The aim of this feedback is mostly to make sure that the GitHub preview for this forthcoming PR is generated, given that this PR adds a new recommendation page. I can provide more detailed feedback on GitHub once you open the PR and the preview is built.
For the recommendation page itself
[Line 5] Description needs to be changed.
As noted here, if an app is distributed through multiple places, F-Droid should not be listed as a download method unless it is a developer-operated repository. Any discussion on this should be in a separate thread.
Everything else
Per the docs for contributing to the site, please make sure that the cover you choose for the recommendation page is from Unsplash for licensing reasons.
You should add a new section in tools.md and an entry in mkdocs.yml
Here’s my take on it. HERE seems like a pretty bad option for privacy with the telemetry and account stuff, even if it’s optional. It’s also proprietary which I’m not a fan of.
Magic Earth seems better but again it’s proprietary with some stuff like weather that’s not going to be super privacy friendly.
It seems that we’ve both reached the same conclusion here which is that Organic Maps and OsmAnd are clearly the most private options, so I’d say the best thing to do is make open source a requirement and just list those two for now. Can always expand it later if needed. I just really think that when you’re dealing with a navigation app that’s going to be using your location constantly and seeing your movement habits it’s very important to have strict standards.
I think the fact that Organic and OsmAnd don’t have any traffic information is a big downside. For me personally, this would make the apps completely useless and I’d just end up using something like Google Maps. And then in my case I also found the OSM map data not too great (meaning Magic Earth is not usable enough on its own, need to look up places in e.g. GMapsWV first), while HERE’s map data is much better where I live.
Also all 4 apps can be used completely offline if needed, so I think it would be better to add more warnings or explanations on what data may be sent to the provider rather than just listing the two most private but relatively useless options.
What do you think about having a two-tier list, “completely private options” (Organic, OsmAnd) and “less private but have some extra features you may need and are much better in terms of privacy than Google Maps” (Magic Earth and HERE)?
Similar to how we have two sub-categories “PGP supported” and “PGP not supported but still worth mentioning” in the email providers.
HERE in 2020 seemed to do some targeted advertising per WIRED, see
Also, it is good to know that they are owned by a consortium of 3 car company. On the one hand, I see this as a clear incentive for not doing shady stuff as they don’t need to for money.
On the other hand, car companies now have a bad reputation for privacy.
It is based in the Netherlands, so it will most likely follow GDPR.
I would appreciate some feedback from team members on the pull request (@jonah ?)
Specifically I think we should first decide whether we’re happy with the requirements, and then in a second step agree whether the proposed recommendations agree with these requirements?
Minimum Requirements
Must not collect PII per their privacy policy.
Must not require users to create an account with them.
Must not require users to share location data. If the user opts in to sharing their location, this data must be anonymized.
Maps can be downloaded and the app used entirely offline.
Best-Case
Apps should be open source.
Should have route planning for public transport.
Should have real-time traffic information for route planning.
Should have advanced features (that users may expect coming from Google or Apple Maps) such as detailed shop/POI information and reviews, topographic maps, and satellite and streetview images.
**I believe we shouldn’t include any app that we suspect might be privacy-invasive. **This isn’t very clear, but fox example HERE has 1 trackerand request 26 permissions (silent and explicit) - while Magic Earth has no tracker and request 23 permissions.
Also, proprietary maps are mostly useful for live data, so we should be clear that while they can be used offline, you’ll lose that.
I believe any app with any tracker per Exodus should be excluded. I know app might still tracker with 0 Exodus, but since location data is so sensitive we need to be super careful.
I totally agree, Organic Maps and OsMand are “almost” unusable when you need traffic info, Magic Earth and Here aren’t perfect, but they’re still much better than Google Maps, and a dual category seems like a very good idea.
If you refer to the Exodus report, the one “tracker” is just “Facebook Login”, because if you want to create an account to sync your bookmarked places you have the option to log in with your FB account. I don’t think this is a “tracker” per se.
But that again has the problem that there’s no open source app with traffic info, which I think is essential for a navigation app, at least outside of rural areas
Just to focus back on stand alone GPS units, I think Garmin Drivesmart units can be a good alternative to using an app on your phone. I have one and it’s not linked to anything. No email, no login, no account, etc… and things like device data reporting and travel history can be turned off. It has traffic updates when you use the charging cable with traffic receiver and things like nearest gas, food, etc… You can use a propretary Windows app to update maps (Garmin gives you free lifetime map updates btw, at least in North America, not sure about anywhere else) but it’s not required. I update my unit when stopping at a starbucks or hotel via wifi.
The downside is if you wanna use all the "fancy"features like weather, more accurate traffic updates, see your text messages, etc… then you have to connect it to your phones bluetooth. I don’t need any of that so I never use it. It can also be cumbersome to remember to bring it with you or risk leaving it in your car at all times.
The harsh reality is that the only viable option with traffic data is Google (or Waze which is Google). I use Google Maps without an account in incognito.
I’m not sure what use if a GPS tool without traffic data. At least, where I live.
The problem is that in some places, OSM data is almost nonexistent. Besides, not using live data can cost half an hour in rush hours since you are not informed of any accident road closures and etc.
So, we should put a warning about OSM’s limitations. Magic Earth can provide live data and it’s a middle ground; but still tied to OSM.
If we are looking for proprietary tools, then Tomtom Amigo can be a candidate as well. (Don’t confuse with Tom Tom go which is the paid app).
I mentioned this trick in the PR as well. It is certainly helpful for some situations like if you go on the motorway and want to check beforeahand if there’s any accidents on the way where you should leave at the exit before. But not good enough for city traffic where every road will appear red or orange.
I’ve been using that after it was recommended on the Calyx subreddit for having a better privacy policy than some other apps. It’s like my Tom Tom satnav but the live traffic and speed camera info is free!
According to Exodus Privacy it has 7 known trackers (Sentry, LeanPlum, MixPanel, Adjust, Google Analytics, CleverTap, Google tag Manager), but DuckDuckGo App Tracking Protection says it blocks just 3 (Adjust, Functional Software and MixPanel).