Reality of FOSS projects...A conspiracy?

It could be. Just as F-Droid could also be one such front…In which case, this is indeed a ‘conspiracy’. So by definition (including the link you quoted), the term has indeed been used correctly.

AFAIK there is nothing illegal about creating companies but not publicizing the true ownership. That said, the history of F-Droid makes that seem unlikely. It’s hard to even argue civil damages or fraud, because you don’t give a dime to any of them as a “purchase.” If it’s not illegal, it’s not a “conspiracy.” Wrong word.

DuckDuckGo says they use Amazon affiliate links. If you buy something, Amazon knows who you are. Amazon sells or shares or trades your info’. Legal. Tracked…

No. Why is that bad advice? That suggestion is indeed a way to beat device fingerprinting.

Devices and SIMs are usually connected with individual identities AFAIK. It doesn’t matter if you use 2 or 10 different devices, unless you take care to not connect them with your identity, which isn’t trivial.

Certain countries/juridictions prohibit it, e.g. Germany, right?

You don’t seem to understand the difference between withholding information and misrepresenting information. Withholding information isn’t illegal (e.g. SurfShark VPN doesn’t disclose to the public/ users who their owners are), but misrepresenting information is illegal. Fronting is misrepresenting information, and is illegal. And fronting is a conspiracy. So RIGHT word.

Amazon selling or sharing info isn’t DDG’s fault. Amazon only gets the order. DDG doesn’t (or shouldn’t) tell Amazon what else that user does on DDG. Amazon only knows that the user they are serving placed the order via a DDG affiliate link. This is assuming that DDG doesn’t track or share any other info.

You connect to internet either via WiFi or Mobile Data. WiFi gives away a lot more information than mobile data. WiFi location is mostly fixed. WiFi also (like SIM) is tied to an identity, either the individual himself or a family member (in most cases). There is much more fingerprinting possible when using WiFi.

So using a dedicated device with its own SIM, and obviously without logging in with a real identity, adds to the security/ privacy, even if it isn’t a way to stay away from tracking completely (which is impossible if you use internet).

misrepresenting information is illegal

If misrepresenting information is illegal, then we shouldn’t be using aliases or sockpuppet accounts, or implying FOSS developers are doing anything illegal, based only on hypothetical FUD.

You also shouldn’t be telling people to buy a dedicated device with its own SIM to use for “some things that we do online which we might want to keep completely private”. That by itself only helps the monitors more easily separate the wheat from the chaff.

Nothing wrong with using aliases because it is only withholding information, which is perfectly legal. However, impersonating someone else is illegal, and a conspiracy.

I DIDN’T imply anywhere that FOSS developers ARE doing anything illegal. I only said that there is a possibility someone can use/ misuse platforms like F-Droid for nefarious activities. I’m just leaving that possibility open, which is real.

Like I said before, privacy doesn’t necessarily mean illegal. For example, an activist or a top level business person who is a potential target for the competition or government. They may want to keep certain things private, and away from normal stuff. This is one way to make tracking difficult, although not impossible. If you have a better idea, then let us know.

I DIDN’T imply anywhere that FOSS developers ARE doing anything illegal. I only said that there is a possibility someone can use/ misuse platforms like F-Droid for nefarious activities. I’m just leaving that possibility open, which is real.

The title “Reality of FOSS projects…A conspiracy?” says otherwise. You should add “(FUD)” or “(no evidence)” or similar.

For example, an activist or a top level business person who is a potential target for the competition or government. They may want to keep certain things private, and away from normal stuff.

Reminders:
SIM card = Subscriber Identity Module card

Watch the first few minutes of the Snowden movie, when they put all cellphones inside a microwave before discussing anything. Or go ahead and watch the whole thing. Or the documentary, or read the articles. If you are a target of government, don’t carry a phone, and probably don’t use the internet.

Not required. The question mark ‘?’ makes it clear that it is just a possibility.

You have just repeated what I already mentioned.

Seems like you don’t have anything constructive to add. So we should just leave it here.

Seems like you don’t have anything constructive to add. So we should just leave it here.

You’ve said so much, you contradicted yourself. You should have left it before there, but here will do fine.

If the title of this topic had been slightly different, e.g. “Reality of FOSS projects…A false sense of security?”, perhaps the ensuing conversation(s) would have been more productive.

May be, but that is nitpicking which is unnecessary and avoidable.

Thanks. It is complicated, because it is raw. We haven’t put the time to iron out its UX. One of these months, we will.

Re: Firewall blocks: I think you may want to switch to “Allow only what I explicitly allow and block everything els” mode. RethinkDNS doesn’t support it, but since I need a mode like that myself, I’ll look to implement it in a way it also helps choose what to allow and what not to.

Re: Intent blocks: Isn’t possible without adb access (AppManager which you didn’t seem to like comes closest to making it easy to block intents)

Hopefully, Google bundles one in AOSP in 13 or 14, with 12 they’ve already made a good headway: https://android-review.googlesource.com/c/platform/frameworks/base/+/1505234

Agree that its defeatist, but I wanted to point out how deep the rabbit hole actually goes.

You raise an interesting point here. Would you know why they haven’t tried doing so (given your expertise in the space), especially with Project Treble making it easier to interface firmware against an Android distribution? Have you tried engaging with their communities? DivestOS on PINE64 / Librem would be rad (:

think it all starts with a sim card and you don’t have to own it. Even ie. You can be walking with someone close to you and technically your tracked if the close person your with has a nice picture with you and Facebooks it ie

Great. Hope you will release an app that does all of the 3 items requested.

I tried RethinkDNS yesterday. I think it is primarily useful for devices running Android 8 or lower, because Google introduced the PrivateDNS feature with Android 9. This app allows for controlling that aspect more minutely, something unnecessary for the average user.

The Firewall feature is less useful compared to NetGuard or Karma Firewall. That’s because I didn’t find the option to allow LAN-only access for apps. It is either full network access or none. I don’t know why the LAN-only option is not available with any of the OSes.

Also, simply whitelisting apps under Firewall didn’t work. You have to mandatorily ‘exclude’ apps from both DNS & Firewall (which they call as ‘exclude’) for apps to be able to connect to the internet. Unless this is a bug, the ‘whitelist’ feature (which allows apps to bypass the firewall but not DNS) is useless because it does nothing.

RethinkDNS didn’t do anything that NetGuard or Karma Firewall can’t do. On the contrary, it was less functional (no LAN-only access feature that these apps have) than those two. So not useful for me, unless I am missing something.

I didn’t say that I don’t like the app. I said the app was unable to block trackers. If blocking ‘intents’ is possible with ADB, I may give it a try when time permits.

Not sure what makes you say that. Those phones too use pretty much the same hardware. And these days spyware is introduced at the hardware level, so I am not sure if these phones are indeed as secure as they claim to be.

Absolutely. That’s why one shouldn’t use a private device by logging in with real identity.

It must use an anonymous account that is exclusive for a defined purpose, if logging in is essential.

A few things to note.

1. Open source software is really just freely licensed material. It’s still technically copyrighted but every1 that uses open source apps/programs automatically get a free license to copy, redistribure the software for no additional cost, and legally.

2. This doesn’t automatically mean the open source apps are private, but the open source apps tend to be more privacy respecting then commercial apps. For instance lets look at the midori browser, (could be a linux or android varient) the browser might just choose not to track you at all but since you are online within the browser doesn’t mean that the sites you visit don’t track you. If you were to use a 100℅ offline app you are more private then an app with direct internet access but other apps could use volnurabilitues in the os to track you. Which is why I recommend using an encrypting note app, as well as encryption, along with a firewall that lets you choose which apps can and can’t connect online.

Google introduced the PrivateDNS feature with Android 9.

Private DNS comes with its own flaws, but of course, it is a native implementation, and works wonders when you set it to point to dns.adguard.com. Shame that Private DNS (DoT) is blocked in censorship-heavy countries, and trivially so.

That’s because I didn’t find the option to allow LAN-only access for apps

This one is coming, but instead of “excluding” all LAN traffic like NetGuard does, we instead want it to continue to flow through the local-VPN. This means, queries / connections going on on the local LAN is also visible. The consequence is, it might take us a bit longer to implement and get it right.

I tried RethinkDNS yesterday.

Nice. Thanks (:

Unless this is a bug, the ‘whitelist’ feature (which allows apps to bypass the firewall but not DNS) is useless because it does nothing.

Ouch. Strong words. ‘Whitelist’/‘allowlist’ is helpful when one doesn’t want to block a particular app like, say, Fairmail. That is, adding Fairmail to the whitelist would exclude it from blanket firewall rules like ‘Block all apps when device locked’, ‘Block all connections when DNS is bypassed’, ‘Block apps not in use (foreground)’ etc.

As for ‘whitelisting’/‘allowlisting’ an app from both DNS+Firewall, that requires considerable work which is already underway: Per-app DNS · Issue #270 · celzero/rethink-app · GitHub The long story short of this feature is, Android makes all DNS queries on behalf of apps, and so, it is not possible to know which DNS queries belongs to which app. Of course, rough heuristics could be used, but when those break, they cause a lot of confusion (a rough heuristic is what NetGuard uses, it works well in 99% of the cases, but that 1% remains unfix-able unless that heuristic is abandoned for a newer one, but then that newer one would work in some cases and won’t in another).

RethinkDNS didn’t do anything that NetGuard or Karma Firewall can’t do. On the contrary, it was less functional.

I have never used Karma, but have used NetGuard briefly before giving up on it. There’s a bunch NetGuard can’t do that RethinkDNS can, but I think those features don’t matter to you, personally. So, your assessment is valid in that context.

Those phones too use pretty much the same hardware.

You mean PINE64, Fairphone, and Librem? I thought those were open firmware?

Sorry, had to comment.

That is the wrong question, IMO. Just because we can, does not mean we should. Do you carry a wallet, cash, gold, “papers”, valuable jewelry,…? If so, you can get by without Google’s help letting you feel more comfortable being more careless with those valuables. Why not get by without Google’s help letting you feel more comfortable being careless with your device?

That said, thanks for using the sentence form you did: you lose your device, not “a device is lost” like here Keep track of my Bluetooth devices

There’s also
https://f-droid.org/packages/de.nulide.findmydevice/

Agree with both your points. The point of the OP is just that people must NOT assume (or take for granted) that an app which claims to be open source is safe to use. It need not be so.

That’s what I use. So with that AND Netguard/ Karma Firewall, I am able to block apps from connecting to the internet, but still be able to connect to devices on the LAN, and block ads too on my non-rooted devices.

I still get some notifications from some apps that use Google Play Services to deliver them, even if they have been blocked from connecting to the internet. In the ideal scenario, I would prefer having the ability to completely block an app from using internet, directly or indirectly via intents. Unfortunately, there doesn’t seem to be simple solution yet.

Looking forward to it. There is no AFWall+ like app for unrooted devices. I wish some day an app like that is available for unrooted devices that allow for more controls on the types of connections any app is allowed to have (as implemented in AFWall+).

Are you the developer(s) of RethinkDNS?

Sorry for the strong words. But when the app defines ‘whitelist’ as one where an app can bypass firewall but not DNS, I would expect a whitelisted app to be able to connect to internet. But that’s not what is happening. An app can connect to the internet only if it excluded from both firewall and DNS, so I think this is some limitation in the way RethinkDNS is designed. Whitelist isn’t the best term for how it works.

From what I understood, RethinkDNS allows for finer control on the DNS settings, something not possible with the PrivateDNS feature available with Android 9 onwards. Such level of control are unnecessary for an average user like me. So, I use the adguard DNS and Netguard/ Karma Firewall to control apps’ internet access (also LAN access) while blocking ads. But the problem with this setup is when I have to use a real VPN. Unfortunately, none of the existing VPNs allow for blocking apps, so my set-up becomes very limiting for how I want to use my device.

Also, I often see that my OS kills the VPN app every now and then, in which case too the setup breaks down. But since the OS has a built-in firewall, it is okay for the most part when controlling user installed apps.

I don’t know. I would take everything with a pinch of salt.