I kinda agree with the sentiment in the articles from an AOSP/lineage/cyanogen perspective.
They should definitely embrace the Telegram FOSS fork [1] and OSMAnd~ [2] (which is a superb offline navigation tool btw) and remove all Apps that require the Android 10 firebase hockey-based notifications. [5] and [6]
A lot of apps use this for convenience and because it was _required_ since AOSP 10 but there are ways to work around that requirement with a high priority notification.
I would additionally recommend to use AppWarden [3] and Blokada [4], because both are amazing additions for an Android device.
Firefox for Android, though, is still a nightmare with all the telemetry. The old TOR Browser 9.5 series is based on old Firefox pre-quantum, 10 is based on Firefox post-quantum.
The issue with current Firefox and TOR Browser is that Mozilla decided to include the Adjust-, Firebase- and LeanPlum-SDK which introduce now more user tracking than ever before. You'll even sometimes see different A/B UIs based on your browsing behavior (not kidding) and geolocation, and of course this happens more often with Orbot being used as a Proxy.
(You can verify this via AppWarden if you don't trust me)
Besides, some of their practices like redirecting every blocklist through their own mirror (blokada.org/mirror) and in some cases through their URL shortener (go.blokada.org), makes me think they're not really as private as they claim to be.
Also, Blokada leaks DNS connections over TCP and doesn't let you set your own DoH resolver.
Those SDKs have indeed no place in Tor Browser, though at least they appear to be disabled. Have you witnessed Tor Browser sending telemetry data to these services on Android?
The issue I have with their response is that they argue that it's disabled because it has no API key. I think that's not a real solution because that can change at any time. A request sent is a request sent, relying on the server to block it is the opposite of what TOR initially stood for.
I witnessed at least the Leanplum SDK taking action, and I thought I broke the App tbh. After a restart of the phone and clearing all caches via the Settings App I could verify that it happened a second time.
But I have no idea whether it was a "chrome://" Page with an externally included JS - or triggered by the underlying SDK directly. In Firefox pre-quantum (pre fenix 9.5), the Extensions Page included Google Analytics for a while, so I was assuming that my installation process of uBlock Origin and uMatrix triggered it somehow down the line.
I decided to roll back to TOR 9.5 after it happened the second time on the same day and now I'm building my own Browser (Tholian Stealth) anyways... so I didn't decide to investigate further than a casual look at the codebase where LeanPlum still seems to be littered all over the place. [1]
Thanks for the details, I think this should be properly investigated, and if you find any request to telemetry services in Tor Browser, your findings should be made public.
The description of the package on fdroid literally states that it still connects to mozilla's and google's services. [1] So yes. It probably also includes the firebase and adjust sdk.
They should definitely embrace the Telegram FOSS fork [1] and OSMAnd~ [2] (which is a superb offline navigation tool btw) and remove all Apps that require the Android 10 firebase hockey-based notifications. [5] and [6]
A lot of apps use this for convenience and because it was _required_ since AOSP 10 but there are ways to work around that requirement with a high priority notification.
I would additionally recommend to use AppWarden [3] and Blokada [4], because both are amazing additions for an Android device.
Firefox for Android, though, is still a nightmare with all the telemetry. The old TOR Browser 9.5 series is based on old Firefox pre-quantum, 10 is based on Firefox post-quantum.
The issue with current Firefox and TOR Browser is that Mozilla decided to include the Adjust-, Firebase- and LeanPlum-SDK which introduce now more user tracking than ever before. You'll even sometimes see different A/B UIs based on your browsing behavior (not kidding) and geolocation, and of course this happens more often with Orbot being used as a Proxy.
(You can verify this via AppWarden if you don't trust me)
[1] https://github.com/Telegram-FOSS-Team/Telegram-FOSS
[2] https://github.com/osmandapp/OsmAnd
[3] https://gitlab.com/AuroraOSS/AppWarden/
[4] https://github.com/blokadaorg
[5] https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/mas...
[6] https://developer.android.com/guide/components/activities/ba...