[Disclaimer: This might be (partly) a duplicate.]

VanguardLH <V@nguard.lh> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
>
> > Carlos E.R. <robin_listas@es.invalid> wrote:
> >> On 2024-01-27 22:54, Andrew wrote:
> >>> Carlos E.R. wrote on Sat, 27 Jan 2024 22:30:50 +0100 :
> >>>
> >>>>> The people who take your contacts make it very convenient to
> >>>>> upload them. Did you ever stop to wonder why they make it so
> >>>>> easy to get your contacts?
> >>>>
> >>>> I don't upload them.
> >>>
> >>> Google does.
> >>
> >> So?
> >
> > Indeed. And "Google does" [upload your contacts] is also misleading,
> > because Google only does that if you - implicitly or explicitly -
> > tell/ask them to do so. You can select to not sync contacts or/and other
> > parts of your Google Accounts.
> >
> > The wording also - dishonestly - implies that you give your contacts
> > to Google and that 'hence' Google can and does abuse/misuse/spread that
> > information. That's ofcourse nonsense, because Google would be sued to
> > bits.
> >
> > *Fact* is that *if* you choose to upload your contacts to 'Google', it
> > only gets into *your* Google Account storage. Duh!
>
> Yep. If you do not create a Google account, or assign your phone to
> one, then your phone has no Google account to which it can sync
> anything.
>
> Android settings -> General -> Accounts
> (navpath on my LG V20 smartphone)
>
> You can store your contacts, and other info, anywhere on your phone, but
> they won't get sync'ed anywhere unless you added a sync account. That
> was the whole point of managing accounts in Android was to have one
> place to manage them. In fact, when you install or configure an app,
> you may be asked to select an account already defined. Instead of
> having to go through all the settings to get an app to connect online,
> you reuse an account already defined.
>
> If you delete a sync account, no more sync'ing to it.

Yes, but my point was/is, that even if you *do* have a Google Account
for syncing, "You can select to *NOT* sync contacts or/and other
parts of your Google Accounts.".

So Arlen's '"Google does" [upload your contacts]' is false from any
angle. First - and most importantly - it's not 'uploading' and hence not
the innuendo implied by that term - and secondly, as I wrote, <FS> it
only gets into *your* Google Account storage. Duh! </FS>

Frank Slootweg <this@ddress.is.invalid> wrote:

> VanguardLH <V@nguard.lh> wrote:
> [...]
>
>> Why does this guy remind me of Alan Connor?
>
> You asked yourself that in December 2021 as well about 'Joel' in the
> Windows 10/11 groups.
>
> This was my response:
>
> Message-ID: <sqn87q.qgg.1@ID-201911.user.individual.net>
>
> Can't be bothered to back-track that to see if 'Joel' was 'Arlen'.

I need to retract that. With Alan Connor, if you agreed with him you
were God's right hand, but if you disagreed or even asked for more
information you became Satan. Andrew seems familiar due to his style,
but I can't place him yet. Perhaps your NNTP client's (tin) retention
is longer than mine. How long has Andrew been here? More than 3
months? Maybe he nymshifted. I previously purged messages older than 2
months since the older the thread then the less interesting it is. I
upped retention to a year, but that change was in the last month.

Claims an app can connect to an undefined account. I've experienced the
opposite. I suspect eventually he would suggest I reset my phone, and
load the bundled Gmail app which will divine my Google account. Says
there have thousands of posts here about hiding contacts. "It's so
simple that it's obvious. Elegant. Efficient. Private. Secure." as that
must be so detailed as to help others ... not. Needs prodding to give
details (similar to micky). Thinks his setup on a LAN is of any
importance regarding a solution across devices over the Internet. Makes
statements about WhatsApp that refutes info by WhatsApp and elsewhere.
Belittles others, but he wants apologies from those who contend his
statements ... in Usenet, no less. Claims Internet access to a NAS
device on his intranet is easy, yet doesn't describe how he manages that
so easily compared to how I describe a possible setup. Focuses on
contact lists, but never addresses why unprotected e-mails on the server
with all those contact headers doesn't obviate his solution on
protecting contact lists.

Not everything Andrew says is bogus. There's enough content to keep
interest in reading him, whether I agree with him or not, but it can
take some prodding to get specifics rather than his sweeping claims.
Yes, for some users, keeping their contacts private is very important,
and some methods have been mentioned here, but it's only been about
protecting contact lists, not about the e-mails that contain the
contacts. If a breach can get at your contacts, it can also get at your
e-mails with contact headers.

I'm still looking into how to keep everything encrypted on the server,
including the headers. ProtonMail is too expensive for my very low
e-mail volume. I prefer to use a local e-mail client, not their web
app, and that requires using their bridge (local proxy) that locally
decrypts the e-mail traffic to then handed to the local e-mail client,
but their bridge requires a paid service tier with them. They do
encrypt all content (body and headers) in-situ on their server, so a
breach won't get at my contacts or e-mails (and their headers with
contact info). Their free service tier has me using their web site
instead of a local e-mail account; however, there is an option to send
notifications of new mails in a Proton account to another account, so I
do can get notification by my local e-mail account of new mails at
ProtonMail, but I would still have to use a web browser to see the new
mail. I've found other ProtonMail wannabees, but they don't have the
e-mails themselves fully encrypted, including headers, so a breach could
expose contacts via e-mail headers.

PGP or x.509/SMIME certificates with public/private key pairs encrypt
only the bodies of e-mails, but not the other headers in an e-mail
containing the contact info needed to route and track transfer of
e-mails. Plus, you cannot force your senders to always encrypt their
e-mails to you (after you've given them your public key). The headers
aren't encrypted, because they're needed for routing the message until
deposited into your account, but once in your account the headers could
be encrypted, too.

E2EE server-to-client doesn't protect your e-mails on the server from
hacking or breaches. E2EE client-to-client can protect better, but
that's a scenario hard to do with e-mail built on a trust model with
some security tacked on (PGP/SMIME, SPF/DKIM/DMARC/MX DNS records).
E-mail is intrinsically "open". For users that want their contacts and
messages protected wherever they reside, E2EE client-to-client works,
and easier to implement. E2EE client-to-client for e-mail (with headers
also encrypted) is hard, the solutions a bit clumsy, and may require
getting stuck with HTTPS to a web app at a free service tier.

For now, I use ProtonMail to keep e-mail data (whole messages, so
headers included) protected in-situ on the server. It's configured to
notify my Hotmail account when new messages arrive at ProtonMail. That
gives a URL back to their web site to securely read the new mail. I can
protect my e-mails to others with a passphrase: the recipient has to
enter the passphrase after they are redirected from their e-mail client
to ProtonMail's web app (they don't need to login, just give the
passphrase). Unlike doling out a public key, you need to somehow get
the passphrase to the sender. I configured my ProtonMail account to
always add a PGP public key to my outbound messages to let the recipient
use it to encrypt their message back, but not all e-mail clients support
PGP (or x.509/SMIME), webmail apps typically don't support digital
signing or encryption (lots of users use webmail instead of local
clients), and recipients may not know how to implement encryption in
whatever client they use. Getting a message taking them to ProtonMail's
web site (no login required) to enter a passphrase is much easier for
them to figure out. But separately getting them the passphrase is a
nuisance unless you can allude to the string value by a combination of
info only they would know.

Frank Slootweg <this@ddress.is.invalid> wrote:

> VanguardLH <V@nguard.lh> wrote:
>> Andrew <andrew@spam.net> wrote:
>>
>>> VanguardLH wrote on Sun, 28 Jan 2024 15:10:31 -0600 :
>>>
>>>>> *Fact* is that *if* you choose to upload your contacts to 'Google', it
>>>>> only gets into *your* Google Account storage. Duh!
>>>>
>>>> Yep. If you do not create a Google account, or assign your phone to
>>>> one, then your phone has no Google account to which it can sync
>>>> anything.
>>>
>>> All three of you are always dead wrong because you've never tested it.
>>> I have.
>>>
>>> Try this simple test _before_ you respond and say Google doesn't get your
>>> contacts the very first time you log into your Google account to get email.
>>>
>>> 1. (Optional) Wipe out every vestige of your Google Account on your phone
>>> 2. Create a new contact "Frank Carlos Vanguard, +1-234-567-8910 & save it
>>> 3. Simply tap on the default GMail app, get your mail & close the app
>>
>> How does the Gmail app on your phone know to what Google account to
>> connect to poll for e-mail or to synchronize its local data if there is
>> no Google account on your phone? The Gmail app does not store accounts.
>> It gets them from the account manager in Android.
>>
>> Somehow in your above test you are still connecting to a Google account
>> despite you claim you wiped it off your phone. Since the Google account
>> is gone, how is any app going to connect to a non-existing account? I
>> think your process is flawed, because once signed out of your Google
>> account, and with none available from the Android account manager, the
>> app doesn't know where to connect.
> [...]
>>> Guess what.
>>> Google got your contacts.
>
> His flaw is that he says "Wipe out every vestige of your Google
> Account on your phone", but that does not delete the Google Account
> *itself*, it only wipes out *references (from the phone) to* the Google
> Account. The Google Account still lives happily ever after and the 'Your
> devices' list is still there and kept for 28 days, so also logging out
> on your Android device probably still allows Google to re-connect your
> Android device to your (non-deleted) Google Account.
>
> So 'Arlen' hasn't actually proven anything.

I do see in my online (web) Google account, as part of security showing
which device has connected to your account, it will list those devices.
This is for history, not a reverse connection setup where Google
connects to your phone to reinstate an account definition for Google.

The Google FindMyDevice service runs on your phone. However, without a
Google account online, you don't get that feature. The service has
nowhere to report the phone's location. The service connecting to
Google's servers is of no use if the service on your phone doesn't know
to where it reports the phone's location. You still need to tell the
service on the phone where to report.

Andrew's claim is deleting the Google account defined on the phone will
still have the Gmail app find your Google account. Opposite happened to
me: when I deleted the Google account defined on the phone, the Gmail
app didn't know where to connect.

There are Google apps that still access Google services, like Maps, but
those don't need a Google account to perform basic functions. It won't
connect to your Google account, because you didn't define one, but it
still uses Google's Maps API to access their maps service.

Frank Slootweg wrote on 29 Jan 2024 15:36:20 GMT :

>> I was trying to help you Frank, because you typically choose dumb apps.
>
> <barf!>

Of what ZArchiver claims it does, what isn't to your liking?
https://play.google.com/store/apps/details?id=ru.zdevs.zarchiver

Carlos E.R. wrote on Mon, 29 Jan 2024 14:55:43 +0100 :

> I did not ridicule the use of Microsoft Office.
> I simply said I never use it, in decades.

Microsoft Excel is a perfectly good way to sort, merge & remove dups.
The only better MS Office tool would be Access (but that's overkill).
>> b. Who ridicules copy & sync to maintain a Master DB (but Vanguard)?
>>
>> The objections you three are throwing up are simply absurd.
>> I'm wasting my time trying to explain to you what you can't comprehend.
>
> I'm not throwing objections.

All you had to do was say that you understood the concept of NOT storing
the contacts in the default contact database and that would have been
better.

By throwing up objections (such as the fact that you're the only one on the
planet who doesn't use Microsoft Office on their PC), you were ojecting to
the concept.

Simply state you understand the concept.
And then you can say but it's too much work for you to think.

Mice don't think. They can't put 2 & 2 together. They can't learn anything.
Don't be a mouse.

> You can do what you please, and I will keep
> doing what I please, in this case, using the Android default Address
> Book. To each his own.

As I said, you'd have to think in order not to do exactly what the
well-funded marketing people told you to do - just like this mouse should
have thought before it ate the peanut butter next to this other mouse.
https://i.postimg.cc/dVzTCbvz/mouse1.jpg

> Don't try to teach me how to sync things differently. I know how to sync
> things since computers came with RS232 ports.

I'm trying to help you NOT be that mouse you see above as tomorrow there
will be more (and more after that). Try not to be that mouse, Carlos.

The safest way to not be that mouse is to NOT eat that peanut butter.
The safest place for your contacts is NOT to put them in the default db.

On 2024-01-29 21:20, VanguardLH wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
>
>> VanguardLH <V@nguard.lh> wrote:
>> [...]
>>
>>> Why does this guy remind me of Alan Connor?
>>
>> You asked yourself that in December 2021 as well about 'Joel' in the
>> Windows 10/11 groups.
>>
>> This was my response:
>>
>> Message-ID: <sqn87q.qgg.1@ID-201911.user.individual.net>
>>
>> Can't be bothered to back-track that to see if 'Joel' was 'Arlen'.
>
> I need to retract that. With Alan Connor, if you agreed with him you
> were God's right hand, but if you disagreed or even asked for more
> information you became Satan. Andrew seems familiar due to his style,
> but I can't place him yet. Perhaps your NNTP client's (tin) retention
> is longer than mine. How long has Andrew been here? More than 3
> months? Maybe he nymshifted. I previously purged messages older than 2
> months since the older the thread then the less interesting it is. I
> upped retention to a year, but that change was in the last month.

Andrew first message appeared on 2023-12-21.
Wally J aka Arlen last message was on 2024-01-01

Arlen has also that trait, he insults you if you contradict him. Past
month he was praising me, today I'm stupid.

....

> Not everything Andrew says is bogus. There's enough content to keep
> interest in reading him, whether I agree with him or not, but it can
> take some prodding to get specifics rather than his sweeping claims.
> Yes, for some users, keeping their contacts private is very important,
> and some methods have been mentioned here, but it's only been about
> protecting contact lists, not about the e-mails that contain the
> contacts. If a breach can get at your contacts, it can also get at your
> e-mails with contact headers.

Right.

>
> I'm still looking into how to keep everything encrypted on the server,
> including the headers.

I don't think you can.

> ProtonMail is too expensive for my very low
> e-mail volume. I prefer to use a local e-mail client, not their web
> app, and that requires using their bridge (local proxy) that locally
> decrypts the e-mail traffic to then handed to the local e-mail client,
> but their bridge requires a paid service tier with them. They do
> encrypt all content (body and headers) in-situ on their server, so a
> breach won't get at my contacts or e-mails (and their headers with
> contact info). Their free service tier has me using their web site
> instead of a local e-mail account; however, there is an option to send
> notifications of new mails in a Proton account to another account, so I
> do can get notification by my local e-mail account of new mails at
> ProtonMail, but I would still have to use a web browser to see the new
> mail. I've found other ProtonMail wannabees, but they don't have the
> e-mails themselves fully encrypted, including headers, so a breach could
> expose contacts via e-mail headers.
>
> PGP or x.509/SMIME certificates with public/private key pairs encrypt
> only the bodies of e-mails, but not the other headers in an e-mail
> containing the contact info needed to route and track transfer of
> e-mails.

That can not be done, it breaks transport.

> Plus, you cannot force your senders to always encrypt their
> e-mails to you (after you've given them your public key). The headers
> aren't encrypted, because they're needed for routing the message until
> deposited into your account, but once in your account the headers could
> be encrypted, too.

Maybe. I have my doubts. If they have webmail and you can read email
there, they have the key too.

>
> E2EE server-to-client doesn't protect your e-mails on the server from
> hacking or breaches. E2EE client-to-client can protect better, but
> that's a scenario hard to do with e-mail built on a trust model with
> some security tacked on (PGP/SMIME, SPF/DKIM/DMARC/MX DNS records).
> E-mail is intrinsically "open". For users that want their contacts and
> messages protected wherever they reside, E2EE client-to-client works,
> and easier to implement. E2EE client-to-client for e-mail (with headers
> also encrypted) is hard, the solutions a bit clumsy, and may require
> getting stuck with HTTPS to a web app at a free service tier.
>
> For now, I use ProtonMail to keep e-mail data (whole messages, so
> headers included) protected in-situ on the server. It's configured to
> notify my Hotmail account when new messages arrive at ProtonMail. That
> gives a URL back to their web site to securely read the new mail. I can
> protect my e-mails to others with a passphrase: the recipient has to
> enter the passphrase after they are redirected from their e-mail client
> to ProtonMail's web app (they don't need to login, just give the
> passphrase). Unlike doling out a public key, you need to somehow get
> the passphrase to the sender. I configured my ProtonMail account to
> always add a PGP public key to my outbound messages to let the recipient
> use it to encrypt their message back, but not all e-mail clients support
> PGP (or x.509/SMIME), webmail apps typically don't support digital
> signing or encryption (lots of users use webmail instead of local
> clients), and recipients may not know how to implement encryption in
> whatever client they use. Getting a message taking them to ProtonMail's
> web site (no login required) to enter a passphrase is much easier for
> them to figure out. But separately getting them the passphrase is a
> nuisance unless you can allude to the string value by a combination of
> info only they would know.

--
Cheers, Carlos.

On 2024-01-29 22:22, Andrew wrote:
> Carlos E.R. wrote on Mon, 29 Jan 2024 14:55:43 +0100 :
>
>> I did not ridicule the use of Microsoft Office.
>> I simply said I never use it, in decades.
>
> Microsoft Excel is a perfectly good way to sort, merge & remove dups.
> The only better MS Office tool would be Access (but that's overkill).

Did I say otherwise?

>
>>> b. Who ridicules copy & sync to maintain a Master DB (but Vanguard)?
>>>
>>> The objections you three are throwing up are simply absurd.
>>> I'm wasting my time trying to explain to you what you can't comprehend.
>>
>> I'm not throwing objections.
>
> All you had to do was say that you understood the concept of NOT storing
> the contacts in the default contact database and that would have been
> better.

It is fine for you if you want to do that. I don't.

>
> By throwing up objections (such as the fact that you're the only one on the
> planet who doesn't use Microsoft Office on their PC), you were ojecting to
> the concept.

There are millions that do not use M$ Office. All Linux users, and then
some more.

Should I call you names for you ignoring their existence?

> Simply state you understand the concept.
> And then you can say but it's too much work for you to think.

Arlen, I simply hold a different opinion than you, and I'm not stupid.
You have the trait that if someone doesn't agree with you, you call us
stupid.

So I stop reading here.

--
Cheers, Carlos.

VanguardLH wrote on Sun, 28 Jan 2024 23:36:11 -0600 :

>> It's a simple file copy-&-merge process (removing dups) for Christ sake.
>
> Don't know where you are going there. You argue that protecting the
> contact records is better security. I agree, but that's only half the
> protection. Not securing the e-mails with their contact info is the
> other half. Once I figure out how to secure BOTH is when I'll bother to
> implement both.

Good apps import & export of the standard-format contacts vcf vcard file.
https://i.postimg.cc/Rh89RMHc/contactsexportimport.jpg

I snapped this picture in my wood shop which shows what you're planning.
https://i.postimg.cc/dVzTCbvz/mouse1.jpg

Those are two different mice. One certainly knew about the other.
And yet one fell into the small trap. And one fell into the large trap.

Yet the small trap and the large trap ended up the same for each mouse.
What you're speaking about is the same two similar but different traps.

1. There is the contacts database (which is the big trap).
2. There is the contacts in your email (which is a smaller trap).

It's clear there is much more data in your contacts database than in the
email header since the contacts database contains extra information such as
the name and address and cell phone versus home phone and maybe even a
photo or birthday or other information which the email header doesn't have.

The email header is the small trap.
I'm not denying both traps exist.

I'm just explaining to you (and more to others readings this) the simplest
most effective way to avoid the big trap is to not take the bait in it.

Don't store your contacts in the default Android database & you're fine.
Simply use apps that respect your wishes (via import/export of vcf files).

To avoid the big trap, all you have to do is click the buttons shown below.
https://i.postimg.cc/Rh89RMHc/contactsexportimport.jpg

All good apps that deal with contacts should have both those two buttons.
(Note some apps have only one - which is always import - which is sneaky.)

Good apps import & export of the standard-format contacts vcf vcard file.

Carlos E.R. wrote on Mon, 29 Jan 2024 22:39:20 +0100 :

> You have the trait that if someone doesn't agree with you, you call us
> stupid.

You're wrong. I love to learn from others. I've always loved to learn.

If you gave me a rational sensible & logical reason for telling me the moon
was made of cheese, I'd believe you (if it made any real sense, that is).

But your sole objection to privacy was that you don't use Microsoft Office.
As if Microsoft Office had anything whatsoever to do with the concept.

Any file editor would have worked as well.

What kind of person exists that doesn't know how to use any file editors?
You and who else?

Nobody else.
Just you.

If your objection to privacy made sense, I'd think differently about you.

VanguardLH wrote on Sun, 28 Jan 2024 23:38:51 -0600 :

> No app can connect to an account it is not told about. No phone is sold
> that comes pre-bundled with YOUR Google account defined on it.

Do you realize what you just said?
Probably you do not.

I think you don't understand the concepts.
They're simple.
But you guess at what they mean.
Instead of understanding them.

For example, there's the concept of having a google account.
And then there's a DIFFERENT concept of having it set up on the phone.

Those are two different things that you guess are the same.
They're not.

They're different.

That's the whole point here with you.
You know absolutely nothing about what you're talking about.

Yet you guess.
And you guess wrong.
Every single time.

I said it so many times I'm sick of saying it.
Your brain does not process words.

Let me say it one more time, because you are guessing wrong every time.
1. Even if you never had a Google Account set up on the phone.
2. The instant you get your mail with the Android GMail app...
3. ...that account gets created on the phone...

What part of that simple concept do you still not understand?
Since I've been right in everything I've said, and you've been wrong in
every guess you made, you can easily check what I say (but you won't).

The reason you won't check that what I've said is correct is you prefer to
just guess that I'm wrong (even though I am almost never wrong).

I'm almost never wrong because I don't guess.
I know how it works.
I tested it.

A. Check that there are no accounts set up on your phone.
B. Then do what I just said - log into a Google account (any account)
(It doesn't even have to be your account - but you need the passwd.)
C. The Google GMail app will _create_ that account on your phone.

Worse, it will upload your contacts.
Without you having a chance to tell it not to.

Which is, after all, the concept you most don't understand.

Because if your default Android contacts database is empty,
then there will be nothing for Google to automatically get.

BTW, Vanguard. Becasue you don't understand basic concepts does not make me
a troll. Just stop that nonsense. I've never once been wrong in this
thread.

That you think because you don't understand the concepts makes me a troll
tells me a lot about how your brain works Vanguard. You blame me.

You blame me for you not understanding the basic concepts of how Android
works - and the way you blame me is you call me a troll for explaining
those basic concepts of how Android works to you.

Explaining how Android works does not make me a troll Vanguard.
You call me a troll because it's how you handle your lack of understanding.

I expect two things from you if you are a normal adult.
a. You will apologize for calling me a troll simply for explaining
to you what you don't seem to comprehend even after something like
twenty or thirty posts - where the concepts are super simple things.

b. You will run the test and then say I'm correct - or - if you do not
want to run the test, I understand - but then don't say I'm wrong.

You're just guessing.
And every guess you've made in this thread has been dead wrong.

I tested it.
I know how it works.

You do not.

Frank Slootweg wrote on 29 Jan 2024 16:23:56 GMT :

> His flaw is that he says "Wipe out every vestige of your Google
> Account on your phone"...

I never once said that. So stop guessing (always wrong) at what I said.
I said the best place to put contacts is NOT in the default location.

> but that does not delete the Google Account
> *itself*, it only wipes out *references (from the phone) to* the Google
> Account.

Frank. You are smarter than ten Vanguards & a hundred Carloses so you must
understand that if you've never once set up a Google Account on the phone,
then that Google Account isn't on the phone. Period.

That you claim it is, is simply absurd.

> The Google Account still lives happily ever after and the 'Your
> devices' list is still there and kept for 28 days, so also logging out
> on your Android device probably still allows Google to re-connect your
> Android device to your (non-deleted) Google Account.

Frank - I have so many Google Accounts I can't count them; but I don't have
any of them set up on the phone.

For you to confuse the two concepts is something you're either doing on
purpose or if you can't figure out the difference, then that's just sad.

> As to "Guess what. Google got your contacts.", as I said, it's not
> "Google" - i.e. FUD - which got your contacts, but <FS>"*your* Google
> Account storage"</FS> has got your contacts. Duh!

Frank. I may have been wrong when I said you were smarter than Vanguard and
Carlos because even you show no comprehension that an email address is not
the only thing that is stored in a typical Android users' contact database.

Names. Addresses. Phone numbers. Birthdays are stored too.

Lots of personally identifiable data is stored in a contacts database, most
of which has absolutely nothing to do with sending those contacts an email.

That you don't understand that means you're just guessing.
And you're guessing wrong.

Please do not respond to this message until you can say that you understand
the difference between an email address and a phone number for Gods sake.

VanguardLH wrote on Mon, 29 Jan 2024 14:42:59 -0600 :

> Andrew's claim is deleting the Google account defined on the phone will
> still have the Gmail app find your Google account. Opposite happened to
> me: when I deleted the Google account defined on the phone, the Gmail
> app didn't know where to connect.

A few simple questions you MUST answer for you to learn anything at all.
1. Do you understand the difference between an email address
and the much more comprehensive personally identifying data
that is typically stored in a typical contacts database entry?

2. Do you understand the difference between owning any number of
Google Accounts and setting up an Android phone to have one or
more of them (or none of them) in the Android "Settings > Accounts"?
https://i.postimg.cc/dQHx4SgW/accounts.jpg

3. Do you understand the difference between the privacy inherent in
storing all your contacts entries in the one-and-only default Android
contacts database, versus storing those very same contacts in a
plain (or encrypted) file (and using good apps which import/export it)?
https://i.postimg.cc/yxHpSwGj/importexport.jpg

If you can't say an emphatic YES! to all of those questions,
then that is the fundamental reason you constantly are guessing wrong.

Don't guess what I said because you are guessing wrong.
I never said in this thread to "delete the Google Account".

Not the Google Account that is on Google's Internet servers.
Not the Google Account that is set up in the Accounts settings.

Notice those two things are different beasts.
Completely different beasts.

So stop copying what Frank said that was wrong.
Frank was just guessing.

What I said was that the best place for your contacts is NOT in the default
location on the Android phone (where there is only _one_ default location).

> There are Google apps that still access Google services, like Maps, but
> those don't need a Google account to perform basic functions.

This is true and I said as much, but be careful extending that statement.

It's not as simple as what you just said because when you _log into_ Google
apps on Android - funny things happen on your phone that you don't know.

Bear in mind that the fact you can't figure out the difference between
owning any number of Google Accounts and setting them up as an account on a
phone means you won't be able to understand a thing I'm telling you about
what happens when you log into some of the badly behaved Android Google
apps.

Some Google apps _create_ the Google Account on the phone when you log in.
Others do not.

You do not yet understand that simple concept.

I already know that you're confused because you don't know the difference
between having a Google Account and having one set up on your phone.

Those are two different beasts.
You MUST think of them separately if you're going to understand privacy.

> connect to your Google account, because you didn't define one, but it
> still uses Google's Maps API to access their maps service.

You and Frank don't know the difference between a contact and an email
address (they're different, even if there is a tiny bit of overlap).

A contact, for example, typically contains phone numbers, addresses,
birthdays, and other identifiable data (even a photo perhaps).

An email address does not.

But you and Frank think they're exactly the same, which is why you called
me a troll. You don't understand anything - so when I tell you something
that you don't understand - you immediately call me a troll for that.

Likewise, having a Google Account (hell, I have so many I can't count them)
and having that Google Account set up on your phone are also two different
things.

But you and Frank think they're exactly the same, which is why you called
me a troll. You don't understand anything - so when I tell you something
that you don't understand - you immediately call me a troll for that.

Before you apologize for calling me a troll, you need to think about what
I'm trying to very patiently explain to you - because it's important.

1. A typical contact entry is not the same as an email address.
Nor are the people you email the same people stored in your contacts db.
They're DIFFERENT things. That you don't understand that is a problem.

2. Having a dozen Google Accounts is not the same as setting one or more
of them up on your phone in Android "Settings > Accounts".
They're DIFFERENT things. That you don't understand that is a problem.

All of this started when I purposefully helpfully explained rather
patiently to you that the best place (for privacy) to store your contacts
is NOT in the one-and-only Android location for the contacts database.

You've been wrong in almost everything you've said.
Frank & Carlos also.

None of you understand the difference between a contact and an email
address, and none of you understand the difference between setting up a
Google Account on your phone versus owning any number of Google Accounts.

Until you understand the DIFFERENCE between those simple concepts,
you're just guessing. And you're constantly guessing wrong.

Frank Slootweg wrote on 29 Jan 2024 19:06:35 GMT :

>> If you delete a sync account, no more sync'ing to it.
>
> Yes, but my point was/is, that even if you *do* have a Google Account
> for syncing, "You can select to *NOT* sync contacts or/and other
> parts of your Google Accounts.".
>

You're just guessing, Frank.
And you're guessing wrong.

I too, would have agreed with what you're saying had I not tested it out.

That's the difference between you and me.
You just guess. I don't. I test.

Last I tested this thoroughly (and yes, I reported on it at the time, so
another thing different between you and me is your memory is lacking), the
instant you log into "some" Google apps on Android, that account is
automatically created whether or not you want that account to be created.

Worse... and this is the important part, Frank...

When I last tested this, and I reported on this so you should already know
this to be the case, not only did the first login into the Google GMail app
on the Android phone create the google account on the phone - but it _also_
sucked up your contacts (giving you no advanced warning it would do that!).

Apparently, as I had surmised at the time, the _default_ FMail app setting
is to suck up your contacts - which you can change - but after the fact.

So they got your contacts.
You can change that. So they won't get them again.

But they already got that.
Remember, I ran those tests and I reported on it.

I test.
You just guess.

And that's why you guess wrong.

Frank - the problem with you is you don't understand things to the level
that someone should who is going to say that it doesn't work how it does.

Test it first.
a. Set up your contacts database in a way that you can identify it.
b. Wipe out the Google Account on your phone (if you have one set up).
c. Log into ANY Google Account (it doesn't even have to be yours, but
of course you'll need the password) and that account will be _created_
on your Android phone (check "Settings > Accounts and backup").

Two things happened when I last tested this (and I reported it to you).
1. If you log into an account named "foo", that account is now set up
on your phone in the Android "Settings > Accounts and backup" area).
2. All your contacts are uploaded automatically - you can change that
but it already happened - so you have to know it will happen - which
is one of the reasons I'm explaining this to those who don't know it).

Try it first, before you guess that it doesn't work the way it does.

I test.
You guess.

Andrew wrote on Tue, 30 Jan 2024 00:37:09 -0000 (UTC) :

> Frank - the problem with you is you don't understand things to the level
> that someone should who is going to say that it doesn't work how it does.
>
> Test it first.
> a. Set up your contacts database in a way that you can identify it.
> b. Wipe out the Google Account on your phone (if you have one set up).
> c. Log into ANY Google Account (it doesn't even have to be yours, but
> of course you'll need the password) and that account will be _created_
> on your Android phone (check "Settings > Accounts and backup").
>
> Two things happened when I last tested this (and I reported it to you).
> 1. If you log into an account named "foo", that account is now set up
> on your phone in the Android "Settings > Accounts and backup" area).
> 2. All your contacts are uploaded automatically - you can change that
> but it already happened - so you have to know it will happen - which
> is one of the reasons I'm explaining this to those who don't know it).
>
> Try it first, before you guess that it doesn't work the way it does.
>
> I test.
> You guess.

At the risk of treating you like the children you act like,
when I say "log in" for that test, I mean log into the Google GMail app
(which I had clearly said prior but you children are so desperate to find
a flaw in what really happens that you'll claim I said to log into
the phone or whatever you kiddies do to protect your fragile egos).

1. No account is set up on the phone but you have an account
(it could be your wife's account as whose account doesn't matter)

2. Choose some of the Google apps that do what I claim they do.
Pick Google Voice if you like. Or GMail. Or even logging into Google
Maps last I had tested it out (although Maps changes a lot over time).

Log into _that_ app (the GMail app is the one I had tested the most).

3. Bingo. You now already have a Google Account set up on your phone under
Android "Settings > Accounts and backup" whether you know it or not.

And it has default settings too!

Guess what those settings are (last I checked)?
Yup. You guessed right for once.

They upload your contacts.
Whether you like it or not.

You can _change_ that setting of course.
But they _already got them_ because _they_ created the account so they
got to say what the default account settings were.

The fact you dispute this without testing it first is disconcerting.

It means you want to tell me I'm a troll and that I'm wrong simply because
you don't think it works the way I tested (and reported) it to work.

The main reason you've been wrong in every guess you've made is partly
because you don't understand simple concepts (like the difference between a
contact entry and an email address or the difference between owning a dozen
Google Accounts and having none of them set up as an account on the phone).

But the other part is you're just guessing.
And you're guessing wrong.

All this is simply because I had recommended (based on my tests) that the
safest place to store your contacts is NOT in the default Android database.

"Carlos E.R." <robin_listas@es.invalid> wrote:

> VanguardLH wrote:
>
>> I'm still looking into how to keep everything encrypted on the server,
>> including the headers.
>
> I don't think you can.

There is no further transport when the message reaches the target server
(unless an option to forward from there is enabled). Once in my
ProtonMail account, the entire message can be encrypted, including
headers. Using their web app will decrypt to view. For an IMAP client
retrieving messages, their proxy (bridge) is needed to decrypt before
delivering to the mail client (something akin to how sTunnel handles
encrypted login between inept client to server).

>> ProtonMail is too expensive for my very low
>> e-mail volume. I prefer to use a local e-mail client, not their web
>> app, and that requires using their bridge (local proxy) that locally
>> decrypts the e-mail traffic to then handed to the local e-mail client,
>> but their bridge requires a paid service tier with them. They do
>> encrypt all content (body and headers) in-situ on their server, so a
>> breach won't get at my contacts or e-mails (and their headers with
>> contact info). Their free service tier has me using their web site
>> instead of a local e-mail account; however, there is an option to send
>> notifications of new mails in a Proton account to another account, so I
>> do can get notification by my local e-mail account of new mails at
>> ProtonMail, but I would still have to use a web browser to see the new
>> mail. I've found other ProtonMail wannabees, but they don't have the
>> e-mails themselves fully encrypted, including headers, so a breach could
>> expose contacts via e-mail headers.
>>
>> PGP or x.509/SMIME certificates with public/private key pairs encrypt
>> only the bodies of e-mails, but not the other headers in an e-mail
>> containing the contact info needed to route and track transfer of
>> e-mails.
>
> That can not be done, it breaks transport.

No further transport. Communication at the target server is to client.
The client is polling their account, not a server receiving a message to
further transport to another server. However, their local proxy is
needed to decrypt before delivering to the local client.

Also, encrypting an encrypted document and decrypting the first time
leaves the previously encrypted document. If you encrypt 7 times, you
need to decrypt 7 times to get the original document which might've
already been encrypted with PGP or SMIME.

Their local proxy is not to handle PGP or SMIME encrypted messages.
Those pass through their bridge to get decrypted from the in-situ copy
on their server to deliver to your local client with the original
PGP/SMIME encrypted message.

Without their bridge, you would end up getting gobblety gook in the
messages retrieved from their server.

https://proton.me/mail/bridge

You can't just connect your local mail client to their server to get
your messages. The key for the bridge is different than in your
account, and only you know that key (similar to you having the private
key in a PGP/SMIME key pair). If you don't use their bridge, I'm not
sure how a local mail client is going to handle messages with no
discernable Subject, From, or other headers.

>> Plus, you cannot force your senders to always encrypt their
>> e-mails to you (after you've given them your public key). The headers
>> aren't encrypted, because they're needed for routing the message until
>> deposited into your account, but once in your account the headers could
>> be encrypted, too.
>
> Maybe. I have my doubts. If they have webmail and you can read email
> there, they have the key too.

Not if the encryption is using your login password. Similarly, you can
encrypt a document to send and the recipient uses a passphrase to
decrypt. Yep, they probably have that (password or key), but their
claim is they cannot or will not look into your e-mails on their server.
They are not in a 5-Eyes country, so not subject to an NSL (National
Security Letter) forcing them to divulge e-mails, logging, or any info
about their accounts. I'm sure they are still subject to Swiss laws.

I'm sure they still do have the key (password) for my account for their
web app to decrypt the messages when viewing them there. However, my
concern is not with my e-mail provider looking at my e-mails. It is
with hacking and breaches. If you don't trust an e-mail with your
messages, you shouldn't be using them. However, as you noted for
transport, e-mail was built on a trust model. Making it secure, even
from the e-mail provider, is difficult, but necessarily from hackers and
breaches. Hopefully they have processes in place regarding trust in
using keys/passwords against disgruntled employees stealing data (ever
heard of a gruntled employee?). They claim they cannot recover or read
your e-mails, because they don't have the key/password. If the password
you enter for login is encrypted, and compared against an encrypted
password database, then it's harder for them to peek, but not
impossible.

One of the options in a ProtonMail account is the user can change the
account key (RSA 2048). So, for the super paranoid, the user can keep
changing the key. That still doesn't make it necessarily impossible for
them to get.

Frank Slootweg wrote on 29 Jan 2024 14:57:19 GMT :

>> Since this was covered long ago (I think it may have even been you who
>> found all this out)
>
> Yes, I pointed to this information several times.

BTW, when I use WhatsApp, they don't get anything but the one phone number
that I'm contacting - which you have to admit - is the right way to do it.

I have a good memory. Nobody could be as highly trained in extremely
technical pursuits as I am if they didn't. Which is why it's so frustrating
trying to explain simple things to people like you, Carlos & Vanguard.

You can't figure out the difference between an email address and what's in
a typical contact, nor can you fathom the difference between having a
hundred GMail Accounts and setting one of them up on the phone.

Everything is dumbed down for you people - and you can't get it even then.

Frank - remember when Alan Baker vehemently disagreed that the X-Newsreader
(or was it User-Agent) couldn't possibly be changed - and he went on for
something like two weeks insisting that was the case and I told him that
the headers could be changed - and then you jumped all over me for that?

I remember it.
We discussed it three times (once then, once later & then again).

"We do this by creating a cryptographic hash value of their
phone number, and then delete the number."

"Each cryptographic hash value is stored on WhatsApp�s servers,
linked to the WhatsApp users who uploaded the corresponding
phone numbers *before* they were hashed" (emphasis mine)

Alan Baker has an IQ of a moron, Frank. I dumb things down for him.
I dumb them down for Carlos like you can't believe. Vanguard too.

Neither of them has an IQ even close to approaching normal so even dumbed
down I get arguments from Carlos about no process ever working because he
doesn't know how to use a file editor - and arguments from Vanguard that
span the gamut from sneakernet to culling email addresses out of email.

None of the three of you understand the simple concept of the power
inherent in NOT storing your contacts in the default Android location.

>> They only save the hash of the phone numbers on their servers & they say
>> they will disregard the other data like real addresses and real names.
>> That's what they say so you have to just trust them on it.
>
> They will not "disregard the other data ...", they will not retrieve
> it in the first place! "disregard" is already misleading and FUD.

Say that sentence again _after_ you read this, which I didn't have at the
time I wrote what I had written from memory - but which supports what I had
remembered. https://faq.whatsapp.com/1191526044909364

"We don't *collect* any of the other information that could appear
in your device address book including names, email addresses, etc."

We have to discuss what WhatsApp means exactly by "collect".
I presume it means "save" but you can presume otherwise.

But we'd both be guessing.

If we guess they meant "We don't upload", that would be what you're saying.
If we guess they meant "We don't save", that would be what I was saying.

And don't go down the optional crap because putting a battery in a phone is
also optional. You don't get what you expect if you don't do what they say.

>> Notice I said "all" your contacts and not just the ones that use WhatsApp.
>>
>> I'm going to repeat this for effect because they say that they do save the
>> hash of *every* contact even *before* that contact has joined WhatsApp!
>
> Now - and later - you're mixing up "contact" and "phone number".

I was dumbing it down (but I do heartily agree with you, especially salient
since Vanguard doesn't know the difference between a contact and an email
address) - so sometimes it's important for both of us to be clear. I agree.

We have to be clear, moving forward, between what WhatsApp does with the
phone number versus the (presumably one-way) hash of that phone number.

Maybe not so much with Carlos or Vanguard who can't figure out the
difference (as would be the case with Alan Baker) but at least with you.

> They do *not* retrieve, upload, collect, store, save, <whatever> "contact"s.
> They only retrieve/store *phone number*s. And for non WhatsApp users,
> they store only a cryptographic hash value, not the phone number itself.

But they tie every one of your contacts to you, Frank. They say it clearly.
"Each cryptographic hash value is stored on WhatsApp's servers,
*linked to the WhatsApp users* who uploaded the corresponding phone
numbers *before they were hashed* so that we can more efficiently
*connect you with these contacts when they join WhatsApp*."

> And *because* they only store *phone numbers*, not contacts, they
> *can not* do the dreadful things which you and others say/imply do /
> might do.

With my use model, they don't know if I know my own Aunt Bessie
and if that same Aunt Bessie just joined WhatsApp tomorrow,
but with the use model of most people, they know both instantly.

"Each cryptographic hash value is stored on WhatsApp's servers,
*linked to the WhatsApp users* who uploaded the corresponding phone
numbers *before they were hashed* so that we can more efficiently
*connect you with these contacts when they join WhatsApp*."

What if my Aunt Bessie runs an abortion clinic in a state where it's
illegal? WhatsApp can tell the police that information instantly.

Without me doing a single thing.

All because they hashed the phone numbers in my contacts (assuming
her phone number is in my contacts and assuming I store my contacts
in the default Android location - which is one reason why I don't).

> So now try to remember the difference between a phone number and a
> contact, so we will not have to do this silly dance over and over again.

I agree with you we're using the terms too loosly so moving forward let's
be clear that what's stored in a contacts database is more than phone
numbers (and for Vanguard, what's sent in email is usually just an email
address and not what's typically stored in a contacts database).

However, you need to read this before you respond further, Frank.
https://faq.whatsapp.com/1191526044909364

Don't go down the road of optional because the first line says it's
optional and the last line says if you don't do it you're screwed.

Read that, and tell me where my memory was faulty (as I didn't have that at
the time that I was remembering how _you_ had said it worked - long ago).

BTW, when I use WhatsApp, they don't get anything but the one phone number
that I'm calling - which you have to admit - is the best way to do it.

VanguardLH wrote on Sun, 28 Jan 2024 23:44:38 -0600 :

> WhatsApp still works in its basic mode when you keep
> private your contacts (don't let WhatsApp app read your phone's address
> book).

I use WhatsApp to call people who are in Germany when I'm in Germany and
when I'm in the USA because they use WhatsApp and because it's free as a
result of both of us using WhatsApp over the Internet (as you are aware).

However... two things are very different between how I use WhatsApp and how
the normal average idiot uses WhatsApp in terms of basic human privacy.

1. I use a WhatsApp direct dialer.
2. I don't have my contacts stored in the default Android location.

But most people don't do either of those two things.

So this happens, as described in the WhatsApp web page I referred you to.
https://faq.whatsapp.com/1191526044909364

"Each cryptographic hash value is stored on WhatsApp's servers,
*linked to the WhatsApp users* who uploaded the corresponding
phone numbers *before they were hashed* so that we can more efficiently
*connect you with these contacts when they join WhatsApp*."

*IF* I decide to pay for their next service tier that includes their
bridge, I'll do a test to ensure what they say is what happens. I'll
have my IMAP client connect directly to their e-mail server, and also
through their bridge. I can then see if the headers were encrypted in
the direct connection to their servers.

Oh wait, they don't allow direct connections to their mail servers. You
must use their bridge. Their bridge (proxy) is currently available for
Windows, Linux, and MacOS. For Android and iOS, you need to use their
mobile apps where they could incorporate their bridge to encrypt all
traffic.

When I needed my sister's social security number to complete a title
transfer of my mother's house after she died, I sent you a message via
ProtonMail with a passphrase. She didn't have any clients that support
PGP or SMIME for encrypting messages between clients. When she got my
PM message, she clicks a link to go to PM's web app, and enters the
passphrase. Then she could reply securely regardless of her inept mail
client.

I rarely need someone to send me sensitive info or for me to send it.
In some cases, SMIME gets used to encrypt messages to or from me. In
other cases, I've used PM to emulate PGP/SMIME: the other party doesn't
need a capable client, just a web browser capable of HTTPS. The gov't
is the stupidest of all. They want faxes. Those aren't secure because
they aren't encrypted. There are encrypting fax machines, but you need
a pair setup to communicate with each other. However, even that doesn't
secure a printout sitting in a fax machine's output tray for view by
anyone passing by. Most fax machines are shared, not locked in
someone's private office. If I can convince them to use e-mail, I use
PM to initiate communication with them. They don't need to know
anything about PGP/SMIME, or how to configure their clients, if capable,
to support PGP/SMIME.

Since I must use their bridge to get e-mails from their server, and I
cannot directly connect my IMAP client to get messages from them,
there's no way for me to verify their claim that all content is
encrypted on their server. Possible I could use a packet sniffer (e.g.,
Wireshark, Nirsoft Sniffer) before their bridge to see what the traffic
looked like that was delivered to the bridge. However, to do any of
that requires a minimum $48/yr subscription. Too pricey for a
freeloader, like me, for low e-mail traffic and even much lower need for
encrypted messaging.

Frank Slootweg wrote on 29 Jan 2024 15:14:31 GMT :

>> Start with the first sentence that reads "Contact upload is an optional
>> feature".
>
> The main problem, is that "Contact upload" is a misnomer. WhatsApp
> does *not* upload your "contact"s.

Frank - you're the only one whose IQ even approaches normal so I'm going to
try to get you to clarify what they do say and what they leave us to guess.

"We don't *collect* any of the other information
that could appear in your device address book
including names, email addresses, etc."

First off, as we discussed, they do call it "contacts" and they certainly
know the difference between a phone number and a contact (which is more
than just a phone number in most cases, as both of us are well aware).
https://faq.whatsapp.com/1191526044909364

First off, (as you're aware), it's titled "About contact upload" for a
reason. We can only guess that reason. But they know what a contact is.

Secondly, they use it to compare you to other people when they clearly say:
"allows us to check *which of your contacts* in your device's
address book are also WhatsApp users"

What "address book" is that (notice they also call it an "ADDRESS" book)?
It's clearly your default Android contacts sqlite database, right?

What's in that default contacts sqlite database, Frank?
Yup. You guessed right for once. Names. Numbers. Addresses.

They say that they "update your contact list" again, Frank, when you and I
both know they know the difference between a contact & a phone number.

"It also means *we can update your WhatsApp contact list*
when *your contacts* who aren't using WhatsApp yet sign up later."

Again and again and again they use the word "contacts" Frank.
"We care about your privacy and we don't share your contact list"

And certainly they KNOW the difference between a phone number and a
contact, Frank, so you guessing that they have no clue must be wrong.

They know EXACTLY what they're saying, Frank.
It's a legally binding document.

"Each cryptographic hash value is stored on WhatsApp's servers,
*linked to the WhatsApp users* who uploaded the corresponding phone
numbers *before they were hashed* so that we can more efficiently
*connect you with these contacts when they join WhatsApp*."

While both you and I know that a "contact" and a "phone number" are not the
same thing (although they overlap), we're forced to guess what "COLLECT"
means in their document when they say:
"We don't collect any of the other information
that could appear in your device address book
including names, email addresses, etc."

We have to guess what "collect" means, Frank.
a. You seem to think it means "upload", as in:
"We don't _upload_ any of the other information..."
b. But I see it could mean "save" just as well, as in:
"We don't _save_ any of the other information..."

The fact they keep discussing the "address book" and that they keep calling
it "contacts" leads me to tend to lean toward the latter, & not the former.

The problem you and I have here is we are forced to "GUESS" what the word
collect means, but given they constantly talk about the contacts and the
full address book, I lean toward they saying they disregard it.

Andrew <andrew@spam.net> wrote:
> Frank Slootweg wrote on 29 Jan 2024 15:36:20 GMT :
>
> >> I was trying to help you Frank, because you typically choose dumb apps.
> >
> > <barf!>
>
> Of what ZArchiver claims it does, what isn't to your liking?
> https://play.google.com/store/apps/details?id=ru.zdevs.zarchiver

If you had read - for comprehension - what you snipped, you would have
known why, for *me*, my tool is better than ZArchiver.

But that has been your problem in *all* these - now six - scenarios in
these sub-threads, you don't manage to follow the discussions and you
fail to read for comprehension.

Andrew <andrew@spam.net> wrote:
> Frank Slootweg wrote on 29 Jan 2024 16:23:56 GMT :
>
> > His flaw is that he says "Wipe out every vestige of your Google
> > Account on your phone"...
>
> I never once said that. So stop guessing (always wrong) at what I said.

Earth to Arlen: Guess what the double quotes mean? It was an exact
verbatim quote of what you *did* say.

[The usual dodges, diversions and yet another army of straw men deleted.]

VanguardLH <V@nguard.lh> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
>
> > VanguardLH <V@nguard.lh> wrote:
> > [...]
> >
> >> Why does this guy remind me of Alan Connor?
> >
> > You asked yourself that in December 2021 as well about 'Joel' in the
> > Windows 10/11 groups.
> >
> > This was my response:
> >
> > Message-ID: <sqn87q.qgg.1@ID-201911.user.individual.net>
> >
> > Can't be bothered to back-track that to see if 'Joel' was 'Arlen'.
>
> I need to retract that. With Alan Connor, if you agreed with him you
> were God's right hand, but if you disagreed or even asked for more
> information you became Satan. Andrew seems familiar due to his style,
> but I can't place him yet.

It's blatantly obvious that he's 'Arlen Holder'. Carlos and I have
been calling him "Arlen" and he has not objected, so ...

> Perhaps your NNTP client's (tin) retention
> is longer than mine. How long has Andrew been here? More than 3
> months? Maybe he nymshifted. I previously purged messages older than 2
> months since the older the thread then the less interesting it is. I
> upped retention to a year, but that change was in the last month.

I could find out since when this nym popped up, but it doesn't matter.
It's just one of many, probably getting close to a hundred. Just
recently he seems to be recycling yet another old nym.

> Claims an app can connect to an undefined account. I've experienced the
> opposite. I suspect eventually he would suggest I reset my phone, and
> load the bundled Gmail app which will divine my Google account. Says
> there have thousands of posts here about hiding contacts. "It's so
> simple that it's obvious. Elegant. Efficient. Private. Secure." as that
> must be so detailed as to help others ... not. Needs prodding to give
> details (similar to micky). Thinks his setup on a LAN is of any
> importance regarding a solution across devices over the Internet. Makes
> statements about WhatsApp that refutes info by WhatsApp and elsewhere.
> Belittles others, but he wants apologies from those who contend his
> statements ... in Usenet, no less. Claims Internet access to a NAS
> device on his intranet is easy, yet doesn't describe how he manages that
> so easily compared to how I describe a possible setup. Focuses on
> contact lists, but never addresses why unprotected e-mails on the server
> with all those contact headers doesn't obviate his solution on
> protecting contact lists.

Good summary and that's only of this thread! :-)

> Not everything Andrew says is bogus. There's enough content to keep
> interest in reading him, whether I agree with him or not, but it can
> take some prodding to get specifics rather than his sweeping claims.

For me, there's way too much noise and hardly any signal, so I filter
most of his nyms. This one not yet, mainly because of his
misrepresentations about me, what I did (not) say, etc.. But it has -
again - gone way beyond ridiculous, so I'm limiting my responses to the
minimum.

> Yes, for some users, keeping their contacts private is very important,
> and some methods have been mentioned here, but it's only been about
> protecting contact lists, not about the e-mails that contain the
> contacts. If a breach can get at your contacts, it can also get at your
> e-mails with contact headers.

Indeed. That aspect, which you raised repeatedly, seems to escape :-)
him completely. He's very careful about keeping *other* people's contact
information in his safe, locks all the windows and doors in his house to
keep the thieves out, but while doing all that, he sends his *own*
contact information out the front door, ready to be (ab)used by others!

The mind boggles!

[...]

VanguardLH <V@nguard.lh> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
>
> > VanguardLH <V@nguard.lh> wrote:
> >> Andrew <andrew@spam.net> wrote:
> >>
> >>> VanguardLH wrote on Sun, 28 Jan 2024 15:10:31 -0600 :
> >>>
> >>>>> *Fact* is that *if* you choose to upload your contacts to 'Google', it
> >>>>> only gets into *your* Google Account storage. Duh!
> >>>>
> >>>> Yep. If you do not create a Google account, or assign your phone to
> >>>> one, then your phone has no Google account to which it can sync
> >>>> anything.
> >>>
> >>> All three of you are always dead wrong because you've never tested it.
> >>> I have.
> >>>
> >>> Try this simple test _before_ you respond and say Google doesn't get your
> >>> contacts the very first time you log into your Google account to get email.
> >>>
> >>> 1. (Optional) Wipe out every vestige of your Google Account on your phone
> >>> 2. Create a new contact "Frank Carlos Vanguard, +1-234-567-8910 & save it
> >>> 3. Simply tap on the default GMail app, get your mail & close the app
> >>
> >> How does the Gmail app on your phone know to what Google account to
> >> connect to poll for e-mail or to synchronize its local data if there is
> >> no Google account on your phone? The Gmail app does not store accounts.
> >> It gets them from the account manager in Android.
> >>
> >> Somehow in your above test you are still connecting to a Google account
> >> despite you claim you wiped it off your phone. Since the Google account
> >> is gone, how is any app going to connect to a non-existing account? I
> >> think your process is flawed, because once signed out of your Google
> >> account, and with none available from the Android account manager, the
> >> app doesn't know where to connect.
> > [...]
> >>> Guess what.
> >>> Google got your contacts.
> >
> > His flaw is that he says "Wipe out every vestige of your Google
> > Account on your phone", but that does not delete the Google Account
> > *itself*, it only wipes out *references (from the phone) to* the Google
> > Account. The Google Account still lives happily ever after and the 'Your
> > devices' list is still there and kept for 28 days, so also logging out
> > on your Android device probably still allows Google to re-connect your
> > Android device to your (non-deleted) Google Account.
> >
> > So 'Arlen' hasn't actually proven anything.
>
> I do see in my online (web) Google account, as part of security showing
> which device has connected to your account, it will list those devices.
> This is for history, not a reverse connection setup where Google
> connects to your phone to reinstate an account definition for Google.

You're right. This path, while technically possible, isn't very
likely.

In the meantime it has become clear that 'Arlen' re-entered the login
credentials of his Google Account into the Gmail app on his so, so the
(reference to) his Google Account got re-created on his phone. Duh!

[...]

Andrew <andrew@spam.net> wrote:

[Very long-winded series of dodges, diversions and straw men deleted.]

BUT, you finally seem to grasp and acknowledge the only *relevant* bit:

> > So now try to remember the difference between a phone number and a
> > contact, so we will not have to do this silly dance over and over again.

On 2024-01-30 00:02, Andrew wrote:
> Carlos E.R. wrote on Mon, 29 Jan 2024 22:39:20 +0100 :
>
>> You have the trait that if someone doesn't agree with you, you call us
>> stupid.
>
> You're wrong. I love to learn from others. I've always loved to learn.
>
> If you gave me a rational sensible & logical reason for telling me the moon
> was made of cheese, I'd believe you (if it made any real sense, that is).
>
> But your sole objection to privacy was that you don't use Microsoft Office.
> As if Microsoft Office had anything whatsoever to do with the concept.

I objected to the method offered, because it used M$O, which I don't
even have nor can use, and you know that. You know I use Linux.

You can, if you wish, explain some other method, for curiosity shake,
but you must know I will not use it. This is a conscious and meditated
decision.

On 2024-01-24 23:45, Andrew wrote:
> My master contacts database file has over three hundred entrees.
> Yet Windows 10 Thunderbird handles it (import/export).
> And Android handles it (import/export).
> Microsoft Office handles it too (Excel merges fields & removes duplicates).

On 2024-01-26 09:44, Frankie wrote:
> You're making this about a million times harder than it really is.
> Have you never used Microsoft Office not even once in your life?
> How much trouble can you have synchronizing a simple MS Office file?

To which I replied:

On 2024-01-27 22:33, Carlos E.R. wrote:
> I don't use MS Office, ever.

That's all.

>
> Any file editor would have worked as well.
>
> What kind of person exists that doesn't know how to use any file editors?
> You and who else?
>
> Nobody else.
> Just you.

Really, Arlen?

>
> If your objection to privacy made sense, I'd think differently about you.

Really?

I'm simply not interested in your method of "syncing contacts". I'm not
interested in adhering to your view of privacy. I'm happy with using
Google Contacts, and I'm satisfied with their Privacy Policy inside the
European Union. I have to do nothing. This is a conscious and meditated
decision.

I am not going to even consider your methods.

And please remember that I do know how to sync files, and did so, since
the computers came with RS232 ports several decades ago.

--
Cheers, Carlos.