just small circles 🕊
Yes, you can ditch #GoogleMaps now..
#OrganicMaps is here. Use it while offline and feel good about a #privacy-respecting app that doesn't suck you dry of your personal information. Based on #OpenStreetMap this app is gonna blow #Google #Maps out of the water (hopefully ;)
HistoPol (#HP) 🏴 🇺🇸 🏴
Friendly reminder:
People, stop using #Meta, #Google, and other #BigTech Apps that make YOU the product!
There are already so many right-wing governments.
You compromise your current or at least future security (e.g. profiling using LLMs.)
Use #Threema or #Signal instead.
#DeleteWhatsApp
#DeleteThreads
#DeleteFacebook
#DeleteInstagram
#DeleteTwitter
#DeleteTikTok
#DeGoogle your Android phone
Data collection comparison of messenger services (found on the web):
eddynamite
@HistoPol @smallcircles manque @session 😉
Benjamin Egon
These applications are executed by electronic components. Do electronic components from Intel, ARM and Nvidia provide complete telemetry of our activities?
Yes, these corporations are legally obliged to spy on us.
What else can I say?
HistoPol (#HP) 🏴 🇺🇸 🏴
Qu'est-ce qui ce manqu, tu pense, @eddynamite1969?
eddynamite
@HistoPol @smallcircles @session je dirais @briar mais y a pas grand monde qui l'application. Sinon il y a un site de libriste qui est pas mal https://wikilibriste.fr/debutant/logiciel-alternative-libre
ilyess
@HistoPol How is profiling done using LLMs? I’m assuming you’re referring to Large Language Models here.
HistoPol (#HP) 🏴 🇺🇸 🏴
Yes.
It' been awhile since I read about it. E.g. screenscraping from social-media sites as one source.
HistoPol (#HP) 🏴 🇺🇸 🏴
Excellent questions.
As I had offered, if someone in-the-know provides the data, I am very willing to recreate the image with more columns and solutions and/or pros/cons.
JM Horner 🐝
Would XMPP and Jitsy be blank if they were added to that chart?
Martin Be
@HistoPol @smallcircles You can't use original Signal on the degoogled devices due to the "hardcoded" google-services dependencies in the app code.
Okay, they are some modded Signal versions with google crap removed, but still that's a "third-party" work - you can't be sure of what exactly is in the code inside. There's no warranty that someone doesn't compromised the app code. We have a few good example of troianised apps in the Samsung and Huawei store with over a million counted downloads.
HistoPol (#HP) 🏴 🇺🇸 🏴
Thanks for pointing this out.
An alternative app must run on Android and Apple to be acceptable, non-exclusive for the general public.
For me, not fond if the #RottenApple and its data practices and lock-in policies, #Signal will not be a solution in its current version, then.
I think I read that #Threema doesn't suffer from this issue?
Martin Be
@HistoPol @smallcircles To be honest I have no idea if Threema will work? I don't use android anyone since few years. Btw.. This app is open source or not?
I think better solution in such case can be Session, SimpleX, or something similar to them both. They can be normally used on for example SailfishOS with android api enabled. They also have a cli and desktop versions as well for many operating systems.
Martin Be
@gorky @HistoPol 2/2 Luckily there is a workaround. You can use patched signal fork called "Langis" together with the ntfy (alternative notification system/api) and extra "for signal" patched microG version. Such combo will allow you to have and use 100 percent identical in the terms of functionality signal on the degoogled devices and your account won't be banned.
GӨЯKY
CC
@distopico @HistoPol @smallcircles
Yeah, Threema's business model is to provide the network (and the server code) as a paid service. So given that, It is not clear under what kind of open source license they could publish the server code. Once their network was big enough, supposedly they could say, yeah.. here's the code, go ahead and try to compete with us. But some of their bigger business clients might choose to run their own server.
Distopico
@kino @HistoPol @smallcircles reading about Threema is similar to signal in terms like the server is close source and not #decentrilized / #federated like #XMPP or #Matrix
CC
@distopico @HistoPol @smallcircles
#Threema has an f-droid repo:
https://threema.ch/en/faq/libre_installation
Actually one of the few projects taking advantage of the fact that f-droid is built to be #decentralised
Distopico
@HistoPol
@smallcircles
No sure about #Threema but #Signal is a centralized service that use Google Api and doesn't allow redistribute/publish is free service such as #FDroid, what about #XMPP or #Matrix ?
HistoPol (#HP) 🏴 🇺🇸 🏴
LOL
I would not open a WhatsApp account, even if you tried to bribe me. 😉 --No-no-go.
Well, it depends a bit on the sway you have, e.g. if you manage the IT of a small businness or a larger part of your damily/relatives. Those that don't like it have to use SMS or Mastodon or call me.
It is a hard start I agree.
The solution should
run on iOS/Android, PC/Mac if possible.
install easily or be gifted
have a look-and-feel like WhatsApp
Not use native services...
Greenbirder
@HistoPol @smallcircles
I’d like to use a messenger other than WhatsApp but it’s hard enough to persuade the people I interact with to open accounts with it - as for telegram and the others, forget it. Not a single person I have told about these is interested or can be bothered. They can be as private and secure as you like but if nobody is installing their apps what is the point.
HistoPol (#HP) 🏴 🇺🇸 🏴
(2/2)
...then, it can be pushed in your surroundings.
It is, as we all know, a network effect.
However, the more warrants and seizures or leak of Meta data (#CambridgeAnalyticaSummit) become public knowledge, the more I see the willingness to switch.
Also, many people in many countries are afraid of right-wing government takeovers. This, in combination with "#ChatControll discussions in the #EU, in particular #France, will provide possibilities.
HistoPol (#HP) 🏴 🇺🇸 🏴
(1/2)
Thank you for your well-thought comment based on your wast experience.
I tend to disagree with your overall conclusion, though:
"There are no absolute correct choices here." Maybe. But we presently have "one size fits all", at least in the West, and that is #WhatsApp.
In the face of the rise of fascism and the surveillance state a maximum number of people must move to...
CC
@distopico @HistoPol @smallcircles
Rather than trying to lock down options, everybody has to find what "works" for them. There are no absolute correct choices here. For some, a good option may be no tech IM style comms at all. For others, maybe getting a genuine personal recommendation of trustworthyness from someone you trust might be worth more than "some hacker bros said it was all good." Not saying this is or is not the case with Threema. :-)
Distopico
@kino @HistoPol @smallcircles so instead trust many tech people that audity the code we should trust what one company behind those server said?, With XMPP you can choose several server some of those behind social activist such as disroot or use your own server
CC
@distopico @HistoPol @smallcircles In general I find that false dichotomies don't help here. "Audited" code is overrated. (History has already absolved me) It may even lure into the false sense of security trap.
But yes, 95% or so of the time, if it is a question of data integrity/security, and you have the time and skill to do analysis, you're probably better of with FOSS. You might also choose to trust other people, which is what a code audit is, no?
Distopico
@kino @HistoPol @smallcircles well close source/private != Privacy, you cannot own your data in your own server, you can't audity the code so you don't know what they do with your data
CC
@distopico @HistoPol @smallcircles
At this point I'm not taking the open source == good (just coz) argument at face value anymore. The future of Matrix always seems somehow, em.. unconfirmed? An interesting project. I wonder where it will go. There's been a LOT of VC funding up to now, one might assume some return is expected at some point. Maybe not though. I've run jabber servers in the past, I still have one, but federated XMPP just somehow can't seem to take hold outside of its own niche.
HistoPol (#HP) 🏴 🇺🇸 🏴
@kino @distopico @smallcircles
(2/3)
...alternative messengers. The cannot indict everyone. This will protect the minorities (persecuted by the NS,) that direly need this protection.
I can see that many people might yet opt for even more security. But in this case, maybe even 3rd best would be way better than sticking with data kraken #Meta.
For instance, #Mastodon is definitely not the best solution for everyone. But yet, it has...
HistoPol (#HP) 🏴 🇺🇸 🏴
@kino @distopico @smallcircles
(3/4)
...become the biggest non-corporate competitor.
I think the challange is finding the smallest common denominator and then promoting that (except for specialits lice infosec, who can easily manage 2 or more messengers.)
This is not about convenience anymore. This is information warfare preparation. Looking at what happened in the countries of the former Arab Spring or Iran and in particular to Russia and...
HistoPol (#HP) 🏴 🇺🇸 🏴
@kino @distopico @smallcircles
(4/5)
...foremost China gives a pretty clear picture how this might turn really ugly.
The foremost global market square of ideas, #Twitter, is already lost. It had played a vital role in the Arab Spring.
For instance, #Telegram might be #freemium software, distributed and all, but its operational servers are in the #UAE, an autocratic state, where you'd better not...
HistoPol (#HP) 🏴 🇺🇸 🏴
@kino @distopico @smallcircles
(5/5)
... be involved in serious car accient with a local as a foreigner.
In short, I think the choices would be very limited, if the criteria I mentioned earlier were applied.
//
HistoPol (#HP) 🏴 🇺🇸 🏴
Thank you very much for pointing this out. This was exactly what the comparison table seemed to be "telling" me and what I read (indirectly) in a couple of articles.
Not sure about Telegram, as the operational server is in the UAE, and this has already caused some issues with foreign intelligence services, who did not seem to get the data they wanted, but authoritarian regimes are definitely no better.
There is, however, another Swiss and a French solution,...
Öffentliche Parkbänke m. Tisch
It doen´t matter which version/fork you use from Signal!
Since Signal's entire traffic runs over the clouds of Amazon, Google, Microsoft & Cloudflare.
All US services can pick up your meta data directly from there, thanks to the CloudACT:
https://en.wikipedia.org/wiki/CLOUD_Act
Only Threema does NOT store any metadata nor IP-Adresses.
HistoPol (#HP) 🏴 🇺🇸 🏴
...further down the TL that has not been assessed yet in this respect, which still might be an alternative, apart form the distributed solutions.
Öffentliche Parkbänke m. Tisch
The advertising statements from Signal don't help at all.
85% of the SP run on Google's Android and that sends encrypted data packets to "home" every day. No one knows what's in there, but can assume that Google can assign the IPs to fixed users every day.
If someone sends a signal message Google knows where it comes from and they know to 85% who got it!
All this results in valuable meta data!
Proxies are useless, because they have your proxy IP / VPN IP, ect.
GӨЯKY
Juno Jove
@Pabamiti @gorky @HistoPol @MartinBe And for those among us who "have nothing to hide" and are somewhat unlikely to be the target of a murder drone... (Btw, a fallacy, your privacy is a fundamental inalienable right)
You still don't want to get an ad fed to you in a moment where a system of statistical algorithms has determined (with shocking accuracy!) you are most susceptible to external impulses to make a purchase.
And that's exactly how ad tracking works.
Öffentliche Parkbänke m. Tisch
@jupiter @gorky @HistoPol @MartinBe
Exatctly
“metadata absolutely tells you everything about somebody’s life.
If you have enough metadata, you don’t really need content.”
NSA General Counsel
Stewart Baker
In:
"We kill people based on metadata"
https://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/
Juno Jove
@Pabamiti @gorky @HistoPol @MartinBe Yes! What many don't realize is that who you're talking to, and when, is often a more revealing and dangerous set of data than the actual conversation itself.
Öffentliche Parkbänke m. Tisch
It is not Android that is the problem, but Google - the old data octopus - that is behind it everywhere.
And Google sees the user IPs and knows who is behind it. Big Data in the global sense!
But there are enough solutions:
Set up your smartphone with an ungoogled Android. Use secure keyboards (e.g. OpenBoard).
Signal is a data slinger - in the sense of the US intelligence services. But it is not a secure messenger.
GӨЯKY
The advertising statements from Signal don’t help at all.
What they have published are responses to subpoena from US courts. Don’t believe courts would accept advertisements as response.
85% of the SP run on Google’s Android
So you are suggesting that android is the issue here? In that case it doesn’t matter which IM you are using, becoz as per this, android can send out a bunch of information about anything on your phone to google, in spite of what application you are using.
Android with google services could do this, probably is the reason why some people prefer to use de-googled android (one of the original question here that triggered this convo).
Google can assign the IPs to fixed users every day.
I certainly don’t get this. Google doesn’t assign IP addresses to your device. It’s done by your ISP.
Overall, to me it look like you are suggesting the devices running android itself is the problem. In that case, the only option is to do away with mobile phones, becoz, in spite of what OS you run, your service provider can track your exact physical location anytime, which could be more troubling.
And I get the argument that meta data is what gives you up and that is where an app that collects the least amount of meta data becomes more secure.
HistoPol (#HP) 🏴 🇺🇸 🏴
Sounds like good advice.
Secure keyboards ("anti keyboard-logger"?) for smartphones, tablets and laptops? Might be a peripheral device, but not a practical solution.
Fairphone has warranty issues (see thread earlier this week) and DYI is beyond the knowledge of most. (Have an old Samsung, not updateable anymore, would love to have it working again--deGoogled.
HistoPol (#HP) 🏴 🇺🇸 🏴
Thank you, the functionality was, in fact, one issue.
You might want to check out the earlier posts regarding the security issues, none the less, something that does not impact that it does work.
El Perro Negro
@gorky @HistoPol @MartinBe Signal has worked fine on my deGoogled Android for the last 2 years
HistoPol (#HP) 🏴 🇺🇸 🏴
Yes, you need to start two-tiered if you have this lock-in (I live without it) and small:
I touched on this here:
https://mastodon.social/@HistoPol/111001873072512649
and here:
https://mastodon.social/@HistoPol/111000178133825731
And some place else that the UX must be like WhatsApp, easy to install, free or be able to be gifted, etc.
dinosauce
@HistoPol @smallcircles the main problem with this approach is that WhatsApp is so baked within the population that it's hard to disentangle someone from those in a viable way.
Distopico
@HistoPol @kino @smallcircles is not limited, is just the basic requirement, you don't have privacy if you don't have transparency and you can't have transparency with close/privative software
So for a WhatsApp replacement the base requirements should be
- Free software client/server
- Federated/decentralized
- Allow self hosting, so if you don't like X location of the server you can use you own server in the location of your preference
- Support e2e encryption, ideally by default and required
HistoPol (#HP) 🏴 🇺🇸 🏴
ICYMI:
ian
@HistoPol @smallcircles
With Telegram you don't have to share your phone number or contacts. And you have no user name/ID unless you choose to create one. As that is useful to share 'instead' of your phone number.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.