This is a legal/poltical issue more than a technology one. The good guys are the EFF, OpenRightsGroup, EDRi and others in the same side. Increasingly phone apps are forced on us to do things at all, and those apps are not only closed but only run on locked down OSs. It's anti competitive, anti-freedom, authoritarian, etc etc.
We need to get better at convincing non-nerds. We need to stop fighting political fights by burying ourselves ever deeper in tech. Which I'm guilty of too!
šÆ support EFF
I've donated monthly to OpenRightGroup well over a decade now. I make sure it is always more than my wife's Netflix (DRM pusher) to maintain a net positive!
Very well said. Everything you said I agree about 100%.
We need to get better at convincing non-nerds.
I'm doing my best. It's hard tho. They just... don't care. They don't understand why it is important. Important for their future, and for all of our future. They don't seem to grasp why it matters so much, and what price we have to pay when we get it wrong.
I try to find concrete examples for them. But when people are invested already in some big tech ecosytem, it's easy to discount the examples. "That wouldn't apply to me".
I'm trying so hard, but it is an up hill fight :(.
Yeah, it's hard. People don't want to see the problems because they don't want to change. Law makers are the ones we really can't fail to convince.
we are all moths and the internet is the flame
i dream about a phone with hw switch, which would be used to lock the screen and at the same moment it would physically disconnect microphone, camera, and gps module.
not saying it is complete solution to the privacy problem, but it would be good start.
the pinephone does that, its not built into the lock screen button but, it has a switch for most the privacy central features.
did not know that. but from the image, that seems like something that is inside of the phone? not really something you casually flip on the street.
my idea is that anytime you would flip the switch and lock the screen to put the phone in the pocket, its spying capabilities would be physically disabled.
Yea you are right, the privacy switches are under the battery cover, so it requires taking the cover off flipping the switch and putting it back on again.
The cover is made similar to how the Acatels are if you have ever used them, so its a pry instead of a slide which is annoying, but at least its there, in my opinion its a design defect, I think the switch would have worked better if the cover was a slide like how the old Samsungs were prior to going to the non-removable battery layout
I actually have one I'm not using at the moment. The switches at within the back cover but that's easily able to be reached within 5 seconds or so with no tools. It's not exactly something you would be flipping on and off regularly though unless you had a very specific use case.
Anything that isn't a hardware switch potentially leads itself to being bypassed, so the switches are your best bet for being sure it's disabled.
Edit: there's also this (I linked the case which shows the switches) phone which has switches on the outside for this purpose. I don't know anyone who has used this one however.
If my phone had an accessible hardware switch I would absolutely be using it 100% of the time I wasn't actively on my phone.
Fairphone 6 with e/OS can use its physical switch to disable camera & microphone. Its only SW disabling but it forces app that want to use it request it. There's also privacy setting that gives apps fake geo data.
Its not perfect but any improvement is good.
What's the point of a hardware switch if it only disables it via software? GrapheneOS has a software switch too.
Would need to disable the cell radios, wifi and bluetooth too since those are also used to track device location.
you can't really disconnect yourself from the cell network, that would beat the purpose of having the mobile phone ;)
Would it?
yes.
but i can still watch netflix
that is cool, but primary purpose of a phone is to make and receive phone calls. there are better tools for watching netflix.
yeah but dropping a PC on my face while laying on my bed takes too much work
If you have a need for high levels of privacy it's the only way to do it, or just leave your phone at home.
It doesn't really defeat the purpose of having a mobile phone either IMO, most stuff I do on my phone is already offline (maps, notes, taking photos, etc).
well, the primary purpose of a PHONE is to be able to make and receive PHONE CALLS. anything else is just a matter of convenience.you can use maps, make photos and take notes without a phone, the same can't be said for phone calls.
We need bots, automationsā¦ I donāt knowā¦ we need a new category called ātelemetry jammers.ā If the tools existed, Iām almost certain people would not mind running them. Spam the hell out of telemetry sensors of all kinds, with random dataā¦ destroy the usefulness altogether. The more spam, the fewer people we actually need to participate. The more transparent to the actual user, the better.
At some pint the extra data being sent to the trackers might start to consume more battery power and heat from CPU usage.
Pokemon GO did something similar to this and those were the side effects
Could be done on another device though, a computer could pretend to be your phone and start sending tons of useless data maybe? I don't know how feasible it is.
You'd have to automate the retrieval of IDs for each data harvesting platform (including web based cookies to be feature complete) and manage to send the properly formatted data on each platform.
Funnily enough though, the kind of fuzzy data generation that just looks plausible enough could be a great usecase for LLMs
So like what, just Faraday cage bags?
Faraday pants.
Nah, a reverse faraday cage, something that would make telemetry useless by flooding it with trash. We can try all we can not to be spied on, but it's an uphill battle. If we start being so noisy that they'd have to sift through tons of crap to maybe perhaps get a tiny speck of useful data, it won't economically make sense to continue harvesting the data.
It's one of the things I do with a combo of trackmenot + adnauseam, spam web search & click websites and all their ads automatically while I use my computer. Good luck profiling me correctly
Me reading this on Pixel 9a running GrapheneOS:
How much of your life are you willing to sell for a slightly more convenient map app?
30% max
However much is earned by time saved by that app.
I stopped using openstreetmap because it wasn't reliable enough for me. I found myself going the wrong direction, or not finding what I wanted to find and having to swap back anyway.
I liked the goal but, it just wasn't a valid tool for me.
To be clear, most businesses are in specific locations, not like a general area.
Yeah, but that would require talking to people. Fuck that.
It often gives incorrect maps simply because of update schedule and them encouraging not reporting construction <3 months or whatever.
We have construction all over in Belgium and tons of detours such that it makes open street map pretty much unusable as it will just incessantly reroute you to a blocked path even after you are well on a different route.
I firmly agree. It's a give and take, I don't have the time or energy to spend a couple hours mapping the local area on OSM that way it can be properly used. I did that for my home town, and then realized that outside of big corporate entities, it wasn't done at all for any of the surrounding towns or even cities. To me having an accurate map with ability to give directions and traffic reports is worth more than my location data.
I'm not selling my life, every 3 months I'm very literally buying another year and eight weeks of life, more or less. The smartphone makes it a hell of a lot easier.
Some stuff that you can use are
-
AdNauseam, visually blocks ads but under the hood clicks on them, nuking the usefulness of ad trackers
-
TrackMeNot, spams queries on search engines, clicks some links here and there, all in the background. Works perfectly with AdNauseam, nuking both ad & search profiling
Then there is this experimental (HARPO: Learning to Subvert Online Behavioral Advertising) paper on using ML to obfuscate online tracking, it's a research paper so my understanding is limited to the excerpt š https://arxiv.org/pdf/2111.05792
TrackMeNot is dead
Not updated but it still works fine
Running outdated software can open security vulnerabilities however.
visually blocks ads but under the hood clicks on them
I get where they're coming from on the idea. But the problem I have... it would still run all the fingerprnting scripts and other shit. Sure it makes some bad data added to the good... but still plugs me into huge adware ecosystems. It leaves such a bad taste in my mouth, if any of their shit hits my comp.
I really mostly want to not be part of any of that shit. š¤® Just leave me alone, surveilance companies, thank you.
I use Graphene OS and mostly/exclusively only open source applications.
+1 for GrapheneOS. I wasn't particularly privacy conscious when I installed it; I was just super bothered by the Google/Apple duopoly in mobile OSes and wanted literally anything else. Came across GrapheneOS and a few others, but Graphene looked the easiest to install (and it was!) so I went with that. Barely a year later, Google's out here trying to lock Android down and harvest literally every piece of personal data they can find, and I feel like I dodged a bullet.
I don't like smartphones and im kinda paranoid so turned off and in an rfid blocking bag. Even with dumbphones because who knows what is hidden away active without me knowing. I would have laughed at such paranoia 15 years ago.
We all know the title is right. Graphene OS is the answer, from what I read.
Is there any hard evidence that supports the claim that an Android/Apple phone listens in on conversations?
Would take a whistleblower to expose these things, and usually its done many years after.
Also its not that there's some person currently listening. Its that they're storing and probably transcribing all communications for all time, so that at any moment in the future, they can target a person and look up that history.
Also we know google and apple have been forwarding all these to the US goverment also, since at least ~2011, via the prism program, and thanks to Snowden and Manning's leaks.
Would take a whistleblower to expose these things, and usually its done many years after.
So no, and also no, I disagree. If phones did this, especially to custom-tailor ads, like I've seen claimed countless times, then security researchers would be perfectly capable of uncovering this behavior without someone on the inside.
Its that theyāre storing and probably transcribing all communications for all time, so that at any moment in the future, they can target a person and look up that history.
Is this just more speculation? EDIT: I'm bringing this up because it weakens the argument for privacy. This is a huge claim and if it can be dismissed like this then people might dismiss everything else with it.
If phones did this, especially to custom-tailor ads, like I've seen claimed countless times, then security researchers would be perfectly capable of uncovering this behavior without someone on the inside.
When you make calls via these services, the entirety of that data is being routed through their service. What you're asking is if google/apple actually stores that data. You should always assume they do, for a threat analysis.
I suggest reading about the Crypto AG honeypot scandal, which was a secure service that ran for over 60 years before it was revealed to be an CIA honeypot. Leaks in the future will likely reveal the same for US surveillance capital services.
There's hard evidence everything transmitted is logged and that any phone capable of connecting to the cell network can be listened in on at any time. I would be very surprised to learn monitoring/logging like that was not the default at this point given the infrastructure we've publicly built for that purpose and just how easy to implement it's become. You think an on device assistant can help schedule and summarize your day but the NSA is going to opt out of those capabilities on principle and let that big ol Utah data center sit idle?
To add to what others are saying, there's been hard evidence of apps doing this, notably Meta apps.
Snowden showed us ages ago that all phone conversations are recorded. This is fact.
Do phones record what we say outside of phone calls? If you have voice control enabled, yes.
Do phones listen even if that isn't enabled? Probably sometimes, but I don't know that for sure.
No, it is trivial to verify it by checking your data usage. We have these AI devices (one of them is called friend) that actually do listen to you the whole time and even they do a terrible job of transcription. That's when people wear them like pendants.
Now imagine using a phone instead that's sometimes in the pockets, in the bag or just on the table. Speech recognition errors would be terrible. Even worse when the speech isn't english. Use recommendation engines on this crap data and it'll be an advertising disaster!
Lolz. Close your mouth youāre gonna catch a fly
Thanks for pointing this out, I just used an LLM detector and it said it was likely 100% AI generated.
We need radical technical solutions, not incremental privacy policies that change nothing.
This overused: "It's not x, but y" giveaway is one of the most annoying AI ticks for me. I give them credit for actually using a colon instead of the em dash. Buy yeah, that's just about the only step they took to obfuscate their AI text
Best friend is stuck on his iPhone. Does anybody have any quick and easy links that show how bad Apple is at privacy? Iāve been trying to get a few together to show him and hopefully break the cycle.
This is a fair assessment but Apple is getting worse as well.
Itās not as bad as Google but still pretty terrible. I too would like to see a comprehensive list on Apple issues.
Apple devices aren't the best but theyre definitely not the worst. If the leaked Cellebrite documentation is to be believed then the newest devices running the latest iOS builds are well protected against hacking tools, second only to GrapheneOS. The iOS permissions system is relatively robust, lockdown mode is a good bit of extra protection too. And iirc full-disk encryption is enabled by default on iOS these days. Advanced Data Protection lets you E2E encrypt (most) cloud storage too. These are all good things
For the most part, you can set up an Apple Account without using genuine information (though the age verification thing might change this, but Google is implementing that too). For both iOS and GrapheneOS you need to either trust Apple or Google with your phone number to set up an account.
I'd be interested to hear people's criticisms so long as they're not just random claims with no elaboration or evidence
GrapheneOS can be used just fine without any Google Services. This is one of the core features.
Google does NOT need your phone number on GrapheneOS. I'm on Graphene and Google doesn't have shit.
I stand corrected, but do you need a Google account at any point for activation etc.? I've had increasing difficulty creating a Google account at all without a phone number
Nope. I just upgraded my phone not too long ago, and apart from it being a (secondhand) Pixel, Google never entered the process.
But where is the data? Iām genuinely curious since I want to get my friend off the platform but if there is nothing to show them then I donāt really know if I can (or even should tbh).
He needs to enable lockdown mode, then go into the privacy settings and turn off "allow apps to request to track", disable the system services in location settings which aren't needed, turn off personalised ads under Apple advertising, then he well be good.
Sweet! Love seeing actionable things I can send him.
I think Lockdown might be too much for the average person, since it imposes limitations to reduce the attack surface (breaks some websites, some apps dont work properly)
I would just recommend he enables Advance Data Protection on his iPhone, disables analytics, and switches to privacy-focused apps. Apple has decent privacy, even by default compared to Android
Lockdown mode for websites and apps isnāt terrible to manage/configure on the fly, bonus is it makes you (re)consider if you should.
https://consumerrights.wiki/w/IPhonehttps://consumerrights.wiki/w/Apple
The site says user privacy is a concern on iPhone but doesnāt actually list any incidents. Is this correct?
friend is stuck on his iPhone
my honest opinion is that it's a lost cause. people superficial enough to be on an iphone in the first place probably aren't gonna think through the deeper ramifications of privacy and information security practices at all.
That's a dumb take. IPhone are incredibly popular. Painting every iPhone user as shallow is completely baseless.
Preaching to the choir here buddy
Would the three hardware switches on the furi phone actually help here?
Not familiar with the furi phone but hardware switches generally are very helpful to prevent tracking.
Cell phones started to become popular while I was in college. I still have not used one. I have a dumb phone for businesses and institutions that absolutely must call for whatever reason. Everything else can be easily handled on my computer.
Lyft/uber, airlines, hotels? Its nearly impossible to use any of those without a smartphone. Or its a huge hinderance.
I'm convinced most of the people on this instance don't leave their basements !
Huh? I've flown and booked hotels recently and you absolutely do not need a smart phone for that.
Sure, but youll be the one gramps running through the airport with your paper ticket because you didnt see your gate change on the airport TV and you're late. On the phone app, the gate changes alert you immediately.
There's also no way they'll have printed tickets anymore in ~5 years . i havent seen someone use a paper ticket in a very long time, and if I do, they're 85 year olds who can barely walk. (Related note, my younger friend was absolutely baffled I still write checks. They're 26 and never wrote a check in their life).
The normies dictate the market. There's zero way I'd convince my SO or any family member to get a phone that doesnt support flight apps and hotel check in apps. Especially because hotel check in apps can remotely unlock your door with no key, so you dont have to talk to anyone at 3 am when you get there (a lot of people like that).
Except phones get dropped and break. Paper tickets aren't going anywhere.
Until the bean counters realize ticket machines cost too much to upkeep. Its the way the world works.
Same reason there's almost no malls/3rd spaces, or arcades (and the arcades that are left dont use tokens any more) left. Profit above all else. Enjoyment of things and privacy is not profitable.
Everyone has cars where I live. I've never needed a smartphone for a hotel. That sounds like utter nonsense.
And you're right, I haven't flown in decades, nor do I have any desire to, since it sounds like a nightmare.
How do you get around 2FA? I was able to stay off of phones for so long, but the standard 2FA implementation has made it impossible.
I've never been forced to use 2FA except on GitHub. I just ditched it and went to Codeberg.
Ah, lucky. All the banks around me seem to require it now. My kingdom for an independent authenticator they'd accept!
I would love to think its just a hardware and software issue, it is a habit issue too - i am keen to get away from my phone. I am starting to detest it.
But we do still need things that genuinely aid us. People do need maps. and bank apps on the go. I am trying to break my habits. I have been tempted to go back to a nokia flip but i need a map. I miss the days of flips, that satisfying clip closed. The actual physical act of opening it.
I will be moving to graphene pretty soon but its still a touchscreen, and even if i buy second hand it bumps google prices, i begrudge that. Jolla is too far away and a tad on the pricey side. Motorola is still another big brand just producing touch screen smart phones that lean towards bad habits. I would love a physical switch too.
Google gets nothing from you if you purchase second hand.
It still keeps their hardware in demand and pricier.
GrapheneOS users are not significantly increasing the demand for Google hardware.
lineageOS on 1 of the hundreds of nonBoogle phones?
Iāll take a look. Thanks. I am just at the start and learning.
last week i posted these links under another comment:
ā https://wiki.lineageos.org/devices/
https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame/tree/main/brands
make sure to choose a phone with an unlockable bootloader and you will be fine.
It depends on what kind of devices you're using.
It's my understanding that SIM cards in phones are just to tie an account and identity to your phone, for purposes of enforcing people to be paying customers for the phone/data services, and tracking your usage based on what level service you're paying for and what you should receive (5GB of data monthly, unlimited texts, etc)
But if your phone doesn't have a SIM card in it, its still connecting to cell towers for purposes of emergency dialing, and the phone itself can continue to be tracked by cell carriers based on what physical cell towers its connecting to, as you travel around. The cell phone modem itself can control and connect to networks independently of what the OS running on the phone tell it to do, its a self contained black box.
If you have something like a desktop or laptop, both Intel and AMD have "management engines" embedded in the CPU's themselves that can take control of the device for purposes of shutting down, wiping, etc a company machine that has sensitive information or access on it, and has been reported stolen, not returned by an ex employee, etc. These management engines have direct access to the network stack and can phone home whenever a network connections is present, either from a WiFi network, physical Ethernet cable, or 4G/5G WWAN card.
https://en.wikipedia.org/wiki/Intel_Management_Engine
If you have a device that is basically air gapped, no WiFi, no cellphone chip, no bluetooth, etc, than it's still possible to exfiltrate information off the device, but the software running on the device would have to be programming to be searching for methods to do that. Your average device, unless it's running malicious software, probably won't be doing that.
Can this be true if you use a device without any connection to the internet and no SIM card?
You've got the idea. There's a bunch to unpack here:
- If the device is truly offline, your privacy is okay.
- But there's lots of ugly ways vendors work around "being offline"
- Denying the device a SIM card means the device is not authorized to get online, but certain emergency services that require a network will work anyway. The SIM is to make sure we're paying to be online, and is otherwise not actually needed to connect.
I mean could a hardware connect to some kind of network to send private information?
If you're asking if it is possible to hide a secret antennae in an officially offline device, yes, absolutely.
I've heard privacy nerds theorize that these will become common in smart TVs, so the TV can phone the vendor with screenshots, even (especially) when playing pirated local media.
Because the basic thing is, it won't expose your data if doesn't leave your phone, right?
Exactly. And you've also caught the tricky bit - it's hard to be 100% sure a device isn't phoning home if the device is a closed proprietary (secret) design, running closed proprietary (secret) software.
Letās assume it can read wireless network even with wifi turned off, it still needs to find a network and a password to connect to it.
rather than hacking wifi, it connect to mobile internet even without sim card. that is much simpler, the mobile internet is basically anywhere and it is free as part of some spying cartel with the mobile network operators.
any new car also spy on you and you don't need to provide sim card for that.
sorry for linking to youtube but it's related and from NaomiBrockwell ā https://www.youtube.com/watch?v=RyirQOCUUK8
What we need most at this point are hardware manufacturers that aren't in bed with the CIA.
for a long time i have had the feeling that basically there's only a very small number of hardware manufacturers in the world, we all know them, TSMC and others, and basically i suspect that the CIA puts some kind of spyware directly into the hardware. maybe i'm wrong here, but i have a gut feeling. we need independent hardware manufacturers, maybe stationed in europe or somewhere else in the third world altogether.
you said it yourself, encrypted apps don't mean anything when the underlaying system is already flawed. that is the operating system and the hardware. first we need better hardware, then we need a clean, non-invasive operating system, then we need good apps. starting with good apps alone doesn't actually do that much when your data gets siphoned off through other apps nonetheless.
Not the CIA, the NSA does this all the time. The documents that Snowden leaked confirmed that the agency intercepts hardware being shipped to targets and swaps out the firmware to allow them to listen in on all network traffic going through that device. They also work closely with ISPs to install devices that mirror all network traffic going through that ISP to another device so they can log and analyze it.
I agree that systems have their flaws, but that doesnt mean theyre tampered or infected by government agencies, if this were true they wouldnt be forcing tech companies to create backdoors (UK government wanted a backdoor to Apple users ADP encrypted data)
What feels like spyware is that phones and apps collect so much data which then gets shared or sold to data-brokers or third parties, and then to government agencies
And encrypted apps do help, even if theyre in a flawed system
What we need is a more privacy conscious society, which then implements stronger privacy laws
Can someone explain what data Samsung would be harvesting If you disable google play store and only use f droid apps? How can I see what data ia being keamed from my phone?
Of course, we know for a fact if you install the Facebook app it records you night and day. But none of us use that garbage.
I have to stay in this phone for a couple years still until i get a graphene pixel. Ive disabled everything I can on it and never update it.
You can turn off their tracking in Settings > Security and privacy > More privacy settings.
I do!! But i truly wonder if this does anything.
no more dissidence in regular social network (x,instagram ...)
This is why Iāve wanted a PDA for a while now. But nobody makes them anymore because everyone pivoted to making smartphones, so DIY would probably be one of the only options unless I want to buy used tech from I believe 2 decades ago.
You can get a Google Pixel, install GrapheneOS on it, then keep it in aeroplane mode.
What I was describing was more an actual PDA, with very low power needs while still being very useful, and being very easy to back up the entire OS and its data, maybe even with some sort of minimal linux distro.
However, I might actually flash a pixel with grapheneOS, since it does fulfill many of those needs, so I'll consider it. Good suggestion.
Snitch on me about what exactly?
Nothing, you're the one guy who literally has nothing to hide. Just let it log when you sleep shit or fuck, every word you speak, and every place you go. Who cares, am I right?
Yea you're right, I don't really care.
You're also being hyperbolic and inventing things. If the point that you're making is a good one, why do you need to create strawman to knock down. We both know that your phones doesn't "log when you sleep shit or fuck, every word you speak,".
I wear a Garmin watch, that thing logs way more of my personal data. Im not ignorant of how much data is collected on me. I'm just literally not that special, who the fucks cares if my watch knows how girthy my shits are.
I mean... I genuinely believe your phone (and the watch I correctly assumed you wore) log all of those things, for a start. It's essentially free for them to do and there's value to be extracted from that data. My earnest answer to the mocking strawman question you pose would be that you, garmin, your healthcare provider/insurance company, various advertisers, and law enforcement for a start would love to know the frequency, consistency, and volume of your shits for various reasons and that same data on a population in aggregate is even more valuable.
Anyway if you want hyperbole, informing the corpos of your turd girth is a traitorous betrayal of our species and will be punishable by death when the revolution comes. Hope you're having a nice day lol
Because every piece of data they have on you can (and will) be used to manipulate (and hence control) you. Make you buy products you don't want, think things you wouldn't have thought and do things you wouldn't have done. Are you aware of how much they control what you see, hear and read? Do you not think they would leverage this power to their advantage?
If a specific guy was following you everywhere, that wouldn't bother you? Having a stalker wouldn't be a big deal?
I see no reason why it's less disturbing if it's done by my own phone.
That's the thing. There is no guy. There is literally no one who gives a shit about what I'm up to. It's like saying omg how could you walk outside where anyone could see you, what if someone decides to follow you around and stalk you???
The only thing looking at my data is an algorithm looking to ways to convince me to buy things.