I have appreciated this statement because it has made my mind work. At the same time it is very depressing. I say this because it makes me believe there is zero (or close to it) probability any of us can go to be completely anonymous online, either with DivestOS, /e/ or any OS without EXTRAORDINARY effort. The amount of effort very few will go to, including myself, because I am just an average cellphone user who wants privacy.
If you watch the video below with CalyxOS’ lead engineer he explains at the 17 minute and 30 second mark why they leave NTP, Connectivity Check, and Captive Portal with Google’s default Android servers. He says its because the only info transmitted is the phone’s IP address and a common user agent. Can this combination not be used by Google to further fingerprinting in accordance with with this statement?
- “If you can’t think of ways Google may correlate all the sources of info’ they have to de-anonymize you when you’re not logged in to a google service, then you haven’t heard of Total Information Awareness or Edward Snowden. Does your ISP or phone company know who you are? Do they know your IP address when you are online? Would they sell this info’ to make more profit?”
Another point, if you download Privacy Breacher from F-Droid and choose “Phone Information” it clearly shows you all the fingerprinting information applications can see, again going back to the quote above. How much of this is sent to Google/other tracking entities by basically any app from Aurora? Seems we all are 100% confined to verified open source apps to escape this. How probable is this for you? Again, its subjective. This coupled with your internet browser fingerprint and whatever other information from your phone is providing I don’t think it is realistic to believe anyone using /e/ or DivestOS is completely anonymous. If I completely disable microG on /e/ am I now more anonymous than DivestOS because DivestOS is sending my IP address and a common user agent to Google every time a captive portal check takes place when /e/ isn’t? One can go to great lengths to stay private, make one small mistake and the cover is blown, you’ve been " de-anonymize"d. As we see this quickly gets into the weeds.
If all this is correct much of our decisions on what OS to use are subjective and may or may not change as we gain more knowledge and understanding of how these intricate systems all work together. For me I like microG for a couple apps that I sandbox in Shelter and one I don’t. Other than that I use FOSS apps that shouldn’t be leaking fingerprinting info. But based on “Total Information Awareness” and what Google is collecting from what I have already outlined, my cover is blown. Again, my subjective desire is to minimize what’s being captured.
Hoping people can lift and not pull down while at the same time showing with genuine information why something could be improved and back it up with facts or data. /e/ is great, its not perfect but I like the direction its going in. I am going to flash DivestOS and give it a drive. Edit: I just don’t have the time to learn how to build DivestOS custom, I need microG for a couple apps and there is no native support. After reading a bit SkewedZepplin/Tad seems pretty cool. I love how engaged Tad is on the F-Droid forums.