As an app developer, what worries me if the third party tools we use do unintended tracking. For example, we use Firebase for tracking crashes and knowing which versions of our apps are being used. We’ve also recently started using them for push notification handling for Android streamlining reasons. In one of the apps I’ve worked on we need location permissions to do geofencing but it’s all local, on device stuff. On the same app we’ve also recently added support for adding/removing calendar events. Again, it’s feature we added that’s local-only and theres’s no data transmission associated with that feature. The only tracking we do is our own home-grown solution that we don’t share externally.
With all that in mind, I’m curious how much of that data does Firebase, aka Google, share with all the rest of its services. Does enabling location tracking suddenly causes Firebase to report location data without our knowledge? Does enabling calendar access suddenly cause Firebase to read the calendar data on its own and report that, too? I’m not at all accusing Firebase of doing anything without knowledge and maybe it may be a “good citizen” with regards to how it manages and accesses (or doesn’t, even if it can) private data but I’m confident that that’s not the case with every third party tracker.
> Does enabling location tracking suddenly causes Firebase to report location data without our knowledge?
> Does enabling calendar access suddenly cause Firebase to read the calendar data on its own and report that, too?
These are good questions to be thinking about. As for Firebase specifically, I have never seen it automatically collect additional data based on user-granted permissions (at least in iOS apps).
However, there may be a few other SDKs with this sort of issue. It is important for app developers to be careful of this.
For example, when working on similar location tracking research (see: https://guardianapp.com/research/ios-app-location-report-sep...), I noticed that quite a few prominent apps use an SDK from “Braze” (https://www.braze.com/), and if location permission was granted to the “host” app, the SDK automatically sends back the user’s GPS coordinates when communicating with the Braze API. I remember at least one such app developer had no idea Braze was doing that and rushed a fix out soonafter to make it stop sending the GPS information to Braze.
I hope we see more pressure on analytics companies to offer more open source SDKs instead of compiled binaries and headers. This sort of issue would be easier to spot and deal with, instead of being unsure what exactly the SDK was doing.
A hundred times this. One big red flag is if you have a 'free' stack which does something useful for you. It is important to ask if it does something 'useful' for the stack developer who gave it to you to use. Perhaps the most canonical example of this was Facebook giving away "free" internet to under served groups in India. At what point will we have an organization giving away 'free phones' to people as a way of developing demographic data?
On the plus side I think more and more developers and users are becoming aware of the dangers and the actual cost to their privacy and/or brand that these 'free' things expose and so it will perhaps get better.
When someone asks me about what is the most important challenge of this century, I reply: PRIVACY. The way it goes right now shows us very clear sign there will be no privacy anymore. Anything you say or watch is preserved and can be used one day against you. My apologies to all future politicians. It is serious. Porn habits? No problem. Drunk jokes? Will reflect. The way to solve this conundrum is a change of social norms, but it's a long way.
I don't think porn habits or old photos are the primary problem. The primary privacy problem of the 21st century is a powerful group of people, be it government, Big $X, or even just a mob discovering you have Wrong Beliefs, even if you didn't put those beliefs out expecting them to go public, or even if they were expressed in your own home.
Compared to the budding nightmare I see coming from that direction, merely losing your nudes, while a more acute problem, will have nothing on the chronic changes that's going to bring.
Privacy is very important but its just a drop in the ocean compared to environmental disaster. Google tracking you browse the internet seems unimportant compared extinction.
This is where these two issues beautifully tie together: Saving the environment is important - consuming less is a way to do say - with less paying consumers, adds become less valuable - less incentive to violate privacy.
This raises a question, how much does the cancer that is advertising & analytics consumes in terms of electricity and engineering time that could've been put to better use?
It certainly accompanies it (can you imagine a world where there was needless and wasteful consumption, but no one bothered to advertise?). I wouldn't be so sure about causation.
If you can't imagine a world with wasteful consumption but no advertising, that kind of tentatively rules out "wasteful consumption causes advertising". What remains is "advertising causes wasteful consumption" and "wasteful consumption and advertising are both caused by a third thing", but given that advertising is literally the art and science of making people buy more stuff, the "advertising causes wasteful consumption" option seems the most probable.
There's a show on Netflix called 'Easy' that has an episode about how the solution to this is changing cultural norms. Specifically, the recognition that we all make these mistakes and will inevitably start forgiving each other. Season 1 Episode 5. Great episode.
But yea, it's going to take a long time. And it's going to be a crazy ride.
One of these days, I took some time to analyze network traffic going out of my phone. I wanted to know what was happening behind. I learned that some apps that I wouldn't think of, such as banking, ISP and credit card, were tracking me and sending information to advertising companies!
I got angry at some things. For instance, ISP app should provide me information about data consumption and means to buy more. However, it decided to do more things behind the scenes, in addition to doing the tasks it was supposed to in a overly complicated manner—requests travelled back and forth over multiple servers over multiple companies before it did anything.
After this exercise, I realized how great it would be if these companies had to provide a clean and well documented API. Users could implement their own apps, liberating themselves from having to trust their private data and resources to companies that would care less if, if allowed.
> After this exercise, I realized how great it would be if these companies had to provide a clean and well documented API. Users could implement their own apps, liberating themselves from having to trust their private data and resources to companies that would care less if, if allowed.
That's why we don't have those APIs. It's not in the interest of any company to make itself more interoperable. This would allow users to develop ways at getting directly what they want and paying the sticker price, without being exposed to all kinds of garbage. Problem is, this very garbage is an important, and sometimes primary way companies make money.
Put another way: most companies aren't your friends, they're here to abuse you. Hold on tightly to the rare ones that are friendly.
Are you on Android? Use Firefox with NoScript or uMatrix (also as your default webview) and setup AdGuard DNS [0] or a pi-hole. You could consider using a VPN like Orbot (free Tor-as-a-proxy) [1], PerfectPrivacyVPN (supports multiple exit IPs, multiple-hops, and server side firewall) or set one up using Algo/Streisand [2].
If you do not want to root your device:
1. Install NetGuard or No Root Firewall to view what's going on from network perspective.
2. Install ExodusPrivacy to generate a report on apps wrt sdks in use by them.
---
If you are okay to root the device:
1. Install XposedMod, and then XPrivacyLua module, and work through the options.
---
If you're okay with flashing a ROM:
1. Consider LineageOS + microG
2. If you are using Pixel, consider ChromeheadOS (edit: CopperheadOS) [3].
For anyone considering the above, this is a failing battle. The only way to stop this sort of tracking is if we have a cultural shift, start putting laws in place, and actually enforce them.
For example, did you know that many shopping malls track you with license plate readers? Did you know that your credit card transactions are up for sale? Or that your cell phone provider will give up your location to a third party with a flimsy consent?
I'm no expert but I do not agree with the 'failing battle' part... still quite a way to go in that regard, I think, specifically because the Math behind crypto hasn't failed us yet (ocassionally, the implementation has) and because the government agencies themselves need tech that helps them stay underground (Tor, for instance, continues to get funding from the US Government).
Is it getting difficult? Yes, absolutely. People still hold the 'nothing to hide' stance and most are okay giving up privacy esp if it means their life becomes a little more secure and things get more convenient (most would support AI powered street surveillance that helps keep tabs on criminals, for instance).
Its a failing battle to try and outsmart the people who are _professionally_ prying into your private information. You might make it harder for them, even harder to the point where you partially fall out of their datasets, but you will never truly escape. These days it isn't even enough to stop using privacy comprising technology. As I said above, the only real solution is a social one. If you try a technological solution you will always lose because you are significantly out funded.
Also: vote with your wallet. If you see a technology that aligns with your ethical goals, pay for it. To that end I will probably buy a Librem 5, even though I don't expect it will actually do much for my privacy.
In the end unfortunately none of the ad/tracker blocking solutions are solid; All an app developer has to do is use an IP address to fetch ads (avoiding dns resolution and thus dns based blocking won't work.)
Or, fetching the ads from the same hostname as also used by the app itself to provide whichever service the app provides, which means that hostname can't be blocked even by a firewall because the app itself will stop working.
So i agree, the only proper solution is laws to stop the privacy abuse.
The internet isn't a "US" thing. It's not a "EU" thing. It's not even a "China" thing (GFoC aside).
The internet's a worldwide thing. And that means, sure your puny law may say you can't do X (ad tracking). Ok. I'll just make a shell company in shithole country, pay some protection money, and run tracking or whatever. And that data I generate will be sold to anyone who wants to buy. I'll make it so everybody has to buy to compete - even if against the law.
And it too is a failing battle in the US. Experian, Equifax, and Transunion... If what happened regarding Equifax didn't bring the corporate death penalty either by fines or dissolution of their corporate charter, nothing will.
The advertising infrastructure is largely funded by the big advertisers, and legal issues certainly matter to them.
When (for example) Toyota is paying a bunch of money to target customers in France, they're playing with the same rules as Ford is when targeting the same customers. They don't have to do things against the law to compete in advertising, and they'll even be eager to identify competitors breaking advertising law to screw them over; there has been lots of legal action taken as a result of such industry self-policing to ensure that competitors aren't able to benefit from misleading advertising.
Sure, there are lots of businesses who would by "under the table" data and apply it illegally, and it is a huge advertising market - but it's absolutely dwarfed by the much, much, much larger advertising market funded by the major international public companies. The advertising money flowing from a single company such as Procter&Gamble or Nestle is larger than all the total advertising turnover from whole smallish industries. If you cut off the tracking-adtech companies from the legal market, it's like restricting oxygen for them - they'll still have some customers, but they'll get an order of magnitude less money to do their things.
Actually, in that case the centrality or Monopoly of the Apple store and the Google play store makes regulation easier. Censure Apple or Google for the apps sold in their marketplaces that violate the law and they will be taken down.
I'm not sure I see the objection? Are you saying that the US government doesn't have sufficient carrots and sticks to get app stores like the Apple Store or Google Play to remove apps from US markets that violate US law?
One could do a reverse DNS lookup and firewall the IPs too (admittedly, the IPs would have to be refreshed, and there might be issues with multi-record DNS enteries). See discussion: https://news.ycombinator.com/item?id=19258717
If you're worried about flashing your device, go spend $100 on a device off the LineageOS list of supported devices, and experiment with that instead. The odds are it'll go fine and you'll be happily using it three months from now.
True, not because it's 2019 but due to Project Treble's GenericSystemImages that cleanly separate OEM (Samsung, Sony, Lenovo) and silicon-vendor (Broadcom, Qualcomm, Mediatek) related blobs from the Android subsystem, such that the Android bits could be changed or updated independent of vendor support.
Even a cursory glance at some of the sections on XDA or a search for '2019' and 'brick a mobile' will reveal that they are not mutually exclusive events.
I meant to completely brick a mobile. As a newbie, it's possible to get into a boot loop, a black screen, etc. which are easy to recover events, but might seem as the end of the world.
I even remember having to short two pins in the motherboard of my mobile to recover from a particularly bad brick. And it worked fine.
But a complete brick, as in you have to throw away your mobile? Impossible, I'd say.
I would be a bit reluctant to run CopperheadOS now. Sadly the main developer left after somewhat hostile actions from the CEO, and there have been lots of changes in the organization.
IMHO the best option for a secure phone is pure Android without Google blobs. That is, AOSP on a Pixel phone. Plus an F-Droid userland.
If a Pixel is too expensive, you can always try to get an AOSP device-independent image on a new phone that supports Treble. For example, the super cheap Nokia 1 seems to work well [1].
Agreed. For anyone interested in doing their own monthly signed AOSP builds for Pixel phones with OTA updates, take a look at a project that I built that fully automates the process in AWS: https://github.com/dan-v/rattlesnakeos-stack.
AOSP is clean, but doesn't have anti tracking measures available in CopperheadOS: fake IMEI or MAC addresses (this has been mainlined in Android Q, though), for instance.
Apple seems to giving the appearance they are doing something about it. They claim they will remove apps that sell your location data. However Foursquare is still in the App Store, so we can’t take their claims seriously yet.
> They claim they will remove apps that sell your location data
They most definitely do not remove such apps.
Use an app like Charles Proxy or Burp Suite to inspect the traffic of your phone when running the “Perfect365” app. It is really remarkable, and Apple is aware of what they are doing.
The trust has been broken. There needs to be a way to make sure this is a transition to "paid, no ads/tracking" and not "paid plus ads/tracking".
One interesting side effect of GDPR is the surprising amount of PC games - games for which I paid price that's presumably profitable to the authors - that started throwing up consent forms.
You're approaching it rather theoretically. Yes, even a landline generates data and metadata, but do you feel watched when owning a landline the same way as when you see that you have like three different companies tracking you in every app or website?
I think some people feel a landline is better as far as surveillance goes, but I think that comes from back in the day before telecom companies realized that they were sitting on a goldmine. Today, every part of your interaction with any telecom company is monetized.
Maybe that's my European view on things, but I doubt that. They would have to tell me in the privacy policy that they share my phone records with third parties, with which category of companies they share them, and for what purpose. Moreover, after moving to Germany and getting a phone bill twice as high as I expected the first month, I could not even get my records to check what I was being billed for, because I did not opt in to storing that data. They (said they) didn't have the data because I didn't ask them to store it.
It wasn't a large enough amount (by far) to take it to court, though, so I can't know for sure, but lying about not having the data and keeping it secret when hundreds of employees are in the know (if they are indeed selling it, or at least a handful of employees if it's just storage for billing) sounds rather conspiratorial. A little like dieselgate, so I'm not ruling it out as possible, it just seems very unlikely.
I was definitely speaking from a US perspective. I would be so happy if the US would start doing more to lock up user data. We already protect health data (HIPAA) and I think it would be a great idea to extend that to all data connected with an individual or account.
It's amazing how different my phone feels since I've set up Wireguard to a server I have set up a few milliseconds away from me and put a pihole at the end of it, too. Blocking the (web) trackers at their source, coupled with less "wake up the radio to make this network call" is really quite nice, and the in-app advert spaces don't load except for a handful of folks doing (reasonable) native advertising.
Wouldn't you still have to wake up the radio to perform the (pi-holed) DNS lookup, though? Just curious because I would love to use a similar kind of system, but I am concerned about battery life.
I've been doing this for a few months now and the impact on battery life is noticeable but acceptable to me. iOS reports that WireGuard was responsible for 8% of my battery use today.
I have raised the issue of trackers in analytics SDKs on developer forums and the result has invariably been negative towards me.
When speaking to friends and coworkers about these issues, the result is mostly people calling me paranoid.
Developers mostly don't care as long as they get money.
Users mostly don't care as long as they get cheap apps.
As a developer who does not use third party SDKs that track users (other than the OS) because I value my user's privacy and realize that many of my users are in places where data is expensive and scarce, I sometimes feel like I an engaging in a futile and unwanted effort.
There’s a lot of scaremongering in here. I fully support giving users full privacy controls. However, both Android and iOS allow you to toggle off availability of your Advertising ID. That’s been in there for years. Turn it off and apps can’t grab it (they get 000000000). Each vendor gets a vendor-specific ID on iOS, shared between that vendor’s apps. Delete all vendor apps and it resets.
I’m not saying this is an ideal situation by any means. However, it’s just two small examples that are ignored by this article.
There's much more to tracking than your phone's tracking/Advertising ID. A modern smartphone app can identify you and commit pervasive tracking whether or not this ID is set. Disallowing permissions partially solves this problem, except that an app can get quite far just by setting its own UUIDs and sharing them with other vendors.
Further, an Android phone with no 3rd party apps is already sending an enormous amount of tracking data to Google, where it can be purchased by 3rd parties. None of this requires an Advertising ID.
If you read through here, you'll get a sense for the various different IDs and tracking methods that Google is using. It's more than just the Advertising ID.
You'll also get a sense for the collection Google does about your environment. (nearby wifi, GPS position, etc.) And more troublingly, the fact that these services still collect data even when the user sets them to "off." A couple excerpts:
-----
"It’s hard for an Android mobile user to “opt out” of location tracking. For example, on an Android device, even if a user turns off the Wi-Fi, the device’s location is still tracked via its Wi-Fi signal. To prevent such tracking,Wi-Fi scanning must be explicitly disabled in a separate user action, as shown in Figure 4."
"Google can ascertain with a high degree of confidence whether a user is still, walking, running, bicycling, or riding on a train or a car. It achieves this by tracking an Android mobile user’s location coordinates at frequent time intervals in combination with the data from onboard sensors (such as an accelerometer)on mobile phones.Figure 5 shows an example of such data communicated with the Google servers while the user was walking."
"Google records the time and GPS coordinates for every photo taken."
-----
Anyhow, the fact is that much of this data is collected whether the user is accessing the phone, or not.
It's a bit complicated, and disabling the Advertising ID may limit some tracking in a few cases, but despite this extraordinarily prolific tracking is still occurring. There's a lot more detail in the document and frankly, it feels a lot like Facebook's privacy invasion in that:
- It's possible to mitigate some of the tracking, although this is intentionally made unintuitive the user.
- Conversely, the user will never be able to prevent a large portion of the tracking, and will have no intuitive sense of what is being collected by google at any different time, and;
- The default values and the data tracked will change over time, and the user will have to try to stay educated with every update about what has changed.
"An AP investigation found that Google saves your location history even if you’ve paused “Location History” on mobile devices. This map shows where Princeton privacy researcher Gunes Acar travelled over several days, from data saved to his Google account despite “Location History” being off."
Sorry -- I missed the point of your question. I don't think individuals can just buy the data the same way a bounty hunter can simply buy cell tower tracker information on an individual basis.
I'm not very informed here, but I suspect those purchase arrangements are made by very large companies, and that by the time small companies or individuals are purchasing data it's been resold and transformed.
That does not help if you’ve identified yourself to the app. E.g. if you logged in via facebook, then any in app trackers can link your activity to your facebook account.
I recently installed a dating App that required authentication via Facebook or SMS. I chose SMS (because screw Facebook). But lo and behold, it turns out the App developer uses Facebook's SDK for the SMS verification anyway. And since FB has my phone number from the two factor scam [1] it pulled, it really made no difference.
This is relentless from Facebook. Consider the fact that they own WhatsApp, it is pretty much "no where to hide" scenario here even for folks who have no Facebook account. Jaque y mate.
Oh, how I wish WhatsApp was an independent company. I am sure Jan Koum and Brian Acton think so too [0], despite making billions off its sale.
I’m sure if they have to choose, they’ll still take the billions. No shame in that, but to pretend otherwise is silly. As if FB is pure evil and everyone else is amazing.
Oh they definitely are and they keep reminding/proving this every chance they get.
> everyone else is amazing
Trackers and advertisers have built a cancerous nexus that we cannot shake. We have every right to think they are the scum of the earth, and if they want to prove that they are not, they should give OUR data back to us. But they don't. Scum of the earth. No words will change this, only actions. I am happy with GDPR because those scums are finally paying the price for their actions. I am not in favor of companies closing and people losing their jobs. I am also not in favor for scums to ab-use MY data.
So it actually turns out that on Android if you opt out of ads personalisation, the app still sends the advertising ID, but also sends in the JSON "advertising_tracking_enabled: false", which is not so reassuring. See Privacy International's talk here: https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_...
Is there a way to check what trackers/libraries/"kits" an iOS app uses? I don't use many apps on my iPhone and most of them don't have background & location rights so I'm not that worried but would still like to know what they send back...
By installing their app, you can see the trackers for each app that you have installed. If you use Yalp store (an open source front-end for the Play Store), there is also a button to view trackers for each app.
Edit: just saw that you're on iOS. This is probably not allowed by Apple, so I guess there will be no alternative.
> Working on this. It is very tricky to do for iOS in an App Store compliant manner, but doable. Apple has already approved it.
This is very welcome news, please do a "Show HN" or post a link to the announcement when it's ready.
For now, before I install an iOS app I run the Exodus Privacy tool on the Android version and must assume the same trackers are present on both platforms. What is worse, Apple fail to label which apps contain ads in the store so I can't even tell which ones are adware before installing (apps with ads are clearly disclosed in Google Play).
You can grab the app’s IPA file with Apple Configurator and then crack it open to get a list. The binaries themselves will be encrypted, so you will not be able to introspect those, but you will get a good idea of which framework the app is using.
I'm moving towards simply having more devices, partitioning their uses. A decent tablet is a mere $50 (eg flo) and a good phone is a mere $100 (eg herolte).
It's easy enough to have eg two phones - a main one with FDroid only, and a secondary off-most-of-the-time one with YALP store convenience apps. Tablets you can diversify even harder because you don't have to carry them in your pocket.
So what? They can still track you across devices. Especially if they use some 3rd party ad SDK, which might use the Google advertising ID, or some other identifiers.
Modern tracking is fundamentally a product of executing hostile code on your own device. The idea is to never put apps that have built in or will otherwise facilitate surveillance on the more secure devices. This includes a javascript browser, due to its unwieldy attack surface.
Separate devices draw a line in the sand, rather than just accepting amorphous insecurity as inevitable. And then you can work on slowly moving your usage patterns away from the surveillance-foregone devices.
If you use them to connect to your home wifi then they show up on the internet with the same IP. It's very easy to connect separate devices to a single user.
I've moved more and more browsing to Tor. I have this HN account, a Reddit account, plus a few others. It's possible to do a large chunk of my browsing in Tor, though it's slow and sometimes pages render oddly without Javascript, so it's a bit annoying. But I like the feeling of not being tracked.
It's quite refreshing and works well, out of the box it runs js though unless you turn it off, a neat little reminder to use simpler sites and not support the popup/overlay hell that is the current web.
Since it's not yet mentionned, here's an alternative:
> The Librem 5 represents the opportunity for you to take back control and protect your private information, your digital life through free and open source software, open governance, and transparency
> As a social purpose company, Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the people—stand up for our digital rights, where you place the control of your data and your family’s data back where it belongs: in your own hands. Let’s declare, “We will no longer allow unfettered access to our photos, videos, email, text messages and application and usage data without our permission.”
on ios, if you have a pihole set up, you can use dnscloak[1] to block advertising and tracking servers. (alternatively you can use one of the servers listed in the app by default if you care to trust someone else's dns server.)
you can set it to 'connect on demand', ie always on mode, at the cost of a bit of battery (not enough for me to be bothered). it acts as a vpn but only for your dns queries. afaik this is the best single step privacy option on ios at the moment.
If you don’t trust the Pi-hole developers themselves, it isn’t too hard to build an equivalent setup with dnsmasq and your own configuration. Pi-hole does prioritize convenience over security in a number of ways so this isn’t an unreasonable choice.
All of your traffic, every single DNS query going thru a single unverified codebase off of github?
i mean i know regular folk are quite naive with tech.
but i hoped us tech people are less so.
You are Right, but XML should also Not be used, and what to consider as Configuration? Maven: Pom.xml as well?
JSON is neat, like to use it. Write your own parser to fix Tage issues you see.
But in the end: what Format do you propose for config files?
Holy crap yes! The number of coffee shops, etc I have stopped going to because the person behind the counter suddenly acted as if we were old friends...
With all that in mind, I’m curious how much of that data does Firebase, aka Google, share with all the rest of its services. Does enabling location tracking suddenly causes Firebase to report location data without our knowledge? Does enabling calendar access suddenly cause Firebase to read the calendar data on its own and report that, too? I’m not at all accusing Firebase of doing anything without knowledge and maybe it may be a “good citizen” with regards to how it manages and accesses (or doesn’t, even if it can) private data but I’m confident that that’s not the case with every third party tracker.