- cross-posted to:
- android@lemdro.id
- cross-posted to:
- android@lemdro.id
deleted by creator
Edit: @Melco@lemmy.world actually appears to be right, check my comments down below
> This fdroid repo versionHow did you find it on F-Droid? What repos do you use?> contains user tracking telemetry spyware as reported by exodusAlso, what you said there doesn’t match the exodus report at all.You might have confused something and looked at the wrong app.Please only stick to the official sources.~~The official website for Futo VoiceInput is https://voiceinput.futo.org/.~~The Git repository is located at (their selfhosted GitLab instance) https://gitlab.futo.org/alex/voiceinput. Currently, they don’t have an F-Droid release.I am not affiliated with Futo, I just want to prevent misunderstandings.deleted by creator
I swear I only saw the Google Play link and the APK download link when I check their site like 5 hours ago. You’re actually right, I checked the app from their F-Droid repo and your results appear to be correct. I was really confused when I saw this, as it doesn’t make any sense to put trackers in the F-Droid version, but not include them in the Google play version. It’s just weird, misleading and confusing. I have no idea what’s going on there, and why they made these decisions.
1 tracker = 266 classes.
Please be more explicit about the so-called “tracker” reported by exodus here. “Tracker” is a broad term that covers not just actual tracking and ad libraries but also crash detection and error reporting libraries, which can be useful as long as they are opt-in with informed user consent. Without knowing the exact library detected here, and how it is used, one cannot assess whether it is truly spyware or not.
From a cursory glance at the build.gradle I do see ACRA as a dependency here, which is sometimes (mistakenly) considered as a “tracker” but is actually a free software crash reporting library used by many free software Android apps including NewPipe and the F-Droid client itself. A cursory search across the codebase reveals ACRA is not even always enabled (it seems to depend on build configuration) and this dialog appears to be where the user is asked for consent for sharing a crash report.
Of course, Exodus can’t tell how a library is used or even if it’s used at all, it just sees a scary class name and warns about trackers. It might be useful to check if some proprietary app has suspicious behavior but it is by no means an actual malware scanner.
edit: it doesn’t appear Exodus considers ACRA as a “tracker” as it is not included in their list however my point still stands. an Exodus report by itself isn’t proof of nefarious activity unless backed up with more concrete evidence e.g. network analysis or source code analysis.
edit 2: I just installed ClassyShark and ran it on NewPipe, and it does show ACRA as a “tracker” however Exodus itself says NewPipe has no trackers. ClassyShark has not been updated in over a year so I assume it is using an out of date database. Something like TrackerControl which is more actively updated might be a better alternative.
They mention they have an F-Droid repo on their website (that you linked): https://app.futo.org/fdroid/repo?fingerprint=39D47869D29CBFCE4691D9F7E6946A7B6D7E6FF4883497E6E675744ECDFA6D6D
Maybe that’s what the comment above meant?
I swear I only saw the Google Play link and the APK download link when I check their site like 5 hours ago.
Maybe they just added it between your comment and mine. After all these things have to be added and updated at some point… maybe we caught the magic moment!
Yeah I checked the archive. When I wrote the my original comment, the website looked like this: https://archive.ph/8swgn
Without having to watch that video…
What is a voice app?
Speech to text.
Here is an alternative Piped link(s):
https://piped.video/UCGaKvZpJYc?si=SXknCynbr_7pakmC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
What is incredible about this product is that I can speak normally and fluently as I normally do.
The need to look at the output as you speak is only necessary if you expect there to be errors. FUTO, amazingly, performs extremely well in this regard and I have a high confidence in not being able to trip it up. I don’t feel that I need to look down at a live transcription.
This whole comment was written using FUTO voice input. I’m definitely going to donate to them.
This whole comment was written using FUTO voice input.
Was the device owner involved?
he was not, nobody cares about his 2 bytes
Love these kinds of projects. Recently been using this FOSS STT app on degoogled phone: https://github.com/ElishaAz/Sayboard (see releases for APKs)
Which has been great because I went years without STT.
This Futo looks promising with the punctuation. Now only if they publish to fdoid.
I would like to see an F-Droid release as well, but in the mean time you can use Obtanium to pull the APK right from the Futo website.
They have their own F-Droid repo listed on their website (https://voiceinput.futo.org):
How? I couldn’t get it to work.
You download and launch Obtanium. You tap on ‘Add App’. You copy/paste https://voiceinput.futo.org/ into the ‘App Source URL’ field and click on ‘Add’. Now, this might take some time, maybe a few minutes. Then you should be able to install the app. Obtanium will notify you whenever an update is released, and it will also allow you to download and install the new version.
Wow! Thank you, this is awesome!
This is not free software. See license.
Subject to the terms of this license, we grant you a non-transferable, non-exclusive, worldwide, royalty-free license to access and use the code solely for the purposes of review, compilation and non-commercial distribution.
In other words, I can’t download the code, reskin it and sell “Bob’s Voice to Text” for $1.29 on the play store. Seems reasonable to me.
But, if I understand correctly, you cannot create your own fork and modify the code to improve it / alter features. Right? Then it’s not FOSS.
Amendment; it seems the other FUTO product has a 10 purchase. So it’s not free, but seems to be winrar’s approach. “Please pay, but if you don’t we won’t know”
Assuming my understanding is correct;
By the spirit of the definition, no.
By the literal definition -
yes; it’s free and the source is open to look at. You could fork it, but you can’t sell your own version.No, free in FOSS stands for libre or independent, not the financial definition. Due to the license restrictions, the software is not “free”.
I have no idea if you could redistribute a modified version freely without breaching the license terms - enforcement is key. The language could be there just to prevent any of the big tech companies from just forking and profiting from the work.
This is purely speculation, and shouldn’t be considered fact.
The video title is definitely clickbait, but the app is actually really good.
yeah, the clickbait title almost turned me off, but I did end up watching video. I’m not really into STT (or voice assistants in general), but the keyboard they are allegedly working on does sound pretty sweet and I would definitely be interested in that.
Being that even if you go to their site https://futo.org there is no mention that I could see of this STT/voice input product, I wonder if I’ll ever be able to find out about said keyboard, should it actually release. For reference, the direct link to the voice input site is https://voiceinput.futo.org
edit: I also wanted to add that I was unaware of the saved recordings thing, which is horrifying, yet unsurprising… makes me glad I don’t/didn’t use STT… I think… maybe I should go check…
deleted by creator
Does anyone know if it works with android auto?
I don’t believe that anything gives Google less access to my data.
Why not? There are a lot of things that can help people to give less data to Google: ad blocker, Firefox, Firefox with Google container, avoid using Gmail, avoid using YouTube…
Android?
A deGoogled ROM, or if you still need Google services, GrapheneOS.
Apart from the Firefox Google container (that’s available only on PC), all the rest can be achieve everywhere.
Edit: I use Android, I just suppose that an AdBlocker can be used on iOS.
Google still has access to info on iOS. You pretty much have to use a TOR browser if you want to avoid Google even in iOS, and I wouldn’t be surprised if they’ve found a way in through that.
You can plug all those holes, but your data is still leaking. And wait until Googles new Web Integrity API is implemented. They have a thousand tentacles that are grabbing data. You can cut off a hundred of them, but it really doesn’t make a difference.
But let’s be practical: if I use th Firefox Google container and all the link I open are just the website I want ro visit, if I’m not logged in any Google service, how can Google monitor me on my PC?
P.s. I also use (along with other) the Cookie Auto Delete plugin.
@peregus @Meho_Nohome If the website is using Google analytics or AdSense you may have to use a adblocker too.
You’re right (and I use it)!
Well, using Cookies Auto Delete, that’s not true if the scope is not to get tracked, because even with Google tracker, Google wouldn’t know that was me. Maybe with Canvas Blocker too, to protect against fingerprinting.
@peregus Yes difficult to escape fingerprinting. May have to use tor browser or hardened firefox
I use Canvas Blocker and it seems to be doing a pretty decent job
GrapheneOS is the open source android OS on pixel hardware without any google binary blobs.
The advantage of using it is Google develops and optimizes the OS so it works on their hardware. The GrapheneOS project compiles the source code, hardens some parts, and boom
Ah yes, binary binary large objects
I’ve always thought of “blob” in yerms of ot being opaque and hard to understand, like a blob of putty with little structure you can dig into to get at it, you just have to take it as one solid barely understandable mass to use it.
Never thought of it as Binary Large OBject ;p
deleted by creator