseed, MPE, GCam (MGC 8.4.300 Parrot043 V1.5 Video EIS seems better then Open Camera one), GPSTest, WiFiAnalyzer
I plan to install: Nextcloud, OsmAnd, Telegram, Barcode Scanner: Binary Eye, Shelter, National VoIP App
First impressions: Iā€™m not sure if Iā€™m happy with Etar Calendar, Simple Gallery should be ok (still have not found a gallery app with included satisfying editor including rapid privacy face pixelation/blur etc.), do not understand why eSpeak is preinstalled, regarding Blocker hosts file some stats of blocked traffic would be good - also easy change of DNS or exceptions/whitelist might be desirable.
Minor things: LTE icon can not be changed to 4G, also found no possibility to show Download/Up Rates.
Need to test (if I need/if it works): UnifiedNlp/GPS Apps (Local Traffic, Local Pharmacies, Local Weather), G SafetyNet Apps (Banking, Local ID/OTP, Work related ID/Login 2Factor stuff incl. GAMAM big tech mainly Google, Microsoft and Meta), Best Private/Work Profile use with Dual SIM, Document/Book Scan App (Open Camera and the used GCam have no integrated function, on PC OCR planned), Cast to Android/Lineage TV, use of WhatsApp (without contact access or even better isolation).
What I would wish most from a ROM, probably related more to AOSP & Lineage OS but to note: integration of ā€œPIM-Packageā€ (IMAP, CalDAV+iCal, CardDAV, WebDAV, advanced Profile tweaking, Group Ringtones; SPAM filter for SMS, Calls, E-Mails, Messengers; STS/S2T ā€œspeech to textā€ functions for search and commands)

846

do not understand why eSpeak is preinstalled

So the maps app speaks the directions to youā€¦

1 Like
847

Ok, but there is no maps app preinstalled? And for example OsmAnd should have the own T2S system included.

848

Should? Not sure it doesā€¦ and not for all locales.

Maps was an example, eg. Accessibility stuff needs that too

1 Like
849

proprietary blobs removed

There are still hundreds to thousands of proprietary blobs depending on device that are not removed

Iā€™m not sure if Iā€™m happy with Etar Calendar

What is wrong with it? Can you suggest a better one?

do not understand why eSpeak is preinstalled

So that out of the box there is text-to-speech combined with the TalkBack service for those with vision impairments, and additionally to be used by apps that need TTS such as GPS navigation apps.
I recommend RHVoice if it supports your language, but I canā€™t bundle that one out of the box because it requires database download before use.

UnifiedNlp

Will not work.
The standalone app hasnā€™t been updated since 2017.
Also in general potentially has issues where it will leak your location to apps without location permission as noted on the microG wiki: ā€œDoes not honor AppOps!ā€

UnifiedNlp/GPS Apps

UnifiedNlp is a network location provider and has ZERO impact on GPS (fine grained location provider), please read the website: Faq - DivestOS Mobile

LTE icon can not be changed to 4G

Why would you want this? 4G is a marketing term by the carriers, LTE is the real name.

Cast to Android/Lineage TV,

Wonā€™t work, read the website: Functionality Tables - DivestOS Mobile

Ok, but there is no maps app preinstalled?
integration of ā€œPIM-Package

These are things you should install yourself.
Organic Maps and OSMAnd are recommended: Recommended Apps - DivestOS Mobile
FairEmail used to be included and OpenTasks is still recommended, but users wanted fewer apps by default.

SPAM filter for SMS, Calls, E-Mails, Messengers;

Way out of scope of an OS

use of WhatsApp (without contact access or even better isolation).

GrapheneOS plans to offer scoped contact access as a feature in the future, in the meantime use a work profile via Shelter

2 Likes
850

Any thoughts on Insular vs Shelter?

851

@Licaon_Kter
They both get the job done well, users should try both and pick which they prefer.
I just prefer Shelter more myself, no particular reason.

2 Likes
852

Thanks for your long answer, the will to understand and explain.

Iā€™m sorry. It was about Etar Calendar Widget not being themable. Since I use Dark Mode/Black background theme, the white/turquise Calendar widget looked odd. I have now found out that in the general settings the colors can be customized and apply also to the widget. Not sure if the widget supports also transparent background (would only matter if I use a background pic, prefer plain black bg).
So this Calendar might be better then the Standard LineageOS one, thanks.

For Map-Apps (without need to access internet) GPS only is fine. However I have used some mainly local Apps which access online databases and might require location access to even function (even if address search is an option), where I would like to not give fine grained GPS access but prefer an approximate location like given by cell tower triangulation. Not sure if this option or ā€œblurry GPS coordinatesā€ can be spoofed in another way.

For LineageOS TV (without GApps/microG) I found a proprietary App which works with limits, however the sending Smartphone had Stock ROM+GApps, so not sure if only on the receiving end Play Services can be avoided.

I understand the commodity for those with vision impairments, but I think unlocking the phone and flashing the custom ROM might also be done by some supporter as initial step. My question regarding map, was because I taught Licaon_Kter gave an example of a preinstalled App that works specifically well with eSpeak. Generally I agree only a subset of Apps used by maybe 75% of users should be preinstalled. As long as uninstall is possible, Iā€™m ok with anything. Except maybe for PIM-Sync-Functions (Calendar, Contacts, etc.) I would say Google should include the broad standards by default in AOSP, but as we know they have other interests.

I think I understand the difficulty and as said expect this not from a soft fork but I also think this could be viewed similarly to Blocker hosts file at least for Calls+SMS. Not sure if any Third Party FOSS is even available and would like to avoid installing the proprietary/commercial Apps.

The problem I had with that approach is that combined with the fact that ā€œeveryoneā€ has WA and most will not install another Non-BigTech/Secure messenger, a huge part of using a messenger is sending and receiving media (Pics, Audio, Video) and Docs (PDF, etc.) and AFAIK easy storage sharing was not possible between Shelter profiles using ā€œFile Shuttleā€. I might look that up for updates or straight try it again.
Using the https://wa.me/Cellnr Link in a personal WA group is a good enough workaround for me, so that I do not desire giving WA Contact access. Iā€™m more worried about the Metadata WA is collecting including the effective contacts Iā€™m messaging (frequency, etc.).

LTE<->4G icon, Down/Upload traffic, ā€¦

Yep, just minor things. If available in settings I did customize that (needs less space also). Circle battery with percent inside is available :wink: Here most providers talk about 2G, 3G (was mostly switched off in 2022), 4G and 5G. LTE is not used much.

Thanks again for the interest

853

I comment this as generally, not related any rom specifically & at same time to all of themā€¦ But I really hope there would be soon mimic3 available for android at f-droid. Unfortunately canā€™t code myself, butā€¦

I just canā€™t stand to listen espeak more than couple of seconds when using Finnish as language. So using navigation either as voiceless or only for some critical parts of route with voice / ā€œnoiceā€ā€¦

854

GrapheneOS plans

Never trust GrapheneOS.

855

According to official web, 15.1 builds are still being maintained and updated for some devices, right?
Could you simply backport this security patch to the common 15.1 branch, 'cos it hasnā€™t fixed yet only for 15.1 for some unknown reason?

856

@Danko Why do you think I donā€™t already include that patch?

Please see these links:

What would be the point of monthly updates if I wasnā€™t pulling in ASB patches and kernel CVEs to all branches?

1 Like
857

No doubt you update your builds, but Iā€™m speaking exactly of the official LOS 15.1 branch, seems like itā€™s sort of abandoned now (considering even old 14.1 received those patch).
So I thought, if youā€™re still updating your 15.1 branch, it would be great to update common LOS branch too with all missing patches, since itā€™s used for some unofficial builds and projects like LineageOS for microG.

858

@Danko Iā€™ve asked LineageOS team many times over the years for an account on their Gerrit (without a Google account) to no avail.

Anyone else is welcome to take the patches in my repo per the license for their builds.

859

I read about MVT (Mobile Verification Toolkit) GitHub - mvt-project/mvt: MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
Rather then scan for such compromising trough serious spyware I would be interested in a HowTo of Hardening DivestOS further against such attacks - I think at divestos.org there is nothing regarding this topic?

860

I just wish to say: thank you very much for your awesome work

1 Like
861

The FSF recently graciously granted me the award of ā€œOutstanding New Free Software Contributorā€:
https://www.fsf.org/news/free-software-awards-winners-announced-eli-zaretskii-tad-skewedzeppelin-gnu-jami

:tada:

9 Likes
862

congratulations. You have earned it.

Unfortunately, there are far too few open source solutions and developers in the mobile and TV sector.

Thank you very much for your work. Keep it up.

2 Likes
863

Hallo,

I started using DivestOS on my Galaxy S5 / klte (divested-18.1-20230122-dos-klte.zip).

The Samsung started, everything seemed to be fine. Than I put on the current update, wanted to start again and it doesnā€™t work anymore. It starts and shuts itselfs down right away.

What happened, what can I do?

Thank you

864

How did you install the update?