XPost: comp.mobile.android, uk.telecom.mobile   
   From: dave@g4ugm.invalid   
      
   On 10/03/2025 0:39, Marion wrote:   
   > On Sun, 9 Mar 2025 17:56:39 +0100, David Wade wrote :   
   >   
   >   
   >>> Thanks for helping me understand why people set up a Google Account   
   >>> on the   
   >>> phone, where the loss in privacy from that one act, unfortunately, is   
   >>> huge.   
   >>   
   >> Is it really that huge?   
   >   
   > You're making a keen observation, & I don't necessarily disagree with you.   
   >   
   > However... in the *context* of this thread, it's huge in that the DSID   
   > cookie is active as soon as the user logs into their Google Account.   
   >   
   > My beef is people complaining that they "can't" have privacy when they   
   > really mean they don't bother to do anything about having privacy.   
   >   
   >> What on earth is google going to do with my personal info?   
   >   
   > Again, you bring up an astute point about what's the real threat here.   
   >   
   > Unfortunately, the answer to that question could fill a book even if we   
   > only look at lawsuits which Google lost, so I won't even try to answer.   
   >   
   > But I get your point that you're not worried about Google getting your   
   > data, and let's be clear, I have plenty of Google Accounts myself.   
   >   
   > I even have Google Voice (but I use it only on the iPad for privacy   
   > reasons), so I get your point that Google can have "some" of your data.   
   >   
   > I weigh the threat against the benefit, which, for example, is why I won't   
   > ever use Google Voice on Android but I'm happy to use Google Voice on iOS.   
   >   
   >> Lets take my contacts. Because everyone else does not hide their   
   >> contacts from google, pretty sure google can work out who my contacts   
   >> are by cross tabulating info from every one else.   
   >   
   > I'm always in amazement at how many apps want access to our contacts.   
   >   
   > I get it that it's a phone, and phones contact people, and nobody remembers   
   > everyone by their phone number, so we all maintain a contacts database.   
   >   
   > Where I take umbrage is everyone who has "my contact information" is   
   > uploading it to the whole world without asking my permission to do that.   
   >   
   > Alas, those same people are uploading my Wi-Fi unique BSSID & GPS location   
   > (although I hide my broadcast & I add "_nomap" to the end of the SSID & I   
   > set my phone to not seek out my hidden SSID for automatic connection, and I   
   > have the MAC on every connection randomized etc., so I do my part for   
   > privacy - but the vast majority of people wouldn't even understand a single   
   > clause in that sentence above - because they know nothing about privacy.   
   >   
   > All I can do is try to keep as little of that information available to them   
   > since the vast majority of people do EXACTLY what marketing tells them to.   
   >   
   > My main beef is people claim they "can't" have privacy from Google. And   
   > yet, they can.   
   > They just have to stop doing EXACTLY what marketing people tell them to do.   
   > They need to think.   
   >   
   >> Take my location, well my car tracks that any way. Usually I am with   
   >> one of my contacts, I bet their phone allows tracking. So again google   
   >> can figure out where I am without access to my GPS...   
   >   
   > I again agree with you that even if YOU don't allow Google to track you,   
   > all the people around you are so incredibly stupid, that THEY are letting   
   > Google track you (see my example above of the Wi-Fi access point data).   
   >   
   > I don't disagree that the vast majority of people are so unfathomably   
   > stupid, that they are really the direct threat to your privacy - not Google   
   > directly.   
   >   
   > As an example, if you don't hide your SSID broadcast, then those stupid   
   > people are sending Google your unique BSSID & GPS location every time they   
   > drive by your house. You can't fix stupid people. All you can do is ensure   
   > that the information they get is of no use to Google & that takes work.   
   >   
   > 1. Set your SSID to a unique name (for butterfly hash obfuscation)   
   > 2. Set your SSID to end with "_nomap" in case it gets uploaded 3. Set   
   > your SSID to be "hidden" (as in not automatically broadcast)   
   > 4. Randomize the MAC for every access point (which is now the default)   
   > 5. Randomize your MAC upon every connection (which is NOT the default)   
   > 6. Set your phone to NOT automatically reconnect (again, not the default)   
   > etc.   
   >   
   > Since stupid people outnumber you a million to one, the onus is on you to   
   > prevent your unique information from being uploaded to the google servers.   
   >   
   >> .. I think the real reason people just sign into a google account is   
   >> because they don't see a need to maintain privacy. They have paid for   
   >> functionality, and they want it all too work without having to   
   >> research other options, which are likely to be less secure than google...   
   >   
   > Here's where I agree and disagree with you. a. I agree that signing into   
   > Google is the *easy* way to get functionality   
   > b. But I disagree that it's the more secure way of doing things   
   >   
   > For every Google app, there's a FOSS privacy-aware replacement, which is   
   > *more secure*, so I must take umbrage at your claim that it's less secure.   
      
   Because such apps receive less scrutiny from the "ethical hacker"   
   community, and have much less use, I would argue that they are more   
   liable to contain security vulnerabilities than googles code and so be   
   more vulnerable. One has to balance this with reward, so as they are   
   lightly used when compared to google they are less likely to be   
   targetting by hackers...   
      
      
      
   >   
   > But I do agree with you that the easy way out is to just log into a Google   
   > Account; however, I wonder if people realize their phone actually works   
   > better without it?   
      
   Really? How so? How can for example having to copy my contacts every   
   time I save one be "better". I should have that I do own more than one   
   PC so keeping the whole lot in sync? Export and re-import into my house   
   voip phone?   
      
   Then the calendar/diary. When I book an appointment in the dentist its   
   in my google calendar on all my PCs.   
      
      
      
   Dave   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)