113
linuxxx
3y

When someone explains to me that they really care about their privacy and use WhatsApp or signal or other encrypted messaging services and then you see then typing stuff through the GOOGLE KEYBOARD.

Yeah i think they're not understanding something 😆

Comments
  • 16
    Whatsapp may encrypt your messages, but the metadata is always accessible.
  • 6
    @Zennoe This. I don't use it myself for this exact (main) reason!
  • 21
    @linuxxx you need your own podcast or something, for real. You shed some light on some pretty serious shit. 😅
    Dare, I say, you could save lives with this info?..yes - yes I do dare.
  • 3
  • 5
    When 3rd party keyboards emerged on IOS they all wanted full access which gives them the ability, ultimately to become key loggers.

    So sure enjoy your privacy apps, but these companies could still work out what’s in those messages.
  • 1
    @C0D4 of course keyboards could become key loggers. They have all your key presses!
  • 2
    What would be your alternative to the GBoard? I have yet to find a keyboard that is privacy friendly and usable.
  • 0
    Google has a keyboard? 😂
  • 7
    @JustKidding I use Fleksy which I entirely block from network access through an android root firewall :)
  • 0
    @kvsjxd A short search told me that they're the exact same keyboard. I also couldn't find the AOSP keyboard as single app or zip file.
  • 0
    @linuxxx I currently don't have root so that's not an option and won't fix the actual problem. Feature wise I'm totally fine with the GBoard.
  • 5
    @JustKidding Tbh I don't use it due to a strong disliking for Google but let me search a little :)

    Edit: hackers keyboard doesn't connect to the Internet appearantly!
  • 7
    I use GBoard because I can't find better alternatives with good swipe and customisability.
  • 12
    Is privacy very important to you?
    1. Cancel Internet
    2. Sell your computer, cellphone and smart tv
    3. Sell your house
    4. Move to central Africa
    5. Look up and wave for NSA
  • 1
    @thepra same here

    @linuxxx I also have hackers keyboard but only for the shell and ssh. I find it hard to write on it.
    EDIT: I also dislike Google but it's still the best keyboard I know and other 3rd party often are not much better regarding privacy.
  • 9
    @RodrigoF If sarcasm, well done. If not, bullshit.
  • 0
    Only if there's a keyboard that has the same (if not better) gesture input than GBoard, I'll be glad to switch.
  • 4
    @KidLaser @linuxxx I would totally do a podcast with you.
  • 3
    How about getting on DevRant podcast?
  • 0
  • 1
    Can I trust the stock keyboard? We can't even trust smartphones. I block unecessary apps that access the internet using the NoRoot Firewall app. Helpful against apps that fetch ad data constantly.
  • 0
    @Faraaz Oo that would be... Wow.
  • 1
    @Zennoe additionally, you never know whether whatsapp have the keys as well.
  • 3
    @Noob True, especially since whatsapp isn't open source so you can't really check much (as in what the application actually does)
  • 0
    @linuxxx which keyboard doesn't?
  • 3
    @QueenMorgana As far as I read the. Hackers keyboard doesn't. Except for that everyone I think but some just upload the general libraries I think instead of uploading EVERYTHING you type.
  • 1
    @linuxxx btw which instant messaging app do you suggest?
  • 5
    @Noob Signal! 100% :)
  • 5
    Digital Forensic Investigator here, WhatsApp may encrypt your messages but it stores enough data to get _everything_
  • 1
    @runfrodorun Signal is also free. So is DuckDuckGo. We know that they don't track anything. So you can't really say that android being free == android being spyware. Also, OEM's pay Google for Android.
  • 1
    @magis I have questions for you. So many that I don't know where to start. But you do what I want to do. Would you mind helping me figure out how to get started?
  • 1
    @QueenMorgana hahaha of course I'll answer any questions. The first step is to be certain it's actually a path you want to follow. For example, my main focus is helping with litigation and deciding whether a copyright has been breached programmatically, but I also do a lot of general pc investigation (like an employee left and took data with them). There are a few sub fields as well; code, illicit images, general pc investigation, and a few more, but they're much smaller fields 😊 generally a company will focus on a sub field, rather than a company having all fields
  • 0
    @magis I think "illicit" images is the nicer way of saying what I want to focus on. My experience so far has been limited but concentrated on sex crimes and homicides, going through computers and phones to determine whether or not a person was innocent or guilty, and even if any crime actually took place, as we had a few where the only crime was maliciously accusing someone of a felony.
  • 1
    @QueenMorgana my company frequently does quite a few jobs like that, and personally I've done a few.

    It's a very emotional field; probably the most emotionally driven off them all. It really does effect you in a personal way when you're doing it all day and don't get a positive result, but know deep that the person is guilty. I'd say 7/10 of the jobs I do in that area, the person is guilty but I can't prove it. You have to really be ready to deal with taking work home, so to speak
  • 0
    @magis yes. Very emotional. I've been lucky and have not had too many emotional days.
  • 1
    @QueenMorgana well it's something that needs to really be taken into consideration, not to mention the actual material you could be exposed to, that stuff sticks with you.
  • 0
    @magis without getting too personal on here, I'm now able to turn emotions off when necessary. Which is probably why I'm able to consider the field at all
  • 1
    @QueenMorgana the same can be said of every person in the field, myself included. But it doesn't change that it will indefinitely hit you at one point, it just has to be something you're ready to live with. But the rewards are phenomenal, the sense of satisfaction, that makes it worth it
  • 1
    @JustKidding I'm a fan of AnySoftKeyboard myself. aside from not connecting to the internet at all, it's also open source and available on f-droid.
  • 1
    @runfrodorun What about an AOSP rom without google frameworks/apps on it? I mean I get that iOS has a better privacy model but I won't trust it until they release their source code :)
  • 1
    @runfrodorun Glad that you as an iPhone user agree on the iOS part :P
  • 1
    Well talking about privacy...
    Yesterday when I got home my phone (goggle) was asking if I was in X place...
    Location was turned off
    Internet also (turns off when screen is off
    How did Google know I passed by a strip club?
  • 2
    @RodrigoF Background WiFi scanning and passive background Internet connection even when disabled :)
  • 1
    @linuxxx but whyyyyy... Imagine if I'm married and my girl sees it
  • 4
    @RodrigoF you might be helping @Linuxxx prove his point about why security is important lol
  • 1
    @RodrigoF Because if you've got stock android with all Google shit, Google basically owns you 😉
  • 0
    @enen Yeah that's what I meant! AOSP without gapps isn't as bad :)
  • 1
    Bah... I've been using windows for years... Google has a lot of catching to do to get as much as Microsoft
  • 1
    You are using an OS built by Google, so you trust Google. And don't tell me "open source".

    You are using a device built by multiple HW manufacturers, that went through a long IT supply chain, so you trust them all.

    Denying internet access is not enough, theoretically, since you simply can't avoid having covert channels.

    You must trust someone. You should only be aware to this fact and choose them consciously.
  • 0
    @Condor nobody has time for this. And malicious code is by definition not something you simply find by going through code.

    Besides, do you scrutinize your hardware? Compile it from scratch using your own homegrown compiler on a trusted machine?
  • 0
    @Condor one takes hardware description and produce a working machine. There are several ways of doing this, obviously.
  • 1
    @Condor terms such as "logic synthesis" are more commonly used, but "compilation" is just as valid.

    You say you are monitoring your system; it's nice to do, but won't catch the more sophisticated malicious software / hardware.

    Of course no ome expects you to catch everything, which is my point: you must choose whom to trust, and what is your threat model. If your threat model is Google or NSA, you pretty much lost the battle - if they are after you they will win.

    On the other hand, if you simply don't want give Google your personal details, then denying access to internet from your keyboard is enough.
  • 0
    @Condor if trust equals naivety then you are naive, as is everyone else. You must trust someone and something in order to be able to do anything at all.

    The question whom to trust (and to what extent) is an important one, but the answer "nobody" is not an answer at all.
  • 0
    @Condor I did not say that last part. You're saying that trust is naivety, and I claimed that trust is essential to function.

    You are talking as if you are reading the entire source code of everything you are using, but of course you don't; nobody can read this amount of code, and nobody can comprehend even one thousandth of it.

    So you want the _ability_ to read it, and until then you trust other people to do so. People unknown to you. Some of them are probably employed by governments. I'm not saying that's naive - this trust makes sense, but it *is* blind trust you put in others.

    So, generally distrusting everyone is not naive but the exact opposite: it is impossible. Society is based on trust, and the open source community is yet another society.

    This does not mean that your demand from Nvidia to open their source is misjudged or something. It is a legitimate demand to put their code to the scrutiny of a community you trust.

    I'm definitely not saying "trust everyone".
Add Comment