Trying to escape Google’s ecosystem, but past purchases keep pulling me back. #DeGoogled #GoogleLockIn #PrivacyStruggles #TechDilemma #FOSS #DigitalFreedom #AndroidAlternatives
Trying to escape Google’s ecosystem, but past purchases keep pulling me back. #DeGoogled #GoogleLockIn #PrivacyStruggles #TechDilemma #FOSS #DigitalFreedom #AndroidAlternatives
The thing people often dont realize is that if you do end up caving in and installing Google app services back onto your de-googled phone and logging into your old Google account - well, you’re almost back to square one. Google now ties all the identifiers of that phone/OS to your old Google account and will continue tracking it as much as possible whenever it sees those identifiers accessing anything. So I’d avoid that if your goal is de-Googling, but I understand why some need it as a stop-gap.
I thought the same initially re: sunk costs, but when I actually sat down and made a list of the apps I had on my old phone and what I used them for, I could quickly see that almost half of them were already FOSS. Then checked what alternatives are available for others and realized i could actually replace almost everything. The only premium apps I ended up “needing” were Poweramp*, and a couple others I actually forget now without finding my list. Almost everything can be replaced by using the website as a web link or web app, or using an open source alternative.
A big bonus of that process was seeing on the Aurora Store how many trackers were detected in each of the old apps while i was reviewing them and it was insane. I remember one Sudoku app I’d installed years back had like 16 trackers… Wtf. Checked FOSS options on F-Droid and found several alternatives.
*Poweramp can be bought direct from the developer, no need for Google apps, so I repurchased it via that method so I could avoid using my old account. I don’t mind buying things a second time if the devs have made the facilities available to avoid Google. I recently did the same for Symfonium.
The only ones that stung a bit to abandon was Sleep As Android which I’d paid for (I use their limited free version now and block it on the firewall to prevent ads/tracking); and Sygic (gps app) I’d paid lifetime maps for… I just use Organic Maps now, and while it’s not as fancy it navigates just fine and I use it regularly for car GPS.
Things like Shazam that there’s not really a FOSS alternative for but are free (with questionable tracking) you can install as a ‘work profile’ app via Shelter, which means it has no access to your real contacts and personal data, and can be set to auto-freeze (deletes cache and pauses app, keeps personal data). So you can use it and expose minimal data, and it can’t tie it back to a Google account to profile you as it doesn’t see one.
So far I’ve never needed a Google account on this phone, which means it’s been a clean break from Google entirely. 3 years now and very happy with the results.
GrapheneOS runs Google play services in a sandbox (rather than as a system level app) and randomizes the advertiser ID, IIRC.
I’m keen to give GrapheneOS a try when I upgrade to my next phone, it’s got some privacy enhancements that CalyxOS doesn’t (my current OS). The sandboxing is cool and every bit of obfuscation helps.
However unless your phone is on an always-on VPN with an IP isolated from your other devices, or you’re in a bulding full of other users to obfuscate your traffic somewhat, then just accessing your Google Play account via the phone will give them your public IP address and they’ll be able to tie that heuristically to your other data/accounts.
Eg scenario: you have a laptop at home, it browses and has a bunch of cookies saved, it uses your public IP. Google is all over the web, inescapable while browsing, and through browser fingerprinting has an advertising profile saved for your device even if you’re not logged into an account, this is often called a ‘shadow profile’. If it sees another device (your phone) on the same network (same internet IP) regularly accessing the same sites - those devices are likely linked in their database as ‘likely same user’, with frequency they will be merged permanently as same user. If you then log into your old Google Play account on the phone - boom, all history for that account is now linked in their database to any other profile identifiers for the shadow profile eg cookies, browser fingerprints etc. They don’t need you to log in multiple times, once is enough to confirm owership of that device & account. Opsec is a cat and mouse game and Google (and the other surveillance capitalism giants) are literally the most valuable businesses in the world because they’re good at tracking users to create personal profiles for them.
Audire - https://github.com/alexmercerind/audire.
I’m very interested in this info; thanks. What OS and phone are you using? Graphene/Pixel? I desperately want to be off of Google. Apple is not an option.
I am going to transition to Infomaniak for cloud (dumping Proton, wtf Proton), but mobile is still a big question for me
Using a Pixel 5 on Calyx OS. I was attracted to CalyxOS and Graphene as they both use a locked bootloader allowing OTA updates and keeping the boot process secure. I’d say either are good choices. I’ve been very happy with CalyxOS, only a few minor issues in the few years I’ve been on it (a tile button not working in one update, that kind of minor stuff).
This phone model is EOL now and only getting security patches, so im on the lookout for a Pixel 8 to move to (going second hand for costs). I’m planning to give GrapheneOS a try for a few weeks when I upgrade as I’ve read good things about it and will have a good yardstick to compare it to now with my time on CalyxOS.
P. S. I think the Proton CEO thing is overstated - he praised an anti-big-tech pick for the (iirc) Assistant Antitrust Attorney General (that is objectively good), and then backed it up saying he is very hopeful this person with a proven track record litigating against big tech will take on their monopolies that have been hindering players like Proton heavily over the years. His statements were always going to be taken poorly though (any Trump action being praised - even if the action was good, is a red flag because Trump is a disaster for a thousand other reasons and people are understandably on edge), and the follow-up comments should never have been done from the official Proton social media account - which is something Proton also stated, and said wouldn’t happen again. Me: OK that’s strike one. I’m not throwing them out after 9 years of very positive work for one failure, I think there’s a tendency in the privacy community to ‘let perfect be the enemy of good’ and for me at least this is an example of that.