I recently read about a study that tracked how much iOS and Android phones phone home. The abstract says it all (emphasis mine):
We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this . When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.
I was inspired to write a post about this topic (and the OpenSnitch project), which you can check out in the link below.
Note in the Ars Technica article, a Google representative states this quote:
On background (meaning Ars isn’t permitted to name or quote the spokesperson), the representative said that it’s inaccurate to say that a user can opt out of all telemetry data collection by the Google OS. The Android Usage and Diagnostics checkbox doesn’t cover telemetry data that Google considers essential for the device to operate normally. Telemetry information collected by the Device Configuration service, for instance, is required for updating and patching the OS.
Their stance is no different from Microsoft’s Windows 10, even on Enterprise versions such as LTSC (Long-Term Servicing Channel), or Pro Education. Microsoft still collects telemetry regardless of whichever Windows 10 version used, and as a result there has been an active movement in the piracy scene where LTSC is highly regarded as the “best” version, due to reduced telemetry and less features. See a relevant article below:
Apple’s statement on Ars Technica is below:
An Apple spokesperson also spoke on the condition it be background. The spokesperson said that Apple provides transparency and control for personal information it collects, that the report gets things wrong, that Apple offers privacy protections that prevent Apple from tracking user locations, and that Apple informs users about the collection of location-related data.
Notably, they have neglected to share how one would obtain control for personal information iOS collects, they have not bothered to specify what or where the report got wrong, and how one would validate their claims, if they had any to begin with. As for privacy protections, again, they did not provide information as to how one can utilize that to protect one’s data, and lastly, while informing users about collection of data is an important step, that does not signify that one’s data is able to be opt-out. Especially missing is that point alone. Their stance is reflected on @Kyle_Rankin’s earlier post about implicitly trusting Apple for security, located below:
Thanks for the PDF, reminds me of this study from 2018 that found similar results; glad to see another (and recent) study, especially if it helps gain traction to alternatives given the current level of privacy concern among populations as a whole. On the recent study I like how the listed examples with the highlighted contents, made things easy to spot while reading.
I have another question on this article of @Kyle_Rankin
So you write that firefox is snitching on us. No problem to admit that. But what is the solution? I can not even use firefox-esr because of the need to use Jitsi. So I use firefox (I think only version >82 work with Jitsi) or Chromium. So my questions comes down to this:
What is the correct (privacy-wise) way to browse the web, and how to access Jitsi?
I have been refusing to use zoom. If I can not access Jitsi during the covid pandemic then there is not a descent solution(?)
My goal is to package up a separate package full of reasonable default rules that would exist alongside the opensnitch package, when we get it packaged for PureOS. It would work similar to how firejail does it. There is a base firejail package and an add-on package that adds firejail profiles for common applications.
I wouldn’t want to roll my rules into the main opensnitch package because an individual might have a different opinion on how strict or relaxed the rules should be.
Hey Kyle, thanks for the writing!
I think a lot of us already with the phone would appreciate to be able to reproduce your steps and run it in the current possible state, do you think you could share the steps you followed to run opensnitch? just tried with the 1.2 arm64 deb packages but didn’t work out.
The official releases are back on the evilsocket repository:
I pulled down the 1.3.6 arm64 packages, installed any dependencies they needed, and then installed the debs manually. Note that when you install the opensnitch_ui package, it will build some python libraries by hand (which is for cross-distro compatibility but HEAVILY frowned upon by Debian maintainers). Because when you turn off the screen, the Librem 5 clocks its RAM down drastically, and because building these python libraries is incredibly resource intensive, I highly recommend leaving your screen on throughout the whole process. I’ve noticed loads up into the 15-20 range when building these libraries. If for some reason things seem to freeze, you can forcefully halt the phone and try again after a reboot and it should complete.
Our goal is to have a version of the UI package that doesn’t have this pip install as part of the post-install script.
[Edited to add] This pip install is a one-time thing. After you get through it, those libraries are on the system so any future upgrades of the python UI package will be fast.
“track”, tracking, trackers… all very polite terms that whitewash what it is. Tracking follows us from one place to another. Stalking, stalk, stalkers follow us from one place to another with INTENT. If the INTENT is considered ‘stalking’ by the person, then a charge is laid - - - but only to individuals. Corporations and governments have made certain they are immune to such charges.
SMIRC, is used to Stalk the device, Monitor the devices locations, data exchanges, network and with whom including financial transactions (receipts), and to Inject more stalkers, then Record everything for storage and analysis in order to Control, the person with the device.
If one cannot convince government and/or corporations to do the right thing, then embarrass them into acting responsibly. Call it what it is SMIRC !
When we are too afraid to speak the truth, then they have won,
A good movie for it’s time.
IMHO - unfortunately, this is real life with real thieves in a world full of myopic megalomaniacs taking what they want and pimping out our rights to privacy.
If it keeps up, too many country governments will start, as already implied by the 'Mericans, to reign in the top 3 miscreants; Google, Facebook and Twitter.
If people don’t want a voice, refuse to be heard, and want to be lead by the nose, they’ll let government continue to control what one can and cannot say.
There are alternatives of course, but many of the Facebook and Google wannabes are already censoring anything that possibly might could be seen as a phobia or might possibly perhaps offend even one person.
Hope I haven’t t offended you or anyone reading this as it was never my intention and to be ahead of how the celebrities handle it, I’ll apologize in advance, not later (for the headline) for anything I may have said that might deliberately be taken out of context to be used against me in the Courts of Social Media.