Creating own Android/iOS App without trackers -> a privacy focused variant (like in F-Droid)

Hi,

as far as I understand, is the Apache License allowing to create fork Apps and even publishing it. I would gladly not take this but right now this App is not possible to recommend to people, that are privacy focused. Jitsi as an alternative to other platforms makes only sence via the privady argument and if this is broken inside the Apps, they don’t make much sense. As browser on mobile is not the best experience, I was thinking of releasing an own variant.

If maybe others are getting around and we create a good maintained fork it will maybe get around and more and more people will switch to the fork. I know I can probably can’t use the logo or the name directly. But can I put in the default server, same as jitsi and same color scheme and such?

Also what are other people thinking about this?
Best would be to have the default App without trackers or just ask the user at least in the beginning and they can say no.

Hi,

I’m curious: what trackers currently exist in Jitsi’s mobile apps?

Trackers is maybe a strong word, but the Google Play and Apple App Store Jitsi Meet apps contain Amplitute and Crashlytics, as confirmed and explained here: iOS client leaking data to third parties without user consent? - #2 by saghul

Interesting way to join a community.

That’s correct.

I strongly disagree, of course. (more on why later)

That’s a very narrow-minded way to look at things. None of the big players allow you to self-host, do they? Your installation, your rules.

It is possible to disable crash reporting in the apps, if you are worried about that, and analytics is only enabled if the server you are connecting to has it enabled. So, if your server has no analytics enabled, no analytics will be ever sent.

At this point I think it’s important to make an important distinction: analytics != tracking. We use analytics because (Amplitude specifically) because we need to understand how our users use our app, what’s broken, and use this data too help us fix bugs / understand what features are used etc. We are not tracking users outside of our app. If you take the time to read Amplitude’s privacy policy you’ll see they do not sell data supplied by their customers to third parties either.

I’d ask you not to, but the license does allow you to do that, it’s your choice. Good luck with that. Expect no help from me of course.

I think you just don’t know what it is to run a large user facing app / service. Analytics and crash reporting are essential to be able to provide a good quality product, otherwise you are just flying blind. How would you help your users when you have no idea what problems they have?

We have always been transparent about what analytics we use and why. If you are not comfortable, self-host, we give you all the tools we need. Moreover, you can use the F-Droid app or make a “libre” flavored Android build, which removes all analytics and crash reporting libraries.

I implemented that libre flavour myself (android: add the ability to make a "libre" build · jitsi/jitsi-meet@2d45709 · GitHub) just so F-Droid could include the app. I don’t care about F-Droid, but I do care about our users.

4 Likes

saghul I don’t want to make Jitsi bad, but I read and saw how the github issues were handleld and hope to find a way to make so that Jitsi can get analytics, but users can be safe from it without relying on a fork or F-Droid.

I read multiple official papers of official government websites, stating about Jitsi and not using the mobile apps (except F-Droid), because of trackers.
I even saw one they forked Jitsi for their organisation or so, don’t know exactly, but can still find them in App and Play Store.

I think the Jitsi community would be hurt by such a move, at it would split it. But maybe you can help me, should I make a solution about optout (like asking user in the beginning and they can press no and can later change a tick in the settings menu if they change their mind)?

You said analytics are only enabled if my selhofted server has it enabled. What does that mean, if somebody opens the App the first time? Are immediately analytics send?

Also just a pinging to a third party server is a privacy breach that I would stop.
Saying all users, please install F-Droid and iOS users, you have no luck, just use it in webbrowser, seems to be no viable solution for adoption. I just can’t say “download the app”, without warning about trackers.
GPDR means collecting not more data than is needed. Users that want to optout at least, is needed, especially if they use a custom server.
I know, you don’t trace us, but I don’t trust Amplitude to keep their promise or Google to keep theirs, not tracking and only giving you access to the information and deleting everything else.

Only way to be sure, is to have them somehow via optout or maybe when entering your own server completely disabled (no ping at any point, only thing maybe after a crash ask if it should be send and only if pressed yes should be the first ping to a third party server).

With third party server I mean any server, except the server that was entered in the url field in the settings (and of course the stun/turn and such by the jitsi server itself)

What issues? Be specific. Also, what’s bad about F-Droid for your use case? We don’t discourage its use, we will just have a harder time helping you, so you take that calculated risk.

That doesn’t make any of it true. I got the Catalan police to retract a bogus statement. Again, analytics != tracking.

There are many apps which are Jitsi Meet in essence in the store. They might be tied to a specific health provider for example. That’s fine. Again, the license allows you to do (almost) whatever you want. I’m just trying to make you understand that you are going down the wrong path.

That would just hurt us because all the FUD like the one you started with. I can’t count how many issues I’ve fixed thanks to crash reports.

No.

We don’t ping random third-party servers.

It’s not all users, just the ones who are not OK with us and only us having enough bits of information to develop a better app.

Yes, we don’t have such a thing on iOS, it’s complex implementation wise, plus there is no F-Droid equivalent and we are not going to release 2 app flavours in the store. I think apple did a pretty good job with the app privacy report. They clearly differentiate analytics from tracking.

And that’s exactly what we do.

Then open a GDPR claim with them, I’m not their lawyer nor in the position to confirm or refute your statement.

Looks like I wasn’t clear earlier. We read the analytics settings from the configured default server. If you set your own we will not use our Aplitude key to send data to our account. You can setup Matomo in your own server and configure the Matomo site ID and then we’ll send data to your own Matomo instance. Disabling crash reporting is already possible in the Advanced section of the settings in the welcome page.

Ok, thanks. So if I put my own server in and have analytics disabled, never is any connection established, except my own server (no crashlytics, firebase, apple, google server, or one of your servers), did I understand that correctly?

If yes, please excuse for this thread, I read the issues and it seemed a bit like “we have analytics included, we will keep them, closing this issue” or something like that (not very cooperative).

Almost. Craahlytics is enabled by default, you can disable it in the advanced settings. No data is sent there unless there is a crash?

Ok, thanks for the clarification.

Please excuse my harsh reaction.
I possibly/maybe missed (or not?) the explanation that no tracking/analytics is used, if you use your own server (except crashlytics, but that should ask the user, if he wants to send a crash report, right?).

Maybe this could be better communicated to the public.

No, it doesn’t ask the user.

I don’t know what or where we’d document it. This behavior has been the case since the inception.

Maybe instead of asking about making a fork based on bogus conclusions you could have asked how things worked in the first place.