I feel that the Tracking and NonFreeNet are confusing. Basically all NonFreeNet services track the users. Maybe we should only add Tracking for those apps with a tracker in the apks.
3 Likes
While unfortunate that it depends on the dev servers I think the Tracking AF might be too much indeed.
“Private server” may have dubious legal liability when processing data.
Excerpt from privacy policy : BitDefender , AVL :
newpipe: dies in embarrassment
If the official API is restricted (e.g. YouTube) for our purposes, or is proprietary, the app parses the website or uses an internal API instead.
- GitHub - TeamNewPipe/NewPipe: A libre lightweight streaming front-end for Android.
NewPipe does not use any Google framework libraries, or the YouTube API. It only parses the website in order to gain the information it needs.
- NewPipe | F-Droid - Free and Open Source Android App Repository
NewPipe: Sends HTTP requests to YouTube Servers that likely log and retain all the data they can obtain.
Anti-Feature: NonFreeNet
Noice: Sends HTTP requests to its servers that allegedly can be just as bad as YouTube Servers, but not worse.
Anti-Featuers: NonFreeNet and Tracking
In other words, the issue I am raising here doesn’t have anything to do with how, where, when or to whom an app makes its HTTP requests. It’s F-Droid’s policy on what constitutes “Tracking”. NewPipe makes HTTP requests to render its functionality, and so does Noice, and neither app explicitly report user activity back to their networked counterparts. But, NewPipe doesn’t have the Tracking anti-feature, and Noice does.
I care about this distinction because the F-Droid Android client only states: “This app tracks and reports your activity”. And the F-Droid documentation makes matters even worse:
This Anti-Feature is applied to apps that track you and/or report your activity to somewhere, either without your permission or by default (i.e. you’d have to actively seek out an option to disable it).
Examples of where this Anti-Feature might be applied:
- Sending crash reports without your knowledge or permission
- Checking for updates without your knowledge or permission
Examples of where it would not be applied - any of the above, if the functionality is opt-in (i.e. you are asked before it happens) and disabled by default. Enabling it should then also require informed consent, i.e. requiring a privacy policy similar to GDPR, and avoid collecting personal data (PII) as far as possible.
Note that frequently app tracking is implemented using proprietary software, e.g. Google Analytics or Flurry. Apps containing these proprietary libraries will not be found in the F-Droid repo.
Noice’s Android app does collect crash logs and analytics data from its users, but never without their explicit approval and only through Play Store builds. It is entirely disabled in the F-Droid build. Moreover, its privacy policy clearly states what data it collects and how it is used. Noice doesn’t just track and report user activity. I can only guess that this misrepresentation is scaring away potential users.
When the program did not have permission to access the internet, it looked nicer for me.
Don’t take this too closely, it’s more conversation about trends in software development and the ethics of promoting it, in stores and repository, by some developers.
Permission to access the Internet, increases the vector of possible malicious impacts
( 
of course, the developers of these programs were not aware of such code or vulnerabilities Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps in South Korea | McAfee Blog )
The F/LOSS repository is good, but the F/LOOS repository with malvare and CVE (in MuPDF was recently) it’s no good.