The inevitable paranoia of regoogling after degoogling.
So… my phone is dead. Again. The Crow is a careless bird and has a nasty habit of dropping moderately priced hardware onto hard objects, corners, and into puddles.
The OnePlus 3 was my third Ubuntu Touch device and it’s going to be my last for some time.
I moved away from android in late 2018 after the abrupt shock of realising just how extensively users are tracked in everything they do and everywhere they go. I adopted Ubuntu Touch and after the initial shock from the paucity of apps, I’ve been living with it quite happily ever since.
Aside from phone calls and text messages, I was mainly using the handset as a way to interface with the services hosted on the Raspberry Pi which lives behind my couch.
Webapp creator and later, Webber, made it easy to create simple interfaces for Nextcloud, Photoprism, Mealie, Jellyfin, and so on. All in all, I’ve been quite happy.
But in my search for privacy, I found I was missing one killer feature which couldn’t be replicated by self hosting - Deltachat, a modified email client which works as an end-to-end encrypted chat app. It looks like Whatsapp, and users can end-to-end encrypted send pictures and text messages to each other just like Whatsapp, Deltachat is just an app, using the email network as a backend. It’s not a service, and if you host your own email server as The Crow does, it’s super secure - especially if you’re only using it to message users who have an account on the same email server.
There’s no client for Ubuntu Touch and it’s been bugging me for more than a year, so when my pocketed Oneplus was crushed between my leg and a large log and I was looking for a new handset, the absence of Deltachat tipped the balance. I reasoned that if I was careful and disciplined there would be no cause for concern. I decided to move back to Android.
Heads up - The title of this post is slightly misleading. While I have readopted Android, I am actually doing my best not to regoogle.
The journey back to Android
I chose a Sony Xperia XZ1 as my handset, principally because I’m getting into 3D printing in a big way, and the XZ1 is the cheapest device which supports Sony’s excellent 3D creator app. It’s also possible to use the XZ1 without creating a Google account. I don’t want to use Google.
The results from Sony Xperia 3D Creator have been... mixed .
I also don’t want to use any software which is closed source (other than Sony 3D creator, but it’s a calculated bet that there’s no spyware in there.)
The reason for this is that I used to do a bit of Android development myself and was constantly bombarded with offers to monetise my apps without ads by including some sort of shady third party back end which does god only knows what. If I use only Open Source apps, it’s impossible for devs to sneak any disguised malware or spyware onto my phone.
Granted, I’m not going to read the entirety of the source code myself, but I’m fairly confident that someone, somewhere will have already done it on my behalf. I read what I can and rely on others to pick up the slack.
Should I be more paranoid?
A remarkably similar experience.
I’ve imposed rules on myself.
Use only Free and Open Source Software
Use my handset principally as a way of interacting with my own self-hosted sites and services.
This means no Google Play, no gmail, no Google anything. No Whatsapp.
Under these self-imposed restrictions, I’ve found my experience of FOSS-only android to be very similar that of Ubuntu Touch.
To start with, I cut myself off from the epic emporium of crapware which is Google Play. I use F-droid instead, with it’s estimated 5,000 apps. Ubuntu Touch’s open-store boasts a similar, although smaller, number. And you won’t find native clients for Whatsapp, Facebook, Google, Spotify or any of the other data vampires in there.
But I have found exactly what I need.
There’s DeltaChat, obviously. A native Jellyfin client for my movie, music, and audiobook needs; there’s Husky, which acts as a mobile front-end for my Pleroma-based (anti) social media server; There’s Readrops which works nicely with my self-hosted FreshRSS instance. Nextcloud sync uploads photos to my nextcloud instance in the same way UBSync did on Ubuntu Touch: I use Fennec to browse the internet and Oppen’s excellent, yet unstable Ariane 4 client to make my way through Geminispace.
There is currently no Photoprism app on F-droid, but you can install the APK direct from the Github.
You know what, I’m going to give a slightly more detailed description of what I’m using on my Android handset right now.
Essential FOSS software for Android
Everything free and open source!
F-Droid is the central app I use for acquiring new apps. Fundamentally, it’s an app store with around 5,000 apps. a number completely insignificant when compared to the countless millions available from Google, but F-Droid comes with a few advantages.
First up, the overwhelming majority of apps are completely FOSS, meaning that you can contribute to the project if you’re so inclined. Alternatively, you can pop along to the relevant Gthub repository and inspect the code, check out the issues, and other people’s gripes and bug reports.
Second up, F-droid listings warn you of any privacy related issues before you download or install, under the heading, ‘This app has features you may not like.’ Scroll to the botton of the listing and you’ll see what these are, neatly listed under the descriptive title of ‘anti Features.’
The anti-feature for Proton VPN, for instance, is that it, ‘Promotes non-free network services.’ There are apps with far more egregious privacy dangers, and F-droid lets you know what they are.
Nextcloud was the first service I installed on my Pi 4B when I first embarked on my self-hosted journey. It provides almost everything you might ever need including full office suites, entertainment, music players, group video calling, recipe managers, maps. The list goes on.
These days I use Nextcloud for document editing, and for sychronising photo uploads from my phone. The Android app isn’t as seamless as UBsync on Ubuntu Touch, and it is occasionally prone to cluttering my notifications area with error messages, but to be honest, I haven’t really had any problems with it.
My go-to media player. I don’t use Spotify, YouTube, or Audible, because frankly I don’t like the idea of anyone monitoring my media usage. Remember those Spotify ads from a couple of years ago? I don’t like the idea of them having access to that kind of data on me.
Jellyfin runs on my Pi and I have a couple of terabyte drives stuffed with music, movies, TV shows and audiobooks. It’s brilliant.
Only upload media you own, kids!
The Android app is a no drama llama. It shows recent additions to my library, saves my place in audiobooks, movies, and shows, and is content to run in the backgroud. On Ubuntu Touch, I had to create a webapp to link to my server. This is slightly easier, and there’s less of a playback problem with the screen turned off.
I don’t like visiting websites, and I certainly don’t like the idea of a personalised newsfeed being prepared for me by a third party data-farm such as Facebook or Google. RSS is the answer and my FreshRSS instance delivers full text feeds for me to read at my leisure. It updates twice per hour thanks to a cronjob,
Readrops is, in my opinion the best of the FreshRSS compatible FOSS RSS readers on F-droid. Once it’s set up correctly you never think of it again. You don’t visit the website of the original story, navigation is easy and customisable, and it’s a pleasure to use.
There are a number of FOSS browsers on F-droid, but I like Fennec the best. It’s basically the F-droid version on Firefox mobile.
As F-droid will tell you, Fennec ‘tracks and reports your activity,’ and the ‘upstream source code is not entirely free.’
I’m using Fennec right now, but I will probably change soon.
Deltachat is probably the most secure messenger app there is - because it is just an app not infrastructure. Looks good, works great.Messages are encrpted in-app, and I own the actual server on which the end-to-end encrypted messages reside.
Not even your gran would know it's not Whatsapp...
Would I ever go back to Ubuntu Touch?
In a heartbeat. Restricting myself the FOSS on Android has shown me how very, very similar the two platforms are - at least for the end user.
OK, UT doesn’t have a desktop per se (it was cruelly taken away by the developers some months ago), and it doesn’t have Deltachat yet, but yes I can see myself migrating back over when the XZ1 reaches the end of its usable life.
Additionally, on the very morning the XZ1 arrived courtesy of Royal Mail, the Pegasus story broke, ramping my always present parnoia up to unprecedented heights.
This site is hosted on a Raspberry Pi 4B in the author's living room (behind the couch). If you fancy building a website, but would prefer not to have hardware cluttering up your house, you can get reasonably priced hosting from BlueHost
On the other hand, if you're worried about being followed online, consider using PureVPN to cover your tracks.
These are affiliate links. Obviously. If you're feeling generous, you can buy me a coffee.
You may also be interested in...
Leave a comment
Leave your name (or don't) and try to keep it under 230 characters. Here's how it works
Comments:[Fri Oct 29 02:50:53] If you want to see how bad it really is, install netguard on your android phone. Not much better on lineage ... big problem is in the apps you use. Example: my Nextcloud app talking to self hosted nextcloud server still reaches out to to googleapis.com a LOT ... among other locations. - Fellow UT user failed
[28/Jul/2021:19:19:38 +0100] I do get that and it's something I'm worrying about - I've been monitoring Pihole and I haven't seen any requests to Google. Having said that, I'm probably going to flash lineage as soon as I have time. - TC
[28/Jul/2021:18:31:38 +0100] The CORE of Android tracks you and call home all the time. Unless you use a privacy friendly ROM, there's no way to disconnect yourself from google, even if you don't create an account, even if you disable Play Services, even if you use open source app only. Your IP, location (because yes, they still track you even if you disable it).So, I would say you basically ruined the 3 years of work you've done. But you do what you want