While looking for alternative software for Google & co. I discovered Morena. Now I am wondering, which data will be collected from the company itself when I use their Mail, Calendar, Notes etc. and which data could the technically disclose if, say law enforcement, asked them to hand out someone’s information? I guess (and hope) none, but I haven’t found anything explicit n the website, this forum, or in the internet regarding this.Other providers like Protonmail or especially Tutanota have a very visible statement of their zero-knowledge approach on their websites and are frequently reviewed by people on YouTube or elsewhere, so I could get a good impression. There is not much to find about Morena though, despite the fact that it looks really promising!
Hope someone can help me and show me where I missed their detailed privacy policy or end-to-end-encryption standards. Or tell me if it is different.
It looks like some of the text here has gone out of date by /e/OS 1.6:
If you do not want to report crowd-sourced data to Mozilla, you can set your location services to ‘off’ or ‘device only’. These settings can be accessed from your OS, going into ‘Settings’, then tap ‘Location’. To turn off location services, tap the switch in the top right corner and then ‘Mode’. To select ‘device only, within the ‘location’ settings page, tap on ‘mode’ and select ‘Device only.
Unless I’m at the wrong screen, I can only do this by selecting Wi-Fi and Bluetooth scanning and turning off all the switches. I do remember the “Device Only” selection from AOSP versions but I don’t see it here.
Interesting because I forgot about that. Seems those options disappeared some time ago from Android. Went looking through my devices. Oreo has the location modes but Pie, Q, and R do not. Pie has a battery saving mode (use network but not gps).
Made me wonder if turning off location services is equivalent to device-only but nope. Did that and ran GPSTest. Pops up a dialog saying GPS/GNSS is disabled.
Not sure why Google felt the need to remove location modes.
As you may have found out by reading the privacy policy linked above, the murena team promises to not share your data.
Since you asked for the technical background, here it is:
There are no client-side-encryption or zero-knowledge sytems in place. Handling these is ever so slightly more complicated than murena thinks their target group would accept. So they don’t do it.
