Privacytools.io: 🆕 Software Suggestion | DivestOS

@SkewedZeppelin is it possible to relock the bootloader in the os after installation? Personally I think this is very important but lacking in most custom ROMS? I am very interested why this is not been implemented by Lineage-OS as from my understanding this improves the security of the device.

@ph00lt0

is it possible to relock the bootloader in the os after installation?

Yes, DivestOS properly signs builds allowing bootloader relocking on supported devices.
See:
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L143
and
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Copy_Keys.sh

Does it support autobuilds?

Autobuilds? Can you elaborate/clarify?

On Thu, 2020-09-10 at 04:37 -0700, ZarusMods wrote:

Does it support autobuilds?

On original LineageOS with every commits for day, automatically building rom.

@ZarusMods
There are no nightlies.
Per the site:

Releases are typically done on a monthly schedule unless there are major or security related changes.

Only when major update, user building it self

@ZarusMods
There are no nightlies.
Per the site:

Releases are typically done on a monthly schedule unless there are major or security related changes.

Oh thanks for clarifying

My connection: User/Tester. My Euro's worth:

If GrapheneOS is listed, then DivestOS should be listed too, at least under "Worth Mentioning" for older devices not supported by GrapheneOS.

Plus:

• In contrast to GrapheneOS and some others, there are no signs the DivestOS developer is involved in legal disputes or wastes much time battling on social media or other sites.
• DivestOS supports several older devices, including some with removable batteries or sd cards. It works as a daily driver for some devices.
• Few default apps are installed. Realtime malware scanner (hypatia) is an add-on app, at least for some devices if not all.
• Developer has been working on this or related projects a long time, since ~2013-2015'ish or so.

Neutral:

• Developer uses at least a couple aliases. But who doesn't.
• Appears to be a part-time effort. Developer is sometimes responsive, sometimes not. But what OS didn't start small.
• Based in USA.

Minus:

• Several supported devices are not tested by the developer, but this is similar to other OS projects, and device status (Works, Untested, Broken) is shown and updated, with details on functionality also given.
• Uses github (negative, but so does PTIO and many more). Also uses gitlab (positive +/-).
• Has some out of date or inconsistent info' on the website, but who doesn't. Privacy Policy page refers to Stripe for ROM download payments, but About page asks for donations, for example.
• It has bugs, but what OS doesn't.
• No independent audits. Uncertainty who is really behind it, or whether they can be trusted. But isn't that almost always the case.

some xda roms have the option to disable internet access for apps individually, natively through the android settings, without having to use any application like afwall. Is it possible to do this at DivestOS?

@fabianski7 yes, that is a standard LineageOS feature.

Sorry to interrupt... but I have a question. Does DivestOS ping a google owned address to check internet connectivity like Lineage, or has that been changed with your build? (If so that is another reason to prefer over lineage - at least for me)

@CactiChameleon9

Does DivestOS ping a google owned address to check internet connectivity

Yes, DivestOS does not change the default connectivity check URLs.
There is good reason not to.
GrapheneOS has a detailed explanation about this here.
https://grapheneos.org/faq#default-connections

However DivestOS 14.1 and 15.1 do include a patch from @MSe1969 that allows easily disable the check from the Settings app.
And on 11.0, 16.0, and 17.1 you can disable the check via ADB.

See also
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Misc/Features/CaptivePortalCheck.txt
and
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch

OK, thanks. The reasons given makes sense - anonymity is important. Thanks for the info on your decisions with that choice, and the related files. I really like the idea of using one at random - however I agree may be ethical/permission issues to doing so. Sorry for hijacking this issue a but I was intrigued. I may switch my phone over to your OS due to your clear consideration of privacy issues just shown now (and because of your fun reply on fdroid fourms to another similar project). Sorry and Thanks again.