New MicroG 'feature'

On a primary user profil too. That’s what I have done.

But my banking app will need MicroG :pensive:

Which service is the one …‘Exposure notificatons’ ?

That’s the new virus corvid framework

Dear all. I would like to bring in my dissenting opinion. It’s my wish to participate in the Swiss covid tracing effort and to be able to run the Swiss covid app. It’s a decentralized tracking effort, imho a pragmatic approach to be able to have a tracing app that most people can run on their smartphones. There are some issues, but imho the creators have given their best to balance privacy concerns and general feasibility. I would like to support this tracing effort, in order to help our country fight the virus.
I totally accept it if other people have other opinions on this, but I would greatly appreciate if /e/ would not patronize me in this aspect but give each /e/ user the option to use this new micro-g functionality or not, as he/she wishes.
Best regards and cheers

8 Likes

pls, use this thread for your comment regarding c-19 apps. Here it is the place to discus the microG feature. thx

I don’t have a microg new enough for this (plus I’m not sure if it works now at all ) but I would comment about the behaviour of the official Google Services one: not only it’s off by default but you can’t even turn it on without installing some app that requests it. Once on it will notify periodically (weekly?) that it’s on and I think which app is using it (just in case you gave this to some other completely unrelated app or you forgot you have it on).

1 Like

In the Corona Warn App Thread I wrote more neutrally, but here I want to get a little more explicit.

Why should this part of microG be removed from /e/? Here we have an API that used to be proprietary but thanks to Mar-v-in we now have the possibility to use it, without having to create a Google account. We now have the possiblity to make the CoronWarnApp usable on /e/. My biggest issue with this app was, that it is essentially an open source work, funded by taxes but only usable, as long as you decide to let Google or Apple track your every move. Now this App - which I (and I know there too is a myrade of opinions out there) consider to be a good additional measure to fight the spread of COVID-19 - may be usable on a degoogled OS. On top of that: as long as we simply choose to just turn Exposure Notification off or - even simpler - to just not install the app, this API will do absolutely nothing. No data los. So basically, despite the framework being added to microG, anyone may choose to do with their data as they please. To me the slogan “my data is my data” includes, that I am free to release certain information about myself as long I think it makes sense to me personally. If somthing is mine, I should be free to do handle it as I please.

Honestly I am a little surprised, that the arrival of a microG version of the Exposure-Notification API is frowned upon instead of celebrated. I think the fact, that Mar-v-in managed to pull this off is commendable and I for one am hoping that it will find its way into /e/OS to make it even better.

11 Likes

That’s the point!!!

I would like to have at least the developer’s guarantee that simply by deactivating this function, there is no “contact” with google

3 Likes

Even the original Exposure Notification API in the play services doesn’t “contact” Google! ([https://www.blog.google/documents/63/Exposure_Notification_-_FAQ_v1.0.pdf])

This one included in MicroG also does not contact Google. It simply sends the generated identifier via bluetooth and receives the identifiers from other users. The identifiers are not linked to any other phone or personal information and are changed every 10-20 minutes. Basically there is no internet communication at all by the framework, only in case that the user received a positive test result and explicitly uploads that information in his corona-app.

In the end the Google-Cloud-Messaging feature of MicroG is far more privacy-concerning than the Exposure Notification API.

But, of course, the feature should be disabled by default in MicroG.

1 Like

Yes, I knew this because I had already read how the Italian covid app IMMUNI works.

Anyway we, as users, can write here what we think is technically correct, but in my opinion, the main voice that should speak here is that of Microg’s developer, Marvin Wißfeld.

And since microg is now officially part of /e/ Os, I think we also need an official response from him, or at least from /e/ foundation to reassure everyone about the current and future functioning of this system component.

This is what I think

4 Likes

The way I understand it, the beauty of open source is that anyone with the necessary knowledge is able to look at and evaluate the code. To me personally it is enough that nobody has so far raised any complaints about the code provided by Mar-v-in.

The discussion under this Reddit-post (https://www.reddit.com/r/MicroG/comments/i3334p/microg_now_includes_a_preliminary_implementation/) is quite enlightening by the way. Especially the post by sati (which is hidden due to many downvotes, but you can make it readable by clicking on the little + next to it) and the replies are quite enlightening.

If there is such an Api available, it will be used some days in future from government to spy on their citizen. That’s the big problem.

4 Likes

As suggested, I followed the link on reddit thread about this new microg component, and I found a very interesting point of view of Sati:

" What exactly does covid19 have to do with Google, Apple, Microsoft, etc? Nothing… they are tech companies, advertising companies, etc…

For years now companies like Google & Apple have been attempting to infiltrate the medical aspect of our lives. A few years ago Google were blocked attempts to store & analyze peoples DNA and for good reason too. Which is why they’ve recently turned to the “fitness” aspect of our lives. So now under the covid scare they are attempting to get their foot in the door once again.

It’s a step by step process and if we keep accepting (read: giving them power) then they will ultimately rule over us all in their digital, “big data” kind of way.

The point is that this “covid exposure” system that they’ve quite literally pushed might not be the ultimate infringement of privacy as of yet, but it’s a stepping stone in that direction if we accept it (much like the rest of the covid scare tactics)."

2 Likes

Each and every API included in microG can be used “in future from government to spy on their citizen”; and not in a general way like “oh, everything can be hacked” but they (specificaly GmsCore, GsfProxy, UnifiedNlp, mapsv1, Store), each and every one, give up by design some security for some functionality. It is up to you to decide what to enable if you want. Now if you don’t trust the developer that the things are off when you set them to off and you don’t trust the community and yourself to actually check and confirm the code does this what would the path you can, even in theory, walk to be comfortable things aren’t spying on you? How can you know there aren’t beside this 5+1 things you can see 50 more other scarier things nobody checked for?

1 Like

Yes, it’s true… at the end of the game you can’t trust any tool/code, except the one you made yourself;
and that could theoretically also be applied to /e/ OS, if we really want to be fussy.

But in this case we are discussing a software that, as you rightly say, renounces by design some security in exchange for some “convenient” features,
so it’s obvious that I’m worried, since my choice to use /e/ OS is just not to give up security and privacy, even at the expense of “comfortable” features that the system (read google/apple/government etc.) offers!!

I don’t want that also this /e/ OS, could at the end dirtied by some infamous market laws or command strategies, that one piece at a time, day after day, convince us that renouncing to our freedom we live better!!!

And that’s why I’m very skeptical about microg in general, and especially about this new function that is coming… and inevitably will come…

5 Likes

Hello.

Sometimes friends of mine think I’m mad, but in fact, both business and communism (?) spying are in the same way; is it possible (technically) so 1984 style surveillance will happen.

I strongly expect e.light, without microG (that I don’t need and expect I won’t in the future, even if www is more and more googled).

9 Likes

An alternative would be to replace microG (GmsCore) manually:

I’m building my roms, so I can remove it easy :wink: But my main driver with banking app needs MircroG :frowning:

An activist like you should not use a banking app but the chipTAN procedure with an external TAN generator.

1 Like