Apols if this already exists: I did do a search and couldn’t find anything relevant.
My thought is that it is well known that Google uses various methods, including the “fingerpringing” of devices, to cross-link users even when they do not sign-in to google every time they breathe online.
I am firstly wondering if containers could be used to prevent this in two or three ways?
First: Can a container obfuscate identifiables like serial numbers of hardware components, or amount of memory?
Secondly: if apps were installed in different containers, would that be enough to stop Google, in principle, from find ways to detect the existence of the apps in the other containers? …of apps that are not in containers at all?
Thirdly: if the same app were installed in separate containers, and anonymously in one but logged in to Google in the other, could containerisation prevent Google from cross-referencing the two instances of that app?
If either or both of the first two are technically possible, then my feature request is that this facility be offered in a future /e/OS release as a standard feature.
Containers are not meant to increase privacy but to increase security and stability of the base operating system against applications inside the container.
You’re unlikely to get containers working on Android, but there are apps like Shelter which uses androids work profile functionality to provide greater isolation for apps.
Correct. But as a happy side effect, that would also mean at least some increase in the security of an app in one container as against those in another container, surely? (If not, why not: what am I missing here?)
So my suggestion is a more like an “off label” use for a drug than using that drug for its indicated use. However that does sometimes prove useful (and, or course sometimes doesn’t).
Agreed, if you are thinking of trying to install the full Docker system, or any of its fully-fledged alternatives.
I guess I was thinking more of exploiting some parts of the CGROUP functionality, which I imagine is either in the kernel as used in Android, or at least could be compiled in for a custom build. If I am mistaken on that, please explain how?
Thanks for the heads up. I have not looked at Android’s work profile system: is that based on usernames (as the usual separation of apps is), or CGROUPS, or something else. Can you, or any other reader, point me to a page about “how it does it” rather than a page that says what it does? Meanwhile I will look at the page you linked.
