FlyingAntero 871 Posted December 5, 2019 Share Posted December 5, 2019 (edited) I believe that it is better when the device comes with locked bootloader. Then people can use all Google services if they want without hassle. If someone wants to flash different OS to the device, it is trivial to unlock bootloader and flash whatever he/she wants (just like with OnePlus devices). If you do not input any personal information during start up I believe that Google does not collect anything from you since the device is fully wiped during flashing process. Of course it would be different thing if the bootloader would be locked permanently. Luckily that is not the situation with Pro1 😉. Edited December 5, 2019 by FlyingAntero 3 1 Quote Link to post Share on other sites
EskeRahn 5,471 Posted December 5, 2019 Share Posted December 5, 2019 14 minutes ago, FlyingAntero said: I believe that it is better when the device comes with locked bootloader. Then people can use all Google services if they want without hassle. If someone wants to flash different OS to the device, it is trivial to unlock bootloader and flash whatever he/she wants (just like with OnePlus devices). If you do not input any personal information during start up I believe that Google does not collect anything from you since the device is fully wiped during flashing process. Of course it would be different thing if the bootloader would be locked permanently. Luckily that is not the situation with Pro1 😉. I agree, though one should remember that "If you do not input any personal information" is not as easy as it sounds. As they collect your position data(*), and that alone would be enough to identify most of us. And especially if you also use the narcissistic media, e.g. Faecesbook, plus the search history. They can link it all together and get a quite accurate picture of most people. (*) Position data are NOT limited to GPS. But also what WiFi networks and cellular masts are visible... 1 Quote Link to post Share on other sites
FlyingAntero 871 Posted December 5, 2019 Share Posted December 5, 2019 Just now, EskeRahn said: I agree, though one should remember that "If you do not input any personal information" is not as easy as it sounds. As they collect your position data, and that alone would be enough to identify most of us. And especially if you also use the narcissistic media, e.g. Faecesbook, plus the search history. They can link it all together and get a quite accurate picture of most people. Yes, that is true. That is reason why you should not input any personal information to anywhere if you do not want to get followed. Just run trought the start up wizard by skipping everything you can and then head to the setting and allow OEM unlocking. Then you should able to unlock and flash for freedom. 1 Quote Link to post Share on other sites
glumreaper 144 Posted December 5, 2019 Share Posted December 5, 2019 Excuse my ignorance, but what's the impact of certification (or lack thereof?) Is it just Google Pay that uses it? Would also be what banking apps check? Quote Link to post Share on other sites
enPfzr4v 239 Posted December 5, 2019 Share Posted December 5, 2019 9 minutes ago, glumreaper said: Excuse my ignorance, but what's the impact of certification (or lack thereof?) Is it just Google Pay that uses it? Would also be what banking apps check? From what I understand, banks do use it sometimes, but so does Netflix and lots of enterprise apps. 5 Quote Link to post Share on other sites
Craig 1,435 Posted December 5, 2019 Share Posted December 5, 2019 I think netflix uses something else.... but any app (I think) is allowed to use safetynet, thats up to the app developer if they want to check that with google and use it for something. Quote Link to post Share on other sites
damion 60 Posted December 5, 2019 Share Posted December 5, 2019 (edited) 8 hours ago, EskeRahn said: Absolutely. As I said "a simple inside job is all it takes" I don't think I should start a thread on the merits of using Google. I've deleted a verbose rebuttal of all the tin-foil hattery. If you're in London, pm me to meet for drinks 🙂 Edited December 5, 2019 by damion Ain't nobody got time for this 2 1 Quote Link to post Share on other sites
EskeRahn 5,471 Posted December 5, 2019 Share Posted December 5, 2019 28 minutes ago, damion said: Full disclosure I work in Alphabet, formerly Google for ~decade and now DeepMind the AI company. All my comments are my own opinion and not representing Google or DeepMind. It's actually extremely difficult to access data. The teams with permission to access to the data, can't do anything with it because it's encrypted. The teams with access to the encryption keys, don't have permission to access the data. Every single access is logged and broadcasted loudly. Google employ tens of thousands of engineers who you would find a quiet like-minded in terms of privacy. This is demonstrated with things like our transparency reports. ALL companies are obliged to obey court orders for access for information relating to to specific criminal cases. However Google broadcast loudly how many there are, with significant irritation to those countries in question. Do you may have noticed Google pulled out of China... This thread contains a whole lot of comments which I could not really go into much more detail (I mostly because I don't have time), but please consider that Google have some of the most highly competent technical security experts. personally I would be genuinely concerned using anything other than a locked bootloader with a Google version of the OS. Sure they collect data and no this is not useful to sell! Google have plenty of money because people click on the ads because the ads are relevant, the more relevant the more likely the click. It really is as simple as this, nothing malicious, but feel free to not believe me... Thanks for the insight. Another view would be: No collection, no risk of loosing it. wilfully or accidentally. An old saying goes: The road to hell is paved with good intentions. In the US almost anyone can get a gun, most likely primarily bought with good intentions for protection, and big surprise a lot of malicious stuff follows by that. In other countries were guns are harder to get at, big surprise: Fewer are shot. And don't get me wrong, a lot of evil happens all over the world, so it is by far limited to guns. The price of easy access to lethal weapons are dead people. And I'm not to say if it is worth the price or not, that is a domestic US political matter. The price of collecting private data on everybody (almost literally) is the risk of someone getting to these data. a risk involving billions of people. 3 Quote Link to post Share on other sites
damion 60 Posted December 5, 2019 Share Posted December 5, 2019 (edited) Heh, well deleting the post didn't help 🙂 Yes not collecting helps but then the ads would be less relevant, Google would make less money and all the world changing goodness they're also responsible for, would be at risk. It is possible to turn off collection albeit too awkward to do that well. I'll see if I can feed that back internally. I actually need enterprise stuff so I'm very much hoping I can get the phone fully approved. I may need to buy another one and send it to secops! Edited December 5, 2019 by damion 1 1 1 Quote Link to post Share on other sites
EskeRahn 5,471 Posted December 5, 2019 Share Posted December 5, 2019 1 minute ago, damion said: Heh, well deleting the post didn't help 🙂 Yes not collecting helps but then the ads would be less relevant, Google would make less money and all the world changing goodness they're also responsible for, would be at risk. It is possible to turn off collection albeit too awkward to do that well. I'll see if I can feed that back. Personally I would just LOVE to have a way to do micro-payments for NOT wasting my screen with ads, at the exact same amount each site get for showing the ads! I imagine that the companies providing all this junk by law was ordered to also provide the users with an option to pay to not see. Technically with some limits on the amount per view, if more I could choose to see the junk or leave the page. This is especially interesting for the small mobile devices, where the bandwidth wasted for ads also eats a LOT of peoples battery stamina. I use various kinds of adblockers, and feel a little guilty about it, but there are no offered alternatives. Google could start by offering a paid search engine, with no ads, no user related data collection(*), and fair ranking of stuff - I would be interested, and doubt that I'm alone. (*) It would be quite OK to collect the data on how many are interested in each site, as long as it is not combined with ANY sort of cross referencing to other data. 1 Quote Link to post Share on other sites
damion 60 Posted December 5, 2019 Share Posted December 5, 2019 I know a lot of people going through ILR due to Brexit, and they are extremely thankful they are able to check their location history. I've heard some extremely horrific stories about ad blockers. But that'll need to wait for pub chat Quote Link to post Share on other sites
EskeRahn 5,471 Posted December 5, 2019 Share Posted December 5, 2019 6 minutes ago, damion said: I've heard some extremely horrific stories about ad blockers. But that'll need to wait for pub chat I would certainly prefer not to use them, but if the alternative are the horrific pest of ads, and not a way to buy them away, well then I take the risk... 1 2 Quote Link to post Share on other sites
silversolver 849 Posted December 6, 2019 Share Posted December 6, 2019 3 hours ago, EskeRahn said: Personally I would just LOVE to have a way to do micro-payments for NOT wasting my screen with ads, at the exact same amount each site get for showing the ads! I imagine that the companies providing all this junk by law was ordered to also provide the users with an option to pay to not see. Technically with some limits on the amount per view, if more I could choose to see the junk or leave the page. This is especially interesting for the small mobile devices, where the bandwidth wasted for ads also eats a LOT of peoples battery stamina. I use various kinds of adblockers, and feel a little guilty about it, but there are no offered alternatives. Google could start by offering a paid search engine, with no ads, no user related data collection(*), and fair ranking of stuff - I would be interested, and doubt that I'm alone. (*) It would be quite OK to collect the data on how many are interested in each site, as long as it is not combined with ANY sort of cross referencing to other data. Brave Browser offers exactly what you're suggesting. You really should investigate it. 2 1 Quote Link to post Share on other sites
Polaris 423 Posted December 6, 2019 Share Posted December 6, 2019 1 hour ago, silversolver said: Brave Browser offers exactly what you're suggesting. You really should investigate it. I'll second Brave; it's fantastic! 1 Quote Link to post Share on other sites
Doktor Oswaldo 906 Posted December 6, 2019 Share Posted December 6, 2019 8 hours ago, damion said: Heh, well deleting the post didn't help 🙂 Yes not collecting helps but then the ads would be less relevant, Google would make less money and all the world changing goodness they're also responsible for, would be at risk. It is possible to turn off collection albeit too awkward to do that well. I'll see if I can feed that back internally. I actually need enterprise stuff so I'm very much hoping I can get the phone fully approved. I may need to buy another one and send it to secops! I hardly think there would not be enough money for the goodness if they would earn less money from ads. There is enough money for that, just not for shareholders. And that is the point, it always has to go up, yeah they may not sell the data now. But what if the shareholders are not happy any more because google hit the grow-limit? What if the ad economy breaks down? P.S. The point with china is worthless. They tried hard to do a specialized engine for china, only the engineers are not in for it. As any big company they happily help the regime because china is a big market 3 Quote Link to post Share on other sites
Tim6263 134 Posted December 6, 2019 Share Posted December 6, 2019 @damion re. "all the world changing goodness" - that's altogether suggestive, and sounds to a non-Googleite like a very inside influenced viewpoint. "goodness" for Google & shareholders maybe one thing, but it unlikely to apply universally outside of Google, or to all varying aspects of the Google empire.... 1 Quote Link to post Share on other sites
enPfzr4v 239 Posted December 6, 2019 Share Posted December 6, 2019 17 hours ago, damion said: I don't think I should start a thread on the merits of using Google. I've deleted a verbose rebuttal of all the tin-foil hattery. If you're in London, pm me to meet for drinks 🙂 I just want to make a quick statement: The US government can and does get access to my data without a warrant since I am not a US citizen. No amount of technological safeguards can stop that. Look up programs such as PRISM that systematically gather tons and tons of data on non-US citizens, and there are likely many more like it that have popped up since PRISM. 2 1 Quote Link to post Share on other sites
silversolver 849 Posted December 6, 2019 Share Posted December 6, 2019 42 minutes ago, abielins said: I just want to make a quick statement: The US government can and does get access to my data without a warrant since I am not a US citizen. No amount of technological safeguards can stop that. Look up programs such as PRISM that systematically gather tons and tons of data on non-US citizens, and there are likely many more like it that have popped up since PRISM. Five eyes comes to mind..... 2 Quote Link to post Share on other sites
EskeRahn 5,471 Posted December 6, 2019 Share Posted December 6, 2019 On 12/5/2019 at 11:46 AM, EskeRahn said: Off topic: In that link i stumbled upon fastboot oem off-mode-charge 1 That allows the Pro1 to charge while staying turned off. I do not know if there is a good reason for them to turn this feature Off by default (Or maybe it is Off by default without FxTec changing it?) Tried it On with slow charging, and from what I can see it works exactly as you would expect. Will try with fast charge when the level is sufficiently low for it to make sense. ADD: When the off-mode-charge is Off, the device will autmatically power up when power is applied. Tried fast charging also, works just fine. 3 Quote Link to post Share on other sites
glumreaper 144 Posted December 6, 2019 Share Posted December 6, 2019 (edited) 22 hours ago, EskeRahn said: The price of collecting private data on everybody (almost literally) is the risk of someone getting to these data. a risk involving billions of people. For balance, it would be good to also talk about (and particularly great to hear from an insider about) all the good things Google do with the data. All the analytics, tuning of services, and useful generalised application of the data. Edited December 6, 2019 by glumreaper Quote Link to post Share on other sites
divstar 164 Posted December 6, 2019 Share Posted December 6, 2019 2 hours ago, glumreaper said: For balance, it would be good to also talk about (and particularly great to hear from an insider about) all the good things Google do with the data. All the analytics, tuning of services, and useful generalised application of the data. Honestly? If I were allowed to choose, I'd rather not have anyone actually get and keep my data. I do not care what good they might or might not be doing. One reason I liked Windows XP and even 7 was the fact, that they were much more privacy-friendly. I dislike Windows 10 for this reason (yet as a software architect I am using it both at work AND at home - though only on my laptop and my gaming rig, which will become one and the same computer in a few months thanks to eGPU). My server is running Ubuntu and while I do know Canonical was a bit careless offering internet search engine like default search via Unity, I did investigate deeper and found out that they reverted next to everything in that regard. Yes, I have been using Android for over a decade, because it's the closest to what I expect from a good smartphone. Yet if Sailfish was to run fine on the pro1, I'd be highly interested as the only real thing I need from Android / iOS is WhatsApp (due to my contacts etc.). And yes, I dislike Facebook, Microsoft and Google equally for collecting data without me being allowed to suppress this. It's their right - which is why I dislike them, but at the same time use them here and there and instead treat the symptoms by e.g. using AdBlockers or other means. Indeed: for certain websites I'd just prefer to pay them as much as they'd get from showing me the ad (not clicking it, because I never click on ads on purpose - in the hope that the ad industry might die one day). Sadly that's not possible and I do not want to pay 3 euro for each of the 10 regular sites I am browsing. That leaves me with the AdBlocker solution. 3 Quote Link to post Share on other sites
Gigadoc2 54 Posted December 8, 2019 Share Posted December 8, 2019 @Waxberry: Can we re-lock the bootloader with our own keys or is it only possible to lock it to your firmware? Quote Link to post Share on other sites
kashif 350 Posted December 8, 2019 Share Posted December 8, 2019 can all the boot loader commands be put somewhere so to know what options are available? Quote Link to post Share on other sites
Craig 1,435 Posted December 8, 2019 Share Posted December 8, 2019 (edited) 54 minutes ago, kashif said: can all the boot loader commands be put somewhere so to know what options are available? # fastboot -help usage: fastboot [ <option> ] <command> commands: update <filename> Reflash device from update.zip. Sets the flashed slot as active. flashall Flash boot, system, vendor, and -- if found -- recovery. If the device supports slots, the slot that has been flashed to is set as active. Secondary images may be flashed to an inactive slot. flash <partition> [ <filename> ] Write a file to a flash partition. flashing lock Locks the device. Prevents flashing. flashing unlock Unlocks the device. Allows flashing any partition except bootloader-related partitions. flashing lock_critical Prevents flashing bootloader-related partitions. flashing unlock_critical Enables flashing bootloader-related partitions. flashing get_unlock_ability Queries bootloader to see if the device is unlocked. flashing get_unlock_bootloader_nonce Queries the bootloader to get the unlock nonce. flashing unlock_bootloader <request> Issue unlock bootloader using request. flashing lock_bootloader Locks the bootloader to prevent bootloader version rollback. erase <partition> Erase a flash partition. format[:[<fs type>][:[<size>]] <partition> Format a flash partition. Can override the fs type and/or size the bootloader reports. getvar <variable> Display a bootloader variable. set_active <slot> Sets the active slot. If slots are not supported, this does nothing. boot <kernel> [ <ramdisk> [ <second> ] ] Download and boot kernel. flash:raw <bootable-partition> <kernel> [ <ramdisk> [ <second> ] ] Create bootimage and flash it. devices [-l] List all connected devices [with device paths]. continue Continue with autoboot. reboot [bootloader|emergency] Reboot device [into bootloader or emergency mode]. reboot-bootloader Reboot device into bootloader. oem <parameter1> ... <parameterN> Executes oem specific command. stage <infile> Sends contents of <infile> to stage for the next command. Supported only on Android Things devices. get_staged <outfile> Receives data to <outfile> staged by the last command. Supported only on Android Things devices. help Show this help message. options: -w Erase userdata and cache (and format if supported by partition type). -u Do not erase partition before formatting. -s <specific device> Specify a device. For USB, provide either a serial number or path to device port. For ethernet, provide an address in the form <protocol>:<hostname>[:port] where <protocol> is either tcp or udp. -c <cmdline> Override kernel commandline. -i <vendor id> Specify a custom USB vendor id. -b, --base <base_addr> Specify a custom kernel base address (default: 0x10000000). --kernel-offset Specify a custom kernel offset. (default: 0x00008000) --ramdisk-offset Specify a custom ramdisk offset. (default: 0x01000000) --tags-offset Specify a custom tags offset. (default: 0x00000100) -n, --page-size <page size> Specify the nand page size (default: 2048). -S <size>[K|M|G] Automatically sparse files greater than 'size'. 0 to disable. --slot <slot> Specify slot name to be used if the device supports slots. All operations on partitions that support slots will be done on the slot specified. 'all' can be given to refer to all slots. 'other' can be given to refer to a non-current slot. If this flag is not used, slotted partitions will default to the current active slot. -a, --set-active[=<slot>] Sets the active slot. If no slot is provided, this will default to the value given by --slot. If slots are not supported, this does nothing. This will run after all non-reboot commands. --skip-secondary Will not flash secondary slots when performing a flashall or update. This will preserve data on other slots. --skip-reboot Will not reboot the device when performing commands that normally trigger a reboot. --disable-verity Set the disable-verity flag in the the vbmeta image being flashed. --disable-verification Set the disable-verification flag in the vbmeta image being flashed. --wipe-and-use-fbe On devices which support it, erase userdata and cache, and enable file-based encryption --unbuffered Do not buffer input or output. --version Display version. -h, --help show this message. Edited December 8, 2019 by Craig 5 Quote Link to post Share on other sites
EskeRahn 5,471 Posted December 8, 2019 Share Posted December 8, 2019 11 hours ago, Craig said: # fastboot -help Hide contents usage: fastboot [ <option> ] <command> commands: update <filename> Reflash device from update.zip. Sets the flashed slot as active. flashall Flash boot, system, vendor, and -- if found -- recovery. If the device supports slots, the slot that has been flashed to is set as active. Secondary images may be flashed to an inactive slot. flash <partition> [ <filename> ] Write a file to a flash partition. flashing lock Locks the device. Prevents flashing. flashing unlock Unlocks the device. Allows flashing any partition except bootloader-related partitions. flashing lock_critical Prevents flashing bootloader-related partitions. flashing unlock_critical Enables flashing bootloader-related partitions. flashing get_unlock_ability Queries bootloader to see if the device is unlocked. flashing get_unlock_bootloader_nonce Queries the bootloader to get the unlock nonce. flashing unlock_bootloader <request> Issue unlock bootloader using request. flashing lock_bootloader Locks the bootloader to prevent bootloader version rollback. erase <partition> Erase a flash partition. format[:[<fs type>][:[<size>]] <partition> Format a flash partition. Can override the fs type and/or size the bootloader reports. getvar <variable> Display a bootloader variable. set_active <slot> Sets the active slot. If slots are not supported, this does nothing. boot <kernel> [ <ramdisk> [ <second> ] ] Download and boot kernel. flash:raw <bootable-partition> <kernel> [ <ramdisk> [ <second> ] ] Create bootimage and flash it. devices [-l] List all connected devices [with device paths]. continue Continue with autoboot. reboot [bootloader|emergency] Reboot device [into bootloader or emergency mode]. reboot-bootloader Reboot device into bootloader. oem <parameter1> ... <parameterN> Executes oem specific command. stage <infile> Sends contents of <infile> to stage for the next command. Supported only on Android Things devices. get_staged <outfile> Receives data to <outfile> staged by the last command. Supported only on Android Things devices. help Show this help message. options: -w Erase userdata and cache (and format if supported by partition type). -u Do not erase partition before formatting. -s <specific device> Specify a device. For USB, provide either a serial number or path to device port. For ethernet, provide an address in the form <protocol>:<hostname>[:port] where <protocol> is either tcp or udp. -c <cmdline> Override kernel commandline. -i <vendor id> Specify a custom USB vendor id. -b, --base <base_addr> Specify a custom kernel base address (default: 0x10000000). --kernel-offset Specify a custom kernel offset. (default: 0x00008000) --ramdisk-offset Specify a custom ramdisk offset. (default: 0x01000000) --tags-offset Specify a custom tags offset. (default: 0x00000100) -n, --page-size <page size> Specify the nand page size (default: 2048). -S <size>[K|M|G] Automatically sparse files greater than 'size'. 0 to disable. --slot <slot> Specify slot name to be used if the device supports slots. All operations on partitions that support slots will be done on the slot specified. 'all' can be given to refer to all slots. 'other' can be given to refer to a non-current slot. If this flag is not used, slotted partitions will default to the current active slot. -a, --set-active[=<slot>] Sets the active slot. If no slot is provided, this will default to the value given by --slot. If slots are not supported, this does nothing. This will run after all non-reboot commands. --skip-secondary Will not flash secondary slots when performing a flashall or update. This will preserve data on other slots. --skip-reboot Will not reboot the device when performing commands that normally trigger a reboot. --disable-verity Set the disable-verity flag in the the vbmeta image being flashed. --disable-verification Set the disable-verification flag in the vbmeta image being flashed. --wipe-and-use-fbe On devices which support it, erase userdata and cache, and enable file-based encryption --unbuffered Do not buffer input or output. --version Display version. -h, --help show this message. I see a slightly different set of commands (Took the liberty to mark the above quote as Code to increase readability) Hide contents usage: fastboot [OPTION...] COMMAND... flashing: update ZIP Flash all partitions from an update.zip package. flashall Flash all partitions from $ANDROID_PRODUCT_OUT. On A/B devices, flashed slot is set as active. Secondary images may be flashed to inactive slot. flash PARTITION [FILENAME] Flash given partition, using the image from $ANDROID_PRODUCT_OUT if no filename is given. basics: devices [-l] List devices in bootloader (-l: with device paths). getvar NAME Display given bootloader variable. reboot [bootloader] Reboot device. locking/unlocking: flashing lock|unlock Lock/unlock partitions for flashing flashing lock_critical|unlock_critical Lock/unlock 'critical' bootloader partitions. flashing get_unlock_ability Check whether unlocking is allowed (1) or not(0). advanced: erase PARTITION Erase a flash partition. format[:FS_TYPE[:SIZE]] PARTITION Format a flash partition. set_active SLOT Set the active slot. oem [COMMAND...] Execute OEM-specific command. gsi wipe|disable Wipe or disable a GSI installation (fastbootd only). wipe-super [SUPER_EMPTY] Wipe the super partition. This will reset it to contain an empty set of default dynamic partitions. boot image: boot KERNEL [RAMDISK [SECOND]] Download and boot kernel from RAM. flash:raw PARTITION KERNEL [RAMDISK [SECOND]] Create boot image and flash it. --dtb DTB Specify path to DTB for boot image header version 2. --cmdline CMDLINE Override kernel command line. --base ADDRESS Set kernel base address (default: 0x10000000). --kernel-offset Set kernel offset (default: 0x00008000). --ramdisk-offset Set ramdisk offset (default: 0x01000000). --tags-offset Set tags offset (default: 0x00000100). --dtb-offset Set dtb offset (default: 0x01100000). --page-size BYTES Set flash page size (default: 2048). --header-version VERSION Set boot image header version. --os-version MAJOR[.MINOR[.PATCH]] Set boot image OS version (default: 0.0.0). --os-patch-level YYYY-MM-DD Set boot image OS security patch level. Android Things: stage IN_FILE Sends given file to stage for the next command. get_staged OUT_FILE Writes data staged by the last command to a file. options: -w Wipe userdata. -s SERIAL Specify a USB device. -s tcp|udp:HOST[:PORT] Specify a network device. -S SIZE[K|M|G] Break into sparse files no larger than SIZE. --force Force a flash operation that may be unsafe. --slot SLOT Use SLOT; 'all' for both slots, 'other' for non-current slot (default: current active slot). --set-active[=SLOT] Sets the active slot before rebooting. --skip-secondary Don't flash secondary slots in flashall/update. --skip-reboot Don't reboot device after flashing. --disable-verity Sets disable-verity when flashing vbmeta. --disable-verification Sets disable-verification when flashing vbmeta. --unbuffered Don't buffer input or output. --verbose, -v Verbose output. --version Display version. --help, -h Show this message. (Updated above to version 29.0.5-5949299) 1 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.