Are site wrappers actually safe/private to use?...

43t34fg4

Basically, same as title. I have a few phones. My GOS phone is obviously my privacy phone. I wanted to ask about site wrappers, like for Reddit, YouTube, etc. On the GOS phone, I have it extremely locked down: only use Signal to contact people, really no apps downloaded except a handful, if that. I hardly even use the browser, no cell service on it, etc.

So, I wanted to ask if wrappers compromise the safety/privacy/security at all. Basically, trying to continue to stay locked down and not have Google themselves (or other non-privacy-respecting companies) seeing that I am on those sites or whatever. For example: if I use a Reddit wrapper, can Reddit still see my IP and that my phone is accessing their site and whatnot or how does that work?

[deleted]

There's no single answer to that question. Invidious, for example, lets you browse YouTube, but the video itself is delivered to you by a YouTube server etc. You can always read the source code,ask around and set up a mitmproxy with root/VM. Do your own research :)

mmmm

[deleted] Do your own research

That’s what the op is doing by posing the question in the first place.

[deleted]

mmmm And?

43t34fg4

mmmm Exactly, that's why I'm asking, haha. 11hrs later and still no real answers, though :(

GeneralVerdacht

It was already mentioned that there is no general answer for your question, because it always depends on your threat model, the trust in the alternative application and how the application works.

And especially the last part is often not easy to answer because the documentation of many applications are not very detailed.

As an example: If you want to increase your privacy watching YouTube Videos - than first you should investigate how Alphabet is fingerprinting (for example: ip, account, cookies, font, video size, OS,...) your Device. And then you can compare the details of the fingerprint with your selected application.

TRInvictus

I was thinking about the same issue regarding maps. There are lots of use cases where an app loads remote maps from G, M$, etc. Eg. showing geo tags in a gallery app, or those map apps supporting different kind and sources of maps.

Basically, you reveal your IP (and related information), as you connect to the server to fetch the data (map tiles), if there is no proxy (like LibreTube proxies YT).
In theory, there shouldn't be more fingerprinting, as it's a fetch-only operation, and no web stuff is involved (like cookies, JS, etc.), and no code is executed (only the app's own code) - unlike web apps (PWA) do.

I don't know how eg. GMap's or Bing's APIs/servers look like. Are there any user data that a client (the app) has to provide to G, in order to get permission to fetch map tiles from their servers?