https://kevinboone.me/lineageos-degoogled.html

In an earlier article I wrote about my attempts to remove all trace of Google from my life. Part of that process, which is still ongoing, was to install Lineage OS on all my Android cellphones and tablets, replacing the original, vendor firmware. Doing this removes the egregious Google Play Services although, of course, this severely limits my ability to run Android apps. That’s a sacrifice I’m willing to make, although not without some regrets.

I’ve subsequently learned that hard-core de-Googlers eschew Lineage OS, because it remains too close to the stock configuration of the Android Open-Source Project (AOSP) on which it is based. There are certainly smartphone ROMs, like GrapheneOS, that are even more Google-free.

But I’ve grown to like Lineage. I don’t know what kind of future it has, but it works well for me, and it’s easy – as easy as can be expected – to install on all the devices I own. Installing and setting up Lineage is fiddly enough; I don’t want to make my life even more complicated, if I don’t have to.

Those of us who are divorcing Google worry most, I think, about Google’s intrusive data collection. Of course, Google is by no means the only business that engages in such practices – “surveillance capitalism” is big business. But Google presents a unique challenge because, not only does it collect a lot of data, it has a lot of clever ways to process it, and find connections between disparate data elements. Before my Google separation, it always amazed me how Google seemed to know where I was all the time, even with location services disabled on my smartphone. And Google’s advertisers seem to know what I’ve been shopping for, even when I’ve been doing my shopping in person at retail outlets. How Google does this, I don’t know; but I do want to reduce their opportunities to do so.

So I need to know what information my cellphone is sending to Google, even having removed all proprietary Google stuff.

I have to point out that I’m not talking about additional, 3rd-party apps that I might have installed on a Lineage OS device – all apps have the potential to create privacy problems, but I’m free not to use them. Here I’m just thinking about the platform itself.

Note
I run Lineage with no Google apps or services of any kind. If you do run Google services, you have to accept that absolutely everything you do with an Android device will be known to Google. There’s simply no point worrying about the trivial privacy breaches in this article – that would be like taking a cyanide pill and then worrying about your ingrown toenail.

In this article I’ll be describing various data leaks of which Lineage OS has frequently been accused, reporting which ones seem still to be present, and suggesting (well, guessing) how serious they might be.

The captive portal test

“Captive portals” are often found in hotels and entertainment venues. In a captive portal, all Internet traffic gets directed to the venue’s network filter, which ensures that the user has paid for a service or, at least, consented to some usage agreement.

Android performs a captive portal test every time the device enables a network connection. This test is a simple HTTP or HTTPS request on some publicly-accessible webserver. The request is expected to return a success (2XX) code if the server is reachable. In a captive portal, the service-providing organization will capture the HTTP(S) request, and return a redirection code to its own webserver. This server will provide a web page with further instructions.

By default Lineage OS uses Google’s webservers for the captive portal test. This means that Google knows every time a device raises a network connection.

Is this a problem? Google doesn’t get to find out anything except the IP number of the device, some limited information about the type of device, and the time of day. I’ve looked at the source code, and I don’t see any information other than this being sent – the code just uses the standard Java HTTP support to make the request. It’s plausible that, with a wide-area connection, the carrier might add additional information to the request, and Google might be able to infer your location from the IP number.

If you consider this to be too much of a risk, you can change the captive portal connectivity checker. Lineage provides no simple interface for this, but you can do it at the command line (e.g., by running a terminal app, or adb shell). You don’t need to root the phone to do this.

$ settings put global captive_portal_http_url http://my_server 
$ settings put global captive_portal_https_url https://my_server 

Unless you want to disable the captive portal check completely, you’ll need to identify a public webserver that can provide the appropriate response. There are many such servers; some Android replacements that focus more on de-Googling, like GrapheneOS, default to using one of these rather than Google. Even then, they usually have Google’s servers as a fall-back, because an outage of the conectivity check server could otherwise cause serious disruption.

On the whole, I regard this (captive portal check) a relatively harmless breach of privacy. It isn’t telling Google anything they’re not going to find out about in other ways.

DNS

Every time you use a hostname to identify a remote server, there’s going to be a DNS lookup. This lookup translates the hostname into a numeric ID for use with the TCP/IP protocol.

Internet service providers and mobile carriers operate DNS servers, but so does Google. DNS is potentially a privacy problem because the DNS server gets to learn every site you visit. It won’t see the actual URL of a web request – just the hostname. Still, that’s enough information to be concerned about. But it’s worth thinking about who the “you” is in “every site you visit”. To track you, personally, as an individual, the DNS server needs a way to relate your IP number to something that identifies you. There’s no definitive way for Google (or anybody) to do that; but there are statistical methods that can be very effective. They are particularly effective if you happen to use Google’s other services, because these will link a small number of personal Google accounts to an IP number.

Is this a problem for Lineage OS? While it might have been in the past, I don’t think Lineage now uses Google’s DNS, except perhaps as a fallback. Both WiFi and carrier Internet connections are initiated using protocols that can supply a DNS server. On my Lineage devices, I’m sure that these are the DNS servers that are being used. Still, there are references to Google’s DNS server – 8.8.8.8 – in the AOSP source code. So I can’t prove that Google’s DNS will never be used.

If you want, you can supply your own DNS server in the network configuration in the Settings app. But, unless you run your own DNS in the public Internet, you’ll be putting your trust in one mega-corporation or another. I suspect most are less worrying than Google, but perhaps not by much.

By the way – Lineage OS supports encrypted DNS. While that will prevent third-parties from snooping on your DNS traffic – including your mobile carrier or ISP – this won’t protect you from snooping at the DNS server itself. So encrypted DNS is no protection against Google, if you’re using Google’s DNS.

Assisted GPS

It takes a long time for a mobile device to get a robust fix on GPS satellites – a minute in good conditions, or several minutes in a weak signal area. Assisted GPS (A-GPS) primes the satellite fix using environmental data. This data might including a coarse location from a cellular network. With A-GPS, a satellite fix might take only a few seconds.

A-GPS data is processed by a remote server, that has the storage capacity to handle the large amounts of data involved. The main operator of such servers is, again, Google.

What can Google learn about a device using Assisted GPS? As in any Internet operation, it will find the device’s IP number, and it might find the coarse location. The Internet traffic associated with A-GPS can be encrypted but this, again, won’t protect it from Google. To determine the location of a specific individual, Google has to be able to relate the IP number to the individual. As discussed above, that can be done with a reasonable degree of confidence.

On recent Lineage versions, A-GPS is disabled by default. If enabled, it uses Google’s servers – so far as I know there are no widely-available alternatives. I just keep it disabled, and live with the disadvantage of longer GPS start-up times.

Time synchronization, NTP

At one time, Lineage OS used Googles’ time servers to set the time on the device. So far as I know, this is no longer the case – a general pool of NTP servers is used. Even if that were not the case, I can’t worry too much about leaking time synchronizing data.

WebView

I believe that WebView is the most troubling source of privacy concerns for Lineage OS, and the one whose ramifications are the least well-understood.

WebView is a component of Android that renders web pages. Of course, a web browser will do this, but many Android apps and services have a need to render pages without actually being a browser. The ‘captive portal’ support I described above is an example: the device needs to render a page for user to log in or purchase Internet access, even if no web browser is installed.

Lineage OS uses the WebView implementation from the AOSP, which is based on Chromium. Chromium is Google Chrome without the proprietary Google stuff, and it’s undoubtedly less of a privacy concern than Chrome would be. But Chromium, even though it’s open-source, is still primarily a Google product.

There are many known instances where Chromium will provide some user data to Google servers. For example, we know that Chromium downloads lists of ‘unsafe’ websites to support its ‘safe browsing’ feature. This will happen however Chromium is used. When used as a regular web browser, Chromium might send data to Google for its ‘hot word’ detection, for example.

When Chromium is only used to provide a WebView implementation, I’m not convinced that these minor privacy breaches are significant. It’s worth bearing in mind that the Jelly browser that is shipped with Lineage OS is just a wrapper around the Chromium WebView – if you use this browser, you’ll have the same privacy concerns as if you use Chromium itself.

There are a number of Google-free WebView implementations, like Chromite. GrapheneOS uses a WebView implementation called Vanadium, which is essentially a de-Googled Chromium. Installing one of these implementations on Lineage OS is not straightforward, or so it seems to me.

I don’t use Jelly or Chromium itself as a web browser – I install a browser that is not based on Google code, like Firefox. This limits my exposure to Chromium to occasions where WebView is used other than as a browser. In my normal usage, I don’t think there are many of those occasions, so I’m not too worried about WebView.

Nevertheless, it remains a slight concern and, if I could replace it without a lot of effort, I would.

Are we in tinfoil hat territory now?

I don’t like Google knowing so much about me, but I don’t believe Google’s data collection is directly harmful to me. My disapproval of Google’s activities (and I know Google is not the only culprit) is mainly one of principle. I don’t want to be a source of revenue for Google, or to legitimize their behaviour by my own inaction. I don’t want Google to make the Internet more of a hellscape that it currently is.

But I’m not paranoid. I don’t think Google is out to get me, or is in league with people who are. My rejection of Google falls short of doing things that will make my life hugely more difficult.

I am aware, all the same, that I have one foot in tinfoil hat country.

I know a few people – some in my own family – who eschew smartphones because they create time-wasting distractions. I certainly know people who don’t give smartphones to their kids, because of the well-known risks that social media poses to their mental health. But almost nobody avoids Google because they believe, as I do, that the surveillance economy is detrimental to society in the long term. Even those few who do believe this are mostly not willing to take action, because they believe (or convince themselves) that the benefits of a connected world outweigh the costs of a total lack of privacy. For me that’s like understanding the risks of climate change, and yet choosing to run two or three gas-guzzling cars because it’s a half-mile walk to the shops.

The few people who do believe as I do, and are willing to act on their beliefs, tend to be people who also believe that they’re being monitored by the CIA, or that Covid vaccines are implanting mind-control receivers. That’s not a gang that I want to run with.

On the whole, I’m satisfied that Lineage OS, as I use it, is preventing nearly all of Google’s data collection. I don’t install or use any Google services, I don’t enable A-GPS, I don’t use Chromium or the built-in browser. I could eliminate more arcane aspects of data collection – like the Internet connectivity check – if I wanted to take the trouble.

I don’t think that taking reasonable precautions to avoid becoming part of Google’s data collection economy makes me a tinfoil-hatter. Nevertheless, I would probably use GrapheneOS instead, if I had devices that supported it. Ironically, if I wanted to use GrapheneOS, I’d have to buy Google-branded mobile devices, which is an irony that really stings.

Like it or not, artificial intelligence has become part of daily life. Many devices — including electric razors and toothbrushes — have become AI-powered," using machine learning algorithms to track how a person uses the device, how the device is working in real time, and provide feedback. From asking questions to an AI assistant like ChatGPT or Microsoft Copilot to monitoring a daily fitness routine with a smartwatch, many people use an AI system or tool every day.

While AI tools and technologies can make life easier, they also raise important questions about data privacy. These systems often collect large amounts of data, sometimes without people even realizing their data is being collected. The information can then be used to identify personal habits and preferences, and even predict future behaviors by drawing inferences from the aggregated data.

An assistant professor of cybersecurity at West Virginia University, studies how emerging technologies and different types of AI systems manage personal data and how we can build more secure and privacy-preserving systems for the future.

British police forces have signed contracts with a controversial US tech giant to buy AI-powered software that uses data about an individual’s race, sex life, health and political beliefs, it can be revealed.

An internal police memo obtained by The i Paper and Liberty Investigates confirms an intention to “nationally” apply the “Nectar” intelligence system, currently deployed as a pilot by the Bedfordshire force after being developed with Silicon Valley data analysis group Palantir Technologies.

The document, obtained under freedom of information rules, shows how the Palantir system is designed to bring together dozens of existing law enforcement databases into a single computing platform to draw up detailed profiles of suspects, as well as collate information on victims of crime, witnesses, and vulnerable individuals including children.

The State Department had temporarily paused issuing visas for foreign students at the end of May while it came up with the new social media guidance and it will now resume taking appointments.

"The enhanced social media vetting will ensure we are properly screening every single person attempting to visit our country," a senior State Department official said.

US consular officers will conduct a conduct a "comprehensive and thorough vetting of all student and exchange visitor applicants," the official said.

cross-posted from: https://lemmy.world/post/31789847

Browser Timezone & Privacy Concerns

How can I hide my "timezone" from sniffing sites?

From my understanding, websites can access both the timezone of my browser (without using javascript) and the timezone of my local machine (using javascript). my question being

• If a website has access to my local machine's timezone, does it mean it has access to other information on/about my local machine?
• According to Privacy - How can I hide my "timezone" from sniffing sites? - Super User, we must disable JavaScript to block timezone access. However disabling javascript is not really feasible as it breaks most of websites. Is there a workaround that allows us to block JavaScript from running specific commands?
• Maybe my understanding of JavaScript is incorrect, but if a website has the privilege of running any program on my computer through the web browser, it can retrieve all the information it needs. If I don't disable JavaScript while using the browser, I don't see the point in resisting fingerprinting, like spoofing my device info.

appreciate any help!

Please see the cross-post as it is updated.

OC text by @[email protected]

Starting in Firefox 138, Mozilla started gating Firefox Labs features behind data collection.

Mozilla had announced that some new Firefox features would be released via Firefox Labs.

It is now a few hours since I posted, and there is reason to celebrate – Mozilla is updating Firefox Labs to let people access features without needing to enable data collection.

cross-posted from: https://lemmy.nz/post/24413447

Extensive passenger data has been sold to the US Government by major airline companies including Delta, United Airlines, and American Airlines, new documents reveal.

US travellers' domestic flight records, including their names, full itineraries, and financial details were sold to Customs and Border Protection (CBP).

CBP is a part of the Department of Homeland Security (DHS). They said they acquired the data to track people of interest's air travel.

The documents, obtained by 404 Media, showed that passenger information was sold through a data broker that major airlines including Delta, American Airlines and United Airlines collectively own.

“To facilitate this vetting, all applicants for F, M and J non-immigrant visas will be asked to adjust the privacy settings on all their social media profiles to ‘public’”, the official said. “The enhanced social media vetting will ensure we are properly screening every single person attempting to visit our country.”

Most people either use google as their search engine, or one of the "privacy friendly ones" (ddg, qwant, brave, startpage, ...), or use self hosted or publicly available metasearch engines, like searxng, or whoogle, etc.

This websites lists out websites which have their own indexes, and which depend on big providers.

Why YSK?

It is good for your privacy to not use a big provider like google, which now prefers to serve you ai generated ssummaries, which are based on a few giant websites, and this is not good for a open web.

I am also a person who almost always uses "(insert query) reddit" to get better results, because I mostly do not want SEO spam, and reddit results used to be human generated content. Now even that is hit and miss. Also, reddit made a deal with google, so for newer results from reddit, you can only get them from google.

Then we have the "privacy friendly ones" which most of the time are wrappers for other bigger indexes, for example ddg famously uses bing, brave "suppliments" (read this suppliments as almost always) it's results from google, startpage is basically a google frontend, etc. Brave, qwant, and few others also claim to have their own indexes, but they are small and not rich as google and bing. Also, wwhen you think about it - what is their business model - how do they get money for the search apis - most either serve adds or have some form of tracking. Also, bing has "kinda" closed it's search api (not really clear about this), so many of these privacy friendly options will have to either switch to google, or only serve using their indexes.

Meta-search engines kinda seem like better options, as you can run searxng on your own machine, or use the public ones, but it still has problems. You are still bringing the big providers traffic, which makes their advertisement clients happier and prefer them over smaller search engines. If you use a public instance, then it is good for your privacy, but the public instance would now generate a lot traffic, and often get banned or rate limited, and hence you can not rely on them. If you use your personal instances (I did this for a long time), you will still be tracked as your IP is still visible. You avoid their annoying ui and popups but still are tracked.

So what should you use?

You can only decide this. I would prefer something which has a reasonable business model - if they do advertisement, that should ideally be non tracking. Ideally their client and server code should be foss (so you can verify their claims), or have paid plans or apis if you do not want ads.

For example, Kagi has only paid plans, but I do not prefer or use them, because they are expensive (5 dollars for 300 searches per month or something similar. I am from one of third world countries, and 5 dollars is a lot. plus 300 searches seem less to me) but that is subjective, and your privacy has a price, so this is not neccessarily a objectively bad thing. But their code is closed source, and they do not completely use their own indexes.

I have also used Mullvad's Leta search engine for about a month, and they are now effectively frontends for brave search or google (you can choose). Their business plan initially was that Leta was only available to their VPN clients, and VPN subscription would supplement the search cost. Now they have it available for free, so I do not really understand their business plan (maybe the number of clients they have is large enough, and number of leta users is small, that they can afford to run leta for loss, and maybe as possible advertisement for mullvad. Mullvad to me is a good privacy centric company. I am not their client, but they seem to be trust worthy. You can try them, but you would still support some big provider.

You can also try the independent search providers listed in the article. They are often small, serve bad (subjectively speaking; your taste regarding search engines is also heavily tuned to google like results because of years of exposure to it) results, but using them also supports open web (you would often find that these smaller providers do not have good indexes for big websites, and sometimes it is intentional, sometimes it is a byproduct of them being careful, or the websites banning/rate limiting then).

I have now started trying stract, and will try others too. You should also consider trying some independent search engines.

In my personal case - I have a offline setup where I have large sections of wikipedia and a few other websites (like programning language docs, or my favorite manga wiki, will be adding much of stack overflow soon) available offline, and I use my custon launcher to search through them (faster then searching them online). I bookmark a lot of sites (~ 2000) and do this to stop searching the same stuff over and over again. This has reduced at least 30-40% of all my searches. But I still need a search engine for anything I do not have currently, or stuff I do not/ can not get. I am trying stract, because it is open source, they seen to have some fine plans for business in future (non tracking, current search term related ads or subscription service ; currenlty they are running on previous funding from nlnet); search results are acceptable (not good, but servicable); and finally - it is written in RUST (I an a rust fan). I am not affiliated with the project, but just spreading a good word because I just found them, and could not find much online.

PS: I am not used to writing much, and not a good typist. Please forgive the brevity. Feel free to correct me, both on spellings and content