Dutch Coronamelder app needs "current" G**gle Play Services

Anyone can say the framework “would be this or that”. If you claim, it is a “potentially deepest tool to control your device” or “not a backdoor but an open barndoor”, you would need to explain how you reached this conclusion, based on the source code, or by citing a source that does so. To my knowledge even the German CCC has deemed the App in combination with the framework unproblematic.

And this is exaclty where the difference between empty ideology and a reasonable wish to keep ones data private is found. While as you very rightly say, Google does a lot of tracking, this is a proven fact, they do not even attempt to keep a secret and that has been pointed out by many organization with implications that are discussed in depth. However, the idea that this Exposure Notification Framework (provided by microG) would be as bad as you say it is, is - as to my knowledge - just this: People saying it “just is”, without providing a shred of evidence or explanation and sometimes even drifting of in some narrativ that - so far - to me is hard to distinguish from any conspiracy myth.

See, if there was reason to believe, this framwork would do any more harm than the rest of microG, I’d absolutly be willing to change my opinion on this. So far however, nobody has been able to explain to me properly, why this would be the case.

11 Likes

‘Believe’ is the world.

ggle & pple asked us to believe they won’t ever use their ‘covid’ framework for their own goals… They already have a sufficient amount of individuals datas to bypass all ‘privacy limits’ from tracing apps (I’ll report links here).
They had created a powerful tool but we must believe they care first about our privacy and never…

“All what can happen necessarily will” ©RenéFournier

1 Like

Once bitten, twice shy.
I know, its not rational, yet true

1 Like

While your reply is rhethorically beautiful, even including a nice (and yet a bit paranoid) quote, it is still based in the logic: Google=evil=COVID API=evil. You are still owing an explanation as to how a framework, and specifically it’s implementation via microG, is “a barndor” into our private lives. You are yet to show by citing the code, which is available publicly, how exactly this is done. How is an API that is designed to record when your smartphone meets another smartphone the one bad thing that will allow Googlr full control over their users (I mean, really, they already ARE in more or less full control)?

How about the alternative hypothesis, that this framework is just and simply what it pretends to be? That it does nothing more than record Bluetooth encounters, by exchanging random codes, which after a while get deleted and created anew, thus ensuring the owner of the original code cannot be tracked.

As long as your answer remains “because it’s Google and Google is evil”, I am afraid we will not be moving any closer to a discussion based in reason, but will be stuck in a back and forth of contradiction. And because ending on a quote seems to further my point somehow, let me finish with this.

“This isn’t an argument, this is contradiction.” - “No it isn’t” - Monty Python, The Argument Clinic.

8 Likes

We are still waiting.

Are you seriously comparing Google to the Vichy government of France during the Nazi occupation? Please can we keep this discussion in the realms of reality and maintain some sense of proportion?

You do know that AOSP - the open source part of Android - was (mostly) written by engineers working for Google. like the Notifications API that is the subject of this thread.? If Google is such an evil organisation, why would you choose to use anything written by them?

4 Likes

Please return to the initial topic “Dutch Corona Detector app needs “current” G**gle Play Services”

1 Like

Dutch CoronaMelder v1.0.2.71407 | 10.09.2020

was just tested by me on three devices with two different custom ROMs. Result: 1x negative 2x positive

[- negative] Galaxy S9 ‘launched’ LOS17.1-for-microG Services Core version 0.2.12.203315
.
dutch_coronamelder_microg0212203315

[+ positive] Galaxy S5 ‘hlte’ PixelExperience 9.0-20190712-1406-UNOFFICIAL (see also here ….)

[+ positive] Galaxy S5 ‘hlte’ PixelExperience 10.0-20200514-1847-UNOFFICIAL

From this I conclude that the Dutch Corona Detector was coded extremely close to G**gle’s Exposure Notifications API and G-Play Services.

Hello.
Sorry, I also have a real life and sometimes need to sleep a lot between classes and choir rehearsals… It’s pretty difficult to find en. sources related to web and papers french articles that I have read since april… Quick response below.

Somes links (fr.):
vulnerability :
https://www.developpez.com/actu/308548/Covid-19-une-enorme-faille-decouverte-dans-l-API-de-contact-tracing-concue-par-Apple-et-Google-qui-permettrait-de-suivre-une-personne-a-la-trace/

https://www.laquadrature.net/2020/04/29/que-penser-du-protocole-de-tracage-des-gafam/ (29.04)

https://www.laquadrature.net/2020/06/02/crise-du-covid-19-la-technopolice-profite-de-la-strategie-du-choc/ (02.06)

Canard Enchaîné n°5195, 3 juin:

Short translation (DeppLT):
Numeric specialists call it a cat flap […] This “captcha” system […] retrieves the IP address.
“This means that gg knows -potentially- the identity of all the cell phones using the StopCovid application” (Arthur Messaud, La Quadrature du Net)

And so on…

============

Tech and en. deep analysis:

https://eprint.iacr.org/2020/399.pdf (en.)

============

Then I claim a ‘trial of intentions’: ggle and pple are not philanthropists. Their primary goal is profit, the means is the sale of fine, sorted and compiled personal data.
The API is autonomous, integrated in the lower layers, and can be modified by simple OTA update without asking for authorization: apart from our voluntary belief in their leniency, there is no guarantee that this system will not be used soon to increase the efficiency of personal and especially inter-personal tracking.
All that is then required is a unilateral law (e.g., the Patriot Act) for a well-intentioned or ill-intentioned State to be given the keys to all or part of this database, according to criteria beyond its control.
The precedents in terms of censorship and respect of rights, by the GAFAM, do not give me any confidence in their “declarations of honor”.

Short, their preoccupation with privacy is just a display, a communication operation, since they already have the tools to reduce it to nothing, and develop it further by pushing it deeper and deeper into the network as a whole. The Covid crisis is a good pretext to increase their situation of duopoly and to reduce even more the possibilities to escape their surveillance…

Last, I don’t trust in evil nor god. I’m still suspicious of the business means. Goals are well known and the disastrous consequences too.

3 Likes

@trefix thanks for taking some of your time to explain this so well!
Ggle is not evil because of their capitalist business model; rather, they are evil based on the product they sell.
They don’t waste their time developing products free, sorry, and tgey also don’t care about our personal health. (But it is in their intetest to say they do)
So yeah, one more ggle-inspired product? No thanks.

@trefix: Thanks for getting some substance to discuss.

@donut3: Nobody really questions the overall nature and motivation of Google. But what is severely lacking in society right now in many if not most topics is just evidence-based discussion and evaluation instead of just anybody crying “I LIKE/ DON’T LIKE THIS JUST BECAUSE!”.

A discussion will still be subjective, there will still be much spin-doctoring in any direction, but at least get something together which can be discussed and ideally proven right or wrong for the topic at hand, which in this case here is the API, not Google as a whole, and not some gut feeling that the end is nigh.

Just saying the API is probably bad without evidence is not much better than what people act on when they burn 5G masts to fight the corona virus. Fortunately for now it’s 5G masts and not witches, but we’ll be getting back there eventually if the overall level of an acceptable dicussion about stuff doesn’t get raised again.

3 Likes

I am concerned about the creeping suppression of any possibility of alternative, without any political counter-power, without democratic discussion, just because “it is the most common tool”.

More and more applications simply refuse to work without the 'gg plaie sevices’, including banking applications, health applications, applications for young students and even State’s services (taxes, civil status…).

There is an absolutely permanent technical ‘blackmail’ to access web, with no more workaround possibility (= captive market).

1 Like

Still isn’t here, tried the Belgian Coronalert App today


Failed, so added the MicroG repo in F-Droid https://microg.org/download.html and tried to update myself, but that failed too:

The update should have been in /e/ two weeks ago.

Coronalert - Belgium App

I tried the Belgian Coronalert App today also on my old Galaxy S5 ‘kltee-0.11-p and Nanodoird’ed microG Services Core v0.2.12.203315

(BE)coronalert
.
(BE)coronalert2
.
The Coronalert - Belgium App version 1.6.0.78 from 24.09.2020 works fine on my device configuration.

1 Like

Thank you for your kindness,
I am not well english speaker too, i don’t use the translator for each post i read or write, it is an error because the results is sometimes confuse.

Technology is not neutral.
Spectacle is not democratie.
Lies are not fair.

My problem is not the beer flu, but the purpose for which it is used and managed.
I am despite to see the /e/ project community polluted by this mainstream paranoïa.

Some likes learning, i prefer understanding,
some likes knowing, i prefer thinking.

1 Like

Just updated to version /e/OS 0.12- Pie. MicroG is still on version 0.2.10. MicroG 0.2.12 is needed. Sorry, but now I really have to leave until the App can be installed. Iḿ against all this track and trace stuff too, but it was decided in 2005, I’ll give a quote:
“Member States are obliged under the International Health Regulations to develop public health surveillance systems”
And the link:
https://apps.who.int/iris/bitstream/handle/10665/43883/9789241580410_eng.pdf?sequence=1
All there is to say about this is political. The first attempt failed in 2009 (swine flu, in some countries named Mexican flu), today we experience the surveillance state in full force. Goodbye, I want to remain a member of society, without the App I am not.
“Mom and dad, neighbors, friends and family”? They all want an easy install for this App and others like ID Apps and Payment Apps. So /e/ is really only for nerds and geeks.

1 Like

Where is the easy installer, the easy update for MicroG?

2 Likes

Hello.

[off topic]
Yes, but what society ? Who decided ?
No choice, no alternative, society of business created from scratch the society of tracking, with the political consent (?) of our (?) institutions (elected and especially non-elected administrations).
[/off]

" We don’t need no thought control " (PinkFloyd, 1979)

2 Likes

Am no longer using /e/, but do use Lineage 17.1 with Microg. Got the version with Exposure Notification API. Also have Coronamelder installed. Before the update with the Exposure Notification API I got the message that I needed to update Play Services. Currently, that is no longer the case. However, Coronamelder doesn’t work and given the following reply on this Github issue, it’s not likely it will work. See: https://github.com/minvws/nl-covid19-notification-app-android/issues/31

1 Like

It won’t work with MicroG indeed. Just tried on FP2 with Fairphone Open and MicroG, it doesn’t work, gives exacctly the same notifications as in /e/. Tried the Fairphone Stock ROM with Google, it works. I stop using smartphones until Governments an financial services allow Free Software. Screenshots taken in /e/: