Goatey523 Damn that thread gave me a heart attack, thank god they are doing the bare minimum of those requests xD
Every single of those requests is waving flags and flares, "hey Google, here I am, again"
Proton apps pinging Google API + sending reports back after opting out
treenutz68 May I ask what you are using to block the metadata collection from things like firebase?
Metadata collection from push notifications cannot be blocked as far as I know, you'd have to live without pushs to do that.
I use RethinkDNS to put those apps to "isolation mode". That blocks everything that is not whitelisted, means nothing can be connected by default by that app. Then, start the app and check the connections log. There you'll see the domains and IPs the app tries to connect. Whitelist the domains (or IPs) that are needed to run the app, eg. the domain of your bank for your banking app. That should make the app work, and everything else stays blocked by default. I prefer this approach vs. "badness enumeration" where you allow/trust everything by default and specifically block certain domains (the badnesses). Furthermore, I do not allow DNS bypass in RethinkDNS, as apps may work around DNS (domain names) by contacting IPs directly. (eg. Whatsapp telemetry once had a specific domain, that everyone was blocking, now they use tons of IPs that are contacted directly, DNS bypass. Google is doing the same, they contact tons of IPs directly.) That way you can make your app work by allowing the minimum, everything else is blocked. If you want to preserve push notifications, you'll have to whitelist firebase, mtalk.google.xxx, and others. I don't do that to keep as much privacy as possible for those few apps I depend on, but come with all kind of trackers sadly (banking apps, local post office and such things with no alternatives). RethinkDNS is great, it allows lot of fine tuning, but you have to know how to set it up properly. And you can use Wireguard too (VPN). That's the price you pay for privacy when giving up functionality like push and having additional efforts, but privacy itself is the prize you win :-)
TRInvictus RethinkDNS is great, it allows lot of fine tuning, but you have to know how to set it up proper
I have just started looking at this app. It does look great, but youre right, one does need to know how to set it up properly. Do you know of any good guides to that end?
Any word back from Proton? I have it, too, but I've been hearing... Mixed opinions about it.
6 days later
GlytchMeister and everyone, sorry for the slow update: they got back to me.
They answer is in short: yes. it's the normal app behavior and there is no way to turn off this anywhere inside any of the proton android apps. Also, this won't change in the foreseeable future.
Personally, I find this very sad. I really like proton, but this is a break up reason for me. It will be a proper hassle, but I'm going for a new mail host. GOS is such a therapeutic experience without Google, and I strictly want to keep it like that. My takeaway: be the possibly less dependent on any mail provider, and just use domains for most of the things. I wish I would do that earlier, now it would save me loads of time. Anyway, lesson learned.
@TRInvictus Thank you for your comments on RethinkDNS! I'll also definitely deep dive into all of this as well.
I wonder if Tuta does this as well. It'd be interesting to find out, as that may be a decent alternative.
I'm definitely interested in a guide... And even more interested in a "RethinkDNS for Dummies" sort of guide.
bootloader thanks for letting people know about this
Speeduser7533 I think they don't, but I'll test it soon and post the results here. My pick is they probably not, as they using their own push service, which is great anway. Proton's constant connection to Google is due to their reliance on Google Push Services (what is still the case if you disable it and if you don't have Google Push), or that is what they said. Crossed fingers!
GlytchMeister Same!
Speeduser7533 Tuta doesn't use anything Google for their services. I switched to Tuta when I switched to Graphene and learned Proton push services wouldn't work.
As for the pinging of Google from a Proton service it isn't their VPN app cause I use it in my main profile and it doesn't ping anything google. I use their Email and calendar app in another profile and something is pinging. I think it's the email app.
Bugger. I recently bought into Proton before I learned how to really investigate this kind of crap. Was about to use their calendar app to migrate my schedules and events and whatnot from my iPhone to my pixel.
Bugger bugger bugger.
Right. I guess that means I need a calendar app and an email app.
I'm rapidly approaching the point of learning how to set up my own server rack and host my own private domain and instances of things. Getting tired of having to determine if a provided service is trustworthy and finding out it ain't.
Which is a real pain in my butt, because I don't own a desktop PC, I don't have a lot of money, and my internet isn't exactly amazing. And I have yet to have a good experience with Linux... Well, desktop Linux. GOS is doing much better than any other Linux or Linux-adjacent OS I've had the displeasure of wrangling. (Tho I still can't get it to accept a custom ringtone...)
[deleted]
GlytchMeister AOSP keyboard doesn't have a thumbs up. So, thumbs up! Maybe an idea for devs to look at more than security...
@mmmm
@GlytchMeister
I don't know about an explicit RethinkDNS guide, start with my post above, description of specific features can be found on RDNS's github page, there's a lot of explanations in the issues.
You may want to open an RDNS thread here on the forum, pretty much sure there are some GOS users around that use RDNS, kind of a "place to go about RDNS" where we can help and answer questions...?
GlytchMeister I'm rapidly approaching the point of learning how to set up my own server rack and host my own private domain and instances of things.
An own "home lab" is an excellent thing for sure, but one has to know how set it up and keep it running.
And keep in mind, your "own private domain" makes you trackable everywhere, better use public services (email, VPN, etc.) that are known to respect privacy.
- Edited
Uuuuuugh I thought that was like, the "you need to be able to See The Code like Neo to pull it off, but if done right, is very secure and private" option
headdesk
I'm rapidly approaching the point at which I turn off my pixel and go back to my decrepit iPhone 8 and accept defeat
- Edited
GlytchMeister well it depends what you use it for.
I have a home lab. My services are searx for websearches, lingva for translate, and various other front ends and services. Calendar, contacts and photos are also self hosted. This is all easy, and you really dont have to worry too much about security so long as you access it all through a VPN, or do a bit of research into setting up reverse proxies securely. Tailscale is a good VPN option (free, though not all open source). I am assuming youre not being targeted by a nation state or even LE. If you are then I would not suggest self hosting or be so blasé about how easy it is to secure.
I personally dont try to self host my own email server, website or anything else that I can't just 'turn off' and cope with it if it need too.
Above anything else its a fun project.
Well, you're correct that I'm not being targeted. Well, as far as I know. I am a hobbyist SciFi and fantasy writer, so my searches are liable to raise some eyebrows, but I have yet to be visited by forgettable people in cheap suits and sunglasses, so I assume I'm not being actively targeted. :P
I don't have the knowhow to do it, I don't have the time to learn, and I don't have the hardware even if I had the knowledge and time, anyway, so... Yeah. Its just frustrating.