It's the KIT (Karlsruhe Institute for Technology, former Technical University of Karlsruhe) in south western Germany. IIRC they have the oldest computer science institute in the country and sent/received the first emails in Germany. So yes, they have some standing in the research community, but they renamed in 2008 or 2009 and still got a new .edu domain.
Would you be so kind as to say what you mean by "foreign" in this context? I'm asking because I was sure that .com, .org, and .edu are international domains...
"Per the terms of the .edu Cooperative Agreement, institutions applying to register a .edu domain name or seeking to renew a .edu domain name registration that was approved on or after October 29, 2001, must meet the following eligibility criteria:
They must be U.S.-based postsecondary institutions. This means that they must be postsecondary institutions located within the United States (including U.S. territories and possessions); be licensed, chartered, or incorporated within the United States (including U.S. territories and possessions); or otherwise be officially recognized as a U.S. postsecondary institution by a U.S. state or federal government agency (including U.S. territories and possessions). If an institution is not based in the United States per this definition, it is not eligible for .edu domain name registration."
Hmm, it never occurred to me that reckoning was the same word as Rechnung (German) and räkning (Swedish) but that's kind of obvious now that they say it. Is that a common way to refer to counting and arithmetic in English somewhere?
Is any substantial store of endorsements / comments for f-droid apps to be found?
I guess the absence of a "like" or review function in the f-droid app is a deliberate choice, but I'd love to see user feedback at a central, or at least easily discoverable, place.
This has been discussed [1],[2], and looks like it won't happen "officially", but a third-party site utilising the API and possibly organised like nexusmods, with posts and endorsements, say, would be nice to see!
Privacy Friendly Weather lets you watch the weather for cities and locations you are interested in. The app has been developed by the research group SECUSO at Karlsruhe Institute of Technology. More info can be found on https://secuso.org/pfa
It seems like a privacy respecting app shouldn't leave your privacy dependent on the ongoing and unwavering benevolence of the developer or the services their app uses. For a weather app that would mean not sending my location data anywhere, but also not sending the locations I want the weather for anywhere either since if you know that most of the time you'll be able to tell where I am or where I will be.
The ideal privacy respecting weather app would download and update a local copy of every location's weather, and any requests you made would never leave your own device. I'm not sure how realistic that is, but as long you trust the Karlsruhe Institute of Technology, the government they operate under, and that the data being sent to OpenWeather is non-identifying or that they too can be trusted with your data, then this is probably the closest we're going to get.
> The ideal privacy respecting weather app would download and update a local copy of every location's weather,
You can also do it with multiple, independently operated servers, as long as they don't collude with each other beyond a given threshold. Then the queries and responses can be kept small. The private info in the queries is split between the servers, and the responses are recombined, using methods inspired by Shamir secret sharing in cryptography. That prevents the servers from learning the actual queries being made or responses being sent.
What I do is to not install apps which don't work with disabled Location (yes, there are stuypid apps like that not allowing to select location manually, even better are those which don't allow selecting location without gapps in phone), simple as that.
I have no problem manually enter my location once in a few months (or more likely once and for good for home address and 1-2x per year for vacation location).
> For a weather app that would mean not sending my location data anywhere, but also not sending the locations I want the weather for anywhere either since if you know that most of the time you'll be able to tell where I am or where I will be.
This doesn't even make sense. How do you want a weather app to not send "locations you want the weather for"?
Also, updating a local copy of every weather place on the planet doesn't scale at all. There's so many places that it won't fit on a single device.
Even if the traffic is encrypted if a remote server has to understand what location you're requesting data for, find that data for you, and then deliver it back to you, that same server will be able to log that and you're back to having to trust that they won't save and abuse that data.
With homomorphic encryption, you could serve data in a scenario like this without revealing information about the user location to the server.
An example which allows you to read Wikipedia articles from the server, without the server knowing which article you are requesting, exists here: https://spiralwiki.com/
I don't think something like this is in regular use yet, but it could become an interesting solution to reduce leaking user information.
Used it for a while, but unfortunately, the data at Openweathermap was just way off for my location (Germany). Switched to FOSS Weather (https://f-droid.org/en/packages/de.baumann.weather/), which is a wrapper around wetterdienst.de. Unfortunately, this app is no longer maintained, but it still works perfectly fine.
I have used the app. Its Ok but of limited use - and has no widget.
At some point I had to use a china-based app (that i would normally not touch with a 10 foot pole) despite privacy considerations
Why? Because they had a widget that did the trick.
I could see forecast by the hour on the widget, including % rain by the hour and wind.
A user needs to be able to plan his day (or week) out with a mere glance. If I have to tap more than once foe this information, thats a problem.
Is it going to rain at the time im scheduling this lunch meeting? Will it pour during my daughter's little League game? Will the mild cold going to be frigid because of severe wind gusts?
Those are answers i need on my home screen, viewable at.all.times.
I commend weather app for their privacy considerations but its too basic to be useable in most use cases except for generic 'just give me temp and precip '
> At some point I had to use a china-based app (that i would normally not touch with a 10 foot pole) despite privacy considerations
Scary stuff. The fact that a well-informed user would compromise privacy consideration to save a tap or two when checking the weather is why we're all probably doomed. Even the slightest inconvenience seems to outweigh any long term privacy implications.
I have migrated off all of gsuite and will still refuse to turn on location. I don't even use Gmaps even though Osmnd is mostly useless.
Yet at some point I had a china weather app on my phone and i was quite happy w it. Since replies mentioned a widget is now available, will try it out.
I used to use Dark Sky, which was perfect! It had an auto updating widget with a precipitation graph for the week. Then Apple bought it and shut the API down for non-iOS devices, so I found myself in a similar predicament. Like you, I was tempted to install some 1Weather-like garbage, but I ended up switching to Forecastie. The widget is barebones and it requires 3 taps to get to the precipitation graph, but those are just my own little pet issues. As far as things that actually matter to most people -- it's ad-free, open source, nice and snappy. If you don't like the OP app, I can recommend this one. https://f-droid.org/en/packages/cz.martykan.forecastie/
Try Geometric Weather in the F-Droid store. It is quite a lot more than simple precipitation and it has a widget. Also, WX if you're in the US for really advanced weather info.
What's the point of Weather app respecting privacy if its data source (OpenWeatherMap) has horribly inaccurate data?
I use Weawow and Today Weather, none of them have access to Location, actually both of them have no permissions granted at all and works fine. I don't use apps which don't allow manually selecting Location.
Not really, data source is way more important than form how it is delivered. Beatiful app with horrible forecast is useless, while horrible looking app with great forecast is still acceptable. Data source is the most improtant thing at weather app, which is why I won't even bother install some app which has for instance only inaccurate Open Weather data, no matter how good the app.
Some of the color choices look a little ugly, at least by the screenshots.
Also, kinda surprisingly, Android has the capability to allow for different sources of data through different apps providing it. So they could have allowed for choice of weather service through other "apps" (even if those other apps provided no user interface). It's kinda sad how under-used Android can be tbh,
I use Geometric Weather. It's also on F-Droid, has widgets, material design, and a GPL3 license. You can choose the source for your weather, and it has just about any feature you'd ever need (wind speed, barometric pressure, weekly, daily, and hourly forecasts). It's very pretty, too.
Web apps are nicely sandboxed, work on every device and give the user tons of interface features they are used to. Like zoom, copy&paste, bookmark urls (each city could be a url, parameters could be query string parameters) etc.
I use the web site that has proven to best predict the weather in my area along the years. Firefox with UBo on both desktop and Android. It's pinned on Firefox home page on my phone. I think that I could put in on the home screen of the phone as well but I don't care.
There are some privacy techniques the app could use that are hard for a web app. For example it could update the weather information at a fixed rate so it would not leak the usage patterns of the app.
It is a feature missing from Firefox. PWA apps are a great compromise for webapps with some APIs from native apps, without having an entire browser packed with them
Unfortunately, Firefox seems to generally not like the idea that the Browser is used as an application platform.
A way more fundamental API they refuse to implement is the file access api. Which lets you build web apps that can open and save local files. With this API, Chrome is now a great application platform for which you can write software that can be used just like desktop software.
I really like Rain Alarm (https://app.rain-alarm.com/). They do collect data, but they are very explicit about what they collect, how it is treated, and when it is removed. Even if you don't want to use it due to personal reasons, you have to respect them putting this info right at the forefront, as most try to hide it.
Also, I didn't even realize until now, but the app's functionality is available via the web (https://rain-alarm.com/).
Respect comes from not doing it at all. Honesty and transparency are not worth anything when corporations can change this text at will. It is not permanent and there are no consequences for changing it.
Are there no open-source weather apps on Play Store? For US weather at least we have https://www.weather.gov/documentation/services-web-api, so it doesn't seem like it would be that hard to do. Is there something about the Play Store eco-system that makes such a thing not viable or trustworthy? Seems like all you'd need is a minimalist web page doing a single http request to the api
I suspect the main issue is getting discovered. Without filters like "no ads" or "no in-app purchases" in Play Store, it's hard to see how Google would ever organically bubble results for such an app to the top (since Google Ads is by far the most popular and there are definitely financial incentives to promote those apps over more privacy-conscious ones).
I prefer to use apps from F-Droid, but when that fails, I use a third-party search for the Play Store that has both of those filters - https://playsearch.kaki87.net/
Your broader point is right though. It doesn't benefit the app devs since 99.99% of users just use the first-party search.
If there were an open source app that was popular, the spammers would copy it and put it out there 10,000 times over, loaded down with spyware.
I generally release all of my code as public domain, but never publish the source code to an app.
The first day I got an Android phone, the first app I wanted was a flashlight app. After clicking through the permissions on some for a couple of minutes, I realized it was just going to be faster just to learn to write my own. It's just appalling that Google, the so called "master of search" won't let you filter results by permissions required.
None of my apps require more permissions than what's required, and some require none. And people give them 1 star reviews stating the "permissions screen is blank", or back when there used to be a popup with the permissions: "Warning! This app doesn't display a permissions popup!". They've literally never seen an app that doesn't require permissions.
I've never understood why Weather apps are such a huge thing. I just type into Google "Weather" and it tells me that weather. If I was worried about privacy I'd bookmark the local government weather website.
Why the need to install an app for a simple query?
People are obsessed with them though, they're massively popular so I'm missing something.
Because Weather.com is not the most accurate data source in many places. For instance in Prague by my research Dark Sky is the most accurate, then there is big gap and it's followed by Wunderground/AccuWeather and possibly Weather.com (though I think Wunderground/Weather are often same if chosen specific location)
What model does Dark Sky use? I find its interface a bit too simplified, though it does have all the important info.
I'm Czech and always looking for better weather apps. Mostly using our local Windy[0], which shows a comparison of the GFS, ECMWF, Meteoblue, and ICON models.
I think they have their own model. I've made chart and was checking forecast and comparing with real result for few weeks comparing many data sources for Prague and that was my result.
I don't consider Windy weather forecast app at all, I wanna see simple hourly forecast or simple day forecast without watching some animations and wasting my time plus it's horrible touch UI in general trying to see what will be temperature 24 hours from now through animation on phone.
Thanks, I just tried it and I can see they have now daily/hourly forecast (though hourly is every 3 hours and not exactly by hours unless you pay extra), I think they didn't have it when I tried it last time, also the comparison page is interesting.
Shame it seems you can't hide that animated screen completely since I don't really care about it, just wanna simple forecast + have radar in other app.
Btw. Weawow has also forecast comparison with easy access, after setting up the app/city you just need to open the app and tap on data source in bottom of screen which opens comparison screen with various data sources and their forecasts. Easier to read than Windy comparison.
Weather itself is so random though. It was dark and hailing a 5 minute drive from my house the other day (it was still sunny with a few clouds on the horizon)
I live in a town of 65k people so the weather is for that town. But the forecast was either perfect or totally wrong that day.
I get the simple bit but don't both iOS and Android have built in apps/shortcuts?
Weather apps just seem to be like Flashlight apps these days, all promising to be the brightest but actually none better than any other all while slurping up your data.
There's a lot more variance in pure functionality between weather apps than between flashlight apps.
Flashlight is literally 1 bit of information (on/off) and after that you can only add more sophisticated triggers (gestures, timers, etc.), which is why native OS functionality typically makes apps completely obsolete.
Weather data is a lot bigger: not only are there are a handful of different providers, but you could spend a lifetime optimizing the presentation of the data on a 6" screen (let alone a widget or notification). You can't possibly fit in all the relevant numbers so you have a lot of room for UX design work.
One of the best (well made, great design, functional) Android apps I'm using currently is a weather app. It's made by the Norwegian Public Service Agency, NRK.
The app is simply called Yr and they have a website where you can find the apps (bottom)[0]
Doesn't seem to be open source though. NRK has a bunch of open-source projects on github [0], but the app isn't one of them, only some support libraries [1]
I wonder how using an API that is under CC-BY-SA 4.0 [0] is considered an anti-feature. I mean, I understand what they want in f-droid with [1] but there should probably be some middle-ground for cases like this?
The data might be licensed under CC-BY-SA, but as far as I can tell, the service itself is proprietary. The code isn't open source, and you can't just run your own server to use the app completely privately (which you can do with many other F-Droid apps). IMO it's worth calling out.
>NWS NOW is a FREE weather application with no advertising, no user tracking using the National Weather Service™ and National Oceanic and Atmospheric Administration™ public API.
If you're in the UK, the BBC has a ad-free weather app for Android and iOS. It included forecasts for locations worldwide. However, I don't know if it is ad-free for international users. Perhaps someone can confirm?
I've tested https://openweathermap.org/ multiple times in different places in Europe. The forecasts are far from accurate when compared to weather.com (which is the data source for google weather). Right now for example it show 6 degrees C less than real for my location for the entire week.
Indeed. That's why I like the privacy cards on the iOS App Store a lot. For apps like this, it makes it really easy to spot the ones that'll record my location data on their servers for some reason.
It's the same with fitness tracking apps, so many of them send health data to their servers, but there are a few (often paid ones, of course) that seem to store important data only locally.
>That's why I like the privacy cards on the iOS App Store a lot
Donkeyd, I find the privacy cards in the iOS app store to be an unreliable source. I will read the relevant privacy policy stating 'data not collected' to mean anything but. Do you know if the card self-reporting?
Interestingly, they are often developed in Germany. One I found is Fitness Point. They use Google analytics and ads, so privacy is relative. However, unlike for example apps like MyFitnessPal and apps by brands like Nike, they don't use your fitness data (like weight) for direct advertising.
The major apps all have the ability to market weight loss products when you gain weight, for example, which is the thing I personally resent the most.
Privacy in good weather apps that are innovative can be tricky. Phones have enough sensors like barometers to be useful weather stations, and collecting that data could improve forecasts. But that also includes accurate location data, and making a useful forecast model from data collected on device is significantly more challenging when you account for privacy needs.
The “telling state of tech” may be that our hardware has outpaced our ability to socially reason about how useful weather data should be collected and shared, or not shared.
and then you go on to say "but I would just like to not give folks privacy because it's much more convenient for me not to".
That's not tricky, that's called being a shark. You are making the world a worse place by reasoning in this way and an even worse place by trying to spread it to other people.
Sure, but I'm fine with sharing my data for that purpose. I also have an app that registers any possible earthquakes and shares that data with a centralized server for analysis. I'm perfectly fine with that, as long as they don't sell my data to anyone who wants to market earthquake safety equipment or wants to track my location.
Transparency on the use of data is important to make decisions on this type of stuff. If a weather app requests access to my barometer to improve predictions, independent of my personal data, I would fully comply with that.
"Privacy" has a nebulous definition, and I don't think many of us here
have concerns about supplying anonymous data to help build useful
systems. We need to re-frame the issue.
Individual and aggregated environmental sensor data could be used for
so many good things. We can track storms, fires and floods,
earthquakes, air and noise pollution, and save lives.
But it is abused by a greedy, unethical few, and so the systems can no
longer be trusted.
Medical data, individual and aggregated, can be used to stop
transmissible disease by detecting outbreaks, and improve our personal
health through exercise monitoring and early issue diagnosis.
But it is abused by a greedy, unethical few, and so the systems can no
longer be trusted.
Domestic data has the potential to manage energy, water use and air
quality, keep homes safe from intruders, protect the elderly and
babies.
But it is abused by a greedy, unethical few, and so the systems can no
longer be trusted.
The pattern here looks like a tragedy of the commons. As engineers we
can build systems with ostensible social utility which are then
hijacked (sold, acquired, infiltrated) by "digital pirates" who turn
them into systems of abuse (surveillance, manipulation and
control). Each time the empty "assurances" are the same and the
corruption predictable, inevitable and painful.
Perhaps it is time to stop thinking about "privacy" at the level of
technical measures and permissions etc, and deal with corruption and
abuse, which seems intrinsic to tech, at a different level. We have
the mathematical/cryptological knowledge to build better systems. but
it's the unethical few who benefit from stealing our data who don't
want computer systems to be secure.
I think the key is to protect individual user from being harmed by misuse of the aggregated data, and provide transparency on how the data are being used.
Corruption always happens for a greedy, unethical few, but with the right technologies, we can make such abuse very costly. That hopefully, would restore trust from most users.
They may not sell your data, but it might be subpoenaed by a court. Or breached by a hacker. Or leaked by a coding error. Or by incorrect AWS permissions. Or an email campaign by a stupid PM.
As a sibling commenter says, this seems legitimate use. They also probably don't need to track you for this. The data point that P pressure was detected at L location at T time should be enough. It doesn't need to know that when those parameters change, they're coming from the same user.
[0] https://secuso.aifb.kit.edu/index.php