To use push notification which I had to and had no other way. I turned google device registration on. though I was using vpn google could figure out my country and I think that’s because of revealing my simcard. for some reason even when using google two step verification it can find out my device’s true build though I have chosen other device profile. (I tested with toggling off or on any option on microg to prevent this but It was useless).
This was the reason I chose to use e.os. because no matter what google could know where I’m from and that’s frustrating and even dangerous in some countries.
Hello @Ataa,
Have you logged in to a Google account in microG? I am asking because you state that you can (somehow) see the information Google has about your device.
It is possible that there is indeed some bug in microG and more information is leaked than expected. microG tries to be as anonymous as possible, see Google Network Connections · microg/GmsCore Wiki · GitHub
For all of [these connections], we strip device identifier (MAC addresses, IMEI, etc) from requests where they normally would be (and if required use random but valid identifiers instead).
One important caveat IMHO:
If someone lives in a country where they are endangered because of Google Services usage (possible reasons: It is illegal, or the authorities can identify you with your Google account), then I assume that this individual lives in a repressive country and has a credible risk of targeted surveillance. Then, /e/OS should definitely not be used! It is intended to make the usage of a smartphone more private in regards to big tech (a nice side effect: less data collection → less data that state actors can (ab)use). However, its goal is not to protect you from (more or less) targeted attacks from state actors. There are other ROMs that should then be used instead.
After toggling off authenticate with device registration and toggling on strip device name amd device registration using nexus 5x profile. I logged in from my laptop using firefox developer edition with all settings and addons to avoid fingerprinting yet to my surprise google asked me to go and accept the authentication notification they sent to my nothing phone A15. In google device section though after a while it just showed nexus device.
I’m just sharing this to fix bugs and make things work better. I’m not in danger of being targetd but I want to be in charge of the information corprate or state actors get from me. Anyways thank you for the warning and users should be mindful about the limitations.
You are absolutely right. if I was a lone wolf, I would get rid of google for good much sooner. but the problem is our loved ones are still using corporate products because it’s easy and convenient. Me and my wife are in different countries right now and we use Whatsapp to videocall mainly. WhatsApp was acting wired when I wasn’t using MicroG cloud messaging. It wouldn’t show calls on time which made my woman frustrated so I had to choose my emotional safety over online safety. If anybody knows a better alternative for videocalling on e/os that doesn’t require google cloud messaging and at same time is easy to be used by common users and has iOS compatibility I’m more than happy to know.
Personally, I can recommend Threema. Main downside: It has to be purchased for a small amount. However, it can be purchased without the Google Play Store (see e.g. Download Threema Private – Threema for the available options), has an iOS app, and most notably, they run their own push infrastructure that can be used instead of Google Cloud Messaging (Threema Push is even the only option in the F-Droid version).
Moreover, Signal also offers push via WebSockets, see e.g. Signal, finally without Google strings; and there is also Langis, the Signal clone without GCM (I do not know how up-to-date Langis is, however).
One caveat: I do not know how reliable push via WebSockets actually is. A friend of mine used it some years ago, and the situation improved when he switched to GrapheneOS with sandboxed Google Play Services. As Signal is free (as in beer and freedom), you may still give it a try.
@Ataa I have a follow-up question: Did you log in to a Google account in microG? If yes, the 2FA push notification was to be expected. If not, that would really be strange, and we should ping Manoj and open a GitLab ticket so that this can be further investigated.
Molly FOSS, a well maintained and fully compatible signal clone for android, can be configured to use Unified Push for notifications.
I can wholeheartedly recommend it.
Your contacts that use signal on iOS have to go with google notifications (FCM) anyways I presume. (Would still be more private than using WA…)
Dear @Tentos
Thank you for your suggestion. About the microG situation, yes, first I logged in to the Google account in microG, and I toggled on the “Google device registration”. Meanwhile the option “Receive two-step verification prompts from Google” was off, but when I tried to log in to the same Google account from my Laptop to check if my country is shown there, the sign-in page asked me to verify the prompt they sent to my device “Nothing phone A15” so I toggled on the “Receive two-step verification prompts from Google” to be able to recive the prompt. As long as I didn’t register the device with Google, the sign-in page wouldn’t ask me to verify any prompts. I hope I was able to clarify the situation. But if there are more questions regarding the situation, don’t hesitate to ask. I’m more than happy to answer them.
Hello @Ataa,
Thank you for your reply. This may surprise you: You do not need to log in to a Google account in microG to use Google Cloud Messaging. I have never logged in, and GCM has worked for years. (I think that this is even the case with the official Google Play Services!)
So you may log out in microG and still be able to use GCM. (Before doing so, make sure that you no longer need the 2FA by Google push, but have configured an alternative 2FA method!) If I interpret the information linked by @mihi correctly, you should then be more anonymous regarding your Google exposure.
However, you are interested in not using GCM at all, so I would recommend that you take a look at the push alternatives mentioned above. /e/OS comes with Unified Push preinstalled, but I do not have any experience with it. Maybe @obacht can share his impressions?
functionality in e/OS depends on phone model from my experience
My Samsung S7 does not work with preinstalled UP activated (workaround with “ntfy”-ap does though) but my Pixel 4a does perfectly.
UP can be activated in device settings → System
Check UP-functionality of your device with “UP-Example”-app.
For Molly You then need to connect to a “molly-socket”-server in order to receive notifications via UP.
There´s a few threads in here that discuss the topic.
Funny situation is that Signal sms and even its network is blocked by the state and call option for signing in is not available as well. I may stick to the suggestions that @Tentos kindly gave.
ntfy