DeGoogle Yourself

13778 readers

64 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

Be respectful even in disagreement
No advertising unless it is very relevent and justified. Do not do this excessively.
No low value posts / memes. We or you need to learn, or discuss something.

Related communities

!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml

founded 5 years ago

MODERATORS

CrypticCoffee@lemm.ee

Byereddithellolemmy@lemmy.world

chevy9294@monero.town

CrypticCoffee@lemmy.ml

Is it safe to delete my Google account? (piefed.social)

submitted 5 days ago by artiman@piefed.social to c/degoogle@lemmy.ml

33 comments fedilink hide all child comments

I have switched everything to privacy alternatives is it safe to delete my Google account or is it needed for some android features also if I delete my account does Google delete all my data if not, can I request the deletion of my data under the GDPR

you are viewing a single comment's thread
view the rest of the comments

[–] WhyJiffie@sh.itjust.works 1 points 3 days ago (18 children)

why do you think it's better?

[–] ZinQ@lemmy.ml 1 points 3 days ago (17 children)

Since you get your apps straight from the source. Also F-droid is recommended against in Privacyguides. And lastly you can download F-droid apps in obtainium. Just make sure to use Appverifier or at least compare hashes if Appverifier doesn't support the app

[–] WhyJiffie@sh.itjust.works 2 points 2 days ago (8 children)

oh and also, nobody really verifies what gets into an apk uploaded to github releases. but f-droid does have an array of checks, and I like that they can catch if an app tried something fishy or had a build accident (like accidentally including google servifes dependencies that automatically run code, because another new or updated dependency pulled it in). in the past there were occasions where an app got unlisted, and when I went looking for the reason it was either developer negligence, or sometimes changes that were really not too good.

[–] ZinQ@lemmy.ml 1 points 2 days ago* (last edited 2 days ago) (1 children)

"Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards." This is what PrivacyGuides says. Also you have Appverifier integration in Obtainium which verifies signatures or smth, I know it's a lot better than comparing hashes

[–] WhyJiffie@sh.itjust.works 2 points 23 hours ago (1 children)

Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates.

there were several statements in that article that lead me to believe it wasn't revised in many years. yes, they had some difficulties just a few weeks ago, but otherwise that doesn't occure often anymore. also they are working on replacing the build system with something better, if google does not kill them first

F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust

trust is not in package IDs, should never be. packge IDs can be easily "faked". trust should be in the apk signature. sometimes not even that, like with google play, where the keys are handled not by the developer but by google.
but yes, they do reuse package IDs, because they cannot patch every app that does not provide an fdroid build variant, doing so could break apps. what it causes today is that you can't have installed the fdroid version and a different version of the app.

and since f-droid focuses increasingly on reproducible builds, as they have been doing for the past few years, apps that are built that way are not even affected by this, because users get the file that was built by the original developers.

Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play,

I disagree. the play store allows and recommends lots of malicious apps.

meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet modern security standards."

so those apps must be made inaccessible to all users, right? NO! these apps should have a warning, not being deleted!

Also you have Appverifier integration in Obtainium which verifies signatures or smth

this?
contrary to f-droid's build system it does not look for fishy things in the APK, it just checks whether the app was built by its expected developer. that's what the apk signature can be used for.
sometimes it's useful, like if you get the apk file from wherever, except when the developer's signing keys are handled by google, because then google can release altered versions that still pass the verification. but it does nothing to check whether it has tracking components that would be rejected by f-droid.

I know it's a lot better than comparing hashes

thats what appverifier exactly does. it compares the hashes of the apk's public signing key with a known good value.

[–] ZinQ@lemmy.ml 1 points 22 hours ago (1 children)

I see, I'll admit I'm not very knowledgeable on this, I thought appverifier was better than normal hash comparison

[–] WhyJiffie@sh.itjust.works 1 points 18 hours ago (1 children)

no worries, everyone must start somewhere, and not everyone has the time to look up these things.

[–] ZinQ@lemmy.ml 1 points 18 hours ago

Thanks, your previous response was very well put

load more comments (6 replies)

load more comments (14 replies)