Thinking about some basic privacy/offline principles for computer development

  1. If something can be done entirely locally on the user’s own device…it should be built that way!
  2. If something needs outside information, but it can be collected passively (ex. GPS location), it should be built so that it can.
  3. If something needs to interact with another system to do what it’s supposed to do, it should only connect with those that it needs to.
  4. Corollary to that: trusted peer-to-peer is usually preferable to over client-server-client. A trusted server may be better than untrusted peer-to-peer.
  5. If something needs to interact with another system to do what it’s supposed to do, it should only send information that’s needed.
  6. Any system should only keep the data needed to do its job, and possibly for troubleshooting.

Some examples:

Firefox’s local get-the-gist-of-a-webpage translation vs. Google’s send-the-text-to-Google-Translate.

OSMAnd can download a regional map ahead of time and do all the navigation routing on the device without a network connection. (You can’t get live traffic that way, though – that’s something that does require a network connection.)

eBook readers usually have no problem letting you read a book offline once you’ve downloaded it. The same should be true of text files, PDFs, email, locally stored music and video, RSS articles, etc.

Anything that is available over a LAN should be reachable even if there’s no remote connection to the internet.

Speech recognition should be done entirely locally.

I should be able to sync my laptop or tablet or phone, then pop onto a boat or a plane or into a diving bell or onto an underground train or go out into the middle of nowhere for a weeklong camping trip, or just turn off the network…and as long as the device still has power, I should still be able to read old emails, write new ones (and queue them up to go out when I get back to a connection), read a book, use the map, read articles I’ve saved up to read, take photos, review photos, delete the ones that didn’t come out well, crop or adjust the ones that need something extra, play a multiplayer game with my kid on two devices in the same room, write a draft of something…

The old always-offline and the new always-online are not the only design models available, and they’re certainly not the only situations people find themselves in. Just imagine tethering your laptop to your phone in an area with spotty connection. There are places and devices where I can barely get the Nextcloud login screen to render. And that’s my own server.

The idea that everything is going to have a constant internet connection makes surveillance tech even worse, because

  1. It’s easy to offload processing to your server even when the phones can handle it.
  2. It’s easy to build in things like update checks and news.
  3. Once you’re already doing that, why not pass a little more info for analytics or targeting.
  4. If they’re always online, you don’t need to wait for them to open it up, you can pop up a notification to grab their attention.
  5. If they’re always online, you can collect data more simply. You don’t need to wait for a connection, you don’t need to queue up multiple batches of telemetry, you can just send it.

TL;DR:

Run locally, sync remotely.
Only sync what the user needs you to.

And this is why I’m finally replacing Chrome with Vivaldi as my backup mobile …

And this is why I’m finally replacing Chrome with Vivaldi as my backup mobile browser. (Currently using Firefox as primary on both desktop & mobile, already using Vivaldi as secondary on desktop, which is why I started there for the mobile replacement.)

#privacy #google #vivaldi #chrome #GoogleTopics #adware #tracking #SurveillanceCapitalism

https://vivaldi.com/blog/news/alert-no-google-topics-in-vivaldi/

On Wandering.shop

Thinking about different aspects of location tracking in terms of…

Thinking about different aspects of location tracking in terms of

1. Your device figuring out where it is.
2. Others figuring out where your device is.
3. Your device telling others where it is.

1 would include GPS, or just listening for cell/wifi signals.
2 would include IP geolocation, or seeing which towers your calls go through, or tracking which map tiles you download while moving around.
3 would include telling a website, or an app uploading your location

1/

On Wandering.shop

Pinging hotspots or cell towers is both 1 and 2, figuring out your own location while revealing clues.

So you’ve sort of got passive sonar, active sonar, communications metadata, and actual reporting.

As for tracking:
Passive sonar isn’t a risk
Active sonar’s risk is inherent to being active
Metadata’s risk is inherent to actually using a connection
You can obfuscate it by things like onion routing, vpns, extra requests, pulling location-specific info ahead of time, etc.

2/

On Wandering.shop

And then there’s the issue of when your device explicity sends your location once it’s figured it out. Like when you search for the nearest coffee place or bank branch, or you’re using navigation software, or updating an online map in real time. Or when an app or website just wants the data.

Fortunately, OSes and browsers have decent access controls for letting apps and websites know your location (as determined by your device). But an app or website can still try to infer from other info

3/

On Wandering.shop

An app with online ads could look at which CDN endpoint you end up connecting to. Or make connections to sites with known locations and see which is faster, just like a speed test app or site choosing the nearest server to make a proper test. It’s a lot less precise, but it’s not like the OS can block the upload as easily as it can just refuse to hand detailed location to the app.

And of course it can be correlated with other metadata like geolocation

4/

On Wandering.shop

And of course anything you *intentionally* report — online navigation, check-ins, Pokestops you spin, the nearest ATMs on the bank site — you have to trust that the service at the other end isn’t going to misuse it.

Your bank isn’t going to care. They already know which branches and ATMs you visit.

I wouldn’t trust an ad network with a 10-foot pole.

Something big like Google or Microsoft or Amazon? That’s where you get into trade-offs.

5/

On Wandering.shop

Offline maps & navigation definitely have an appeal to them. Especially if you aren’t sure you’ll have reliable network access where you’re going. It’s doable. The only downside is you can’t add live traffic info. You could probably download typical traffic per day/hour along with the map and get rough esimates, butof course not be able to know there’s a 10-mile slowdown because a truck jacknifed, fell over, spilled an entire load of cheese and caught on fire

6/

On Wandering.shop

or maybe grab traffic data for a wide area, quantized so that it only reveals which large rectangles you’re passig through, not which roads. Like iNaturalist does with obscuring locations of observations.

Anyway, I don’t know why I’m still writing this. I just wanted to write down the active/passive sonar analogy, and i kind of rambled on from there.

7/7

On Wandering.shop

Why did I just uninstall Shareaholic?

Because the extension added contextual advertising to the PayPal login screen. That means (a) I can’t trust my browsing, even on HTTPS sites, to be private (yeah, I know DNS and Chrome’s anti-malware filter already get this info), and (b) I can’t trust secure sites to not be modified as long as the extension is installed.