Android is leagues ahead of Apple, first of all, the core of Android is libre, anyone is able to take Android and create their own mobile operating system around it (with various amounts of success). Of course, this leads to OEMs who create bastardized nonfree operating systems with privacy holes, but it also leads to things like Vanilla Android, GrapheneOS, CalyxOS, /e/ etc.
There are also GNU/Linux phones like UBports, GNOME/KDE mobile shell, so it's not a binary decision.
Android is not without its flaws (like Google play services and closed down hardware), but to say it's not better than Apple is misleading. Countries choose Android, only America pushes their Apple sludge.
Every cell phone, even dumb phones, can track you with a warrant or Stingray. Rather than picking which is better, understand that every single cellphone is snitching on you and act accordingly.
To be clear, it is possible to defend yourself, but ofc no defense is perfect. For illegal activities that might attract federal attention? best to avoid them at all costs. But for general privacy in your day to day life that isn't practical for most people, and "every cellphone is snitching on you" is way too reductive, even if it's true in a sense.
For example the person you are replying to mentions Linux phones, many of which publish schematics and make hardware kill switches for the discrete modem a big selling point. That still isn't perfect protection, but it would protect you from a stingray... and if you have a thought out threat model, you can make the choice whether or not that device is appropriate for your situation.
Let me be clear first: If you want to get rid of advertising, then yes your advise is OK. If you want to defend against the Surveillance system, it's not close to adequate. This is the fundamental gap I'm trying to address.
I understand where your heart is at, but you are making a mistake. Free/Libre software is about Freedom, and from that guarantee we can build other guarantees about security and privacy. However Freedom itself does not guarantee security nor privacy. Freedom is also the freedom to shoot yourself in the foot.
To be clear, it is possible to defend yourself, but ofc no defense is perfect.
There is a perfect defense: Don't use technology. Much of this advise is trying to use technology to fight technology. It's a rabbit hole that has no bottom, and the best defense is to not play. The problem is attack surface. Technology is incredibly complex and is chattier than your extroverted :LIB: friend at brunch, and boy howdy do people love to listen! You can reduce this attack surface, but it never goes away as long as you are using technology.
But for general privacy in your day to day life that isn't practical, and "every cellphone is snitching on you" is way too reductive, even if it's true in a sense.
Here's the trail crumbs you might make on the Web as you browse each and every website:
DNS request - sends URL domain/hostname (www.hexbear.net, for example), collects IP and timestamp. Your ISP is often the default DNS, so they are collecting this information. Google (8.8.8.8) and Cloudflare (1.1.1.1) as well.
1st party HTTP(S) request - Encrypts body but sends URL domain/hostname in the clear across the network, collects IP and timestamp.
3rd party request - Usually advertising, but also could be security (Sign In With Google, Okta, etc), collects IP and timestamp
3rd party cookies - Sent and updated with every request to that domain (Amazon cookie to Amazon.com, FB cookie to Facebook.com, etc), collects IP and timestamp
1st party advertising - Think Amazon's "Customers also bought...", has full access to your request, collects IP and timestamp and User-Agent.
Logs - Usage data about what you do on the website, both front-end and back-end, collects IP and timestamp
Telemetry - Usage data about what you do with your app, collects IP and timestamp
You can use custom software for #3 and #4 on the device (most of the advise here), but do you block google.com? You can use a network DNS blocker (e.g. Pi-Hole) for #1, #3, #4, and some of #7, but that only works on networks you control. VPNs advertise as solving #2, but that's pure ideology; it only moves where the routing traffic goes and still can log information in transit.
This also ignores data brokers who buy all of this information and compile it together.
And this is just the advertising/surveillance defense against tech companies. I haven't even touched or defense.
if your threat is state-level actors your computer security is approximately moot and maybe you should spend your money on laywers and having a discreet way out of the country
Our research for this report involved interviewing experts on this issue and reviewing approximately 150 publicly available documents covering awards, solicitations, requests for proposals, and related information on contracts. We found significant evidence of agencies exploiting loopholes in existing law by purchasing data from private data brokers. The practice has prompted scrutiny from government watchdogs as well as members of Congress (Tau, 2021a; Wyden, 2021).
The problem is a byproduct of the lucrative private market for personal data, where many companies that offer online services collect, analyze, and sell data about individuals using those services. This data is aggregated by companies called ‘data brokers’ that typically lack any direct relationship with the individuals whose data they collect and sell, but may accumulate personal data from multiple sources with varying degrees of granularity, ranging from anonymized trends to the specific locations of individuals at specific times. Advertisers, retailers, and other companies may then seek access to data for varied commercial purposes.
As our research demonstrates, law enforcement and intelligence agencies are among the customers of some data brokers, spending millions of dollars to gain access to private sector databases which often contain very sensitive and very personal information on individuals.
That's not protection, and worse its giving you a false sense of security. I don't make my recommendations because I hate tech, but because (from a security posture) the attack surface is so large it is impossible to verify it cannot be used against you, and the consequences of that mistake are life-altering.
A SIM merely says you are Authorized to use the network. The phone still makes connections to the cellular network. All phones on the market allow emergency calls even without a SIM card.
Both your cellular chip and your WiFi chip broadcast their unique MAC address to every router/tower they see, and all of this information is logged.
Just like a burner phone, police can get the location data from the carrier and towers, and use that to trace where that phone went. If you brought that phone near other devices, those devices or your own location can be deduced.
You see this over and over: Big Protest ➡ Police Geofence warrant ➡ Cell logs ➡ Arrests. Given the criminalization of protests this will become the norm. If you want to get rid of advertising, many of the suggestions here are fine. But none of them go far enough to protect you beyond that, even from Big Tech surveillance.
If I'm wrong if love to hear some evidence to the contrary.
It's not that we are wrong or right, we cannot verify. That is the danger. In a high security environment I treat everything as suspect until proven otherwise. However when you do not use technology you categorically exclude an entire attack surface, and it is extremely simple to get right.
Sure , not using a phone is of course the best option. If that is an option. For most people, activist or criminals of any kind. Not usually an option.
You can at least verify the Foss code. Or trust the people that verify it.
I'm not responding to be mean, so I'm sorry if this feels like bullying. I've had friends and comrades arrested and jailed, and I don't want anybody falling into that trap if it can be easily avoided. I'm trying to point out the Ideologies (*sniff* ), the things you don't know you know, so that you can operate a much stronger security posture.
Sure , not using a phone is of course the best option. If that is an option. For most people, activist or criminals of any kind. Not usually an option.
The first Ideology is using the same device in both high and low security environments. Don't. Use multiple devices and compartmentalize aggressively. In security posture, you are only as secure as your weakest point. This is why those "criminals" use a different burner phone. Using a single device to communicate with grandma and radicals is a recipe for baking and arrest. I consider a low-security place where I shitpost and goof off, but I absolutely do not engage in any here because it would be trivial to trace it to me. Same with my regular cell phone, which I text grandma baking recipes but never use it during protests.
The second Ideology is thinking you are excluded from those so called "activists and criminals" while participating in very leftists and public online spaces. I guarantee and watch both Lemmygrad and Hexbear as I type this, and they don't give a single ! Rude! To them we are all being gay and doing crime. Have fun giving them but you deliberately never go beyond that.
You can at least verify the Foss code. Or trust the people that verify it.
This is the third Ideology. You are trusting somebody you don't know for your safety, and you are trusting they did their job. Likewise, yes you can verify yourself, but did you actually verify yourself? Again, attack surface. Yes there are ways to mitigate this, and yes you could verify, but it's mitigation not exclusion. Excluding tech renders you invulnerable to this. Freedom/Libre software can only guarantee your freedom, not your security/safety, and this is why every FOSS license disclaims all liability for use of their software. Looking at it another way, why put yourself in a position where you must trust somebody else for your safety?
I'm with you on libre stuff, but I would say it's not any better than Apple unless you are actually using one of the options you mention. Essentially every OEM available in western countries (and probably most other countries but idk) jam it full of spyware and telemetry, both the default google kind and all kinds of OEM and carrier-based additional spyware which is also often horribly insecure.
I know your hearts in the right place about this, but android is not better than iOS for privacy.
The only way android can be made decently privacy respecting is through graphene and that requires a very small subset of the ocean of android devices and requires that you give up almost everything that makes a smartphone useful.
The solution to privacy isn’t graphene or android, it’s not using a smartphone at all.
and requires that you give up almost everything that makes a smartphone useful
that's hyperbolic, I use graphene and rarely use the profile I've got their play services shim enabled in. the only thing I have found myself entirely unable to use so far is google pay for event tickets that require it, which isn't often.
idk which features you mean, but you can get the google camera app and sideload it. highly recommend doing that
most if not all ML features like photo manipulation or whatever else are going to run on google's servers, so yeah you're not going to get that. not what I think of when I read 'everything that makes a smartphone useful'
Android is leagues ahead of Apple, first of all, the core of Android is libre, anyone is able to take Android and create their own mobile operating system around it (with various amounts of success). Of course, this leads to OEMs who create bastardized nonfree operating systems with privacy holes, but it also leads to things like Vanilla Android, GrapheneOS, CalyxOS, /e/ etc.
There are also GNU/Linux phones like UBports, GNOME/KDE mobile shell, so it's not a binary decision.
Android is not without its flaws (like Google play services and closed down hardware), but to say it's not better than Apple is misleading. Countries choose Android, only America pushes their Apple sludge.
Every cell phone, even dumb phones, can track you with a warrant or Stingray. Rather than picking which is better, understand that every single cellphone is snitching on you and act accordingly.
To be clear, it is possible to defend yourself, but ofc no defense is perfect. For illegal activities that might attract federal attention? best to avoid them at all costs. But for general privacy in your day to day life that isn't practical for most people, and "every cellphone is snitching on you" is way too reductive, even if it's true in a sense.
For example the person you are replying to mentions Linux phones, many of which publish schematics and make hardware kill switches for the discrete modem a big selling point. That still isn't perfect protection, but it would protect you from a stingray... and if you have a thought out threat model, you can make the choice whether or not that device is appropriate for your situation.
Let me be clear first: If you want to get rid of advertising, then yes your advise is OK. If you want to defend against the Surveillance system, it's not close to adequate. This is the fundamental gap I'm trying to address.
I understand where your heart is at, but you are making a mistake. Free/Libre software is about Freedom, and from that guarantee we can build other guarantees about security and privacy. However Freedom itself does not guarantee security nor privacy. Freedom is also the freedom to shoot yourself in the foot.
There is a perfect defense: Don't use technology. Much of this advise is trying to use technology to fight technology. It's a rabbit hole that has no bottom, and the best defense is to not play. The problem is attack surface. Technology is incredibly complex and is chattier than your extroverted :LIB: friend at brunch, and boy howdy do people love to listen! You can reduce this attack surface, but it never goes away as long as you are using technology.
Here's the trail crumbs you might make on the Web as you browse each and every website:
You can use custom software for #3 and #4 on the device (most of the advise here), but do you block google.com? You can use a network DNS blocker (e.g. Pi-Hole) for #1, #3, #4, and some of #7, but that only works on networks you control. VPNs advertise as solving #2, but that's pure ideology; it only moves where the routing traffic goes and still can log information in transit.
This also ignores data brokers who buy all of this information and compile it together.
And this is just the advertising/surveillance defense against tech companies. I haven't even touched or defense.
if your threat is state-level actors your computer security is approximately moot and maybe you should spend your money on laywers and having a discreet way out of the country
That's not necessarily true. Police are purchasers of this data from data brokers. It's state surveillance without any need for a warrant.
Nope , not if I don't use a sim.
That's not protection, and worse its giving you a false sense of security. I don't make my recommendations because I hate tech, but because (from a security posture) the attack surface is so large it is impossible to verify it cannot be used against you, and the consequences of that mistake are life-altering.
A SIM merely says you are Authorized to use the network. The phone still makes connections to the cellular network. All phones on the market allow emergency calls even without a SIM card.
Both your cellular chip and your WiFi chip broadcast their unique MAC address to every router/tower they see, and all of this information is logged.
Just like a burner phone, police can get the location data from the carrier and towers, and use that to trace where that phone went. If you brought that phone near other devices, those devices or your own location can be deduced.
You see this over and over: Big Protest ➡ Police Geofence warrant ➡ Cell logs ➡ Arrests. Given the criminalization of protests this will become the norm. If you want to get rid of advertising, many of the suggestions here are fine. But none of them go far enough to protect you beyond that, even from Big Tech surveillance.
True that for just using a sim card less phone.
However
GOS airplane mode disable any connection to the cellular network. If I'm wrong if love to hear some evidence to the contrary.
It's not that we are wrong or right, we cannot verify. That is the danger. In a high security environment I treat everything as suspect until proven otherwise. However when you do not use technology you categorically exclude an entire attack surface, and it is extremely simple to get right.
Sure , not using a phone is of course the best option. If that is an option. For most people, activist or criminals of any kind. Not usually an option.
You can at least verify the Foss code. Or trust the people that verify it.
I'm not responding to be mean, so I'm sorry if this feels like bullying. I've had friends and comrades arrested and jailed, and I don't want anybody falling into that trap if it can be easily avoided. I'm trying to point out the Ideologies (*sniff* ), the things you don't know you know, so that you can operate a much stronger security posture.
The first Ideology is using the same device in both high and low security environments. Don't. Use multiple devices and compartmentalize aggressively. In security posture, you are only as secure as your weakest point. This is why those "criminals" use a different burner phone. Using a single device to communicate with grandma and radicals is a recipe for baking and arrest. I consider a low-security place where I shitpost and goof off, but I absolutely do not engage in any here because it would be trivial to trace it to me. Same with my regular cell phone, which I text grandma baking recipes but never use it during protests.
The second Ideology is thinking you are excluded from those so called "activists and criminals" while participating in very leftists and public online spaces. I guarantee and watch both Lemmygrad and Hexbear as I type this, and they don't give a single ! Rude! To them we are all being gay and doing crime. Have fun giving them but you deliberately never go beyond that.
I'm with you on libre stuff, but I would say it's not any better than Apple unless you are actually using one of the options you mention. Essentially every OEM available in western countries (and probably most other countries but idk) jam it full of spyware and telemetry, both the default google kind and all kinds of OEM and carrier-based additional spyware which is also often horribly insecure.
I know your hearts in the right place about this, but android is not better than iOS for privacy.
The only way android can be made decently privacy respecting is through graphene and that requires a very small subset of the ocean of android devices and requires that you give up almost everything that makes a smartphone useful.
The solution to privacy isn’t graphene or android, it’s not using a smartphone at all.
that's hyperbolic, I use graphene and rarely use the profile I've got their play services shim enabled in. the only thing I have found myself entirely unable to use so far is google pay for event tickets that require it, which isn't often.
deleted by creator
idk which features you mean, but you can get the google camera app and sideload it. highly recommend doing that
most if not all ML features like photo manipulation or whatever else are going to run on google's servers, so yeah you're not going to get that. not what I think of when I read 'everything that makes a smartphone useful'
The easy solution is to connect to China’s servers with lots of Marxist-Leninist features /s