As an app developer, what worries me if the third party tools we use do unintended tracking. For example, we use Firebase for tracking crashes and knowing which versions of our apps are being used. We’ve also recently started using them for push notification handling for Android streamlining reasons. In one of the apps I’ve worked on we need location permissions to do geofencing but it’s all local, on device stuff. On the same app we’ve also recently added support for adding/removing calendar events. Again, it’s feature we added that’s local-only and theres’s no data transmission associated with that feature. The only tracking we do is our own home-grown solution that we don’t share externally.<p>With all that in mind, I’m curious how much of that data does Firebase, aka Google, share with all the rest of its services. Does enabling location tracking suddenly causes Firebase to report location data without our knowledge? Does enabling calendar access suddenly cause Firebase to read the calendar data on its own and report that, too? I’m not at all accusing Firebase of doing anything without knowledge and maybe it may be a “good citizen” with regards to how it manages and accesses (or doesn’t, even if it can) private data but I’m confident that that’s not the case with every third party tracker.
When someone asks me about what is the most important challenge of this century, I reply: PRIVACY. The way it goes right now shows us very clear sign there will be no privacy anymore. Anything you say or watch is preserved and can be used one day against you. My apologies to all future politicians. It is serious. Porn habits? No problem. Drunk jokes? Will reflect. The way to solve this conundrum is a change of social norms, but it's a long way.
One of these days, I took some time to analyze network traffic going out of my phone. I wanted to know what was happening behind. I learned that some apps that I wouldn't think of, such as banking, ISP and credit card, were tracking me and sending information to advertising companies!<p>I got angry at some things. For instance, ISP app should provide me information about data consumption and means to buy more. However, it decided to do more things behind the scenes, in addition to doing the tasks it was supposed to in a overly complicated manner—requests travelled back and forth over multiple servers over multiple companies before it did anything.<p>After this exercise, I realized how great it would be if these companies had to provide a clean and well documented API. Users could implement their own apps, liberating themselves from having to trust their private data and resources to companies that would care less if, if allowed.
And I for one am tired of it!<p>How much would it cost me to have a phone with all trackers turned off? (Or, perhaps, routed through a core application that requires whitelisting?)
I have raised the issue of trackers in analytics SDKs on developer forums and the result has invariably been negative towards me.<p>When speaking to friends and coworkers about these issues, the result is mostly people calling me paranoid.<p>Developers mostly don't care as long as they get money.<p>Users mostly don't care as long as they get cheap apps.<p>As a developer who does not use third party SDKs that track users (other than the OS) because I value my user's privacy and realize that many of my users are in places where data is expensive and scarce, I sometimes feel like I an engaging in a futile and unwanted effort.
There’s a lot of scaremongering in here. I fully support giving users full privacy controls. However, both Android and iOS allow you to toggle off availability of your Advertising ID. That’s been in there for years. Turn it off and apps can’t grab it (they get 000000000). Each vendor gets a vendor-specific ID on iOS, shared between that vendor’s apps. Delete all vendor apps and it resets.<p>I’m not saying this is an ideal situation by any means. However, it’s just two small examples that are ignored by this article.
Is there a way to check what trackers/libraries/"kits" an iOS app uses? I don't use many apps on my iPhone and most of them don't have background & location rights so I'm not that worried but would still like to know what they send back...
I'm moving towards simply having more devices, partitioning their uses. A decent tablet is a mere $50 (eg flo) and a good phone is a mere $100 (eg herolte).<p>It's easy enough to have eg two phones - a main one with FDroid only, and a secondary off-most-of-the-time one with YALP store convenience apps. Tablets you can diversify even harder because you don't have to carry them in your pocket.
Since it's not yet mentionned, here's an alternative:<p><i>> The Librem 5 represents the opportunity for you to take back control and protect your private information, your digital life through free and open source software, open governance, and transparency</i><p><i>> As a social purpose company, Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands. Let’s declare, “We will no longer allow unfettered access to our photos, videos, email, text messages and application and usage data without our permission.”</i><p><a href="https://puri.sm/products/librem-5/" rel="nofollow">https://puri.sm/products/librem-5/</a>
on ios, if you have a pihole set up, you can use dnscloak[1] to block advertising and tracking servers. (alternatively you can use one of the servers listed in the app by default if you care to trust someone else's dns server.)<p>you can set it to 'connect on demand', ie always on mode, at the cost of a bit of battery (not enough for me to be bothered). it acts as a vpn but only for your dns queries. afaik this is the best single step privacy option on ios at the moment.<p>[1] <a href="https://itunes.apple.com/us/app/dnscloak-secure-dns-client/id1452162351?mt=8" rel="nofollow">https://itunes.apple.com/us/app/dnscloak-secure-dns-client/i...</a>
I know Algo vpn[1] can be configured to block ads with a DNS resolver, but does anyone know it also block trackers?<p>On desktop I use extensions to limit tracking, but it's harder on iOS.<p>[1] <a href="https://github.com/trailofbits/algo" rel="nofollow">https://github.com/trailofbits/algo</a>
You are Right, but XML should also Not be used, and what to consider as Configuration? Maven: Pom.xml as well?
JSON is neat, like to use it. Write your own parser to fix Tage issues you see.
But in the end: what Format do you propose for config files?
Ok...let me try.<p>“Physical retail stores and loyalty programs have trackers you know nothing about.”<p>Am I doing this right?<p>I feel like a deeper point needs to be made to justify these headlines. The conversation needs to evolve and get more nuanced.