Edit: also of note: DivestOS currently provides monthly updates spanning seven versions of Android, I don't know of any other project doing that specifically.
To note, the monthly security updates DivestOS provides don't (can't?) include baseband and such "firmware" updates for legacy OEM-unsupported versions of Android.
Don't get me wrong, it's terrific that security patches are backported to such ancient versions of Android by those working on DivestOS and it's a great option for devices that aren't supported by GrapheneOS, LineageOS, et al.
Firmware is included for 45 devices, but no one but the vendor/manufacturer can actually provide security updates for them, so they are largely just the last release.
GrapheneOS looks interesting but DivestOS's focus seem to be aftermarket devices that Graphene is not targeting.
I recently got an unofficial build of LineageOS running on a Nexus 4 (mako) device and I was positively surprised with the speed it can run modern software. But this is an unofficial build that is also broken on some essential points, such as WiFi.
For these old devices, Graphene is not an option and if there are others targeting the same devices as DivestOS (which I will surely be checking out soon) I have yet to see them.
I own a Fairphone 4 and recently had to decide between DivestOS and CalyxOS decided to install Calyx. GrapheneOS is bettet than CalyxOS if you own a pixel, but CalyxOS has a few supported devices more.
I decided against DivestOS eventhough it had technically better security and privacy due to the lack of microG.
There's also /e/os which works on many devices and uses microG, but they're kinda building their own ecosystem and I didn't want to deal with that.
Have been using /e/OS for 1.5 years on my Fairphone 3+, I love it!
Not sure what you mean about their ecosystem, I personally don't have an eCloud account. They have a NextCloud integration that I don't use but could work with your self-hosted instance.
Also it appears to me that there is quite some drama between GrapheneOS and CalyxOS, and apparently the author of GrapheneOS already had some drama with their previous employer. So overall it did not help me trusting both of those projects.
With /e/OS I haven't seen such a thing, it just feels like a nice community.
Well, that is not enough to convince me. Regarding GrapheneOS, I have read extremely aggressive posts from the author against their previous company. I thought that maybe it was a toxic company, and the GrapheneOS was right (why not?).
Then I've seen exchanges between the GrapheneOS author and some Calyx people on some GitHub issue, and they were borderline insulting each other. At this point is difficult for me to believe that somehow the GrapheneOS author is always the victim. And if that's the case, then that's bad for the CalyxOS community anyway.
Maybe that's misinformation, and they all love each other. Maybe not. How could I tell? What I see is that I would not want to be part of such discussions.
Nice to have a list, though many points there are debatable.
It's always a question of threat model. The /e/OS experience is perfect for me, and I am convinced it is much more likely to reach my friends than e.g. GrapheneOS, which is much more into security (at the cost of UX).
In the end it's good to have the alternative, and to realise that they target different profiles.
I cannot fathom how a browser/WebView from 7 months ago with 244 known security issues including multiple zero-days and a PDF reader from 6 years ago with 55 known security issues is in anyone's threat model.
Do realize that combined with their Advanced Privacy app which routes users over Tor, it can very well result in HTTP only connections being MiTM'ed.
I've seen it with some of my own users recently and their RSS feeds being hijacked.
I ask /e/ team every month to do something about it and they don't, yet users keep trumpeting them and buying devices from them. It is downright negligent of them.
> I cannot fathom how a browser/WebView from 7 months ago with 244 known security issues including multiple zero-days and a PDF reader from 6 years ago with 55 known security issues is in anyone's threat model.
I use Firefox, not their chromium-based browser. I can't mention an app that I use that is using a WebView though... I remember there was one, but I could set it up to use my browser. I use their PDF reader, I'll have to check that.
> Do realize that combined with their Advanced Privacy app which routes users over Tor, it can very well result in HTTP only connections being MiTM'ed.
