Announcement

Collapse
No announcement yet.

privacy and smartphones...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • privacy and smartphones...

    Hello!

    At the moment, Facebook is under scrutiny with the whole Cambridge Analytica thing... But I just experienced some that I would classify as creepy...

    I needed to set an appointment with the Spanish tax office, which requires you to give either an email address or a phone number; they use this to send confirmation of the appointment. My colleague (and sysadmin) told me that it is better to use the mobile phone, so we did and we got the confirmation sms. We did this using a firefox browser on a computer where I was not logged into google, facebook or any other social network.

    The next day, in google play store, the first app it recommended for me is... the official Spanish tax office app.

    It did freak me out a bit... I mean, I understand that the google play store recommendations are made on the things you download from the app-store. But the only way they could now about the tax-office is if
    1. they processed a message that came to my phone
    2. traced the number of the sender
    3. identified it as a number of tax office

    and then they use that information to suggest me the app.
    (or does anyone see another way they could have gotten it? it is possible that the Tax Office website shares the number with google, but there was nothing like that mentioned)

    I feel a border was crossed here.
    And I hate that Apple phones are so expensive, as this makes me want to leave Android immediately. But I don't know if Apple is better with such things... And basically that is where the options end, which actually is the worst of all....


    edit: I have since revoked the permission of Google Play Store (and related apps), as it indeed had permission to access sms and telephone. I should have checked this, but overlooked it. I'll know now which things to do when you get a new phone.

    Jörg
    Last edited by VJ; 12 April 2018, 01:53.
    pixar
    Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

  • #2
    I'm also looking into this as things are getting out of the way - also had some creepy moments.

    Things you can do:
    install lineage OS (successor to Cyanogen Mod) and install minimum google apps and don't give them many permission. If you're scared about bricking your phone you can buy 2nd hand phone for 100-200€ to try first.
    Use 3d party offline maps.
    Have your phone always connect through VPN to your home and access internet through your home IP
    Remove all FB apps. Funny people around me are deleting facebook but keep using whatsap and instagram. If you need to continue using FB (it's best for event calendar and contacts of friends until most people are also elsewhere), use it on computer.
    I don't think switching to Apple long term is a good solution to this.

    Then for browsing you can start running Tails VM that boots from ISO.

    Problem is the sites now use a mix of behaviour and IP ranges to track you and build profile. I was on a salesforce event where you can purchase intelligence for the site which builds profiles of users visiting site and once they give you email or you identify
    them in other way you have them in database.

    For PC create a private airgapped network an/or have offline workstation.
    Last edited by UtwigMU; 12 April 2018, 03:01.

    Comment


    • #3
      No LineageOS for my phone (LG K8, model k350nds)... At least none that I would venture to try (no mention on the dual sim, no list of what works and does not work, ...).

      I have disabled almost all Google apps (they came on the phone so I cannot remove them) as I don't use them other than GMail (when necessary) but of course also Play Store. I forgot to check the permissions of those, so now I went over all my apps and denied all permissions apart from the ones they need for functionality (e.g. storage for things that need it, or camera for things that need it)

      As for the apps: I always use a 3rd party browser (opera) in private mode and don't really use a mapping application on the phone (and then I always use opensource offline ones). Location and internet are off unless I need it. As everyone here in Spain uses Whatsapp, I also have it as it is the only means of communicating with some people . On the computer, I'm never logged in to any account in the background, and I use a separate browser to login to Facebook/Google than the one I use for regular browsing. And I use duckduckgo as my main search engine...

      As far as website tracking: there is not much you can do about it. Even if you go through your VPN at home, you just obfuscate your position based on IP (so the website cannot see it), but Google may still get it from knowing the wifi access point or which gsm antenna you connect to. Your browsing behaviour will be caught anyway as you visit websites (and will perhaps be more accurate as it is always tied to one location due to your VPN). There still is a difference for me between them knowing that there is a unknown person who visits sites A, B and C and them being able to link it to a specific person. The former can be ok for statistics or so, but the latter is much more problematic in my opinion (and the latter is what is happening, connecting through your own VPN would not prevent it).

      On one hand it is nice of you to admit you also have experienced similar creepy moments, but it does show that there is something very wrong with all that is happening. If we cannot protect against it, how do we expect our parents or teenagers to manage? I really hope the Facebook thing has opened some eyes, although seeing some of the questions that were asked to Zuckerberg ("how do you put the circle around the a in an email address?", "how can you make money if people don't pay?"), I'm guessing it will just blow over without any changes...

      O, cloudfare launched a dns that they claim is private:
      Last edited by VJ; 12 April 2018, 06:39.
      pixar
      Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

      Comment


      • #4
        Besides the above, avoid Chinese made devices like ZTE or Huawei. The US govt (FBI, CIA, NSA etc.) has warned about them, and they've been found to "phone home" and send data. Some US carriers have dropped them.
        Dr. Mordrid
        ----------------------------
        An elephant is a mouse built to government specifications.

        I carry a gun because I can't throw a rock 1,250 fps

        Comment


        • #5
          Originally posted by Dr Mordrid View Post
          Besides the above, avoid Chinese made devices like ZTE or Huawei. The US govt (FBI, CIA, NSA etc.) has warned about them, and they've been found to "phone home" and send data. Some US carriers have dropped them.
          Yes... but that is quite a different problem... I mean, it affects privacy, but it is easier to avoid. For all things we buy, I'm quite sure we all have some personal blacklist of gear we would not consider; these get added to the blacklist and it is problem solved.

          The issue with Facebook and Google is much more difficult to avoid, much less in the news: people seem very eager to listen when it is about "bad commies", but seem completely oblivious for other similar risks. But even worse, even if you listen and try to do things, it is difficult to protect yourself as FB and Google are present in so many hidden ways that even for experts it is difficult to shield you from them.
          People and governments were so fighting Microsoft back in the days for the way it dealt with its monopoly and forced software on people. And for most people, Google started as one of the good guys, as a change from the "evil" microsoft. But now Google is really everywhere, and they know so much about us and they are almost impossible to avoid... Facebook is similar: even if you don't have an account, they will have a profile of you, through browsing behaviour, contacts that have Facebook, etc...
          Last edited by VJ; 12 April 2018, 23:44.
          pixar
          Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

          Comment


          • #6
            Originally posted by Dr Mordrid View Post
            Besides the above, avoid Chinese made devices like ZTE or Huawei. The US govt (FBI, CIA, NSA etc.) has warned about them, and they've been found to "phone home" and send data. Some US carriers have dropped them.
            I think USA agencies would share their data with my .gov sooner than Chinese agencies.

            Comment


            • #7
              I wonder whether we had a better deal with Blackberry. I still maintain OS10 is superior to Android and iOS.
              Join MURCs Distributed Computing effort for Rosetta@Home and help fight Alzheimers, Cancer, Mad Cow disease and rising oil prices.
              [...]the pervading principle and abiding test of good breeding is the requirement of a substantial and patent waste of time. - Veblen

              Comment


              • #8
                Originally posted by Umfriend View Post
                I wonder whether we had a better deal with Blackberry. I still maintain OS10 is superior to Android and iOS.
                Didn't it require Blackberry servers for some services?
                But still, the privacy issue is in a way independent of the OS as long as it works without internet connection (so no cloud services). I mean, Windows on an offline computer is the same as on an online computer (apart from synchronization things) from the user's point of view. And even synchronization functionality should not imply data sharing, it could all be encrypted.

                Originally posted by UtwigMU View Post
                I think USA agencies would share their data with my .gov sooner than Chinese agencies.
                IMO, it does not really matter who gets our data, we should be able to shield from all for them.
                pixar
                Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                Comment


                • #9
                  That was the old Blackberry, up to BB7, great phones, insignificant OS. BB10 was the new QNX-based OS. And it did not sell your data. Of course, if you used google/facebook/twitter then it may have been moot anyway but still.
                  Join MURCs Distributed Computing effort for Rosetta@Home and help fight Alzheimers, Cancer, Mad Cow disease and rising oil prices.
                  [...]the pervading principle and abiding test of good breeding is the requirement of a substantial and patent waste of time. - Veblen

                  Comment


                  • #10
                    I use an Essential PH-1. It's an amazingly underrated phone from one of the Android co-creators, Andy Rubin. The camera is not the best, but the rest of the hardware is top quality. They've improved the camera a lot through software, and my only sore spot left is low-light. Great for outdoors, less so for indoors.

                    That aside, even getting the phone through Sprint it came loaded with nothing but the mandatory Google apps. No carrier software. No bloat. No spyware. It is hands down my favorite smartphone.

                    The next gen, PH-2, should be hitting this year with a Snapdragon 845 upgrade and improved camera. There's no official LineageOS support yet, but there is an unofficial ROM. All versions of the phone are also bootloader unlocked.



                    LineageOS is a free, community built, aftermarket firmware distribution of Android 8.1 (Oreo), which is designed to increase performance and reliability over stock Android for your device. It should go without saying, but do not lock your...



                    There's a secure branch of Lineage being built but I forget its name. Starts with an "e" I think.
                    “Inside every sane person there’s a madman struggling to get out”
                    –The Light Fantastic, Terry Pratchett

                    Comment


                    • #11
                      I just went over the permissions of the apps again, and the app "Google Play Services" re-enables all permissions after a reboot.

                      So just a heads-up... check it... (I have an LG K8 - model nds350)...
                      pixar
                      Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                      Comment


                      • #12


                        or if you don't want to risk - I nearly bricked my Galaxy S3 when installing Cyanogen, you can buy one of supported phones 2nd hand:

                        Comment


                        • #13
                          That one is for the 2017 model, I have the 2016 model with dual sim (code number is k350nds)... There is a rom, but it is marked as unstable and does not list what works and what does not.
                          pixar
                          Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                          Comment

                          Working...
                          X