Pronounced "say candy", the goal of SecAndy is to come up with as secure and private of an OS as possible. So as not to reinvent the wheel, we'll base this initiative on our open source code of choice (Android or maybe other developers' choice).
I am not a developer myself but I can without a doubt, because of former professional experiences, organize a project and gather the right people together as a community in order to make sure that project sees the light of day after it has acquired a life of its own if needed, which I think we will agree is something that this kind of project requires because of the scrutiny it will quickly attract.
I am officially calling upon this post all interested developers that could help us fork Android or other open source OS.
Let's get a kickstarter funded and let the party begin. I will update you later today on the advancement of such.
This thread welcomes constructive ideas and developer participation, but here are beginning requirements we'll need to fulfill eventually to privatize and secure android :
- default browser allowing custom search engines such as https://ixquick.com or duckduckgo
- default system search pointing to those custom engines for online component
- control of gps at firmware level to allow full disability
- peer to peer file exchange (think BitTorrent sync) with 1024 to 2048 bit encryption
- implementation of secure sms and mms exchange (think textsecure)
- implementation of encrypted voice channels (think redphone or SIP with end-to-end encryption)
- root vpn for all online access
- systemwide warning of insecure solutions (example : wanting to use gmail or regular email)
- PGP transparent email solution
- Tor option for root vpn (subject to mitm attacks but more on that later)
- peerguardian type auto-updated database to identify suspicious IP address ranges
- systematic in-out firewall control auto updated with peerguardian database and community based rules database
- hardened malware protection and app permissions with automatic permission audit based on application type
- full device encryption and lockup (in case of unauthorized user)
- full remote wipe out and bricking with auto IMEI reporting (in case of theft, might have to be amended because of attack vector)
- full remote location capability with real time tracking (that one might have to be scratched, high security risk because of attack vector)
This obviously doesn't cover all the bases but would be a good start... I know a lot of these options can be implemented with a mismatch of apps and custom Roms but having it all at an OS level AOKP style would greatly help in building an android by the people for the people community that could eventually loosen the stranglehold of less than transparent corporations.
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
e-motion said:
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
Click to expand...
Click to collapse
I don't want to be insulting, but no programming work has been done on your part, and you're just asking for people to dive in this project to get managed by someone they never heard of. It's not really surprising no one has commented yet.
I understand what you're saying but any comment, even if only just to show interest in such a project, will be key to drive developers to it.
I might not have started any development but I have clear understanding of how to design secure solutions. I can't go into details of why that is, however you can clearly see with my 2nd post that some research has been done. If I wanted a solution for me alone, I could just go on with my own little pudding of custom ROM and security apps.
However, because of the recent news events that SHOULD have awaken this population, I thought now might finally be the right time to try to get such a project off the ground. But without anyone even showing any interest, why would any developer be drawn to it ? If people would rather focus more on content consumerism than on what might happen under an umbrella of spooks that they're paying for with their taxes, then they have learned nothing from history and deserve what's coming to them, simple as that.
This is NOT a development thread in case you haven't noticed, so telling me I haven't developed anything yet is not even relevant.
In case anyone cares, this will be moved shortly in the t-mobile Note 2 Android development thread as a Touchwiz proof of concept ROM. Little steps, little steps...
Sent from my SGH-T889 using Tapatalk 2
mobile sec
While I am not a developer I would be interested in this project. I've been thinking about this a bit lately given recent events. I think a useful privacy preserving security related app and phone combo might have these features:
-some way to separate the baseband processor (radio) from the OS. It seems most phones share memory with the radio and this fact can and has been exploited. Own the bb processor and you own the phone. Perhaps a 3g dongle plugged into an android phone in host mode would work. Some of these usb "data only" radios can be unlocked for voice too. I believe a rooted phone with IP tables/firewall running would be much more secure than a conventional mobile phone.
-an anonymising network for connecting to servers/peers. I think the i2p network is well suited for this purpose. Rather than connect to services that are not designed with your anonymity/privacy in mind, connect to hidden/darknet servers that make it extremely difficult to ascertain your real IP and location. Perhaps an i2p router running on your home computer relaying i2p traffic while also maintaining a long lived encrypted connection to your mobile in order to "push" data to it. In this way the user benefits from the anonymising network, contributes to the network, but doesn't have the battery drain of relaying packets from the phone (if this is even possible).
-end-to-end encryption. Perhaps OTR messaging for texting and perhaps openPGP for transferring binary files as I don't believe file transfer in OTR is available at this time.
-an app that uses the above network that is capable of sending/receiving encrypted text, audio, video, gps location etc and does not leak any personal information that you don't want leaked. XMPP might be a good choice (with perhaps out-of-band binary transfers for efficiency). Giving your unique identifier to another person that is using the same app would allow you to communicate with them while not revealing your phone number, imei, imsi, etc. There would be some latency in the communication especially with binary transfers but I would gladly accept that for the added security.
anyway, just wanted to add this to the conversation and hope to see this project take shape as we definitely need more security enabled os's and apps.
This is a long shot, but I since the demise of Google Reader (which this app supported) the developer has decided to no longer continue the development of this app. A tragedy; I think we as a community should try and sway him to continue it instead, adding new back ends, both Feedly and TOR (TheOldReader) support would be great. I would love to continue using this app, as it is probably the best RSS reader I have encountered on Android. It is my hope that we can either convince him to continue the project or allow someone else to (any volunteers ?).
Flow Reader gives you an easy way to be on par with your RSS/Google Reader feeds on the go. It was built to provide a minimalist and seamless experience for offline browsing, while delivering additional features not found in similar apps.
Some of the main features include:
- A sleek and fast user interface;
- Offline item content and state caching;
- Multiple simultaneous downloads for fast content synchronization;
- Content filters that automatically mark as read the items you're not interested in;
- Sort items by state (latest/unread/starred) or author;
- Smart algorithms that remove ads and other undesirable content from items;
- No ads.
Click to expand...
Click to collapse
The Developer posted this statement in the most recent app update:
As you sure know by now, Google has discontinued the Reader service, so this app is no longer functional.
Although I am very happy with the (unexpected) success of this app, I've decided to no longer update Flow Reader. This is due to several reasons: a) I built this app "for fun" and to my very specific RSS reading needs. Although I very happy to see that a lot of other people enjoyed it, I was in no way ready for attention it received (due to multiple technical and logistic reasons); b)This app was essentially just a prototype turned into a final product. The Code is very messy right now and it's becoming harder and harder to make any further changes, let alone any major ones (like background updates). c) The app is *very* tied to Google Reader backend, which means that giving proper support to another service would require a very significant amount of effort.
I am very thankful to all my users (especially the ones who donated and gave feedback!), but I hope you can understand the reasons behind this decision - continuing to work on this app would require a major rewrite and too much time trying to (once again) and make the pieces all fit with "spit and glue".
If you are interested in any future app I might develop, you can be notified about it by sending me an e-mail using the button below. You will know beforehand of any project I might be working on (and maybe even receive an alpha/beta version of it?).
Thank you again - and hopefully this won't be the end
The Developer
Click to expand...
Click to collapse
Those who have used the app please voice your support to continue the project as I have emailed the developer the link to this thread.
(Flow Reader dev here)
Right, here's what's going on:
Personally, I'm not very happy with any of the current readers on the Play Store, so the idea of building the next iteration of Flow Reader is one that I really enjoy. Unfortunately, I simply don't have the time that I would need to keep developing it any further. I now have a full time job and not much patience to keep working on the app on my spare time.
The thing is, I have several unique ideas that I believe would greatly improve the experience of Flow Reader. Actually, some of these already graduated from just ideas, as some prototyping is already done and working. I also think there is a decent amount of money that could be made from them, so I'm not very willing to just leave them out in the open.
The fact is, though, it is very unlikely that I'll ever finish this new version of the app that I'm building. I can see two options right now:
OPTION 1 - The cooperation route:
- I will pair with another developer (or a small group of developers). Bear in mind that the code is reasonably complex, so i'd rather work with someone that feels confortable around code.
- The code of Flow Reader will remain closed, but shared with the people that want to be part of this project;
- I will take care of the things that I believe to be my greatest strength: UIX and prototyping. But I will always be open to suggestions on these areas.
- The profit of the app will be split 25% (for me) and 75% (for the other developer(s)).
OPTION 2 - The free route:
- I open up the code of Flow Reader under the condition that it will forever remain open-source and free (under an attribution, no derivatives and no commercial use licence).
- I will no longer will have any direct input or cooperation on the app.
Also, I honestly think it would be better to start the app from scratch. The code is a complete mess right now so trying to build more features upon it would just be less efficient. Still, some techniques and code used in Flow Reader could be reused to save some time.
Choices
I have been a user of Flow Reader for some time and was really sad when it stopped working and that the dev stated that there was no longer going to be updates to continue after the demise of Google Reader.
That said, I totally agree that it should be continued into the post-Google Reader era of RSS news. I originally created a post on Reddit in which I stated that for the continuality of Flow one idea would be to open source the code on a git site to allow others to progress his work further.
Understandably this poses the risk of Flow Reader loosing it's (work)Flow. All that time and effort the dev put in to creating a stunning, and above all easily functional, UIX could well be lost. On the other hand the simplicity of this RSS reader coupled with its parallel article downloading feature would live on and enrich many an Android RSS fans.
So here I am on XDA, stating my opinions for the two options presented.
For the Closed Sourced Approach:
The idea of sharing the workload will mean that whoever is chosen to work on Flow Reader will most likely have a great deal of knowledge to input in to this project. It also means that the UIX will not change without considerable thought first. This I applaud.
The fact that the developer says that the proceeds of the app will be divvied up indicates to a paid app, further indicating to (hopefully) a group of developers with the incentive to push great work "out the door".
For the Open Sourced Approach:
The hands of many a developer could make this app into something even better than it already is....
...or it could ruin it with out the guidance of the one who had the vision in the beginning.
Usually in the open source community when there is a bug and/or a missing feature, if someone with the appropriate know how can fix it, it shall be done.
A question, then, to WildMoves. Would those who have donated need to pay again once it arrives back on the play store? That is if you are going to make it a paid for only app?
Either way, with the way that Flow Reader handles feeds I honestly have never, and believe never shall, discover one better. To which I would like to say that no matter which direction the dev goes, I will support and give as much feedback as I can.
Again, great work mate and keep on coding,
Skinna a.k.a Skinnx86
Skinna said:
I originally created a post on Reddit in which I stated that for the continuality of Flow one idea would be to open source the code on a git site to allow others to progress his work further.
Click to expand...
Click to collapse
Yes, when I posted my answer I was still trying to develop the next iteration of Flow Reader. I built a prototype to test several ideas before I came to the realization that I couldn't build the full app the way I wanted to in a feasible amount of time and still... well... live. :\ So I am now receptive to offset most of the workload to a developer or group of developers (hence the 25/75 profit split).
Skinna said:
A question, then, to WildMoves. Would those who have donated need to pay again once it arrives back on the play store? That is if you are going to make it a paid for only app?
Click to expand...
Click to collapse
I have the email addresses of everyone who donated, so I could probably create a mailing list to deliver full versions of the (paid) app outside the Play Store. Assuming that I would have the approval from the other developers, it would be a good sign of gratitude to those who donated, IMO.
Reasonable Thoughts
Well a man has to live. To spend your free time developing and building something you would expect some payback of some sort. But thank you for remembering us early adaptors. I know I for one will be thankful, I can but imagine others will be too.
As much as I was appreciative of the beta's being sent to us, but in case you did not hear, Facebook updated some peoples app out side of the play store. Now Google have banned out-of-market beta testing. I believe that sending an apk to install initially will work and should update through the play store correctly.
Hi guys,
I'm starting this thread to discuss the "eelo" project and post news about it.
"eelo" is an initiative to release a global and appealing alternative to Apple, Google, ... with as much privacy as possible, with open-source as an ideal.
The eelo ROM is going to be forked form LineageOS and won't include anything from Google proprietary services.
eelo web-services will include email, search, online office... as a consistent, sustainable and global offering.
I've been thinking about this project for several years, and now I think most of the bricks for the project are available. They "just" need to be put together and polished as a consistent offer.
This is a non-profit project, in the public interest.
I'd love to read your your ideas/suggestions about eelo!
Cheers,
Gaël
Update: I'm posting here the "foundation" articles about eelo:
1/ Leaving Apple and Google : my “eelo odyssey” – Introduction
In 1998, I created Mandrake Linux, because I was both a Linux fan and didn’t like Windows on the desktop. It’s been a long time, and I’m very happy I’ve been one of the actors who contributed to make the Linux desktop possible, even though it didn’t completely succeed. Since then, the smartphone has emerged. And it’s now a “companion of life” for many of us. On my side, I’ve been using Apple iPhones exclusively, since 2007. The main reason behind this choice is that I like iOS. It covers my needs, it looks great and elegant, and I find it very intuitive to use.
Also, over the past years, I moved from my (Mandrake/Mandriva and then Ulteo) Linux desktop to MacOS. There has been a professionnal reason for that, since I often need XCode for building iOS applications. But also, it’s very convenient to use in conjunction with other Apple devices. I can get my text messages on MacOS, I can answer a call hand-free, I have my notes synced accross my devices.
But talking with friends this year, I realized that I had become lazy and that my data privacy had vanished.
Not only I wasn’t using Linux anymore as my main operating system, but I was also using a proprietary OS on my smartphone. And I was using Google more and more. Search of course, but also Google Mail, Google drive and Google docs. And Google Maps.
I’M DEFINITELY NOT HAPPY WITH THAT SITUATION.
I’m not happy of this situation because iOS is proprietary and I prefer Open Source Software. And Apple is getting crazy, with their latest products. Too expensive, not really exciting. It also has some design issues in my opinion. It has become a social act to buy an iPhone: “see, I can buy it”. Buying an iPhone has become a snob attitude and I hate that.
Also I’m not happy because Google has become too big and is tracking us by catching a lot of information about what we do. They want to know us as much as possible to sell advertizing.
Like millions others, I’VE BECOME A PRODUCT OF GOOGLE.
Last, I think that, in the long run, Apple, Google, Facebook etc. business models are harmful for our economical and social environments.
So I want to stop that. People are free to do what they want. They can choose to be volunteery slaves. But I do not want this situation for me anymore.
Reconquer my privacy
I want to reconquer my privacy. My data is MY data. And I want to use Open Source software as much as possible.
At the same time, what exists at the moment doesn’t exactly fit my needs: of course I don’t want to use stock Android. It’s Google everywhere and its default user interface is bad (my taste).
Also, I’d like to find good online tools such as office, email services etc. that don’t belong to Google.
And I’d like to have the same confort that I have with iOS and MacOS with synchronized services.
I know about a few initiatives, in particular “PureOS” is very interesting and appealing if you want a 100% pure-Free Software. But that is definitely not something I would use daily, at least not in its current state. I need something I could even recommend to my parents or my children. Something appealing, with guarantees for more privacy. Something that we could build in a reasonable amount of time, something that will get better and better over time.
So let’s build something new! “eelo”
My decision is taken: I’m going to build something new that will be open source (as much as possible) and very attractive. At least for me, but probably it could be attractive for a few others as well.
I’ve played with LineageOS for a few months and I think it’s the way to go. You can recompile it, improve it, fork it… and that’s what I’m going to do.
Some nice web services also seem to be viable alternatives to Google apps, so I’m going to explore that and possibly aggregate that into a single service. And offer guarantees to users of this new project.
This is an odyssey, this is a non-profit project
I call the project “eelo” because eels are small fish that can hide into the sea. That’s perfect for my quest of more privacy.
I want eelo to be a non-profit project “in the public interest”. I think operating systems and web services should be a common resource: as I explained a few year ago, this is infrastructure, like phone networks, rail tracks, roads…
Non-profit doesn’t mean nothing will be for sale. Probably some eelo smartphone will be for sale, and some premium services will be available for corporates. But profit won’t be the first focus of eelo.
Eelo will be for users first, for everyone who cares about their data privacy, for everyone who wants to use exciting products, for everyone who wants to join an exciting new project.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
So… starting from now, I will periodically post my progresses to release an appealing alternative for the mobile and for web services.
Next time, I’ll show how LineageOS can be hacked, rebuilt and improved for eelo!
If you are interested in that odyssey, as a potential user or contributor, you can register at the eelo.io website.
Next part in this thread:
- 2/ eelo: the mobile OS
- 3/ eelo: web services
New post about eelo web services: "Leaving Apple and Google: my “eelo odyssey”. Part2: web services"
(URL removed per request from this forum mods)
leaglavud said:
New post about eelo web services:
Leaving Apple and Google: my “eelo odyssey”. Part2: web services
Click to expand...
Click to collapse
You write about a new launcher. Can we see the sources?
kurtn said:
You write about a new launcher. Can we see the sources?
We will release sources on GitHun and APK builds of eelo's BlissLauncher on F-droid and APKPure once we think its stable enough and compatible with common screen resolutions.
Click to expand...
Click to collapse
Great!
Please don't use XDA as a way to make money. This includes posting links to crowdfunding campaigns
Thread Cleaned
mark manning said:
Please don't use XDA as a way to make money. This includes posting links to crowdfunding campaigns
Thread Cleaned
Click to expand...
Click to collapse
Hello, I don't see where XDA forbids to post links to crowdfunding campaigns. Can you point me to the correct place in your terms of use?
leaglavud said:
Hello, I don't see where XDA forbids to post links to crowdfunding campaigns. Can you point me to the correct place in your terms of use?
Click to expand...
Click to collapse
No problem mate
13. Advertising and Income Generation
Commercial advertising, advertising referral links, pay-per-click links, all forms of crypto-mining and other income generating methods are forbidden. Do not use XDA-Developers as a means to make money
Click to expand...
Click to collapse
We're not "making money", we have a kickstarter campaign to support eelo, which is non-profit. That's quite different.
leaglavud said:
We're not "making money", we have a kickstarter campaign to support eelo, which is non-profit. That's quite different.
Click to expand...
Click to collapse
https://forum.xda-developers.com/showthread.php?t=3725368
On the thread above I have briefly explained why the crowdfunding / kickstarter threads are not allowed, as you can see, another user opened it up on the same topic.
No one is directly accusing you of trying to make money, no one said you're selling something and we actually appreciate the project initiative but "donate to us to make this happen" is not allowed as per quoted rule.
The funding goal is the amount of money that a creator needs to complete their project. Funding on Kickstarter is all-or-nothing. ... A creator is the person or team behind the project idea, working to bring it to life. Backers are folks who pledge money to join creators in bringing projects to life.
Click to expand...
Click to collapse
I don't really feel happy with keeping this conversation here but as long as you're the OP I feel obliged to do it .
There are hundreds of developers and project initiators around, what if everyone will ask for funding in order to sustain their plans?
The rules says clearly, present / develop the project and if anyone wants to donate is free to do so by freely hitting the donate button, there's no restrictions.
all moderators are illuminati? just 4 gk
:v
Amar 721 said:
all moderators are illuminati? just 4 gk
:v
Click to expand...
Click to collapse
No... I'm on the Darkside
xanthrax said:
No... I'm on the Darkside
Click to expand...
Click to collapse
what does that mean
dark side of the brightness
:v
Leaving Apple and Google: my “eelo odyssey”: the mobile OS
2/ Leaving Apple and Google: my “eelo odyssey”. Part1: the mobile OS
So I came out about my decision to leave Apple and Google. It’s a lifestyle choice to escape the tech giants that make me a product by privatizing my personal data .And I don’t like what Apple is doing now, Apple’s attitude, new iPhone and their price… It’s also an act of freedom for my children and all the people who will care: I want them to have a choice, and also a clear and informed view on how their choices can impact their life and their economical ecosystem as well. That’s what eelo is all about: offering a viable and attractive alternative to users for their digital life.
In this new post I’m going to describe what I was able to do so far on the mobile to get rid of Google and Apple, and what remains to do (spoiler: there’s a lot). In the next part I will explain what how things will need to be adressed on web services and draw a whole picture of the eelo project.
What’s wrong with default AOSP/LineageOS?
Talking about LineageOS, you might think “why do you want to hack something that is already mostly open source and works well?”
The answer is easy: the core of AOSP/LineageOS is usable, and performing well, but it’s not good enough for my needs: the design is not very attractive and there are tons of micro-details that can be showstoppers for a regular user. Also, unless you are a geek, LineageOS is not realistically usable if you don’t want google inside.
The design point
Regarding design, I know that some Android users like it, but I really dislike the default graphical user interface. I find it ugly: icons don’t look good, colors are sad, and I don’t like the launcher ergonomy and behaviour.
So at least we need a new launcher, and better icons. Default notifications don’t look very good either, and I’m not a big fan of the settings part. Compared to the rest of the UI it could be worse, but it’s still quite sad, with a single green color in LineageOS. I’d like something more appealing, and probably better organized.
“Good news”: you can find hundreds of custom launchers and icon themes in the Google Play Store. But either you have to pay for them, or you get free stuff with lots of ads and possibly scams. So not for me.
Bad news, good news
The bad news is that I’m new to Android development and I don’t consider myself a great developer. I can hack things, I can recompile and integrate stuff, but I don’t have enough practise to program a new launcher from scratch without spending weeks on it.
The good news is that I have found a very talendted full-stack developer who is interested in the project. We have agreed, as a first collaboration, to release a new launcher, new notification system and new “control center”.
First successes
I’ve choosen to test custom builds of LineageOS/eelo on a LeEco Le2. It’s a nice 5.5″ smartphone with a 1080×1920 pixel screen, 3GB RAM, 32GB storage, finger sensor in the back, and a 4K camera. It costs about 130€. Yes, that’s about $150. Yes.
Also I’m waiting for a Xiaomi Mi 5S. It’s got a smaller screen and I prefer smaller devices for my own usage. And I’ll probably give a try to the LG G6. (Want to suggest a device? tell me!)
After several weeks of work, we now have a new launcher! It still lacks a few features (such as uninstalling an application), but it’s already fully functional. On this video, you can see the “icon group” feature, and swiping between several launcher pages:
eelo BlissLauncher 1 from eelo on Vimeo.
On this one you can see the “docking icon” feature:
eelo BlissLauncher 2 from eelo on Vimeo.
We call it the “BlissLauncher” just because it’s a great launcher. And we also have a first new notification system and a new unlock screen:
Next time will be to have all that integrated by default in a new fresh build. And at the time of finishing this post, I already succeeded to flash a fresh build with the new launcher and the new notification system.
Getting rid of Google stuff completely
Now we have a better launcher for eelo, and I’m working with a great and very professional designer. He contributed a lot to the Mandrake Linux interface icons in the past, when we redefined all the user interface and all icons. Later he also contributed to first releases of Ulteo, when it was still a cloud-operating system project, and not a Citrix-alternative. We’re working together to redesign default application icons, some wallpapers, splashscreens, and also a first real eelo logo. On the long term, we will have to redesign the full user interface.
But what we want is not only something good-looking, attractive and easy to use. We want more privacy! And Google services are not compatible with my idea of privacy.
Therefore, we don’t want Google Services. We don’t want Google play store. And we probably don’t want most of Google apps such as Calendar, Email etc.
Also, we probably don’t want Facebook either and some other so-called “free” services. This will be user’s choice to install them or not. I know that we cannot change the world in one iteration, this will be step by step.
Each of this point will need to be addressed in Eelo. We will need an independent application repository, an independent and secure email provider, an independent online drive, online office services… All that well integrated in eelo. In the user interest first.
First round without Google
The first time I was able to recompile and flash LineageOS, I soon had to install Google Play Store and Google Play Services to install common applications, or I could do pretty nothing.
But there are some alternative stores. For instance, F-Droid is a very successful APK application repository that provides only 100% open source software applications.
There are other alternative app stores for non-open source applications. For instance there is Aptoide. It provides most common applications such as Twitter, Waze etc. But unfortunately when I checked Aptoide APK packages signatures and sizes, I realized that they were not the same as on Google Play Store. I’m not sure to understand well the reasons behind this situation, at least for common applications, so I looked for other alternatives.
I found APKPure to be a great store for free applications. And trust me, a lot of applications are free! Actually, I realized that on my iPhone I had only free applications. And I know many people who are using only free applications. So APKPure is a great way to go if you don’t want to use Google Play Store and don’t need non-free applications. I checked many of their packages, and they are bit-to-bit identical to the ones available on Google Play Store. There are only official packages.
An alternative to APKPure is Yalp. Yalp is an open source application that is acting as a kind of anonymous proxy to Google Play Store, also providing only official APK packages.
So for applications, I’m now using both F-Droid and APKPure. That’s already very confortable, and I successfully tried dozens apps, including the most used apps (Facebook, Messenger, Twitter, Waze, Telegram, Skype, LinkedIn, Spotify…).
But I think we’d need an “eelo store” that would deliver both:
- official free applications like APKPure
- open source applications like in F-Droid
All that into a single, appealing and fast application, where users could check easily if an app is open source or not, where users could evaluate the application level of privacy, and where users could be able to report some scam issues. We definitely need to add this to the eelo roadmap.
Lovely Google Services
There is a feature that Google has created to jail users within their environment. That’s called “Google Services”. It’s a non-open source service that you have to install if you want to use Google Play Store, for instance. It’s also used by several applications. It provides services such as:
- analytics
- account authentication
- cloud messaging (notifications)
- drive
- geofancing
- maps API
- mobile ads
- games API
…
Developers of Android applications are not forced to use them, but obviously Google is doing their best effort to make them desirable as much as possible, if not mandatory for certain features.
The good news is that many common applications, the ones that everybody is using everyday, are not using Google Services, or they do not rely a lot on them. Probably a lot of developers don’t like to be jailed in a single ecosystem.
As far as I tried, the most problematic applications in this regard seem to be some games, such as Pokemon Go. This one doesn’t seem to be usable unless you have Google Play services installed.
The good news is that there is a nice project that is providing open-source alternatives to Google Services. It’s called MicroG, and eelo will probably integrate it.
Another “great idea” of Google is their SafetyNet Attestation API. It’s something that Android application developers can use to check if the user’s device is an official device that complies with Google’s environment. It examines the hardware, the software, checks wether the device is rooted or not. In the end this can be used to prevent to application to run if the environment doesn’t comply enough with Google’s rules. Fortunately, there is “Magisk” to circumvent this issue. We will probably need to integrate it by default in eelo as well.
What about web search?
Many parts of a modern operating system can lead to “Privacy indiscretions”. So far, I’ve talked about privacy issues that come from within the system.
But if you search for something on Google, it’s very likely that Google can determine that YOU are looking for something in particular. Even if you are not using a google account in you Chrome browser, they can track your IP for instance.
So we definitely need to provide a default search engine alternative to Google search. Probably that we don’t want Bing or Yahoo either, although it’s better to use various search engines so that each of them doesn’t know exactly everything about your searches and therefore cannot consolidate your private information efficiently. We have a few alternatives:
- the well-known DuckDuckGo: even though it heavily relies on Google Search results, it offers privacy guarantees that Google doesn’t offer.
- Qwant is a new search engine that is making big progresses and now has its own index and is offering guarantees on privacy
- there is also the fully open CommonSearch: project, but it’s not ready yet
So I’m considering offering both DuckDuckGo and Qwant as default search engines for eelo search and web browsers that will ship with eelo, while still offering Google (and others) as an option. It’s true that in some cases, it is still offering the best results.
And also…
There is a long list of Internet services that can track you, send and process your personal data in many ways. For instance, using a Gmail (or similar) email account is a great way for Google to learn a lot about you.
But also, some of you probably know about the very fast Google DNS resolver: 8.8.8.8 and 8.8.4.4. DNS resolvers are used all the time and by many applications. They convert domain names to IP addresses. And I say: DO NOT USE Google DNS resolvers. Each time your smartphone is looking for a domain name, Google knows about it and they can add this information to other information they know about you.
Instead, you can use 9.9.9.9 (or 2620:fe::fe IPv6) which is a fast public DNS resolver operated by a non-profit research institute that does not store your IP. And it be accessed throught a secure protocole (TLS).
Of course, it’s all the web-service ecosystem that we need to address. As I said earlier, eelo will provide a mobile system with better privacy, but also some web services such as an online office suite, some online storage etc. We will aggregate some existing web services, improve them if needed, or build new services if nothing is available.
Still, we will face one dark zone: low-level proprietary hardware drivers on smartphones. They are driving the camera, the GPS, various sensors… Hardware vendors do not provide source code for these drivers. And they are extremely difficult to rewrite unless doing some heavy and resource-consuming reverse-engineering. And of course, some of those “black box” drivers could possibly leak users’ private data.
Future options for eelo to address this issue will be to:
- partner with FairPhone or similar 100% open hardware projects
- audit low-level drivers to detect unappropriate behaviors
- design an eelo phone…
Join the eelo odyssey!
As you can see, eelo is a true odyssey. But I think that, maybe for the first time, all bricks are available to build a new, consistent, attractive, independent and mostly-free digital ecosystem that will be more respectful of users, and respect their privacy. And this could eventually challenge the advertizing model that is probably the source of this such bad and supposedly “free” model.
Again, eelo is a non-profit project, it’s a project in the public interest. Everyone who wants to join, please do!
There are many ways to contribute:
- say hello! ? having supporters help a lot
- contribute some ideas, some resources, what you are good at
- introduce us to people who can help
- talk about eelo, share eelo news and articles…
- offer a few mɃ to pay some servers
Also, I’ve started to work on a crowdfunding campaign for eelo, because some resources are needed to bootstrap this project correctly. I’m not sure exactly what this campaign will be able to offer in rewards, but I’m thinking about it. Anybody’s suggestions are welcome!
Next part: 3/ Leaving Apple and Google: my “eelo odyssey”: web services
Leaving Apple and Google: my “eelo odyssey”: web services
3/ Leaving Apple and Google: my “eelo odyssey”: web services
I’m leaving Apple and Google for those reasons and I’m putting this effort into a new project: “eelo“. For this project, one big part is the operating system, in particular the smartphone operating system. I started to work on this part with others, and had first results that make me feel that maybe my move to a better digital privacy is going to be easier than expected ?
But today, a smartphone without internet services would be like a car without gasoline. We need email, we need online storage, we need advanced online applications… Also people like to access our data from several places and devices. The operating system has turned global.
So eelo needs to provide tools that can be accessed from other places, such as a web browser, but probably also from other computers and operating systems: notes, messages, calendar… And of course, we want all this with full respect of the user’s privacy, and no ads.
Many services to address
We need to address a number of internet services and find good alternatives that we can put together into a consistent, intuitive, secure, sustainable and global eelo service.
Here is a scheme of the eelo global system as I have it in mind:
A web service review
– Email
Email means some postfix configuration on servers, with POP3 and IMAP, all with all access secured over TLS. Plus a webmail access (I’m considering to use Mailpile).
iRedMail can set up all that easily, with DKIM and SPF correct configuration, and will even make possible to offer custom domains for the eelo email service.
But if we want a private service, we’ll need security on servers, where emails are stored. That’s a key aspect and we need to apply the best practises for setting up a rock-solid secure server for storing email.
– Search / Maps
I’ve already talked a bit about search in my previous posts. DuckDuckGo and Qwant have become two excellent alternatives to Google/Bing/etc.
But I think we need to set up a generic wrapper for search, like search.eelo.io, and we’ll put whatever we consider to be good behind. That could be an aggregation service as well.
As for maps, there is an awesome and adorable project that is OpenStreetMaps. It’s growing and is catching more and more attention from users and medias as an real alternative to Google Maps.
It also now offers directions and there is a “street view” ongoing project.
We’ll have to integrate it as maps.eelo.io, probably with some customization and dedicated servers.
Of course, all these default settings will be integrated in the eelo ROM (the smartphone operating system).
– Office
We have two choices for a good and open-source Office alternative for online usage: LibreOffice/Collabora and OnlyOffice. My preference goes for OnlyOffice because it’s attractive, efficient and allows realtime online collaboration between several users on office documents.
I’ve used OnlyOffice on my servers for several weeks now, and beside a few glitches, it’s a fully viable alternative to Google Docs or Office365.
– Drive / notes / calendar
The “cloud storage” service is a big and key part of the project. It needs to be very carefully choosen and integrated because it’s going to be at the center of users’ digital life.
There are several projects that offer these features, such as cozy.io, OwnCloud and NextCloud. For now I have tested NextCloud successfully and I must say that it’s amazing!
You can easily set up a NextCloud client on your smartphone, and do the same on other PCs. Then you get all your content synchronized. Very convenient for pictures, documents, notes… I’ve tried on Linux (and Mac) and it works well.
The good news is that NextCloud can also serve a calendar that can be shared/accessed from various devices.
So for now, I’m going with NextCloud. I’m not sure about OwnCloud benefits over NextCloud. Any advice?
The first goal of eelo will be to offer a fully functional and secured implementation of OnlyOffice+NextCloud. As there is a debate about self-hosting, eelo will also provide the service as software instances that can be installed on a user’s server, in the cloud or at home, if they will so.
– Social / Messaging
Of course you are using Facebook. I do as well, not very often though. There is also Twitter. Facebook in particular is a real nightmare in term of users’ privacy. They know a lot about billions users. If you happened to do an advertizing campaign on Facebook, you probably noticed that you can target people categories. Age, gender, place of living, income, … There are dozens criterias that prove that they really know a lot about people.
So Facebook is something we should stop to use in favor of better alternatives. There is a good news: you can use Mastodon. It’s a decentralized social network. Without any central big brother who can use your data to fuel a business model.
The issue is that social networks have a greater value when you can find most of your friends/family there. Which is not the case yet on Mastodon, but in tech communities.
So we’ll keep an eye on Mastodon and see how eelo can interact with the project and possibly integrate it.
As for messaging, everyone will be able to use their messaging app of choice, but eelo will ship with Telegram by default. The reason is that Telegram is probably the most secure messaging app, and also the most respectful of user’s privacy. It also provides quality voice calls over IP. Last but not least, its client is open source (although the server infrastructure is not).
And also…
– ID / translations / …
We will need an identity provider at some point. It will be a central point for authentication. OpenID is an option, although it clearly lacks some momentum at the moment. Brainstorming is needed on this!
While it may be a more minor aspect we’ll also probably need a translation service, voice recognition service, speech service, video/voice streaming services… There are many initiatives in this field, but they are not a priority for now.
About eelo tokens
I’m thinking about releasing eelo tokens, based on Ethereum. It would be a way to get access to some eelo services, and also to thank contributors. Again, most eelo services will be free because it’s the only way to compete against the so-called “free” services from Google, etc., and it will remain in the public interest first. But selling some premium services, high-end eelo smartphones, consulting… will be part of the model to fuel the project and make possible the free services. I have the feeling that using eelo tokens could help a lot to ease service transactions between all the parties involved in eelo.
Next steps for eelo
As we’re continuing the work on the eelo custom ROM, new launcher, and integration of web services, I’m still listening to user’s suggestions about the project, ideas… Many people have already contacted me and hundreds have registered on the eelo landing page, that’s awesome ?
We’ll also probably have a separate eelo development branch for more advanced projects. Actually, I’ve been thinking a lot for a while to turn the smartphone into a conversational device – text or vocal – with conversational apps instead of legacy applications. But that’s cutting-edge development and won’t be available into eelo by default.
An eelo website is now available at eelo.io and we have a Kickstarter campaign that has already done more than 300% of its initial target. Watch the eelo campaign video.
We're recruiting developers!
- android developers
- LineageOS developers/ROM maintainers
- ...
Contact us at [email protected]
— Gaël (follow me on Twitter @gael_duval / on Mastodon @gael@mastodon.social)
This is old text. Where are the sources for the launcher?
A couple of random thoughts:
1: Eelo is an awful name. It sounds like something a baby would come out with, while learning to talk
2: As well as freeing yourself (ourselves) from the tentacles of Google and, if this is about privacy and freedom from tracking; it should aim to avoid using services based in any of the Five-Eyes Countries
Hence:
* Consider Wire (based in Switzerland) instead of Telegram.
* Quitter..no is a pretty full-featured replacement for Twitter. Running on GNUsocial and based in Norway
* Qwant in preference to DDG [France vs US -based]
* Jottacloud -also based in Norway, is a pretty good like-for-like replacement for Dropbox. Same kind of free/paid account tiers.
3: While we're being all 'European' about this (well, I am), can you make sure and use 'European English' in your documentation when you set up the website? Drives me mad when I see Europe-based companies using "color", "center", "...ize", etc.
4: In the same vein, make sure the website invites people to "Contact" you. There's a special place in hell reserved for anyone who uses that puke-inducing phrase 'Reach out"!
kurtn said:
Where are the sources for the launcher?
Click to expand...
Click to collapse
We will release sources on GitHub and APK builds of eelo's BlissLauncher on F-droid and APKPure once we think its stable enough and compatible with common screen resolutions.
xxxmadraxxx said:
A couple of random thoughts:
1: Eelo is an awful name. It sounds like something a baby would come out with, while learning to talk
Click to expand...
Click to collapse
That's not too bad for a just-born project.
2: As well as freeing yourself (ourselves) from the tentacles of Google and, if this is about privacy and freedom from tracking; it should aim to avoid using services based in any of the Five-Eyes Countries
Hence:
* Consider Wire (based in Switzerland) instead of Telegram.
* Quitter..no is a pretty full-featured replacement for Twitter. Running on GNUsocial and based in Norway
* Qwant in preference to DDG [France vs US -based]
* Jottacloud -also based in Norway, is a pretty good like-for-like replacement for Dropbox. Same kind of free/paid account tiers.
Click to expand...
Click to collapse
Thank you for your suggestions. Some of them were already considered actually!
3: While we're being all 'European' about this (well, I am), can you make sure and use 'European English' in your documentation when you set up the website? Drives me mad when I see Europe-based companies using "color", "center", "...ize", etc.
Click to expand...
Click to collapse
What would be your suggestion of wording for a project that is not specially "European" or "American", e.g. worldwide project?
4: In the same vein, make sure the website invites people to "Contact" you. There's a special place in hell reserved for anyone who uses that puke-inducing phrase 'Reach out"!
Click to expand...
Click to collapse
At eelo.io, we have "contact eelo" and "get in touch"
leaglavud said:
What would be your suggestion of wording for a project that is not specially "European" or "American", e.g. worldwide project?
Click to expand...
Click to collapse
Well. Call me a pedant if you like. But if you're offering a language option, you should use the official version of that language, not a regional dialect. As far as I can see, when people pick French, Spanish, Portuguese language options on a website, they're not then given Quebecoise, Mexican Spanish, Brasilian Portuguese... etc. But English speakers are nearly always served up American English --even on sites / by projects that are not based in the US. [Yes, I'm looking at you Ubuntu & Linux Mint!]
It may seem a trivially unimportant point. But, as well as the privacy and data-harvesting concerns, my interest in projects such as yours also stems from a wider worry about the Americanisation of the world, which is being driven by the overwhelming dominance of big American companies in the tech & media worlds. Not automatically defaulting to US English is just one more small gesture non-US-based projects can make towards offering an "alternate viewpoint".
Man, what an undertaking!
Personally, I think the main thing should be to focus on Power Users and Privacy Conscious users, not the masses. Not yet.
First make a 'beautiful' reliable OS according to your desires. Focus on making that the best & a real point of differentiation from what is out there already. Make it as useful and unique as possible. Make it run on the widest range of hardware possible, and as easily as possible. That should be enough of a challenge.
Don't worry about creating cloud services or bundling this-and-that yet. I think that is extremely unimportant to Power Users who will install what they prefer anyway, and use the hardware they prefer ( & can obtain easily or cheaply). It might be useful to sell one model with everything as you envisaged it but I think the main focus should be on testing with a wide variety of phone / tablet hardware available and making it work there.
My priorities go like this:
1. buy cheap Chinese hardware
2. root, remove as disable as much obvious spyware as possible
3. fulfil 95% of app needs from f-droid
4. fulfil 5% of app needs from Play Store using sites such as https://apps.evozi.com/apk-downloader/
5. use device
If you can make step 2 ( above) easy and painless on as much hardware as possible, then I think that would be the best focus of time and resources.