On Sat, 20 Nov 2021 09:18:57 -0500, Mayayana wrote:
>|
>| Do you have evidence most FOSS apps are spyware?
>|
>
> No, but I don't assume OSS is necessarily clean.
Yours is a sound strategy not to install anything you don't need.
I was just making the point that FOSS apps aren't necessarily spyware.
At least they're FOSS, which means if they're obvious spyware, we would know
but if they've cleverly hidden the spyware (or if nobody looked at the
source) then I would agree with you that to be wary of FOSS apps is ok.
> Look at
> Firefox. A bloated mess of bad design and spyware settings.
I think you have a good handle on Firefox which just takes too much effort
to keep cleaning up as they keep adding more and more spyware to it.
While you can clean firefox up (ghacks user.js for example), it's work.
Therefore you won't see Firefox (or Chrome) on my system, that's for sure.
Unfortunately, you need at least one web browser.
I use ungoogled Chrome as one of the least bad, which isn't good but it
isn't all that bad either.
But I agree with you that the effort to clean up Firefox is just too great.
Even as ghacks user.js helps a bit to clean up the errant ways of Firefox.
https://www.ghacks.net/2020/01/06/please-mozilla-dont-touch-the-user-js-functionality-in-firefox/
> (3rd party cookies enabled by default!) But it's OSS. Oss just
> means you can get the code yourself. It doesn't mean it's
> good code. Nor does it necessarily mean there are no ad deals.
> (Again, Firefox gets paid millions by Google to put theeir
> search bar on the toolbar and make it difficult to *not*
> search from the address bar.)
I agree that it's hard in Firefox to not search even if you make the address
bar not a search engine but at least on Windows I think I managed to turn it
off (but I don't remember how I did that but can look it up for you).
But you need at least one web browser, don't you?
On Windows SRWare Iron allows you to easily turn the address bar search off.
On Android, my main browser is ungoogled chromium which is just ok.
I don't remember where I got it from but a search finds it here.
https://github.com/ungoogled-software/ungoogled-chromium-android
>|> Of the apps you list I can't imagine having any use for them,
>|> except maybe the camera program. I might have that. I'm
>|> not sure. The rest is nonsense to me.
>|
>| Other than Open Camera, what FOSS app do you use that you like the most?
>
> As I said, I don't use apps. I answered your post partly
> because no one else did and I don't understand that
> hostility. Also because I'm curious about the general
> phenomenon of apps and what people use.
Thank you. I saw the hostility and ignored those people who had no intention
to contribute so to respond to them would be to reward their goal.
I was hoping some good FOSS apps would come of it as there are some things
everyone does (like calendaring) which Google makes too easy for them to use
the spyware.
I wanted others to learn from me and I wanted to learn from others.
> But for myself they're generally not relevant. I know how
> to read maps. I don't want restaurant recommendations.
> And even on a desktop I don't use trinkets like clipboard
> managers or organizers. I'm waiting for the emperor's new
> crypto-currency to crash, along with NFTs, so I don't need
> a wallet for that. For notes and lists I use Notepad or a
> pencil and paper.
I'm with you on the KISS concept which I think is sound.
Especially for privacy.
> In short, I don't use a cellphone for any of the things you
> mention because 1) it's an ergonomic nightmare, 2)
> it's functionally a kiosk system, on which it's nearly
> impossible to maintain any kind of privacy, 3) and leaving
> it turned on regularly causes it to serve as a tracking collar.
> Opting out makes little difference.
You and I may not be the norm as most people have an email app, a navigation
app, a calendar app, a picture gallery app, an audio/video player app, a web
browser app, a calculator app, an editor/viewer app, a camera app, a voice
recorder app, a contacts app, a phone dialer app, an instant message app, a
voip app, and so on, where I like to keep mine all at FOSS if I can.
>
https://www.vice.com/en/article/5dgmqz/huq-location-data-opt-out-no-consent
Thank you for that recent reference about Huq-affiliated apps collecting
location data even when the user opts out.
I use an app called "Ad Detector"
(
https://play.google.com/store/apps/details?id=krow.dev.addetector)
to tell me what ad services which apps are using and if I don't need that
app, I remove it.
But I don't have a "location detector" app to tell me things like which apps
are "huq affiliated" but looking up huq I found this article telling us one.
https://blog.appcensus.io/2021/10/25/what-the-huq/
According to that article above "QR & Barcode Scanner" uses huq.
https://play.google.com/store/apps/details?id=qrcode.scanner.qrmaker
It stores the router & location & MAC data in a file on your system
/data/user/0/qrcode.scanner.qrmaker/shared_prefs/huqVisitAwaitingSubmissionStore.xml
That says huq waits until there are 10 events to report, and then sends that
batch upload every nine minutes or so while the phone is on, including when
the app containing the Huq SDK is not in use. The trend of about nine
minutes seems like the time it takes to reach a threshold of 10 events so
that the server gets notified.
What they found was that huq did NOT respect the "opt out" mechanism of both
Microsoft & Google/Mozilla (for example, SSID_nomap) which is disconcerting.
While it would be nice to have a "Huq Detector" app, they said "Looking at
tens of thousands of apps, we only found Huq in 17" which they listed in
that reference (make sure you don't have any of them!).
https://play.google.com/store/apps/details?id=qrcode.scanner.qrmaker
https://play.google.com/store/apps/details?id=com.audiosdroid.speech2text
https://play.google.com/store/apps/details?id=de.android.telnet
https://play.google.com/store/apps/details?id=com.speedgauge.tachometer.speedometer
https://play.google.com/store/apps/details?id=com.lelic.speedcam
https://play.google.com/store/apps/details?id=uk.co.nationalrail.google
https://play.google.com/store/apps/details?id=com.msearcher.camfind
https://play.google.com/store/apps/details?id=com.fromthebenchgames.fmfootball2015
https://play.google.com/store/apps/details?id=com.fromthebenchgames.nbamanager15
https://play.google.com/store/apps/details?id=com.qiblafinder.prayertime.hijricalendar
https://play.google.com/store/apps/details?id=com.speedgauge.tachometer.speedometer
https://play.google.com/store/apps/details?id=com.quranmp3.readquran
https://play.google.com/store/apps/details?id=com.audiosdroid.audiostudio
https://play.google.com/store/apps/details?id=com.videocutter.mp3converter
https://play.google.com/store/apps/details?id=com.audiosdroid.arrangerkeyboard
https://play.google.com/store/apps/details?id=com.audiosdroid.portableorg
https://play.google.com/store/apps/details?id=com.digitalhud.speedometer
https://play.google.com/store/apps/details?id=com.ik.flightherofree
https://play.google.com/store/apps/details?id=com.livingearth.free
https://play.google.com/store/apps/details?id=com.quranmp3ramadan.readquran
https://play.google.com/store/apps/details?id=com.weathernowapp.weathernow
https://play.google.com/store/apps/details?id=net.difer.weather
>
> Did you know that Google sells "geo-fencing" data to gov't
> agencies? They call Google and ask who was at a given location
> during a given timeframe and Google sends them a list, based
> on cellphone tracking. Very creepy stuff.
>
https://techcrunch.com/2021/08/19/google-geofence-warrants/
No. I did not know this. Thank you for the heads up.
That link says in 2020 Google received a thousand geofence warrants a month!
I agree with your observation that it's creepy.
This article says you have to be signed in to Google for it to work though.
https://www.nytimes.com/2019/04/13/technology/google-sensorvault-location-tracking.html
If Google sells it to the government it absolves the government of their
restriction on warrants so it's doubly creepy that the government gets this.
> You could have walked past the Capitol on Jan 6 and ended up
> under investigation by the Federal gov't. What gives Google and
> others the right to spy on you like that?
There was a murder in my town and the police knocked on my door and I had
wondered how they knew I was in the area and thought it was from a license
plate scan since they knew more than I did where I was that day.
Maybe it was from my phone?
Or from an FBI Cessna flying overhead?
> Many apps make money by add and/or selling your data. On
> Windows my firewall controls what software can do. If it tries
> to call out it gets removed. It's not so easy on cellphones.
> So I generally just don't use apps. I make phone calls. :)
I use NetGuard as my firewall which I'm sure you're well aware of.
https://github.com/M66B/NetGuard
> In the few cases where I've needed an app I go to APKPure.
> (Though I can't think offhand of an app I've needed. My ladyfriend
> wanted a flower ID app recently, but I don't think any were OSS.
> We were lucky just to find one that didn't tell us a daisy was
> an oak tree.)
I have a lady friend who loves to identify flowers also.
Searching I wonder if any of these four ad free apps are any good?
PlantNet Plant Identification (4.6 rated)
https://play.google.com/store/apps/details?id=org.plantnet
NatureID Plant Identification (4.2 rated)
https://play.google.com/store/apps/details?id=plant.identification.flower.tree.leaf.identifier.identify.cat.dog.breed.nature
INaturalist (4.2 rated)
https://play.google.com/store/apps/details?id=org.inaturalist.android
Blossom Plant Identification (3.9 rated)
https://play.google.com/store/apps/details?id=com.conceptivapps.blossom
I'll test each of them out and give one of them to her.
Was the one you chose in that list above?
> My sense was that that APKPure provides non-Google-infested
> apps, but I'm really not an expert. I'm curious why you go to the
> play store instead. Have I been misled in trusting APKPure?
I don't know if there is any repo that we can trust.
I don't trust any of them but I trust FOSS more than I do proprietary.
I generally do NOT use Google Play if I can find the app in a FOSS repo.
Obviously you are aware of F-Droid & GitHub & Sourceforce & Guardian.
But I post Google Play links in this newsgroup because that's what most
people will be using (even if I don't use them myself most of the time).
I do agree with your strategy of only installing what you need.
In addition, there are basic best practices for privacy we all need.
We should aim for apps by Developers who adhere to these privacy standards.
https://source.android.com/security/best-practices/privacy