I upgraded DC to 0.301.1 and at first app start, it tried to connect over encrypted channel to some amazon servers. After exploring a little I found new feature “On demand location streaming” that was turned off. When I turned it on, phone start making more connections to unauthorized locations. I’m guessing that new feature using some 3rd party services. Ok, I turned it off, but DC still attempting to establish connections to unknown IPs which rise a question - is it a bug or end of privacy?
Why DC trying establish connections to unauthorized IPs even feature above is disabled?
when the experimental location-streaming is turned on, the is an option to display a map. the tiles of the map are downloaded from a server; we use Mapbox for this that seems to host tiles on amazon then.
the location stream itself is not sent through mapbox, these information are sent through mail.
But as I said, this “experimental location-streaming” was turned off when I started DC after upgrade, but DC tried to establish connection anyway. After I played a little with this new feature, I turned it off for sure, but DC still attempting to contact Amazon servers, not too often, but it does that make me feels like a rat in someones research laboratories.
Is it possible with new future to stream simply longitude/latitude numbers without mapping and anyone can copy/paste it to preferred “Maps” application to get location mapped in a way one wants?
yip, offscreen maps would be awesome, however, not sure if there is a library that can be used easily. doing things completely from scratch is a lot of work, however, we’ll see.
for now, we’re happy to have at least some map.
wrt to the connection to some cloud servers: they definetly do not come from “our” source, however, might be mapbox. mapbox is also open source - maybe someone can investigate here a bit further, what we can do to prevent this, when it appears, maybe file an issue on mapbox and/or deltachat and so on @AlexJ are you up for that?
The mapbox site says offline maps are possible, however…
The privacy statement on the mapbox site explicitly talks about api requests being collected, thus offline maps may not make any difference if the log of where, when and how the api is used and not-used on a device is periodically reported for third party evaluation. That there are connections even if the deltachat code is disabled doesn’t sound good.
I have looked around this issue a bit, because the mapbox collection of api data that is shared to unknown other parties sounded somehow troublesome to me.
If deltachat is used in an organisation regulated by the GDPR, i.e. a sports club, the the new position tracking option using the mapbox service may require re-evaluation and possibly adding statements in a data protection notice. Can somebody confirm or dismiss this?
Then there is the privacy statement from openstreetmap that seems more cautious. It points out that third party scripts and services like mapbox are not covered, and that some special “layers” (mapstyles I think) on the openstreetmap site itself are provided by third party services. https://wiki.osmfoundation.org/wiki/Privacy_Policy#Data_we_receive_automatically
After looking a little at above list of interactive map libs, at least the projects libosmscout (multi-platform, navigation) and mapsforge (has pre-compiled map tile repositories available, and a separate mapbox iOS based fork https://github.com/medvedNick/Mapsforge_iOS) seem to work with independent offline maps.
Ok, but offline mapping or navigation that uses the mapbox SDK API (on the device), would still be covered by the mapbox privacy statements. And we have seen that the mapbox code connects to servers independetly from its usage already.
I don’t see it. When I use offline navigation, I don’t even turn on the mobile data. Due to my data plan, I got firewall-blocked most of my apps, and SatStat’s navigation works just fine (maybe you mean another mapbox app).
I think that the only connections needed are when downloading the maps, and that can be done through the browser.
However, this can be a little awkward for the user too.
No, my firewall catching connections per application, it wasn’t browser or something else and “location streaming” was disabled by default on upgrade, but DC tried to establish connection to amazon.
I think it fixed in 0.303, thank again to Björn !
I have an idea regarding this, to simplify dev’s live and make “location” feature more robust:
Acquire current location from GPS and insert in a message only latitude/longitude in parseble brackets, like [geo:[40° 26′ 46″ N 79° 58′ 56″ W]] and highlight it as a link, so if one need to map it, on click/tap to show list of installed apps that supports maps. Any of them know how to map such data.
This way it would be up to user, what app to use for mapping coordinates and keep DC out of 3rd party libs and offline maps.
