> Another tracker which cannot be removed once created is the Google Android ID, a device identifier that's linked to a user's Google account and created after the first connection made to the device by Google Play Services.
If it takes research by a leading academic to uncover this device behavior then what hope is there for us mere morals who don't want their identity to be tracked and traded?
Is it impossible to use a smart phone with strict privacy, or just very difficult?
It's not hard for you mere mortals to figure out that all software from the company that tracks you is going to track you. If your privacy requirements are so strict that you can't permit any information to flow back to Google, consider GraphineOS or any other degoogled rom. This isn't a hard thing to do.
For what it's worth, I disagree with a number of the most important conclusions the author makes in the paper.
It's not really about my privacy requirements, but about living in a society where someone can investigate and organize against the powerful, without their own computers/phones/cars immediately ratting them out, and without needing a team of security experts.
Though the line for when lack of privacy starts to hurt us is much lower than people think, like Doordash stealing tips from their workers, that in a privacy-respecting society Doordash wouldn't even know about: https://news.ycombinator.com/item?id=43040984
Doesn't GrapheneOS only support Google Phones? Do we know everything that's running on a Pixel? At a minimum there's an unknown Qualcomm RTOS running the baseband.
>and you think the Qualcomm RTOS can do what exactly?
Well that's the point, it's a black box so there's no telling what it can and can't do. There's what Qualcomm says it can do, and then there's what it can do.
Then that's a really weak point. There's a lot of things we know it can't do. It can't break the encryption between software, and remote servers.
It also can't cause the phone to levitate. It also can't recharge my battery.
As a rule, I don't worry unlikely hypotheticals, because doing so is a needless denial of service on my brain. Saying it's a blackbox is true, but that doesn't mean you get to invent random things to worry about, without direct evidence it's connected to the specific device we're discussing.
But do think I should at least try to meet you half way, so maybe I can preempt a few things that used to be true or possible. The baseband also can't install software into my android OS. It also can't directly read memory from my phone. It can't directly control my phone's bootup.
These are things poorly designed phones used to be able to do, that aren't possible on the Pixel line of hardware because it was designed to prevent them. That's why GraphineOS targets the pixel line. Because it's hardware is designed in a way to enable a secure device.
>Saying it's a blackbox is true, but that doesn't mean you get to invent random things to worry about, without direct evidence it's connected to the specific device we're discussing.
True, but the corollary is that you also can't say it's not doing certain things. Just because you currently don't have evidence of something happening does not rule out the possibility, but I must admit I am ignorant about the specifics of how the Pixel's RTOS is implemented.
So I'm genuinely inquiring: Could it be sending your GPS location to some entity without notifying the GPOS?
> So I'm genuinely inquiring: Could it be sending your GPS location to some entity without notifying the GPOS?
With very low confidence, I believe for chips that put GPS on the baseband, yes it can because that's required for E911. (I don't know what the pixel line does) Can it then transmit that location using the baseband without you being able to tell? I would assume so, and that's a case where it's safe to assume it can.
Unfortunately, that doesn't matter much. Your location is also trivially known by your ISP by triangulating connection strength. Often this can be more accurate than GPS in many real cases. The threat/risk that's able to compromise the baseband SoC, is more easily able to compromise your ISP. And thus the phone simply existing is a risk to location privacy, given a perfectly secure ideal baseband SoC.
Can that be used to uniquely identify you, and correlate it with your other actions. That's not really a question I'm prepared to answer in a HN comment (because I have to draw that line somewhere for my own limited sanity), so.... specifically yes, but generally, no. That is to say, it is possible given sufficient resources. But it's non-trivial to do in bulk. And there are many many easier and cheaper ways, so https://xkcd.com/538/ applies here too.
Even when you carry a dumb phone, your cellular carrier tracks your location via cell tower triangulation.
It's less accurate than GPS, but constant.
> The FCC said it found the carriers each sold access to its customers’ location information to ‘aggregators,’ who then resold access to the information to third-party location-based service providers.
Yes except they only have your location and that may not be acceptable to some. Google on the otherhand has much more than just your location - everything you look at, everything you buy, every email/text conversation
It might be that our only choice is something like the Librem 5 phone.
Disclaimer: I have a Librem 5 but don't use it. I use GrapheneOS on a Pixel.
GrapheneOS isn't supposed to be for privacy though, as they focus on security instead. I don't think it would be too much to ask for a little help on the privacy front, but that might be ignorant of me.
Smartphone isn't really even a device category, it's a legal category. I barely ever use my phone as a phone; I don't talk on it, I type on it and tap on it; it's just a computer and an access point to networks.
But it's a special kind of computer where all the laws are different, I have different rights when I'm near it or using it, and I am in constant battle with the companies that sold the phone to me to 1) try to keep my life as private as I can and 2) not pay them a commission on things I buy.
But what can I say about my phone that I couldn't now say about my TV, or my car?
This will never become less dangerous, this will become increasingly more dangerous.
What makes you believe it is pushed by government (and which government?) and why do you think that government wants to collect private info of everybody without letting them know and is there any evidence for it?
Sorry for all these questions, but without them answered your claim sounds like a conspiracy theory.
in my country there are plenty of critical services you basically can't access without mobile apps. e.g. interacting with medical services, and official personal id app.
One project strongly resembling this was called NTIS, the National Strategy for Trusted Identities in Cyberspace, detailed in a 2011 O'Reilly Radar piece by Alex Howard, now only available via archive:
"A Manhattan Project for online identity: A look at the White House's National Strategy for Trusted Identities in Cyberspace"
The NSTIC proposes the creation of an "identity ecosystem" online, "where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities." The strategy puts government in the role of a convener, verifying and certifying identity providers in a trust framework.
I'd learned about this in 2018/19 as Google+ was shutting down, through a Search Engine Journal piece (leveraging Howard's earlier article heavily), similarly only available as an archive, with the original article substituted in place with another at the same URL. This one by Kristine Schachinger:
"In Memoriam: The Rise, Fall & Death of Google Plus"
...Google was only going to be one of many identity service providers for a program run by the Federal Government called the NSTIC, or National Strategy for Trusted Identities in Cyberspace....
I'll note that neither article makes a direct link to mobile phones / smartphones, but clearly as those became widespread and individually identified with a single person for the most part, use of phone numbers as unique identifiers became widespread. Indeed, on Google+, over four billion accounts were eventually compiled, those being automatically granted to every registered Android device through about 2016 (the practice stopped about then). Google increasingly required phone numbers for account registration and recovery, "bribing" G+ members with "vanity" account names if they'd supply same.[1] The use of phone numbers as account validation tokens on numerous other services is now widespread.
________________________________
Notes:
1. I resisted the bait. Ironically, the vanity names couldn't be mapped back to the 20-ish digit UUID that otherwise identified accounts, and those who did make use of the nonnumeric IDs were largely excluded from archival efforts to save G+ content when the service shut down in 2019. I managed to create at least two backups of my own (non-vain) content, for what that's worth.
It is a conspiracy theory. My theory is that big tech and government collaborate to surveil us all, sometimes willingly, sometimes openly.
All governments at all levels. Ever see a government service, office, or bureau talk of an app or show a QR code? That is a carrot for those who already use and stick for those who don't. Sometimes there is a paper form you can get and sometimes not. Do you recall all those covid apps?
Why? Because the government desires to know, for a variety of reasons. The US so they can watch your small payments. Europe so they can watch your speech and carbon footprint. Used to be so they could track you if you had a 1% deadly disease.
[EDIT] Evidence? Snowden's leaks and what I mentioned already
It's also a surveillance device in its design. The mechanism of it is to connect to one or more third-party-owned towers to bidirectionally transpond data. By the nature of the machine, calculating roughly where the machine is every time it transponds is very straightforward.
"I want to send and receive messages from you but you're not allowed to know anything about me" is, at first pass, a tall order. We can sort of get that from the postal system and very little else in terms of communications technologies (and even then, if you screw with the network the postal service in the US is empowered federally to hunt you down).
Switching to an alternative on Android, like GrapheneOS or CalyxOS, can help you regain some of the privacy you've lost. If you are an Apple user, good luck.
I think a lot of non-technical users really don’t understand the distinction between how the OS vs. how any given app can spy on you. Even in technical circles, this issue gets confused. Is Android or iOS better for privacy? Well, modern Android (arguably) gives you better privacy controls for apps, however Android OS itself performs an order of magnitude more spying that iOS does.
This[1] is a paper that shows what each operating system tracks and what security model they use. Android generally tracks more and has less effective sandboxing.
The paper you linked is absolutely trash. The actual "meat" of the article is only two pages, and contains nothing of substance, presumably because the authors themselves admit it's "secondary research where we have collected the data from IEEE Xplore and Wikipedia". It also contains some hilariously bad takes like that Android "is not fully stable because as android is free ware". As for the claim that it has less effective sandboxing, that's just a claim taken at face value from an article from 2014 and is no way indicative of how secure iOS or Android is today.
I wonder why you are being downvoted. The abstract of that paper alone doesn't make me confident that the authors know what they are talking about:
Abstract - Mobile operating system is a light weight
operating which is used in mobile device. Some operating
systems have additional features like sensor embedding
and also OTG. In this paper we are going to compare
between android and iPhone Operating System (iOS)
mobile operating systems that available in the market
which is more specific various issues. The issues which we
are going to discuss in this paper is not only concern to
mobile customers but also concern to software developers.
The security requirements for MOS are Memory
Randomization, Encryption, Data Storage Format and
Built-in Antivirus. Memory randomization ensures that the
memory regions of mobile application as well as system
shared libraries are all randomized at device and
application start-up. In this paper we want compare and
analyse the operating system of the Android and iOS.
There's a significant amount of guesswork in this Register article. PCC[0] is an example of on-device compute being done in a way to ensure Google (and others) don't see certain kinds of data.
I’m ready for a third operating system, not tied to an advertising company, where you have root access to inspect them system, revenue is generated through OS refreshes and SDK licensure.
To this day, I can’t believe that an _operating system _ has provisions in it for advertising.
Linux? You won't have all your apps (unless you get Waydroid working, but that itself relies on an Android image), but it does work well enough that some people daily-drive it.
Can anyone ELI5 what the situation with the Android ID is when no Google account has ever been created, and all app installs are through an alternative store interface, whether a front-end to Google Play (e.g., Aurora) or a freestanding store (e.g., FDroid)?
One could contrast, say, the etiquette and tech of the Fediverse.
... even then, I question if the rhetoric matches the reality. Many users of Mastodon, for instance, will decry the harvesting of data or creation of search engines, then run what is essentially an open relay of every post their users create to any other node that purports to be a legit Mastodon instance. The organic growth goal conflicts with the data-control goal.
When your technology's operation doesn't match the rhetoric, which is it?
No. Silicon Valley as a whole. There are no good guy tech companies because if they were they would be out of business. If there are, let me know because I want to work for them.
Recently, I thought Maps was the app that tracks me everywhere I go.
I put Maps in Incognito mode just as an attempt to disable it, but guess what?
It still tracked me all the time. The only difference Incognito made was not remember my search history
Yes, "Incognito" largely only removes local activity history, doing little if anything to disable remote tracking. Though there's some (very slight) advantage in having cookies and the like be made temporary. Access to other identifiers, including Google's ad identity and device-specific identifiers is probably still available. (I'm hazy on this and the situation changes, though at a ground level capacity-to-track largely remains intact over time).
> Another tracker which cannot be removed once created is the Google Android ID, a device identifier that's linked to a user's Google account and created after the first connection made to the device by Google Play Services.
The Android ID isn't actually unique anymore. Every app you install will see a different Android ID. https://android-developers.googleblog.com/2017/04/changes-to...
That stops apps tracking you, it doesn't stop Google tracking you.
A new ID for every app doesn’t mean it’s not unique.
What if you have multiple google accounts?
If it takes research by a leading academic to uncover this device behavior then what hope is there for us mere morals who don't want their identity to be tracked and traded?
Is it impossible to use a smart phone with strict privacy, or just very difficult?
It's not hard for you mere mortals to figure out that all software from the company that tracks you is going to track you. If your privacy requirements are so strict that you can't permit any information to flow back to Google, consider GraphineOS or any other degoogled rom. This isn't a hard thing to do.
For what it's worth, I disagree with a number of the most important conclusions the author makes in the paper.
> If your privacy requirements are so strict
It's not really about my privacy requirements, but about living in a society where someone can investigate and organize against the powerful, without their own computers/phones/cars immediately ratting them out, and without needing a team of security experts.
Though the line for when lack of privacy starts to hurt us is much lower than people think, like Doordash stealing tips from their workers, that in a privacy-respecting society Doordash wouldn't even know about: https://news.ycombinator.com/item?id=43040984
Doesn't GrapheneOS only support Google Phones? Do we know everything that's running on a Pixel? At a minimum there's an unknown Qualcomm RTOS running the baseband.
GraphineOS only target's phones with better than average hardware security, yes
and you think the Qualcomm RTOS can do what exactly?
> Do we know everything that's running on a Pixel?
did you mean hardware, or software?
>and you think the Qualcomm RTOS can do what exactly?
Well that's the point, it's a black box so there's no telling what it can and can't do. There's what Qualcomm says it can do, and then there's what it can do.
Then that's a really weak point. There's a lot of things we know it can't do. It can't break the encryption between software, and remote servers.
It also can't cause the phone to levitate. It also can't recharge my battery.
As a rule, I don't worry unlikely hypotheticals, because doing so is a needless denial of service on my brain. Saying it's a blackbox is true, but that doesn't mean you get to invent random things to worry about, without direct evidence it's connected to the specific device we're discussing.
But do think I should at least try to meet you half way, so maybe I can preempt a few things that used to be true or possible. The baseband also can't install software into my android OS. It also can't directly read memory from my phone. It can't directly control my phone's bootup.
These are things poorly designed phones used to be able to do, that aren't possible on the Pixel line of hardware because it was designed to prevent them. That's why GraphineOS targets the pixel line. Because it's hardware is designed in a way to enable a secure device.
>Saying it's a blackbox is true, but that doesn't mean you get to invent random things to worry about, without direct evidence it's connected to the specific device we're discussing.
True, but the corollary is that you also can't say it's not doing certain things. Just because you currently don't have evidence of something happening does not rule out the possibility, but I must admit I am ignorant about the specifics of how the Pixel's RTOS is implemented.
So I'm genuinely inquiring: Could it be sending your GPS location to some entity without notifying the GPOS?
> So I'm genuinely inquiring: Could it be sending your GPS location to some entity without notifying the GPOS?
With very low confidence, I believe for chips that put GPS on the baseband, yes it can because that's required for E911. (I don't know what the pixel line does) Can it then transmit that location using the baseband without you being able to tell? I would assume so, and that's a case where it's safe to assume it can.
Unfortunately, that doesn't matter much. Your location is also trivially known by your ISP by triangulating connection strength. Often this can be more accurate than GPS in many real cases. The threat/risk that's able to compromise the baseband SoC, is more easily able to compromise your ISP. And thus the phone simply existing is a risk to location privacy, given a perfectly secure ideal baseband SoC.
Can that be used to uniquely identify you, and correlate it with your other actions. That's not really a question I'm prepared to answer in a HN comment (because I have to draw that line somewhere for my own limited sanity), so.... specifically yes, but generally, no. That is to say, it is possible given sufficient resources. But it's non-trivial to do in bulk. And there are many many easier and cheaper ways, so https://xkcd.com/538/ applies here too.
How about not buying into the Google/Microsoft/Apple/Samsung/etc ecosystem?
Even when you carry a dumb phone, your cellular carrier tracks your location via cell tower triangulation.
It's less accurate than GPS, but constant.
> The FCC said it found the carriers each sold access to its customers’ location information to ‘aggregators,’ who then resold access to the information to third-party location-based service providers.
https://krebsonsecurity.com/2024/04/fcc-fines-major-u-s-wire...
Yes except they only have your location and that may not be acceptable to some. Google on the otherhand has much more than just your location - everything you look at, everything you buy, every email/text conversation
You don't leave a leak in a boat unplugged just because it's not the only one.
It might be that our only choice is something like the Librem 5 phone.
Disclaimer: I have a Librem 5 but don't use it. I use GrapheneOS on a Pixel.
GrapheneOS isn't supposed to be for privacy though, as they focus on security instead. I don't think it would be too much to ask for a little help on the privacy front, but that might be ignorant of me.
Install a custom Rom, and don't install google apps. If you need some functionality from google play services, there's microg.
> Is it impossible to use a smart phone with strict privacy?
Yes. It is a surveillance device pushed by government for this reason.
Smartphone isn't really even a device category, it's a legal category. I barely ever use my phone as a phone; I don't talk on it, I type on it and tap on it; it's just a computer and an access point to networks.
But it's a special kind of computer where all the laws are different, I have different rights when I'm near it or using it, and I am in constant battle with the companies that sold the phone to me to 1) try to keep my life as private as I can and 2) not pay them a commission on things I buy.
But what can I say about my phone that I couldn't now say about my TV, or my car?
This will never become less dangerous, this will become increasingly more dangerous.
What makes you believe it is pushed by government (and which government?) and why do you think that government wants to collect private info of everybody without letting them know and is there any evidence for it?
Sorry for all these questions, but without them answered your claim sounds like a conspiracy theory.
in my country there are plenty of critical services you basically can't access without mobile apps. e.g. interacting with medical services, and official personal id app.
One project strongly resembling this was called NTIS, the National Strategy for Trusted Identities in Cyberspace, detailed in a 2011 O'Reilly Radar piece by Alex Howard, now only available via archive:
"A Manhattan Project for online identity: A look at the White House's National Strategy for Trusted Identities in Cyberspace"
<https://web.archive.org/web/20110506083805/http://radar.orei...>
In part:
The NSTIC proposes the creation of an "identity ecosystem" online, "where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities." The strategy puts government in the role of a convener, verifying and certifying identity providers in a trust framework.
I'd learned about this in 2018/19 as Google+ was shutting down, through a Search Engine Journal piece (leveraging Howard's earlier article heavily), similarly only available as an archive, with the original article substituted in place with another at the same URL. This one by Kristine Schachinger:
"In Memoriam: The Rise, Fall & Death of Google Plus"
...Google was only going to be one of many identity service providers for a program run by the Federal Government called the NSTIC, or National Strategy for Trusted Identities in Cyberspace....
<https://web.archive.org/web/20181220165659/https://www.searc...>
I'll note that neither article makes a direct link to mobile phones / smartphones, but clearly as those became widespread and individually identified with a single person for the most part, use of phone numbers as unique identifiers became widespread. Indeed, on Google+, over four billion accounts were eventually compiled, those being automatically granted to every registered Android device through about 2016 (the practice stopped about then). Google increasingly required phone numbers for account registration and recovery, "bribing" G+ members with "vanity" account names if they'd supply same.[1] The use of phone numbers as account validation tokens on numerous other services is now widespread.
________________________________
Notes:
1. I resisted the bait. Ironically, the vanity names couldn't be mapped back to the 20-ish digit UUID that otherwise identified accounts, and those who did make use of the nonnumeric IDs were largely excluded from archival efforts to save G+ content when the service shut down in 2019. I managed to create at least two backups of my own (non-vain) content, for what that's worth.
It is a conspiracy theory. My theory is that big tech and government collaborate to surveil us all, sometimes willingly, sometimes openly.
All governments at all levels. Ever see a government service, office, or bureau talk of an app or show a QR code? That is a carrot for those who already use and stick for those who don't. Sometimes there is a paper form you can get and sometimes not. Do you recall all those covid apps?
Why? Because the government desires to know, for a variety of reasons. The US so they can watch your small payments. Europe so they can watch your speech and carbon footprint. Used to be so they could track you if you had a 1% deadly disease.
[EDIT] Evidence? Snowden's leaks and what I mentioned already
It's also a surveillance device in its design. The mechanism of it is to connect to one or more third-party-owned towers to bidirectionally transpond data. By the nature of the machine, calculating roughly where the machine is every time it transponds is very straightforward.
"I want to send and receive messages from you but you're not allowed to know anything about me" is, at first pass, a tall order. We can sort of get that from the postal system and very little else in terms of communications technologies (and even then, if you screw with the network the postal service in the US is empowered federally to hunt you down).
Switching to an alternative on Android, like GrapheneOS or CalyxOS, can help you regain some of the privacy you've lost. If you are an Apple user, good luck.
I think a lot of non-technical users really don’t understand the distinction between how the OS vs. how any given app can spy on you. Even in technical circles, this issue gets confused. Is Android or iOS better for privacy? Well, modern Android (arguably) gives you better privacy controls for apps, however Android OS itself performs an order of magnitude more spying that iOS does.
>Well, modern Android (arguably) gives you better privacy controls for apps
compared to iOS? in what way?
> Android (arguably) gives you better privacy controls
Has Android recently started prompting users to decide whether each individual app receives permissiin to access the ad tracking ID or not?
> Android OS itself performs an order of magnitude more spying that iOS does.
Citation needed. (and no, Apple's promises do not count). iOS seems very pushy to turn on every time online services and bluetooth.
This[1] is a paper that shows what each operating system tracks and what security model they use. Android generally tracks more and has less effective sandboxing.
[1] https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&d...
The paper you linked is absolutely trash. The actual "meat" of the article is only two pages, and contains nothing of substance, presumably because the authors themselves admit it's "secondary research where we have collected the data from IEEE Xplore and Wikipedia". It also contains some hilariously bad takes like that Android "is not fully stable because as android is free ware". As for the claim that it has less effective sandboxing, that's just a claim taken at face value from an article from 2014 and is no way indicative of how secure iOS or Android is today.
I wonder why you are being downvoted. The abstract of that paper alone doesn't make me confident that the authors know what they are talking about:
Abstract - Mobile operating system is a light weight operating which is used in mobile device. Some operating systems have additional features like sensor embedding and also OTG. In this paper we are going to compare between android and iPhone Operating System (iOS) mobile operating systems that available in the market which is more specific various issues. The issues which we are going to discuss in this paper is not only concern to mobile customers but also concern to software developers. The security requirements for MOS are Memory Randomization, Encryption, Data Storage Format and Built-in Antivirus. Memory randomization ensures that the memory regions of mobile application as well as system shared libraries are all randomized at device and application start-up. In this paper we want compare and analyse the operating system of the Android and iOS.
Google owns the whole OS so expect that they are tracking you 100% of the time. Same with Microsoft.
There's a significant amount of guesswork in this Register article. PCC[0] is an example of on-device compute being done in a way to ensure Google (and others) don't see certain kinds of data.
[0]: https://security.googleblog.com/2022/12/trust-in-transparenc...
I’m ready for a third operating system, not tied to an advertising company, where you have root access to inspect them system, revenue is generated through OS refreshes and SDK licensure.
To this day, I can’t believe that an _operating system _ has provisions in it for advertising.
Linux? You won't have all your apps (unless you get Waydroid working, but that itself relies on an Android image), but it does work well enough that some people daily-drive it.
Advertising is very, very lucrative. Hard to resist tapping that vein when it's sitting right there and most users don't even feel it.
Can anyone ELI5 what the situation with the Android ID is when no Google account has ever been created, and all app installs are through an alternative store interface, whether a front-end to Google Play (e.g., Aurora) or a freestanding store (e.g., FDroid)?
Adtech company doing adtech things.
Silicon Valley has no concept of willful consent.
I'd say that about all companies and even individuals, not just Silocon Valley.
One could contrast, say, the etiquette and tech of the Fediverse.
... even then, I question if the rhetoric matches the reality. Many users of Mastodon, for instance, will decry the harvesting of data or creation of search engines, then run what is essentially an open relay of every post their users create to any other node that purports to be a legit Mastodon instance. The organic growth goal conflicts with the data-control goal.
When your technology's operation doesn't match the rhetoric, which is it?
*Big Tech Silicon Valley, I'd say.
No. Silicon Valley as a whole. There are no good guy tech companies because if they were they would be out of business. If there are, let me know because I want to work for them.
Recently, I thought Maps was the app that tracks me everywhere I go. I put Maps in Incognito mode just as an attempt to disable it, but guess what? It still tracked me all the time. The only difference Incognito made was not remember my search history
Google settled a $5 billion class action lawsuit over this fact in 2023, though to little practical effect:
<https://apnews.com/article/google-incognito-mode-tracking-la...>
Yes, "Incognito" largely only removes local activity history, doing little if anything to disable remote tracking. Though there's some (very slight) advantage in having cookies and the like be made temporary. Access to other identifiers, including Google's ad identity and device-specific identifiers is probably still available. (I'm hazy on this and the situation changes, though at a ground level capacity-to-track largely remains intact over time).