On the blog: Your data privacy matters.
Here’s why & what you can do to keeps yours safe
According to the EU General Data Protection Regulation (GDPR), personal data is understood as “any information relating to an identified or identifiable natural person”, be it directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
What does that mean concretely?
That any kind of data coming from an “online identifier” such as ID cookies or from your smartphones is considered personal data.
Since we use our smartphones every day for both personal and professional activities, they combine both user specific data and potentially sensitive information on one device. Along with other sources of data, such as desktop browsing, this can lead to extreme situations generally referred to as digital surveillance.
Collected data on stock Android
The OS on your smartphone is the backbone of your digital experience. It’s like the engine in your car, what powers it and without it you’re not going anywhere. And everyone knows some engines are better than others.
A study from Digital Content Next published in August 2018 shows that on a typical day, an Android phone with default Google services will collect a wide range of data from you:
- Google Mobile Services data (your use of Play Store, Youtube, Search, Maps…)
- App metadata (tracking usage of third-party Android apps and ads efficiency)
- Sensor data (barometric pressure, accelerometer, gyroscope…)
- Voice commands
- Precise, activity-based location data (are you walking, driving etc)
Even data collected while the device is offline is recorded, cached and sent to Google servers when the smartphone connects to the Internet again.
By combining all this information, Google knows where you are by using GPS, carrier and WiFi triangulation. It knows who you are by combining your Android device ID and Google Play ID and finally it knows what you’re doing on your device, what apps you use and what you do with them.
Location collection is on by default, raising major confidentiality and security concerns especially for profiles working in sensitive sectors . In addition, this location data isn’t only captured by Google but potentially also by Android apps.
Google has become a gigantic data collection platform where user data is collected 24/7 without their consent and without any transparency over what is done with that data.
Is Apple and iOS any different ?
In recent years, Apple is presenting itself as the champion of privacy with numerous public statements about user privacy and the challenges presented by the “data industrial complex” (Google, Facebook, Amazon, …).
But smartphones running iOS still present several privacy issues. In the study mentioned above, even an Apple-iOS smartphone, promoted as a privacy compliant tool, will send an average of 5,7MB of user data to Google servers each day with Google search as a default search engine. This is not taking into account the data collected by Apple itself, around 1,4MB per day, such as:
1. Your precise location
2. Sensor data (accelerometer, gyroscope…)
3. Voice commands
4. App store, News app usage and preferences
While Apple claims it doesn’t sell users data outside of its ecosystem, it still knows a lot about your detailed activities and whereabouts.
Why is it important on an individual level
Even though we’ve started seeing a shift in the general user’s attitude around privacy concerns, the most frequent reaction we get when the subject is broached is a shrug and “I have nothing to hide”.
However, would you feel comfortable handing over the keys to your home to a stranger and welcoming him in on the same “I’m an upstanding citizen with nothing to hide” premise?
It seems pretty reckless, right?
Yet that is what we do when we use our smartphone and more generally, the internet.
We’ve become accustomed to handing over the access to everything about our lives and our family’s lives because there is no clearly marked price tag.
Everything online has been intentionally designed to make it easier to just say yes instead of looking more closely at what that yes truly implies.
The best examples of this are Privacy policies and terms of service and their use of complicated and obscure wording to keep users uninterested in reading them in full.
Luckily, we are not without other options. Solutions are readily available thanks to the work of privacy advocates, companies and non-profits that believe that privacy is a basic right.
Some options are already available (the list is, of course, not exhaustive):
- Messaging : Signal, Telegram, Threema, Jami, DeltaChat, Element
- Browser: Tor browser, Brave, Firefox, Bromite
- Search engines: Qwant, DuckDuckGo, Startpage
- Email: e.email, Tutanota, Proton Mail, Mailfence
- Calendar: ecloud.global, nextcloud
- Storage : ecloud.global, Cozycloud, Tresorit, pCloud…
- Video hosting: Peertube
How is /e/ different
/e/OS is the only OS today with auditable privacy and mainstream app compatibility.
It is made with open-source software for maximum transparency. Anyone can audit our code and validate our claims. Walk the talk as they say.
For our users’ highest convenience, /e/OS runs on Android, a completely deGoogled version of Android, so you can still run your favorite apps and don’t have to forego experience over privacy.
No Google apps, instead we promote and improve alternative applications and services. For instance, our default web browser is forked from Chromium but with specific pro-privacy settings such as not sending your browsing history to Google, and an Ad blocker.
This combination forms a privacy-enabled internal system for your smartphone. Apps and online services are crucial components of our everyday mobile experience. These online services include our search engine, email platform, cloud storage and create a unique privacy enhanced environment.
On a technical level, this means that
- Google default search engine has been removed from the OS everywhere and replaced by a fork of SearX meta-search engine.
- Google Services have been replaced by microG
- Google servers are not used to check connectivity
- NTP servers are not Google NTP servers
- DNS default servers are not Google’s, and their settings can be enforced by the user to a specific server
- Geo-location uses Mozilla Location Services in addition to GPS.
In our Apps installer, you can see which and how many trackers are
hidden in each application. It also documents the number of permissions the app requires to operate. With an easy to read scoring, you can see which apps are safe and which ones should be avoided.
In addition, better integration of Progressive Web Apps is in progress. PWAs run directly in your browser, which has many benefits for your privacy, like limiting the environment it works in, making it more challenging for app developers to collect data on you and your behaviors and activities.
Another one of our objectives for this year is developing a Privacy Center app for Android, that will be integrated into /e/OS. It will provide users with one centralized point to get detailed analysis of privacy on their phone and take action if necessary.
What this means for you
Major actors offer so many automatic tailored services.
You can take a few pictures and they’ll send you a photo collage of your day. They recognize the faces of friends and family and sort your photos accordingly.
But how does that work behind the scenes? These services can be offered because they scan and analyze all of your content: photos, emails, locations and use that information to offer targeted ad services to the highest bidder.
/e/OS works on an entirely different model. We don’t record your actions when you use your phone. No email or file scanning on ecloud.global, no ads anywhere. All of our servers are in Europe and protected by GDPR regulations.
Our revenue comes from phone sales and paid accounts and is used to maintain, develop and improve the OS and its services, but also supports free accounts for users who need privacy but can’t pay for it.
We don’t scan user data, we don’t access it, we don’t track our users’ location 24/7 in the background because we believe that your data is YOUR data.