Unlike Google, XScreensaver will never run around and desert you
June 9, 2024 12:45 AM   Subscribe

Google demanded of jwz a Privacy Policy for their Android port of XScreensaver, which collects no user data, despite their own privacy missteps. He's crowdsourcing a list of things XScreensaver will never do that Google does, with source links.

I was going to post this in the current linkthread, but then figured, it's fine as a post as-is, so let's just throw it at the front page instead. It made a sound like splat!
posted by JHarris (39 comments total) 45 users marked this as a favorite
 
This is great! I don't have a lot of commentary to add, but I enjoyed this post, and reading through the long list of ways in which XScreensaver is unlike Google!
posted by Dysk at 1:13 AM on June 9


I'm feeling so much nostalgia right now!

Google -- the most rapacious privacy violator on the planet -- have decreed that XScreenSaver cannot be made available on their "Play" [sic] store until I publish a "Privacy Policy".

For a screen saver. A privacy policy. For a screen saver.


I mean, to be fair, that's not just Google's insanity, that's the insanity of the privacy situation in general today. Screen savers probably can collect and sell all manner of information, like "list of accounts that spend an average of 9 hours a day with their phone active"...


Incidentally I parsed the post as saying that Google was porting XScreenSaver. In fact it's jwz who ported it and is trying to get it on the Play Store. Which means XScreenSaver for Android already exists! I had no idea! You can get on fdroid (I assume this is official, but I haven't seen jwz mention it) or download the apk directly from jwz's site.

The thought of a screensaver on a phone is somehow wonderful and hilarious to me.
posted by trig at 1:55 AM on June 9 [3 favorites]


(For anyone who doesn't know, jwz is a classic '90s Silicon Valley / open source personality who among other things is one of the people responsible for the existence of Firefox and Mozilla. Sort of a symbol of an approach to software and the internet that's the opposite of... Google et al.'s approach. And of a general aesthetic that I miss...)
posted by trig at 2:04 AM on June 9 [11 favorites]


Surely: "Unlike Google, XScreenSaver will never be evil"
posted by mbo at 2:10 AM on June 9 [5 favorites]


Part of the confusion over the authorship of XScreensaver has to do with my accidental mixed used of pronouns in the FPP, using "their" and then "he" for what should be the same person. I learned to write pretty young, and so as the rules have changed I get them mixed up at times: should I use a default of them/they? What are jwz's 'nouns? I'm really trying to do it right, but I still mismatch them sometimes.
posted by JHarris at 2:28 AM on June 9 [4 favorites]


An editor's answer would be to restructure to either make the referent unambiguous or avoid it altogether, but eh, even the most careful editor misses ambiguity sometimes! It's actually part of what got me to click on the link ("Google is rolling XScreenSaver into Android?!")
posted by trig at 2:33 AM on June 9


(For anyone who doesn't know, jwz is a classic '90s Silicon Valley / open source personality who among other things is one of the people responsible for the existence of Firefox and Mozilla. Sort of a symbol of an approach to software and the internet that's the opposite of... Google et al.'s approach. And of a general aesthetic that I miss...)

Also, MetaFilter's own
posted by chavenet at 3:34 AM on June 9 [6 favorites]


This reminds me that I need to work on testing my patch to firefox to handle the new WakeLock code that'll enumerate the DBUS API before the XSS API, which means on my XWindows/XMonad desktop, full screen video in firefox doesn't inhibit the screensaver, so 10 minutes into streaming -- if I don't jiggle the mouse -- the screen will blank.
posted by mikelieman at 3:53 AM on June 9 [1 favorite]


An editor's answer would be to restructure to either make the referent unambiguous or avoid it altogether,

Yeah, I know. If I were editing it I'd be sure to catch it. But a quick FPP is a different kind of thing, I just wanted it up quickly so I could move on to other things, but at the same time a post can't be edited by the post maker once it goes up.
posted by JHarris at 5:01 AM on June 9 [1 favorite]


Oh, none of that was a criticism! Just ways to deal when you don't know what pronoun to use. (I messed up pronoun-wise in my comment too)
posted by trig at 5:03 AM on June 9


mikelieman, you're saying your patch will fix the blanking? Thank you!!
posted by trig at 5:05 AM on June 9


It's pretty clear XScreensaver is up to something nefarious and needs to be investigated immediately.
posted by mcstayinskool at 6:21 AM on June 9


Unpopular opinion: yes, software needs a privacy policy. Better still should be user-empowering control over exactly what data software can access and share, but big players don't want to reduce the value of the commodity they sell, which is users and their delicious data.

So requiring a privacy policy is a way to not do the thing that would actually help increase user privacy but to have something to point to when that privacy is inevitably eroded. It's an ablative legal layer at worst, but at best it might actually reveal that the software you installed to trim videos is also retaining everything you touch and sending it directly to Putin or whatever.

Jwz is certainly a fun personality but it's not unreasonable (just because you say you're a screensaver and are a port of an existing program doesn't mean you're not also asking to access my contacts and storing them - this was exactly the exploitive move for many early apps).
posted by Lenie Clarke at 6:47 AM on June 9 [6 favorites]


mandatory privacy policies are actually good
posted by ryanrs at 7:08 AM on June 9 [8 favorites]


It's....

App development is something both huge companies and individuals do? In a sense, every mandatory step to do something will favor corporations that have endless resources to throw at requirements, over individuals. It's like handling DMCA requests. For a Youtube, they can field a whole department to do it. For Kyle Drake, creator of Neocities, as reported in an episode of the podcast Software Sessions, it can be onerous and possibly an existential threat to the project.

A mandatory privacy policy is a poor example of what I'm getting at really, since it can be as simple as a web page like this one. That point is conceded. But truly, it is nice to keep in mind that a lot of worthwhile things can be, are, and should be made, not by corporate entities, but by single people with limited budgets of money, energy, focus and time, that these demands can pile up and add to maintenance costs, and even tiny things can push marginal projects over the edge.

(This comment is partly an excuse to link to that podcast episode. It's really interesting, even if it is from 2020!)
posted by JHarris at 7:19 AM on June 9 [2 favorites]


Privacy laws are even better.
posted by gwint at 7:20 AM on June 9 [11 favorites]


For a screen saver. A privacy policy. For a screen saver.

I get why jwz is incredulous but the number one result on google play for "screensaver app" for me is Zedge which promises to track my name, email address, device id's, financial information, location, and all my app interactions. It then promises to share much of that with others.

On the bright side it encrypts the data in transit (can't have others reading that valuable info for free) and you can request your data be deleted. But not in the app of course; oh no. Got to go to the developers website.
posted by Mitheral at 7:39 AM on June 9 [6 favorites]


Given the state of things in 2024, I think it is a good policy to require all software downloaded from an app store for a phone to have a privacy policy. I think it's also a good policy to take every opportunity to point out Google's flagrant hypocrisy in failing to follow reasonable privacy and other consumer-protecting policies itself.
posted by biogeo at 7:51 AM on June 9 [4 favorites]


This needs more favorites. Privacy policies mean nothing to me because ... enforceable by whom? With what penalties or recourse in the event of a violation? You (corporation / entity / whatever) pinky swear promise that you're not going to exploit me? Because really, that's all any "policy" is.
posted by ZakDaddy at 8:08 AM on June 9 [3 favorites]


Surely GDPR effectively requires a privacy policy? If you know what your software does and how it uses data, they're not that difficult to write.
posted by plonkee at 8:28 AM on June 9 [2 favorites]


App development is something both huge companies and individuals do? In a sense, every mandatory step to do something will favor corporations that have endless resources to throw at requirements, over individuals. It's like handling DMCA requests. For a Youtube, they can field a whole department to do it. For Kyle Drake, creator of Neocities, as reported in an episode of the podcast Software Sessions, it can be onerous and possibly an existential threat to the project.

I'm sorry, but this comes across as basically "bah, who needs building codes? All they do is enable the property developers." Are there policies that are bad and do enable larger players? Of course, and those specific policies should be pushed back on. But the argument that the very act of having public policies to manage software development and control what software can do and what things the creator(s) are obligated to cover in their product is inherently bad because it might inhibit smaller developers is a bad one. It's an argument that software developers should not be obliged to make products that don't harm, and it's the sort of thing that is why software development isn't taken seriously as a proper engineering discipline.

And this gets back to why jwz's response of "A privacy policy? For a screensaver?" is actually a bad one that reveals problematic beliefs in the tech community. Because (as others pointed out) requiring developers to have a privacy policy for the software they make is in fact a good thing, and forces them to have to think about what data is flowing through their application and how they will treat it. And while I get the temptation to use the request as an attempt to snark on Google, I'd advise to put that temptation aside, and instead use this opportunity to model how privacy policies should be handled with a simple policy that expressly lays out what data is potentially captured and how it will be used - even if the answers in this one case are "none" and "it won't be".
posted by NoxAeternum at 10:15 AM on June 9 [4 favorites]


jwz is not arguing against having a privacy policy. The incredulity is both how they likely feel and a framing device for their malicious compliance with this requirement from google specifically.

Yea, this privacy policy could have just a single line. But you know what I call someone who doesn’t take the easy choice? A god damn hero. This privacy policy highlights what happens when you cross google- your work online can get demoted, age restricted or just removed entirely.
posted by zenon at 10:23 AM on June 9 [1 favorite]


Absolutely love this. However, one inaccuracy spotted: Unlike Google, XScreenSaver will never have a graveyard.

XScreenSaver does, in fact, have a graveyard for retired screensaver modules.
posted by Enturbulated at 11:21 AM on June 9 [4 favorites]


jwz is not arguing against having a privacy policy.

Yes, they are. Because - especially in 2024 - being incredulous about the idea that any piece of software being offered to the public should have a privacy policy regardless of its functionality is fundamentally arguing against the concept of privacy policies. And the reality is that Alphabet is right to have a policy saying that software on the Google Play Store is required to have a formal privacy policy, in a "the worst person you know made a good point" way.

If we want software development to be taken seriously as an actual engineering discipline, then we need to start taking the obligations that the discipline has to the public seriously - and things like stating publicly what data the program/app/service captures and how it will be handled in a formal policy is part of that. And yes, privacy laws are needed as well, but the field of software development should not be just aiming for "we comply with the laws", but to develop a strong baseline of ethical practice - and privacy policies as a matter of course is part of that.
posted by NoxAeternum at 11:40 AM on June 9 [5 favorites]


The solution for most small developers who can’t use a standardized “I collect no data” policy will surely be to ask Google Gemini to write one based on a desired policy intention. This is bad but also obvious and trivial to do, so it will occur unless someone can build a nice, robust template system.
posted by Going To Maine at 12:21 PM on June 9


A privacy policy is a pinky swear that a huge, unauditable blob of machine code behaves in a certain way. Source code goes much further toward assuring that harmful behaviors are not present. They're probably equally hard for the average person to understand well enough for something obfuscatory not to be slipped in.

Anyway, I was bemused that xscreensaver on Android asked for a wide array of permissions, and I refused to grant them. Also, my phone's lock screen was broken by a software update about a month ago, displaying a glitch about 2/3rds of the time. Amusingly, setting xscreensaver to provide the lock screen solved that problem. I went with "box fit", which is a pretty calm ambient thing as xscreensaver hacks go.
posted by joeyh at 12:57 PM on June 9


A privacy policy is a pinky swear that a huge, unauditable blob of machine code behaves in a certain way. Source code goes much further toward assuring that harmful behaviors are not present. They're probably equally hard for the average person to understand well enough for something obfuscatory not to be slipped in.

There's been a push towards readable privacy policies, more nutrition-label style descriptions, though Lord knows if / when it will take. As is, though, the obvious thing is to ask Google Gemini to read the policy and then summarize it: Machines writing documents that machines will describe to humans. (This is also bad, or at least not great.)
posted by Going To Maine at 1:20 PM on June 9


Surely GDPR effectively requires a privacy policy? If you know what your software does and how it uses data, they're not that difficult to write.

I'm not a lawyer, so take with salt:

The GDPR does not apply to software in exactly the same way that building codes don't apply to hammers. The GDPR applies to entities that process personal data for other than purely personal/household activities. When it does apply, it applies regardless of what software (or recording devices, writing implements, mnemonic techniques, etc.) they use to do it.

As long as JWZ isn't processing personal data, the GDPR doesn't impose any requirements whatsoever.
posted by swr at 1:24 PM on June 9 [2 favorites]


I don't know jwz or their motivations, but I could totally see it not as "privacy policies are silly" but "that's fucking rich, a privacy requirement from fucking *Google* of all places."
posted by ctmf at 1:25 PM on June 9 [2 favorites]


I'm sorry, but this comes across as basically "bah, who needs building codes? All they do is enable the property developers."

The building code analogy is back-asswards though.

Imagine if instead of building codes, construction companies had "Structural Integrity Policies" that listed various ways that their buildings were expected to fail, along with contracts of sale disclaiming all liability and requiring binding arbitration. And imagine that that was so normal, so ingrained, that any attempt to change the situation was met with "Surely it's better to know how your house will fall apart? Would you rather they kept it a secret?"

Privacy policies are a sort of industry self-regulation. It's there to fend off calls for legally-enforceable regulation from the government. It is very much in Google's interest to promote privacy policies.
posted by swr at 1:38 PM on June 9 [6 favorites]


"It's just a screen saver" is a bad take.

XScreensaver requests full access to any network your phone is connected to. It can list all the devices connected to your home wifi. It also requests access to every photo, movie, audio, or downloaded file on your phone. It can access files owned by other apps on your phone.

I assume these are required for, amongst other things, the sonar screensaver which pings network devices, and the collage screensaver which uses local media. Rather than anything nefarious. But this is clearly privacy-sensitive info.
posted by Klipspringer at 2:56 PM on June 9 [5 favorites]


It's possible to believe both that privacy policy requirements are good, and that Google's implementation is silly, because it requires a fully-fleshed out description of everything you will and won't do with user data, *even if you collect no user data.* At least when I tried to re-add my one app (which made a sound when you tapped the screen) to the play store after the privacy policy requirement came in, I told it that my app collected no user data, but it still made me answer all of the other questions about data use. It seems like a pretty easy fix to differentiate between apps that dont collect any user data and apps that do. From the linked page, it sounds like Google hasn't made that fix.
posted by mabelstreet at 2:59 PM on June 9


This is on brand, since previously JWZ has complained that his janitors, audio engineers and other staff are not electricians and handymen (then deleted my comment saying that the staff are probably complaining about the missing roles just like he's complaining about their "missing" skills). I don't know if unjustified self-righteousness is needed to start a business, or the result of owning a business, but they're often found together.
posted by krisjohn at 3:33 PM on June 9 [3 favorites]


Yes, they are. Because - especially in 2024 - being incredulous about the idea that any piece of software being offered to the public should have a privacy policy regardless of its functionality is fundamentally arguing against the concept of privacy policies. And the reality is that Alphabet is right to have a policy saying that software on the Google Play Store is required to have a formal privacy policy, in a "the worst person you know made a good point" way.
To flip this around, how much is Google’s policy helping? Do any meaningful number of people read the policy and stop using an app? To echo gwint’s point, the only thing which seems to have shifted the bar meaningfully has been the GDPR and California’s laws because those can’t have a “we require binding arbitration and cap damages at what you’ve paid us” clause to prevent accountability. I think that’s what jwz was really getting at: not that the idea of saying what you do is inherently terrible but that what Google is doing is especially hypocritical corporate diligence theater. Change the law to make these legally binding like, say, the way FDA nutrition labels are and it would be a lot easier to say the exercise is worthwhile.
posted by adamsc at 3:54 PM on June 9


There's been a push towards readable privacy policies, more nutrition-label style descriptions

It seems to this uninformed commentator like something where 90% of cases could be served by one of a small number of boilerplate solutions, like the Creative Commons licenses. If you don't collect nor care about user data, then go with Default Option A, which says so plainly. Since that Option is always the same for so many projects everyone comes to know what it says, and so projects that don't use one of the premade options would be a little suspect.
posted by JHarris at 4:08 PM on June 9 [2 favorites]


OK this is crazy - I was gonna make a comment about how I at one point got the jwz treatment (before I really knew who he was)... So I went looking through my old LJ backup to find the time I posted/interacted with him....

Shit is weird yo! (just posted this on MOFB because woah)
-----------------
Mefi posted about it and I was reminded about an interaction I had with him where I thought "Man that guy is a prick!"

I thought it was earlier in the 00s (like 2003-2005).

I went to look at my old LJ archive, and noticed that I friended him in 2007 (and that he was mentioned in a book by Peter Norvig) which I was like 'wow this guy is special!' not even knowing at that point he was the guy who basically pushed AOL/Mozilla into creating Firefox as an open source browser.

Earlier in the evening I was going through old flickr photos because I was searching for "symbioid" to find the old Quake enemy that was in one of the expansion packs (I *think* Quake 2 expansion, but maybe it was Quake 1) Anyways I used to barely be able to find anything about it even before Marvel stole the word for the whole-ass race of Venomsymbionts.

I should have fucking trademarked that shit hard in the early 00s. In the mid 00s I was so pissed that a Spanish death metal band took the name. But whatever I had the domain and I had it first and long before the band arrived on scene (at least before it showed up as a google result).

Getting to the point. While looking for this article, I found an old image of mine on Flickr, which I thought was deleted/removed (I mean, my flickr account) apparently there was something still public, so I logged into flickr and got sidetracked on pictures, including an animal folder that included tons of cleo pics and one of ants crawling on a cereal box I took to try to identify them)

So.

I'm looking through my old LJ Archive to find 'jwz' and I found the Norvig mention above, and then scroll down a page or two.

THERE IS THE ANT PHOTO! Literally the same night I logged back into flickr to delete some albums, and hadn't seen the pic in ages, and then I happen to look for a completely different topic and BAM right there!

jwz. ants.
it all ties together!

I looked at the date, and the jwz post was on 4/20/2007, the ants post was next day 4/21.
-
Anyways, the same day 2024 I see this old ants photo on flickr, I also find it in my lj archive. Only because jwz is somehow related in time to both.

WTF yo. Sorry if none of this makes sense, but uh. It was too cool, and I *did* GMOFB and that's why I'm GMOFB2x.
------
Anyways, the OP itself - I saw it on Mastodon and thought it was so great I shared it on my FB. Just thumbs-upping and saying - jwz is alright when it comes to politics, but I don't think I ever wanna talk with him about tech stuff ever. I think he would prefer nobody talk to him about tech stuff ever, from all I can tell.
posted by symbioid at 11:10 PM on June 9 [1 favorite]




That is a thing of beauty.
posted by mikelieman at 5:17 AM on June 10


on my XWindows/XMonad desktop, full screen video in firefox doesn't inhibit the screensaver, so 10 minutes into streaming -- if I don't jiggle the mouse -- the screen will blank.

Stopping my machines from automatically going into a power-saving mode when I'm doing something non-interactive with them has always been fiddlier than it ought to be on every OS I've ever used, so I'm fond of little utility programs that I can invoke explicitly to keep them awake when I want to.

On Windows I use Insomnia. Android has an Insomnia that works fine for me as well.

Various things have worked for me on Debian that updates have eventually broken. The latest try is still working well, though.

Save some suitable SVG icon as /usr/local/share/icons/insomnia.svg, then copy the the following and paste it as /usr/local/share/applications/insomnia.desktop:

[Desktop Entry]
Type=Application
Categories=Utility
Icon=insomnia
Name=Insomnia
Comment=Keep system awake
Exec=systemd-inhibit --who=Insomnia --why=Insomnia python3 -c "from tkinter import messagebox\nmessagebox.showinfo('Insomnia','System won\\'t sleep until \\nthis window is closed.')"

I would expect this to work for pretty much any Linux desktop environment that supports the freedesktop.org Desktop Entry Specification under a reasonably recent version of systemd. You might need to install a tkinter package explicitly if your distro doesn't include it with python3 by default.
posted by flabdablet at 12:00 PM on June 11


« Older From Kora to Guitar   |   We arrive at a much different mullet landscape in... Newer »


You are not currently logged in. Log in or create a new account to post comments.