Post AMZWqhQVDOuwpVsGDw by sneak@s.sneak.berlin
(DIR) More posts by sneak@s.sneak.berlin
(DIR) Post #AMQhBu1OXDcFQKXQvI by sneak@s.sneak.berlin
2022-08-11T20:35:23Z
15 likes, 13 repeats
OSMAnd is spyware that leaks your travel history to the OSMAnd developers, even if you have analytics/telemetry turned off!https://github.com/osmandapp/OsmAnd/issues/15058https://github.com/osmandapp/OsmAnd-iOS/issues/2115This unethical and consent-violating data leak exists in both the iOS and Android versions. It's not an accident - they are deliberately phoning home with a unique identifier.
(DIR) Post #AMQmDpq5YU3snnzUMi by sadmin@social.tchncs.de
2022-08-11T21:31:42Z
0 likes, 0 repeats
@sneak interesting, let's see if and how they handle the ticket. Please keep us updated
(DIR) Post #AMQqDdJ0YQcVkMg0rQ by idiot@shitposter.club
2022-08-11T22:16:36.733530Z
1 likes, 1 repeats
@sneak I thank the good Lord above for making me so lazy a piece of shit that I put off setting up OsmAnd for about seven years. Also, chalk another W up for Team "Android is fucking dead please someone make the Pinephone usable I beg you."
(DIR) Post #AMQrejr2Pi6ZpZ5BpI by jomo@mstdn.io
2022-08-11T22:32:36Z
0 likes, 1 repeats
@sneak @coolboymew valid concern, but your wording makes it sound as if they added this for the sole purpose of tracking individuals and don't intend to do anything about it. Let's give them some time to respond before starting drama.
(DIR) Post #AMR0hD3FjK7iYB36jg by Heil_Honkler@poa.st
2022-08-11T22:11:02.630481Z
0 likes, 1 repeats
@sneak This kind of shit is what makes me leery about going to meetups cause you know people bring their phones, ntm most new cars have some means of being tracked by intel agencies inbuilt.
(DIR) Post #AMR1mffoqDqOipFxSK by idiot@shitposter.club
2022-08-12T00:26:11.568275Z
0 likes, 0 repeats
@sneak Also I just noticed that the iPhone version is written in Objective C(++)That's cool I thought they nuked anything other than Swift because Apple.
(DIR) Post #AMREVzLhjXrEE4DuOu by joel@fosstodon.org
2022-08-12T02:48:49Z
0 likes, 0 repeats
@jomo seriously, people jump to conclusions too quickly
(DIR) Post #AMRNpANRr34bWDG5p2 by lambdagoat@social.tchncs.de
2022-08-12T04:33:00Z
0 likes, 0 repeats
@sneak I have analytics disabled and it pings download.osmand.org on ios privacy report. It happens during a live update or download - it should not be sending IDs (but I havent checked with a proxy to inspect https). Can't wait to hear back from them though, as I've been a long time fan of OsmAnd and a premium subscriber... 😬
(DIR) Post #AMRQNOOiQv18kxIclc by james@mstdn.starnix.network
2022-08-12T05:01:45Z
1 likes, 1 repeats
@sneak Good thing it's FOSS, someone should maintain a fork like @tenacity did with Audacity. This might be Android only (through F-Droid), but at least we'll be safe.
(DIR) Post #AMS8bWBGgkPqvsYUO8 by trashcatt@fosstodon.org
2022-08-12T13:17:08Z
0 likes, 0 repeats
@sneak this is horrible
(DIR) Post #AMSUMz7wywEHM9Tjbk by sadmin@social.tchncs.de
2022-08-12T17:21:04Z
0 likes, 1 repeats
@sneak Ok now we have the worst possible reaction. 1. He deleted @sneak 's comment that explained what exactly is the problem here (assembly of IP and geolocation history through unique identifier). Possibly to obfuscate the privacy concern.2. He ignores the concern3. He ignores the proposed simple fix4. He points at the TOS and says everything is fineI guess it's time to uninstall #OsmAnd@coolboymew@freezepeach.xyz @jomo @james @trashcatt @lambdagoat @greypilgrim @joel
(DIR) Post #AMTZkmuAlkjjKRACg4 by kaip@social.tchncs.de
2022-08-13T05:56:13Z
0 likes, 0 repeats
@james @sneak @tenacity Uou won't be able to download the map data from osmand.net anymore, so somebody would also need to provide this service.
(DIR) Post #AMTZlhc3vl7PCm82rY by kaip@social.tchncs.de
2022-08-13T05:56:24Z
0 likes, 0 repeats
@james @sneak @tenacity You won't be able to download the map data from osmand.net anymore, so somebody would also need to provide this service.
(DIR) Post #AMUF4JwsEazVQyrMR6 by sneak@s.sneak.berlin
2022-08-13T13:39:05Z
0 likes, 0 repeats
@trashcatt the lead dev thinks that it doesnt need consent because it is just a random id lol
(DIR) Post #AMUF8B8qv5aBHLInmy by greypilgrim@fosstodon.org
2022-08-12T12:28:32Z
0 likes, 0 repeats
@jomo @sneak @coolboymew@shitposter.club Agree. I don’t like the UUID part but I don’t care about the IP part.
(DIR) Post #AMUF8BbvB0pojUu168 by sneak@s.sneak.berlin
2022-08-13T13:39:49Z
0 likes, 0 repeats
@greypilgrim @jomo the ip part is how it tracks your travel history (ip geolocation)
(DIR) Post #AMUFIlOSzVr8bjeXCa by sneak@s.sneak.berlin
2022-08-13T13:41:44Z
0 likes, 0 repeats
@lambdagoat the lead dev says it doesnt require consent because it's just a random id. he doesn't get it.
(DIR) Post #AMUFWq6EI8zPFypnTk by sneak@s.sneak.berlin
2022-08-13T13:44:17Z
1 likes, 0 repeats
@sadmin the lead dev doesnt understand the issue and claims they don't need consent to drop a tracking id on your system lol
(DIR) Post #AMUq1gQftMlualP8JU by lambdagoat@social.tchncs.de
2022-08-13T20:33:09Z
0 likes, 0 repeats
@sneak thanks for the update, that really sucks. I will rethink my subscription then
(DIR) Post #AMVdNP5xupPQxLhjua by sneak@s.sneak.berlin
2022-08-14T05:46:10Z
0 likes, 0 repeats
@kaip @james @tenacity that's easy.you could also ship a fork that has the same download urls, that's between the user and the server.
(DIR) Post #AMWHr0uB4etCWRHrZA by greypilgrim@fosstodon.org
2022-08-14T13:19:41Z
0 likes, 0 repeats
@sneak @jomo I understand how it works. There aren’t enough downloads in the app to track someone.
(DIR) Post #AMXb8K51819rCaHh5c by greypilgrim@fosstodon.org
2022-08-14T13:55:26Z
0 likes, 0 repeats
@sneak @jomo Even then, it’s not something you can get away from. Are you going to blame your e-mail provider next? The way things work today, if you fear your source IP history, then it’s up to the user to control it themselves (VPN).
(DIR) Post #AMXb8OIdRKQaHygcs4 by sneak@s.sneak.berlin
2022-08-15T04:30:27Z
1 likes, 1 repeats
@greypilgrim @jomo "if you don't like us collecting your data, hide"no, fuck that. osmand is free software. i have already patched out the spyware antifeatures. i will probably distribute my fork. let users choose what they consent to.
(DIR) Post #AMYKXjYY2bJ3ONaWvY by greypilgrim@fosstodon.org
2022-08-15T12:59:14Z
0 likes, 0 repeats
@sneak @jomo Sounds like you’ve never had to protect your infrastructure from abuse or wanted to know where you needed to improve caching performance.
(DIR) Post #AMZWqhQVDOuwpVsGDw by sneak@s.sneak.berlin
2022-08-16T02:51:50Z
0 likes, 0 repeats
@greypilgrim @jomo yes i the victim must not relate sufficiently to the person appropriating my data without consent. debian and ubuntu solved this problem on a much larger scale without end user tracking. your comment is both factually incorrect (i have been a prod sysadmin in hostile environments for 20+ years) as well as a red herring (due to what i assume is ignorance of the state of the art)
(DIR) Post #AMaNwirc4zDsazJPrE by greypilgrim@fosstodon.org
2022-08-16T12:46:48Z
0 likes, 0 repeats
@sneak @jomo Victim. Dun dun dun
(DIR) Post #AMauSkJNQf5Isyc10i by aliceice@social.trom.tf
2022-08-16T18:51:02Z
0 likes, 0 repeats
Unfortunately OSMAnd+ is, at least for me, still unbeatable as I can configure it to navigate me exactly like I want it. It does not impose onto me a specific set of routing calculations
(DIR) Post #AMaumr6NtMdZjn7kO0 by KelsonV@wandering.shop
2022-08-16T18:54:46Z
0 likes, 0 repeats
@sneak It looks like it only happens when downloading maps for later offline use, not continuously? So it could track the maps you're interested in, and maybe where you are while planning a trip, but not where you actually go?
(DIR) Post #AMavmxgfVZGQ7Di5SK by dheadshot@mastodon.social
2022-08-16T19:05:59Z
0 likes, 0 repeats
@sneakOh heck!
(DIR) Post #AMavwlcnD9QVbGZZpI by dheadshot@mastodon.social
2022-08-16T19:07:48Z
0 likes, 0 repeats
@sneakIf you put your fork on fdroid, I'll switch to it...@greypilgrim @jomo
(DIR) Post #AMaw2elxbGdW5OfYI4 by hans@social.woefdram.nl
2022-08-16T19:08:44Z
0 likes, 0 repeats
Long thread, but that claim seems far fetched.
(DIR) Post #AMawXY8sIlpEV17ONM by jeffcliff@shitposter.club
2022-08-16T19:14:33.317721Z
1 likes, 1 repeats
@Zerglingman@sneak stop using nsa/microsoft github software !
(DIR) Post #AMb159LHPga3FKCK80 by grayrattus@mastodon.social
2022-08-16T20:05:19Z
0 likes, 0 repeats
@sneak holly molly I will read about it tomorrow. I use this app for cycling tracking.
(DIR) Post #AMbYK9V4PCEwZDXRya by sneak@s.sneak.berlin
2022-08-17T02:17:54Z
2 likes, 0 repeats
@jeffcliff @Zerglingman i have?
(DIR) Post #AMbYSSJAMTipDQviQC by sneak@s.sneak.berlin
2022-08-17T02:19:21Z
0 likes, 0 repeats
@hans it sends a unique and permanent tracking id on every map download.
(DIR) Post #AMboZoWzjYKbQtveBE by mars@kolektiva.social
2022-08-17T05:19:53Z
0 likes, 0 repeats
@sneak years ago they had a weird response against a request to allow showing tagged surveillance cameras in OSMAnd
(DIR) Post #AMcD2GAUyFNK9kVGMa by hans@social.woefdram.nl
2022-08-17T09:53:52Z
0 likes, 0 repeats
@sneak That doesn't imply it "leaks your travel history", that's what is far fetched. It can "track" which maps you download, that's not travel history, is it?
(DIR) Post #AMcEtn0vgKqlKM7GQC by sneak@s.sneak.berlin
2022-08-17T10:14:55Z
0 likes, 0 repeats
@hans client ip is city level geolocation. when you send a persistent unique id from changing client ips over time, i know which cities you were in, and when.
(DIR) Post #AMcFnF4h3Qf0HcJobQ by hans@social.woefdram.nl
2022-08-17T10:24:48Z
0 likes, 0 repeats
@sneak I've downloaded a lot of maps of areas I've never been to. So unless they actually follow my GPS coordinates, I don't see it as "leaking travel history".
(DIR) Post #AMcGLwM6dxfwMW0asS by sneak@s.sneak.berlin
2022-08-17T10:31:10Z
0 likes, 0 repeats
@hans this has nothing to do with which maps you download. you don't seem to understand ip geolocation.
(DIR) Post #AMcGtHsrcf3OggERPM by hans@social.woefdram.nl
2022-08-17T10:37:06Z
0 likes, 0 repeats
@sneak I've read the thread on Github, and I think I understand enough to know that this kind of "tracking" isn't a problem. I don't wear a mask and pay with cash only while doing groceries because the cashier could track my purchases either.Sure, maybe OsmAnd could work without that ID, but again, I find your claim far fetched.
(DIR) Post #AMcXIvwdPfQ9RLFLvc by jeffcliff@shitposter.club
2022-08-17T13:41:12.755614Z
1 likes, 0 repeats
@sneak @Zerglingman it's not an important issue if no one uses thisthis issue is only an issue if someone does
(DIR) Post #AMg0NtTH4adjh6gxRQ by sneak@s.sneak.berlin
2022-08-19T05:51:02Z
0 likes, 0 repeats
@hans it’s fine if you don’t care about your own personal privacy but that doesn’t give anyone license to track people who do (and don’t consent to such tracking)
(DIR) Post #AMgJTW5Yosko2czjN2 by hans@social.woefdram.nl
2022-08-19T09:24:51Z
0 likes, 0 repeats
@sneak Again, I don't see this as tracking. I have a serious problem with online tracking, that's why I never visit sites like Google or Facebook, but an enterprise setting an ID do check the number of maps I download and nothing else, is not a privacy concertn. Not for me, at least.It's a good thing that you told the world about this, so that people have a choice. Not going to be easy, I think, because every alternative that I know of is a far bigger privacy risk, but hey. But telling the world by calling it "spyware" and "leaking travel history" is a bridge too far, I think.
(DIR) Post #AMgoJG90LKlwH2C7Y8 by sneak@s.sneak.berlin
2022-08-19T15:10:32Z
0 likes, 0 repeats
@hans that's because you don't understand tracking. it is objectively tracking regardless of whether you comprehend it as such or not. the idea that it needs informed consent is your clue.
(DIR) Post #AMgpZTvCzDWPaj2aOW by hans@social.woefdram.nl
2022-08-19T15:24:32Z
0 likes, 0 repeats
@sneakthat's because you don't understand tracking.Yeah, let's go with that.
(DIR) Post #AMgqxyWqwPdlQDtMVE by sneak@s.sneak.berlin
2022-08-19T15:40:17Z
0 likes, 0 repeats
@hans if it weren't literally designed to discern one user from another, no unique identifier would be necessary.
(DIR) Post #AQM3v1QFWlP4uEhh5M by waterbear@scicomm.xyz
2022-12-07T06:24:44Z
0 likes, 0 repeats
@sneak it seems to have been fixed back in October, which is great since I use it a lot
(DIR) Post #AQOjDSAlIJMHWHHqUa by sneak@s.sneak.berlin
2022-12-08T13:16:51Z
0 likes, 0 repeats
@waterbear not fixed. read the issue.
(DIR) Post #AQPQOg8W0uj62epptw by waterbear@scicomm.xyz
2022-12-08T21:20:46Z
0 likes, 0 repeats
@sneak well I read this and I came up with:"Sneak: you are wrong. It is time to admit you came to wrong conclusions and time to publicly show you are able to learn when presented with new facts. Thank you."https://github.com/osmandapp/OsmAnd/issues/15058#issuecomment-1214373629
(DIR) Post #AXN1P5wsecZe95TFSq by meowski@fluf.club
2023-07-05T02:36:08.646629Z
0 likes, 0 repeats
@sneak if you read the github thread it sounds like this isn't quite accurate and you seem to be mischaracterizing what's actually going on.