Privacy on mudita kompakt?

Hi all,

Just got a mudita kompakt this week and am really enjoying it so far. I am wondering how many others have been interested in this phone from a privacy perspective – I am trying it out because other eink phones are really bad in this regard.

There are a few things I’ve noticed in trying to configure privacy related settings, and wanted to know if others had any success.

First, the private DNS settings seem to either be locked or not working, even using a tool such as ADB. When I run a command to turn on private DNS it cause the screen to flash and the phone to repeatedly reset. When I disable private DNS then the phone functions as normal. Is there someway to get private DNS services working for the phone? My current workaround is to run everything through a VPN which has its own DNS service for blocking trackers and the like.

Second, as mentioned in another thread, there seems to be regular “phone home” calls that apps make in the phone (to a domain sentry.mce.one). This is one is a bit of a pain from a privacy perspective, as it means that Mudita’s servers have regular access to where / when I am using the phone, my IP address, and possibly other identifying information. I trust the company, which is why I am not too worried about it, but wonder in the future if the app tracking / telemetry could be turned off inside the phone with an “opt out” feature. It doesn’t make sense to have an offline + feature if every time the phone is turned back on it will connect to these servers.

All in all I am very impressed with this phone, especially how quiet it is in terms of talking to the internet, even while running an encrypted messaging service such as Signal in the background.

Keep up the good work!

Hi @hman, thanks for bringing this up! Did you see this recent response regarding telemetry? Mudita kompakt constant rf - #34 by michalstasiuk

Yes, I saw. Seems like there should be a way to use a private DNS service to block this sort telemetry or to let us disable it directly. I am happy to send logs in the case of a problem with the phone, but would rather do that upon request rather than have the information sent automatically to Mudita without my knowledge.

Yeah I’m with you on that one. I’ve been thinking if I should use a private DNS service or a VPN on my Kompakt, but so far I haven’t done that. I figured that there isn’t a lot going on in terms of online connectivity (relative to regular smart phones) and I’m mostly using the phone on mobile data, so the traffic isn’t so easily connected to my home IP. Although I did install RethinkDNS just to monitor connections and I think it automatically blocks some connections.

I agree. Would much rather have the option to turn it off and only do so by request.

I would like to know the purpose of this as well.

Seems they are using it to monitor the apps. However, doesn’t the EU require some kind of consent to be given in order to do this? My main reason for getting this phone was that it was EU based, and I thought would be more private for that reason. Other major eink phone competitors are US or China based, and though Mudita is pricey for what it is spec-wise, I was willing to take the plunge on this phone because of the more stringent EU regulations and the privacy selling points. Anyway like others I would be happy to opt in if there was more clarity on the tracking as well as the option to accept the trackers or not.

Yes, I also bought this for privacy reasons and not for the minimalist approach.

I cared about having a de-googled phone and having the offline+ switch. I also really wanted an e-ink screen and like you said, the other e-ink options didn’t seem good in this regard, plus I needed one that supported sideloading apps.

And I’m with you on this. I noticed the lack of DNS options immediately because it was one of the first things I tried to set on my phone. There are apps that will do it for you but it’s frustrating that yet again Mudita developers disabled an option that exists by default in Android. It seems they’ve decided that if they don’t use an option, no one does. I think they need to add a cybersecurity analyst to their team.

Another issue is not having the option for whole-device encryption with a pin to decrypt it on boot. As a privacy and security minded individual, I see that as a risk.

Others have already addressed the telemetry issue. Despite them saying that it only collects non-identifying data, not being up front about that or having an opt-out is concerning. Current workaround is to disable all stock Mudita apps and install FOSS versions (which are usually better anyway), although there’s no good way that I’ve found to do that with the phone app (if you try to switch to a sideloaded phone app it won’t display the incoming call screen when you get a call).

And there’s the lack of VPN options too. Obviously we can sideload VPN apps but Android itself has options for VPNs such as designating one as an “always on” VPN and blocking internet access if the VPN disconnects.

The newest update also disables key parts of the accessibility menu, which some apps rely on to work properly.

Now some items that are hidden on the menu can be accessed if you enable develop options and then use the search function, but the above items appear to be disabled entirely, which is just stupid. That’s extra work for the developers just to take things away from us the users.

Again Mudita, please STOP disabling options that already exist!

Unrelated to the menu, but since we’re talking about security, I’d also prefer if they switched to the latest version of AOSP, which is more secure.

@hman I will ask our team to clarify this, but from what I’ve been able to find out, the GDPR defines personal data as “any information related to an identified or identifiable natural person.”

This encompasses various data types, both from online and offline sources, that can directly or indirectly identify an individual alone or in combination with other data, such as:

• names, addresses, phone numbers, and email addresses
• identification numbers like Social Security, passport, or driver’s license numbers
• location data such as GPS coordinates or IP addresses
• biometric data like fingerprints, facial recognition, or DNA
• genetic data
• health-related or healthcare information
• political opinions, religious beliefs, or membership in trade unions

According to what our Managing Director @michalstasiuk posted in another thread, we don’t collect any of this type of identifying data, but I can ask him to come on here to clarify if you need some more info on the topic:

This is really appreciated. The transparency alone is very encouraging.

For my own part it’s more the IP address collection that concerns me. If you are a company and have my purchase receipts, serial number and IP addresses then that is “identifiable.” But IDK how the sentry code anonymizes or prevents tracking from occurring. Long and short is I would like some assurance that my IP or location are not being sent to a company if I can help it. (E.g., through blocking any trackers or opting out where possible.)

The fact that this is your own company’s server and no one else’s is promising. A lot of phones I have used connect to all kinds of third party servers through their built-in apps. The main reason? Selling data of all kinds to third parties. It’s not great, and I have noticed more and more apps doing this as well as phones (for instance, a widely-used European banking app), but it’d be nice not to be turned into the commodity in this way.

I agree with this, especially if we are using adb to access the private DNS it would be nice to be able to use it. One thing that using custom ROMs (I want my phone experience to be de-googled) has taught me is that private DNS involves connection to google servers, and I am not sure if Mudita can find a way to work around that. For now, I am using a VPN that I am using to connect to the private DNS server but would love to have “Always on” VPN options there or at least accessible through adb. (I haven’t actually tried to enable this through adb on the VPN side, but as I say for Private DNS it causes restarts.) I will see whether always on can be activated for VPN and report back my findings. (Unless someone else has already tried and can chime in.)

@hman
IP addresses were not one of the items mentioned by @michalstasiuk, so I would assume that you are safe. However, I can ask again just to be sure.

image1109×459 29.8 KB

Usually not that easy, probably more difficult than finding a driver of a car with certain plate numbers unless you had your own public IP leased from the ISP - most people have dynamically or statically assigned internal IPs from a larger pool but even if a certain home is assigned a static IP, devices within are all seen under the same IP from the outside because of Network Address Translation (currently its more modern variations).

I’m down for having an option to set custom DNS AND (not sure if it’s normally available on Android) to modify /etc/hosts and iptables. This way we could easily cut out any unwanted traffic even for sideloaded apps, if any, regardless of type and place of Internet connection.

I will like to confirm that according to our Managing Director @michalstasiuk we, 100% DO NOT collect any IP addresses.