It’s pretty convenient: Once you’ve created a Google Account, you just switch on your Android device, enter the credentials – and everything starts working out-of-the-box. Your contacts and calendar events are synchronized across devices, your documents go to the Google Drive, photos are automatically backed-up to Google+, you’ve got your Gmail wherever you are, and so on. Based on all those data, Google Now even tells you what you need to know before you know to need. You can stop thinking: simply relax, and enjoy your life.
Or did I forget something here?
What about privacy? Finally, you shouldn’t call it “the cloud”, but rather “someone else’s computer”1 to make yourself clear where your data is. And no, it’s not just a gag taken from Microsoft’s “scroogled” campaign. The most recent real-life case as of this writing was reported by Khou.Com: without a search warrant, Google “found” a suspicious picture in some Gmail box, and alerted the police. While a good thing in this specific case, the question remains: How comes Google “found” that picture in the first place, if your data are considered “private”?2 Obviously not that private, after all.
Android without Google:
- 1: Introduction
- 2: ownCloud
- 3: Getting rid of unwanted bloatware
- 4: App Replacements
- 5: Free your Droid!
- 5a: microG (update to NOGAPPS in part 5)
- 6: Self-Experiment (still running)
- 7: Where do I get my apps now?
Started before this series, but clearly belonging here:
So how private are my data in “the cloud”?
That certainly depends on whoms cloud they are in: like with the real-world natural clouds, where we have a multitude of different clouds (Cirrus, Cumulus, etc) classified in multiple ways, similar rules can be applied to our “data-clouds”. Questions are e.g. who runs them, and whether you pay for the service (you’re the customer) or not (you’re the product). As this article is about “Android without Google”, let’s take a look at Google’s cloud services:
They come “free of charge”, and the company is not a “charity organisation”. So they need to make profit of something. Google’s main profit comes from selling ads. In 2011, 96% of Google’s revenue was derived from its advertising programs.3 So how does that concept work? Advertisers want to have their ads shown as often as possible to as many people as possible (“impressions”), while at the same time as many as possible of those people should pay attention to those (“conversions”, “click-through-rate”).4 The former is guaranteed by the wide range of services offered (plus Google making sure you’re using them) – the latter by “personalizing” ads. Which is where your data come in.
Based on your communications, searches, visited websites, contacts, document contents, etc., Google can tell which topics might be interesting to you – and select the ads correspondingly. On first sight, this looks like a triple-win situation: you (hopefully) see only relevant ads, ad providers get better conversions, Google gets money from advertisers. But there are side-effects to that: advertisers know visitors are (potentially) interested in their products, and can track them (cookies, super-cookies, etc) – and data is not abandoned (deleted), which results in a kind of super-profile5 – where Google knows almost everything about you. Regulations on usage of those data are subject to change anytime; so you can never tell what for they might be used in the future. Or on which premises another party might force access to them.
Are there ways to increase the level of privacy?
Of course there are. And I’m not talking about “shutting down the internet”, though that might be the most efficient way You will have to give up some of the conveniences the services offer. And depending on how much it’s worth to you, you can increase privacy while at the same time gaining more control on your data. In this article, I will simply name some options; future articles then will go into more details on the one or other.
- already mentioned (and recommended a.o. by a German article on Der Spiegel): spread your data across multiple providers instead of putting all your eggs in one basket6
- use more control about what data you put “into the cloud” (i.e. “on someone else’s computers”) at all
- encrypt your files before uploading them to any cloud storage7
- encrypt your communication8
- consider hosting sensitive data in “more private places”9
So this is just about my few personal data?
Certainly “not just”, but this is one of the most important aspects. In my book “Das inoffizielle Android Handbuch” (see here for a peek) I dedicated an entire section to this topic. You think you’ve got “nothing to hide”? See the privacy chapter there, others thought so as well. But meanwhile, you might be an Extremist or even Terrorist without knowing it. All that needs is you’ve used TOR, read the Linux Journal, use a Linux distribution, or have used one of these terms in a Google search. Any idea what terms might be added to that list next? Again it’s Der Spiegel giving some insight into how those Anti-Terror-Lists work, how people might get on them, and what the consequences might be.10 One of the reasons everybody should have “something to hide”. Sure, if the spooks want to get some data, there’s hardly anything we can do to make sure they don’t get them. But that doesn’t mean we have to “feed them in advance”. The higher the efforts required, the lower the amounts of data that can be extracted in the same time-frame. The spooks deserve some trouble, as Benjamin Franklin already put it: He who sacrifices freedom for security deserves neither.
But there are more reasons to “free Android from Google”, and again those remind us of the just quoted Ben Franklin. In the name of “security”, more and more freedom has been taken away from Android users. Just a few examples:
- up to Android 2.1, Android users were able to use network location services without giving in to have their own location permanently sent to Google “to improve the service”. Gone with Android 2.2.
- once upon a time, you could toggle things like GPS and airplane mode from within apps, no root required. No more.
- up to Android 4.3, we could use our (external) SDCards read/write in our devices without limitations (except for capacity and speed, maybe). Stopped with Kitkat (4.4) for “security reasons”.11
At least I want my freedom back. The always first step for me is to root my devices. The “full way” probably includes using a Custom ROM12 without Google services, and some more. Not all of this might be an option for everybody (and not everyone shares my “paranoia” full-scale or even any of it – after all, Google’s services are great!). Still, there are steps which can be done without root or Custom ROM. And if you’ve read this article up to this line, I’m pretty sure the one or other thing is for you.
You’ve probably noticed the word “Introduction” and the number “1” in the title and correctly guessed that might indicate a series of articles. While I cannot make any promises on “schedules”, I will introduce several solutions covering one or more aspects of dealing with privacy and regaining control over your data and your device. To make it easy for you to find them, this article will be updated with an index whenever a “new part” is published. Already in the queue and coming next: ownCloud, covering a.o. calendar, contacts, storage (alternative to GDrive), photo gallery, and more.
Graham Cluley wrote an interesting article named Don’t call it ‘the cloud’. Call it ‘someone else’s computer’: Replacing all instances of the word “cloud” with “someone else’s computer” might make organisations stop and think about the security implications of cloud computing. The full interview can be found here.13 ↩︎
As The Verge explains it, the technique behind it is a kind of "finger-print scan", and thus could rather be compared with any other mail services malware scans. But Google also scans your mail for e.g. keywords to place their ads – which proponents again could defend as comparable with spam detectors… Put this way, it might – at least to a certain degree – be a question of the “point-of-view”. ↩︎
The terms are relevant to this site, too: I give my best to reach high “impressions” by delivering interesting and high-quality content – and for more visitors, depend on you to spread the word. The difference is how I approach the goal of having good “conversions”. This site doesn’t use any “super-cookies” (currently not even normal cookies – I try to avoid that as much as possible, in respect of your privacy), so I cannot place ads based on your profile. Instead I try to match ads to the content my site delivers, so you’ll e.g. find chargers and spare batteries on a page discussing battery life, basically making them part of the content. Moreover, this site isn’t profit-oriented (it hardly covers its own costs). I hope you honor this by increasing my “conversion rate”, starting your next Amazon shopping session via one of the ads here, or giving me some “Flattrs” ↩︎
E.g. on your own hardware at home (can be a computer running 24/7 anyway, a NAS, any of that shared with family-members/friends, or a (most likely payed) service which is more focused on privacy than Google, Facebook, etc. are ↩︎
According to an article on Slashdot, 40% Of People On Terror Watch List Have No Terrorist Ties ↩︎
Some manufacturers like Huawei fixed that up themselves for their devices. But most Kitkat users have no chance other than rooting their device, if they want to regain full control. ↩︎
If you want to see what the consequences might be, you can try out the cloud-to-butt extension for Chrome (see gallery), or simply add the corresponding line to RangerMauve’s UserScript:
"someone-else’s-computer":/the cloud/mig,. Have fun combining the two and visiting the extensions web page: Chrome extension that replaces occurrences of ‘someone-else’s-computer’ with ‘my butt’ ↩︎