Comment by jeroenhd
2 years ago
Google-free Android will allow you (force you) to use alternative push servers. That could be your own server (using something like Unified Push) or querying your apps' servers directly. This comes at the cost of battery life, sometimes significantly so, but it does decentralise the notification system.
Of course, your data will still be in the hands of app vendors unless you choose your apps wisely.
You should also block analytics on the network level (using firewall apps or alternative means) because these days developers like to send analytics events for every button pressed, all associated with your phone's unique identifier. If the government can use push notifications for tracking, imagine the tracking they can do through Firebase Analytics or one of its many data hoarding alternatives.
Parent is asking about government surveillance.
You're suggesting a deviation from the norm (99.99% of users) by installing a custom operating system (which they will now also be on the hook to secure and update regularly) by developers with nothing to lose.
This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list, the opposite of what is allegedly desired. Rather, accept the plain fact electronic communications are subject to government surveillance and adjust your threat model accordingly. Don't try to fight the bear with a flyswatter.
> You're suggesting a deviation from the norm (99.99% of users)
Which still leaves you in a large enough group that it's not practical to deploy full-press individualized surveillance against all of them. A group which contains a fairly large number of people who're doing it just to piss off the spies, and an even larger number of people who happen to be of no interest to you as a particular spy deciding where to apply your resources.
As for mass surveillance of that group, that can happen, but there still aren't such good, cheap choke points to use. The cost per bit of actionable information is still relatively high even if the group is relatively rich in targets.
> by installing a custom operating system (which they will now also be on the hook to secure and update regularly)
... as opposed to the stock operating system, which may very well not get updated at all.
I get constant updates for GrapheneOS. And they're automatic.
> by developers with nothing to lose.
What the hell does that mean? They have reputations on the line, much more so than the faceless people doing the OS work inside the vendors. Some of them depend on this for their livelihoods.
> Which still leaves you in a large enough group that it's not practical to deploy full-press individualized surveillance against all of them.
Assuming no advances in technology obscured from public view, of course.
> Some of them depend on this for their livelihoods.
You sort of answered your own question there. Consider whether foreign nationals writing software in near destitute are susceptible to MICE, in relation to Bay Area millionaires.
> This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list
Every last one of us is being constantly surveilled by the government. If there is any kind of "list" individuals can get on at this point, it's reserved for a very small number of people who are ignored or whose data is excluded.
AOSP is not a deviation from the norm. It's the thing Google ships, vendors install play services as separate apps on top, so there is nothing oddball about your device fingerprint just by not installing Google specific services like the push handler. Your traffic will look like any other android making web requests, but then those requests will only be tracked by the servers they target instead of the OS itself betraying you and sharing metadata about them with various 3rd parties. Running non-vendor ROM alone will not get you "on a list".
"Custom" ROMs also get OTA updates, so keeping up to date is as easy as it is on a vendor spyware ROM. In fact, you will usually get updates from the community well beyond when vendors stop support.
> NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
https://www.linuxjournal.com/content/nsa-linux-journal-extre...
But they totally can't figure out you use a custom OS built to resist surveillance. Go figure!
1 reply →
They won't get put on a list, it will just be assumed they don't do anything via a smartphone.
Signals Intelligence is not based on mere assumptions.
1 reply →