LineageOS is not private
LineageOS is not private
WHY? I've heard a lot that LineageOS cannot be called a private system. That it is more about extending the life of old devices. Can you tell me specifically point by point why it is not private? And I'm sure it's better than stock phone firmware in terms of privacy.
It comes without Google Play Services per default, but those are not the only services connecting to Google.
Like others say, it depends on how private you want to be. But it is fact that Lineage doesn't put in any outstanding effort to degoogle the system at its core. If that's what you want, while not sacrificing the compability of Lineage, DivestOS might interest you.
The one article I always refer to is exclusively in german, so if someone has a comparably extensive article in English, let me know
https://www.kuketz-blog.de/lineageos-weder-sicher-noch-datenschutzfreundlich-custom-roms-teil4/
To be fair here, this article looks at Lineage at its default state, and the preinstalled browser for example is not looking too hot. But since I'd reccommend you use Mull anyway, I wouldn't deduct too many points there.
Thank you. I haven't come across this author before. Very cool articles about Android ROMs. The type of data transmitted does not look very scary if you do not try to hide your geolocation.
What of it is supposedly not private?
What does "private" even mean to you? Private as in Firefox or private as in TOR Browser?
Every privacy conscious person has its own threat model and the solutions they find most comfortable for them. This is a very important question.
Seems like this is the article I needed. Privacy for me is no trackers of my touches, app list, no microphone/camera spying.
Well, you're in luck then since everything listed in that article is very far away from critical data source such as touches, apps or microphone/camera.
The most "severe" data "leak" described IMO is the connection between public IP address and nearest cell tower for AGPS.
Actual severe data leaks start when you decide to install Google
SpyPlay Services.
No Google services and no tracking is not enough for you?
WHY?
- Sends a tiny amount of data to google (DNS, A-GPS, Connectivity check, and some other stuff I dont remember)
- Has Opt out telemetry that sends a bit of data to lineageOS for statistics
๐
Privacy should never be the target of the core rom. Security is it. That's the reason I use grapheneOS.
A ROM can be the best privacy by default one, it's useless if the user puts gapps and tiktok etc. on it, afterwards.
it's not useless, because... At least the system isn't watching you. but Google services - yes, kill all privacy.
It does not come with the Google Play Services and you dont have to log in to any account in order to use it. Its okay, a default for many other roms who build on it. Yes it uses google for AGPS etc but if google collects that data, who does it belong to? No Add ID, no Account, whoยดs phone is it?
Location alone is probably enough to deanonymize you. Think about it: it shows where you live, where you work, when you leave for the office and when you come back. Who you see and when. What your hobbies and interests are. Where you go grocery shopping and when. There is a tremendous amount of information in location alone.
One example from 10 years ago (did not read, just linking a research paper that comes up on this topic):
https://www.sciencedirect.com/science/article/pii/S0022000014000683
Edit: This is wrong, AGPS exposes the nearest cell tower together with your IP address. Still a very minor bit of info, even for Google.
To my knowledge, AGPS does not expose your location. It's a protocol to get satellite position data via IP instead of waiting for the satellites to send it to you at staggering 50bit/s.
At no point does location data leave your device here. It couldn't, actually, as you don't know where you are; that's why you're fetching the position data.The only data it does expose is that your current public IP tried to download satellite data at time x. Not ideal as Google could technically mine a bunch of data out of just that but it's not a huge leak either.