DivestOS: long term device support with enhanced privacy and security

AOSP hardcodes the fallback DNS in dozens of files: divestos-build/Scripts/Common/Functions.sh at master - divested-mobile/divestos-build - Codeberg.org

1 Like

Thanks again!
And sorry for insisting on such question.

Thank you for your continued development of DivestOS. Do you expect to have the signing keys prepared for H872 when you release DivestOS based on LineageOS 21?

Hi @SkewedZeppelin was just wondering is the project OK? The website seems down for a while, and I believed that the cadence for the OTA updates is/was a month, but have not had any updates since Feb 14th.

the website is not and has not been down and updates have not been interrupted

please check your network connection such as ensuring IPv6 is available and changing your exit node if using a VPN

the servers block known malicious IP addresses via divested/scfw3: Complementing your firewall with IP blocking - Codeberg.org and connections that exceed rate limits

Tor is always explicitly allowed and never blocked except for the rate limits
VPNs are not necessarily blocked but may still end up blocked

you can additionally always connect via onion:

@SkewedZeppelin It seems my Proton VPN connection (UK server) was blocked, but after getting to the site after turning the VPN off, my device “alioth” shows last update was 47 days ago, so that part was correct.

I just discovered the existence of divestOS a few days ago.
It seems this thread is the main topic of discussion. Or is there a more active one somewhere else? On XDA maybe?

First, a lot of respect to SkewedZeppelin for the effort you put in DivestOS: it is very honorable to target a long term support of EOL devices!

Impressed by the work you did, I am starting to advertise DivestOS on some other forums.
And you not only maintain the OS, you maintain a bunch of app around. It seems to be a huge work to me!

I have however a few points of concern. Don’t take me wrong, I am trying to be constructive and really wish the best for the project. I put them in next replies.
And sorry if they have been raised already, this forum is not easy for searching.

edit: maybe you could extend you FAQ with this 2 points below.
And sorry if already answered elsewhere. Links are welcome!

  • main one is that the project seems to be your one-man-show. Impressive to be able to do so, for quite some years now. But the history of open source development tend to show that one-man-project and long-term support are somehow a contradiction. This is very understandable that one can be passionate for a few years on a project, but want to do something else after a while. Or simply the right to pause a project for a few weeks or months of vacations.
    projects with more people require more communication between members, which can either go well or not. It it goes well, it is often a good sign for better support, and also shared responsibilities.
    It seems you have already quite some synergies with other projects: GrapheneOS, e/OS, obviously LineageOS (LOS), etc. Are you also working with the maintainers of LOS build on XDA?

edit: I see some similar concerns were already raised 4 years ago.

1 Like
  • second is the support of the EOL versions of LineAgeOS. As you well describe on your website (e.g. on Patch Levels - DivestOS Mobile), this is “best effort” based. Side question: how do you ensure a patch does not break the build ? I suppose you can’t test all builds and a few are already listed as “untested” or “broken”.
    Patching older versions of LOS after their EOL is again very honorable, but obviously limited. And at one point, the bottleneck become the app the end-user want to install. More on more app on Android require Android 8, 9 and sometimes even 10. Microsoft is quite bad here, with Outlook requiring Android 9 and the office app A10! Communication app like WhatsApp or Signal requires Android 5. The move from Android 4 to 5 as minimum version was the trigger for a few users (like my mum!) to change their phone or OS.
    Correct me if I am wrong: I understand the DivestOS builds are based on the last official builds from LOS. On the other hand, some developers on XDA are still maintaining “unofficial” builds of newer versions of LOS for older devices. But here again, often a “one man job” and some versions are left behind after a while.

As an example, I take a very old Samsung S2 (i9100) that I was using as main phone the last weeks because my pixel 3a was broken (now waiting for a new screen):
Last official LOS build is 14.1, last DivestOS also 14.1 but with some patches from 2024 (very impressive for a 13y old device!). On the other hand, on XDA, one can find “unofficial” builds for LOS 17.1 (but latest build from March 2021), 18.1 (latest from 2022) and up to 20! I am arguing there that newest OS like LOS 20 make less sense because too slow on such an old device. My S2 is running on 17.1, allowing me to install some app whih requires A8 or A9. This is the main reason I won’t install DivestOS there (yet).

My question: would it be possible to create DivestOS build based on unofficial LOS builds? What do you think here? On the other hand, it multiplies the number of build you would create. But maybe a way to get slowly rid of 14.1 ?

Hello. FAQ section says

Can you support X device, that doesn’t have an (un)official LineageOS port?

Does this imply you may support devices with unofficial LineageOS builds?
Anyway, I’m asking this because of marble (Poco F5), which for now has only unofficial build on XDA, but developer seems to be serious about making it official. Maybe it already will be official by the time of DOS 21 release. Maybe not.
So if it is (or will be) possible, then this is device support request.

By the way, given that

Wi-Fi is non-functional for davinci and vayu under 20.0

Will you try to update them to 21 at all?

Thank you.

Most of them are small.
And while I don’t test all devices, I do test most branches: Faq - DivestOS Mobile

No, they are directly compiled from source.
This isn’t binary/monkey patching.

Those newer unofficial builds often have many broken features or disable selinux.
Additionally I will not ship A12 or higher for any device with a Linux 3.x kernel.

I do support some select few unofficial ports that meet enough of a criteria.
I can add it to the TODO list but it is unlikely to be supported soon.

yes, of course.

I have same concerns. And yes, I believe this plagued FOSS concept as a whole.
But I doubt that dev is ready to establish some sort of organization.
For now, we have to throw money at him proactively, so he wouldn’t think too much about finding full-time job (and I think that he deserves better than federal minimum wage) & wish him a good health and luck.
Far from ideal, but as dev said at some of his projects FAQ:

Can we rely on you to provide these builds in the future?

  • No.
  • However I have been making these for quite a while.

I can add it to the TODO list

Please, do.

it is unlikely to be supported soon

Better late than never. I hope it will actually become official soon enough and it wouldn’t be too late :slight_smile:

Thank you.

thanks for your replies.

I understand your point with “unofficial builds often have many broken features”.

And agree with you about older kernels. I am arguing on XDA to get updated version of L17.1/A10 and/or L18.1/A11 for the S2/i9100 instead of having Alpha build that are anyway too slow.

I do support some select few unofficial ports that meet enough of a criteria.

what are those criteria?

Could you maybe extend a bit your FAQ to clarify your position with unofficial ports ?

I was reading yesterday the annex of the EU regulation for smartphone from June 2023 that should take action from June 2025:
Real stuff is defined in Annex II / B. Smartphones

1.2. Design for reliability
From 20 June 2025
(6) Operating system updates:
(a) from the date of end of placement on the market to at least 5 years after that date, manufacturers, importers or authorised representatives shall, if they provide security updates, corrective updates or functionality updates to an operating system, make such updates available at no cost for all units of a product model with the same operating system;
(b) the requirement referred to in point (a) shall apply both to operating system updates offered voluntarily by manufacturers, importers or authorised representatives and to operating system updates provided to comply with Union law;
(c) security updates or corrective updates mentioned under point (a) need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;

Forcing 5y minimum of sw update is a good thing.
Over the 5y, the divestOS project would make even more sense.

IMHO, you should apply for some $$ from the EU, SkewedZeppelin, if you live in the EU. Or better, get subsidies from all smartphones manufacturers what will require your skill to fulfill the EU legislation!
Get paid by them or become a trainer for their teams!
I wonder how many Chinese manufacturers will remain in the EU market after 2025…