Purism Explains Why There Are Trackers In Librem One Chat

Lmao, so they first have the guts of selling free open source apps without creditting their source, they also accidently included trackers.

2 Likes

Matomo, Google’s Firebase Analytics and Amplitude. The latter of which is an ad tracking platform best known for its affiliation with Microsoft, Twitter and other companies.

I had been watching them for past 6mo trying to build trust and faith, this knocks them back down much closer to all the “other players” level :confused:
sigh.

Rankin reiterates that the company upstreamed the Librem One Chat app from the Riot Android app, and discovered those same trackers a few days ago.

this also pisses me off and I cannot imagine it is any different with riot desktop or riot.im run in browser? matrixhq/newvector team is scaring me. Please @The Grid-Sunrise project stay strong and move us forward!

1 Like

to be fair to riot android I asked instead of stressing out over it further:
https://matrix.to/#/!GnEEPYXUhoaHbkFBNX:matrix.org/$155734131622590aOGNJ:privacytools.io?via=matrix.org&via=chat.weho.st&via=tchncs.de

aiui, 2 of 3 trackers were accidentally included (google fire analy and amplitude and appears confirmed thru exodus:
https://reports.exodus-privacy.eu.org/en/reports/72513/

vs purism’s version, still tainted?
https://reports.exodus-privacy.eu.org/en/reports/73458/

but still… (and the conversation continues in #riot-android:matrix.org

Fdroid version according to Classysharkexodus

Matomo (Piwik)

*Matomo (Piwik)
59org.piwik

1 tracker

yeah, seems bizarre that Riot would include these trackers by default.

According to Classysharkexodus, there are no trackers in Librem One Chat

1 Like

@crossroads Could I trouble you to run the same test on the riot client? I’m really curious.

I have Riot installed from F-Droid, so it’s the same as @craigevil mentioned

Hopefully these are just growing pains.

The Librem One is a bit too pricey for me right now, but I would love a properly supported phone where you don’t have to fight every step of the way.

sorry, thought he was referencing purism chat.

I was asked for a quote on this article and they didn’t use it. I was mad because I was certainly not nice to Purism for this and they wrote a puff piece instead.

1 Like

They removed the trackers when they were contacted about this article. They had 3 originally, and then disabled them.

@blacklight447

have the guts of selling free open source apps

This isn’t technically true. What they are selling is the hosted service their branded forks of those apps are pre-configured to connect to. The apps themselves can be downloaded gratis.

without creditting their source

I agree the lack of attribution and links to source code is a problem. But it’s not like they went to great lengths to disguise the sources of the code. For now, I’m willing to believe it was an oversight, motivated by their strategic goals of keeping their communications simple enough for non-geeks to understand.

@shilu

seems bizarre that Riot would include these trackers by default.

Why? New Vector are VC-funded, that’s the sort of thing that happens when you’re trying to keep your company going and generate a 10x return for VCs. I think it would be more bizarre if Purism, who are totally customer-funded through crowdfunding and device sales, knowingly included trackers.

@danarel

They removed the trackers when they were contacted about this article.

They said that’s because they didn’t know about them until then, because they trusted the upstream Riot code. If you can get hold of a copy of the gOgle Prey Store version of the Riot app from the point Purism forked their code, or of the Riot code on that date, and prove that the trackers weren’t in Riot, then you’ve got a case that Purism are lying. Otherwise, as indicated above, I see no obvious reason not to take them at their word.

That they did not look sufficiently at the code to know what was in it before releasing with their name on it seems equal disconcerting.