Comment by jay-barronville
2 years ago
Legitimately scary stuff but not surprising. Snowden risked everything to tell us what was going on and where things were headed yet here we are. At this point, it seems the only way to not be subject to this type of treatment by our governments is to completely unplug from the system, but of course, practically speaking, this isn’t feasible for the overwhelming majority of our society. So what are the alternatives here?
Are powerful mobile phones packed with Apps and constant notifications so necessary to a full, fun, enjoyable techy life, really?
I am legitimately surprised that more tech-heads didn't see this state-of-affairs (and all the other obvious drawbacks of The World's Most Featureful Spy Device, controlled end-to-end by a giant multinational, becoming ubiquitous in peoples back pockets) as an obvious, absolute given, right from the very start of the whole smartphone trend. Instead we all seem to have bought into it, hook-line-and-sinker.
> I am legitimately surprised that more tech-heads didn't see this state-of-affairs
Didn't see or didn't bite the hand that feeds?
The really scary thing is that, forget what you said, they're starting to become more and more necessary for the bare minimum existence. We're not quite there yet, but it's becoming harder and harder to simply exist without one of these things.
> So what are the alternatives here?
Conduct yourself on your phone the way you would in public in front of friends and family. Only text/browse with stuff you'd be okay with a stranger knowing. I've operated this way for many years for the exact reason that this article highlights.
> So what are the alternatives here?
Stop being wilfully ruled by war criminals and start prosecuting their crimes.
The civil means for wresting back control over our government exists - we have to have the courage to use it. That means, prosecuting our own war criminals.
After all, it is the criminals with the most blood on their hands which want to use the tools of the state to repress the public, from which they derive their actual power, and who are the only ones with the resources to actually do something effect about the criminals getting away with it.
These rights-violating mechanisms exist to protect the criminal ruling elite only.
Seriously, to clean up our government: prosecute our war criminals. The war crimes are real, the crimes against humanity are real, the human rights violations are real. What isn't, is the general publics' stomach for the embarrassment they must experience in order to confront the fact of their own wilful rule by dyed-in-the-wool war criminals.
This discomfort at the fallacy of our own moral authority over nations considered to be 'worse human rights violators' has to be replaced with outrage at the actual human rights violations we are allowing to be committed in our name, or else we continue the slide into the abyss..
> So what are the alternatives here?
You have to be willing to live with something less feature-rich than what you can get on the latest iPhone 27 Max Pro(TM). And you have to be gutsy enough to click an "Install some other OS" button in your web browser with your phone plugged into a USB port.
Then to extend to services, a lot of it depends on your ability to deploy your own stuff. This can involve a lot of time reading how-to guides after you've installed Linux on a machine in your house. Given how much documentation is readily available online most people with a high school diploma can probably figure it all out, but you have to be motivated enough to refuse to be helpless.
Today you can purchase a Pixel 7[|a|Pro] and flash GrapheneOS on it. There's a lot you can get from F-Droid, but if you really want Google Play Store apps, GrapheneOS does a reasonable job sandboxing it. Create a new Google account just for that installation of Google Play Store.
Never sign into anything Google, Microsoft, Apple, Facebook, Twitter/X, LinkedIn, or whatever from your phone. Or at least if you absolutely have to, use a trusted web browser in Incognito or Private Browsing Mode.
Keep location tracking disabled for everything but your favorite maps app. Put your phone in Airplane Mode when you're traveling if you don't want cell towers to capture your location info. GPS reception still works.
WG Tunnel can get you to your server when you're not on your home network. Some people swear by Tailscale, but you have to trust them with your node info.
Syncthing works for backup for a lot of people.
For private maps I've been using Organic Maps with some success. Searching for places isn't necessarily trivial, but the navigation feature has always worked well for me.
For private comms you really need it to go both ways (you and the recipient). The weak point is likely to be the recipient's environment, but at least something like Signal gives you a chance.
Something like Fastmail works for email and calendar, since they're probably not building a profile on you and selling that to advertisers. DAVx5 is free from F-Droid for calendar sync.
Kagi works really well for search. Also, they probably haven't sold out to advertisers. DuckDuckGo is another option with another set of trade-offs.
For music you can serve FLAC files via minidlnad to VLC. minidlnad was a 3-minute tweak to a config file after I apt-got it. There are tons of options here.
Explore F-Droid for stuff that might do better for privacy, like Spotube, FreeOTP, Podverse, Librara FD, Cheogram, etc. I'm not claiming that the F-Droid apps will all give you perfect privacy, but in general they're probably better than a lot of the stuff that's pushed in the Play store.
Check out e-books and audiobooks from your local library. Or copy them to your device via Syncthing after feeding your e-books through Calibre's DeDRM extension. The idea is to keep from having to context license servers from your phone.
Give up on Apple or Google Pay, credit cards, and loyalty programs if you don't want your eReceipts collected and added to your consumer profile by companies that do that sort of thing.
None of this is a surefire way to give yourself perfect privacy, but it can greatly reduce the amount of your personal information that your government and/or corporations collect on you via your mobile device.
> You have to be willing to live with something less feature-rich than what you can get on the latest iPhone 27 Max Pro(TM). And you have to be gutsy enough to click an "Install some other OS" button in your web browser with your phone plugged into a USB port.
I agree with all of this, but realistically it's not just a simple matter of being willing to live with less features - this is a significant amount of work to investigate, implement, and upkeep for someone who is techy, let alone a less technically-inclined person.
I can barely get my family to use Signal, let alone install F-Droid or learn how to configure Syncthing.
Ultimately, this does indeed come down to "if you use a big product, you're likely being spied on", but this shouldn't be the individual consumer's fault.
This is an excellent reference. It is worth emphasising though, this does not make the device secure.
No matter what OS you put on, there's still a proprietary baseband blob with executuon permissions underneath. All of these devices are built compromised.
Absolutely! I was focusing on moving toward a generally more privacy-centric way of using a mobile device. Of course an insecure device can be made to neutralize any privacy-protecting measures I've described. However just because a device has a vulnerability doesn't necessarily mean that it will be compromised. In fact I'd be surprised if there is more than, say, a 1% chance that any given random Pixel 7 phone is actually compromised via the baseband code.
Also, that said, if you are personally targeted by your government for surveillance, all bets are off. I don't know how to defend against that, but a potential start would be to eliminate all electronic devices from your person and your house and then to set off a powerful EMP every time you walk through your door when coming back home.
It's refreshing that Google, the same company that makes Android, has recently called out baseband blobs for their poor security.
https://googleprojectzero.blogspot.com/2023/03/multiple-inte...
Here's some discussion on the GrapheneOS forum:
https://discuss.grapheneos.org/d/3942-baseband-vulnerabiliti...
While I'm not convinced it's causing widespread exploitation, baseband blobs are definitely a problem, and hopefully some of the advocacy that Google's Android org puts on phone vendors can get us to a better place. And maybe efforts from organizations like Librem can push us toward modems with fully OSS firmware.
1 reply →
yes the baseband blobs are still underappreciated.
We are headed in a direction where you will need the Google Play store or Apple's store to do groceries, read messages from the government, use two-factor authentication, pay, show your ID, order food, and much more. Web sites are being phased out and so are physical / legacy alternatives.
> We are headed in a direction
I feel that way too. Which is why I feel it's important to push back by at least asking every business whether they accept cash, and always using cash when they do. If they don't accept cash, I always make it a point to mention that they're paying processing fees for that transaction that they could have avoided if they accepted my cash instead. Simply raising the issue in a non-confrontational and casual way keep them thinking about it, which can lead to some of them acting on those thoughts after it happens often enough.
Simply acquiescing without any mention of cash makes one complicit in the pernicious slide toward a surveillance-infused market.
You have to do both unfortunately, otherwise the lack of a trackable identity in itself will make you a huge target for surveillance.
Unshackle yourself from Google/Apple and use F-Droid/LineageOS or something similarly FOSS minded.