otl

I guess so - I've actually never used Teams. There are lots of potential mitigations, but sandboxing is not really a solution to buggy code. For some better engineering discussion on the topic, there's the series of articles Transparent Telemetry, in particular The Design of Transparent Telemetry.

That’s a good response I hadn’t read before - thanks. Still so relevant 7 years on.

Some interesting thoughts on this from the Signal creator: https://signal.org/blog/the-ecosystem-is-moving/

I know where you're coming from. Right now the way many of podcasts' audio files are served is via HTTP CDNs. The podcast client fetches the RSS feed, then fetches the linked-to audio file. The VPN, as you say, just changes the source address of that request.

What we could work on is reducing the number of requests to those CDNs.

One idea: A service which serves a mirror of the podcast feed and audio files. Users would need to manually enter podcast feed URLs into their client, rather than select the podcast from a convenient in-app search. You'd have to trust the service operator isn't collecting and sharing its usage data.

Going further, we could use Bittorrent to distribute episodes between mirrors. Mirrors could subscribe to a RSS feed of torrents for particular shows.

I could imagine some community-run effort in this space.

The actual report: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

are you saying that this is not creepy at all?

Definitely creepy that it phones home in the first place.

But it's not necessarily creepy that it keeps trying; it could just be sloppy programming. Hanlon's Razor comes to mind. Microsoft Teams behaved in a similar way apparently. If you blocked it phoning home at the network level it would buffer gigabytes of data on disk until the disk was full.

Nice! I actually didn't know they had RSS feeds at all, so I'm going to help my news junky friend get set up with them. Thanks for the tip on the ABC RSS! :)

Right now I've got NetNewsWire configured to use my iCloud account (which uses CloudKit under the hood), so that syncs my iPhone and iPad. This still involves a 3rd party - Apple's magic hosted database service thing - but I'm ok with this for now.

Ideally I would set up something like FreshRSS and host it on one of my own servers. FreshRSS exposes the old Google Reader API which NetNewsWire and Reeder can use to sync feeds. Personally I'm not interested in the FreshRSS web interface and I'm not too keen on running a PHP app either. So I'm considering writing my own service which serves the bare minimum required to be able to point apps like NetNewsWire and Reeder at.

True.

But whether usage data is transmitted back to the service needs a quick check too. For example, compare accessing Gmail via its web app and via a boring IMAP mail client. Or in the old days, Twitter's web app and an app like Tweetbot.

For news in particular, RSS feeds are a great option if you can find them. No ads, no Javascript, purely chronological sorting of articles. Here's some feed links for SBS, for example: https://www.sbs.com.au/news/article/feeds/nbv1rs3kw I highly recommend the open source app NetNewsWire for iOS.

In this case, is using the web version of the app (which is often an option) more private? I’m assuming mobile Safari with privacy relay, plus some extensions to stop trackers etc.

Long story short: probably.

The crucial bit in this example is that the extensions explicitly blocks code being executed on your device used to track you. They aren't a silver bullet, though.

Officially on iOS it is forbidden to track users' activity on between apps and websites unless the user explicitly grants it via the AppTrackingTransparency framework (https://developer.apple.com/app-store/user-privacy-and-data-use/). Not a silver bullet either.

Whether there is a significant difference how usage data is used and abused from accessing content via a website versus mobile app is a tricky question to answer definitively. We can measure things like network requests, blocked scripts. We can read policies which promise stuff and can be enforced through courts etc. But things happen behind closed doors like selling data through legal loopholes, grey areas, and data breaches. It's a big business.

If you've got any specific examples we could dig a bit deeper. Assuming you're Australian: I just checked first news provider that came to mind and found that https://abc.net.au can be read easily without Javascript enabled at all. That's hard to beat.

I've never heard of Skiff. Beyond studying the protocols and system design, here's a couple of things off the top of my head to help:

• Follow the money. Are they charging enough to not be tempted to sell data about their users?
• Who is in charge? Have leadership demonstrated respect towards their user's privacy in the past? See their About Us page
• Read their privacy policy
• Keep up-to-date. Lots of services start out with good intentions, but over time they get acquired, acqui-hired, big investments.. and policies change.

My old workplace had a person exactly like this. We all had enough of the bullshit, but our boss didn't care. In the end, I moved on.

Later I realised it wasn't just that one person, it was actually a bad culture overall which wasn't being moderated well. The managers were just really bad at their job. So I'm really happy I moved on.

There are lots of cool Linux and OSS communities out there. Even if they are not exactly about the particular distro you are interested in, there will be ways to learn and share about it.