in trusted credentials in my fairphone 3 I can see that the Google credentials are still there?
Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services
Is that gonna be checked in the next release or is not such a big problem for a degoogled phone?
Not everything which has the letter sequence “google” somewhere in it is a problem by default.
Google operates a certificate authority (Google Trust Services LLC … https://pki.goog/). As does the Netherlands national government, apparently, as does everybody else you can see represented there by their root certificates.
For a visible example of those certificates in use … When you visit a website using HTTPS and tap the lock symbol in the address bar, your web browser will give you information about the certificate authority who issued the certificate to the provider of the website for this secure connection.
If a root certificate of a certificate authority is there in the certificate stock, the browser vendor trusts the certificate authority to be reliable in that field, and subsequently certificates issued by this certificate authority to service or website providers get trusted, too.
Be aware that deactivating certificates in Android system settings should have little effect on web browsing, as e.g. Chromium based browsers (like /e/OS’s Bromite version) and Firefox based browsers keep their own stock of root certificates and don’t care much about what the system can offer, as far as the internet tells me.
6 Likes
Thanks for it. I have been using internet with Google and Amazon credentials deactivated for years without any problem.
When the Os is caled it self de-google, yes it is.
Ok, then I think you really might want to discuss it with the developers by opening an issue over at the GitLab … Issues · e / Backlog · GitLab
The thing is I did it allready some time ago for another device and they changed it, so I dont understand why another device like now FP3 still is using it.
my feeling is you’re confusing something or have a wrong assumption about what those root certificates in your truststore do. Root CAs are independent of tracking concerns or “degoogling”, even if the Certificate originates from Google. There are a lot of websites out there having Google CA issued certificates , the websites are paying for the privilege. From a tracking perspective, there is no reason to remove the Google CA from the truststore
Edit: if in doubt, make a screenshot of what bothers you if we misunderstand
6 Likes
No misunderstanding. I talk about the trust credentials in Android.
How did you deactivate those certificates in your mobile browser?
Experiment:
- https://www.nasa.gov uses a certificate by Amazon.
- I deactivate every Amazon root certificate in Settings - Security - Encryption and credentials - Trusted credentials.
- Fennec F-Droid happily shows https://www.nasa.gov still verified by Amazon.
- “Browser” (fork of Chromium/Bromite) happily shows https://www.nasa.gov still verified by Amazon.
So, I deactivated those certificates in Android’s Settings, and I can surf the web without a problem because the browsers use their own set of root certificates.
In the internet I’m mainly finding stuff on how to add them. No settings for deactivating or deleting them in sight for me in Browser and Fennec F-Droid (didn’t find anything promising in about:config, too).
How would I do this if I wanted to?
Or am I misunderstanding something?
1 Like
Th ething is like you said. The browser use their own ones. So then why not having them deactivated in Android.? there is where I desactivate them like you have done.
I was just demonstrating that this doesn’t achieve much. Normally I wouldn’t bother to deactivate certificates there.
So you actually don’t see a problem with those certificates being used, since you know they are in the browser and you can use the internet without any problem with them being there.
So then why not just let them be in Android, since you are ok with them in the browser?
The certificates themselves aren’t evil. I don’t see you complain about GoDaddy certificates, you might want to look up the reputation of this company. (Just an example, they just caught my eye in the list.)
Most of the code you are running as /e/OS on your phone was originally done by Google and offered to the public as Android Open Source Project (AOSP), which then LineageOS is based on, which then /e/OS is based on. This is active code, actively doing stuff on your phone, this is much more intrusive than those certificates.
Perhaps we should petition the developers to just change the label string from “Google” to e.g. “Acme”, and the “problem” would be solved.
2 Likes
NO , is not about that. We all know that ANdroid is Google, so then maybe is imposible to get a degoogle software, isnt?
You are getting funny there. I am a user of sailfishOS , and I was usng e/ again cause I was waiting for a port for sailfishOS. I might say that I love what the e/ team are creating, so I was just trying to help them to be aware of what they sell, a degoogle software. So if there is something that I can help to get reed of from the google that dont wanna have in their software, I will try it. So @AnotherElk , is not a complain , is to try to help. thanks for your time of research
While I have another opinion on the Google CA - I didn’t find UIs for disabling CAs in the Browsers (Fenix/Bromite) truststores. One would need to rebuild the package to do this.
(Though they do accept user-added Root CAs from the system after flipping some config flags)