[FOR DEVS & MEMBERS] Fair Use Term of Copyrighted Apps - Android General

Well, I found this useful and share it here. Credits go to the original writer. This is about the Fair Use Term of Copyrighted apps.
HCFroyd247 said:
This may be long, but this pretty much sums up the issue on dev vs dev, members vs members. This is created for people who has a keen understanding of rules, regulations, etc. Therefore people without enough reasoning, critical thinking, sorry this is not for you.
The 'Fair Use' Rule:
When Use of Copyrighted Material is Acceptable
In some situations, you may make limited use of another's copyrighted work without asking permission or infringing on the original copyright.
Fair use is the right to use a copyrighted work under certain conditions without permission of the copyright owner. The doctrine helps prevent a rigid application of copyright law that would stifle the very creativity the law is designed to foster. It allows one to use and build upon prior works in a manner that does not unfairly deprive prior copyright owners of the right to control and benefit from their works.
Some factors to know about "Fair Use":
There are five basic factors to keep in mind when deciding whether or not a particular use of an author's work is a fair use:
Factor 1: Are You Creating Something New or Just Copying?
(the purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes)
The purpose and character of your intended use of the material involved is the single most important factor in determining whether a use is a fair use. The question to ask here is whether you are merely copying someone else's work verbatim or instead using it to help create something new.
One important consideration is whether the use in question advances a socially beneficial activity like those listed in the statute: criticism, comment, news reporting, teaching, scholarship, or research. Other important considerations are whether the use is commercial or noncommercial and whether the use is “transformative.”
Noncommercial use is more likely to be deemed fair use than commercial use, and the statute expressly contrasts nonprofit educational purposes with commercial ones. However, uses made at or by a nonprofit educational institution may be deemed commercial if they are profit making.
Ask yourself:
Is the copyrighted material published or unpublished?
(Unpublished works have traditionally been accorded stronger copyright protection than published works.)
If you publish your work here at xda-developers.com, your work may lean towards to the "fair use" clause.
Is the copyrighted material factual in nature or creative?
(More fair use latitude is accorded to factual works.)
Factual works eg. scripts, mods, etc.; Creative may incorporate themes, graphics, wallpapers, bootanimation, etc.
Is the copyrighted material readily available for purchase?
(The fact that a work is unavailable for purchase through normal channels will favor fair use copying for educational purposes, though this may be mitigated if permission to copy may readily be purchased.)
This won't be an issue since custom roms are not for sale nor it is on monetary pursuit.
Factor 2: Are Your Competing With the Source You're Copying From?
(the nature of the copyrighted work)
Without consent, you ordinarily cannot use another person's protected expression in a way that impairs (or even potentially impairs) the market for his or her work. In custom roms, there is no declaration of contest nor any criteria for the "best" rom.
Whether the work is published or unpublished, and how creative the work is, are the two main considerations. Unpublished works are accorded more protection than published ones, as the author has a strong right to determine whether and when his or her work will be made public.
When it comes to fair use, unpublished works are inherently different from published works. Publishing an author/developer's unpublished work before he or she has authorized it infringes upon the author's right to decide when and whether the work will be made public.
Works that are factual and less creative are more susceptible of fair use than imaginative and highly creative works eg. if you use chobits original themes/graphics/bootanimation,etc. may constitute to infringing, but personally I do not mind if someone use my work solely based on factor 1. This is in keeping with the general principle that copyright protects expression rather than ideas or facts.
Factor 3: Giving the Author Credit Doesn't Let You Off the Hook
Some people mistakenly believe that they can use any material as long as they properly give the author credit. Not true. Giving credit and fair use are completely separate concepts. Either you have the right to use another author's material under the fair use rule or you don't. The fact that you attribute the material to the other author doesn't change that.
Credits should be given to the original author of the modifactions eg. Lidroid 14 toggles, EDT tweaks, Spareparts (incorporated in settings), if the custom rom includes these tweaks, ask yourself:
Are these tweaks/mods originally made by the developer?
Does the original developer reserves the rights for these mods?
Is the developer of these modifications, explicitly made it for public use or doesnt mind if someone else port it to their projects?
Factor 4: The More You Take, the Less Fair Your Use Is Likely to Be
(the amount and substantiality of the portion used in relation to the copyrighted work as a whole)
The more material you take, the less likely it is that your use will be a fair use. Contrary to what many people believe, there is no absolute word (scripts) limit on fair use. This is certainly a grey area for rom developers, since no one can dominantly own a sytemui.apk,framework-res.apk, etc. Developer's mod made on those files may constitute to "fair use" since Samsung, HTC, etc. do not mind modifying their base roms. Therefore modifications made on those files should be attributed if its factual or creative underlying factors 1-5.
Courts have taken both a quantitative and a qualitative approach in assessing the impact on the fair use analysis of the amount and substantiality of the portion used. What percentage of the original work has been used? There are no bright lines, but the higher the percentage, the more likely this factor is to weigh against fair use. If you use the systemui, framework, lidroid, phone of other roms it is definitely okay since the gravity of those files does not weigh out the rom's build entirely.
Ask yourself:
How much of the copyrighted work is being copied?
(did you start from fresh stock rom, deodexed it and then copy snippets of files from other roms?)
How long is the portion copied and what percentage of the work does it represent?
(The smaller the portion, the more likely the copying will qualify as fair use.)
Is the portion copied the “heart” of the work?
(Even a quantitatively small portion of a work may weigh against fair use if it is the most important or commercially valuable part of it.)
Is the amount copied limited to that which is necessary for the educational purpose to which it is being put?
(You should copy no more than is necessary for the educational/testing/sharing "without profit" purpose.)
Factor 5: Is there any adverse effect of the use on the potential market for or value of the copyrighted work?
The more important the material is to the original work, the less likely your use of it will be considered a fair use. Does copying spareparts modification, lidroid 14 toggles, etc. is "very" important for a rom's integrity/usableness? Will the rom still work without those modifications?
Use that adversely affects the market for the copyrighted work is less likely to be a fair use. This ties back to the first factor, and the question whether the putative fair use supplants or substitutes for the copyrighted work. Is there any market in Rom development? The answer is none. Developers may ask donations voluntarily, since it is not imposed, this is not a basis for any monetary gain nor their own solitary income generating project (most of them have real jobs too!) Therefore this will not constitute any harm in any market; monetarily and financially.
---
In determining whether your intended use of another author's protected work constitutes a fair use, the golden rule:
Take from someone else only what you wouldn't mind someone taking from you.
I respect all developer's for sharing their work, but please ask yourself these questions before lashing out to other members:
Is the modification I have made purely original? (not ported or a derivative of other's work)
Did I share my work in good faith, so that everyone may learn from it?
Am I too stringent of my rules that it affects the Android development community?
Did I even use original graphics/pictures in my rom that can be viewed as highly original and creative?
What really is my purpose on sharing my work here in xda-developers.com?
Being a developer, did I make XDA's community a happy and healthy environment for everyone?
Did I respond to criticisms in a professional and mature manner?
How is my relationship with other developers, taking into account that this is a forum where utmost respect to each other is very important?
Am I in here just for recognition and fame?
---
These post has been made, just for educational purposes only.
You can check this link for in-depth view:
http://en.wikipedia.org/wiki/Fair_use
Click to expand...
Click to collapse

Thanks for the useful post. Gotta share this on FB and Twitter.

Related

[SUGGESTION] How to tackle software thieves

I think everybody is well aware of the pain that software thieves like DavinciDevelopers and Chris Burchett is putting us through. Until Google cleans up their market policy and starts implementing some basic regulation, these robbers are going to continue stomping upon the intellectual property of the developers here.
As we all know, software thieves almost always exploit a very simple loophole: they delete signatures off the apks and then publish them to the Android market as a paid app under a different name, and everyone will be none the wiser. They make a quick buck from unsuspecting users who chance across the app and purchase it, and thus they profit off the labours of hardworking developers here. It matters little to them whether a thousand or a million users pass by their application page without choosing to install it, because every single user conned into paying for the app is a profit to them.
I strongly recommend that developers who publish their APKs here insert a pop-up into their application that appears on the first boot, stating very clearly that this app is freely published here (insert thread URL) and instructing the user to immediately seek a refund if he has paid for it, and to report the issue to Google.
In other words, probably something along the lines of:
PLEASE TAKE NOTE
This app has been freely published on XDA-Developers, and can be found at .
If you have paid for this app, PLEASE SEEK A REFUND IMMEDIATELY AND REPORT THE SELLER TO GOOGLE.
Click to expand...
Click to collapse
Additionally, you might also want to insert this in the "About" section of the app, if applicable.
Software thieves may be capable of deleting signatures, but they can't remove app elements. With users alerted to these dishonest actions, they will not only distrust them but send a flood of complaints pouring into Google, and sooner or later they'll have to pack up shop and think of actually doing something productive for society.
I'm sorry if this has already been suggested, but given the severity of this issue, I thought that it would be important to highlight this to all developers in here and out there. Not everyone may be aware of the dangers making the dive into application development, and fewer still might actually think of doing something about software pirates and intellectual property thieves.
Remember, this is only a short-term measure to help starve these software thieves of their ill-gotten gains (and perhaps also to create awareness for you and your thread). It does not preclude the usage of other anti-piracy measures, and it could be circumvented by the more tech-savvy of the thieves. In the long haul, we will still need to get Google to overhaul its Android Market policy to respect the intellectual property rights of developers.
Mods, please feel free to delete this or lock this thread if I am repeating what others have already proposed.
Madrenergic said:
Software thieves may be capable of deleting signatures, but they can't remove app elements. With users alerted to these dishonest actions, they will not only distrust them but send a flood of complaints pouring into Google, and sooner or later they'll have to pack up shop and think of actually doing something productive for society.
Click to expand...
Click to collapse
Just wanted to point out that this is not true. I've also seen people say that the package name cannot be changed. That's not true either.
A skilled developer could often easily delete app elements (Using obfuscation like proguard is a good deterrent). A crappy one might still manage, pirates do (Sure they'll add bugs in the process, but they don't care because they don't have to deal with the bug reports, you do).
A non-malicious example of hacking the internals of an app is how I enable long-press of Search on the Droid X/2 in my HomeSmack app (https://market.android.com/details?id=com.teslacoilsw.homesmack). Motorola hard-coded long-press of search to launch com.google.android.voicesearch/com.google.android.voicesearch.RecognitionActivity. So my solution replaces Google's VoiceSearch.apk with a modified one where I renamed Google's RecognitionActivity to RecognitionActivityReal and created my own RecognitionActivity. I kept RecognitionActivityReal functional so VoiceSearch can still be used.
It'd also be possible for the theifs to upload using your app signature. The disadvantage of course is that they can't modify it at all, even in the future.

[Q] Scenario: you might have bought a compromised smart phone

It is highly propable that you've already read about such, not so mystical, threats to your personal information security like those related to mobile applications asking for too much rights and those where certificates for websites have got compromised. I'm curious to get to know what you know about possibility of the flaws in the actual logistics and manufacturing related to the smart phone you bought yesterday (for example).
Let me put my question this way: If you ought to choose a standpoint, where you tell others why you think that smart phones can not contain any physical components that are actually intended to leak information (usage patterns, meta information of viewed photos, installed applications, etc.) to the certain spesific party, what would you say?
Try also thinking something "smaller" than a company as a whole (*). Think about small working groups and teams containing designers, coders etc. from different continents and cultures, people involved in the transportation of the devices, level of abilities of manufacturers of the pirated goods, personality of sailsmen in the stores, personality of repairmen, social networks, etc.
If you really need to use word "carrieriq" in your answers, may I kindly ask you to say something that you think haven't been said well enough. Also, try to think something more spectacular than a single virus that got accidently installed at the factory.
If you feel that I seem to be the one, who is lacking knowledge in some area, please tell me. I'm always open for re-organizing my views of the world, if enough effort is used in the form of a good explanation.
--
(*) Actually you might not be thinking a company "as a whole". You might just add the name of a company to some sentence without actually thinking what you just wrote. People tend to think that they are thinking.

Sharing, XDA, and You! New Addition to Sharing Policy on XDA-Developers

News from the Portal of XDA.
http://www.xda-developers.com/annou...addition-to-sharing-policy-on-xda-developers/
Posted August 22, 2012 at 6:00 pm by egzthunder1
We are going to deviate a bit from our regularly scheduled programming to let you know about an upcoming change in the rules in the XDA forums. As time has gone by, our site has grown by leaps and bounds from what it was a couple of years ago. With a membership base of over 4.5 million registered users and an average of 35-40 thousand people active at any given time, we need to ensure that this place can offer the best possible environment for all people, both experienced developers and people who come here looking to learn about mobile devices. Because of this reason, the rules of our site need to be amended from time to time to accommodate the needs and wants of such a large user base, but without losing our principles and forgetting what XDA was founded on in the first place.
Just a bit of background: XDA was a website founded by hackers and developers for hackers and developers. People coming here shared one common goal, which was to get more and more out of their expensive toys and they did so by reverse engineering, creating new code to expand the device’s capabilities, and doing things with hardware that most people cannot do (mainly due to lack of knowledge or technical ability). The site prospered to what it is today because these very same people knew that their collective ideas and efforts would yield more results if they collaborated by sharing what they knew with others. More often than not, this resulted in fantastic feats such as the original XDA online kitchen, the very first port of WM5 to the mythical HTC Blue Angel, and many more accomplishments that are stored in the depths of XDA’s forums.
XDA-Developers has always been a place for sharing knowledge. People spend countless hours on their projects and give back to the community in several different forms, either by releasing the complete work to the community, or by sharing its source and methods by which the work was conceived. The latter allows others to pick up the work and tweak it to improve it (think of the Linux kernel for this to make sense). XDA’s own foundation is much like that as well. However, often times, this concept of the sharing of knowledge gets confused with the concept of sharing everything. If you frequent our site, you will have undoubtedly come across a few threads were discussions about sharing are on going. Essentially, some people demand for work to be released or even think that they can take as they please without following rules already present on our site. Likewise, people sharing their work sometimes have rather bizarre ways of doing so, which has a bad tendency to develop in what we like to call “dev wars”.
We (administrators and moderators of this site) truly believe that intellectual property (IP) is a very important part of what is done on xda-developers. As such, we cannot and will not support any kind of action which forces a developer to share their work with others if the developer does not wish to do so. A developer of anything has rights over their work and as such he/she can choose to do with it as he/she pleases (give it away, share the source, burn it, give it to an orphanage, or eat it for breakfast). We support whatever decision is taken by its developer. Having said that, over the years people have found what can only be categorized as a loophole in our current sharing policy, and thus people are forced to do things in exchange for permissions to use certain pieces of work by others.
After a long deliberation with the entire moderator and administrator staff, we are implementing the following addition to our sharing rule (Rule 12) – revisions are in bold:
12. Using the work of others.
If you are developing something that is based on the work of another Member, you MUST first seek their permission, and you must give credit to the member whose work you used. If a dispute occurs about who developed / created a piece of work, first try to settle the matter by private message and NOT in open forum. If this fails then you may contact a moderator with clear evidence that the work was created by you.
Convincing evidence will result in copied work being removed. If there is no clear evidence you created the work then in the spirit of sharing all work will remain posted on the forums.
As an addition, developers have the right to hold exclusivity over their work for as long as it is deemed necessary by the dev or freely share it. However, if the work is claimed as exclusive, it must remain as such. No selective sharing will be allowed (ie allowing certain people to use it and not others). Should the dev decide to start sharing the work with others, the work automatically becomes fair game for all to use.
In regards to permissions, same rules remain for this but if permission was already given, unless there is a very valid reason, it cannot be revoked (same applies to major updates on the work). Under that same premise, permissions cannot be denied unless the work is exclusive or under severe circumstances.
In plain English: If you want to keep your work exclusive, go for it. However, if you are going to share your work, do it fairly.
These rules apply to all software posted on XDA (including but not limited to ROMs, RUUs, apps, games, kernels, themes, icons, etc) unless that software comes with a license that waives these rules.
The problem with the aforementioned permissions is that the rule never really stated anything regarding continuity or longevity of said permission. On top of that, selective sharing creates a massive problem on our site as it tends to give place to kanging (unauthorized copying and/or redistribution of work), fights between devs (so called “dev wars”), and tons of time wasted on investigations, which normally involves a large number of people from our staff. This needed to stop as it was reaching critical mass and high levels of anxiety were generated for no apparent reason on something that should be a hobby.
So, if you are a developer on this site and would like to keep your work as something exclusive, we encourage you to do it. If you would like to freely give it out so that others can use it and make it better, we encourage you to do it as well. However, we will no longer accept claims from anyone who picks and chooses who gets what. As stated in the rule, you either share or keep, but if you do share, do it fairly. Favoritism has created a great divide in our site and our community and it is only hurting development as a whole. People focus more on pointing fingers than they do on trying to create original work.
Permissions should still be sought as a matter of common courtesy, much like the original rule stipulated. However, unless a valid reason is provided, a simple “no, you cannot have it” will not suffice, especially if the work is being shared with others and permissions are denied out of spite.
Lets all work towards a new, rejuvenated XDA that is based on the core principles placed by the site’s founding fathers. Sharing of knowledge is what brought many of us together on this site and we should strive as a community to keep it that way. Please share your thoughts on this.
Thank you for reading.
Sincerely,
XDA-Developers Administration Team

EULA, copyright, privacy and help bringing to market

Hi forum,
So today this student finished his first windows phone app and have been doing research since. I recently found out that making the app is the most fun part, just bringing it to the store is the longest. I decided to use 7 since its also compatible with 8 so appeals to a wider audience.
I've made a sports calculator app using all my own code in c#. I've made my logos and splash screen. My question is firstly do I need to copyright the logos I've made, the unique app name and the app code? If so how is this done, what are the best websites and procedures that don't cost a fortune. I have seen copyright service and myows. Which has worked the best for you and protected you the most?
Now the app I have made collects no user data. Do I need to write a EULA to protect myself and my app? (My English isn't the best and I have no experience with EULAs)? Do you know of any free EULAs one can use?
Since this app does not need to connect to the web, only the ads do. does that mean I must also write a privacy statement?
Once all this sorted and I have tweaked the app to wp7 specs will it be safe to upload?
Thanks for your help.
Sent from my GT-I9300 using Tapatalk 4 Beta
Anything published in the USA automatically receives copyright protection. Although I think it's possible to still register copyrights, it's not needed and not worth the time.
If you find somebody reusing your IP without permission, as Microsoft to take it down (or the other curator of whatever store publishes it). You may also want to contect them directly, especially if there is no publisher you can use. There's a thing called a DMCA Takedown Request for this purpose in the US, similar things exist elsewhere. If you want actual legal advice, get a lawyer.
TL;DR: You don't need to do anythign else right now, just publish.
Thank you foe the reply. Im going to publish it in the EU region. Will i still need to make a EULA to protect myself?
Sent from my GT-I9300 using Tapatalk 4 Beta
Making an EULA probably won't hurt anything, though it you want it to be even slightly legally enforceable you should talk to a lawyer. Some common aspects of EULAs are completely unenforceable (for example, prohibiting reverse engineering is regularly ignored), and it depends on the region and the wording. EULAs and copyright license are also not at all the same things. Copyright law covers the right to make (and distribute) copies (and derivative works), nothing more and nothing less. In particular, they don't cover usage. EULAs are usage "agreements" (scare quotes because, as I mentioned, they are frequently not considered a legal contract and are therefore unenforceable).
A copyright license might prohibit me from re-using your artwork in my own app or selling (or giving) it to other people, but it cannot prohibit me from extracting the artwork for myself, or from editing the copy I purchased to replace the spash screen with pictures of kittens. A EULA might require that I not do either of those latter things and continue using the app, but does not take the place of a copyright license.
On the other hand, an explicit copyright license is generally not required; the default licensing for publishing on the app store (which is based on the default copyright license used for works which do not include any other license, but modified to allow Microsoft to make copies of the app to sell, use its artwork for promotions, etc.) is used unless you specify a different license, and that's what most people use.
Reminder: as we say on the Internet, IANAL (I Am Not A Lawyer). Those cost money, but if you're really concerned about these things then they are the people to talk to.

Are PRIVACY concerns overrated?

The single most important, most debated subject of being online - privacy and security.
While security is undisputed, privacy aspect is.
So what exactly is the concern? As normal people in normal professions (which is easily more than 90% of the population), is there a need for worry?
For a long time since I started using smartphones, I had a natural inclination towards remaining anonymous and private online. I would always use incognito browsing for everything I do online, never create an account with a service as much as possible (e.g. I would watch YouTube videos without signing in), etc.
With time, I began realizing that I am actually missing out on so many interesting things that matter to me, and much of the content that would interest me would be made available to me without much effort using machine learning and artificial intelligence, an area where huge investments are being made.
So slowly I started accessing content and using services with my Google account. Over time, everything from Google feed to YouTube videos were showing me content that I am interested in, and sometimes they were so intelligent that I have been amazed with the whole technology that is at works. Surely, you cannot expect a doctor to give you the right prescription without giving him complete details about your problems. You can't talk privacy there. So unless the system learns what you like and what you don't, there is no way it will present stuff (including ads) that will be interesting to you.
With that said, why are are we overemphasizing this aspect of our lives? Is the privacy lobby inflating the privacy problem more than is necessary? Especially since much of what Google learns (according to them) about you is private, and only you can access/ control it, and also because the open-source alternatives are overrated. I say overrated because there are no audit reports (from trustworthy audit entities) available. Their codes may be available for audit, but is there a trustworthy source that is actually auditing them? Are the platforms where they are available being audited? So the issue of privacy and security applies to these platforms too, and more so because they aren't scrutinized as heavily as Google products and services.
As far as more personal info is concerned, like location, age, gender, searches I perform, accounts, mobile number, etc - Google already has all those because I provided them with much of that info when I created my account. Sure, one can always provide fake info for some of them. But if you use 'Find my Device', you are pretty much giving away your location to Google REAL-TIME. While this can potentially be misused, how else is Google supposed to help you if you were to lose your device? Mobile numbers and email addresses are necessarily required to be correct because they are needed when you are locked out of your account. They are the only means to get your account back.
While I am a strong proponent of privacy, I also feel that too much is made out about a lot of stuff that aren't really something to worry about. Those stuff are essential to get the service we expect in return, in other words, putting technology to use.
That said, it is still important not to give anyone a free hand over data, and there has to be several layers of checks and balances, and accountability for safeguarding and using them.
All that said, my current position is this. Make best use of the technology at hand, because if you don't provide the necessary inputs, there cannot be a proper output.
As with some things that we do online which we might want to keep completely private, use a non-google browser (like Firefox Focus or Duck Duck Go) in incognito mode with Duck Duck Go search engine.
For everything else, use GOOGLE (assuming there is accountability and severe penalties for violations).
Reserved for additional info.
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Sridhar Ananthanarayanan said:
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Click to expand...
Click to collapse
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
 
Ultramanoid said:
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
 
Click to expand...
Click to collapse
You spoke of making 'reasonable compromises' on the MiX thread.
I have only elaborated the same. How does it matter if Google learns what I like to search on the internet? I am willing to give them that information so that they can provide me with content I am interested in, so that my news feed is mostly content I like to read/ watch, and little garbage. In the process, if they are showing me ads relevant to me, what is wrong with it?
My view is based only on this premise that this is how my data is being used. I have never had a financial security issue (like money being stolen from my account) because of what Google learns about my internet activity.
Also, I am assuming that Google won't learn anything about the searches I may do in incognito mode. They are supposed to respect the privacy. I'm aware they have been sued for not adhering to it strictly.
So assuming that they stick with usage of data as per their declared privacy policies and in accordance with laws, what is the problem?
Sridhar Ananthanarayanan said:
You spoke of making 'reasonable compromises' on the MiX thread.
Click to expand...
Click to collapse
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
 
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Ultramanoid said:
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
 
Click to expand...
Click to collapse
I think the moment you are online, you are presenting yourself to be tracked. No matter what tools you use to safeguard your privacy, a country's intelligence has an upper hand because they have the resources and much more advanced technology that is not commercially available.
They can also set up something like the link you shared as just another means to track you (by misleading you into believing that you are remaining private and anonymous).
I think one can truly stay private only by staying away from technology. Otherwise, you are just opening yourself up for tracking.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
indestructible master said:
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
Click to expand...
Click to collapse
This is not a source code ... Just because it says source code, it doesn't mean it's a source code. That's a zip file containing the OEM firmware from Xiaomi.
indestructible master said:
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
Click to expand...
Click to collapse
As I said, we are overemphasizing on many of the things and linking them to privacy. Much of the seemingly private things have no bearing in real life, even when made public. Because, no matter where you are, you have to adhere to the local laws and your internet activity isn't important (unless one is into prohibited activities).
It is a very niche segment of people (like those working for intelligence, journalists, etc.) that must pay special attention. For most others, there isn't too much to worry about, as long as the companies providing services adhere to data regulations and act with responsibility.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
It's not the case with few established ROMs. Lineage OS comes to mind. As they encourage people to build ROMs from source. But device support is problematic. That's why I turn to custom ROMs. It's a great idea, but I thought XDA ROMs guaranteed security with the GPL and Open source philosophy. But it's being violated all over the place.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
 
Ultramanoid said:
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
 
Click to expand...
Click to collapse
I didn't say that OEMs make their source codes available. I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition. There is lot of benefits by doing so because OEMs can use this as an opportunity to push sales of their own devices. Example is the clipboard scandal of OnePlus, as well as others.
Compare that to custom ROMs. There are so many custom ROMs available for popular devices. Official builds, unofficial builds, nightlies, etc. etc. The ROMs are available for free. Who cares to audit/ scrutinize these? No one cares because there is nothing to gain. This is also because a very minute % of Android users actually install custom ROMs. So no one cares.
Just like root, the need for custom ROMs is decreasing by the day. OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices. And now the Google-Qualcomm partnership that is making these upgrades easier and faster. Unlike in the past, OEMs are much faster in releasing security updates today.
Lineage official builds, in my experience, isn't feature rich like some other custom ROMs or unofficial forks of Lineage. People may opt for Lineage official builds primarily for two reasons:
1. Debloat their OEM software like those from Xiaomi, Huawei, even Samsung.
2. OEM has stopped providing official support (this is now changing because 3 to 4 years of official support is synonymous to life of the device because a large % of people usually buy a new device every 3 or 4 years).
Some of the developers of custom ROMs are arrogant arses. That's another reason to tell them to eff-off.
Sridhar Ananthanarayanan said:
I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition.
OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices.
Click to expand...
Click to collapse
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
One thing is to express an opinion, another to give facts.
 
Ultramanoid said:
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
Click to expand...
Click to collapse
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Ultramanoid said:
One thing is to express an opinion, another to give facts.
Click to expand...
Click to collapse
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Sridhar Ananthanarayanan said:
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Click to expand...
Click to collapse
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
 
Ultramanoid said:
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
 
Click to expand...
Click to collapse
You are simply exaggerating it.
Like the saying goes, better to trust the known devil than the unknown angel.
Cheers!

Categories

Resources