degoogle

Recently Google decided that in the future for an app to be installable on an Android device, the developer of this app needs to be ID'd and registered at Google. They claim this is in order to "to better protect users". However, I think, this is a move to get more control over the Android ecosystem, and the data they can collect with it. If anyone who wants to develop an app for Android devices has to be registered with Google, this puts all the power of who to allow distributing an app to Google.

Furthermore F-Droid shows, that safe app stores can exist without registration, neither of users nor of developers. There is zero malware or spyware on the F-Droid store. What there is on F-Droid is thousands of beautiful, useful and, most importantly, safe apps. And this entire ecosystem is at risk, because Google wants to gain more control over its users and over the Android operating system.

For those that don't know, GrayJay allows consuming media from many platforms, all in one app. Peertube, Odysee (lbry), twitch, kick, removedute, nebula, soundcloud, and more! You can also sync your playlists, watch list, subscriptions, and so on across devices.

I've discovered interesting creators across multiple platforms (peertube, odysee, billibi, dailymotion, ...) and have reached the point now where I can just switch of the youtube source and just consume media from all other sources. Billibi (Chinese youtube) for example has accounts that just sync/copy/rip entire channels from youtube and there are some creators that sync their channels onto peertube, odysee, or elsewhere. With Grayjay, it doesn't matter where anymore since it can probably access it.

What I enjoy a lot is not worrying about youtube updating and breaking the plugin because I just don't consume it anymore. You can give it a shot too.

Long story short: Everyone should consider downloading NeoStumbler on their phones and help collect degoogled geolocation data from the places they travel to.

Degoogled geolocation data?!

A big problem with degoogling is positioning services. Whenever your device doesn't have a GPS signal but wants to know your position, it collects information about the wifi, cellular, and bluetooth networks around you. It then looks this up against a database of networks and their location, and returns to you your approximate position.

This has traditionally been crowd-sourced by Google for a closed database for them to use and abuse. Mozilla created and abandoned their own service a while back, as they tend to do. Their data was not anonymous enough for it to live on in open source, and for a while there was no real open source option out there. All location services would pretty much depend on Google. Thankfully, this is not the case any more.

Enter beaconDB!

A proper open source alternative has finally emerged in the form of beacondb (@beacondb@mapstodon.space), which currently contains location data for more than 75 million wifi networks and almost 4 million cellular towers, most of which in Europe and the US. This database allows degoogled devices to find their location in the world without relying on a Google service. It is still in its early days, but some open systems already use it by default.

How can you help?

Contributing to beaconDB is incredibly easy. The tl;dr on top of this post summarizes it, but here's a more detailed overview:

1. Install the open source app NeoStumbler
2. Open the app and set it up. It's a good idea to take a look at the settings. I have enabled movement detection (helps save battery on most devices) and passive data collection. I also enabled an option to send reports with less metadata, further increasing privacy.
3. Press "play" in the app. You can also add a "wireless scanning" button to the sliding drawer menu in Android to make this option more accessible. I generally keep scanning on at all times as I don't find it to drain the battery much, but of course it's mostly useful when moving around in new areas.
4. Walk around, live your life.

And, of course: Let people know about it! Contributions from people outside of Europe and the US would be particularly welcome, but it's the early stages of the project and contributions are needed everywhere. Also feel free to cross-post (or boost!) this to anywhere you'd see fit.

Since the end of June I have collected information about more than 150 000 wifi networks and more than 10 000 cellular networks. It's fun to keep track of how many new networks I've passed by at the end of the day.

Please join in! :)

As a result of this discussion in !degoogle@lemmy.ml, there is now an IRC channel about degoogling!

/join ##degoogle on irc.libera.chat:6697 (TLS). The channel name begins with a double hashtag (according to the namespace policy).

Come on down and join us through your local IRC client or the web client web.libera.chat!

Privacy pack

I use tuta mail and tuta calendar for mail and calendar, Vivaldi as browser on laptop, and Firefox on android. Bitwarden as password manager and bitwarden auth as 2fa. Use obsidian for notes and appstore is aurora store and droidify, I use archlinux. And for "cloud" storage, actually a backup I use This USB drive not cloud Buf works for me. Still kinda dependent on proprietary messaging platforms, but I have 1 friend on signal. Also I am trying to replace YouTube with fmhy.net not exactly YouTube alternative, but has so many resources for free to study, educate myself, or just watch something out of amusement.

cross-posted from: https://lemmybefree.net/post/1243814

Hi! I'm looking for a privacy respecting Android tablet.

I ruled out the google tablet due to it being too expensive with an LCD screen

I would prefer a nice OLED screen if possible (or similar), and preferably cheap. Must be able to stream HEVC encoded videos (not 10 years old hardware), and preferably more (VP9, AV1, for future proofing)

The main use will be to watch content (movies, series, videos) from YouTube and Jellyfin, and sometimes some other apps if they're not enforcing the Play Integrity API

So far I've searched some OS and I'm considering LineageOS or /e/OS, with /e/OS looking better in terms of privacy. Don't want google to track everywhere I go and everything I do.

Any recommendations for good cheap hardware with bootloader unlocking, and recommendations for a good Android ROM?

cross-posted from: https://lemmy.world/post/32207681

Your guide to a new File Storage service! (NEW)

FreeTube is an open-source standalone YouTube client that gives you control over what to see and what not to see on YouTube. Among my my favourite features are:

• No Ads
• Checkboxes to eliminate common distractions, e.g. Shorts, Trends, Live chat, Recommendations, Comments
• Word filters and channel filters
• Integrated SponsorBlock and DeArrow
• History and subscriptions are saved locally, away from Google's prying eyes
• Easy download of videos, e.g. for securing videos or re-uploading them to a PeerTube instance (of course, only if it's legal in your jurisdiction)

If you're a parent, know that FreeTube also has several child safety features.

cross-posted from: https://lemmy.world/post/31955478

Google’s Gemini team is apparently sending out emails about an upcoming change to how Gemini interacts with apps on Android devices. The email informs users that, come July 7, 2025, Gemini will be able to “help you use Phone, Messages, WhatsApp, and Utilities on your phone, whether your Gemini Apps Activity is on or off.” Naturally, this has raised some privacy concerns among those who’ve received the email and those using the AI assistant on their Android devices.

cross-posted from: https://lemm.ee/post/66561434

cross-posted from: https://lemm.ee/post/66561410

cross-posted from: https://europe.pub/post/1236359

cross-posted from: https://lemmy.nz/post/23935860

Google warns “passwords are not only painful to maintain, but are also more prone to phishing and often leaked through data breaches.” And that’s the real issue. “It’s important to use tools that automatically secure your account and protect you from scams,” Google tells users, and that means upgrading account security now.

Google says “we want to move beyond passwords altogether, while keeping sign-ins as easy as possible.” That includes social sign ins, but mainly it means passkeys. “Passkeys are phishing-resistant and can log you in simply with the method you use to unlock your device (like your fingerprint or face ID) — no password required.”

This is just one of their excuses, to keep their users inside google's walled-garden

cross-posted from: https://lemmy.ca/post/44957349

I have some moeny set aside for donating to some open source projects. I was looking for some advice for the best way to determine the need of projects. With only a limited amount of money.

Also would it be better to give to a lot of things and a small amount of money or a large amount of money to a few.

Right now I was thinking of donating to the Lemmy intance I am on and Mastadon instance.

Sometimes a gmail user sends me an email. I object to that. In principle, I need be able to tell Google that I do not consent to them processing my personal data whatsoever.

If one of their users addresses an email to one of my email addresses, I do not want Google to store the message or even transmit it. They must refuse to handle my personal data, and thus refuse to process email traffic involving my email address.

I believe this falls under GDPR Art.18 or 21. But the question is, how can I submit my GDPR request to Google? I can write them a letter but I do not want Google to get my address. I don’t even want Google to know my name. The only thing I want Google to know is my email address, so that Google’s mail servers can refuse mail to that address. But the mere act of submitting a GDPR request inherently requires data subjects to prove their identity to data controllers.

cross-posted from: https://lemmy.world/post/29777938

More than half of Americans reported receiving at least one scam call per day in 2024. To combat the rise of sophisticated conversational scams that deceive victims over the course of a phone call, we introduced Scam Detection late last year to U.S.-based English-speaking Phone by Google public beta users on Pixel phones.

We use AI models processed on-device to analyze conversations in real-time and warn users of potential scams. If a caller, for example, tries to get you to provide payment via gift cards to complete a delivery, Scam Detection will alert you through audio and haptic notifications and display a warning on your phone that the call may be a scam.

cross-posted from: https://lemmy.world/post/29224228

cross-posted from: https://slrpnk.net/post/21474523

Youtube was originally a match-making/dating site. Sadly it expanded beyond that into a technofeudal fiefdom that takes 45% of ad revenue from contributors. YouTube has amassed a rich collection of repair videos, both general repair and specific repairs to specific problems on particular appliances. It guts me that a protectionist unethical surveillance advertiser has exclusive control over repair information that they have jailed, restricted access to, and held hostage from all but their boot-licking pawns (3 billion of them). Google has recently locked down the platform to prevent the Tor network for fetching the content while also going around with a stick to swat the Invidious nodes that make fetching videos possible.

Google’s assault on user freedoms has ensured (for example) that I cannot go to the library (which has an uncapped Internet connection) and download videos covering how to repair my appliances so that I can go home and play them while repairing, as many times as needed. Google expects me to either drag my whole washing machine into the public library, or to memorize the steps. Try memorizing the steps to fix a Canon paper feeder. It’s probably 100 or so steps; so many steps that there is even a separate re-assembly video.

It is unreasonable to demand that repairers:

• have an uncapped internet connection at home
• watch copious commercial ads (some of us are ethically opposed to advertising)
• support Google (we should have a right to boycott companies that were fined $170 million for collecting data non-consentually and exercising that right should not block repair when repair is in the public interest to avoid e-waste)

What is the fix here? Libraries are blocked by copyright that is designed to feed Google’s greed for ad revenue. Even if we could ask local govs to declare Google’s copyright on repair videos unenforcable, the videos still need to be obtained.

I think we need to invent a tech solution. Such as an app that combines the concept of bittorrent with a YouTube API whereby every peer who manages to access a video seeds it as a torrent and also grabs the transcript in a text file.

Any ideas what could reasonably be asked of a local gov to address this problem? In principle, it should involve public libraries because Google has ruined the service of the public library in this regard.

cross-posted from: https://hexbear.net/post/4729811

I created an infographic of privacy-forward alternatives to Google products...and would love your feedback.

Is it easy to use? Enough white space? Intuitive? Sharable? Is there anything I'm missing?

The infographic image in this post is NOT clickable. The link above will give you a downloadable PDF with working hyperlinks.

Re: the legend, "easy set-up/use" means either that this is a big part of the alternative product's branding, or I've used it myself and found it easy.

geteilt von: https://europe.pub/post/278493

cross-posted from: https://lemmy.world/post/28522846

cross-posted from: https://lemmy.world/post/27515257

cross-posted from: https://lemmy.world/post/27344091

1. Persistent Device Identifiers

My id is (1 digit changed to preserve my privacy):

38400000-8cf0-11bd-b23e-30b96e40000d

Android assigns Advertising IDs, unique identifiers that apps and advertisers use to track users across installations and account changes. Google explicitly states:

“The advertising ID is a unique, user-resettable ID for advertising, provided by Google Play services. It gives users better controls and provides developers with a simple, standard system to continue to monetize their apps.” Source: Google Android Developer Documentation

This ID allows apps to rebuild user profiles even after resets, enabling persistent tracking.

2. Tracking via Cookies

Android’s web and app environments rely on cookies with unique identifiers. The W3C (web standards body) confirms:

“HTTP cookies are used to identify specific users and improve their web experience by storing session data, authentication, and tracking information.” Source: W3C HTTP State Management Mechanism https://www.w3.org/Protocols/rfc2109/rfc2109

Google’s Privacy Sandbox initiative further admits cookies are used for cross-site tracking:

“Third-party cookies have been a cornerstone of the web for decades… but they can also be used to track users across sites.” Source: Google Privacy Sandbox https://privacysandbox.com/intl/en_us/

3. Ad-Driven Data Collection

Google’s ad platforms, like AdMob, collect behavioral data to refine targeting. The FTC found in a 2019 settlement:

“YouTube illegally harvested children’s data without parental consent, using it to target ads to minors.” Source: FTC Press Release https://www.ftc.gov/news-events/press-releases/2019/09/google-youtube-will-pay-record-170-million-settlement-over-claims

A 2022 study by Aarhus University confirmed:

“87% of Android apps share data with third parties.” Source: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies https://dl.acm.org/doi/10.1145/3534593

4. Device Fingerprinting

Android permits fingerprinting by allowing apps to access device metadata. The Electronic Frontier Foundation (EFF) warns:

“Even when users reset their Advertising ID, fingerprinting techniques combine static device attributes (e.g., OS version, hardware specs) to re-identify them.” Source: EFF Technical Analysis https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

5. Hardware-Level Tracking

Google’s Titan M security chip, embedded in Pixel devices, operates independently of software controls. Researchers at Technische Universität Berlin noted:

“Hardware-level components like Titan M can execute processes that users cannot audit or disable, raising concerns about opaque data collection.” Source: TU Berlin Research Paper https://arxiv.org/abs/2105.14442

Regarding Titan M: Lots of its rsearch is being taken down. Very few are remaining online. This is one of them available today.

"In this paper, we provided the first study of the Titan M chip, recently introduced by Google in its Pixel smartphones. Despite being a key element in the security of these devices, no research is available on the subject and very little information is publicly available. We approached the target from different perspectives: we statically reverse-engineered the firmware, we audited the available libraries on the Android repositories, and we dynamically examined its memory layout by exploiting a known vulnerability. Then, we used the knowledge obtained through our study to design and implement a structure-aware black-box fuzzer, mutating valid Protobuf messages to automatically test the firmware. Leveraging our fuzzer, we identified several known vulnerabilities in a recent version of the firmware. Moreover, we discovered a 0-day vulnerability, which we responsibly disclosed to the vendor."

Ref: https://conand.me/publications/melotti-titanm-2021.pdf

6. Notification Overload

A 2021 UC Berkeley study found:

“Android apps send 45% more notifications than iOS apps, often prioritizing engagement over utility. Notifications act as a ‘hook’ to drive app usage and data collection.” Source: Proceedings of the ACM on Human-Computer Interaction https://dl.acm.org/doi/10.1145/3411764.3445589

How can this be used nefariously?

Let's say you are a person who believes in Truth and who searches all over the net for truth. You find some things which are true. You post it somewhere. And you are taken down. You accept it since this is ONLY one time.

But, this is where YOU ARE WRONG.

THEY can easily know your IDs - specifically your advertising ID, or else one of the above. They send this to Google to know which all EMAIL accounts are associated with these IDs. With 99.9% accuracy, AI can know the correct Email because your EMAIL and ID would have SIMULTANEOUSLY logged into Google thousands of times in the past.

Then they can CENSOR you ACROSS the internet - YouTube, Reddit, etc. - because they know your ID. Even if you change your mobile, they still have other IDs like your email, etc. You can't remove all of them. This is how they can use this for CENSORING. (They will shadow ban you, you wont know this.)