Follow

If you've been following the news lately you might have noticed that keeping your sensitive data private is becoming more important than ever before. The community probably is your best bet to get trustworthy software. Weighing vs. comfort however can be hard at times.

So e.g. if you were planning on using a period tracker , would you be okay with that app requesting internet access?

@fdroidorg
Depends on the features. Some do require net access. (Perhaps not in this case, but in many others like tools linked to religion, politics...)

@fdroidorg The one already in your repo is good enough 😉

@dragnucs @fdroidorg you used a period right there in your post, how can you use the internet without periods i.e. website.com (or even "i.e.") c'mon man use your brain
@rdr @dragnucs @fdroidorg I use a period tracker app because I need to know how many periods I use daily. four, I used four periods. now five. in this post. six

@rdr @fdroidorg you are just kidding right? It would be hilarious if we did track daily punctuation period usage instead of menstruations period.

@dragnucs @fdroidorg just get keyboard access... we'll probably need clipboard too... and internet access for high scores (9 periods)

@fdroidorg if it is used only for synchronization between devices (end-to-end encrypted ideally) and it can be disabled, then it is fine.

@fdroidorg
Usually you don't get noticed when an app requests internet access on Android and there is no simple way to restrict this.
So it comes down to the question what the app actually does.

Use some fancy vendor cloud features? Hell, no!

Store my data on my personal Nextcloud? Why not?

@fdroidorg What would be the purpose of this "Requesting internet access" ? This is a permission which is way too vague. It would be better to have permission requests with details like "Request internet access for storing user data" or "Request Internet access to send anonymous usage reports to improve our services"....

@fdroidorg
It might need it to store my data. It might even be needed to store data on my own server. Or it might send usage data, with which iʼm fine if i can check what it contains (and it shouldnʼt be much in this case, i canʼt imagine more than two screens here). Or it might send all my data to some strange location, which is really not OK.

Note that it applies to pretty much any app 😁

@fdroidorg

Well, depends if the code is audited to tell who exactly the app talks to, and why.

@fdroidorg It really depends on what the app is trying to implement. I would gladly give permission to it if that's what it needs, when I know I won't have a compromise on my privacy.

@fdroidorg
I'm saying maybe. Well, I don't actually need such an app, but I'll answer as though I did. If the app wanted internet, I'd thoroughly check to why it did. If it had a proper reason (some feature) and was confirmed to not store data online, I would still use it. Of course the app would also have to be FOSS and reputed in the FOSS community to use it. Though I still think such an app is better off without internet access.

@fdroidorg why should internet access be necessary? It’s private, sensitive etc. and should always stay on the device. No possibility to connect via the internet secures that.

Maybe an encrypted backup (which the user can do manually) with passcode protection to move the data over to a new phone.

@fdroidorg I still think it's a shame Google removed the ability to deny internet access. I don't care if an app has access to all my files and contacts, as long as it can't connect to the internet.

Filesystem access is not the dangerous permission, internet access is.

I will always use an app that doesn't need internet access over one that does if both are available for the same task.

@fdroidorg
Drip is a very good app from F-droid if someone is interested

drip. menstrual cycle and fertility tracking (Menstrual cycle tracking helps you understand your cycle data and gives you insi)
f-droid.org/packages/com.drip/

@fdroidorg

It'd be nice if we had user friendly tools on android to audit what sites an application is trying to connect to, or the ability to limit an applications internet access to specific sites.

@fdroidorg honestly, as a uterus haver? No single opinion. I think different users have different complex needs and there should ideally be multiple types of apps, with very clear explanations of each one so users can balance their needs vs risks. There are reasons in my case where I might need to share my info with medical professionals so there are contexts where internet access would be ok with me. Ideally such info should be kept as private as is practical, of course.

@fdroidorg only if the data was stored using E2EE and the storage provider/host has no means of decrypting the data.

@fdroidorg mistakingly voted yes instead of maybe. Clearly, if app has only function (which you can basically replace with a calendar), no internet needed. But if app is more complex, has Foss backing up functionality to next cloud, downloading current info, tip, tricks, internet access might be alright.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!