Companies are taking their cues from Facebook and now they're all in a race to build back-end data warehouses of information of individuals, while congress stays oblivious to the practice, and drops the ball on regulating and enforcing protection of privacy.
Because of how embedded mobile phones and cameras are into our lives now, the field for collection of personal data can give a company a huge database of information on anyone based on how they interact with their phones.
Even your phone and Alexa devices are literal microphones that can tap into your personal life at any given time. When this is combined with social media, email, photos and videos, and of course your browser history, anyone can be targeted at any time by these private companies for any reason.
Blackmail will be a likely result. Corporate espionage will also be a constant threat. The future is going to be wild, and we'll likely need to lock our phones up and have private conversations in rooms with no tech at all unless privacy invasion and surveillance is reigned in properly by Gov leadership around the world.
There is, in contrast, probably a fast growing pool of independent hackers and whistleblowers out there to counter these bad behaviors and practices by big corporate interests... The future is both interesting and scary citing all of this.
Forget government. China actually shows what all governments more or less publicly desire: Better and deeper control of their feared enemy: The population.
In fact, I think we are about to enter an era where our personal devices not only don't work exclusively for us but instead work explicitly against us. It will take a while for governments to gather some experience, but I won't be surprised when data gathering becomes mandatory.
Wouldn't it be great for instance, if police could just tap into Alexa's records to clarify a case of rape? Or throttle down your intelligent thermostat because you are wasting so much of our CO2 budget? Or stop your car because it already entered that particular city twice this year?
> we are about to enter an era where our personal devices not only don't work exclusively for us but instead work explicitly against us.
About to? LG smart TVs send filenames on connected storage devices back to LG, Google's phones by default (and until they were caught, even if you explicitly disabled it) send your location to Google for logging, that is then accessed by police with geofence warrants, printers add tracking dots to deanonymize you, Intel and AMD refuse to sell CPUs without their management engines (except to special customers), printers want "authorized" ink, and all of DRM is explicitly anti-user.
We are already firmly in that era, even if you ignore China.
I read somewhere that the latest iPhone uses either sonar or radar to detect room layouts and many other things now. It's crazy how we're actually paying for the very devices that monitor us and share information back to the companies that sold us the devices... I don't do anything illegal of course, but it's just wild to me that we now pay for our own "wire taps" without any real public transparency about it.
> China actually shows what all governments more or less publicly desire
I doubt China is the best example for what "governments desire". Many people of different kinds go into politics for different reasons, and i personally doubt controlling people is among the top ones. Enriching oneself, having power and reputation, fixing things, etc. seem to be more popular.
Bill Gates got his power by amazing wealth that buys the things and activities that he needs. He still magnifies that power by harnessing the latent power of money over people.
Politicians as a rule get most, or all, their power by getting themselves in a position where they can control people.
A distinction should always be made between the government and the elites who influence it to benefit their interests. Being a member of the elite doesn't preclude one of being a (high-ranking) member of the government, or becoming a member of elite that way.
There is usually a lot more accountability for corruption in being a government official than a private citizen in collecting and controlling private information. There is a lot more illicit profit in being corrupt as a private citizen than in being a government official who collects and holds private information.
This is why the government is the only one that should be authorized to hold LIMITED private information. Somehow it's mis-construed to private individuals and companies collecting UNLIMITED personal data on everyone. Strange times.
>Forget government. China actually shows what all governments more or less publicly desire: Better and deeper control of their feared enemy: The population.
After the uprising of the 17th of June
The Secretary of the Writers' Union
Had leaflets distributed on the Stalinallee
Stating that the people
Had forfeited the confidence of the government
And could only win it back
By increased work quotas.
Would it not in that case be simpler for the government
I've been watching a French show Bureau which has a lot of hacking/spying technobabble, but as far as those things go I think it has some interesting actually plausible things.
- Locate a phone using discovery data from nearby Bluetooth devices under adversary's control
- Track/access a turned-off phone via a secondary battery-powered GPS module (or similar, like in new iPhones)
- Localize nearby phones via IMSI catchers
The main implausible line of plot devices there are the ability to access any target device at will, just a matter of time/effort. This alludes to organizations having access to zero-day exploits but that's still very unlikely to work against a random phone.
Pegasus says hi??? Literally accessing any phone is just a matter of knowing it's phone number and paying NSO Group and its ever-constant cache of 0 click remote 0days.
> Companies are taking their cues from Facebook and now they're all in a race to build back-end data warehouses of information of individuals (...)
The current state of affairs can be explained without dragging Facebook or other bogeymen into the picture. The inception of A/B testing, business metrics, and even crash analytics on applications deployed to devices that are always on is prime ground to emit tons of metrics regarding anything the application/device does.
Even though I agree that this state of affairs goes against the users' best interests, there's no need to refer to bogeymen to explain why apps phone home.
Common diagnostic info primarily reports on the device's status, there aren't many privacy concerns in that past transgression.
What I'm worried about is the practice of device reporting done on individual user behaviors unrelated to device operation, which previously required careful measures to not report in software-based monitoring. Rules exist within the US government to protect Personally Identifiable Information, but somehow now not within private companies like FaceBook?
Now that real-time connectivity and information is available, companies have access to data (well beyond what even most governments can collect) that can easily be weaponized against individuals, or even compromised by hackers or less-ethical companies and then also weaponized against individuals or groups in ways no-one has even thought about yet...
"Boogeymen" is perhaps an improper name because they don't even know the devastating impacts that this personal data collection trend will lead to into the future... "Incompetent Egoists" and "Ignorant God Complex" are probably better terms to use in describing the individuals involved in implementing this type of reckless societal behavior monitoring.
So are there any privacy friendly phones outside of Apple’s ecosystem? I have been hoping someone would make a premium Android phone that is ungoogled and doesn’t play these games. Right now I have to choose between Apple’s tightly controlled walled garden and Android phones that are more open but not privacy friendly.
There was that post a few days ago about Apples massive profit margins in the mobile phone space, which just seems to reinforce what this study is saying. Am watching the Pinephone space with massive hope for the future, though there is not much there for the present moment.
The beauty of Android is that you can usually install a more privacy focused OS if you want to. Besides that, there's the Android One program, which comes with the Google stuff and some related tracking inside it, but that's about it and it's probably on a similar level to Apple's tracking. And the rest depends on the apps you install, at least on Android there's F-Droid for FOSS apps only.
I haven’t owned an Android phone in a long while; but, back when I did, the phones I liked, the ones with very long battery lives, were not rootable and I couldn’t replace the OS.
Has that changed or can you replace the OS in all phones, now?
Maybe it depends on the country, but afaik, at least in the EU every phone is rootable. Some manufacturers impose restrictions ( e.g. for Xiaomi you need an account with them and have a maximum number per day of bootloader unlocks, supposedly to fight against third parties mass selling their hardware with extra crap/mal ware), and some app vendors may refuse to work on your rooted phone ( e.g. some banks), but that's it.
Huaweis have all had locked bootloaders for a while now, this us not an eu thing. Mosz vendors saw it as necessary evil to get the nerds on board I guess, but now with google locking down upstream aosp more and more that becomes less of a concern.
There's no good out-of-the-box privacy-friendly phone, but you can install a friendly OS on some devices.
Besides the article-mentioned /e/OS, there's also CalyxOS and GrapheneOS. GrapheneOS is seen as the top choice for tightest security, but also comes with the most downsides, being less compatibility with all your favorite apps, slower performance, lack of JIT compilation abilities (because it's unsafe), and, ironically, is completely limited to Google Pixel devices, which happen to have a black box "Titan" security chip that Google promised to open up but never did.
Why they think this unknown chip somehow makes the device more secure, I'll never know.
GrapheneOS and CalyxOS might have slightly less tracking, but are similarly anti-User as they do not grant any higher-level access to the user (root for example), and similarly enforce app authors' arbitrary restrictions against the user. All under the guise of "security".
Giving the user root access to the phone is one of the worst ideas you could possibly do with regards to security, which is why it's not possible. It's anti-user because the user is a huge source of information leakage and that's what the project is trying to protect, your information.
GrapheneOS also requires a lockable bootloader, because that is another attack vector. Malicious software could alter or downgrade the bootloader and load different software that could then spy on your device or read its contents.
Yet user-friendly Android options routinely tout features like "root access" and "unlocked bootloader" (LineageOS even requires it stay unlocked!)... but in reality these are enormous security holes that should not be there in the first place.
Just like how on the desktop... booting from recovery software or into a "single user mode" practically washes away all security and lets you access all the data. Besides encryption, things like Secure Boot and Mandatory Access Control should be used a lot more often to protect our data, but today unfortunately it is mostly relegated to mobile devices.
Single-user mode is clearly not what is happening with root. It's not like any app just can elevate to root, there's always a request requiring authorization, just like account elevation on windows and sudo on Linux. This is not idiot-proof, but if you view your users as idiots, that's telling... About the bootloader: root does not require secure boot off, if (!) root is built into the rom in the first place. In this case it still protects against many attacks. FS encryption protects against many of the remaining attacks.
Lineageos does not offer root anyway, so that cannot be the reason it doesn't have secure boot. Its probably just that they do not have that focus on pixel, and other bootloaders don't support relocking security for custom roms.
The "guise of security"? You clearly don't understand the implications of the root account, and why it's a bad idea to give any app on your phone the potential to have that kind of power
Security cannot exist in vacuum, it always refers to a threat. That security you speak of is the security of apps against "attacks" by the user. This fight should take place on the app's backend, not the user's phone. The phone should be a user's agent, not an idiot-proof tool of oppression.
I have a realme phone and I'm using nextdns. Yep, this phone has quite a but of telemetry in it targeted at several oppo domains, but I just block them all on the dns level, problem solved?
Besides the privacy problems, this also means that they use your bundle to transmit data, it is a form of theft if one is not compensated. I wonder if that can be a narrative to sue them for it.
Because of how embedded mobile phones and cameras are into our lives now, the field for collection of personal data can give a company a huge database of information on anyone based on how they interact with their phones.
Even your phone and Alexa devices are literal microphones that can tap into your personal life at any given time. When this is combined with social media, email, photos and videos, and of course your browser history, anyone can be targeted at any time by these private companies for any reason.
Blackmail will be a likely result. Corporate espionage will also be a constant threat. The future is going to be wild, and we'll likely need to lock our phones up and have private conversations in rooms with no tech at all unless privacy invasion and surveillance is reigned in properly by Gov leadership around the world.
There is, in contrast, probably a fast growing pool of independent hackers and whistleblowers out there to counter these bad behaviors and practices by big corporate interests... The future is both interesting and scary citing all of this.