[Samurai]

People are mulling Right To Privacy in a country where we have no understanding of freedom of speech or privacy.

https://cio.economictimes.indiatimes...right/88114406

I don't think this will go anywhere. Take freedom of speech, most Indian believe we have it, when we actually don't. I had to live in US for few years before I understood that.

Coming to privacy, we as a country understand it even less. I have been in situations where Managers of nationalized banks have demonstrated they don't understand the concept. They have made me sit along with 2-3 other customers in the same cabin and then ask details of my company finance. They couldn't understand why I was unwilling to answer. Once a visiting VP of one such bank stood at our busy reception desk and asked how much loan the company is having at that time. I could feel every person in the earshot looking at me eager to hear my answer. I had to disappoint them all by saying I won't reveal such confidential data in public.

[Thad E Ginathom]

In my basic law classes at college in Britain, the teacher said to us, about freedom of speech: you have it as long as you don't say certain things.

[Poitive]

Quote:

Why remove your personal information?

When your personal information is online, you might be an easier target for identity theft, fraud, or even cyberstalking. Advertisers, companies, and hackers can quickly figure out a lot of information about you, like your name, home address, family information, or even social security numbers and passwords.

How do we remove it?

We are creating a privacy service to monitor websites for your personal information and remove it from sites that put you and your loved ones at risk. It’s not available yet, but click below if you are interested in finding out more

https://www.ghacks.net/2021/12/06/fi...-the-internet/

This link might end up being of some use. It is about a service by Mozilla (the ones who make Firefox)

Quote:

Originally Posted by binand

Yes.

Thanks a lot for the extensive reply, binand. Will continue this discussion when on the forum via a comp.

[Poitive]

Thanks a lot for the elaborate response, binand. A few points below:

Quote:

Originally Posted by binand

Yes. You can see the impact on speed and latency in these screenshots (the first one is with VPN on, second is with VPN off, both taken back-to-back). Latency is of course dependent on both ends, so I have chosen a site that is of particular interest to me this December.

Interestingly the difference is minimal and in favour of the VPN (a chance, I presume) on the said site. What also came to notice is the servers with VPN being in Bangalore and the ones without being in Dubai.

Quote:

Here is how it works for Android. App developers have to declare upfront what all permissions they need. This list is then showed in the Play Store entry's Permission Details section. If you as an app developer do not declare a permission you will not get it (so presumably these apps that you talk of do not declare the INTERNET permission). And if you do not get it, you can't use that functionality.

Among the declared permissions, some Android grant automatically (INTERNET), some Android asks the end user whether to grant or not and some are denied automatically.

My initial question in this regard was due to the post mentioning this and if so, if there was a workaround it.

Quote:

If you're using a Google phone (Android), all keystrokes and searches on other engines are recorded too, Microsoft SwiftKey also records all keystrokes. DDG seems to be safe for now, but we have no idea what they're doing in the background.

Quote:

Android by default grants Internet access to all apps. You can't turn this off.

One example of a keyboard without internet access is Simple Keyboard (link)



Summarizing: So, if the internet permission is not shows in the app (keyboard app as above), it can't record and send keystrokes; and that Google doesn't either?

Quote:

As I mentioned previously - the reason we can't tell Google to stuff it is that they offer a host of actually useful products. For example they run a CDN for Javascript libraries which a lot of developers use.

I thought so too. Also, here I was referring to the page linked from a Google-search being (at least as if) hosted on a google domain (presumably an interim/temporarily one for the page). I don't know enough, but it seems to be some further extension of AMP.

Bit by bit, the inconvenience of keeping away from Google is increasing, that fewer and fewer will find the tradeoff of convenience for better privacy to be viable.

Quote:

The UX and treatment are identical. The benefit is that when I'm ready I can simply change a DNS setting and cut myself free of Google
~~~~~
One benefit is that if Google for any reason suspends my email address my life will not be upended.

Thanks. A good approach.

[binand]

Quote:

Originally Posted by Poitive

Interestingly the difference is minimal and in favour of the VPN (a chance, I presume) on the said site.

I think you misread the results. Higher the bandwidth, the better it is. The lower the latency, the better it is.

With VPN, my bandwidth was measured to be 17 Mbps as opposed to 19 Mbps without - ie, a 10% degradation.

With VPN, my average latency to the IT website was 1362 ms, without it, it was 1201 ms - ie, a 13% degradation.

Quote:

Originally Posted by Poitive

One example of a keyboard without internet access is Simple Keyboard (link)

Summarizing: So, if the internet permission is not shows in the app (keyboard app as above), it can't record and send keystrokes; and that Google doesn't either?

This is a good reference, because it is an open-source application and we are able to examine its innards. See here:

https://github.com/rkkr/simple-keybo...idManifest.xml

You can see that it asks for only one permission (the "uses-permission" line) - VIBRATE. Presumably to provide haptic feedback upon key presses. Since it does not ask for INTERNET permission, this app is not capable of sending information out into the Internet.

That is, it can still record keystrokes, but not send them anywhere outside the device.

Can Google access keystrokes made through this app? Theoretically, it is possible but practically it is very difficult to do and a company of the size and stature of Google (hopefully) wouldn't make that sort of a move. I would expect them to have sufficient controls in place to ensure one or several rogue employees cannot do this either.

[Poitive]

Quote:

Originally Posted by binand

I think you misread the results.

Yes, I misread/mis-compared the latency on the IT site. Thanks.

Quote:

This is a good reference, because it is an open-source application and we are able to examine its innards.

So, I take it that for all practical purposes, an app which doesn't need internet/network permission would not be sending out data (such as keystrokes).

Further, does this also apply to closed source apps?

Github etc (possibly somewhat OT)

While we are at it: I often end up on Github and the likes checking open source apps/software which I generally prefer. I doubt all open source software on Github etc would be considered safe, as many might never be really examined enough; especially if it has few users.

Now the question is, how does a semi-aware non-techie like me figure what on Github and the likes might be considered reasonably safe to use? (I realize it is subjective, hence the quotes). What could be the indicators that it is okay, and of it is based on some numbers (forks/contributors/stars/etc) what woild good reference numbers be?

Over the years, I have casually asked this Q from a few techie friends (some who've moved into management long back) and haven't got any helpful answers.

[binand]

Quote:

Originally Posted by Poitive

Now the question is, how does a semi-aware non-techie like me figure what on Github and the likes might be considered reasonably safe to use?

Reputation, Curation and Web of Trust are the three usual options available to you.

[Poitive]

Quote:

Originally Posted by binand

Reputation, Curation and Web of Trust are the three usual options available to you.

Could you please elaborate?
Have only heard of WoT as a firefox extension, which gave scores to websites based on users giving points.

Anything on Github which suggests that an app is likely to be safe?

On what basis to get an idea of the reputation etc for non big-time apps/software?

Pardon my indulgence. Maybe I'm asking too much and taking too much of your time. Please skip answering if it gets too much

[carboy]

I have a question here - who exactly do people want to protect their data from?

- Your Internet Service Provider
- The websites you visit
- Indian Govt
- Chinese Govt
- US Govt
- Some one else you can specify in the replies

Please don't say all of the above - just reply with the one who you are most scared of possessing your data.

[Thad E Ginathom]

Can't really say anything else than "all of the above." Plus some.

I'd add, top of the list, those who want to take my life and sell it for commercial profit.

But, frankly, the battle is long since lost.

[binand]

Quote:

Originally Posted by carboy

I have a question here - who exactly do people want to protect their data from?

Quote:

Originally Posted by Thad E Ginathom

Can't really say anything else than "all of the above." Plus some.

Yes. The question needs qualification.

If we define privacy as our right to control who gets to observe (and process) our interactions and opinions - then just about every possible entity must be listed.

And if we accept these entities have the same rights as ourselves, then we also need to permit them to observe (and process) our interactions and opinions.

Case in point is our credit card issuer. Do we accept they have the right to run a business and make a profit out if it? Then we must allow them to access our spending information (so that, let us say, they can produce that monthly statement). We can't be like, "where I spend my money is my private affair, the card issuer has no business storing it in a database".

The game changer is the power imbalance between us and the other entity. The credit card issuer is a behemoth financial services player, with direct access to governance and policy-making structures and millions if not billions of dollars to spend on favourable regulatory regimes. So to correct this imbalance, we would want their ability to access our information to be rigidly defined and tightly controlled by ourselves or our agents.

Certain entities need to be considered as special cases. Our own government is one, and of late I have started treating Google as another. In these cases, the power imbalance is so high that we really have only two options: (a) live under a rock or (b) accept that where these entities are concerned, we cannot have an expectation of privacy. I am constantly seeking for any (c) here that I might not have recognised as such before.

So, gun to head and only one choice - I'd go with "Indian Govt".

[carboy]

Quote:

Originally Posted by binand

Yes. The question needs qualification.

If we define privacy as our right to control who gets to observe (and process) our interactions and opinions - then just about every possible entity must be listed.

Of course, the right to control it from should include everyone - else such a right doesn't make sense. But that was not my question - my question is who are you most of afraid of your data getting into hands of & why? Or are you equally scared of your data getting into the hands of your maid as compared to any of the entities I listed above. Are you scared of it getting into the hands of your enemy at work as compared to the above entities. Are you worried about it getting in the hands of your boss? And so on.

Quote:

Originally Posted by binand

So, gun to head and only one choice - I'd go with "Indian Govt".

So you are saying you are fine with all your data being in the hands of your own govt but you would be more worried about it getting into the hands of the US govt. That's quite a strange choice!

[binand]

Quote:

Originally Posted by carboy

who exactly do people want to protect their data from? Just reply with the one who you are most scared of possessing your data.

Quote:

Originally Posted by binand

So, gun to head and only one choice - I'd go with "Indian Govt".

Quote:

Originally Posted by carboy

my question is who are you most of afraid of your data getting into hands of & why?

So you are saying you are fine with all your data being in the hands of your own govt but you would be more worried about it getting into the hands of the US govt. That's quite a strange choice!

No no... the question was "who exactly do people want to protect their data from (the one who you are most scared of)" - and I replied "Indian Govt". That is exactly the opposite of "you are saying you are fine with all your data being in the hands of your own govt" - I am unequivocally not.

My own government is Government of India.

[carboy]

Quote:

Originally Posted by binand

No no... the question was "who exactly do people want to protect their data from (the one who you are most scared of)" - and I replied "Indian Govt". That is exactly the opposite of "you are saying you are fine with all your data being in the hands of your own govt" - I am unequivocally not.

My own government is Government of India.

Ok, it was a little confusing because you said you cannot have expectation of privacy from your own governmrnt.

Quote:

Originally Posted by binand

Certain entities need to be considered as special cases. Our own government is one, and of late I have started treating Google as another. In these cases, the power imbalance is so high that we really have only two options: (a) live under a rock or (b) accept that where these entities are concerned, we cannot have an expectation of privacy. I am constantly seeking for any (c) here that I might not have recognised as such before.

[binand]

Quote:

Originally Posted by carboy

Ok, it was a little confusing because you said you cannot have expectation of privacy from your own government.

Yes, that's right. What I tried to say was - I have to either live like Alexander Selkirk or live with the understanding that I simply cannot expect privacy from my own government. Since the former is not a practical possibility, it will have to be the latter and therefore, I need to be afraid of my own government the most.