We can go back and forth on whether police should have access to this data and what regulations should be put on how/why it should be accessed. I think reasonable people can disagree about details, and cultural expectations around privacy and safety probably means there isn’t a single best answer.
But I don’t think anyone can honestly say the right amount of regulation is zero, which is what we have now. It is absolutely bonkers to me that anyone off the street should be able to gather such highly granular data about any other person as long as they can pay.
I remember back in the early days of wireless data when AT&T had an app you could use on their phone where you logged in and it effectively used the GPS data of people signed in on app to tell you if they were near you or not. They marketed like you were downtown and got some free baseball tickets and needed to find someone to go with you. The app would tell you where your friends were and you could offer them to go over their simple chat app.
It completely bombed out because people were so freaked out about a device knowing where you were.
I also remember when Nextel came out with an enterprise tracking app for delivery companies where you could track the vehicle and make sure it was on time making its deliveries and could alert a person monitoring the software back at the office if say the van was sitting too long somewhere which indicated they had broken down or something similar.
Two companies tried to install on their vans and there was so much push back from so many people in one company, they canceled their order. The other company did install it and then they had three lawsuits from employees who claimed the software was a breach of their privacy - while in the employment of said company and on said companies time. The company voluntarily removed it after only a few months.
Its just so strange to me that we went from not wanting any of this, to just freely handing over any and all private information to these companies.
The first time I ran into the concept of having my mobile phone data sold to a third-party was in 2003, when I went to the Czech Republic.
Right after I crossed the border from Austria, my U.S. cell phone started lighting up with spam SMS messages. At first, it was from the local cell phone carrier welcoming me to .cz. A few minutes later, a message from T-Mobile letting me know I was roaming in another new country. Then a few minutes after that, SMS spam for hotels, then restaurants, then casinos. All of this in a time before "smart" phones.
I'm not surprised to see it's gotten so much worse.
I flew to somewhere else in the US last month and I started getting political sms spam dependent on that location. It took a good two weeks after I got back for my sms spam to normalize.
A few years ago, I visited Detroit, and the next morning I received the messages from the Canadian (assuming Rogers) telecom welcoming to Canadia. I was spared the rest of the spam. Though it was the first time that I had ever considered the tech issues of being near a border and receiving multiple national signals like that must be a "fun" challenge.
> One unique feature of Babel Street is the ability to toggle a “night” mode, which makes it relatively easy to determine within a few meters where a target typically lays their head each night (because their phone is usually not far away).
There are very few reasons in my mind that anyone, especially law enforcement, would need this "feature" and they're all pretty dark.
I could see this being extremely valuable to law enforcement if they're planning on making an arrest. They're a lot more likely to not get shot by the suspect if they know they're asleep. It's also the sort of thing that's not germane to making their case against the suspect--it's tactically relevant but strategically irrelevant. So we need something more than the 4th amendment here? That's actually a question I'm not a lawyer and don't know what this actually implies. Naively, it seems to me that if information is inadmissible in making their case, law enforcement should have no access to it and, probably, neither should anyone else.
That only would matter on no knock warrants, right? That’s the best case I can think of (still bad imo, I think no knock warrants are abused and lead to bad outcomes more often than good ones).
> They're a lot more likely to not get shot by the suspect if they know they're asleep.
Are they even? Or, can they know that? If the suspect has a gun, they'll wake up scared, confused, and with every reason to believe somebody's illegally breaking and entering.
This does nothing for a mobile device that either concurrently maintains its cellular 'data' connection together with its Wi-Fi connection (and whose apps are permitted to access both)—or leaves the LAN without connecting remotely via a force-tunneled VPN. And even with such a VPN, the cellular NIC continues to maintain baked-in alternate routes on both Android and iOS. All that's before we even get into specific Pi-Hole and LAN config, not to mention DoH.
Krebs and everyone else he cites is right—it's time for Apple and Google to eliminate MAID altogether.
ETA: Do not downvote this parent! Use trustworthy ad blockers anywhere and everywhere you can!
> the cellular NIC continues to maintain baked-in alternate routes on both Android and iOS
How do you know this is the case? (I believe it to be, would like to verify)
Also worth mentioning many apps hardcode DNS servers or fallback to other DNS providers when they fail to resolve hostnames. I see this all the time on my network. (I have a PfSense box that redirects to upstream NextDNS when this happens)
Not completely impossible. You could have a default deny firewall, have your DNS resolver trigger an update to allow outgoing connections to the resolved IPs, and possibly also require connections pass though an SNI-sniffing proxy that only allows domains that your DNS resolver has allowed. Essentially by default you'd be blocking all custom protocols, and you'd only allow what looks like well-behaved TLS web traffic to allowed domains to flow.
Bad traffic could flow to a "good" domain, and then you need to decide whether that domain is actually "good".
You create a server and host it on IP x. You create a cert for it. You add the public key to your app.
Your app can now communicate with that IP over port 443 with that certificate. Remember that the idea that the domain must match the one in the certificate is a setting, enforced by the browsers. If you run your own code you can perfectly override that.
Now you can do whatever you like on that connection.
In fact, you don't HAVE to go that far. Many applications these days do private key pinning and use that connection to load the ads. IMDb does that on the iPhone.
MyQ and myBMW use the same to 'protect' the connection. MyQ's implementation of this, and subsequent implementation of CloudFlare's bot protection completely broke home-assistant's connection. All because they want you to use their app (and get bombarded with ads).
Doh/DoT was supposed to bring in MORE privacy for users, as it allowed users to resolve addresses without the system servicing the connection (ISP / StarBucks / McDonald's) from being able to see or modify the responses (think captive pages).
But all it brought was more spying. I am a firm believer that I should be able to inspect all traffic that an application sends out over my internet connection.
I had a discussion with someone that worked on some of google's ad stuff and he swore that this type of tracking wasn't in use there. I suspect that even within these companies they try to hide the level of tracking they engage in. The only way we are going to stop this is to hold companies accountable for the things that happen as a result of the data they collect. I don't care if it is sold, stolen or given away, if data that is collected by a company gets used inappropriately then the company that collected it should face consequences.
Yes. But what of the governments which take on the data too, allowing it to be collected, legalising collection, surreptitiously collecting it themselves?
All large corporate and governmental entities love the data. Industries (tech, finance, etc) and planned future governance (technocracy) are based on it.
So, it is baked into the plan that days will be collected. It's just whether the individual will know about it.
It's an often used quote, but because it bears keeping in mind: "It is difficult to get a man to understand something, when his salary depends on his not understanding it."
A look at data for how many people were aware the whole time during any scandal, and how often abuse and crime gets covered up or exploited instead of reported or opposed, will leave you with a very banal impression of malice. "The only thing necessary for the triumph of evil is for good men to do nothing."
…Idk, companies are just groups of people. Maybe people also need stronger incentives to not let the "company" do antisocial things. At least the execs.
Maybe it's the companies that hide it. Maybe it's the people that lie to themselves. I'm sure they're smart enough; they can probably figure it out. At some point ignorance becomes wilful.
I think that over time, it will become more apparent that the only solution is to criminalize possession of the data, with a process for collecting statutory damages upon discovery. A precedent exists in the recording industry, where sharing of copyrighted songs results in automatic damages without the need to quantify the actual harm. That process already has fair provisions for willful and accidental use.
This in turn would lead to an industry that hunts for evidence on a contingency basis.
Xoogler here (2011-2018). At some point I proposed making it easy for people to "lie" to an app (if it asks for location, provide fake data etc.). This would preserve true customer choice about anonymity.
The reaction to that idea taught me a lot about incentives.
Confidentiality agreements are usually part of employment agreements. I haven't checked expiry dates etc.; and tbh I'm not sure they'd apply here, but I'd rather check ;)
As a previous self employed man, advertising is good. It helps small companies compete against the big ones that are well known.
However no one need this amount of data, all advertiser need is : you search for a pair of shoes on Google, show you ads for shoes. That's good advertising and sometimes it can be useful for the user.
As i just responded to a sibling commenter: the way weaccess information is now more pull-based (serving requested media) than push-based (broadcast). Advertising should change to fit this paradigm.
Let consumers who are searching for product information be given advertising. Contain the virus to ecosystems that want it.
If you look at old ads for random products from e.g. the turn of the (last) century, they seem to often give this slight "wall of text" impression. Image of the product, surrounded by prices and descriptions of what it was and what it (purportedly) did. The motivating belief seemed to be that if a company communicated the benefits of buying from them, they would attract customers.
It seems like at some point the focus shifted away from expressing factual information, and to creating vague associations and implications. I think that's still fine on its own, and in fact quite fun and the source of a lot of creativity, but it also created the opportunity to mislead in new ways. E.G. most famously harmfully maybe, the very mid-20th century idea that cigarettes are "cool". In modern times this seems to have gone even further towards exploiting basic quirks in human psychology— A dancing bear, chocolate man, or screaming celebrity has nothing to do with selling a product, but it's bizarre and surprising and therefore memorable, so by making an ad around it you're cluttering the viewer's brain with useless information designed to redirect mindshare to your capital-B "Brand".
So at that point it becomes dishonest and manipulative. But at least it's still broadcasted, e.g. on radio, TV, in newspapers and magazines. It's predatory, but everyone gets the same thing. You can still sorta avoid or ignore it. It doesn't single anyone out.
That's changed now with the Internet. The mass collection of location and personality data, identifiable to individual profiles and paired with tools allowing those individuals to be targetted with a combination of terrifying granularity and omnipresent scale— That adds an entire new dimension to "advertising", and it would still be wrong, because it would still comprise many violations of privacy and basic decency, even if it weren't being actively exploited for commercial gain. If any one individual knew as much about you and had as many tools for trying to influence you as Facebook and Google have built on an industrial scale, they would be either a stalker deserving of a restraining order, or some kind of a (probably malevolent TBH) supernatural spirit.
So "advertising", in terms of "informing the market of a product" and "connecting customers to businesses in mutually beneficial transactions", is fine I guess. Good, even. Stalking, lying, manipulating, and rent-seeking through dominance are wrong.
And with technology centralizing power in the hands of a few organizations, the modern practice of "advertising" seems to be less about "informing people" these days and more about dominating the information space in order to manipulate human behaviour with neither the consent nor the knowledge of your targets. No wonder it's apparently being abused by law enforcement.
...To be clear, I use the word "you" only as an indefinite pronoun here. Small businesses that use ad networks aren't the ones to blame for a large system having messy incentives and malicious central actors.
> And that is why I use exclusively open source software that respects the user.
We're all proud of you but this is barely related to avoiding ads. You can build your own car too, and you'd still have to look at the billboards on the highway. Or you could build your own phone and never giving anyone the number, then you'll still get to enjoy 5 spams/day during election season when someone decides to simply call every phone number in the region.
Ads are the new certainty besides death and taxes. If they aren't in your face yet, be assured that whole legions of shitheads are very busy trying to make it happen.
Governments and big tech/media try to brand anyone knowledgeable about privacy measures as pedophiles, and it's incredibly effective because they control the laws and narrative. Doesn't help that a huge fraction of people conflate having something to hide with not wanting everything be public, and in the vast majority of cases are blissfully and willfully ignorant so long as they get their Instagram or TikTok.
At a societal level we fully deserve all this because apparently we can't be fucked to care about basic rights anymore (cf. "everyone gets the government they deserve"), too lost in Huxley's dystopian future of infinite dopamine distractions.
I use open-source software too, but it (by itself) doesn't stop me from seeing annoying and intrusive ads on internet websites. An ad-blocker like uBO does, mostly (but not completely), though it's much less effective with paywalled sites.
The problem with online ads is mostly orthogonal to FOSS. Of course, it does help to not use an OS with ads baked into the Start menu...
Advertising is the engine of free market. Advertising in Web and apps is used for evil purposes, just like cash (or almost anything else) is also used for evil purposes. Regulation exists to try to minimize those, but it’s always a workaround for human malice.
If the insane micromanagey level of tracking were legally designated by its proper practical result, which is stalking, it would be a crime. And since the modern zeitgeist is ruled by the Ruthlessness Gap, anyone who works in "advertising"/tracking ought to have their personal information and whatever they used their surveillance techniques to snoop on gets broadcast in a public database. That could be one great application for Google Glass... watching the watchers.
Can someone explain how this works on iOS post Apple's removal of IDFA? The advertising ID (MAID) in any specific app is relevant only to that app, so it seems like it would be useless for profiling? I don't see how apps can access any other identifiers on iOS. Even the wifi MAC address is randomized.
If you've gone one step further and disabled location access for apps and disabled the global ad id, it would seem difficult to do the searches described.
The article refers to "25 percent of Apple phones". Is that just legacy phones running older versions of iOS prior to removal of IDFA?
I think the 25% is referring to the users who willingly select the option to allow tracking. It sounds like this report actually corroborates Apple's claims of the impact of this decision.
486sx33 8 hours ago | next [–]
About 2 years ago, an isp we use for one of our operations in Canada called R… which is also a media company and an advertising company… came to us and said hey! We have this amazing new technology , all you do is geofence your competitors and then we will retarget anyone who visits their location with your web ads for as long as you want! Since they are also the isp for mobile data , they just force replaced ads for the targets web browser. (Basically they inject ads)
They also made it clear their system is not at all dependent on your phone location services or even your advertiser ID, since they are the isp and the cell provider they just use your SIM ESN to track you. ( cell towers know where their users are, with better accuracy than ever now )
It worked, but it’s darn scary. This has been around for awhile.
Many worry about how these tools will be used to persecute people such as women seeking reproductive medical services. That is a problem. But what will people think of those same tools being used to enforce protection orders, to spot parole violators? I know where my opinions fall, but I also realize that the bulk of the population would trade in their privacy for any perception of increased safety.
> But what will people think of those same tools being used to enforce protection orders, to spot parole violators?
If only our society had some orderly process to balance privacy with public safety - such as by having the cops explain to a judge why they need to track a given person, for how long, and so on.
Perhaps also some rules about what counts as a good enough reason, and telling judges they can't grant overly broad, blanket permission.
Someone should put something in the constitution about that.
If I were in law enforcement, had no morals, and just wanted to convict as many people as possible I'd build a system that automatically assembles a virtual dossier on everyone using these data streams. Then I'd implement detection heuristics that look for interesting dossiers. These could be used as the "classified" component of a case built by parallel construction[1].
Not even. It's worse. They aren't even useful for that.
They've tried that approach but it's actually less efficient than "good old fashioned police work" because it turns out that 99/100 of your hits are gonna be lawful weirdos, 1/100 is gonna be a petty drug dealer and the career advancing prosecution you actually wanted would have been much easier to find by using normal methods like inferring that a dealer has a supplier, a spy has a handler, etc, etc and trying to suss out who those people are. The NSA figured all this out post 9/11 when they were building data haystacks in search of terrorists.
What the data haystacks do get used for is dragnet policing wherein an agency picks some crime they're gonna go hard on, pulls up a bunch of results of people who probably did it, tosses all the people who are likely to pose any risk to them (e.g. you don't see the ATF knocking on doors asking about Temu glock switches in bad parts of Detroit) and kicks in the doors of whoever's left.
The data haystacks are also really useful for witch hunts when they get egg on their face and need to make someone pay, like that time they prosecuted anyone and everyone who they could construe as having done anything to help the kid who bombed the Boston Marathon, and the January 6 people of whom a great number were certainly just hapless.
And this is in addition to the usual "opposition research" like the FBI bugging MLK and all that sort of crap.
You can do things far more interesting than that with the dossiers on everyone that absolutely exist right now and that algorithms are constantly being run over. You can frame people for crimes for which you know they will have no defense, exactly like the Stasi did, and privately confront them about it. As they plead their innocence, tell them that you want to believe them, and if they can do a little work for you, they'll not only be arrested, but be rewarded! How would you like a job at Mother Jones, or the Guardian?
To do it on their own would be illegal. To buy it from a commercial vendor is an easy contract to write. Quite something. Perhaps we should write a new law making it illegal.
They managed to outsource it on accident just because of a shared need with advertisers to target people.
if you have a legal reason to track someone, make them wear a tracker. don't make everyone else lose their privacy and freedom to move without government oversight
> the bulk of the population would trade in their privacy
i think most people are on the fence / undecided, and the few that do "pick a side" only do so based on their personal life experiences (which includes family and community influences)
First, it's not a binary choice. It depends on the circumstance.
Also, people are influenced by what other people say, especially people in tech. You can see people on HN saying how hopeless it all is. People on HN and your social circle are listening to what you say.
I worked 12y the ad-tech industry, and 3y in a company using this kind of data to measure performance of "drive to store" campaigns: doing online campaign, then seeing if people visit the actual real store based on geo data.
The company was actually controlled by the CNIL (French regulator) according GDPR, so we were "anonymizing" data, meaning hashing one way the IFA (unique phone id for advertiser) and storing location within a 300mx300m square
I put some quote around anonymizing because geo data from your phone in the evening/night is enough to know where you live (with 300m precision).
The rest of the industry in France and Europe was still a far west though (around 2020)
At this point, 2FA is the only thing I use my phone for anymore. It's the only reason I even have a phone; I spent about a year without one until I had to for 2FA. But I don't need to carry it around anywhere for that. It would be inaccurate to call it a "mobile" device.
You can still use the app. You get asked both to have the app get access to the MAID, and get access to location. If this is a problem, it is a problem because you said Yes to both. You could have said No. You can change that choice now.
If you go to Settings -> Privacy, the top two options in iOS 18 are:
* Auto-deny Advertising ID access
* Which apps have location access ("X always, Y while using the app" is summarized right at the top)
Stay away from Samsung. Their default apps (which you often can't uninstall or disable) collect massive amounts of data. The default Samsung keyboard that came installed with an old Galaxy I had was logging every single letter I typed in every app and sending it to a third party whose privacy policy said it was being used for marketing research, to determine my intelligence, education level, habits, attitude, etc.
I would _guess_ that the systemic solution to this problem is one of those whole device VPNs that doesn't choose to hide your location but rather blocks access to ad and tracker networks. I actually have DDG's Privacy Pro VPN <https://duckduckgo.com/duckduckgo-help-pages/privacy-pro/vpn...> but my life experience has been that it breaks more things than it helps but I guess it's time to at least try it
(a) I'm about to find out (b) at least some casual tire-kicking shows that their mobile website is just as ragingly dumb as the app is, so that actually makes me feel a little better - it's not that the app itself is stupid, it's that their dev team is
> they estimate they could locate roughly 80 percent of Android-based devices, and about 25 percent of Apple phones.
And that's why I gave my mother my iphone and went back on the wasteland that is Android.
She, as a normal person, doesn't understand all of these and go with the default settings. With apple it means she has 75% chance of being protected, with Google 80% chance of being tracked.
Me, as a nerd, i know about advertising id and I even root my phone to have afwall firewall.
This is why Google is just bad, they always technically allow you to do the right thing but it's buried under a ton of sub menu and convoluted settings. On purpose of course, their goal is to make money.
If I use an ad id on android, is this id the identifier I can use to make a gdpr request to brokers regarding accessing and deleting my data? I don't have an ID but I'd be curious about doing that, in a similar way to xandr with its uuid2 (although xandr does just looks bad and not this terrible)
It's worth a try. However, expect the brokers to claim that they cannot be sure that you're the only person using the phone and therefore, for privacy reasons, they can't share the data.
You can complain to the Irish DPA (because that's where the broker is likely hiding, pro-forma), which will respond within a year or two with a request for more information.
If the broker made the mistake to be domiciled in a location with a more competent DPA or you are willing to drag them to court, you might stand a better chance.
Additionally to an OpenWRT [1] Wi-Fi router or Adguard Home [2] DNS proxy that you can run for yourself, there's also this excellent app firewall project called NetGuard [3].
The developer got kicked out of the Play Store for bogus reasons, and had to continue to develop it as an externally funded effort. Support him, buy a pay what you want license, and give him a couple bucks for it if you value open source software like this.
(I'm not affiliated with the project, I just love the app and it runs on all my degoogled devices)
Additionally, degoogle your phone by installing an open source ROM like GrapheneOS [4] or LineageOS [5], and install only the most essential apps on your phone.
There's also App Warden [6] which audits installed apps, by scanning them for malicious libraries and adtrackers. It's based on the dataset provided by Exodus Privacy [7] where you can search for Apps or their APK identifiers and find out what kind of fingerprinting libraries they're using. For example, this is what the Facebook App uses behind the scenes [8].
Don't install gapps and neither the google play services. If you want an app store for the convenience of updates of open source apps, there's also f-droid [9], a libre app store for Android.
Additionally you should keep in mind that every app that needs google play services to run is spyware, by definition of what these services offer as APIs. Websites that require you to install their app to "verify" you are usually spying on your activity.
It's a bit of a pipedream tbh. I have a pixel and grapheneOS, but the reality of what you need to give up or how much you have to inconvenience yourself makes it unpalatable enough that unless you're life is actually in danger or you have some very extremely tightly held philosophy you refuse to let go of at all costs, then you just wind up compromising to the point where it doesn't necessarily feel worth the trouble.
it really depends on how much you've embraced the tech.
say, my parents own phones but don't do much on them except navigation, photos, messaging, and web browsing. if you're not into Uber, Doordash, mobile banking, and so on, then you're not really giving up much by switching to the alternatives.
generally, it's harder to _remove_ something from your life than it is to forego _adding_ it. if you're content with the functionality of your tech as it exists today, then a feasible route to de-apple/de-google really is to just not start doing too much _new_ with it, and within some number of years you'll find the alternatives have developed to the point where you can switch to them without going backward.
I tried to clarify it a little more, but I think if I would go into more detail I should write a separate article about it. It's relevant as to that I'm describing what you can do against the mentioned problems in the article, and how to avoid being surveilled by advertisement conglomerates.
This turned into a hell of a rant, I apologize but I'm still kind of proud of it.
--
We made surveillance capitalism the default method of financing every free-at-point-of-use service on mobile devices before we understood what that meant, and people now have zero perception of the worth of mobile-based software. People happily pay for desktop software but the decades of everything on a phone being free by default despite the economics of that making no sense have made it borderline impossible to sell software to people for their phones.
At the same time government has been completely asleep at the fucking wheel with regard to any regulation to protect consumers. Consumers shouldn't have to know the "tradeoffs" of free software, they shouldn't need to vet vendors of software on app stores for privacy policies. People should be protected by default. This "informed consumer" garbage is why we can't get anything done in a regulatory sense because these companies will make the argument that users consented when talking to any layperson user of MyFitnessPal will have you understand they really did not within 5 goddamn minutes.
Could people read terms of service? Yes. Do they? No, because people have shit to do and nobody aside of an activist or someone with an interest in it is going to read 110 pages of terms of service each from the 50 services they're currently using and it's unreasonable to suggest that they should, and that's JUST the reading, even if they read it, do they understand it? Because most people according to a stat I saw recently about the United States read at about a sixth grade level, which is going to be a struggle to get through any legal document. And 4% apparently are completely illiterate.
I don't mean to rant here but this pisses me off so much. Our entire society is constructed around a set of assumptions about people who are at least some level of educated, with decent english literacy, who have the time and energy to dedicate to managing these various things, and yeah, if you're that theoretical person, you can probably do quite well for yourself in the United States. But what if you aren't?
What if you're one of the millions who have to work three fucking jobs to survive and don't have time to read the terms of service for twitter, and just want to relax? What if you're illiterate? What if you're disabled in some way that impedes your ability to read, or your ability to understand what data harvesting is or means? Does your inability to meet the standard I've outlined above just mean you're fodder for the scummy business alliance, ready to be taken advantage of at every single turn by everyone who can, because it's more profitable that way even if it means you will be broke, exposed, and/or otherwise exploited at every single turn and probably have a pretty miserable life?
I am long tired of living in a society that is clearly, bluntly, at every turn designed for companies to live and thrive in and not people. I'm tired of people being hung out to dry because "freedom." Nobody needs or wants the freedom to be recklessly and hopelessly exploited to the ends of the goddamn earth, and I'm sick of pretending there's no way for us to know that difference.
> I don't mean to rant here but this pisses me off so much. Our entire society is constructed around a set of assumptions about people who are at least some level of educated, with decent english literacy, who have the time and energy to dedicate to managing these various things, and yeah, if you're that theoretical person, you can probably do quite well for yourself in the United States. But what if you aren't?
Not to be overly cynical, but I believe this is a feature, not a bug. I don't believe it's isolated to any one political ideology though. The system seems to rely on a perpetual underclass, and if you are slightly outside the norm or deficient, the system tends to use you as mulch for the uber wealthy's private jet funds.
I know it goes beyond cell phones, but as someone who agrees with you and has the means and know-how, I find opting out through personal choice impossible. If you don't carry a cell phone, how do your loved ones reach you in an emergency? etc., so the only real way to win is through regulation. And the laws and enforcement won't change anytime soon for the reasons you mention. Super frustrating.
One solution is dumb phones! It's an idea I've been toying with but haven't committed to yet.
I think it could work. You can call, text (probably hard, I remember those swipe-out keyboards) so you should be good in an emergency. But that's it - the rest you do on your desktop, where you have far greater control over the software you use and far less data available (no location, no photos, etc).
The trouble is there's some gaps. If you want decent pictures, you'll need a camera. If you want to do something simple like check your email, it's a whole thing.
> asleep at the fucking wheel with regard to any regulation to protect consumers
cursing aside, you are doing them a favor by saying "they are asleep" .. it is not that simple; misaligned incentives for decision makers is a polite phrase
I mean, with regard to tech in specific I think it's a bit of both? Every time anything to do with technology hits the congress and ends up on C-SPAN it is always so fucking embarassing. It's like watching grandma and grandpa try and riddle out a new Smart TV's remote, except there's way more of them, and a subset of them are proud they don't understand a fucking thing about what they're talking about.
Long and winding but you make cogent points. Shit pisses me off too. Already a couple 'but, but... they consented to this when they installed it!' comments here. Those types know not what kind of corporate misbehavior they enable, nay are complicit in.
Even if they do read licences and such, companies have a vested interest in making them as complicated, obtuse and self-serving that you have close to no recourse. It’s weasel-worded to the nth degree. They also change them largely at their leisure, and if the new terms are bad, again, there’s often very little you can do.
“If consumers don’t like it, they wouldn’t buy it” is the other lie that’s successfully kept itself alive. Consumers are kept time and spare-resource poor, and are largely presented with a predefined set of options to choose from that the companies at play feel like presenting us with.
Rarely is there an _actual_ varied choice. Only the illusion. Combine that with scenarios in other industries like enterprise sales where the “customer” is an exec and the user just gets lumped with some garbage software.
It’s interesting that American neoliberalism perpetuates this thinking of staunch independence, an unrealistic notion that every man fully defends and stands for their own interests. It seems to espouse creating the terrifying Hobbesian “”natural state””… any notion of collective defense by default, as outlined here, is rejected as “idealistic socialism/paternal states”… even that phrase, “paternal”, being used as a pejorative says so much about the American psyche (I still blame Cold War-era anti-communist propaganda for lobotomizing America’s society thinking capabilities).
That’s really the key difference between US and European thinking on privacy. Europe was slow but always thought it was fucked up. Americans don’t seem to grasp why they should care or understand how perverse their blindsight is.
Good rant. The dominant global ideology is neoliberalism AKA free market economics, which has regulatory laxness as its bedrock. That's why fixing this basic shit is an uphill slog, rather than common sense.
Neoliberals look at GDP rising and have faith that the world is good. It's time to call these folks out for what they are: dogmatic zealots.
The web ad knows at least your IP, what site you're currently looking at, and likely an extensive history of these things linked through tracking cookies.
Your ID + other people's IDs seen from the same non-CGNAT IP establish a link, i.e. they also have part of your social graph.
And if one of the web site requests location permissions to e.g. show you where that shop's nearest branch is, I wouldn't put it beyond the ad networks to detect and abuse that to add your location to the above data pile.
Of course, all that becomes entirely moot once you have a single application with ads installed on your phone that has location permissions...
Social graph? I live in a big city hitting the same cell phone tower does not friends make. Only app that needs location permissions is Google maps which doesn’t serve ads.
of course, both Google and Apple could easily assassinate me, but I’ve accepted that
Actually thinking about it a bit more with 5G being so short range I can see how a social graph could be made.
I do have 5G turned off on my phone though because I don’t know what benefit it gives me because if the 4g tower is already not overloaded bc other people are on the local 5g
We can go back and forth on whether police should have access to this data and what regulations should be put on how/why it should be accessed. I think reasonable people can disagree about details, and cultural expectations around privacy and safety probably means there isn’t a single best answer.
But I don’t think anyone can honestly say the right amount of regulation is zero, which is what we have now. It is absolutely bonkers to me that anyone off the street should be able to gather such highly granular data about any other person as long as they can pay.
I remember back in the early days of wireless data when AT&T had an app you could use on their phone where you logged in and it effectively used the GPS data of people signed in on app to tell you if they were near you or not. They marketed like you were downtown and got some free baseball tickets and needed to find someone to go with you. The app would tell you where your friends were and you could offer them to go over their simple chat app.
It completely bombed out because people were so freaked out about a device knowing where you were.
I also remember when Nextel came out with an enterprise tracking app for delivery companies where you could track the vehicle and make sure it was on time making its deliveries and could alert a person monitoring the software back at the office if say the van was sitting too long somewhere which indicated they had broken down or something similar.
Two companies tried to install on their vans and there was so much push back from so many people in one company, they canceled their order. The other company did install it and then they had three lawsuits from employees who claimed the software was a breach of their privacy - while in the employment of said company and on said companies time. The company voluntarily removed it after only a few months.
Its just so strange to me that we went from not wanting any of this, to just freely handing over any and all private information to these companies.
> Its just so strange to me that we went from not wanting any of this, to just freely handing over any and all private information to these companies.
I don't think the nature of the data collection was clear and have been creeping up on us.
It took a while for me to realize. E.g. I didn't notice Google was spying on me and stalking on non Google sites until I finally realized it.
> Its just so strange to me that we went from not wanting any of this, to just freely handing over any and all private information to these companies.
Anything can wear people down— make it seem as if it were always normal, even— if it's just persistent enough.
All the more reason it should have been nipped in the bud, I guess.
Hmm, Foursquare was founded 15 years ago, and while not extremely popular it was somewhat so.
> regulation is zero, which is what we have now.
Has sir heard of the GDPR?
GDPR is not enforceable outside the EU.
1 reply →
The first time I ran into the concept of having my mobile phone data sold to a third-party was in 2003, when I went to the Czech Republic.
Right after I crossed the border from Austria, my U.S. cell phone started lighting up with spam SMS messages. At first, it was from the local cell phone carrier welcoming me to .cz. A few minutes later, a message from T-Mobile letting me know I was roaming in another new country. Then a few minutes after that, SMS spam for hotels, then restaurants, then casinos. All of this in a time before "smart" phones.
I'm not surprised to see it's gotten so much worse.
I flew to somewhere else in the US last month and I started getting political sms spam dependent on that location. It took a good two weeks after I got back for my sms spam to normalize.
Which state? Was it one of the 2024 battleground states (MI, PA, NC)?
And did those political SMSs honor opt-out requests or not?
Wait this is a thing now?
I assumed this was only based on voter registration party-spam.
That's awful.
A few years ago, I visited Detroit, and the next morning I received the messages from the Canadian (assuming Rogers) telecom welcoming to Canadia. I was spared the rest of the spam. Though it was the first time that I had ever considered the tech issues of being near a border and receiving multiple national signals like that must be a "fun" challenge.
> One unique feature of Babel Street is the ability to toggle a “night” mode, which makes it relatively easy to determine within a few meters where a target typically lays their head each night (because their phone is usually not far away).
There are very few reasons in my mind that anyone, especially law enforcement, would need this "feature" and they're all pretty dark.
I could see this being extremely valuable to law enforcement if they're planning on making an arrest. They're a lot more likely to not get shot by the suspect if they know they're asleep. It's also the sort of thing that's not germane to making their case against the suspect--it's tactically relevant but strategically irrelevant. So we need something more than the 4th amendment here? That's actually a question I'm not a lawyer and don't know what this actually implies. Naively, it seems to me that if information is inadmissible in making their case, law enforcement should have no access to it and, probably, neither should anyone else.
That only would matter on no knock warrants, right? That’s the best case I can think of (still bad imo, I think no knock warrants are abused and lead to bad outcomes more often than good ones).
1 reply →
> They're a lot more likely to not get shot by the suspect if they know they're asleep.
Are they even? Or, can they know that? If the suspect has a gun, they'll wake up scared, confused, and with every reason to believe somebody's illegally breaking and entering.
1 reply →
Use and Configure Pi-Hole[0]
[0]:https://jeffmorhous.com/block-ads-for-your-entire-network-wi...
Also a video for those more YT inclined: https://www.youtube.com/watch?v=eCA24qJBG8Q
This does nothing for a mobile device that either concurrently maintains its cellular 'data' connection together with its Wi-Fi connection (and whose apps are permitted to access both)—or leaves the LAN without connecting remotely via a force-tunneled VPN. And even with such a VPN, the cellular NIC continues to maintain baked-in alternate routes on both Android and iOS. All that's before we even get into specific Pi-Hole and LAN config, not to mention DoH.
Krebs and everyone else he cites is right—it's time for Apple and Google to eliminate MAID altogether.
ETA: Do not downvote this parent! Use trustworthy ad blockers anywhere and everywhere you can!
> the cellular NIC continues to maintain baked-in alternate routes on both Android and iOS
How do you know this is the case? (I believe it to be, would like to verify)
Also worth mentioning many apps hardcode DNS servers or fallback to other DNS providers when they fail to resolve hostnames. I see this all the time on my network. (I have a PfSense box that redirects to upstream NextDNS when this happens)
NextDNS is a great alternative for mobile devices
https://nextdns.io
1 reply →
DoH/DoT along with hardcoded IPs make DNS ad blocking impossible.
Not completely impossible. You could have a default deny firewall, have your DNS resolver trigger an update to allow outgoing connections to the resolved IPs, and possibly also require connections pass though an SNI-sniffing proxy that only allows domains that your DNS resolver has allowed. Essentially by default you'd be blocking all custom protocols, and you'd only allow what looks like well-behaved TLS web traffic to allowed domains to flow.
Bad traffic could flow to a "good" domain, and then you need to decide whether that domain is actually "good".
7 replies →
Not sure why you're downvoted.
You create a server and host it on IP x. You create a cert for it. You add the public key to your app.
Your app can now communicate with that IP over port 443 with that certificate. Remember that the idea that the domain must match the one in the certificate is a setting, enforced by the browsers. If you run your own code you can perfectly override that.
Now you can do whatever you like on that connection.
In fact, you don't HAVE to go that far. Many applications these days do private key pinning and use that connection to load the ads. IMDb does that on the iPhone.
MyQ and myBMW use the same to 'protect' the connection. MyQ's implementation of this, and subsequent implementation of CloudFlare's bot protection completely broke home-assistant's connection. All because they want you to use their app (and get bombarded with ads).
Doh/DoT was supposed to bring in MORE privacy for users, as it allowed users to resolve addresses without the system servicing the connection (ISP / StarBucks / McDonald's) from being able to see or modify the responses (think captive pages).
But all it brought was more spying. I am a firm believer that I should be able to inspect all traffic that an application sends out over my internet connection.
Do you know of any blogs/articles I can read more on this?
3 replies →
And TLS. Sure it stops lots of other bad things, but it is quite the blocker to doing content filtering of the page contents.
I had a discussion with someone that worked on some of google's ad stuff and he swore that this type of tracking wasn't in use there. I suspect that even within these companies they try to hide the level of tracking they engage in. The only way we are going to stop this is to hold companies accountable for the things that happen as a result of the data they collect. I don't care if it is sold, stolen or given away, if data that is collected by a company gets used inappropriately then the company that collected it should face consequences.
Yes. But what of the governments which take on the data too, allowing it to be collected, legalising collection, surreptitiously collecting it themselves?
All large corporate and governmental entities love the data. Industries (tech, finance, etc) and planned future governance (technocracy) are based on it.
So, it is baked into the plan that days will be collected. It's just whether the individual will know about it.
It's an often used quote, but because it bears keeping in mind: "It is difficult to get a man to understand something, when his salary depends on his not understanding it."
A look at data for how many people were aware the whole time during any scandal, and how often abuse and crime gets covered up or exploited instead of reported or opposed, will leave you with a very banal impression of malice. "The only thing necessary for the triumph of evil is for good men to do nothing."
…Idk, companies are just groups of people. Maybe people also need stronger incentives to not let the "company" do antisocial things. At least the execs.
Maybe it's the companies that hide it. Maybe it's the people that lie to themselves. I'm sure they're smart enough; they can probably figure it out. At some point ignorance becomes wilful.
I think that over time, it will become more apparent that the only solution is to criminalize possession of the data, with a process for collecting statutory damages upon discovery. A precedent exists in the recording industry, where sharing of copyrighted songs results in automatic damages without the need to quantify the actual harm. That process already has fair provisions for willful and accidental use.
This in turn would lead to an industry that hunts for evidence on a contingency basis.
Xoogler here (2011-2018). At some point I proposed making it easy for people to "lie" to an app (if it asks for location, provide fake data etc.). This would preserve true customer choice about anonymity.
The reaction to that idea taught me a lot about incentives.
You can't just leave us hanging here, what happened? I mean, unless you're handcuffed with an NDA or something like that.
Confidentiality agreements are usually part of employment agreements. I haven't checked expiry dates etc.; and tbh I'm not sure they'd apply here, but I'd rather check ;)
The most effective effective altruism requires zero anonymity.
Advertising is a virus that eventually infects all ecosystems.
As a previous self employed man, advertising is good. It helps small companies compete against the big ones that are well known.
However no one need this amount of data, all advertiser need is : you search for a pair of shoes on Google, show you ads for shoes. That's good advertising and sometimes it can be useful for the user.
As i just responded to a sibling commenter: the way weaccess information is now more pull-based (serving requested media) than push-based (broadcast). Advertising should change to fit this paradigm.
Let consumers who are searching for product information be given advertising. Contain the virus to ecosystems that want it.
Stalking is bad. Lying and manipulating is bad.
If you look at old ads for random products from e.g. the turn of the (last) century, they seem to often give this slight "wall of text" impression. Image of the product, surrounded by prices and descriptions of what it was and what it (purportedly) did. The motivating belief seemed to be that if a company communicated the benefits of buying from them, they would attract customers.
It seems like at some point the focus shifted away from expressing factual information, and to creating vague associations and implications. I think that's still fine on its own, and in fact quite fun and the source of a lot of creativity, but it also created the opportunity to mislead in new ways. E.G. most famously harmfully maybe, the very mid-20th century idea that cigarettes are "cool". In modern times this seems to have gone even further towards exploiting basic quirks in human psychology— A dancing bear, chocolate man, or screaming celebrity has nothing to do with selling a product, but it's bizarre and surprising and therefore memorable, so by making an ad around it you're cluttering the viewer's brain with useless information designed to redirect mindshare to your capital-B "Brand".
So at that point it becomes dishonest and manipulative. But at least it's still broadcasted, e.g. on radio, TV, in newspapers and magazines. It's predatory, but everyone gets the same thing. You can still sorta avoid or ignore it. It doesn't single anyone out.
That's changed now with the Internet. The mass collection of location and personality data, identifiable to individual profiles and paired with tools allowing those individuals to be targetted with a combination of terrifying granularity and omnipresent scale— That adds an entire new dimension to "advertising", and it would still be wrong, because it would still comprise many violations of privacy and basic decency, even if it weren't being actively exploited for commercial gain. If any one individual knew as much about you and had as many tools for trying to influence you as Facebook and Google have built on an industrial scale, they would be either a stalker deserving of a restraining order, or some kind of a (probably malevolent TBH) supernatural spirit.
So "advertising", in terms of "informing the market of a product" and "connecting customers to businesses in mutually beneficial transactions", is fine I guess. Good, even. Stalking, lying, manipulating, and rent-seeking through dominance are wrong.
And with technology centralizing power in the hands of a few organizations, the modern practice of "advertising" seems to be less about "informing people" these days and more about dominating the information space in order to manipulate human behaviour with neither the consent nor the knowledge of your targets. No wonder it's apparently being abused by law enforcement.
...To be clear, I use the word "you" only as an indefinite pronoun here. Small businesses that use ad networks aren't the ones to blame for a large system having messy incentives and malicious central actors.
1 reply →
And that is why I use exclusively open source software that respects the user.
> And that is why I use exclusively open source software that respects the user.
We're all proud of you but this is barely related to avoiding ads. You can build your own car too, and you'd still have to look at the billboards on the highway. Or you could build your own phone and never giving anyone the number, then you'll still get to enjoy 5 spams/day during election season when someone decides to simply call every phone number in the region.
Ads are the new certainty besides death and taxes. If they aren't in your face yet, be assured that whole legions of shitheads are very busy trying to make it happen.
1 reply →
Governments and big tech/media try to brand anyone knowledgeable about privacy measures as pedophiles, and it's incredibly effective because they control the laws and narrative. Doesn't help that a huge fraction of people conflate having something to hide with not wanting everything be public, and in the vast majority of cases are blissfully and willfully ignorant so long as they get their Instagram or TikTok.
At a societal level we fully deserve all this because apparently we can't be fucked to care about basic rights anymore (cf. "everyone gets the government they deserve"), too lost in Huxley's dystopian future of infinite dopamine distractions.
Even if you would never see an ad in your life somehow, you would still have to pay for it on the products you buy.
The advertising industry is so large that it's basically private taxation, except that you get nothing in return from it.
4 replies →
I use open-source software too, but it (by itself) doesn't stop me from seeing annoying and intrusive ads on internet websites. An ad-blocker like uBO does, mostly (but not completely), though it's much less effective with paywalled sites.
The problem with online ads is mostly orthogonal to FOSS. Of course, it does help to not use an OS with ads baked into the Start menu...
Those are getting compromised too—not a complete solution.
that sounds suspiciously like an ad. :)
Advertising is the engine of free market. Advertising in Web and apps is used for evil purposes, just like cash (or almost anything else) is also used for evil purposes. Regulation exists to try to minimize those, but it’s always a workaround for human malice.
Maybe it was in days when only broadcast media existed. Now, we have the ability to search for answers to our needs.
Our information paradigm has changed; so should advertising. Let consumers seek out new products, if they wish to.
5 replies →
If the insane micromanagey level of tracking were legally designated by its proper practical result, which is stalking, it would be a crime. And since the modern zeitgeist is ruled by the Ruthlessness Gap, anyone who works in "advertising"/tracking ought to have their personal information and whatever they used their surveillance techniques to snoop on gets broadcast in a public database. That could be one great application for Google Glass... watching the watchers.
Can someone explain how this works on iOS post Apple's removal of IDFA? The advertising ID (MAID) in any specific app is relevant only to that app, so it seems like it would be useless for profiling? I don't see how apps can access any other identifiers on iOS. Even the wifi MAC address is randomized.
If you've gone one step further and disabled location access for apps and disabled the global ad id, it would seem difficult to do the searches described.
The article refers to "25 percent of Apple phones". Is that just legacy phones running older versions of iOS prior to removal of IDFA?
I think the 25% is referring to the users who willingly select the option to allow tracking. It sounds like this report actually corroborates Apple's claims of the impact of this decision.
Related discussion:
Location tracking of phones is out of control (arstechnica.com)
https://news.ycombinator.com/item?id=41930818
Related comment:
Many worry about how these tools will be used to persecute people such as women seeking reproductive medical services. That is a problem. But what will people think of those same tools being used to enforce protection orders, to spot parole violators? I know where my opinions fall, but I also realize that the bulk of the population would trade in their privacy for any perception of increased safety.
> But what will people think of those same tools being used to enforce protection orders, to spot parole violators?
If only our society had some orderly process to balance privacy with public safety - such as by having the cops explain to a judge why they need to track a given person, for how long, and so on.
Perhaps also some rules about what counts as a good enough reason, and telling judges they can't grant overly broad, blanket permission.
Someone should put something in the constitution about that.
Counterpoint:
> One DEA official had told Reuters: "Parallel construction is a law enforcement technique we use every day. It's decades old, a bedrock concept."
Constitution or not, they're doing it.
1 reply →
If I were in law enforcement, had no morals, and just wanted to convict as many people as possible I'd build a system that automatically assembles a virtual dossier on everyone using these data streams. Then I'd implement detection heuristics that look for interesting dossiers. These could be used as the "classified" component of a case built by parallel construction[1].
[1]https://en.m.wikipedia.org/wiki/Parallel_construction
Not even. It's worse. They aren't even useful for that.
They've tried that approach but it's actually less efficient than "good old fashioned police work" because it turns out that 99/100 of your hits are gonna be lawful weirdos, 1/100 is gonna be a petty drug dealer and the career advancing prosecution you actually wanted would have been much easier to find by using normal methods like inferring that a dealer has a supplier, a spy has a handler, etc, etc and trying to suss out who those people are. The NSA figured all this out post 9/11 when they were building data haystacks in search of terrorists.
What the data haystacks do get used for is dragnet policing wherein an agency picks some crime they're gonna go hard on, pulls up a bunch of results of people who probably did it, tosses all the people who are likely to pose any risk to them (e.g. you don't see the ATF knocking on doors asking about Temu glock switches in bad parts of Detroit) and kicks in the doors of whoever's left.
The data haystacks are also really useful for witch hunts when they get egg on their face and need to make someone pay, like that time they prosecuted anyone and everyone who they could construe as having done anything to help the kid who bombed the Boston Marathon, and the January 6 people of whom a great number were certainly just hapless.
And this is in addition to the usual "opposition research" like the FBI bugging MLK and all that sort of crap.
9 replies →
You can do things far more interesting than that with the dossiers on everyone that absolutely exist right now and that algorithms are constantly being run over. You can frame people for crimes for which you know they will have no defense, exactly like the Stasi did, and privately confront them about it. As they plead their innocence, tell them that you want to believe them, and if they can do a little work for you, they'll not only be arrested, but be rewarded! How would you like a job at Mother Jones, or the Guardian?
The U.S. Government is purchasing tools like these and using them: https://www.404media.co/inside-the-u-s-government-bought-too...
This has been a widespread problem for the better part of at least half a decade, likely much more.
To do it on their own would be illegal. To buy it from a commercial vendor is an easy contract to write. Quite something. Perhaps we should write a new law making it illegal.
They managed to outsource it on accident just because of a shared need with advertisers to target people.
if you have a legal reason to track someone, make them wear a tracker. don't make everyone else lose their privacy and freedom to move without government oversight
[dead]
> the bulk of the population would trade in their privacy
i think most people are on the fence / undecided, and the few that do "pick a side" only do so based on their personal life experiences (which includes family and community influences)
First, it's not a binary choice. It depends on the circumstance.
Also, people are influenced by what other people say, especially people in tech. You can see people on HN saying how hopeless it all is. People on HN and your social circle are listening to what you say.
3 replies →
I worked 12y the ad-tech industry, and 3y in a company using this kind of data to measure performance of "drive to store" campaigns: doing online campaign, then seeing if people visit the actual real store based on geo data. The company was actually controlled by the CNIL (French regulator) according GDPR, so we were "anonymizing" data, meaning hashing one way the IFA (unique phone id for advertiser) and storing location within a 300mx300m square I put some quote around anonymizing because geo data from your phone in the evening/night is enough to know where you live (with 300m precision). The rest of the industry in France and Europe was still a far west though (around 2020)
I can’t imagine that 300m precision is all that useful for measuring store visit campaigns.
> such as AccuWeather, GasBuddy, Grindr, and MyFitnessPal that collect your MAID and location and sell that to brokers.
Welp, that's the final straw I needed to nuke that fucking GasBuddy app from my phone. Goddamn I hate them so much
I've been bitching about GasBuddy since at least 2018 (I'm sure even further I'm too lazy to keep looking).
https://news.ycombinator.com/item?id=16776028#16776762
I've pretty much deleted all apps. I'm working on dumping my phone all together but shit like mandated 2FA is screwing that up.
At this point, 2FA is the only thing I use my phone for anymore. It's the only reason I even have a phone; I spent about a year without one until I had to for 2FA. But I don't need to carry it around anywhere for that. It would be inaccurate to call it a "mobile" device.
6 replies →
You can still use the app. You get asked both to have the app get access to the MAID, and get access to location. If this is a problem, it is a problem because you said Yes to both. You could have said No. You can change that choice now.
If you go to Settings -> Privacy, the top two options in iOS 18 are:
* Auto-deny Advertising ID access
* Which apps have location access ("X always, Y while using the app" is summarized right at the top)
I thank goodness I don't use iOS because I enjoy having the ability to use MY phone as if I own it and not Tim Apple
9 replies →
It's a damn shame. I've stopped using pretty much all apps because I can't trust any of them. My phone is practically stock.
It's worse than you think.
There are popular third-party libraries, used by apps, offering whatever functionality.
Those third-party libraries do deals with whoever, to include into the library whatever code it is the whoever wants to get out onto a ton of phones.
I worked for a company in Germany, who wanted to get some Bluetooth base station detection functionality out into phones, so they could track people.
Company put Bluetooth base stations into a bunch of locations, and then paid a major third-party library to include their code.
Bingo. One week later, millions of phones being tracked.
When you install an app, you are in fact installing God knows what from shady friend-of-a-friend-of-a-friend, who's got money.
Do not install commercial apps. Only install open source apps. Anything else, you're going to be abused, whether you know it or not.
3 replies →
Stay away from Samsung. Their default apps (which you often can't uninstall or disable) collect massive amounts of data. The default Samsung keyboard that came installed with an old Galaxy I had was logging every single letter I typed in every app and sending it to a third party whose privacy policy said it was being used for marketing research, to determine my intelligence, education level, habits, attitude, etc.
I would _guess_ that the systemic solution to this problem is one of those whole device VPNs that doesn't choose to hide your location but rather blocks access to ad and tracker networks. I actually have DDG's Privacy Pro VPN <https://duckduckgo.com/duckduckgo-help-pages/privacy-pro/vpn...> but my life experience has been that it breaks more things than it helps but I guess it's time to at least try it
Seems like one of those apps that would work fine from the website.
(a) I'm about to find out (b) at least some casual tire-kicking shows that their mobile website is just as ragingly dumb as the app is, so that actually makes me feel a little better - it's not that the app itself is stupid, it's that their dev team is
3 replies →
The combination of everyone in the synagogue + knowing where they sleep is particularly chilling.
People used to risk their lives to try to erase much less data.
eg. https://en.wikipedia.org/wiki/1943_bombing_of_the_Amsterdam_...
> they estimate they could locate roughly 80 percent of Android-based devices, and about 25 percent of Apple phones.
And that's why I gave my mother my iphone and went back on the wasteland that is Android.
She, as a normal person, doesn't understand all of these and go with the default settings. With apple it means she has 75% chance of being protected, with Google 80% chance of being tracked.
Me, as a nerd, i know about advertising id and I even root my phone to have afwall firewall.
This is why Google is just bad, they always technically allow you to do the right thing but it's buried under a ton of sub menu and convoluted settings. On purpose of course, their goal is to make money.
the number is actually 100% of any device that connects to the phone network regardless of OS.
You could just set the DNS of her android phone to dns.adguard-dns.com
If I use an ad id on android, is this id the identifier I can use to make a gdpr request to brokers regarding accessing and deleting my data? I don't have an ID but I'd be curious about doing that, in a similar way to xandr with its uuid2 (although xandr does just looks bad and not this terrible)
It's worth a try. However, expect the brokers to claim that they cannot be sure that you're the only person using the phone and therefore, for privacy reasons, they can't share the data.
You can complain to the Irish DPA (because that's where the broker is likely hiding, pro-forma), which will respond within a year or two with a request for more information.
If the broker made the mistake to be domiciled in a location with a more competent DPA or you are willing to drag them to court, you might stand a better chance.
Additionally to an OpenWRT [1] Wi-Fi router or Adguard Home [2] DNS proxy that you can run for yourself, there's also this excellent app firewall project called NetGuard [3].
The developer got kicked out of the Play Store for bogus reasons, and had to continue to develop it as an externally funded effort. Support him, buy a pay what you want license, and give him a couple bucks for it if you value open source software like this.
(I'm not affiliated with the project, I just love the app and it runs on all my degoogled devices)
Additionally, degoogle your phone by installing an open source ROM like GrapheneOS [4] or LineageOS [5], and install only the most essential apps on your phone.
There's also App Warden [6] which audits installed apps, by scanning them for malicious libraries and adtrackers. It's based on the dataset provided by Exodus Privacy [7] where you can search for Apps or their APK identifiers and find out what kind of fingerprinting libraries they're using. For example, this is what the Facebook App uses behind the scenes [8].
Don't install gapps and neither the google play services. If you want an app store for the convenience of updates of open source apps, there's also f-droid [9], a libre app store for Android.
Additionally you should keep in mind that every app that needs google play services to run is spyware, by definition of what these services offer as APIs. Websites that require you to install their app to "verify" you are usually spying on your activity.
[1] https://openwrt.org/toh/start
[2] https://openwrt.org/docs/guide-user/services/dns/adguard-hom...
[3] https://netguard.me/
[4] https://grapheneos.org/
[5] https://wiki.lineageos.org/devices/
[6] https://gitlab.com/AuroraOSS/AppWarden
[7] https://reports.exodus-privacy.eu.org/en/
[8] https://reports.exodus-privacy.eu.org/en/reports/com.faceboo...
[9] https://f-droid.org/
It's a bit of a pipedream tbh. I have a pixel and grapheneOS, but the reality of what you need to give up or how much you have to inconvenience yourself makes it unpalatable enough that unless you're life is actually in danger or you have some very extremely tightly held philosophy you refuse to let go of at all costs, then you just wind up compromising to the point where it doesn't necessarily feel worth the trouble.
it really depends on how much you've embraced the tech.
say, my parents own phones but don't do much on them except navigation, photos, messaging, and web browsing. if you're not into Uber, Doordash, mobile banking, and so on, then you're not really giving up much by switching to the alternatives.
generally, it's harder to _remove_ something from your life than it is to forego _adding_ it. if you're content with the functionality of your tech as it exists today, then a feasible route to de-apple/de-google really is to just not start doing too much _new_ with it, and within some number of years you'll find the alternatives have developed to the point where you can switch to them without going backward.
I've never had a router compatible with OpenWRT, so I went with NextDNS instead. Also, PiHole is another alternative
You can simply install GrapheneOS (if you own a Pixel device) instead of workarounds like Netguard. It is hardened for security and privacy.
Care to clarify what these things do and why it’s relevant to the posted article?
I tried to clarify it a little more, but I think if I would go into more detail I should write a separate article about it. It's relevant as to that I'm describing what you can do against the mentioned problems in the article, and how to avoid being surveilled by advertisement conglomerates.
This turned into a hell of a rant, I apologize but I'm still kind of proud of it.
--
We made surveillance capitalism the default method of financing every free-at-point-of-use service on mobile devices before we understood what that meant, and people now have zero perception of the worth of mobile-based software. People happily pay for desktop software but the decades of everything on a phone being free by default despite the economics of that making no sense have made it borderline impossible to sell software to people for their phones.
At the same time government has been completely asleep at the fucking wheel with regard to any regulation to protect consumers. Consumers shouldn't have to know the "tradeoffs" of free software, they shouldn't need to vet vendors of software on app stores for privacy policies. People should be protected by default. This "informed consumer" garbage is why we can't get anything done in a regulatory sense because these companies will make the argument that users consented when talking to any layperson user of MyFitnessPal will have you understand they really did not within 5 goddamn minutes.
Could people read terms of service? Yes. Do they? No, because people have shit to do and nobody aside of an activist or someone with an interest in it is going to read 110 pages of terms of service each from the 50 services they're currently using and it's unreasonable to suggest that they should, and that's JUST the reading, even if they read it, do they understand it? Because most people according to a stat I saw recently about the United States read at about a sixth grade level, which is going to be a struggle to get through any legal document. And 4% apparently are completely illiterate.
I don't mean to rant here but this pisses me off so much. Our entire society is constructed around a set of assumptions about people who are at least some level of educated, with decent english literacy, who have the time and energy to dedicate to managing these various things, and yeah, if you're that theoretical person, you can probably do quite well for yourself in the United States. But what if you aren't?
What if you're one of the millions who have to work three fucking jobs to survive and don't have time to read the terms of service for twitter, and just want to relax? What if you're illiterate? What if you're disabled in some way that impedes your ability to read, or your ability to understand what data harvesting is or means? Does your inability to meet the standard I've outlined above just mean you're fodder for the scummy business alliance, ready to be taken advantage of at every single turn by everyone who can, because it's more profitable that way even if it means you will be broke, exposed, and/or otherwise exploited at every single turn and probably have a pretty miserable life?
I am long tired of living in a society that is clearly, bluntly, at every turn designed for companies to live and thrive in and not people. I'm tired of people being hung out to dry because "freedom." Nobody needs or wants the freedom to be recklessly and hopelessly exploited to the ends of the goddamn earth, and I'm sick of pretending there's no way for us to know that difference.
/rant
> I don't mean to rant here but this pisses me off so much. Our entire society is constructed around a set of assumptions about people who are at least some level of educated, with decent english literacy, who have the time and energy to dedicate to managing these various things, and yeah, if you're that theoretical person, you can probably do quite well for yourself in the United States. But what if you aren't?
Not to be overly cynical, but I believe this is a feature, not a bug. I don't believe it's isolated to any one political ideology though. The system seems to rely on a perpetual underclass, and if you are slightly outside the norm or deficient, the system tends to use you as mulch for the uber wealthy's private jet funds.
I know it goes beyond cell phones, but as someone who agrees with you and has the means and know-how, I find opting out through personal choice impossible. If you don't carry a cell phone, how do your loved ones reach you in an emergency? etc., so the only real way to win is through regulation. And the laws and enforcement won't change anytime soon for the reasons you mention. Super frustrating.
One solution is dumb phones! It's an idea I've been toying with but haven't committed to yet.
I think it could work. You can call, text (probably hard, I remember those swipe-out keyboards) so you should be good in an emergency. But that's it - the rest you do on your desktop, where you have far greater control over the software you use and far less data available (no location, no photos, etc).
The trouble is there's some gaps. If you want decent pictures, you'll need a camera. If you want to do something simple like check your email, it's a whole thing.
1 reply →
> asleep at the fucking wheel with regard to any regulation to protect consumers
cursing aside, you are doing them a favor by saying "they are asleep" .. it is not that simple; misaligned incentives for decision makers is a polite phrase
I mean, with regard to tech in specific I think it's a bit of both? Every time anything to do with technology hits the congress and ends up on C-SPAN it is always so fucking embarassing. It's like watching grandma and grandpa try and riddle out a new Smart TV's remote, except there's way more of them, and a subset of them are proud they don't understand a fucking thing about what they're talking about.
1 reply →
Long and winding but you make cogent points. Shit pisses me off too. Already a couple 'but, but... they consented to this when they installed it!' comments here. Those types know not what kind of corporate misbehavior they enable, nay are complicit in.
To add to your points:
> Could people read terms of service…
Even if they do read licences and such, companies have a vested interest in making them as complicated, obtuse and self-serving that you have close to no recourse. It’s weasel-worded to the nth degree. They also change them largely at their leisure, and if the new terms are bad, again, there’s often very little you can do.
“If consumers don’t like it, they wouldn’t buy it” is the other lie that’s successfully kept itself alive. Consumers are kept time and spare-resource poor, and are largely presented with a predefined set of options to choose from that the companies at play feel like presenting us with. Rarely is there an _actual_ varied choice. Only the illusion. Combine that with scenarios in other industries like enterprise sales where the “customer” is an exec and the user just gets lumped with some garbage software.
It’s interesting that American neoliberalism perpetuates this thinking of staunch independence, an unrealistic notion that every man fully defends and stands for their own interests. It seems to espouse creating the terrifying Hobbesian “”natural state””… any notion of collective defense by default, as outlined here, is rejected as “idealistic socialism/paternal states”… even that phrase, “paternal”, being used as a pejorative says so much about the American psyche (I still blame Cold War-era anti-communist propaganda for lobotomizing America’s society thinking capabilities).
That’s really the key difference between US and European thinking on privacy. Europe was slow but always thought it was fucked up. Americans don’t seem to grasp why they should care or understand how perverse their blindsight is.
Good rant. The dominant global ideology is neoliberalism AKA free market economics, which has regulatory laxness as its bedrock. That's why fixing this basic shit is an uphill slog, rather than common sense.
Neoliberals look at GDP rising and have faith that the world is good. It's time to call these folks out for what they are: dogmatic zealots.
GDP is a crappy measure of a nation's wealth.
It's a passable measure of the financial class's wealth, which is not the same thing at all.
The use of GDP as the headline number in demagoguery is a psyop
Banning advertising would fix it the corporate level.
Philosopher kings would fit it at the political level.
The ad knows nothing more than my ip, not exactly accurate location data. Not sure what android gives out wrt gps
The web ad knows at least your IP, what site you're currently looking at, and likely an extensive history of these things linked through tracking cookies.
Your ID + other people's IDs seen from the same non-CGNAT IP establish a link, i.e. they also have part of your social graph.
And if one of the web site requests location permissions to e.g. show you where that shop's nearest branch is, I wouldn't put it beyond the ad networks to detect and abuse that to add your location to the above data pile.
Of course, all that becomes entirely moot once you have a single application with ads installed on your phone that has location permissions...
Social graph? I live in a big city hitting the same cell phone tower does not friends make. Only app that needs location permissions is Google maps which doesn’t serve ads. of course, both Google and Apple could easily assassinate me, but I’ve accepted that
Actually thinking about it a bit more with 5G being so short range I can see how a social graph could be made. I do have 5G turned off on my phone though because I don’t know what benefit it gives me because if the 4g tower is already not overloaded bc other people are on the local 5g
2 replies →