Nulide / FindMyDevice · GitLab
gitlab.com
Find your Device with an SMS or online with the help of FMDServer. This applications goal is to track your device when it's lost and should be a...

Find your Device with an SMS or online with the help of FMDServer. This applications goal is to track your device when it’s lost and should be a…

  • thingsiplay@beehaw.org
    64·
    2 months ago

    I wouldn’t use it, but always appreciate Open Source solutions that can be self hosted if you want.

    If you really care about your privacy, think about to not use stock Android. Instead consider an alternative that is based on Android, but stipping out all the Google and tracking from the operating system, such as “/e/” operating system (bad name): https://en.wikipedia.org/wiki//e/_(operating_system) and https://e.foundation/e-os/

    • Lemongrab@lemmy.one
      51·
      2 months ago

      /e/ is not very degoogled. DivestOS or GrapheneOS would be better choices, then maybe CalyxOS.

        • lemonuri@lemmy.ml
          6·
          2 months ago

          Here is a thorough analysis of /os’s security and privacy.

          https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/

          Tldnr: it’s alright but but grapheme, divestos or calyxos should be preferred if those are available on your device.

          Problematic seems the unique device id /e os generates and sends on every update and also security updates for the integrated webview browser have been severely out of date in the past.

          • thingsiplay@beehaw.org
            0·
            2 months ago

            Looks like a good and careful analysis. While I speak German, its a lot to take here, so cannot say much about the articles content (besides some of the concepts are way above my head and understanding).

            But the article/analysis doesn’t seem to support your claim “not very degoogled”? (Edit: I changed this phrase, it was wrongly phrased.)

            The /e/os ID you mentioned, has nothing to do with Google, as the update information is sent to /e/os servers I guess (which in itself is concerning, I’m not saying otherwise). I personally don’t see a need to switch to any of the other services (they pretty much also support microG and I can’t install them anyway I guess).

            • lemonuri@lemmy.ml
              2·
              2 months ago

              Ok, yeah, you’ve got a point I think. But one could argue if microg is enabled by default, at least some info might leak to google as their push servers are contacted and a device id is created (even if the data is anonymized to some extend.). (Depending on if these settings are enabled by default in microg which I am not sure of).

              Here’s some info from the divestOS faq (cmp.: https://divestos.org/pages/faq):

              "Anything important I should know about microG?¶

              The 'Google device registration' and 'Google SafetyNet' options WILL make microG connect to Google servers.
The 'Cloud Messaging' option WILL make microG maintain a persistent connection to Google servers.
The 'Cloud Messaging' option does NOT require a Google account.
The 'Google SafetyNet' option WILL download and execute proprietary obfuscated code from Google and is strongly NOT recommended.
While microG itself is open source, any apps talking to it will do so using the proprietary Google Play Services library."

              It goes on to provide some guidelines if you want to use microg:

              How should I configure microG?¶

              "Depending on the apps you want to use there are a few different ways you can use microG.

              Some apps don't need microG but check that they were installed via Play, in this case you only need microG Companion/FakeStore and to install the app via `Aurora Store` (via session installer) or `Obtainium`. This mechanism only works on 18.1+ currently, adb workaround still necessary on older versions.
Some apps will work with microG simply installed without any Google connections, in this case it is strongly recommended to revoke Network permission from the microG app.
Some apps need push notifications via Google, for them you must let microG maintain a persistent identifiable connection to Google. Enable 'Google device registration' and 'Cloud Messaging' in microG.
Some apps require a captcha to be performed by the user, for them you can enable the 'Google SafetyNet' option.
Some apps require SafetyNet to work, while the option to enable it currently exists it will not work in the unprivileged mode that DivestOS uses and will be removed in a future update."

              So depending on your thread model, you still would want to disable some of the options in microg to have absolutely no leakage of data to google. For example I am not comfortable any more with using push notifications since it was revealed that state actors use this info to tail users communications.

      • paradox2011@lemmy.ml
        1·
        2 months ago

        /e/ does quite a good job removing Google’s presence from Android. It’s been awhile since I watched it, but this techlore video does a good breakdown of it.

        Edit: actually that’s not the one I was thinking of, I’ll keep trying to find it, but it broke down the actually network connections that different degoogled ROMs were making and /e/ did very well.

        Edit 2: couldn’t find the video, it’s lost somewhere in my watch history from 2+ years ago. In any case, even jumping to lineage from stock android is a great move, and /e/ makes many improvements on Lineage in removing further dependence on google code. Better to use a phone you already have than to purchase a new device just to run software that has security features you likely don’t need. It makes me think of buying a car for it’s top speed of 160 mph when you’re only ever going to be driving the speed limit.

    • lemonuri@lemmy.ml
      1·
      2 months ago

      Could you explain why you wouldn’t use it?

      I’ve been using it for a couple of years and am happy with it, it grants an extra layer of security I think, if you can wipe the device when lost/stolen. Also very handy if you misplaced the phone and its set to not ring, as with this it will ring at full volume. You don’t need to use their server for the app to function, if that is your concern. I use a secondary device from my household. You can send a text message to your phone to let it ring even when its set to silent mode/get its location/or even wipe it remotely.

      • thingsiplay@beehaw.org
        4·
        2 months ago

        Could you explain why you wouldn’t use it?

        Nothing against the project or the concept, I personally don’t have a need for. I’m just the kind of person who is organized when it comes to stuff like that (no offense to anyone, I really try to be careful with the wording here!). And if I don’t see a need for a software or service, then there is no need to add complexity to the system. I’m still curious enough about these tools to look into. That’s all.

      • TheGalacticVoid@lemm.ee
        1·
        2 months ago

        Not OP, but the tools provided by my OEM of choice are already really good, so it’s something I’m glad exists but isn’t useful to me.