> For the sum of 35,000 NOK (3,300 EUR / 4,000 USD), we got access to location data showing where tens of thousands of Norwegians had travelled in 2019.
> One of them was 31-year-old Karl Bjarne Bernhardsen from Stavanger. The information made it easy for us to identify him in the data that – according to the data provider – had been anonymised.
What causes me the most irritation (to put it mildly) is that I bought the Sygic navigator that seems to be the source of this data. And still they sell my data? Just last week they forced me to agree to some new rules to be able to use the app but I already bought it 7 years ago. I will be requesting my money back as stated by that agreement, and request a GDPR data dump for moving my data to another provider.
Yeah, hacky and annoying af when fifty people use it on the same thread, as is usually the case. Makes Twitter’s long-form readability and usability even worse.
I don't have a smartphone. That alone will prevent browsing habits being picked up by parasitic apps etc on a phone. What I browse at home I have more control over with blocklists etc and disabling js.
I rarely carry my dumphone around, if someone needs me they can leave a message. That takes care of tracking by cell station.
There are times I'd like to have a dumphone on me, eg. when meeting people, so at some point I'll get dumphone #2 not linked to me.
If possible, pay cash rather than a credit card. I have done this before but in the uk this was getting more difficult and may not be possible, I don't know. There are always ways around that with grey areas.
At higher levels pressure your government or use the local regulations to push back when a company seems to be behaving unethically.
I'm sure there's more.
But convenience triumphs and all you can see is "I need smartphone". You won't do any of this. People who ask how will never do, or they wouldn't be asking the question to which the answer(s) are obvious.
GPS chip in the car?
License plate readers all around you?
Face recognition cameras?
Chip in the credit card that you are not using?
Friends with a iphone that have your number?
ID cards that swipe you into places?
I'll try and answer your questions but please answer me this, what is the psychology of people like you who see failure not as an option but as a destination?
You seem absolutely determined to be both resentful of society and completely powerless against it, and not willing to actually do anything to change anything?
Well, I was talking about smartphones so you seem to have moved the goalposts with your questions so that my answers don't apply -- deliberately, to emphasise helplessness?
But okay, let's try
> GPS chip in car
I don't know anything about this so, don't buy such a car. If you do, is the chip enabled without drivers control? I'd be surprised at that.
> License plate readers?
To some extent I guess these are necessary, but they are a usable so you have to deal with this at the level of government rather than directly.
> Face recognition cameras
This has to be tackled at the legal level, and yes, it does concern me. Fortunately in a democracy you have some say. Unfortunately I don't think you will make the effort.
> Chip in the credit card...
Oh for heaven's sake, it's not broadcasting your location it's RFID, and if you want to disable it you can find instructions online. You basically make a small cut into the side of the card which breaks the antenna loop (or whatever it's called). I literally have done that and it took me a few minutes.
> Friends with my phone that have your number
Is this a serious objection? They can't track you via somebody else's phone -- did you even think about this before writing it?
> ID cards that swept into places
This really is scraping the bottom of the barrel. I've had worked cards like this, they simply let you in and out little more than an old-fashioned metal key, with a record being made. You can't be tracked by them other than when swiped.
You seem to have embraced failure while resenting it but it's clearly what you want.
I typically give the following link to such people: https://en.wikipedia.org/wiki/Security-in-depth and say that perfection is not achievable, but it does not mean you should give up absolutely everything.
The problem isn't DID or anything like that but a strange attitude that they want nice things but will put in zero effort to achieve that even if shown basic steps, and have a mindset that they're totally fucked, everything's against them, they can't win. It's a kind of learned helplessness.
This is a great illustration of why the GDPR - and enforcement of it - is so important. The average user has absolutely no chance of navigating the digital advertising sewer without all of their data eventually being sold to the US military.
So we have a very successful short messages app, that now resulted in another service to be successful, which combines the short messages into a long format. Innovation and evolution aren't always straightforward I guess!
> “I agree,” I pressed. We had now made a binding agreement, the app and I.
I hate this whole premise. We have to agree to an incomprehensible text wall of vague legal nonsense, that very often violate our own laws (as in this case), in order to install an app.
These illegal contracts are completely void of any meaning, and it should not matter that you "agreed" to be screwed over like that. Being screwed over like this is illegal, so those who do this, should not stay safe just because you clicked "I agree".
> Usually there is a few lines at the end stating that wherever this is illegal, these parts are not binding
Personally, this is what I detest the most. There's always a bit in the boilerplate that's akin to "you agree to everything here, even the unenforceable bits. If we're ever challenged on the unenforceable parts after the fact, you still agree to be bound by everything else here."
IA[very_much]NAL, but to me this always sounds like "We can and will stick whatever nonsense we want in this contract, whether the terms are illegal or not, and you will be bound by them for as long as we can get away with it. If you do ever discover the illegal bits, that doesn't void anything else (including any other illegal bits you haven't found yet!) and you can't sue us- you've given up that right and can only use a mediator from our approved list. May the odds be ever in your favor."
severability is actually a really important and broad legal concept (IANAL). I can where you get to [the view you espouse above] but if you think a bit about it you'll realize that contract law would become pretty unworkable without it. If every clause and statement has to be perfect or the whole thing evaporates, it would be hard to get anything done. And even if it were ok today, legislative changes tomorrow could inadvertently nuke a bunch of contracts.
This is separable from the abusive nature of ToS of course.
It's one thing if the legislation is specifically targeting those contracts, quite another if the unintended consequence is much broader than you intend. It's easy enough to imagine legislators unintentionally invalidating basically all of a states employment contracts this way, for example.
> Signer agrees to become contract murderer unless pre-empted by local laws and regulations.
I'm over-exaggerating, and I get the value when it's prohibitively expensive to write a TOS when it's essentially impossible to pre-emptively vet the legality of all possible clauses internationally as laws constantly change. But if the clause I wrote is technically valid, then what's the point? Just write a short phrase saying "We're going to do whatever we like, unless it's prohibited by law. Accept? Y/N"
True; although who knows what would hold up in court if anyone was to file a lawsuit based on some of these "digital contracts" we agree to every time we click "I agree".
I have a feeling that a judge would want to find them invalid, but what happens if he/she rules that they are non-binding? The chaos it would cause for US B2C businesses would be large. This alone may sway the courts to make them binding.
Customers should have the legal footing to negotiate every line in every contract with someone holding the status to negotiate on behalf of the company. If I can't negotiate my cell phone contact I'm placed in an impossible scenario where I either agree under duress or endure the impossible life of someone that refuses to sign contracts. Essentially, there are 4-6 contracts I'm capable of negotiating in my life out of tens of thousands I've agreed to under duress. Those 4-6 are: apartment lease (keep the Wi-Fi take off $50), groundskeeping (days, times, work to be done, breachs), trash (when, where). These negotiations are only possible because these companies have sole proprietors who will get on the phone to keep a customer. Let's move every company closer to this model by requiring every contract to be negotiable or, if online, optout no guarantees, no warranty, no liability, no tracking except for carefully and explicitly outlined exceptions.
> The chaos it would cause for US B2C businesses would be large.
Literally who cares? Let them deal with it. It doesn't matter how much money they lose. They should have considered the consequences of abusing people's trust and violating their privacy under questionable consent.
Corporations are vastly more powerful compared to individuals. Courts obviously need to favor the latter in the vast majority of cases. To do otherwise is injustice.
It was not a value judgement, just a prediction. Some judges do look at the impact of a ruling. I personally don't think they should be legally binding (as I suspect most HN readers do).
"doesn't matter how much money they lose" -- of course it does, these companies employ people and generate lots of government revenue (even if they skirt corporate taxes).
> these companies employ people and generate lots of government revenue (even if they skirt corporate taxes).
There are political and economic concerns, not judicial. The fact the company is important does nothing to remedy the fact that it exfiltrated private information to foreign intelligence agencies.
The often are non-binding. Read up on "contracts of adhesion". Business doesn't fall apart because at the end of the day it mostly doesn't matter if you obey TOS. This has nothing to do with privacy though, since there's (in most cases) no law against what the companies are doing with the day.
The TOS of any European company cannot supersede the law of the European Union.
Example; how one individual singlehandedy forced the hands of Spotify to reverse an API decision they made blocking the export of your playlists. Note how Spotify thinks their TOS supersedes the GDPR. It does not. Otherwise, we would have corporations directly creating laws.
If you care about privacy in the UK, please donate to ORG, I started a direct debit years ago and have always been impressed with their work and focus:
As people, we like to think categorically... especially "contracting" in the philosophical and legal sense. Whether its a medieval oath or a standard employment contract, the concept of "binding agreement" sorts out moral issues of consent and creates a platform for further relations.
Reality is generally less fussy about categorical boundaries. It likes spectrum. Linnaean classification is an approximation. Biology isn't strict about species, or even organism barriers. It's the same with a lot of cultural stuff.
On one end of the spectrum, we can have a business agreement negotiated diligently and in good faith between equal partners. On the other end, we have take-it-or-leave it agreements: The T&Cs stack a bank hands you when you take a loan. The wall of incomprehensible legalese we consent to when we use an app or website. An employment contract is somewhere on that spectrum. Employees may be able to submit "red line corrections" depending on their seniority and confidence, but generally its written by employers and treated as under their control.
In philosophy, contracts (including rhetorical ones like "moral contracts) are a popular mechanism for problem solving. They certainly are in law. In normal human life, norms are much more common.
I have thought in a similar vein about capitalism and markets. Why, if everyone is clamoring for fair contracts, are not businesses offering them?
Partly it's because consumers cannot tell a good from a bad contract.
And partly I think it's that a lot of people say the right signals ('I care deeply about privacy!') As it's the cause de celebre, but don't actually care.
Sometimes they just want to watch Hulu without going on a stallman esque campaign.
Being able to read the words doesn't mean the comment makes sense. Reading it over and over again, yeah sure I can understand it, but I don't see any "point" or relation to the original comment.
Some people just seem to feel "smart" by wording things as convoluted as possible, using fancy words and references. The truth is, it is much harder to express thoughts clearly with simple, yet elegant words. Mostly because that makes everyone understand it, and everyone able to see through the facade. Meaning that whatever you say will need to hold up to much more scrutiny and you can't hide behind a facade of "fancyness" that scares off readers.
It's similar to coding. Writing simple code for complex programs is much much harder than writing complex code for complex problems, or even worse complex code for simple problems, which many people like to do.
Is that post too fancy though? Sure, "Linnaean classification" could/should be replaced with "taxonomy" or something similar for readability, but none of the rest of the post has and uncommon references or words. The point also seems obvious, and the relevance to the post self explanatory. This rant on obscurantism seems unwarranted with reference to a post written at a pretty standard reading level.
If I have to guess (and it's fun, so why not), I think what triggered the rant was exactly what the comment was describing. I'd call it recursive, but I don't want to sound fancy.
My comment wasn't categorical. IE, I didn't get on either the "T&Cs are evil bullshit" or "contracts are the basis of civilization" side. If you're reading for category, everything else is flowery nonsense. Just tell me which side you're on and why.
What does this have to do with the comment you responded to?
I reread it. One fancy word: Linnaean. Considering this is HN, that should be OK.
I get the feeling you're reacting to the fact that I didn't state a position or a conclusion in my short HN comment. So basically, you don't like that my HN comment isn't a tweet.
You as a user can choose to uninstall it immediately and try alternatives until successful.
Most people of course, akin to how paying with card makes you overspend because you don't see the money, agree to anything because it's just a button on the screen not a potentially predatory human person.
In the case of overly vague terms of service, people agree to them because there are essentially no options or alternatives.
Sure, it does not help that people agree to them without thinking about it. Which is somewhat similar to people spending money without thinking about how much they have.
You know full well there are plenty of situations where that's not an option and that almost no one fully appreciates what happens when they press agree.
The whole culture around closed smart phone apps is completely rotten.
> .. pages of pointers to individual sub-privacy policies.
At this point expecting someone to have read them is just nuts. The "lawsuit culture" in the US, where you have to guard yourself from possible lawsuits all the time, have made these legal contracts comically bad. They have always been strange, since you typically get to read them after you unpack the phone/computer etc.
I wouldn't over worry about such things. If it was that big of a deal, the government would be "on it".
After all, is Democracy not the best mechanism possible for executing the aggregate will of the people? And would the will of the people not be to not be tracked in this manner?
I predict this undesirable situation will be eliminated in less than one year - or, in case it is more complicated than it seems (and therefore takes more time to resolve), will at least have significant attention from both the government and the media until it is resolved to the satisfaction of voters.
I will keep my eyes open for an upcoming entry for this matter on the "Top 10,000 Concerns of the General Public" KPI tracker where we monitor matters of public concern like this, and I will use 10 of my monthly allocated voting units to express my level of concern.
Well if it was important, wouldn't an initiative to rectify it be underway then? Or, might there be a flaw in one of my premises? I only hold these because they seem to be the same premises advertised by other people.
The United States Customs and Border Protection (CBP) states that they they have limited access to commercially available data, and that they are used in line with relevant rules and regulations
Well sure, relevant being the operative word here. For the US CBP the only relevance is US law, since the USA has no concept of data subject ownership -- in the US, all data is owned by whoever holds it, not who it is about.
FYI, Sen. Ron Wyden is pretty much the only US congressperson actually -doing- anything about this. He is relentless in his attacks on the industry and understands the technology. I saw him at DefCon and yes, he sounds like a politician, but he's fighting the good fight.
FTA:
In a statement, Senator Ron Wyden said “Venntel has stonewalled Congress for months and refused to identify the sources of the data it is selling to Customs and Border Protection and other government agencies. The U.S. needs far stronger laws to protect Americans’ privacy, and ensure transparency about where our data is going."
And most of the rest of congress aren't just not doing anything about it, they consistently support the American surveillance state and voted on its expansion. It's incredibly rare for privacy to even be on the ticket.
It seems like this issue can be largely circumvented by the fact that at least on iOS, giving location data now requires much more interaction from the user? Every time a new app asks for your location, you can select whether you want to give it that information all the time, or only while using the app.
Another thing that I've started using recently is NextDNS[1], and it's amazing the amount of tracker garbage that's leaking out, and being blocked on a DNS level, out of almost any mobile application.
I'm sure someone has a database of frameworks that iOS apps turn to for user linking / monetization?
I didn't readily find a list last time I looked, so I'm not sure how single person dev shops are getting hooked up with these privacy bypassing hydras.
From DNS logs in Nov 2019, I had found some of the more common on iOS a year ago included:
iOS “User Linking” Trackers
[business].app.link
[business].onelink.me
[hash].ulink.adjust.com
[business].bttn.io
bnc.lt
branch.io
Some of these you can see who uses them, thanks to subdomains:
These are different from iOS Measurement Trackers such as:
events.appsflyer.com
reports.crashlytics.com
api.mixpanel.com
app-measurement.com
But it's gotten enough worse I almost want Apple to implement Little Snitch style blocking at the network layer, and offer a measurement anonymizing API that devs can use and is whitelisted by default. Ensure legit usage/debugging info is anonymously available, while use of other trackers would then suggest other motivations at play.
Is there any way to mitigate the amount of data collected?
If I turn GPS off can they still track my steps?
One thing that I notice frequently is discussing some topic with my wife and then finding an AD related to the topic on Instagram, LinkedIn, and whatnot. Could be a coincidence but I not sure any more.
The tracking is extremly intrusive. With GPS turned off, accuracy is diminished, but locating the device is still possible via WiFi SSIDs and cell towers the phone is logged into. Maybe Bluetooth also plays a role.
In the background, the phone uses its gyro sensors so it can tell what you are doing: walking, running, getting into a car/sitting down, getting out/up, ...
The unsettling part is that location logging continues to work with the phone off (saw an admittedtly obscure YouTube video on that which I can't seem to dig up again).
Like the Kindle, airplane mode also doesn't stop data from being transmitted to the overlords. It merely delays it from somewhat real-time to whenever you go online again.
> The unsettling part is that location logging continues to work with the phone off
There are specific bits of malware that make the phone appear to be off when it is in fact powered on. Such malware typically requires root access or an exploit, and is the realm of shady governments not advertiser's.
But if you don't have that malware, you can't be tracked when the phone is off.
I'm sure there's plenty of RF energy to make a passive phone case that lights up when your phone is transmitting, which would detect this case if you were looking at your phone. Maybe having it emit a tone would be better.
It would be fun to see if you could get a modern phone to shut up for even five seconds when powered on.
If you actually turn off location services in the OS none of this tracking occurs. About the only remaining source would be the mag of apps implement their own harvesting of the Earth’s magnetic field. Such things are extremely technically difficult to do well (you’d need to map the mag signals across the world) and the accuracy isn’t great (somewhere between wifi and coarse cellular if I recall correctly).
If at any point this actually became a reality the OS would start treating mag access as needing location permissions.
> If you actually turn off location services in the OS none of this tracking occurs.
Location services doesn't disable bluetooth. If you're in a dense area, your local stores may have bluetooth beacons which will report location hits against your bluetooth ID, which may be tied to you through applications you install.
It wouldn’t surprise me at all if baseband processors eventually start logging and asynchronously sending gps data to the cell carriers behind the operating system’s back, so you should also keep it in a mylar sack.
Similarly the accelerometer can gather all sorts of information (passwords, text typed on the keyboard, are you driving, flying, walking, etc), so you’ll probably eventually need to keep the phone in a drawer to avoid leaking that information. Similarly for the microphone (some surveillance libraries already snoop sounds in various primitive ways).
To recap: keep it off the network in a stationary, electromagnetically shielded, sound proof box. That’s simple enough, and from there you can use it as normal.
>If it were true I feel confident that information would have leaked by now.
Yeah, there's no way for Facebook to be actively listening to conversations on millions of phones connected to private home networks without someone noticing. And that's not even addressing that someone currently or formerly working at Facebook would just blow the whistle at some point.
The problem with this conspiracy theory is that people just don't care about numbers and facts. They usually have an anecdote ("I was talking about cheese and hour later I got an ad for cheese") and that removes any need for hard evidence. Hard evidence that shouldn't be that hard to collect considering you own both the device and the network on which this supposed listening is happening on.
If you mean the conspiracy theory, then some proof would be in order. That happening, and most people believing that to happen, are both outlandish claims.
Spoiler: it actually does not happen. As the other person commented, snooping like this in scale would leak.
I don't understand this "argument from incredulity". It has leaked - you found out about it. Do you want them to publish an article in NY Times saying "yes, we spy on you all the time"? Do you want a personalized letter? What, exactly, is the form of this "leak" you expect would happen if this were true?
Just in case you are serious here: a random anecdote on a forum discussion doesn't count for anything, definitely not for a "leak". That parent message had a wild claim which of course requires serious proof.
Edit: since you're asking, proof could be multiple testimonials from ex-engineers working on the project or a peer-reviewed article in a serious journal. Until that this is in the same bin with healing crystals and chemtrails.
Whistleblowers never prosper, at least in the US. Too many examples, take Stingray for a less controversial one. What was the result? Crickets. Exactly what would be the incentive for those engineers?
Myself, I'm a Bayesian and I grew up in a communist country, which means I start from "of course everyone is spying on me, all the time" and require strong evidence to change my mind.
You're expecting 100% of the engineers at Facebook (or previously at Facebook) that know about this to comply with the NDA. And history shows that 100% of Facebook employees will not keep quiet about Facebook doing bad/illegal things.
I don't need to change your mind, so I won't try. I'll just say that it must be very tiring to believe every conspiracy theory by default. To me it seems like a sad way to live.
Couldn't the facebook app just listen for signal fingerprints? For example, Nielsen embeds digital fingerprints into songs so that it can tell what you listen to without listening to the full audio stream. They simply listen for a certain pattern, and make note when they detect the pattern. You could do the same with with "coffee" or "jogging" or "yoga mat". You don't listen to the conversation audio, you detect audio fingerprints.
As far as I know the largest offenders are still the cellular companies since they can and are selling location data that works without any software on the phone. It's technically less precise than GPS/wifi location data but since it's always active it's pretty easy to use weeks of data to improve the resolution.
Besides that just don't install any apps you don't need. Stick to open source software, install a custom ROM on your phone, don't use Google location services, etc.
Turning off ad id in the OS and checking which apps have access to location would do wonders. Would also recommend checking which apps have access to the contact list.
One particular day I remember specifically because had a long call with friend who lives in some other city. We talked about meeting sometime in future, dating, job situation and travelling to Canada/Europe.
With in hours I received promotional email about "travelling to the city my friend lives in". Dating site AD. Looking for Job and article about how to travel move to Canada/Europe.
Fun day.
People only think about Facebook, but there are other AdTech companies as well which do not get scrutinised as much.
Writer: Samsung Galaxy S7. I guess over 70 apps in navigation, weather, games, prayer apps, or relevant due to listing location companies in privacy policy.
I have not named apps / companies I that were not relevant to this feature. I found other things, but I had to focus on a clear story.
Battery life, but mostly the topic of the article: apps use it to track you [1]. I always ask myself: why does this app need to communicate with a server if I didn't open the app? For the majority of apps there is no need to do anything while they're asleep.
tbh, I don't think it's related to the location settings. I believe apps don't even need to ask for permission to do this. That's why you need to turn it off manually.
I stopped to use smartphones in 2018. Since then I have a Nokia 3310 new model, with Facebook installed. However the wi-fi is turned on around 10 minutes per month, in best case.
What I've immediately observed after switching to the new phone that I'm receiving more precisely targeted ads. Before, on smartphone no adds were relevant, after the smartphone new adds were all relevant.
My guess was the phone / the cellular service company is listening me all the time, not just when talking on the phone.
To test it we've started playing games. Sitting with friends, we've used a predefined brand name very often in a conversation. Next day I've got the ads on the social media, on my laptop, I have no other internet device.
What I'm doing now? Not using the phone at all. Which means 1-2 daily quick conversation to set up places to meet. For long conversations I use email or messengers.
How do I feel? It doesn't bother me at all. I'm not paranoid. I know we are all sold since the blogging era begun. Right now what I can do is to make the lives who exploit data harder in this particular case.
Even if your use a dumb phone with no real operating system or applications if you carry an operating cell phone your location is tracked and stored. In the US this data is stored for 2-5 years minimum depending on which Telco you use. It is used and sold just like in this article.
Tracking is how cell phones and cell basestations work. You cannot have one without the other. The better the clocks in the base stations the better the multilateration accuracy. It's already well under <100m. That you turn off GPS positioning does not matter in the slightest.
As for listening to you to provide context for what ads to show, I find that supremely unlikely. Probably other aspects of your digital life are also monitored to inform this kind of thing.
If you have full confidence in your theory, you should perform a controlled experiment for statistical significance.
Say the name of 20 places on a call (but never you nor any facebook contacts go there) [and have 20 controls you never mention]. Then count ads over the next month.
You can conclude something to a certain confidence level if the results show you were right.
That might be the right approach, thanks for the tip. Maybe somebody else will do a better testing. I just wanted to draw attention to the fact non-smartphones / carriers might / perhaps spy in the same way than apps.
Are you sure that none of your friends are looking up the predefined brand names? Do any of your friends go home and immediately google the predefined brand name?
The first time I was realizing the phone listens to the conversations was Christmas eve, when talking about gifts. One gift came from a global brand. Next day I saw the ads. I didn't googled for sure for that brand on my end nor posted anything on social media. And on my parents' end, who received the gift, I'm pretty sure their internet skills are not enough for a brand search.
Anyway, I don't want to convince anybody here, I might be pretty wrong. Just helping others who might have the job to verify all these findings.
Listening all the time would drain your phone's battery in no time. Transferring those recordings to wherever they're transcribed would definitely show up on your data usage. Transcribing them on your phone before transmitting them would drain your battery even faster.
This is more likely plain simple confirmation bias. The ads were there before, you just never noticed them.
This is essential work, using the GDPR as a tool for data privacy journalism. Unfortunately, GDPR is only the beginning and lots of work like this needs to be done to uncover the breadth of the damage that is being done daily. Also, as the article states this shows that stronger laws need to be in place all over the globe.
(Journalist behind article.) Thank you! I can say that it is not easy to use subject access requests to get information. Without the help of Michael Veale’s template and a lot of grit, I don’t think I would have made it.
Transparency is just a first step, but it is a powerful tool.
You wrote: "It is uncanny to follow my own steps, even though they do not divulge any romantic affair, secret meetings, or embarrassing health issues."
Contact tracing addresses that shortcoming of the current surveillance tech. Today, finding out that 2 cell phones have been in proximity requires computationally expensive analytics on the server side. With the apparently mandated requirement for contact tracing, edge devices ("your" phone) will simply detect proximate "ids" and send that to the servers and that trivializes the task of determining your "romantic affair, secret meetings, or embarrassing health issues".
> Today, finding out that 2 cell phones have been in proximity requires computationally expensive analytics on the server side.
No, you just have to use the right data structures. Quadtree is the obvious one if you have lat/long, or if you have cell history you can observe that e.g. the UK only has ~25,000 base stations, so you can just use them as buckets. It's probably too expensive to run on every ad load, but for targeted surveillance it's easy.
Contact tracing will go away middle of next year with the end of the pandemic. Although I wouldn't rule out its reactivation next time there's a SARS or bird flu breakout.
It finally appears that we built the wrong monetization strategy for the Internet.
Ideally users would have the option of having some sort of digital bank associated with their web browsing. Micro transactions could pay to support the websites instead of advertisements.
One downside to the security model in popular mobile OSes is that once someone does gain superuser access there's really nothing the user can do short of rebuilding the device since they often don't have it themselves.
Let’s not beat around the bush here: this is a uniquely Android problem. Sure, there are some iOS jailbreaks out in the wild, but these are very few and far between. There was one for then-recent iOS versions earlier this year, but it came many years after the previous jailbreak of that kind. Superuser access to my iOS device isn’t something I need to worry about. But if I ran Android? It would be a real threat.
This isn't really true. Jailbreaks are not the main concern here, privilege escalation vulnerabilities are. Those are discovered somewhat regularly in both Android and iOS. Jailbreaks on iOS make use of such vulnerabilities when they discover them, but most vulnerabilities are not discovered by jailbreakers. These sorts of vulnerabilities are also inherent to any complex operating system, not unique to Android.
Users "rooting" their Android phones also usually doesn't involve any sort of real exploit either. Android devices don't come with the ability for apps to run as root by default, and can have their firmware flashed to add a means of doing so. Doing this requires that the user unlock their bootloader, which wipes the device and often requires manufacturer authorization. Rooted devices have weakened security by being rooted, but this doesn't affect ordinary non-rooted devices.
He consented to the collection and Apple would have exactly the same issues.
Also Android is marginally more useful than an iOS device. I know that it is fancy as a music player and social media apps, but it isn't really what it could be.
so can you in Android... well guess what, it doesn't add any feeling of security on my chinese phone (and for any non-US person, chinese or american are the same - foreign powers gathering all data possible, which may or may not be used against you in the future).
I think without said "security" model, we wouldn't have so much malware.
Because getting your exact location extracted and send to marketing firms and government contractors is worse than quite a few trojans you could get on your local computer by executing random and even malicious code.
It is time that security experts get honest about this and that "experts" lower their voice a bit.
A lot of "experts" are marketeers or work in the industry and have financial ambitions.
There is a technically correct argument that a locked down environment hinders the execution of malicious code, but for overall security, especially privacy and illegal data access, the current "security" solutions for smartphones perform very badly.
> Kacanova claims that my consent had been lawfully obtained according to GDPR, and that their partners were contractually obliged to only use my data for marketing purposes.
Does anyone actually believe these companies are segregating their data based on what they are legally allowed to do with it? And that those permissions somehow get propagated along with the data to third parties, who then also diligently segregate their data based on legal permissions?
It's difficult to hold these companies accountable and even if you could prove they were misusing the data as an individual, it's difficult to take legal action against them. And even if you do manage to beat them in court, the compensation will almost certainly be a pittance - especially if you're not covered under the GDPR.
Of course they're not doing managing users' personal data responsibly! Even with the GDPR, it's still more lucrative to just not bother.
Because there would (rightly) be an uproar if this were made more public, and “track and trace” is one of the most public things you can do with the data. Instead, we've got an almost completely private Bluetooth-based protocol… with implementations that go ahead and phone home anyway, without even using that phoned-home data for the track & trace system.
The problem we are beginning to see is the unwillingness, chaos, and confusion on how exactly to enforce GDPR. This is concerning; no repercussions will eventually lead to where we were before.
> Venntel told me in a subject access request that my data was shared, but they did not provide to whom. When contacted later - they told me in a short statement that the data was not shared with ICE or CBP.
I think this is an extremely clever technique for generating mainstream interest in a topic that would probably otherwise be considered boring for the typical person: associate it with something that people have very strong emotional feelings about. 10/10
