this post was submitted on 24 Oct 2023
21 points (100.0% liked)

Privacy Guides

16426 readers
2 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
21
Using Facebook/Meta Messenger on Android (feddit.nu)
submitted 10 months ago by [email protected] to c/[email protected]
19 comments fedilink hide all child comments
 

I've started missing out on events just because I am not in the group chats my friends are having on there. That is where I draw my limit. I need to start using Messenger.

However I still wish to use Messenger with as much privacy as possible. I am looking for any advice that might improve my experience and lessen any privacy impact.

I will be creating a fresh account that will just have a picture of me and my first name.

I am running iodeOS (Google-free Android ROM with built in ad-block) on my phone and I am very happy with it so far. I will be blocking messengers outgoing requests as much as possible while still retaining base functionality, but I'm not sure how much that will help.

How do I best use Messenger on Android from a privacy perspective?

all 20 comments
sorted by: hot top controversial new old
[–] [email protected] 18 points 10 months ago

Short answer: you don't. It's either privacy or a facebook app, not both.

Longer answer: Don't use the facebook app https://github.com/mautrix/facebook (requires your own Matrix homeserver)

It is much more complicated to host a Matrix homeserver and Facebook Messenger bridge, however, it allows you to use a FOSS chat app on your Android phone. With notifications and if needed, fully outside google infrastructure, or even fully selfhosted, with ntfy.sh for example. Without running any proprietary Facebook code, and without directly connecting to Facebook servers on your Android device.

It is of course unavoidable to have complete privacy, as your messages will still be sent to Facebook, but you avoid almost all telemetry (and all on-device telemetry) by using a Matrix bridge rather than the official website/app.

Another option is Beeper, although privacy with them is questionable, since you're fully trusting them with your account, and any incoming/outgoing messages. It does avoid Facebook telemetry on device, and is much easier than hosting a Matrix homeserver.

[–] [email protected] 8 points 10 months ago (1 children)

I've had this "problem" before, and I did not want to use the full Messenger app for privacy reasons as well. I had installed Messenger Lite, but it was discontinued a few weeks ago. I now have Facebook Lite, which also has Messenger, and you get notifications as well. It's not perfect, but don't give it too many permissions and you should be mostly fine. Using it in the browser is absolutely terrible, and you would not get push notifications.

[–] [email protected] 3 points 10 months ago (1 children)

A long time ago I used an app called Tinfoil Facebook that created a sandbox web browser style situation in the app. Gave it a nice UI and did not leave a trace. Switched to iPhone at some point. I wonder if it’s still around…

[–] [email protected] 3 points 10 months ago (1 children)

Seems to still be available on F-Droid, but the last update was in 2017. I've installed it, but ended up not logging in since it's targeting an SDK version so old that Android is giving me a bunch of warnings (and it doesn't even scale to my entire screen, there's a big black space at the bottom)

[–] [email protected] 2 points 10 months ago

Wild! Thanks for checking up and following up.

[–] [email protected] 5 points 10 months ago (1 children)

@U2VuZCBudWRlcyA6KSAK
ahhh... the network effect....

I wouldn't use it on anything, but if you have to... i'd start by looking if it's possible to use it from a web browser instead of using an app. This way, the browser app will isolate it from having access to your entire device.

[–] [email protected] 2 points 10 months ago (2 children)

I get the idea with running it in a browser, but that will give a really bad experience with no notifications and loosing the app among all 100 other tabs I might have open at the same time.

How naive am I if I just install it and deny it access to camera, microphone, contacts, location and all that? It should not be able to bypass the OS permissions system.

What I guess I'm asking is what isolation by browser will really do for me. I am trading off a lot of features that will be handy, but what have I won in privacy? I am still using the service.

I don't know what an app with only notification permissions can really do, but I guess the answer is "more than it should"..

[–] [email protected] 4 points 10 months ago

If it were me, I'd use that browser solely for FB. Firefox allows one to have multiple instances. Harden it as much as you can whilst still able to use the bits of FB you're interested in.

[–] [email protected] 1 points 10 months ago

even if you deny all those permissions, they'll still be able to track everything what you do in the app, which is enough to build a profile on you including interests, social graph, and even personality traits.

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago) (1 children)

If you end up taking the browser route, take a look at WebApps

[–] [email protected] 2 points 10 months ago (1 children)

New app I didn't even know I wanted.

[–] [email protected] 1 points 10 months ago

It's not free, but check out Hermit. It's the best sandbox app I've used and I use it daily. It creates "applets" that are basically icons on your desktop that launch the sandbox instance. So I've got several I use daily: wordle (and variations), a forum I frequent often, different web comics, etc. No need for an actual app installed for each of those when I just have a single app that creates small instances

[–] [email protected] 3 points 10 months ago (1 children)

Work profile, or a PWA I think would be the best way to

[–] [email protected] 2 points 10 months ago (2 children)

What good will a work profile do me? As mentioned in the other reply, what privacy gain am I really looking at in return for the tradeoff?

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago)

You tell us.

Using PWA you'll retain all the features and nice-to-haves of the app, while also preventing it from doing any weird magic to your files in the background. Sharing files from your main profile to your private profile is also as easy as opening the file in your main profiles file browser and clicking "share".

~~What is your threat/privacy level? How far are you willing to go, and what/how much is it that you want to keep private?~~

I'm clearly too tired to make any sense. Please have a nice evening.

[–] [email protected] 3 points 10 months ago

Limits data access, right?

[–] [email protected] 2 points 10 months ago

isn't cross-app communication from fecesbook messenger available yet?

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

You can try Frost, a web wrapper for Facebook: get in on F-Droid here.

You can also run it isolated using Shelter, another app on F-Droid, get it here.

[–] [email protected] 1 points 10 months ago

@U2VuZCBudWRlcyA6KSAK There's also Beeper for pretty much all the most popular services. Should be more private than using the 1st party Facebook apps.