I have a “hate / despise” relationship with “The App Stores” of the world. I’m sorry, but when I have purchased a device, mandating that I MUST give up PII data (Personal Identifying Information – the term used in the computer biz for stuff that MUST be protected) just to download the applications that make the thing worth using just galls me.
So I download and install any app that does NOT require such an “account” and use only things that are freely available. At first, this was far more than enough “stuff” to keep me happy. In the rebuild of the Samsung Tablet now underway, I’ve found it ever harder to bypass having either s Samsung Account or, worse, a Google Play Account. Even FireFox has sent me off to the Google Account page (pick one: You have already compromised your PII, or you would like to Compromise PII Now: Y or Y )
No choice of “I don’t want you tracking my every move” allowed. Interesting to note that the default browser included in the base Samsung config is flagged as “no longer supported” if you try to install an App and it throws you into the “Give Up Your PII to get a new browser” panel…
Yet there are some things out there “in the wild” still.
Some fair amount of this morning was spent getting a decent browser installed that would not leak massive information about me at every turn. AND without the PII Stamped Account info in the install. I have, so far, found three. Well, really 2 1/2. Opera and Opera-mini are really only 1/2 different.
Firefox, Opera, and more, in the top search pages, try desperately to route you over to an App Store (login / present PII / blow off privacy) process. But dig deeper, you can find non-Account versions of some apps available. (IIRC I had to tick the “allow non-official apps to be installed’ button somewhere under settings).
To save others the time, here’s a couple of places I found things. As the tablet is now relegated to “Toy For Browsing” status, I wasn’t all that worried about vetting the sites, so this might well be horrible malware… but I don’t think so. At any rate, it can’t be much worse than the PII demanding Google Play store…
First up, I didn’t find any unencumbered Firefox or IceWeasel yet. The IceWeasel may not exist for Android, being a Debian thing. Maybe I need to look for SeaMonkey to get a Firefox clone… (though I think GNUzilla may be the name now). Yet I’d HAD Firefox installed before. So I don’t know if it has been roped in to the Identity Ripoff Corral only, or I just need to look further. After a half dozen “We have it!” that had a download button that sent me to the Google Play login process, I moved on. (Part of the reason for this posting… so in future I’ll remember where I found things…)
But the GNU Foundation makes a semi-paranoid knockoff of Firefox. ( I LIKE semi-paranoid… it’s a Systems Admin thing ;-) IceCat is the name of the gizmo that looked interesting. (They also make the SeaMonkey browser / email suite). Stallman (maker of GNU) is very security, privacy, and freedom oriented. I like him, I like his stuff. Sometimes it is a PITA…
I found it as free download from here: http://open-source-box.org/icecat/38.6.0/
It isn’t in the newest 38.8 nor the 38.7 for Android. I actually hit the 38.5.2 on a random “click way down” but just now found it in the 38.6.0 release.
They are listed as one of the approved mirrors at the GNU site. In general, anything Stallman approves is far more than the vetting I would do… Did I mention I like a modest level of paranoia in SysAdmins? 8-}
Introducing GNUzilla and IceCat
GNUzilla is the GNU version of the Mozilla suite, and GNU IceCat is the GNU version of the Firefox browser. Its main advantage is an ethical one: it is entirely free software. While the Firefox source code from the Mozilla project is free software, they distribute and recommend non-free software as plug-ins and addons. Also their trademark license restricts distribution in several ways incompatible with freedom 0.
Privacy protection features
Https-Everywhere: Extension that encrypts your communications with many major websites, making your browsing more secure.
SpyBlock: Blocks privacy trackers while in normal browsing mode, and all third party requests when in private browsing mode. Based on Adblock Plus.
AboutIceCat: Adds a custom “about:icecat” homepage with links to information about the free software and privacy features in IceCat, and checkboxes to enable and disable the ones more prone to break websites.
Fingerprinting countermeasures: Fingerprinting is a series of techniques allowing to uniquely identify a browser based on specific characterisics of that particular instance (like what fonts are available in that machine). Unlike cookies the user cannot opt-out of being tracked this way, so the browser has to avoid giving away that kind of hints.
by Richard Stallman
You may be running nonfree programs on your computer every day without realizing it—through your web browser.
In the free software community, the idea that nonfree programs mistreat their users is familiar. Some of us refuse entirely to install proprietary software, and many others consider nonfreedom a strike against the program. Many users are aware that this issue applies to the plug-ins that browsers offer to install, since they can be free or nonfree.
In addition to being nonfree, many of these programs are malware because they snoop on the user.
Java applets also run in the browser, and raise similar issues. In general, any sort of applet system poses this sort of problem. Having a free execution environment for an applet only brings us far enough to encounter the problem.
It is theoretically possible to program in HTML and CSS, but in practice this capability is limited and inconvenient; merely to make it do something is an impressive hack. Such programs ought to be free, but CSS is not a serious problem for users’ freedom as of 2016.
Silently loading and running nonfree programs is one among several issues raised by “web applications”. The term “web application” was designed to disregard the fundamental distinction between software delivered to users and software running on a server. It can refer to a specialized client program running in a browser; it can refer to specialized server software; it can refer to a specialized client program that works hand in hand with specialized server software. The client and server sides raise different ethical issues, even if they are so closely integrated that they arguably form parts of a single program. This article addresses only the issue of the client-side software. We are addressing the server issue separately.
What do we mean by “nontrivial”? It is a matter of degree, so this is a matter of designing a simple criterion that gives good results, rather than finding the one correct answer.
it makes an AJAX request or is loaded along with scripts that make an AJAX request,
it loads external scripts dynamically or is loaded along with scripts that do,
it defines functions or methods and either loads an external script (from html) or is loaded as one,
using the eval function,
calling methods with the square bracket notation,
using any other construct than a string literal with certain methods (Obj.write, Obj.createElement, …).
Thank you to Matt Lee and John Resig for their help in defining our proposed criterion, and to David Parunakian for helping to make me aware of the problem.
Yeah, geeky and tech talk. But that’s the stuff that robs you of your privacy…
This issue of running programs inside of browsers is also why I assert it is no longer possible to secure 100% any network connected to The Internet that allows web browsing. By Definition, you are enabling any program in any web page to be run on a machine inside your firewall. It is now a race condition between their creativity and your ability to detect and respond.
I sporadically use Opera on desktops. It is usually fast, clean, and has a nice compression feature when on slow links. (Web page data is sent to their server where it is cached and compressed, then only compressed stuff is sent to you).
It is a performance engine, not a privacy engine, though (IMHO). Any time someone knows every bit you send (when using their cache and compress) it is a privacy exposure.
But I really don’t care at all if someone knows I read my own web site or WUWT ( or the N.Y. Times or…)
So when I just want speed, it can be very nice. Add in that IceCat doesn’t like many video formats (non-free or Flash security issues) and, well, sometimes you just want to see the YouTubes…
Many links in the search sent me to the “Google Account Yes or Yes?” page… This one did not:
I didn’t spend a lot of time vetting the site, as I was just putting this on a low value target. Serious machines? Vet the site more…
I also got mini-Opera there. It has more of a “mobile” presentation like typical cell phone browsers:
Both are Very Fast. The Mini one also uses that “compressed on their servers” feature by default.
So with those two Opera options, and the IceCat, I can chose fast, or private and secure. Opera is very fast and very feature rich (i.e. runs videos nicely). IceCat is slower, doesn’t like videos, and is very secure. Take your pick…
That’s all I’ve installed so far. It would be nice to find a Real Firefox I could download and install (without the Account…) but I’m not busy looking. I’m also coming to suspect that there is a market for actually free and privacy oriented apps. Outside of any “app store account” in an anonymous download store. Perhaps someone is already “in that space” and I just don’t know it since I never used the tablet for much beyond browser and movies…
Oddly, I did find a Very Interesting application. Debian.noroot. Unfortunately, the link the search engine found took me to… The Google Store… Maybe this one is better (though it has a link to The Store so I likely would need to enable “developer mode”…):
Run Debian on top of Android with a single click.
No root required! Should work on any high-end device! Unleash full unrestricted desktop environment onto your mobile device! Instant frustration guaranteed! (unless you’re using mouse or stylus).
This app is NOT full Debian OS – it is a compatibility layer, which allows you to run Debian applications. Your phone is NOT rooted during installation. Also, this is NOT official Debian.org release.
There are several limitations:
It cannot mess up your Android device, because it’s a regular well-behaved Android app, which does not need root access.
No audio support. Some time ago PulseAudio was somewhat supported, but now it’s broken.
No OpenGL support. It’s possible to add it but it’s a huge chunk of work, and I will not be doing that.
No access to the device hardware. That means you cannot re-partition SD card, you cannot burn CD-Roms, you cannot run ping or sniff your network etc.
No ability to move app to SD card, so you will need a lot of internal storage.
Most servers such as SSH or Apache won’t start, because they all need root features. You can use tightvncserver instead of SSH, and wbox instead of Apache as a simple file sharing web server,
How does that work.
The Debian graphical shell is launched using PRoot, the ultimate Linux virtualization solution: http://proot.me/ Then it launches XSDL X server to render it to screen.
It looks very interesting… IF I can get generic Debian apps to run on my Android tablet, I’ll be kissing off most other apps in a heartbeat… So I’ll be exploring “how to install this without a Google Login” for a while… Hopefully something at GitHub will let me do that.
Or maybe I’ll just “root” the tablet and “move on” from Android… It is getting old enough now that I don’t care that much about it anymore, and if I “brick” it, the loss isn’t that big anymore…
(Can you tell that “It is a Very Bad Idea to annoy the Geek.” and that having the Samsung Note lose the keyboard annoyed me? ;-)