This morning I was a briefly a part of the interesting conversation started at the Fediverse microblogging server fosstodon.org by the user kip. The thread started by the privacy oriented resolution kip made, stating that they are about to make steps aimed at increasing their online privacy, particularly de-googling (removing Google related software from their devices up to the point of removing their user account entirely).
This is a bold statement that requires a huge amount of effort, especially when using Google services for the daily tasks. If you have been following closely, you might be aware of the fact that I am also on the track of reducing my dependency on the Google services, or centralized third-party services in general and replacing them with decentralized open-source services where possible or convenient enough.
But my pace towards reaching this goal, if I will even achieve it in the foreseeable future, is much slower. The reason for me is, that there is a trade-off between privacy and convenience. Centralized services provided by tech giants usually do the exact opposite - trade the privacy of their users for the convenience. The more your phone "knows" about you, the better it can handle questions with a context, for example, instructing the smart device to call the doctor could be resolved properly, if the device knows requires a particular diseases the user suffers from.
The problems could surface in different ways, for instance by device advertising the medicine on the device that other people, like co-workers could be exposed to. This specific scenario is just an example and the privacy related problems could be lesser or worse. The problem I see is the unpredictability of the services, or the fact that users can not know beforehand what is happening with their data. The motives of the service provider could be harmful but unforeseen consequences could be dire for individuals.
User @yyp suggested to use a less direct approach than removing all the Google related software, by doing a conscious effort and just blocking all the communication said software does with the related service provider instead. In other words, stopping the trackers. For this purpose, they suggested TrackerControl.
Trackers in the context of the mobile phones are apps that monitor and collect data about user behavior, in a process that is usually hidden and ongoing.
This solution made sense to me. What use the trackers are for the companies they employ them, if they cannot send th data from my device back? The solution also seems easier to employ. Doing de-googling the right way is not just removing some apps and deleting the account, but replacing the Android operating system on the phone by something not owned by a pro-profit company, for instance by LineageOS. The reasoning behind this might be that the user agreement allowing data collection might be forced on the device user in order to even turn it on. With the actual account or without it.
Consequences of using TrackerControl
Installing the TrackerControl app was in fact much simpler than replacing the whole operating system on the phone. I have installed it out of curiosity. I have learned that it creates a local VPN to intercept the data communication, limiting other apps access to the outside network. This solution was novel to me and I do not understand all the implications yet.
I have assumed that TrackerControl would ask me every time an app would like an access, making me to either allow or block it, simulating the behavior of the firewall in interactive mode. I tried making some file changes for Syncthing to pick them up, but nothing happened. The files were not synced and no notification has appeared. What happened however, was that it was in deny all mode by default. I was expected to enable all the apps I trust manually.
Probing the discussion thread from the beginning revealed another hindrance. In order to prevent all data from leaking the phone, it is suggested to turn of the network before rebooting the device, as TrackerControl is turned on later than Google services.
Yet I become a bit skeptical. I could turn off Wi-Fi network every time I needed to reboot the phone, but turning off data access reliably requires taking the SIM card out. With physical SIM cards it is still possible, albeit quite unpractical. With the industry shifting towards eSIM, this trick might become harder to pull off in the future.
Another possible drawback of the TrackerControl app could be increased battery usage. I did not come across any data yet, so this assumption needs confirmation, but it is something to consider.
Is privacy so important?
I should be asking this question every time I want to increase convenience. I believe that increasing privacy in online space is harder, than simply maintaining it, by the same logic as keeping the body weight is easier than changing it in a desired way. To change something requires effort, to keep something might just require a habit. A habit, properly developed, might feel effortless.
Yet it is not easy to spot these convenience for privacy exchanges in real life. Solutions like TrackerControl are more like a patches than a full-scale solution. Although I believe they can work well enough for the purpose they are advertised at, the solution requires a behavior change in individuals as well as in corporations.
Could we come to the future where individuals with more privacy would be living significantly better life than the ones possessing less of it? With the fact that we are already trading the privacy for something else, could digital privacy become a form of currency?
This is a 11th post of #100daystooffload.