I usually abstain from writing just to criticise someone’s work. Rather than say “X is wrong”, I prefer to say “X could improve by doing Y”.
However, in the case of Murena, there’s just too much shameless lying to the public. I don’t think this kind of activity should be allowed to continue.
Live stream
Murena had a live stream today, announcing their privacy centric tools and services. On this stream, they explained how many modern companies continuously spy on users, and send all sorts of granular data to advertising companies (Google, Facebook and many others).
The same page where this stream was happening (https://launch.murena.com/) included a lot of these very “analytics” that Murena claims to stand against. It even used multiple of Google’s APIs. So yeah, Google knew of everyone watching this stream.
Pretty hard to trust this company based on their initial presentation. I can’t imagine how you can “accidentally” integrate Google into your livestream.
Since I keep getting questions around this, here’s a screenshot of the Network inspector during the live stream. I’ve censored the video itself since I don’t feel comfortable exposing any individual person that was on-stream for this article.
eOS opt-in to Google online services for you
eOS is an Android OS created by e.foundation. The title on their website is “deGoogled unGoogled smartphone”.
I read a lot of negative comments on eOS online, so eventually reached out to them to confirm what I’d been hearing.
e.foundation’s staff confirmed that the phone includes multiple applications that talk to Google’s services out-of-the box.
Honestly, I’m amazed of the shamelessness of this organisation mis-representing itself in such a way. Then again, the average consumer doesn’t understand enough about tech or privacy for this to be a problem. Anyone who want privacy but is not an expect of the subject will likely fall for this and buy from them anyway.
The obvious solution
The obvious solution is to not include analytics, tracking, and Google integrations in the page where you’re streaming a presentation talking about the privacy issues of analytics and Google spying on everyone.
The obvious solution is to not enable integration with Google’s services out-of-the-box on a product tagged as “unGoogle deGoogled”. If you insist on installing them by default, then at least require users to opt-in to these kind of services.
Just another cloud that’s the same
Murena offers cloud hosting. Their services are based on unencrypted, and they have access to all user personal and private data.
They promise not to snoop – but so do many other companies that are simply lying.
Given what we’ve seen so far, there’s zero reason to trust any of their promises of privacy. And promises is all they offer; their services don’t encrypt on device, or anything alike.
Real privacy comes from tools that don’t allow third parties to snoop on one’s personal data. The typical example is encrypting data with a key that only the owner knows. Privacy does not come from a tool that allows third parties to snoop on one’s data and a promise that they won’t.
The sad state of afairs
We’ve lived many years in a world where sustainable, open-srouce ethical phone were not something that anyone was talking about. It was a void waiting to be filled.
What worries me deeply, is that this void is just filled by organisations lying about their values. Organisations that claim to be privacy centric and ethical, but in reality, are more of the same.
It worries me that the guys actually working on open source, privacy-centric tools, won’t get any attention because the attention is going to companies like Murena.
Then again, we live in a world where companies like Facebook and Google claim that “they care about our privacy”, so blatant lies to the public are the norm.
Dunno why I’m so surprised.