@lanodan @Tommy There's a reason there's widespread interest in decentralized systems!

Whether any particular decentralized system helps here is a totally seperate question.

@alcinnz @Tommy Decentralisation could help there but it's not really the key thing, instead of one server spying on you there could be multiple ones.
And not sure how costy would it be to host a mirror/cache of the F-Droid repository.

@lanodan @alcinnz @Tommy Distributing mobile apps p2p is actually a really perfect use case

@lunch @alcinnz @Tommy P2P? The poor battery.

A swarm of mirrors by different parties would be more interesting, this is what most linux distros are doing.
And you could probably add some random on which mirror you're picking from and make sure that your encryption has correct padding so ISP and middleboxes do not know what you are downloading.

@alcinnz
Yea :-))

@lanodan
That is true..
Sorry for that.

But still, the proprietary apps in the Google Play Store could hurt you.

@Tommy Sure, but Google Play Store application could be open-source that it wouldn't change much.

Google Play Store is just adding insult to injury.

@lanodan @Tommy meanwhile mentioned aurora store just provides anonymous access to Play Store(that's probably forbidden by Google's ToS but who care?)

It's opensource. But it's a client to a proprietary services.
And yes, nothing stops to archive an access logs even in full FOSS. I guess they call it... "telemetry"? :)

@a1batross @Tommy Anonymous?

The server-side, please. Sure, you aren't authenticated anymore but this doesn't matters, anonymity is void once you can put an identity on it.

@lanodan @Tommy well, sort of.

Aurora Store just uses public server that returns auth token to Google Play. It expires pretty fast but enough to download some app and forget about GP again.

@a1batross @lanodan
Yes.. I guess I shouldn't have posted this junk..

Thank you everyone for you help, I will try to do something..

@Tommy @lanodan nah, you're doing fine!

I agree with you that no one should use Google service. Not because they collect your data, but because they are doing it without consent and in fact, don't really care about your opinion.

Google is just a bunch of assholes. They don't deserve being #1 company.

@a1batross @Tommy At least google quite allows to exorcise their devices, specially their official ones.

But yeah, with big tech right now either you pick nothing from them (what I do) or you have to go frankenstein.

@lanodan @Tommy yes they are. But they seem regret this. Otherwise they would not pull useless SELinux into Android. Or mess with permissions, root access, locked bootloaders. Or practically removing the whole access to filesystem(see app scopes). They are bad people and they hate us.

I don't like when Google is compared to Facebook or Apple.

I personally can get away from them. I don't have FB profile, I don't have anything from Apple. But as Android dev I really depend on Google's decisions and it hurts me.

@a1batross @lanodan
Makes sense and it is :-(

@a1batross @Tommy
> root access and locked bootloaders

This isn't because of Google, in fact their devices can be rooted and flashed in an official manner IIRC.
But shit like Asus tablets? Oh yeah, let me require a bunch of bullshit to flip a bit in the bootloader.
And on the chromebooks (or at least some of them) it's just a physical protection (a screw) that can be made tamper-free, I wish this would be the same on most devices.

@lanodan @Tommy they could've enforce the vendors to provide the ONLY unified way to unlock the bootloader.

But they didn't. They also not enforced the vendors to increase the life of device. Most devices don't really get more than one or two security updates and that's all.

@a1batross @Tommy Unified way to unlock the bootloader could be done but pretty sure that it's vendors being assholes here (like for other linux systems, see TiVo).

And for the span of life I think that should be something like the EU (where most things have at least a 2-years warranty by design), Google can't really help there but notice that vendors only care about shipping devices, same is true for Microsoft btw.

@lanodan @a1batross @Tommy I have the misfortune of having a huawei device

@Meeper @Tommy @a1batross Well the way I've bought android devices in the past 10 years is basically: Go on XDA, pick one of the most active one and make sure it has CyanogenMod (now LineageOS) and with good support.
(And so I bought a OnePlus One in 2014 as it came with CyanogenMod by default, which ended up running SailfishOS)

Next phone for me is going to be the pinephone btw.

@lanodan @Tommy @a1batross

My dad just found it used somewhere, I did make a point about having a phone that I can root but he didn’t know about huawei’s shit ((i can’t even change the lockscreen to muzei for some reason)) He got it without asking me so I gotta stick with it.

But yeah XDA ftw

@lanodan @Tommy @a1batross I got his old iPhone before that but it commited apple-isepukku just when the cool checkra1n stuff came out

@a1batross
Thank you!

It's sad how Google earns almost all their money out of people's data.

In Short terms long: Google is a pile of shit (generally)

@Tommy @a1batross

the linux crowd knew that a long time ago about goog and microsoft...

@Tommy @a1batross

and FB

@EMPEROR
In general terms, that would be true.

@a1batross @lanodan
Agreed

@lanodan @Tommy The user agent is "F-Droid %versionname"

https://gitlab.com/fdroid/fdroidclient/-/blob/master/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java#L210

@lanodan @Tommy

You can also read a bit more about some things F-Droid does to *prevent* tracking by server operators here: https://gitlab.com/fdroid/fdroidclient/-/merge_requests/574

@fdroidorg @lanodan
Ok, thank you F-droid!

@fdroidorg @Tommy Oh wow this is a really good one, I wish browsers engines would do the same.

@lanodan @fdroidorg
Yup!
Looks like F-droid has a great taste of privacy!