Back

@rufposten @accrescent @GrapheneOS
Ich denke der Hintergrund ist ein grundsätzlich unterschiedliches Verständnis von Datenschutz in verschiedenen Bubbles der Privacy-Community.

Auf der einen Seite ist es mehr absolut: Was eine App kann, das müssen wir auch annehmen, dass sie das auch tut. Ob es faktisch Tracking gibt oder nicht, ist dabei fast egal, genauso wer die Daten bekommt (weil er ja weitergeben könnte). Der einzige wirksame Schutz ist, die zugreifbaren Daten zu reduzieren.

@pixelschubsi @rufposten @accrescent That is how GrapheneOS approaches privacy as an OS but it is not how we approach privacy in terms of recommending apps and services. They're different things. Technical measures in the OS can't be based on enumerating badness and implementing easily bypassed barriers which don't work if adversaries are aware of them. Privacy/security features need to hold up to an adversary aware of it and which can actively adapt to it in order to be a serious approach.

@GrapheneOS @rufposten @accrescent
> Privacy/security features need to hold up to an adversary aware of it and which can actively adapt to it in order to be a serious approach.

See, this is what I mean. I totally agree with you on the one hand, but on the other hand, I understand people consider, for example, an ad blocker a useful tool, because it works reasonably well in practice even if technically, it can be bypassed easily.

@pixelschubsi @rufposten @accrescent

Content filtering based on enumerating things that are only used for ads, tracking, etc. and not for anything useful is inherently incapable of fundamentally protecting privacy. It can only provide an opportunistic reduction in exposure to privacy invasive practices. In practice, adblockers cannot and do not block services which are used for both useful functionality and ads/tracking. It is not simply that they are easy to bypass due to enumerating badness.

@pixelschubsi @rufposten @accrescent There's a big difference between fundamental privacy improvements and increasingly weak approaches for opportunistically improving privacy. The opportunistic privacy improvements get increasingly less useful as development practices change to integrate the privacy invasive code without having an easy way to block it. The more coarsely the filtering is done, the easier it is to render it useless as an approach. Sharing with 3rd parties can be done server side.

@GrapheneOS @rufposten @accrescent
I know all this. But again: In practice ad blockers work reasonably well. Yes, some ads manage to pass through, but most get blocked. It effectively improves the user's experience.

The absolute stance would be to say that either you have to accept the websites render ton of ads, because there is no guaranteed way of blocking them, or you stop using the web. But some people prefer the non-absolutist way, that is to use an ad blocker.

@pixelschubsi @rufposten @accrescent GrapheneOS has a Vanadium browser project which includes an adblocker. We do not present it as an important privacy feature. It uses EasyList + EasyPrivacy and enables language specific lists based on which languages the user has enabled to avoid it being additional fingerprinting attack surface. The content filters are shipped in a signed APK via our App Store. It is not a fundamental improvement to privacy. It only opportunistically eliminates some stuff.

@GrapheneOS @rufposten @accrescent
Please realize how I was talking about ad blocking and ad blocking only here, not that some ad blocker lists also include tracking blocking.

I use the ad blocker example because it's a perfect analogy that is much easier to grasp. The effect of privacy blocking is almost impossible to quantify, because you don't know how much less data about you is collected due to using them. With ad blockers you can easily see yourself how effective they are.

@GrapheneOS @rufposten @accrescent
If ad blockers work reasonably well in practice, it is likely that privacy blockers do so as well. They're not perfect, they will let some data slip through, so any absolute approach is to be preferred when available and applicable. But they likely are a good addition to provide opportunistic improvements for what absolute approaches can't do (yet).
Opportunistic improvements are still better than no improvements.

@pixelschubsi @rufposten @accrescent No, that is not a reasonable thing to infer because privacy works fundamentally differently from displaying ads and can't be seen and corrected when they slip through. Invasion of privacy including sharing data with third parties after it's obtained does not require any direct contact to third parties from the client side, which is what those are focused on filtering, but only when it doesn't break functionality of sites. They can't block dual use tracking.

@GrapheneOS @rufposten @accrescent
You're right in theory, but not how things work in practice. The large majority of apps send tracking data to Google exclusively directly through their tracking library. They don't send tracking data to their own servers so they couldn't silently forward it. A future version could send tracking data to their server, just as a future version could serve ads through their server. Thus, with every new version you'd need to verify again what they send where.

@GrapheneOS @rufposten @accrescent
We know that in reality, most websites don't try to bypass adblockers. Some try to detect them and block using their websites if you don't disable them. The same holds true for tracking, where the ROI to build a bypass for the blocker is even lower (because the tracking data really isn't worth as much). This is of course what we know from the web, but there's no reason why this should be any different on android apps.

@pixelschubsi @rufposten @accrescent Content filters have barely any impact on the website itself performing tracking of what users are doing. That is where they largely succeed rather than with ads, which are visible to users and get reported and fixed. They also aren't fundamentally tied into the site working in the way that tracking users often is. No need for entirely separate stuff to track users, it can be baked into everything.