XPost: comp.mobile.android, alt.comp.os.windows-11
From: mariasophia@comprehension.com
Chris wrote:
>>> But then you must ask for permission from each contact for you to store
>>> their private information on the cloud, which is a lot of work, is it not?
>>
>> No, I don't have to. Not in Europe.
>
> Not anywhere.
Hi Chris,
This year I'm being super nice and not snarky, where my goal is to add
immense value given my medical situation, so I want this to be inclusive.
I read everything you write, so I understand that you feel it's not rude to
not ask for permission from your contacts, and, honestly, I understand that
because most people are like sheep who do whatever Google marketing says.
Since I worked in the Silicon Valley for decades putting together complex
systems for a living and since I used to have an engineering-level TSSI
special-access designation, I am likely more tuned to privacy issues than
most people, as I have seen what they do in those Fort Meade windowless
brick buildings (as they used the software like nobody else ever did!).
There are two ways to do almost anything on a computer, IMHO.
1. The way the mothership wants you to do things
2. The way that makes the most sense to you
While those two ways of doing things might be exactly the same to most
people, that's why I claim there are a million things to do for privacy
where most people only know about a half dozen of those million things.
a. On iOS, I don't do things the way Apple tells me to do them.
b. On Windows, I don't do things the way Microsoft tells me to do them.
c. On Android, I don't do things the way Google tells me to do them.
The only things I do the way I'm told to do them is when my wife tells me!
To the point of backing up contacts, the method I've proposed seems to be
the most privacy aware which doesn't use the net or a mothership account.
Export > VCard
To the point of protecting the privacy of everyone who is in our contacts,
I'm proposing the use of the DOpenContacts (Contacts + Dialer) Foss ware.
debug APK available
Again, since I put systems together for a living, here's a system for us.
This suggested privacy-aware flow avoids the system contacts SQLite
database entirely & still gives full calling and texting functionality.
1. Install DOpen Contacts (Contacts + Dialer) from F-Droid or GitLab.
A. This app maintains its own private contacts database.
B. No other app can read that private database because it is sandboxed.
C. The app includes its own dialer so it can place calls and send SMS
without exposing its internal contact list to the system provider.
2. Set DOpen Contacts as the default dialer.
A. Android 13 has no concept of a default contacts app.
B. Android 13 does have a default dialer and a default spam app.
C. Go to Settings > Apps > Default apps > Phone app.
D. Select DOpen Contacts as the default Phone app.
E. This allows the app to handle calls and SMS while keeping its
contacts private.
3. Export your existing system contacts to VCF.
A. Use any contacts manager that can read the system SQLite database.
B. Export to a VCF file stored on internal storage or SD card.
C. This is the only time the system contacts provider must be touched.
4. Import the VCF file into DOpen Contacts.
A. Open the app and import the VCF file.
B. Verify that all entries appear correctly in the private database.
C. At this point the app has a complete contact list that no other app
can read.
5. Optional: delete or poison the system contacts database.
A. Delete all entries in the system contacts provider if desired.
B. Or use a FOSS tool like Fake Contacts to fill it with random data.
C. This prevents third-party apps from inferring your social graph.
6. Optional: disable Google or OEM sync layers.
A. Disable Google Contacts sync in Settings > Accounts.
B. Be aware that Google Play Services or OEM layers may re enable it
after updates.
C. Check periodically to ensure sync remains disabled.
7. Back up your private contacts safely.
A. DOpen Contacts can export its private database to VCF.
B. Copy the VCF to non phone storage such as a home PC.
C. Encrypt the backup with Veracrypt if desired.
D. Repeat this backup whenever contacts change.
In summary, two FOSS tools help us build a system of contact privacy.
We can consider poisoning the system contacts database for extra privacy
A. Even after deleting system contacts some apps still expect the
provider to contain entries. Leaving it empty can reveal that we
are privacy conscious which is not always desirable.
B. A FOSS tool called Fake Contacts can populate the system contacts
provider with random entries that masquerade as real contacts.
C. These fake entries are stored in the same SQLite database that
third-party apps read when they request READ_CONTACTS.
D. The idea is to feed fake data to any app or company that copies our
contacts for analytics, spam detection or resale. This is called
data poisoning.
E. Data poisoning prevents third-party apps from reconstructing our
real social graph because the fake entries overwhelm the real ones
or replace them entirely.
F. Fake Contacts is available from multiple trusted FOSS sources:
G. Poisoning is optional but it adds a layer of plausible deniability
because any app that scrapes the contacts provider will receive it.
When combined with DOpen Contacts this gives us a tiered system model:
1. Real contacts stored privately in a sandboxed database.
2. Fake contacts stored in the global provider to mislead data
harvesters.
As I said many times, privacy is a million things, where most people onlyh
know something like a half dozen of those million things. This approach
protects our privacy and also protects the privacy of everyone in our real
address book because their numbers never enter the system provider at all.
Overall, this suggested two-tiered flow gives two benefits at once:
A. Privacy, because nothing is stored in the global SQLite contacts
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
