The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Ralf Jung <jung AT mpi-sws.org>]

Hi,

>> to install your App. All I could find on your website is links to Play
>> Store. Now, I don't have a Google account connected to my phone, nor do
>> I even have the Google apps installed - I hope I don't have to go into
>> why that's a good idea.
> 
> well, as you are having these unique issues due to your stance I am 
> actually interested
> in why you dont want to use the Play store to access the file  ;-)

Here's the short version ;-) though I doubt you did not year these
arguments before.

For once, I refuse to accept Google's Terms of Service. That contract
imposes conditions on me that I am absolutely not willing to accept,
considering what Google is allowed to do with all the personal data it
obtains. Google's services are "free" as in they cost no money, but they
certainly are not "free" as they don't cost anything. After all, Google
has to somehow obtain its profits.
  Even if that contract would be less to my disadvantage, I'd still be
very unhappy about any data being transferred to Google (or anybody,
really) without my control. My contacts, my WiFi networks, my usage
habits, my location - none of this is of anybody else's concern. I know
I can disable some of these data transmissions, but I certainly do not
trust Google enough to assume that there's no other data being
transmitted, or that some new option with a bad default appears tomorrow.
  All of this could be mitigated if Google would make that software
open-source - but they do not. I will assume they have a reason to do
this, namely, that they do not want these issues to be mitigated. The
only way for me to express my disagreement with that policy, and to
maintain ownership of my data, is not to use these services.
  Experience shows that data that you give away, will at some point be
sold, lost, found by hackers, used against you, whatever. Companies
losing their customer's data, or companies being sold and the new owner
having a different idea of responsible treatment of customer data, is
not even news any more. Admittedly, Google has an excellent track record
here. Still, the only way to prevent your data from being mis-used is
not to give it away in the first place. This is not even mentioning that
we have various agencies all around the globe thinking they can classify
users based on such data, and making judgments about people based on a
very narrow view-point, without any chance of the subject to defend itself.

I am certainly not alone with this position. I know many that have
similar concerns, but have made the decision to install the GApps
nevertheless since it's just much more convenient. I believe it's worth
fighting for the sovereignty over our phones, just like we did for
laptops and desktops. I made some compromises, but installing the GApps
is beyond that.

Google is building a walled garden, carefully making sure people stay
within their ecosystem. I do like my freedom, I don't like such walls.

>> I kind of assume the App is open-source (otherwise, I'd have to
>> seriously re-consider using it), so compiling it from source would be a
> 
> again...why? 

I believe going open-source would make the application better. I can't
even count the number of times I fixed a small bug in one of the
open-source applications I used, just because it annoyed me enough to be
worth spending a few hours on it. The usual open-source workflow with a
bugtracker etc. also makes it generally easier to even communicate
issues to the developers.

Furthermore, I've seen enough closed-source applications deliberately
operating against the users interest that my default trust level in
closed-source software is fairly low. This is even more true for "free"
(as in free beer) closed-source software, where I wonder what it is the
developers are trying to protect (or hide?).

I take it from your reply that eduroamCAT is proprietary software?
That's, honestly, very surprising. The typical approach in academia and
education (at least from what I saw during my CS studies) is to do stuff
in the open, and as far as I know eduroam is not run as a for-profit. I
can't even see a reason to keep the sources protected.

That said, Android has a fairly good system of restricting application's
permissions (compared to desktop OSes), so the possible damage that
closed-source non-system applications can do is usually low. Installing
this closed-source app is therefore certainly an option, installing Play
Services is not.

> thats another place where the App would have to be maintained - a bit like
> having it available on Amazons App-store. 

Well, yes. It would make it possible for users that care about their
freedom and privacy to conveniently use the App.

After all, you are also offering the application for download for Linux,
instead of just putting it into Microsoft's and Apple's App Stores.

>> As a third option, if you could just put the apk file somewhere, that'd
>> at least make it possible to install the app at all.
> 
> Stock Android on your phone?  otherwise unlikely it will work anyway :/

No, I am using CM. Stock Android comes with Google *and* the vendor
having system privileges on my phone - no thanks ;-) . Also, CM usually
gets new Android versions much faster than the vendor does, and fixes
security issues much quicker. I don't know if my vendor shipped updates
for StageFright 2 already, I had the patches after less than a week.

So far, all the Apps I tried worked, including some that I manually
extracted from Play Store. That's a fairly annoying process though. From
what I can tell, I see no reason that a WiFi configuration App should
not work.

*If* the App really happens to depend on a Google Play Services API -
well then I'd have a nice little project, extending the open-source
reimplementation of the Play Services with that API :)

Kind regards,
Ralf