XPost: comp.mobile.android, alt.comp.os.windows-10   
   From: mariasophia@comprehension.com   
      
   Carlos E. R. wrote:   
   >> Marketing also "markets" it as "better", although, much like   
   >> Apple marketing is brilliant lies, they never actually say so outright.   
   >   
   > We just have to trust the sales guy from the car company. "Just use   
   > regular as long as they make it."   
   >   
   > There was a decision to ditch regular, but it is always postponed.   
      
   Hi Carlos,   
      
   Just like with leaded gas, they can't just ditch the higher-octane-rated   
   fuels without actually changing the engines, although truth be told, knock   
   sensors retard timing nowadays when engines feel detonation pinging.   
      
   If a new vehicle gas-cap door doesn't have a sticker saying that the higher   
   octane rated gasoline isn't needed then there's zero advantage to using it.   
      
   I's actually worse gas for cars that don't need it, which isn't going to be   
   able to be measured by us, but I still think it's kind of funny that out of   
   a million people, only about 6 know that the more expensive fuel is worse.   
      
   Marketing "teaches" people everything they "think" they know about science.   
      
   >> Back to the topic, a key observation is that we can port contacts easily if   
   >> we "upload" them to "the cloud", but that's exactly what "they" want us to   
   >> do.' Once it's on "the cloud", we have lost control of our contacts.   
   >>   
   >> And, since our contacts are our friends and neighbors, it's like placing   
   >> everyone's data on a deck of cards and letting those cards blow in the wind   
   >> around town for anyone else to pick up and use if they feel like it.   
   >   
   > Sorry, I do not agree. They are still my contacts, and they are not   
   > shared with google.   
      
   Well, do you use the Google GMail app on Android to get your email?   
   (Note: Gmail on iOS, is, surprise!, more private than GMail on Android.)   
      
   Bear in mind, out of a million people, only six actually test what GMail   
   does and I've tested it (and reported to the Android newsgroup years ago).   
      
   The *first* time you log into the Google GMail app on an Android phone,   
   Google *creates* the mothership account (if it's not already created), and,   
   in my tests, Google *AUTOMATICALLY UPLOADS* your contacts since you have no   
   chance of unchecking the default setting until *after* that happens!   
      
   It has been years since I've tested that behavior in gory detail though,   
   but that's why I use FairEmail instead of Google's GMail on Android.   
      
   And there's (way) more than just Google's GMail which uploads contacts.   
   Do you have WhatsApp? Telegram? Signal? Facebook? Instagram? TikTok?   
   Snapchat? Microsoft Outlook? Yahhoo Mail? Truecaller? Hiya? Drupe?   
      
   Do you use any OEM cloud backup program (e.g., Samsung Cloud)?   
      
   Most people don't realize this but Gboard can read the contacts sqlite   
   database, and that's "just a keyboard" (or so they think it is).   
      
   As I said many times, privacy is a million things, but most people only   
   know about half a dozen of those things which we are discussing here.   
      
   >> I'm not so concerned about "breach of contract" than about malefactors   
   >> getting a hold of it, but I'm not saying I know of any cases where   
   >> malefactors have harmed our friends and neighbors.   
   >>   
   >> What I'm saying is simply that uploading ANYHTHING to the cloud is absurd   
   >> when you have no need to upload anything to the cloud when backing things   
   >> up from your Android phone to the Windows PC.   
   >   
   > I do not agree. It is far more convenient, easier, safe enough, and   
   > private enough.   
      
   The problem with "private enough" is that many entities have said the same   
   thing, and, well, think about history and all the "surprise attacks" in it.   
      
   There's a long history of cloud-stored personal data being breached, and   
   contacts/phone numbers are often part of what leaks. A few well-known   
   examples from just the last few years:   
      
   1. Facebook (2021)   
      A dataset containing ~533 million users' phone numbers, names, and   
      other profile details was scraped and published online. Many people   
      had their phone numbers exposed even if they never posted them   
      publicly, because Facebook uploaded and matched contacts from users'   
      phones.   
      
   2. LinkedIn (2021)   
      A scrape of ~700 million profiles was circulated online. While   
      LinkedIn called it "public data," the dataset included emails and   
      phone numbers that came from contact syncing.   
      
   3. WhatsApp / Meta (2022)   
      A database claiming to contain ~500 million WhatsApp user phone   
      numbers appeared for sale. WhatsApp relies heavily on uploading the   
      user's entire contacts list to Meta's servers for matching.   
      
   4. Microsoft (2023)   
      A misconfigured cloud endpoint exposed ~38 TB of internal data,   
      including employee information. Not contacts specifically, but a   
      reminder that even major cloud providers misconfigure storage.   
      
   5. Twilio (2022)   
      A breach allowed attackers to access customer phone numbers and   
      authentication data. Twilio powers many messaging apps, so phone   
      numbers stored in cloud systems were indirectly exposed.   
      
   6. Clubhouse (2021)   
      The app uploaded users' entire phone contact lists to its servers.   
      When their backend was scraped, millions of phone numbers were   
      exposed.   
      
   7. Google (multiple incidents)   
      While not a single catastrophic breach, Google has had repeated   
      incidents involving misconfigured cloud buckets, exposed datasets,   
      and unintended data sharing. And as noted earlier, the Gmail app   
      historically uploaded contacts automatically on first run.   
      
   These aren't hypotheticals. They're real-world examples showing that   
   once your contacts leave your device and enter "the cloud," they're   
   subject to breaches, scraping, misconfiguration, and resale.   
      
   That's why some of us prefer to keep the Android contacts SQLite database   
   empty and avoid cloud sync entirely. But I do agree it takes more effort.   
   --   
   There is no such thing as a "surprise attack" to a well-informed person.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)