Limit amount of data shared with Google #934
Comments
|
μG allows you to have no communication at all with Google servers (for it PlayServices implementation, individual proprietary apps might still contact Google servers on their own). In this case, AFAIK the only functionality that is lost currently is GCM/FCM, a.k.a. Push Messaging (whenever it’s going to work again, you would also loose SafetyNet functionality). If you do allow for this functionality, this means that Google will create an unique ID to identify your device, know your IP when you are online, and will know the metadata and content of push messages sent through this feature. I’ve been a first case user for a long time, I’ve also used SafetyNet a bit (doesn’t required generating an UID, but means running as privileged an unknown binary), and currently I’m having GCM enabled since recently because one of my banking app requires it to work. For other apps reaching Google servers, I can recommend NetGuard. |
|
Few questions/clarifications:
|
I don't actually contribute to microG, so take this with some salt, but the impression I get from the website is that it's essentially a FOSS clone of the Google Play Services apk. It should be a drop-in replacement for Google, and all your favourite apps should not be able to tell the difference. An alternative push service that app developers would have to accomodate kind of strays from that goal. But that's just the opinion of a random guy on the internet. |
|
I would like to hear more about it from people more involved in project about starting our own push notifications service, and convincing atleast some privacy focused apps to support this service. |
|
Good luck! |
|
But I understand your point that it won't be drop in replacement. However, to truly liberate ourselves from Google, we need this. |
Unless you activate SafetyNet (but which doesn’t work currently), yes. BTW, in μG settings there is an option to disable any communication from μG to Google servers, but while monitoring outgoing connections I’ve never seen anything outside of GCM.
SafetyNet does not require device registration (=generating an UID) to Google servers, however it requires running a binary called DroidGuard that is downloaded from Google servers and run as privileged app. This is the case for the standard SafetyNet too, it’s just that μG exposes that fact.
They have been several attempts in this direction, but none that achieved something significant so far AFAIK. I don’t find any link again in my browsing history, but you can have a look at MQTT at least. Some apps use their custom push system (Tuttanota, Signal without PlayServices), but none seems to use a configurable one. I would also love to have a way for application to collect the push server they are supposed to use from the running PlayServices implementation (here μG), and then you would just have to set-up some μG server-side component to replace Google servers. |
Having microG implement an alternative push server won't work: Google is acting as a middle man between the application on your phone and the app manufacturer's server. If/when the app developer's server wants to push a notification it gives it to Google to deliver. Even if you could redirect the app to use a microG or other non-Google server you won't be able to redirect the app manufacturer's server away from Google too. So I think that the best you can do is get the app developer(s) to use an alternative (preferably FOSS) push notification system. Since the apps that microG allows to run are apps that are found on Play Store it seems reasonable that the developers are comfortable with Google and that this won't happen (rare exception being something like Signal). |
|
@n76 You didn’t get my point. The idea would be that the app on the phone ask PlayServices what push server should be used, and then send this information back to the app servers. Then those servers don’t send your notification to Google, but to the specified server. |
|
@ArchangeGabriel Still requires the app developers to program in an alternative push delivery mechanism at the server side. That will severely limit the adoption. |
|
Yes of course. But anything not GCM/FCM will. |
|
I agree with @ArchangeGabriel, It's just a start, and so many apps will not adopt it but it can start something good. |
|
Does microG contact Google servers at all for apps that need map access? like Uber etc.? |
|
@bbhopesh microG uses OSM instead of Google Maps |
I propose the following plan:
As a server/protocol basis I'd suggest using autopush which implements Web Push API so it should be easy to adopt server-side (however, the device-facing API probably is a bit different than FCM). What do you think? |
|
Regarding the discussion of non-google push server (discussed above, 2019 to 2020). Since then, the open standard UnifiedPush.org is now well established. See my longer comment in issue #486 google free, independent push messaging? and linked blog articles there. |
Hi, I apologize if this is not the right forum to ask this question. Please point me to right one in that case.
I am not happy with Google's privacy practice and I am in early phases of research on using getting LineageOS with MicroG. MicroG website says that I can limit and monitor data shared with Google.
I have questions about what controls does MicroG gives me to limit or even completely ban amount of data shared with Google. Folks who are already using MicroG, can you share your experience on better privacy controls in MicroG?
The text was updated successfully, but these errors were encountered: