from RealM__@lemmy.world to privacy@lemmy.ml on 29 Aug 06:49
https://lemmy.world/post/35146134
I’ve gotten a new phone and setting it up for the past few days - a Fairphone 5 with Android installed. So obviously, this means I can’t escape Googles clutches. Sure, whatever.
I have been VERY adamant about pressing “No” on all prompts, that try to get me to try something out or use some dumb service. I do not want any AI tool or similar to go through my files.
Yet, while perousing the depths of my system settings, I realized Google Photos was using a suspicous amount of storage. Somehow, it had “synchronized” ALL my locally saved pictures - this included pictures of my vacations, my drivers license, private pictures I would have rather not shared, and so on…
And while checking the Google Photos App for the damage done, obviously it had already automatically generated “previews” and “albums” for me, neatly organized.
IT HAD AUTOMATICALLY ANALYSED MY DRIVERS LICENSE AND SAVED IT INTO AN ALBUM CALLED “Identity-related”
How the fuck is this legal? I am so mad at myself right now. I’m usually so fuckin cautious about denying any sort of pop-up and setting all settings as strictly as possible.
So obviously I just had to spent 2 hours figuring out how to turn this “synchronization” off, and how to delete all photos in google photos - spoiler alert: There is no “Delete All” button. You have to manually select every single fucking image.
Sorry for the rant, I hope it’s not too off-topic. I’m just so mad right now.
threaded - newest
Check out Aves Libre on F-Droid
I had to ditch Google Photos app because of my paranoia, about this exact same thing that happened to you.
On Accrescent* would be better
Thanks for the tip. Newest version doesn’t run on graphene though. Second newest does.
Wdym? I am using the latest (1.13.6) on Graphene.
Well when trying to install the latest APK (don’t have fdroid) I just get a message that it didn’t install because my system is not supported?
It works fine from the developer build. Better not use the app signed by F-Droid. Also there are two releases of Aves: Aves Gallery and Aves Gallery Libre
Best experience you’ll have is from Accrescent
Yikes. There’s a reason the barrier to entry in the official store is high.
What’s the point with what I said? The official repo has apps that are not signed by the developer but by this third party (repo mainteners)
I tried that, and I greatly prefer Fossify Gallery. It’s
based on the old QuickPic source code.functionality almost identical to the highly regarded QuickPic app.Nice! I did not know about this one, going to take it for a run to see which one I prefer.
is it? I thought it’s based on simple gallery code
Yeah, maybe you’re right. Maybe I’m misremembering, but it’s the best replacement for the old 32 bit QuickPic which used to be the best gallery app.
Yes, this happens. Even if you turn off all the syncing etc, they will shoot an update and all your settings will revert to default. This has happened with my father’s phone a lot.
And even if you keep all these settings off, they are still scanning all photos to check for CSAM.
I highly recommend deGoogling your phone. If you cannot install a custom ROM, check out Universal Android Debloater. There are many sources for degoogling your life. Check out c/degoogle on Lemmy (I forgot the instance name, just search for it).
Or if you want we have small group on Signal for deGoogling related talks, DM me and I can share the link to join. (Signal does require a phone number to register, but since usernames are a thing your phone number will not be available publicly.)That group link is disabled, but I can share other group links like Linux and FOSS, or other privacy related groups.There not even checking for CSAM
That would be near impossIble considering the tech. Even on a normal portrait is hard to judge the age on. Let alone fotos with more complex perspectives and only some body parts visible.
What they are doing is using hashes of specific real pictures that the police know are commonly shared.
Theoretically it could catch some careless content consuming offenders. The worst offenders, that produce new material, are beyond the scope.
But also, obvious what google gets is just the hashcodes and not the actual pics. If the police gave google a hash to target for pics of vances bald head or (trans-positive) memes who would know?
There was a news some time ago, that a man was arrested for clicking nude pictures of children, later it was found out that he was sending pictures of his child to a doctor for diagnosis. How did that happen?
I’ll link the source if I find it.
Update:
NYTimes - nytimes.com/…/google-surveillance-toddler-photo.h…
Paywall removed - removepaywalls.com/…/google-surveillance-toddler-…
I’ve heard about this too.
That must be some other system indeed.
They don’t really provide much information from how the images were actually shared though.
Maybe there is a machine learning algorithm that is trained to detect specific features in a random photo but i cant imagine it being accurate without frequent false possibles.
Could be that if you have a certain amount of “plausible” hits then a google employee has to review them manually and they quickly Judged it wrongly?
Though that technically implies your Private medical picture is now seen and possibly covertly copied by a (rogue) employee.
They don’t manually review. They just shutdown your account and you can’t contact them. See my other comment
It’s been well documented.
False positives don’t matter, and there’s no human to talk to when it occurs.
They are literally too big to care.
False positives are a thing. They do scan all your photos for csam. Poorly.
We know this because of the article during the pandemic when a dude sent a photo of his son’s dick to a doctor (it had an infection and the doctor asked to see it). Dude lost access to his entire google account. Lost everything. Emails, files, everything. It wasn’t a hash.
I appreciate your comment, replying here for reference, perhaps I’d like to join that signal channel. Being staunchly anti-google I feel I’m on top of things, but my Gmail is used across many of my logins. With the scanning for CSAM issue, many people don’t realize that Google installs a hidden app called safetycore, for me it gets reinstalled on every update.
allthings.how/what-is-android-system-safetycore-a…
could you DM me this signal group link, please?
If you disable Google photos storage access you don’t even have a camera roll :/
That’s how embedded the damn thing is
Oh damn really? I was just about to tell OP why didn’t they just delete Google Photos and use something like Aves instead. But if disabling/deleting the app disables camera roll then that’s total bullshit. That should be like lawsuit worthy, I shouldn’t have to use your app to have pictures, especially when that service is doing sneaky uploads.
I just checked,
google photos has permanent access to photos and videos. If you disable the app the camera roll no longer works. I get “activity not found”.
Maybe with a FOSS camera app it might still work? I haven’t tried.
Edit: and that is the only permission which it has ( photos and videos ). Everything else ( location, contacts, … ) is not allowed. But that one permission is auto permanently allowed.
Just don’t install gapps. Its missing by default when you install the OS…
OpenCamera is better anyway
You don’t really need a camera roll. Just use your normal gallery after taking pics.
You can disable Google Photos outright. No need to play with permissions.
That’s why I tend to stick to Apple. They’re both evil, just one is a little bit less evil.
Apple does the exact same thing
That’s from the article. But the article is from 2023 so I wouldn’t be surprised if that’s changed.
Tell me, what should people use instead? Should I train my own pigeon to send messages?
Yes.
Only thing now evil than Apple is Microsoft.
You’re not wrong; people are just triablastic.
Apple is worse for security, and therefore worse for privacy.
install e/os:
doc.e.foundation/devices/FP5
or:
CalyxOS releases are paused, but when they are back: calyxos.org
Yes, I’ve installed e/os on my fairphone 5 and it just works. I even got my banking apps to work.
Hmm… I wonder… does GrapheneOS work on the Fairphone?
They don’t and in their typical style they’ve written a very verbose post or two on why
Huh, link to their explanation?
I don’t but its been posted a couple of times on Mastodon, I assume its on their blog and in their forms too.
The jist is Fairphone doesn’t have the security HW to run it
Would be nice if fairphone was in talks of making sure that adequate hardware will be in next version. That would benefit both projects even if they didn’t offer official support.
I’ll guessing the problem will be the chipset vendor.
The GrapheneOS folks said they are working with an ODM to put out their own phone in the future.
I’m happy with it on my used Pixel 8 Pro but if they offered a phone I’d probably get one
Ooo, a GrapheneOS phone would be awesome.
e/os is most likely my next step, especially with Google disabling installing “unverified” third-party apps in 2026.
Bought a FP5 with e/os in mind as a possible upgrade path, I just was too worried to immediately do the full jump.
I own an Android phone, for a single app I need to have access to. It's a Redmi something. I could not find a way to just uninstall their own 'Gallery' app nor the Google Photos app so I removed their access to any file. I hope this is enough but I don't know that.
I thought Android was all about choice (against iOS, which is my default phone) but this was not very convincing. I may have missed a way to easily uninstall any app, though? I would like to replace them with f-droid alternative apps so there won't be any risk they access the little data I've stored on that phone.
If it is still using the default OS (HyperOS / MiUI), you can uninstall both the Xiaomi and Google Photos apps. The easiest method nowadays is to install Universal Android Debloater on to your computer (any OS), connect your phone to it, enable USB debugging on the phone, and remove the apps you don’t want.
Thx, I'll check that tool. Not an expert, so you know ;)
It has a GUI, and clearly shows what apps can be safely removed versus whst apos are load-bearing.
Update: I tested it, and it seems to be working as expected. Now, I just need to make sure what apps on the phone correspond to those listed since they don't display the same name and I would not want to remove anything I should not. Thx again ;)
Does it allow you to remove gapps?
Yes of course.
Edit: Lot of third-party apps rely on Google Play Services, so removing this is not recommended.
Removing it is definitely recommended. Those apps are recommend to avoid
why not Canta?
Oh that’s nice. No need for the computer then.
Its not enough. Gapps has root access. You have to reinstall the OS. By default, new installs won’t include gapps
I was gonna say something about postmarketOS, but it’s not ready yet. Mobian is also not ready for it either.
So next best option if you really wanna get rid of this type of stuff is either rooting your device to remove what you don’t need or flashing something like GrapheneOS or a different OS.
But I’d consider that a last resort if you already have everything set up just right and have things you don’t wanna lose and can’t backup easily. That, and if it’s a work related device, you’re screwed.
And sailfishos.org is… what it is.
Just buy your next phone from iode. It’s preinstalled.
I’ll have to look into them and see what’s what.
<img alt="" src="https://lemmy.ml/pictrs/image/b1821d82-48df-4c82-b11b-b56e5aef5d9e.jpeg">
If you were using Photos as a photo roll app you need to stay angry at yourself a while longer. That’s on you when you should know you cannot trust the G. Don’t grant an app permissions to photos and videos that could sync it to the cloud. And as another precaution, don’t keep sensitive pictures in the DCIM folder. If I have to take pictures of sensitive documents like that I disable WiFi (sync set up on WiFi only), take the picture, move it to a folder that’s never backed up elsewhere on my phone, and then turn WiFi back on.
You are not normal because you care about these things. The normal user doesn’t care and that’s who they are catering for. I’m not excusing their behavior (I don’t like it either) and at the same time you need to be more on your toes.
I’m planning to move to Ente this year when my Google cloud subscription runs out. Not looking forward to the work it entails but to the [paints face blue] FREEDOM!
does it even request your permission? I mean, isn’t it granted by default? It’s been a long time I factory reset a typic consumer phone brand
It did for me. Anything with file access will ask for permissions first time around. (Android 13)
Same thing happened to me, and there is a delete all button. Go to Google photos > top right profile pic > backup is off (or whatever it says when it's on) > top right gear > undo backup for this device.
Not against your will, you accepted this and more in the TOS of your account. But you can avoid it in the permission settings in your phone.
The second biggest lie in Internet: “I’ve read the Privacy Policies and Terms of Service” the first one “We respect the privacy of the user”.
neal.fun/dark-patterns/
The lesson here is don't deal with rapists if you care not to get raped.
This is the stage of priavcy in 2025 folks.
It is victims obligation to avoid the rapist and if it rapes youz it is your fault
It’s still probably illegal (violation of GDPR). They can’t hide that shit in a ToS without it being off by default.
That is the point, not a big deal to block this in the EU, due to the GDPR, but for users in the US it’s sadly different, there Google can almost do what it want.
Just change your locale to EU. Boom, they follow GDPR (or suffer massive legal and financial consequences, if not)
That is the point, or change direct o EU alternatives to store your photos and data, eg. Filen, 10 GB for free, client-side encrypted, no-knowledge, redundant storing, OpenSource, selfhosteable. All servers are located in Tier III-IV, ISO 27001-certified data centers within Germany.
Faschist company with a faschist government. Stop asking for legal, take control, go Open Source.
Use /e/OS officially supported on fair phone 5
/e/OS is a good option to regain privacy from Google, but arguably does some things worse in terms of security than stock.
You can find a good comparison here.
For the Fairphone 5, I’d recommend CalyxOS as soon as they’re back from their hiatus. In the meantime, might as well stick with stock.
nice comparison but hilarious to call AOSP not FOSS but the other ones somehow FOSS. do they know where the other ones come from?
Additional tip: You can use the universal android debloater tool to remove built in apps on your phone.
I use Adguard and block Google photos from connecting to the internet.
Features like edit video still work, so I’m good. If editing didn’t work, I’d disable it.
Does that block YouTube too?
I use the firewall feature to actually stop Photos from accessing the internet, so it doesn’t touch YouTube.
I use third party YouTube apps to block ads and other crap from YouTube videos.
On desktop, I believe adguard will block ads on YouTube.com, but I also use third party apps to play videos.
That all sounds like on-device behavior. You didn’t say anything about it actually being uploaded.
I don’t think AI computational happen locally…
it is certainly questionable, but ente photos does it local
I got sick of GP when they announced AI learning on user photos (or actually that’s just the last straw). I use a combination of these two apps now:
f-droid.org/packages/org.fossify.gallery/
f-droid.org/packages/io.ente.photos.fdroid/
Have some dic pics that were uploaded that i sent to my gf when we started dating and i’m glad i didn’t delete them because now they have to look at my junk every time they decide to go snooping around where they shouldn’t.
.
Fyi she asked for them and we got married last Friday after 5,5 years together and she sent me a few pics which i didn’t keep or download on my end but it was over WhatsApp so they are already in the system asshole.
Yeah man, you gotta use SimpleX or Wire or something safer than WhatsApp for nudes.
We use Signal at the moment, we haven’t used WhatsApp between us at least for almost 5 years.
✊
It’s kinda a pain to use 'cause so many apps rely on Google services, so those need to be replaced with alternatives, but e/OS is installable and is supported by Fairphone
community.e.foundation/t/…/58260
Well, next time, make sure you have your settings set correctly - test with a few pictures at first…
I use pCloud, and it works great for my needs. I have deleted everything I had ever uploaded to Google, besides the simplest backup from my mobile phone, so I can easily restore it, if my phone breaks and I need a new one.
Pcloud has a backdoor. By default end to end encryption is off (and it can be turned off again)
Oh, do you think there’s any solution without a backdoor?
If you are worried, you can use the extra encryption: “pCloud offers an optional encryption service, providing zero-knowledge client-side encryption. Files placed in the Crypto folder are encrypted before leaving the user’s device and remain inaccessible even to pCloud. This feature is offered as a paid add-on.”
And if you are totally paranoid, then encrypt what you use, yourself.
Yes. Mega and Proton Drive and Tresorit are always client side encrypted. There is no backdoor like pCloud has.
You just keep believing that. :-)
google photos goes omnom
Event like this is what got me radicalized
that’s why i straight up delete proprietary corporate apps now whenever possible, even if i don’t use them.
they WILL do what they want unprompted, then make it difficult to undo.
I feel for you.
training ai on your photo’s without even asking. wankers
I have just copied my elderly friends 2000 photos from google photos to my desktop, then deleted all of them from her phone. Had to do it with my browser, they only allow you to delete 30 photos at a time on the phone. tossers.
Installed droid-ify, installed lawnchair, fossify gallery, fossify messages, fossify contacts. perfect.
imported her photos back on to her phone:
Intentionally painful but its done.
bring on ADB, I have deleted everything with a G in it.
first one: I wrote a simple little bash script for these:
adb shell pm uninstall --user 0 com.android.chrome
okgoogle, xgoogle, Gmail, calender, Calendar Sync, videos, googlequicksearchbox, youtube, music, Google Contacts Sync, googleassistant, Google Digital Well Being App, Google Duo, Google Pay, google photos and Google Drive with adb so its doesnt happen again.
This poor women is 84, WTF does she know about modern tech, google are tossers
++++++++++++++++++++++++++++++++++
I would get rid of fairphone rom and install another rom:
unlock your bootloader. easy guide from Fairphone.
…fairphone.com/…/10492476238865-How-to-unlock-and…
then install lineage or E/os custom rom
wiki.lineageos.org/devices/FP5/
doc.e.foundation/devices/FP5
Where’s the article to this story?
There’s no article - this is something that happened to me personally, today. I needed an outlet and wanted some advice what to do about this, and I’m really happy about the responses I’ve gotten.
Yes, but you’re just screaming into an ephemeral void.
You could actually make google pay for this if you wrote an article about this on substack and then linked to it here.
Google has already paid over a billion dollars for GDPR violations. They do change their behavior as a result of such reporting and legal consequences.
Op should deff fight back but let's temper the expectations here... Realistically nothing will happen.
But yes it should be documented
Google specially has been fined over a billion dollars. GDPR law suits and financial consequences are very realistic
In FY 23-24 google made over $340B I dont think they mind
Of course they mind. Because they changed their behavior. Else, the billion dollar fines would repeat over-and-over.
Sure child
Email their data protection officer and the government. They may get fined hundreds of millions of dollars for this
You must be new around here lol
Exactly. Luigi #2 is the only way to even temporarily stop this.
You must not read the news?
U is naive
Lol. Yeah and trump will get prosecuted for raping minors.
We’re talking about the EU, not some fascist country in America
Oh I’m sorry. What I meant to say was that Tony Blair will be prosecuted for war crimes
And again we’re talking about the EU, not a fascist country in the British Isles.
UK was EU when it happened.
I’m sorry. There’s really no way to undo this. Grieving and and moving on is the only option, and I am not being sarcastic. If my privacy was violated like that by google, I would be very upset and would grieve. Even if you complain, they won’t remove it from AI training or whatever they intend to do, even if they lie and say they will. Librem 5’s have no google in them if you want to switch to something else. FuriLabs also make a Debian smartphone.
fairphones can also run custom roms. with calyxos the bootloader can even be relocked for security, it’s done by the installer. that way google services are optional
What proof do you have that you in fact pressed no ?
Also, didn’t you press I agree to anything that gives google indemnity against any of this when you first turned on the phone ?
I think you would need a complete video recording from fresh firmware wipe to the action you describe happening, to establish it is or isn’t happening.
Google will have make sure that proving them in the wrong takes a whole lot of effort
Sorry for your shitty situation.
Try this. No root needed. I’m pretty much google free on FP5 (and others).
github.com/0x192/universal-android-debloater
Removes most google apps and services.
Also try not to ever sign into google on your phone directly. Use Aurora Store, DAVX, Thunderbird etc.
I disabled the gallery and downloaded a different one.
Is there a more recently updated version of this? This is two years old
github.com/…/universal-android-debloater-next-gen…
Not sure why the dev dosnt link the old project to the new.
Thank you very much
Yes, and they and apple keep saying it’s all done locally. Because trust me bro!
.
Ya. I’m sorry for you.
Problem is, even if you delete the Images, Google has already scraped them for info on you and used your Google account and phone number to tie it all together to further its data aggregation profile on you.
If you have a Fairphone then you can escape Google, Fairphones are one of the few phones that support third party ROMs. If they weren’t so expensive I would buy one myself.
wiki.lineageos.org/devices/FP5/
Google Photos fails to include a libre software license text file. We do not control it, anti-libre software.
What did you expect? LMAOO