De-Googling, binary blobs and other privacy concerns



  • Currently owning the Oneplus 3T I'm wondering how much I have really gained by switching to this device using UT in terms of de-Googling.

    Fortunately this market seems to be increasing with devices aimed towards privacy, open source and being blob free.

    I'm curious to know as to whether the OPO 3(T) is in fact meeting these parameters. What factors could still make my UT device, originally having Android written all ovet it, still 'attached' to that platform both hardware and software wise? Are there any aspects that cannot be ruled out? And how would one compare a OPO 3T (or any other UBports supported device for that matter) to a Librem 5, PinePhone, VollaPhone in that regard?

    Asking because I'm still torn between keeping my 3T (relatively cheap, money already spent) and aforementioned devices to be presumed 'Google free'.

    Not looking for extensive arguments, just a quick and comprehensive overview of any shortcomings of the 3T when it comes down to privacy and blobs leaking data to external parties.

    The outcome could make it easier for potential UT users to decide between installing UT on their current device, purchasing one for exactly that purposr or simply making a switch to any of the new privacy oriented device running Ubuntu Touch.

    edit: removed 3T in header as this thread may be of interest to all (potential) users of UT supported devices



  • @3T_Ed said in De-Googling, binary blobs and other privacy concerns:

    Not looking for extensive arguments, just a quick and comprehensive overview of any shortcomings of the 3T when it comes down to privacy and blobs leaking data to external parties.

    In short, the probability of anything doing it in the kernel directly is very small. Most all the standard privacy concerns about Google are about stuff happening in userspace with Google's build of Android which includes all their proprietary services and integrations. These are not present in AOSP builds like LineageOS and Ubuntu Touch.

    The binary blobs for drivers don't come from Google either, but from the manufacturers of the hardware components. So it's unlikely they are going to be sending any data to Google. Writing code that runs in kernel space to find interesting things from userspace and transport them to some remote site, is also not worth the trouble to do in something like a driver that controls the vibration motor when you tap the on-screen keyboard for example. It's way too much work, and risk, for too little benefit. It's far easier to just trick you into downloading some app and running it as root.



  • @dobey said in De-Googling, binary blobs and other privacy concerns:
    So it's unlikely they [the hardware manufacturers] are going to be sending any data to Google. Writing code that runs in kernel space to find interesting things from userspace and transport them to some remote site, is also not worth the trouble [....]

    Thank you very much @dobey for a comprehensive explanation. Sorry for this somewhat late reply.

    If binary blobs should not be a real concern to UT users I still have some questions, hoping to get a straight forward and comprehensive answers again by you or any knowledgeable person on this subject.

    What made the data flow stop?
    We have all flashed a mainstream device, we know have constantly sent our information to Google or Apple, not to mention many vague data mining companies. Which identifiable process in the flash/installation of UT made that data flow stopped?

    Have data mining companies been cut off?
    The data is coupled with the imei number of my device, so what would keep data mining companies and app makers from retrieving data from our devices directly? Of course someones internet browsing behavior is of influence on that.

    Hypothetically speaking, if I would flash a device and only install UT with default apps (submitted to Open Store), keep it on stand by (wifi on) and not use it actively, would it still transmit to third party companies? Will the data flow actually be stopped because we decided to run a different OS on the same device?

    Other Linux communities, different views?
    When looking at FLOSS oriented companies like Purism they really push very hard to remove every binary blob. Their user base is very keen on getting it blob-free and core booted while (if binary blobs should not be a real concern ...) they could simply flash and install UT on a device rather than getting a Librem 5 brick-like phone at a $750+ premium price tag. What's keeping them from doing so, just having a great designed smartphone with UT ? Isn't their persistency in removing every binary blob showing we actually should care and be aware? Having spent some time on the Purism forum myself I wouldn't characterize the members as being tin foiled hat paranoids (on the contrary).



  • @3T_Ed
    There are several topics in your question and I'm not an expert so I might get things a bit wrong.

    The overall idea is that there are many layers in a phone: hardware, drivers, OS and apps to keep it simple.
    As for de-googling, the hardware and drivers are not part of the picture because Google as a company is not responsible for them.
    In that aspect Ubuntu Touch is Google free.

    But to nuance that, some kernel patches (from Google) in order to use the drivers have to be used in order for UT to work on ported devices.
    Considering that, the PinePhone or Librem5 use a mainline kernel so it's not Google dependent.

    Blobs from chip manufacturer or closed source drivers can cause another threat, but it can hardly be avoided even with more open solutions. So that is another debate IMHO.

    As for the real problem about de-googling it's not about the phone you're using but more about the apps.
    Using a de-googled Android phone is almost as good as using UT, but you still require apps within the Google influence and even with alternative solutions you'll be revolving around Google.
    My opinion is that in order to break free you have to make sacrifices and choose Google free apps. UT has many google apps, but I don't use them: no google search, no youtube, no gmail, ...

    De-googling with just changing your phone and not your apps is like de-petroling by using and hybrid. You're not doing much.
    You need to change your habits and break your dependency.

    Edit: I realize I answered the older question.
    But to answer the following questions, the flow stops when you stop using apps that send your data away.
    If you still use Facebook, Gmail, Youtube or similar, the flow will continue.
    Same answer for data mining.
    Being blob free is always good for FOSS projects because it helps being compatible with a wide range of hardware. Having to deal with binary blobs you (as FOSS project) don't have access to the very expensive support Google can afford.



  • An internet use sold as google free reminds me of when I saw lollipops sold as 'fat free'....