- cross-posted to:
- opensource@lemmy.ml
- cross-posted to:
- opensource@lemmy.ml
Can we move away from the habit of just copy-pasting clickbait video titles with no information as to what they’re actually about? Lemmy gives you a description field, you have the power to summarise videos which should really be blog posts!
deleted by creator
The reported tracker is ACRA, a crash report library (https://github.com/ACRA/acra).
I digged a bit into the source code and the apk. From looking at the code alone one can’t tell if the crash report is actually enabled, the build configuration depends on some unpublished file. But looking into the apk allows to reconstruct it. These are my findings:
- the usage is implemented here: https://gitlab.futo.org/alex/voiceinput/-/blob/master/app/src/main/java/org/futo/voiceinput/CrashLoggingApplication.kt
- the crash handler is compiled in and also enabled (BuildConfig.ENABLE_ACRA=true)
- the crash handler is configured to dialog mode. According to the ACRA documentation (https://www.acra.ch/docs/Interactions#dialog) that means that user interaction is required for sending (a popup dialog with a cancel button).
- the upload domain is crash.sapples.net
- the dialog can’t be disabled via settings
- the usage of ACRA is missing in the licenses and about dialogs (https://gitlab.futo.org/alex/voiceinput/-/blob/master/app/src/main/assets/license-list.html)
- the privacy policy is correctly stated (https://voiceinput.futo.org/VoiceInput/PrivacyPolicy)
4.1. If the app crashes, you may be asked if you wish to submit a crash report. If you accept, your device information and crash details will be sent to us for the purposes of investigating the crash and improving the software.
Unfortunetly they go with their own custom licence and AFAIK it’s not open source as it does not allow commercial use.
Can you give more details of the scan result? Exodus only lists the Play store version. I installed the F-Droid version but Exodus app reports it as “same version” and just shows the clean Google Play Store results. This is obviously wrong, the SHA1 listed for the Play Store version on the Exodus website is different compared to the F-Droid .apk I have installed. Sadly the Exodus website does not support scanning F-Droid apps from third-party repos so I have no idea how to scan it.
That being said, according to the privacy policy (https://voiceinput.futo.org/VoiceInput/PrivacyPolicy), the F-Droid .apk version should have some kind of crash report build-in. So I could imagine that this might get flagged.
deleted by creator
Thank you, I’ll look into it.
deleted by creator
I didn’t install/scan it myself, but the exodus site shows no trackers on Google play version. https://reports.exodus-privacy.eu.org/en/reports/org.futo.voiceinput/latest/
deleted by creator
I’m using it to type this comment and I REALLY like it! But I will say it tries to do punctuation for me, and that drives me nuts.
(Video is about an open source voice to text, input method for Android, by the way.)
What’s the name of it? Then I don’t have to watch a video
Futo Voice Input, and there are links in the post ☺️ Weirdly, it doesn’t seem to be on Fdroid (yet?), but you can install it as an APK from their website.
I’m going with yet. They do mention an F-Droid build on GitLab.
There are four build flavors:
dev
- for development, includes Play Store billing and all payment methods, auto-update, etcplayStore
- Play Store build, does not include auto-update and only includes Play Store billingstandalone
- does not include Play Store billing library, includes auto-updatefDroid
- does not include Play Store billing nor auto-update
I’m not watching a video for something that can be 3 lines of text.
I’m supposing this is some speech to text? It’s completely on device? If it’s not on device, i don’t see many difference between giving data to google and giving the same exact data to somebody else.
Yes, it is text to speech engine that works completely on the device. Actually, I use it right now to write this.
Section 4: Termination, suspension and variation
We may suspend, terminate or vary the terms of this license and any access to the code at any time, without notice, for any reason or no reason, in respect of any licensee, group of licensees or all licensees including as may be applicable any sub-licensees.
The license isn’t exactly giving me warm fuzzies, the source is available, but it isn’t GPL.
https://gitlab.futo.org/alex/voiceinput/-/blob/master/FTL_LICENSE.md?ref_type=heads
Reading through their license, it appears that people may only distribute the code, and the binaries non-commercially. There’s nothing in there allowing people to modify in the distribute the modification. But I’m not a law talking person so maybe I got that wrong
Oh no :(. Another cool project being ruined by trying to invent it’s own licence.
If they want to not make it free of price, they could make payments for model download or just do a paywall screen. Most people would prefer to pay some bucks for not having to compile app themselfs or having to get it from shady sources.
I figure if I lurk here someone will come along and breakdown whether this is legit to install or not
Louis Rossmann is a respectable person in the open source/right to repair arena
Right on, that helps to know, thank you
Howsabout you try it and let us all know if your phone gets hot?
deleted by creator
Damn. I appreciate that you did that leg work for the rest of us
deleted by creator
From reading other posts it sounds like it is only for crash reporting and that the user has to click to provide the report in the event of a crash. It also appears to be documented in their policy docs so it’s not exactly like it’s anything underhanded.
If the user doesn’t trust that their data will be safe, couldn’t the domain attached to the tracker found by Classyshark be blocked using something like NextDNS or RethinkDNS to prevent any data from connecting to said domain?
Here is an alternative Piped link(s):
https://piped.video/UCGaKvZpJYc?si=SXknCynbr_7pakmC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.