the past months I am on a personal journey to get of the radar of Google, Facebook, Twitter, Amazon, Microsoft, and friends… For my laptop I changed from Windows 10 to Ubuntu. For my smartphone I changed from Google/HTC Android to /e/ Android. I have ended my Facebook/Whatsapp/Instagram accounts, and (this week finally) my Google account. I share hints and experiences with my friends and relatives.
I read discussions on this forum about calls /e/OS still does to Google services. To me this means I cannot promote /e/OS to my friends and relatives. A statement like ‘it is de best un-Googled smartphone’ is too vague not good enough for non-tech users to do the investment and accept the sacrifices.
Let’s say the OS does no more than one call a day to a Google service. That would be enough for Google to know my travels around the world (using hotel wifi’s). Ouch, that hurts… Of course that is only a very small trace with Google, compared to how I worked and lived before, but, combined with the many other traces of people around me that would probably be enough for Google to identify me.
Personally I would like to have a better idea of the state of un-googling of /e/OS. An idea that enables me to weigh the importance of it for how I use the phone and apps and browser.
With much appreciation for all the efforts of the /e/ team,
I would be interestd to know exactly what calls. (Of course MicroG does, if enabled, with very limited amount of information).
Indeed if MicroG is enabled, the same unique identifier will ask to Google if notifications are available with different IP addresses.
But those little calls aren’t enough to really track you. And there is an easy solution for that : a VPN.
If your relatives are Edward Snowden and Julian Assange, tell them not to use /e/ in their main phone. If your relatives are common people, clearly those tiny calls are nothing compared to what they leak.
To enlarge the subject, your ISP knows where you are at every moment (if you don’t stay in Airplane mode). If you don’t use a VPN, your ISP knows on which websites you are.
Clearly, those little calls are at the end of the “To do for privacy” list. Let’s start by fixing the big and obvious leaks, then the others.
I see that I need to adjust my hypothetical scenario. That one little call per day is triggered by the OS, outside of my control, and it contains at least one identifier of my device.
The link of my device to my non-google-emailaddress is for Google easily laid, if I use my home wifi, communicate via email with Googled people about a visit, and they visit me and ask to use my home wifi… That is a common thing to happen. For this reason I have started to use only cellular data on my smartphone.
My ISP vows to not track my use of their services, and they are bound by EU GDPR.
Yes, for myself I am considering using VPN. But I am wrestling with this. I dread having to say to my friends and relatives ‘oh, yes, and you must also use a (paid!) VPN’. It all adds up. A more expensive phone, with less apps, with restrictions in online behaviour, with a VPN subscription, …
The thought comes up that Google and the like will never have to fear that the masses turn away from them. They can relaxed watch 1%, or 10%, struggling to escape, and keep near to 100% of their profits in selling well founded predictions of future behaviour. Only a fundamental change in (inter)national laws can force the Big Tech to change their practices.
On the positive side: the 10% strugglers for privacy can contribute to a change in public opinion.
Still hoping for more concise information about the current en future state of un-googling the /e/OS.
I think your scenario could only be real if you were targeted. And I don’t think the little calls “outside of your control” contain any unique identifier. So with a VPN, you’re good.
Why ? You can use /e/ on cheap phones, and keep them for years.
And the PinePhone (with kill switches) is only at 150$ (135 € + 50 € for shipping max). Not supported yet by /e/ but it’s planned.
The non-working apps are not the best for privacy, but it’s true you won’t be able to use some banking apps or Snapchat because there is no SafetyNet working in /e/, and some TV apps like Netflix because some devices (a minority I think) don’t have any DRM right.
What restrictions ?
ProtonVPN offers some free servers in a limited list of countries, not in France though and I’m not sure about the quality of the bandwidth.
But 90€ for 37 months with NordVPN (2.43€/month) isn’t something really expensive compared to what it brings.
So, yes /e/ isn’t perfect yet, but not recommend it and let people with the stockROM isn’t a good move according to me.
First of all, good job on making the switch to a more privacy-friendly lifestyle!
You surely agree that it’s not something most people are willing to go through by themselves, even if they did have any reason to give up the convenience of services they already enjoy for free. Projects like /e/ aim to make it easier for people to keep enjoying the same services like email, cloud storage, etc, while respecting their privacy.
It sounds like you’re talking more about anonymity rather than privacy. Anonymity is really a whole other level and by no means is something that technology alone can provide, it takes effort from the end user that most people, even tech savvies can afford (if you want to maintain your lifestyle and/or sanity).
I’m not really sure what to say here to answer your question, there’s always something else you can do to improve your privacy. Some issues are more critical than others, some are out of your control. In my opinion choosing the right services and supporting them is already a big step forward. Focus on that, big things first, and understand that no one single technology will get you off the radar.
@Anonyme thank you for replying. the scenario is just something I figured up myself. please let the e.foundation explain in detail to me to what degree an /e/ phone is still touching the Google ecosystem, and be concise about the planning. “it is planned” is vague. publish a planning.
restrictions in online behaviour are, if you really want to stay off the Google radar: do not use the Google search engine, don’t watch youtube video, don’t use gmail, don’t use Google translate, don’t use apps that use the playstore, etc.
@PNJ88_Beast thank you. it is not about anonymity, it is about staying off the Google radar. I would like to support /e/, but /e/ is, as I feel it, not holding itself accountable. “Big things first” is too vague for me. Tell me what the small things are… what they amount up to. The “Big things” I can for the most part also avoid on a stock rom android phone.
@HenkK if you are looking for a response from /e/ developers … ‘we changed line 46 on this code file or the plan is to be ‘perfect’ on day xx of xxx month’… then we do not have such detailed documentation nor a perfect plan with precise dates . It is a small team and most of the time the team members are neck deep in bug fixes and enhancement requests.
In case we are forgetting, the code base we use is from google- AOSP. Which Lineage took up and then we forked from them.
We have de-googled a lot of it. Do not ask exactly which lines because as I mentioned it is simply not possible to track that now as it is not documented…
Getting into an argument or discussing all this again or expect new answers that are beyond what has already been given here is not going to happen because as I mentioned the dev team is already running late on a number of issues for e.g. closing out 600 bugs (numbers as of today), releasing an easy installer, Upgrading the devices still stuck on nougat or oreo to the Pie build, coming out with a system with different levels of profiles and a FOSS only version of the ROM, change the name from /e/ to something more easier, …the list is long and I have not even mention half the issues we are tackling
What will be easier for you is using your experience you can run tools / apps which check the network connectivity or run through the code and let us know if the /e/OS still leaks data.
The entire code base is available on Gitlab.
Find out where we went wrong or what is not done properly and let us know by raising issues on the Gitlab and we will be happy to fix it.
@Manoj now we are talking. basically you are inviting me, as a user, to become an insider. the openness of the source code is a good thing, but the technical knowledge needed and the amount of source code make it practically undoable. detecting leakage to Google is a responsibility of /e/, not of its users. please add it to /e/.
there are two issues here for me. the first issue is that the /e/ organisation should hold itself accountable for their claims to the general pubic in an orderly fashion. bits of information here and there in the forum is not adequate for accountablilty. it should have a starting point at the homepage. the other issue is the apparent shift of focus towards making /e/ more acceptable, all while the primary goal of ungoogling is still not met completely. for me ‘un-googling’ is the reason of existence (raison d’etre) of /e/.
What @andrelam is writing, that is exactly what i am asking for. Hold yourself accountable to the general public for your claim of un-googling. Make the list of André, which is high level, complete, to cover in an understandble way what un-gloogling means, and to what extent your goal is reached. If at some points there still is a exposure to the Google eco system, help me understand what it means for my privacy wrt Google. if you are working on improvement give us release date’s.
I cannot plead the cause of /e/ by saying ‘/e/ is not completely un-googled, but they are good guys and working very hard’.
@lkesjbnrti and @PNJ88_Beast thanks for the reactions. I like to take up the challenge, but first I need to have a clearer idea of the measure of success of /e/ in un-googling android. if there remains exposure to the Google eco-system, it could be interesting to compare this to a radical approach in avoiding/suppressing google exposure with a regular stock rom. interesting because it can be applied by everybody who uses an android phone. I propose to do this then in a seperate thread.
There is a response on our documentation site here in case that answers some of the questions raised here.
All the same I would say find the answers yourself.
Google and Facebook in their press releases always maintain that they seriously value their user rights and privacy. We all know what the facts are.
Similarly do not take us on our statements or comments.
Flash the build or check the code and let us know what issues still remain .
As Gaël always says /e/ is a evolution not a revolution. We are working on evolving and improving the AOSP / Lineage code.
We will be happy to update and improve the code in case there are valuable pointers from your side.
The documentation available on the website is well written and structured including a chapter on what is meant by ungoogling.
But I’m also happy to see that the ungoogling part that is at the core of /e/ is being questioned. It sure is complex and technical. As a non-tech savy I will not dig into it personally but I need to see trust from the community. I don’t know how /e/ can bring this trust, but this discussion gives hints. I noticed in the past a lack of convergence between e and Lineage (it was regarding updates). Why not consider the complete supply chain. Check upstream where we can gain efficiency and smoothen the processes.