Comment by forward1
2 years ago
Parent is asking about government surveillance.
You're suggesting a deviation from the norm (99.99% of users) by installing a custom operating system (which they will now also be on the hook to secure and update regularly) by developers with nothing to lose.
This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list, the opposite of what is allegedly desired. Rather, accept the plain fact electronic communications are subject to government surveillance and adjust your threat model accordingly. Don't try to fight the bear with a flyswatter.
> You're suggesting a deviation from the norm (99.99% of users)
Which still leaves you in a large enough group that it's not practical to deploy full-press individualized surveillance against all of them. A group which contains a fairly large number of people who're doing it just to piss off the spies, and an even larger number of people who happen to be of no interest to you as a particular spy deciding where to apply your resources.
As for mass surveillance of that group, that can happen, but there still aren't such good, cheap choke points to use. The cost per bit of actionable information is still relatively high even if the group is relatively rich in targets.
> by installing a custom operating system (which they will now also be on the hook to secure and update regularly)
... as opposed to the stock operating system, which may very well not get updated at all.
I get constant updates for GrapheneOS. And they're automatic.
> by developers with nothing to lose.
What the hell does that mean? They have reputations on the line, much more so than the faceless people doing the OS work inside the vendors. Some of them depend on this for their livelihoods.
> Which still leaves you in a large enough group that it's not practical to deploy full-press individualized surveillance against all of them.
Assuming no advances in technology obscured from public view, of course.
> Some of them depend on this for their livelihoods.
You sort of answered your own question there. Consider whether foreign nationals writing software in near destitute are susceptible to MICE, in relation to Bay Area millionaires.
> This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list
Every last one of us is being constantly surveilled by the government. If there is any kind of "list" individuals can get on at this point, it's reserved for a very small number of people who are ignored or whose data is excluded.
AOSP is not a deviation from the norm. It's the thing Google ships, vendors install play services as separate apps on top, so there is nothing oddball about your device fingerprint just by not installing Google specific services like the push handler. Your traffic will look like any other android making web requests, but then those requests will only be tracked by the servers they target instead of the OS itself betraying you and sharing metadata about them with various 3rd parties. Running non-vendor ROM alone will not get you "on a list".
"Custom" ROMs also get OTA updates, so keeping up to date is as easy as it is on a vendor spyware ROM. In fact, you will usually get updates from the community well beyond when vendors stop support.
> NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
https://www.linuxjournal.com/content/nsa-linux-journal-extre...
But they totally can't figure out you use a custom OS built to resist surveillance. Go figure!
But that's tracking your web requests to search engine servers. The way those requests look is dependent on your browser, not which ROM you are running. You can setup your user agent to be whatever you'd like at least on android or desktop browser.
They won't get put on a list, it will just be assumed they don't do anything via a smartphone.
Signals Intelligence is not based on mere assumptions.
Fine. They won't get put on a list for exhibiting the same behavioral pattern as a significant portion of other people in the population.