• ReversalHatchery@beehaw.org
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    1 month ago

    google through only the web, what a fucking joke. if you have a google account check your activity history. it will list the times you have opened an app.

    if you don’t have a google account but your phone has google services, don’t be afraid that you can’t check it, they’re still harvesting it.

    want to avoid it?
    Step 0: don’t by samsung. xiaomi neither, they plan to make you unable to execute the next step.
    Step 1: unlock your phone. take ownership into your hands. but back up your photos, the 2FA Authenticator app’s data and whatever else is important, because it will get deleted.
    Step 2: install a privacy oriented custom ROM.
    Step 3: profit

    keep bank services contained in the firefox browser. if they don’t allow access there, switch banks, you’ll be better off with a smaller one anyways.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 month ago

      GrapheneOS for google pixel phones, otherwise CalyxOS, DivestOS, maybe even IodéOS. All of these are Android but with better defaults, without irremovable spying garbage, and with some features nowhere else available.

      if your phone is not supported by these, check LineageOS. or plan your next phone purchase according to the compatibility list of the above. if you’re going for longevity but you don’t need a flagship, Fairphone is agood choice, if you can look away from the lack of a JACK.

      • wizardbeard@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 month ago

        If all else fails, you can try using whatever the lastest community supported fork of Universal Android Debloater is. It uses ADB to remove bloatware, which bypasses vendor locks on keeping certain apps installed.

        Obviously no real replacement for custom ROMs, but it’s better than nothing.

    • undefined@lemmy.hogru.ch
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      I’m a broken record: block Google (or whomever) with network-based blocking (IP and/or DNS), these guys have third-party tracking in virtually every website and app.

      • _pi@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 month ago

        Almost every B2C company I’ve worked at, I’ve written or had my devs write proxies for whatever trackers we use. The reality is that every company to whom this data matters to figure out their business model will proxy their trackers. If they don’t they need to fire their lead engineers.

        It’s actually pretty easy to disguise this traffic even to the point where you can use the originating server/cdn to interleave the tracking with the content source.

        • undefined@lemmy.hogru.ch
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          They’re not hard to circumvent, sure but then why am I so effectively blocking almost everything not tied to the “real” first-party domains?

          • ReversalHatchery@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 month ago

            because they don’t yet circumvent it. but also, are you completely sure everything is blocked? DoT, DoH traffic and such?

            • undefined@lemmy.hogru.ch
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 month ago

              Well I MITM myself quite often to confirm it. I’m also smashing together hundreds of blocklists, and I always check the network tab of my browser’s developer tools and very rarely see anything coming from third-party domains.

              Sure, sometimes assets are on the actual domain I’m visiting (or its CDN) but most of the time, even tracking scripts there are broken because they still call the blocked scripts.

              By the way, it’s hilarious that everyone wants to fight so hard about this yet when someone says “use an adblocker” nobody says anything as if it’s the end-all solution.

              I didn’t say “I have a bulletproof, surefire way to fix this.” I said “use network-based blocking.” However effective that is is up to the person implementing it; you have no idea how effective my setup is because you don’t have access to its configuration.