1. 95
  1.  

  2. 37

    Privacy conscious people need to do away with Chrome browser. For a company whose core business comes from selling user data, it shouldn’t be a surprise that their flagship products will try to chip away at user privacy slowly but steadily (Google has a strong presence at standard bodies too).

    However, I worry more about the millions of kids who now depend on Google technologies for distance learning. Almost the entire Google Classroom is built around the Chrome browser, and many many kids equate a browser to Chrome (they haven’t heard of anything else). :-(

    1. 20

      Here’s what I’m doing to adjust to the new era of dystopian surveillance capitalism:

      • Replaced my old MacBook Air with a Thinkpad T14 running Linux (currently Fedora, which has less spyware and advertising than Ubuntu)
      • Firefox + UBlock Origin is my primary web browser. Configured so it mostly doesn’t “phone home” to Mozilla.
      • Ungoogled Chromium (from the flatpak store at flatpak.org) is my backup browser, for web sites where Firefox has issues. Guaranteed never to phone home to Google.
      1. 6

        I’m interested in why you installed “ungoogled chromium” from the flatpack store?

        I personally install it from RPM fusion. (Which you might wanna install if you want to watch any video/listen to any music on fedora)

        $ sudo dnf info chromium-browser-privacy
        Installed Packages
        Name         : chromium-browser-privacy
        Version      : 88.0.4324.150
        […]
        Source       : chromium-browser-privacy-88.0.4324.150-1.fc33.src.rpm
        Repository   : @System
        From repo    : rpmfusion-free-updates
        Summary      : Chromium, sans integration with Google
        URL          : https://github.com/Eloston/ungoogled-chromium
        License      : BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC
                     : and OpenSSL and (MPLv1.1 or GPLv2 or LGPLv2)
        Description  : chromium-browser-privacy is a distribution of ungoogled-chromium.
        […]
        
        1. 3

          No good reason, I think it was recommended as an installation method by the blog post where i read about the browser. Thanks for the information. I am still getting used to Fedora.

          1. 2

            What kind of sandboxing does the flatpak-ed package get you? It’s a useful point to remember – a while back (I’m not on Linux anymore so I don’t have a more recent data point) a lot of applications from flathub were packaged without much sandboxing at all, e.g. they still had full access to the user’s home folder.

            1. 2

              Fedora has an “app store” GUI called Software. It is far more user friendly than using the “dnf” command in bash, at least if you are coming from MacOS. On my laptop, since I installed it, UnGoogled Chromium shows up as an installed application in Software, together with a lot of useful information, including an indication that it is sandboxed, with the following permissions: Network, Devices, Home Folder, Legacy Display System.

              1. 1

                Oh, thanks! I couldn’t find an explanation of what the “friendly” names mean but assuming the most obvious mapping to Flatpak permissions (here) I think it would go something like this:

                • Home Folder means it has unrestricted access to the home folder (which is slightly better than --filesystem=host but, as XKCD famously put it, not that good…)
                • Devices means it has unrestricted access to things like webcams
                • I’ve no idea what Legacy Display System maps to – presumably either --socket=x11 or --socket=fallback-x11?
                • Network is obvious, I guess :-)

                This is actually a little better than I expected, I think?

              2. 1

                This page is a little clickbait-y but still somewhat true: https://flatkill.org/2020/

                Long story short, yes isolation is still an issue on flatpak

          2. 4

            Can you clarify the first point of replacing MacBook and its impact on privacy as you see it?

            1. 31

              MacOS has telemetry that cannot be disabled. You cannot modify the System folder. Apple wants to be an intermediary in everything you do, they want to see all your data. You are encouraged to store your data on the Apple cloud, which is not end-to-end encrypted, so that they can hand your data over to the government without your knowledge(*). You are encouraged to download apps from Apple’s app store, and even if you don’t, MacOS phones home about apps not installed from the store. I don’t want to use these services, but the UI has built in advertising for these unwanted services that I can’t disable.

              (*) https://www.theverge.com/2020/1/21/21075033/apple-icloud-end-to-end-encryption-scrapped-fbi-reuters-report

              Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit. Here’s an experiment that you can try. Go to an apple store and buy something using cash (so that Apple doesn’t know your identity). When they ask for your email address, refuse to give it to them. See how that goes for you. My experience is that they try to inflict as much pain as possible, but with negotiations, it is possible to leave the store with your merchandise and a receipt. But it is not easy. I try to use cash for everything (although I’ve made exceptions during the pandemic), and the apple store has by far the worst experience.

              We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about. The pandemic, of course, but now that we are getting vaccinated, instead of that being a reason to be less anxious, you are now supposed to be anxious about getting and protecting your vaccine passport, without which you will be denied access to services. And of course we are supposed to be anxious about surveillance capitalism. This all sucks. I want to minimize the number of things in my life that generate anxiety: deal with the problem once, then stop thinking about it. The rational thing is to get rid of all my computers and phones, and unplug from the internet. I’m not ready for that yet, so I’m replacing my gear with new gear that doesn’t surveil me. Hopefully that will allow me to stop thinking about those particular issues.

              1. 12

                Great answer, especially this parts resonates with me:

                I want to minimize the number of things in my life that generate anxiety

                1. 15

                  I recently got sent a mac by my employer for compliance reasons, and the process of setting it up was quite a trip. I felt like I spent twenty minutes answering “no” to various forms of “OK but can we collect this piece of personal information? How about if we phrase it slightly differently?” before I could even use the machine at all.

                  In the end they refused to take no for an answer re: my mobile phone number, and after an experience like that I don’t actually have much confidence that they take my consent very seriously for the other pieces of information that I did not agree to.

                  Luckily in my case the compliance concerns can be addressed by simply doing my development inside a virtualbox VM running on that machine over SSH.

                2. 8

                  You are encouraged to store your data on the Apple cloud[…] You are encouraged to download apps from Apple’s app store, […] Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit.

                  Also, you are encouraged to buy into the non-Mac hardware ecosystem (iPhone, Watch, etc.) with their own app store “soft” lock-in (using Things/OmniFocus on Mac? Why not buy the iPhone version!?).

                  Technically, one can use a Mac and avoid the rest of Apple’s ecosystem (by running Chrome, Thunderbird, open source apps, etc.) - but most people will eventually get sucked into Apple’s marketing vortex. I know because I did; which is why I avoid touching anything Apple with a ten foot pole.

                  1. 7

                    This is every business’ strategy. One man’s lock in is another man’s products that work together well.

                    1. 2

                      Does only sound like purchase realization when you’ve locked yourself into that ecosystem.

                      1. 1

                        realization

                        Can’t edit anymore, but that was meant to be rationalization.

                  2. 13

                    if you don’t like the telemetry done by MacOS, that’s totally fine, but there is no need for the hyperboles, like “they try to inflict as much pain as possible”. them knowing your email address is better for their business. of course, it is worse for your privacy. but it’s just a business decision that you can dislike, not them trying to inflict you pain like some james bond villain with a lake with sharks :-)

                    also, in general, you will have to trust the company that makes your operating system. not because they are trustworthy, but because if they were evil, they could just read everything you do on your computer and you would never know. so simply pick one that you can trust the most. (and it applies to linux distros too. i don’t think anyone is reading and understanding every fedora patch).

                    1. 13

                      not them trying to inflict you pain like some james bond villain with a lake with sharks

                      It’s a figure of speech

                      you will have to trust the company that makes your operating system

                      A company doesn’t make my operating system, but even if one did it’s open source, which MacOS is not

                      1. 1

                        Shell and coca cola are exemplars of making the world a better place.

                        Mind explaining? Was this an irony?

                        1. 1

                          I think you replied to the wrong comment.

                      2. 1

                        james bond villain

                        I think this reasoning is problematic and completely ignores wolves in sheep’s clothing. How many James bond villains have ever really existed ? We agree that sharks exist but what about the following

                        1. The nigerian prince scammers don’t really say hey want your money for personal benefit, but dress up the message in the language of victimhood.
                        2. Sexual predators feign weakness, especially if they are older men before making the victim unconscious.
                        3. Pedophiles work in charities or armed forces but present themselves as pillars of community.
                        4. Religious people commit evil on completely innocent people but dress it up in the language of love, justice and purity. You don’t think of nuns who steal babies as human traffickers.
                        5. Communists preach egalitarianism but practice slavery under the guise of enemies of egalitarianism.
                        6. Pharma companies preach healing but sell addictions.
                        7. Under the guise of freedom of speech, pornographers exploit people from towns.
                        8. Shell and coca cola are exemplars of making the world a better place.

                        The list goes on and on. Almost every idea which seems innocent enough is abused by wolves in sheep’s clothing and not james bond antagonists. Maybe there is no such thing as sheep and we are all wolves. Heck even the open source contributors are abused under the guise of openness and community, while the parent company seeks funding.

                        Social media companies, including Google, claim they are making the world a better and connected place while allowing sexualisation of pre-teens and enabling predators on their platforms. They are selling private user data, allow non-state actors to influence elections, let unverified stories to run amok, abuse copyright protections and run behavioral experiments on users. How difficult is it to enable age verification ? You can always store sha(government-id) or use credit cards to verify age.

                        We merely have to ask the question are Google and Apple, wolves in sheep’s clothing ? The answer is obviously yes. Apple is a tobacco company. In what ways can they be stopped ? I don’t think limited liability is the answer.

                        1. 3

                          It’d probably be a good idea to strip out some of the more, um, controversial items from your comment to avoid a hellthread here litigating offtopic matters.

                      3. 7

                        We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about.

                        No offense, and I honestly mean that, but it feels as though you’ve got a little more anxiety going on than most of us. One valid way to deal with anxiety is to accept that some things are just facts of life in the modern world. For example, I use an ad-blocker, I don’t use Chrome, and I choose devices and services that are at least reasonably secure, but I gave up trying to control every piece of data I own because the attempt was causing me much more anxiety than just going with the (admittedly unfortunate) flow.

                        Just a thought.

                        1. 5

                          “Don’t worry, be happy” is not a serious answer to anxiety. If you decide to surrender that’s your choice, but that doesn’t mean people preferring to fight a managed retreat and prevent a total rout are wrong to do so. At a minimum they will preserve their freedom longer than you and possibly even retake ground that you have ceded.

                          https://www.history.com/news/7-brilliant-military-retreats

                    2. 2

                      How does the T14 compare to other ThinkPads you have used (eg the X1 carbon)?

                      1. 9

                        I chose the T14 AMD w. Ryzen 4750 (8 cores, decent GPU) because I’m doing open source development and 3D graphics (not gaming), and I wanted this much power. Thicker than my old MacBook, but same mass. Easy to disassemble, lots of upgradeable components. The T14s is too thin, cooling system is inadequate for the 4750 CPU (according to notebookcheck): it runs too hot and throttles. Ryzen uses more energy but performance is comparable to an Apple M1 (faster on some benchmarks, slower on others). Fan noise hasn’t bothered me.

                        According to reviews, T14 has a better keyboard than X1 carbon. X1 carbon has a better trackpad, but this trackpad can be ordered and installed in a T14 (many people on Reddit have done this). The X1 is limited to gen 10 intel + UHD graphics, too slow for my requirements. It maxes out at 16GB soldered RAM (not upgradeable), too small for my future requirements. Probably too thin to support the Ryzen 4750 with adequate cooling. The display options are better than the T14 AMD, that’s my one regret.

                        1. 3

                          I replaced my MacBook Air M1 by a T14 AMD a few months ago and like it very much as well!

                          Fan noise hasn’t bothered me.

                          Me neither. The fan is not very loud, definitely much more quiet than Intel MacBooks.

                          lots of upgradeable components

                          Love this aspect as well. I added an additional 16GB RAM (for 32GB RAM) and replaced the 512GB NVMe SSD by a 1TB NVMe SSD. There is still room for one more upgrade, since the WWAN slot can be used for some SSDs.

                          The display options are better than the T14 AMD, that’s my one regret.

                          Especially in Linux. On Windows the screen is quite acceptable with 150% scaling. Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                          1. 1

                            Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                            I remember this problem with the X1 Gen3 which couldn’t scale 2x properly, so I could chose between things looking way too tiny or things looking way too large (and very little screen real estate). The 4K screen in the T14s is much better in that regard.

                            But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                            1. 1

                              But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                              For me on Wayland, GTK 3 applications work fine. AFAIK, they are rendered at a larger integer scale and then Mutter (?) downscales to whatever fractional scaling you use. This is pretty much the same approach as macOS uses.

                              It’s XWayland where it goes wrong, though I think it was with an external screen hooked up, since XWayland does not support mixed DPI.

                          2. 2

                            The AMD variation is near perfect - but there is one downside to anyone, like me, who owns a Thunderbolt device (eg: LG Ultrafine 5k; I cannot go back to non-retina monitors having used this). It has no support for TB3 even with a dock.

                            1. 3

                              It sucks if you already have a Thunderbolt display, but it does drive 5k@60Hz over USB-C with DP-Alt (according to PSRef).

                              1. 1

                                Is there a demonstration of this actually working with any particular 5k monitor (of which there aren’t many)?

                            2. 1

                              The T14s is too thin, cooling system is inadequate for the 4750 CPU

                              I own a T14s, and I can confirm the cooling system is absolutely inadequate.

                              1. 1

                                The fact that the 4K screen is only available in the T14(s) with Intel is the sole reason I got the Intel T14s (which apparently does not run crazy hot as the Intel T14). Also oddly the T14s can be ordered with 32 GB RAM unlike the X1, so you get a rather similar device with better specs and keyboard and a worse (non-replaceable) touchpad.

                          3. 6

                            I’m cautiously optimistic that FLoC presents a better alternative than cookies, but I’m not holding my breath.

                            1. 6

                              Have you read this EFF article? https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

                              FLoC may be better than cookies, but is not as good for privacy as I would like. One interpretation is that FLoC is just ‘better enough’ to get enough traction to displace cookies – then stick around for a while, delaying more substantial privacy-focused efforts.

                              1. 8

                                Right, the thing that is demonized is the word “cookies” so they can say “we got rid of them” without really solving the crux of the issue.

                                1. 2

                                  Exactly, the C might as well stand for Cookie. A cohort is a vague cookie that makes the actual problematic use cases of cookies more efficient. I doubt anybody’s individual privacy has ever been invaded with just a cookie. It’s always been about mass harvesting and targeting.

                                2. 8

                                  I did and I read over Google’s white paper as well. I’m genuinely optimistic that a cohort ID will leak less than targeting cookies do now. That said, I think the EFF’s position, and mine as well, is to do away with targeted advertisements altogether. I don’t see how that is a relevant way forward with the way incentives on the internet are fundamentally structured now. In other words, FLoC is just a stopgap in place while the greater conversation occurs on how to get rid of this parasitic form of advertising altogether.

                              2. 2

                                When I “Block all third party cookies” does that mean every site other than Google sites? Or does that just mean third party cookies that Google and its affiliates would otherwise send me?

                                1. 5

                                  Third party cookies are HTTP cookies set by resources from a 3rd party domain being fetched, for example tracking pixels

                                  1. 4

                                    There is a main domain name (or just domain) for every webpage you visit. It is the same as the domain name that you can read in the webbrowser’s address bar. For example if you go to https://wikipedia.org/blablabla, then the main domain is wikipedia.org.

                                    Once the initial data of the webpage has been loaded from its main domain, it almost always contains instructions to load more data – including cookies – from other domains. These other domains are called third party domains. Hence cookies from third party domains are called third party cookies.

                                    When you “Block all third party cookies” it means that for every webpage you visit, the webbrowser is only allowed to exchange cookies with the main domain.

                                    See: https://en.wikipedia.org/wiki/HTTP_cookie#Third-party_cookie

                                    1. 1

                                      Got it, thanks.