Comment by heywoodlh
2 years ago
One question I have as someone who tries to maintain (some) data sovereignty: is there any way as an end-user to circumvent/mitigate this kind of surveillance — aside from abandoning iOS and Android completely?
2 years ago
One question I have as someone who tries to maintain (some) data sovereignty: is there any way as an end-user to circumvent/mitigate this kind of surveillance — aside from abandoning iOS and Android completely?
Google-free Android will allow you (force you) to use alternative push servers. That could be your own server (using something like Unified Push) or querying your apps' servers directly. This comes at the cost of battery life, sometimes significantly so, but it does decentralise the notification system.
Of course, your data will still be in the hands of app vendors unless you choose your apps wisely.
You should also block analytics on the network level (using firewall apps or alternative means) because these days developers like to send analytics events for every button pressed, all associated with your phone's unique identifier. If the government can use push notifications for tracking, imagine the tracking they can do through Firebase Analytics or one of its many data hoarding alternatives.
Parent is asking about government surveillance.
You're suggesting a deviation from the norm (99.99% of users) by installing a custom operating system (which they will now also be on the hook to secure and update regularly) by developers with nothing to lose.
This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list, the opposite of what is allegedly desired. Rather, accept the plain fact electronic communications are subject to government surveillance and adjust your threat model accordingly. Don't try to fight the bear with a flyswatter.
> You're suggesting a deviation from the norm (99.99% of users)
Which still leaves you in a large enough group that it's not practical to deploy full-press individualized surveillance against all of them. A group which contains a fairly large number of people who're doing it just to piss off the spies, and an even larger number of people who happen to be of no interest to you as a particular spy deciding where to apply your resources.
As for mass surveillance of that group, that can happen, but there still aren't such good, cheap choke points to use. The cost per bit of actionable information is still relatively high even if the group is relatively rich in targets.
> by installing a custom operating system (which they will now also be on the hook to secure and update regularly)
... as opposed to the stock operating system, which may very well not get updated at all.
I get constant updates for GrapheneOS. And they're automatic.
> by developers with nothing to lose.
What the hell does that mean? They have reputations on the line, much more so than the faceless people doing the OS work inside the vendors. Some of them depend on this for their livelihoods.
1 reply →
> This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list
Every last one of us is being constantly surveilled by the government. If there is any kind of "list" individuals can get on at this point, it's reserved for a very small number of people who are ignored or whose data is excluded.
AOSP is not a deviation from the norm. It's the thing Google ships, vendors install play services as separate apps on top, so there is nothing oddball about your device fingerprint just by not installing Google specific services like the push handler. Your traffic will look like any other android making web requests, but then those requests will only be tracked by the servers they target instead of the OS itself betraying you and sharing metadata about them with various 3rd parties. Running non-vendor ROM alone will not get you "on a list".
"Custom" ROMs also get OTA updates, so keeping up to date is as easy as it is on a vendor spyware ROM. In fact, you will usually get updates from the community well beyond when vendors stop support.
2 replies →
They won't get put on a list, it will just be assumed they don't do anything via a smartphone.
2 replies →
Read at least the summary of James Scott's Seeing Like a State (https://en.wikipedia.org/wiki/Seeing_Like_a_State) and let the concept of legibility percolate for a bit.
Governments view legibility of their constituencies as a feature, not a bug. They want to be able to query the population like a database in order to manage it better. This is exactly like a product manager at a tech company who wants to know whether a certain feature is being used, and asks for more instrumentation in the next release of the product if needed. Over time the product (the population) becomes better and better instrumented.
Of course, the other side of the coin of better legibility is worse privacy. Their feature is your bug.
Are there ways to circumvent or mitigate what's happening? For you, personally, sure. You can turn on all the buried options, add VPNs, proxies, additional profiles/accounts, etc. And for a while it will work.
But you're defeating legibility by doing that, so you're fighting against a very strong opposing force. Over time, the bugs that reduce legibility coverage will be fixed. The options will go away, VPNs will be banned or at least instrumented well enough to nullify their utility, COPPA and porn age-verification laws will extend to make multiple or anonymous identities impractical, and so on. And the few of us who do manage to go online fully anonymously might as well be wearing a "CRIMINAL" hat, because the public will have been trained that only bad actors want privacy, but not to worry if they themselves have nothing to hide.
You can see this already happening with financial transactions. Try to conduct a significant low-legibility transaction (in other words, buy something big with cash). Your bank will ask why you want to withdraw $20,000. Cops might seize the cash, legally and without probable cause, while you're driving to the seller. And when the seller deposits the cash, the bank might file a SAR. This is all working as designed. You're being punished for adding friction to legibility.
Even on HN, where you think people would be ahead of the curve, the PR campaign against financial privacy and censorship resistance is winning. Mention The Digital Currency That Shall Not Be Named, and suddenly the Four Horsemen of the Infocalypse are in control. Why HNers are pro-VPN but anti-Bitcoin, when both stand for privacy and censorship resistance at the price of reduced legibility, is beyond me.
The battle to fight is not just protecting your own privacy. It's protecting your right to protect your privacy without being ipso facto declared a criminal for doing so. Turn on all the options, hold Bitcoin, use VPNs, pay with cash, delete cookies, etc. But above all, be an ordinary, conscientious, law-abiding citizen. Render unto Caesar what is Caesar's. Be average. Be unremarkable. Privacy should be the default. Not unsavory, not for those with something to hide. Just the default.
Oh boy. I was shaking my head in agreement while reading your comment, until that part:
> Why HNers are pro-VPN but anti-Bitcoin, when both stand for privacy and censorship resistance at the price of reduced legibility, is beyond me.
neither vpn nor btc are "for privacy and censorship resistance". Maybe in some dystopian neoliberal every-man-is-an-island way. I think you were thinking about "overlay networks (tor et al) and communal economies" maybe? Those would fit with the rest of the claims.
The actual mechanisms don't matter that much. The point is not letting government or big corporations default to being the gatekeepers for (or monitors of) basic -- and legal -- social activities like communicating or transferring value. Information technology has shrunk the world, but our rights shouldn't also shrink.
1 reply →
On iOS, all notifications must go via the centralized APNS, but on non-Google Android (eg Graphene) it is possible to run the device with the Google FCM stuff blocked off. Some apps will break, but stuff that runs in the background for polling or does non-Google notifications will continue to work.
The Reuters article says that the government is getting this data from Apple and Google, which means it doesn't matter if your phone displays or even receives the notifications, no?
> aside from abandoning iOS and Android completely?
These platforms are so opaque and completely controlled by US corporations (so we know they are beholden to NSLs etc). If you care about your data and privacy, the best suggestion is to avoid phone platforms completely for anything important.
Disable notifications on all applications you do not want to be tracked via metadata.
Absolutely and confidently incorrect. Local notification settings have no bearing on this metadata, which is generated, collected and stored with your consent by using Apple/Google app stores.
Wait. Are you saying that even if I disable notifications on my phone, the app backends will continue to send notifications to Apple and Google only to be ignored? If this is the way it is intended to work, I find that hard to believe.