🔐 ❓️Privacy as it Relates to Flutter & Google

[zicklag]

Hey there, this app looks pretty nice and similar to something I've thought about making. I noticed your choice of using Flutter for the UI which seems to be a great choice from a features and beauty perspective. I myself considered using flutter for a privacy focused application but then I thought twice about it when I saw that the Flutter SDK had telemetry enabled by default and it made me a little bit nervous about using it.

It made me wonder whether or not I could really trust Google and Flutter when I wanted to make a privacy and security oriented app. What are the chances that the app crashes and Flutter goes and sends a crash report containing my user's confidential data to Google? Is there a way we can be sure that it's impossible for this to happen?

I'm not saying that this is a problem, this is just a question that came to mind and I wanted to hear your thoughts on it.

Is it safe to depend on Flutter if privacy is the ultimate goal for the application? What are the risks if any?

[sunhuachuang]

Sorry, I didn't really notice this problem before.

But now all data (including accounts and keys, etc.) are accessed through the jsonrpc interface to the underlying rust service.
Flutter does not save any data, it is only used for drawing UI, just like the web front end.

I don’t know if it can prevent some security issues. If not, maybe we have to consider use some to replace flutter. The cost will not be too high. Because the core logic is in the rust program.

Do you have links to reports and article analysis in this area?

[zicklag]

Do you have links to reports and article analysis in this area?

No, it was really just my own personal concern when I saw the telemetry note in the CLI.

[joeydarko]

hi, I'm so glad to hear someone raise this kind of concern. I understand why you feel "a little bit nervous". Let me explain our views from our perspective :)

First thing first. The last letter of ESSE means engine. This means that ESSE itself is not a complete application, but the core component of the application. In other words, in essence, the true form of ESSE does not include the GUI part. It is also planned to separate the cross-platform GUI part into an independent project in the future major version iterations. If this project is sufficiently supported, I personally hope that there will be multiple sets of native and secure GUIs for users to choose from.

Secondly, the reason why we chose to package and release the entire project is because we hope that more people can pay attention and participate in it. At present, it is difficult for a program without a user interface to get the attention of developers or users. For example, our P2P lib chamomile and frameworks TDN did not get much attention. This prompted us to do more, including GUI, to show what we really want to express -- your privacy only exists if you care about it. We hope to cross the most platforms at the lowest cost and give good technical examples. From this point of view, Flutter seems to be a good choice.

Don't get me wrong. I am not saying that we can ignore your concerns. As Sun said, in the process of choosing Flutter, we did not pay attention to the possibility of this potential information leakage. We will delve into their code to check what you mentioned in the follow-up development.

From the perspective of code implementation, we use Flutter as a very thin presentation layer, and it is not responsible for any data persistence. All data operations are implemented by the ESSE ontology of the underlying rust.

From my personal point of view, the security issues you mentioned about Flutter did not make me nervous, because we can still know what it does by reviewing its code. Hope this explanation can make you less nervous.

In addition, as engineers, we always need to rely on the results of other people's work. Think about it, our code always needs to rely on the environment and dependencies provided by other people, and operating systems, hardwares, and so on. In any case, you always need to choose to trust some of them. I would rather choose open source projects, at least we still have options. But the reality is that we have no choice in many cases, these are what we should really worry about. And this is the fundamental reason why we started this project.

Privacy protection is a humongous topic, and there is endless work to be done. It’s great that you are concerned about these privacy risks. Welcome to discuss in more depth :)

[zicklag]

Secondly, the reason why we chose to package and release the entire project is because we hope that more people can pay attention and participate in it.

Totally understand. I think it's a great approach. I very much agree with all of the decisions I have seen that you guys have made so far in the design and approach. I'd have to get into it more, and I hope to, but it looks like you guys are doing it right. There's a incredible value to presentation, and Flutter is great for that.

From the perspective of code implementation, we use Flutter as a very thin presentation layer, and it is not responsible for any data persistence. All data operations are implemented by the ESSE ontology of the underlying rust.

Excactly how I'd want it. 👍

From my personal point of view, the security issues you mentioned about Flutter did not make me nervous, because we can still know what it does by reviewing its code.

Yep. I considered that myself when making my own project, it was just more than I was willing to attempt to tackle by myself. Even just the dart SDK by itself has 4.7M lines of code so I didn't feel confident in my ability to find privacy problems.

In addition, as engineers, we always need to rely on the results of other people's work. Think about it, our code always needs to rely on the environment and dependencies provided by other people, and operating systems, hardwares, and so on.

Absolutely. I am personally very likely to use somebody elses tool over having to write my own if at all possible. It's how I'm able to get a lot of work done in many cases, by using libraries and tools that do at least a piece of what I need to.

Don't get me wrong, I would personally love to use Flutter. It is beautiful and it's hard to overestimate the value of a good UI, especially when we are Open Source tools trying to compete with companies with a lot of money. As long as big business are still more convenient than our privacy-centric Open Source tools, people will continue to use the tools by the big business. Making beautiful, functional, and convenient Open Source apps therefore is crucial to actually accomplishing a lot of what, I immagine, you are setting out to accomplish. Flutter is a means to that end and a very applicable tool for this use-case.

I was just concerned that if google was sending crash-reports to their servers with screenshots of my messaging app or something similar that I might be couteracting the very goal for the app to exist in the first place.

I'm not sure if this is even a concern, though. I have nothing to back my nervousness other than Google's history of being very anti-privacy. My internet access is limited ( no search engines other than GitHub ) so I can't look around much, but I wonder if anybody else has done any research into this at all.

Privacy protection is a humongous topic, and there is endless work to be done. It’s great that you are concerned about these privacy risks.

Well I'm glad you thing it's good I brought it up! 🙂 Again, I think you guys are working towards exactly the kind of thing I've been thinking about making, but haven't had the time to really work on or anything. And in Rust! I'm looking forward to trying this stuff out and maybe contributing ( if I get the time, of course ).

[zicklag]

Also, just to be clear, I'm not in any way trying to say that you shouldn't use Flutter for your app.

I'm being extra critical because I need to figure out whether or not I'm comfortable using it, and because you guys have a lot of the same goals from an app perspective, I found somebody I could discuss the issue with. :)

[zicklag]

Interestingly there's already an issue open on the Flutter repo where someone argues that Flutter's current default-enabled telemetry is actually illegal in the EU due to GDPR: flutter/flutter#73657. At least the GDPR is somewhat on our side in this respect and sombody is already pointing the finger at Google for the violation.

[zicklag]

Also worth mentioning, the telemetry they mention in the Flutter docs really only referrs to the Flutter CLI and it is supposedly anonymized sufficiently. Here's the link to the docs where it is mentioned:

https://flutter.dev/docs/get-started/install/linux#run-flutter-doctor

So this doesn't mean that there is necessarily telemetry built into the apps built with Flutter. I belive it's probably unlikely that they put telemetry in the actual app.

[zicklag]

I've decided that I'm comfortable using Flutter unless something drastic pops up that changes my mind. 🙂 It really is the most compelling UI framework I can find right now and it would be unreasonable not to take advantage of it if there aren't any real problems with it.

[sunhuachuang]

Well, let's keep tracking it. If have new feedback, share it here.