So i've just seen this video with the title: How to De-Google LineageOS by Mental Outlaw
Content:
Changing the DNS server
Changing the Captive Portal
Changing the Android System WebView implementation
Changing the SUPL Host server
Changing the NTP server
Removing bloatware Google packages
What i already did on my phone running lineageos: set DNS to Quad9 and disable google SUPL, actually i'm not sure which term to use, is SUPL the same as google con check?
Steps taken:
• disable connectivitycheck.gstatic.com (google con check)
• rooted with magisk app
• install termux app
• run termux and type following commands one by one:
su
whoami (verify you are root)
settings put global captive_portal_mode 0
settings list global | grep portal
So instead of changing the "SUPL" server as the person in the video did, i've set it to 0, asuming this is good enough.
But what about the rest, are these steps important? For example is webview implementation permanently active and could it phone home to google or is it only active when viewing a webpage inisde of an app?
LineageOS is de-Googled by default.
Do a clean install of LineageOS, but don't flash your OpenGapps/MicroG zip, only your LineageOS zip.
catto_ said:
LineageOS is de-Googled by default.
Do a clean install of LineageOS, but don't flash your OpenGapps/MicroG zip, only your LineageOS zip.
Click to expand...
Click to collapse
Did you even read my post??? LineageOS isn't fully de-googled, zzz.
Privacydroid said:
So instead of changing the "SUPL" server as the person in the video did, i've set it to 0, asuming this is good enough.
Click to expand...
Click to collapse
you've probably broken something GPS related then since it cant ping for some data.
not sure what tho, and if you dont care about gps or dont use that specific gps feature it doesnt matter anyways, just anytime it tries to ping that site it'll time out since 0 isnt a dns/ip address
Privacydroid said:
But what about the rest, are these steps important? For example is webview implementation permanently active and could it phone home to google or is it only active when viewing a webpage inisde of an app?
Click to expand...
Click to collapse
nope, its not permanentally active
its just chromium
mental outlaw (and alot of other linux youtubers) antagonize chromium (for good reason, im a firefox user myself) but they blow it out of proportion, after all chromium isnt riddled with spyware (unlike chrome).
getting rid of the systemwebview is more of a "F** YOU" to google to disturb their market share
yes chromium has some google components (not sure if the webview has any tho) but afaik they dont phone home normally unless you connect to a google account
and yes, its only active while browsing the web using an app that utilizes webview. if you do all your web browsing on a different browser (eg. firefox, brave, bromite) then theres no webview to worry about.
pro-tip btw: use the web versions of all social medias, you avoid using the integrated web view and dont need extra bloat on your device. even the heavier javascript-riddled ones work okay on my 2014 galaxy s5 (72C cpu tho..)
RDS5 said:
you've probably broken something GPS related then since it cant ping for some data.
not sure what tho, and if you dont care about gps or dont use that specific gps feature it doesnt matter anyways, just anytime it tries to ping that site it'll time out since 0 isnt a dns/ip address
nope, its not permanentally active
its just chromium
mental outlaw (and alot of other linux youtubers) antagonize chromium (for good reason, im a firefox user myself) but they blow it out of proportion, after all chromium isnt riddled with spyware (unlike chrome).
getting rid of the systemwebview is more of a "F** YOU" to google to disturb their market share
yes chromium has some google components (not sure if the webview has any tho) but afaik they dont phone home normally unless you connect to a google account
and yes, its only active while browsing the web using an app that utilizes webview. if you do all your web browsing on a different browser (eg. firefox, brave, bromite) then theres no webview to worry about.
pro-tip btw: use the web versions of all social medias, you avoid using the integrated web view and dont need extra bloat on your device. even the heavier javascript-riddled ones work okay on my 2014 galaxy s5 (72C cpu tho..)
Click to expand...
Click to collapse
Well, "F** YOU GOOGLE" sounds great to me. Might just not be worth the time if webview doesn't phone anyways, but i rather be sure on that instead of guessing.
I wouldn't be so sure that google components don't phone home without a google account.
So an app utilizes webview means it'll phone home to google, then when is webview utilizesed, permanently while that specific app is in use or only while that app who has the capability of utilizeising webview does actually make use of the "feature".
Bromite is great, just falls behind on updates lately.. there aren't really other great options..
Yeah using services via webbrowser instead of installing an app is always preffered.
PS; most of social media is a cancer, i don't use any )
Privacydroid said:
Well, "F** YOU GOOGLE" sounds great to me. Might just not be worth the time if webview doesn't phone anyways, but i rather be sure on that instead of guessing.
I wouldn't be so sure that google components don't phone home without a google account.
So an app utilizes webview means it'll phone home to google, then when is webview utilizesed, permanently while that specific app is in use or only while that app who has the capability of utilizeising webview does actually make use of the "feature".
Click to expand...
Click to collapse
afaik it doesnt tho, thats why many use chromium. if it does its likely "anonymized" to some extent (still can be de-anonymized) but its minimal enough that most linux distributions (including those with stricter rules) allow plain chromium into their repos.
most apps i use are web-based anyways so i just use them in firefox..
Privacydroid said:
Bromite is great, just falls behind on updates lately.. there aren't really other great options..
Click to expand...
Click to collapse
i wish firefox supported webview (possible since geckoview exists) but there doesnt seem to be any work on that done. im not going to use bromite as the minor "im not phoning home the 0.3% of the time i actually need to use an app that uses webview" is too little for the "i have to flash new bromite versions as root any time i wanna update it"
Privacydroid said:
Yeah using services via webbrowser instead of installing an app is always preffered.
PS; most of social media is a cancer, i don't use any )
Click to expand...
Click to collapse
yeah
in general i only use youtube because of the educational and tutorial content on there (which they clearly dont realize is one of the most important parts of their platform, hence the removal of the dislike) but their algorithm is very in favor of clickbait and its ruining these channels..
i wish more would use something like newpipe
Related
anyone using this on the nexus4, i have no clue why my data says it eating like 360MB out of 500MB!:crying:
does it really work in blocking ads?
cobyman7035 said:
anyone using this on the nexus4, i have no clue why my data says it eating like 360MB out of 500MB!:crying:
does it really work in blocking ads?
Click to expand...
Click to collapse
Do you have root? If yes, I would recommend using Adaway. Great app and it works.
kwerdenker said:
Do you have root? If yes, I would recommend using Adaway. Great app and it works.
Click to expand...
Click to collapse
+1, but I guess the problem of the OP is that he doesn't know what is eating his data plan.
There are a lot of program that shows the data usage per app so you can know what to blame. I personally use avast! Mobile Security cause it counts and store the data used per app and has a built in per app Firewall to cut it.
cobyman7035 said:
anyone using this on the nexus4, i have no clue why my data says it eating like 360MB out of 500MB!:crying:
does it really work in blocking ads?
Click to expand...
Click to collapse
According to the FAQ Adblock will appear to use most of your data because the data is passing through it.
It is basically just a HTTP proxy, so it should block web page ads as well as the browser versions.
Adaway uses a different method - it simply blocks the ad server dns entries so they can't be looked up. No data is passing through the adaway app. It also works for SSL which Adblock doesn't.
I don't know which way is best - I use Adaway and am happy with it. Adblock supports the well maintained browser blocklists (and works in a similar way), but requires the proxy run in the background and filter all your traffic.
isangelous said:
According to the FAQ Adblock will appear to use most of your data because the data is passing through it.
It is basically just a HTTP proxy, so it should block web page ads as well as the browser versions.
Adaway uses a different method - it simply blocks the ad server dns entries so they can't be looked up. No data is passing through the adaway app. It also works for SSL which Adblock doesn't.
I don't know which way is best - I use Adaway and am happy with it. Adblock supports the well maintained browser blocklists (and works in a similar way), but requires the proxy run in the background and filter all your traffic.
Click to expand...
Click to collapse
If you have root, Adaway is the better way to block ads. Since it's doing it at a system level, you don't need anything additional like the proxy running in the background (proxies are a bit of a privacy concern in my opinion, even if it's running locally on your phone). Also you can add any host source you like in Adaway, so it supports most if not any blocklist Adblock supports
The main point abaout Adblock is, that you can use it on non-rooted phones.
kwerdenker said:
If you have root, Adaway is the better way to block ads. Since it's doing it at a system level, you don't need anything additional like the proxy running in the background (proxies are a bit of a privacy concern in my opinion, even if it's running locally on your phone). Also you can add any host source you like in Adaway, so it supports most if not any blocklist Adblock supports
The main point abaout Adblock is, that you can use it on non-rooted phones.
Click to expand...
Click to collapse
They use different blocklists - adaway is simply a list of domains but adblock rules are more powerful. They can be a domain or just part of a url, they can apply only to certain websites, they can apply to html tags, etc. I use these features quite a bit on the desktop version.
I think Adaway is a better way of blocking ads in apps and is good enough for browser ad blocking for now. I think Adblock is better for the browser and wish Chrome supported extensions because I do agree with you that running the proxy is not the best way to do this. Once it has proven stable and has a few more features it might be worth it. At the very least you need to be able to limit it to Chrome - I don't want to depend on that background service for all data.
So for now Adaway is the better all-rounder. It is a shame both are system wide so you can't use both where they are better suited.
isangelous said:
They use different blocklists - adaway is simply a list of domains but adblock rules are more powerful. They can be a domain or just part of a url, they can apply only to certain websites, they can apply to html tags, etc. I use these features quite a bit on the desktop version.
I think Adaway is a better way of blocking ads in apps and is good enough for browser ad blocking for now. I think Adblock is better for the browser and wish Chrome supported extensions because I do agree with you that running the proxy is not the best way to do this. Once it has proven stable and has a few more features it might be worth it. At the very least you need to be able to limit it to Chrome - I don't want to depend on that background service for all data.
So for now Adaway is the better all-rounder. It is a shame both are system wide so you can't use both where they are better suited.
Click to expand...
Click to collapse
Ah ok, now I understand what you are getting at and I think our opinions are not that different. What I meant with my original post was "between the two in their current states, adaway is the better solution".
If chrome for android would get an addon system, I would probably install adblock for it too
Hello and good day,
I haven't found any approach in this and ask this to everybody here around. Is there any interest in a security / privacy focused ROM that has the following features:
internet traffic through TOR
GPG / PGP KeyChain with Apps that support GPG / PGP
no apps that are calling home in any way
no facebook integration (but still possible to use facebook chat with OTR encryption)
without google play (add on possible) and focused on free software
possibillity to encrypt the whole phone OR specific folders
possibility to encrypt SMS text messages
Skype / WhatsApp / ICQ..... alternatives with encrypted OTR chat possibilities
video calling alternative based on XMPP or SIP (instead of skype and general video calls)
The apps for this are all there as free software. I just would compile everything in one CWM-flashable ROM that's ready to use.
Interest anyone?
In the first thoughts the following software would apply:
Based on stripped down (because ram matters in terms of fc and huge games) CyanogenMod 9
GPG/PGP: https://code.google.com/p/android-privacy-guard/
k9 mail: https://code.google.com/p/k9mail/
TOR (orbot): https://www.torproject.org/docs/android
browser: https://guardianproject.info/apps/orweb/
ad(-track) block: https://code.google.com/p/ad-away/
free software market: http://f-droid.org/
multi messanger: https://guardianproject.info/apps/gibber/
multi messanger: http://www.xabber.com/
multi messanger / video calls: https://jitsi.org/
maps: http://osmand.net/
openvpn service: http://code.google.com/p/ics-openvpn/
encfs / truecrypt: https://code.google.com/p/cryptonite/
lbe privacy guard (per app based solution to restrict permissions): http://forum.xda-developers.com/showthread.php?p=18948472#post18948472
search engine: https://duckduckgo.com/
kernel fxp216
I am interested in this! Even if there isn't much interest and you end up not making the rom, please post the names of the apps that it would contain for those interested
Sent from my R800i
updated 1st post with software suggestions
konstruktor said:
updated 1st post with software suggestions
Click to expand...
Click to collapse
I wish this idea would kick into high gear. After reading "No Place To Hide", I think it's time for a ROM with enough encryption and privacy options to make all of us safe.
JT
jttraverse said:
I wish this idea would kick into high gear. After reading "No Place To Hide", I think it's time for a ROM with enough encryption and privacy options to make all of us safe.
JT
Click to expand...
Click to collapse
the thing is you would be forced to use other services than that you are used to and that are common. you would have to say goodbye facebook, google, instagram and i dont know what most people use nowadays to give away their rights. as you can see in terms of replys - there are nearly none. no one with this device seem to be interested about that issue.
you would need to use services like jabber/xmpp instead of skype for example and tell your friends about the opportunity. it would be in interest for everyone but the effort for most people is too big.
and what you say about a safe phone - it's not even marginal possible. you can just encrypt your data so nobody can listen what you do. as you use a phone you can still be tracked by your phone number, other services you use with your browser, by blind sms messages used by feds...
edit: just check the first post. there are some alternatives. you can modify your phone like delete everything with the name google, facebook ......... in it and services / apps that require authentication and are calling home. there are several apps you can use to delete system applications and services. then install some new apps via f-droid that respect your privacy like some i mentioned in the first post
Hi Guys
I have noticed since upgrading to the latest firmware (4.4.4 build number 3.28.401.7) that adaway is creating issues with other apps. I frequently get error messages stating "unfortunately google service has closed ,,,,"
I could confirm this by disabling adaway then everything is fine
however I prefer to find a solution to this, maybe someone could recommend a better ad blocking app?
many thanks
Unfortunately adaway is the best but there are other that work well if you have xposed framework look for min min guard it works pretty well
spinninbsod said:
Unfortunately adaway is the best but there are other that work well if you have xposed framework look for min min guard it works pretty well
Click to expand...
Click to collapse
i did that and it didn't block ads on the app i was testing
No issues with Adaway and 4.4.4 for me.
Do you have any other issues with Google services? There is an issue with the US carrier AT&T, where Google services will sometimes fail on LTE with Euro based ROMs. It seems to be a problem with the Euro build.prop not playing well with AT&T's network.
Might have nothing to do with your issue, but might be worth trying another ROM at least.
redpoint73 said:
No issues with Adaway and 4.4.4 for me.
Do you have any other issues with Google services? There is an issue with the US carrier AT&T, where Google services will sometimes fail on LTE with Euro based ROMs. It seems to be a problem with the Euro build.prop not playing well with AT&T's network.
Might have nothing to do with your issue, but might be worth trying another ROM at least.
Click to expand...
Click to collapse
I noticed it only with latest firmware+ROM, so i cannot be sure if it's the new firmware or the new rom
But Adaway is working fine on most apps, except one or two, where the ads are NOT appearing but the app is crashing
I often get the known message "unfortunately google service has closed..." but i also get a similar message stating the name of the app needs to be closed.
Is there a way to allow ads on certain apps through adaway? Maybe i can still use Adway but allow ads to show for apps that are crashing?
thanks
krihoum said:
Is there a way to allow ads on certain apps through adaway? Maybe i can still use Adway but allow ads to show for apps that are crashing?
Click to expand...
Click to collapse
You might try the Whitelist function in Adaway. Press Menu>Your Lists, and there you will see a tab for whitelists. Never used this myself, just know it exists. But it seems like it might do what you want.
redpoint73 said:
You might try the Whitelist function in Adaway. Press Menu>Your Lists, and there you will see a tab for whitelists. Never used this myself, just know it exists. But it seems like it might do what you want.
Click to expand...
Click to collapse
well i can see it but when i want to add (using the + BUTTON) it asks me for a host name rather than an application name
i am not sure how to do that
krihoum said:
well i can see it but when i want to add (using the + BUTTON) it asks me for a host name rather than an application name
i am not sure how to do that
Click to expand...
Click to collapse
Ahh, so the white list is for hosts, not apps.
Go to Menu>Open hosts file. You will need a text editor of some sort installed (I have ES File Explorer installed, and the ES Note Editor opened the file fine - I'm guessing any text editor app will do). You'll find a large list of hosts. Try to find Google on there, and cut and paste the host name to your whitelist.
Again, I've never used the whitelist function before. So I'm just guessing how this works, and that it will help your issue.
redpoint73 said:
Ahh, so the white list is for hosts, not apps.
Go to Menu>Open hosts file. You will need a text editor of some sort installed (I have ES File Explorer installed, and the ES Note Editor opened the file fine - I'm guessing any text editor app will do). You'll find a large list of hosts. Try to find Google on there, and cut and paste the host name to your whitelist.
Again, I've never used the whitelist function before. So I'm just guessing how this works, and that it will help your issue.
Click to expand...
Click to collapse
thanks a lot
it helps me understand how Adaway works but unfortunately nothing with the word GOOGLE in the long list
however i am white listing some french sites which might be the cause of the french app to crash (its an app that lists programme TV)
I used to use AdAway ages ago, but moved onto AdBlock quite a while ago. I don't know if it's intrinsically better than AdBlock, but AdBlock is working fine for me.
AdBlock Plus
It can work without root, but is better with root, which I guess you have.
Adaway simply modifies the local HOSTS file, causing all traffic to ad servers (as defined by the subscription servers) to be redirected to local host. Since there isn't a web server running on the phone by default, the requests just fall on the floor and time out. Some (poorly written) apps get grumbly when they can't contact a web server, so there is an option under preferences for running one on localhost. I'm not clear what it "serves", though.
Personally, unless the app needs network access to function, I find that simply blocking them with iptables (I use Droidwall) is sufficient.
jshamlet said:
Adaway simply modifies the local HOSTS file, causing all traffic to ad servers (as defined by the subscription servers) to be redirected to local host. Since there isn't a web server running on the phone by default, the requests just fall on the floor and time out. Some (poorly written) apps get grumbly when they can't contact a web server, so there is an option under preferences for running one on localhost. I'm not clear what it "serves", though.
Personally, unless the app needs network access to function, I find that simply blocking them with iptables (I use Droidwall) is sufficient.
Click to expand...
Click to collapse
wow i have to admit that this did the job and was properly tested! I run the webserver and the application works, i disable it and the application crashes
The only small issue i have now is that the webserver doesn't run automatically even when i select "start at boot" but that is not a huge problem
I guess i can clear my whitelist now, since the webserver is dealing with this
many thanks Again
A while ago I came across this thread:
https://news.ycombinator.com/item?id=12016011
and I'd like to know whether the Google collecting stuff also applies to a default LineageOS install? Or does it start only after GApps is installed (even the smallest possible one)?
Personal info, the minute you enter your google email address.
Sent from my Sprint Note 3 running Lineage 7.1.1 on T-Mobile. using XDA-Developers Legacy app
When you put you email or use some Google app product you agree to share your personal data.
Enviado de meu Mi 5s Plus usando Tapatalk
OK, but that's limited to that app and the permissions you give it - and that goes pretty much for all apps, Google or not. I was thinking more about the system-wide "telemetry".
Neuromancer said:
OK, but that's limited to that app and the permissions you give it - and that goes pretty much for all apps, Google or not. I was thinking more about the system-wide "telemetry".
Click to expand...
Click to collapse
Not really. Google has tentacles into so many things it's mind boggling.
For example: you may think that you are keeping your location data private by turning off that nice shiny location services toggle right at the top of your screen. But guess what? By default, various Google frameworks are set to override that whenever they feel like it, to ping your location silently anyway.
And even if you have the GPS chip disabled in hardware (or it doesn't exist at all), they will try to triangulate you based on other visible entities like WiFi and Bluetooth signals. (You know those Google Streetmap cars that drive around everywhere taking pictures of everything? They also are collecting a giant database of every single wireless signal they encounter, and linking them to the exact geo coordinates where they were detectable. And they also collect this data from every device running Android. So if your downstairs neighbor has a WiFi access point or bluetooth device in Google's location database, the simple fact your mobile device can see one of those signals means they've now got YOUR location, too.)
Neat, huh?
---------- Post added at 13:25 ---------- Previous post was at 13:21 ----------
Neuromancer said:
A while ago I came across this thread:
https://news.ycombinator.com/item?id=12016011
and I'd like to know whether the Google collecting stuff also applies to a default LineageOS install? Or does it start only after GApps is installed (even the smallest possible one)?
Click to expand...
Click to collapse
Even the "pico" Gapps - which includes (IIRC) just the Gplay services framework, Gplay app, PIM sync and Google Cloud Messaging components is enough.
On one of my devices I have pico Gapps installed on Lineage 14.1 and, as per usual, it is constantly trying to get my location. (I know this because I have Privacy Manager set to popup an approval prompt for both Gplay and Gplay services.) Another thing that the Google frameworks like to do is send/receive silent SMS messages. Once again, if it were not for the CM/Lineage Privacy Manager prompts, this would all be invisible.
Agree with Exabyter. Google is soo inside the apps and it's services that it's hard to predict if they can get your data or not. The Google Services Apps that give you access to lot of apps features have a lot of phone permission
Enviado de meu Mi 5s Plus usando Tapatalk
So using alternative markets such as F-Droid and Aptoide, and not installing GApps at all, can be a mitigating factor?
Neuromancer said:
So using alternative markets such as F-Droid and Aptoide, and not installing GApps at all, can be a mitigating factor?
Click to expand...
Click to collapse
Yes. And I was thinking along those lines myself for quite a while.
Unfortunately the big problem with those app sources is that they cannot handle paid apps/subscriptions.
F-droid is great if you are an open-source pedant, and as much as I like it (because among other things, generally speaking most of the stuff on there isn't doing sneaky stuff), the selection is very small.
Aptoide has a large percentage of the major apps on Gplay, but many of them are there without the developer's permission. Anyone can create an appstore there and upload any APK they want. (I actually have a private store there I intend to use at some point as a sort of APK repository for my various devices, but in practice I'm not sure how well this will work) And if you get apps from a personal user's store there there's a possibility there's something illegitimate about it. Aptoide checks APK signatures but I like to run a local A/V scanner anyway.
My current thinking is install the smallest possible open-source Gapps (eg pico), and then try to put a leash on what is left.
I'm still trying to work out how to accomplish that. Going to be posting a question in this forum shortly about location spoofing, for example. (In short: a recent AOSP patch may have really set us back here. )
Just installed LOS on my Nexus 6P -- I'm excited! I'm totally new to custom ROMS & have a few initial questions. Oh, I do not have the Play Store & Google apps installed (I think you call them gapps?) .
Why is Chrome the default browser? This was a huge shock to me -- I expected Firefox for a privacy focused ROM. How do I remove Chrome?
Is the default email app some sort of Gmail clone? I have not yet added any email accounts to it because I need to better understand what this default email app is all about -- I don't want to connect to anything Google. I will be using O365 Exchange & iCloud.
Is there a way to get ExpressVPN to work on LOS? I don't see the app on F-Droid.
Where else can I go to find apps that are safe to install?
ron_jeremy said:
Just installed LOS on my Nexus 6P -- I'm excited! I'm totally new to custom ROMS & have a few initial questions. Oh, I do not have the Play Store & Google apps installed (I think you call them gapps?) .
Why is Chrome the default browser? This was a huge shock to me -- I expected Firefox for a privacy focused ROM. How do I remove Chrome?
Is the default email app some sort of Gmail clone? I have not yet added any email accounts to it because I need to better understand what this default email app is all about -- I don't want to connect to anything Google. I will be using O365 Exchange & iCloud.
Is there a way to get ExpressVPN to work on LOS? I don't see the app on F-Droid.
Where else can I go to find apps that are safe to install?
Click to expand...
Click to collapse
Congratulations.
-chrome is not the default browser. Android contains chromium web view which is used by default leightweight browser. That is identified as chrome by webpages. You can replace the webview with bromide or install fennec from f-droid.
-email is a native AOSP app, you can trust.
-no idea about vpn. Some are even worse than a average ISP. You can use tor instrad.
-sometimes i install apps from Google play store. No need to use play app. Use yalp or aurora.
And you will connect to Google as soon as you touch any connect device.
btw there's also a build of Chromium from Bromite's developer.
You can trust APK Mirror and APK Pure. I haven't tried any other APK sites so be wary.