Thinking about privacy

My business phone is an Android phone. I didn't like it. Setting it up was painful as I had to deny so many requests for data and information (mind yer business!) It was never a pleasant experience. But I didn't think I could anything about it as it's a Nothing CMF Phone 1. You can only install something like Graphene on a Pixel phone.

And I wasn't buying one just to do that.

But then I discovered /e/os which did have an image for Nothing phones. Installation wasn't too bad. I think you'd struggle if you didn't have technical knowledge to know where it's going wrong, or what it's expecting. Such is life for FOSS projects and normal people. In my case it was throwing an error when it was trying to write the image. I was using Linux and I needed to install fastboot tools on the Linux box.

May as well be speaking a foreign language for normal people. But it worked. It is working flawlessly. I have decoupled everything from Google now (the phone was the last thing).

I am happy.

But, as I was feeling a little privacy conscious I came across this discussion on Mastodon where somebody had got bored and looked at what the leading LLM's were doing with data gathering. They just used uBlock to see what was happening. It's not surprising. Although Mistral is a pleasant surprise.

People have forgot how the backend of a lot of things work. It's just an app on their phone to them. There's probably a discussion linking what information is being gathered like this, and how people are using LLM's. Imagine those using them as a therapist. Combined with this data gathering.

If I had children I'd probably be having a conversation with them about things like this.

Anyway - here it is below.

Claude:
Six parallel telemetry pipelines. A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block. Intercom running a persistent WebSocket whether you use it or not. Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.

ChatGPT:
Proxies telemetry through their own backend to hide the Datadog destination URL from blockers. uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn’t enough. Also ships your usage data to Google Analytics. OpenAI to Google, you cannot make this up. Also runs a proof-of-work challenge before you’re allowed to type anything.

Gemini:
play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you’ve ever done across every Google product since 2004. Also creates a Web App Activity record in your Google account timeline. Also has “ads” in one of the telemetry endpoint subdomains. When uBlock blocks Gemini’s requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.

All three of these products cost money. One of them is also running ad infrastructure.

Mistral:
Two blocked requests. Cloudflare Insights (“is the site up”) and a single Intercom beacon POST that didn’t even retry - that’s it. no Statsig. no tracking GIFs. no Google Analytics. no distributed tracing. no proof-of-work challenge. no KETCHUP_DISCOVERY_CARD nothing. A French AI company nobody talks about is running the cleanest frontend in the entire field by a factor of roughly 150x and we’re all sleeping on it

les français ont tout compris