this post was submitted on 08 Nov 2023

390 points (98.0% liked)

Privacy

40147 readers

567 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

390

In what world does a VPN need access to Camera and Bluetooth? (i.imgur.com)

submitted 2 years ago* (last edited 2 years ago) by LunchEnjoyer@lemmy.world to c/privacy@lemmy.ml

80 comments fedilink hide all child comments

I am fully aware of what vpn services to use and not. I am not using Express VPN, I am simply doing research for a master thesis, when I came across these results from Express VPN. If you have any ideas or corrections, please let me know why a VPN provider would need to have access to these permissions.

Screenshot is from Exodus service, which let's you view what exactly perimissions and trackers each app uses. You can check out the results and the tool for yourself here: https://reports.exodus-privacy.eu.org/en/reports/com.expressvpn.vpn/latest/

Link to Image

you are viewing a single comment's thread
view the rest of the comments

[–] winterayars@sh.itjust.works 151 points 2 years ago (3 children)

Camera could be taking pictures of QR codes to make it easier to set up a VPN.

Bluetooth could be integration with things like Yubikeys for authentication.

Dunno if that's what they're actually for, though.

[–] BuddyTheBeefalo@lemmy.ml 56 points 2 years ago (6 children)

Best practices would not require camera permissions to scan qr codes.

Scan barcodes

Android includes support for the Google Code Scanner API, powered by Google Play services, which allows you to decode barcodes without declaring any camera permissions. This API helps preserve user privacy and makes it less likely that you need to create a custom UI for your barcode-scanning use case.

The API scans the barcode and only returns the scan results to your app. Images are processed on-device, and Google doesn't store any data or scan results.

https://developer.android.com/privacy-and-security/minimize-permission-requests

[–] ultratiem@lemmy.ca 23 points 2 years ago* (last edited 2 years ago) (1 children)

I'm going to assume they didn't implement this because money. Their app runs on everything, from iOS to Android to Windows. Cost savings they likely just flipped camera permissions and didn't care about small edge cases like these.

With that said, Mullvad is a million times better, cheaper and doesn't require even an email or account creation to use. They created a system that effectively anonymizes the user before they even subscribe.

[–] Schmeckinger@feddit.de 2 points 2 years ago (1 children)

5$ per month isnt cheap for a vpn.

[–] ekky43@lemmy.dbzer0.com 10 points 2 years ago* (last edited 2 years ago) (1 children)

Expressvpn is about 10$ a month, so 5$ would definitely be an improvement.

[–] ultratiem@lemmy.ca 5 points 2 years ago

And that's with the 2 year subscription discount, which makes it $8.50 a month. Mullvad is a flat $5 a month. No subscriptions.

[–] Aux@lemmy.world 7 points 2 years ago (1 children)

You don't want to scan secure QR codes through Google APIs. You can be at risk of Google stealing the contents.

[–] uis@lemmy.world 2 points 2 years ago (1 children)

Then use zxing API

[–] Aux@lemmy.world 1 points 2 years ago (1 children)

But you'll need access to the camera then.

[–] uis@lemmy.world 1 points 2 years ago (1 children)

Doesn't it use IPC? So only separately installed barcode scanner needs camera.

[–] Aux@lemmy.world 1 points 2 years ago

Mate, you need to give access rights to someone. The camera won't open magically. The reality is that it's safer to do everything inside your app, especially when you advertise security.

[–] pensivepangolin@lemmy.world 2 points 2 years ago

Well TIL; thank you for that!

load more comments (3 replies)

[–] LunchEnjoyer@lemmy.world 16 points 2 years ago (3 children)

Ah okay that might justify the camera permission, although personally wouldn't see the need to have that.

[–] TonyToniToneOfficial@lemmy.ml 31 points 2 years ago (1 children)

Would definitely prefer to see it be an "as needed" basis, like ask every time

[–] bob_lemon@feddit.de 23 points 2 years ago

That is probably possible, since Android usually asks about that nowadays.

[–] Player2@sopuli.xyz 12 points 2 years ago

You can often just deny permissions and it will work fine, just nag you sometimes

[–] offspec@lemmy.nicknakin.com 3 points 2 years ago

I don't imagine express is wireguard under the hood but that's a pretty common wireguard configuration method.