> Decline location-sharing or at the very least restrict it to only when the app is open
These seem obvious but I guess need repeating. The last one is only an option for Android 10+ users which apparently only account for ~25% of Android devices out there. So 75% of Android users can't even do this yet. Not sure about iOS but I know they've had it longer at least.
> Reset you phone’s Advertising ID
This one I personally was not aware of
> Don't use iOS and Android's FindMy or FindMyDevice features
What happens if I lose my phone though? I wonder what the numbers are on people who have successfully retrieved their phone using these compared to people who can see where their phones are but never got it back.
> consider using a trusted VPN provider.
I clicked on their link and just skipped straight to their "Advanced User" recommendation, because this is HN, and they recommend Mullvad. Curious to see what HN users think of that one.
I met one of the founders/owners of mullvad at CCC in Germany over 8 years ago.
I gotta say, I've never met someone so happy to talk about how unbelievably paranoid they are about security and how much effort went into not only protecting the VPN endpoints themselves but the team's devices so they can't be used as a point of compromise. Wasn't a sales pitch, just a multi hour long discussion around privacy and tech that enables it.
I learnt a lot from that dude and have been using mullvad for years since since it's the only VPN provider I've ever personally met.
Oh yeah, decent speeds etc as well :P
> and they recommend Mullvad. Curious to see what HN users think of that one.
There is no signup information when creating an account, and one of the payment options is "cash in an envelope". Even if they're lying and do keep logs, it's as disconnected from your identity as I think is possible (assuming you do use that payment option instead of the others).
one of the payment options is "cash in an envelope"
I was intrigued by this line in your post, and it turns out it's true. I'm not all that paranoid, but I kinda like that idea.
Also, right now there's a caveat about it:
"Cash payments are delayed due to corona
6 May 2020 NEWS
If sending cash is your preferred method for topping up your Mullvad VPN account, please plan ahead. The coronavirus is causing delays in postal delivery.
To avoid being stuck with no time on your account, send your payment well in advance. Mail coming from the US is taking four weeks longer than usual, and even post from countries in southern Europe and England are delayed."
I recommended Mozilla VPN to my dad due to the clear simple Mozilla user interface, known (to him) and trusted brand, and accessible documentation and explainations. Other than that they use the same servers as far as I can tell.
If you are truly security paranoid, you write it off and get a new one. It will hopefully be secure enough that whoever got it won't be able to access it because they lack the passcodes, biometrics and bluetooth 2fa tokens you use to unlock it. If the cost of this scares you, perhaps the NSA/Mossad/whatever should not be in your threat model.
Years ago now, living in the US Virgin Islands, while drunk, I left the Ritz (great beach and bar) and requested that they get me a cab to my usual local bar that was stumbling distance to home. Upon arrival I realized I didn’t have my phone.
I’d left my laptop at the office, so I ran back there and used Find My iPhone. It was moving, so I assumed it was in the cab I’d been in. I locked it, added a display message, and used the office phone to call the Ritz and tell them... they called the cab company, and within 10 minutes the phone was back at the Ritz.
I’m positive that this was only because I’d used the cab company the Ritz contracts with and their drivers are terrified of losing a lucrative job, but it was a successful recovery in a territory not known for honesty.
Had I not had FMI enabled I probably wouldn’t have connected the dots, assumed I’d lost it on the beach, and lost my phone forever. As it was, I got my phone back and it only cost me an extra cab ride. I’ll never turn off FMI again, though.
Completely anecdotal, but my point is the system can actually work. At the very least I can lock the device and wipe its data.
Even when you turn off all that stuff, shit like iBeacon still makes you locally trackable. Try installing the apple store app for example, turning off everything and walking into a physical apple store, you'll still get an iBeacon induced notification on your phone from that app.
There is no way to turn off iBeacon tracking on iPhones.
At this point you need to walk around with a faraday cage evidence bag to not have your phone stop fucking transmitting & receiving radio waves.
Isn’t iBeacon a passive technology, though? I don’t think the beacons are listening for any incoming client connection, they just blindly broadcast their identifier (UUID+major+minor IDs). Unless you are assuming an app might store the beacon IDs and then report back via the Internet.
I think the turning off FindMy one really depends on where you fall on the security-usability spectrum. For example if you want to truly harden your Mac there is a ton of steps you can take, but they get gradually more intrusive to the experience of actually using the system: https://github.com/drduh/macOS-Security-and-Privacy-Guide
I wonder what the numbers are on people who have successfully retrieved their phone using these compared to people who can see where their phones are but never got it back.
When my wife got her iPhone stolen in Rome, we were able to use the Find My Friends feature to watch it move across the country, and eventually end up in Tunisia. This was before you could remotely wipe an iPhone, so there was nothing I could do other than send angry text messages to whomever stole it.
> I clicked on their link and just skipped straight to their "Advanced User" recommendation, because this is HN, and they recommend Mullvad. Curious to see what HN users think of that one.
They're the best VPN provider, hands down. They offer the best privacy protections of any provider at a very reasonable price, and the service itself is excellent.
If you lose your phone, you lose your phone. I've personally done this before, but since I have a secondary low-end device for such contingiencies, it wasn't so much a problem. It does require some preparation, though.
The find your phone is nice, but not necessary. Especially the hassle of getting it back if it's been stolen. First - don't keep nudes on your phone. . .
Then just add your contacts and other files from your phone to a monthly/weekly (depending on your personal preference) backup schedule.
I have all of my home data set to backup automatically monthly. I just make sure my phone is plugged into my desktop the last Saturday of the month. Problem solved.
> Turn on Airplane Mode
> Decline location-sharing or at the very least restrict it to only when the app is open
These seem obvious but I guess need repeating. The last one is only an option for Android 10+ users which apparently only account for ~25% of Android devices out there. So 75% of Android users can't even do this yet. Not sure about iOS but I know they've had it longer at least.
> Reset you phone’s Advertising ID
This one I personally was not aware of
> Don't use iOS and Android's FindMy or FindMyDevice features
What happens if I lose my phone though? I wonder what the numbers are on people who have successfully retrieved their phone using these compared to people who can see where their phones are but never got it back.
> consider using a trusted VPN provider.
I clicked on their link and just skipped straight to their "Advanced User" recommendation, because this is HN, and they recommend Mullvad. Curious to see what HN users think of that one.
https://gs.statcounter.com/os-version-market-share/android
https://source.android.com/devices/tech/config/tristate-perm...
https://mullvad.net/en/