Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Chunkers]

Its feels like controlling your digital footprint / privacy is deliberately made very complicated and annoying (do you want to accept cookies (y/n)?) and the data mining is barely hidden beneath the surface of the day to day activities. I have given up at home (we have two teenagers), my guess is that Amazon and Google know pretty much everything about us all but in my darker moments I get very annoyed about it :

Was wondering about when I am out and about, on my own, is it possible to have the benefits of a mobile device without feeling like Jeff Bezos is constantly looking over my shoulder, or some dude in China tracking your daily dog-walk?  I thought I would ask here  .....

My phone is an old Samsung s10, I thought maybe I could repurpose it and when I am solo I could go Stealth mode

• Can you have a smart phone with no tracking/privacy baked in?  I tried installing Cyanogen on an old samsung phone I had a few years ago and it was pretty horrible, there seem to be a lot more options now, my phone is a Samsung S10 and LineageOS caught my eye
• Does a VPN help much if you and your family are shopping online, accepting cookies, using social media etc etc. Isn't it just better to get an ISP/network provider with a good privacy policy?
• Is Linux really any more private than Windows or iOS, doesn't your data privacy more depend on what you are doing? i.e. Amazoning and Googling
• With the rapid disappearance of cash,  I wonder which bank has the best data privacy and protection policy in the UK and whether it makes much difference, you can't generally buy anything online without sharing a host of personal data anyway

I know its a bit of a rabbithole to go down but are there simple things normal non-techy (but slightly paranoid) people should be doing if they want better privacy? I basically want the best of both worlds, the convenience of digital payment, instant messaging, internet access, shopping online, navigation but securely.

Just curious what you guys all do, have you given up?

J

[gt94sss2]

Its not something I particularly worry about though I now have a NAS for some purposes.

However, I was reading about the Murena One phone which is an attempt at a phone without Google services baked in etc.

[meritez]

https://calyxos.org/

CalyxOS is an Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal.

https://grapheneos.org/

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. It was founded in 2014 and was formerly known as CopperheadOS.

[Weaver]

VPNs are not relevant to privacy unless your ISP is a snooper. If so, then change ISP to someone who very very much cares about such things, such as Andrews and Arnold. There will be other good choices out there i’m sure. The other problem is that with some points in the internet you may have non-ISP snoopers with kit installed. I wouldn’t know about BT if they’re your ISP’s carrier service. BT used to have a singularly toxic record regarding privacy and human rights with the PHORM scandal of around 2008  btu that’s thankfully history now. The UK and US governments may be snooping at various other parts of the network, and there’s not a lot to worry about there unless you want to sign up to some terrorist org. This is because you can’t go round it. If you want to talk to a web browser, use encryption all the way to that browser, not encrypted VPNs where your data traverses the internet in clear text after exiting the remote end of the VPN tunnel on its way across the internet to its final destination. That is the point at which you could be snooped, probably by a government. The server you’re going too has to also preserve your privacy and not track you. No forget VPNs unless you’re connecting to work or you home network. Use the new QUIC transport which is totally encrypted even including metadata and HTTP3 makes use of QUIC. Where it can, QUIC gives you the latest version of TLS always, as long as the destination server supports it. Choose a web browser that supports QUIC and HTTP3 and check whether the servers you talk to also speak QUIC - a requirement so that it can work.

Don’t let web servers track you with cookies, and use the privacy features in IPv6 to limit tracking by using your IP address. Use Apple iOS as it has a number of new spectacular anti-tracking technologies, including the new relay servers feature that hides your IP address from servers, if it works though, as it’s a very difficult thing to get right given the nightmare compatibility problems with web servers that have usage limitations based on source IP and eg geolocation or organisational membership and whitelisting eg libraries and academic institutions. iOS can now generate fake MAC addresses, if my tired eyes see rightly, can use browser anti-tracking techniques and network level fake IP rotation. (This make a pain for me as a sysadmin mind. And QUIC will be a nightmare for sysadmins and firewall administrators as it’s so heavily encrypted that they can’t see anything and make choices based on it; aside from being completely encrypted, everything in a QUIC packet is hidden inside a trivial compatibility wrapper header which looks like "UDP”. Architecturally the right to have done would be to have allocated a new IP protocol number for it and use that, as befits a new reliable message-oriented transport. But if the current team had done that, then nothing would work with QUIC, as current systems such as firewalls would freak out at seeing a protocol that they don’t understand. The people who designed the internet never gave any thought to the process of assisting backwards compatibility and helping the successful practical deployment of new transports. A lot of guilty people somehow thought that there would never ever be anything other than TCP and UDP, and now we have a situation where all new protocols practically speaking have to pretend to be UDP so they won’t cause freakage.) Anyway, TCP is made obsolete by the arrival of QUIC. We need to see QUIC installed in operating systems so that more apps can use it without pulling in libraries. It is however expected that QUIC will evolve quite a bit over the next few years, and some thought has been given to this and the process of version upgrades. Web browsers will initially have QUIC built in to them and not baked into the o/s, so a browser upgrade can be a QUIC version upgrade without any possibility of problems. HTTP3 has a fast fallback technique in it so it can fall back to HTTP2/1.1 if the web server doesn’t speak QUIC. Chrome on most o/s already speaks QUIC and you never knew it, it’s just faster to load pages first time, and much more secure and private, so hurrah for you already, as long as you can trust the web server and company behind it though. In iOS15, QUIC is already available in Safari to a group of Apple testers, but in iOS16, now out for iphones, the Safari browser supports QUIC so I believe.

Also very much need to give some thought to tracking by snoopy DNS servers or snoopers on the traffic to the DNS severs. There are two new encrypted DNS solutions that are standardised and some browsers can use them. The Android o/s I believe supports encrypted DNS in the o/s but you have to then have apps that support it (possibly, unless, by config, Android can force all apps to use encrypted DNS, which would be the sane way to do it) and also have encryption-supporting DNS servers available. Yet another fantastic reason for using AA. Does anyone else offer encrypted DNS servers? If you use AA then there’s no point in encrypted DNS normally unles you think BT or HM gov are snooping at certain points on the internet, but as all your traffic is normally going straight to AA through AA’s internet access connection, then why care? As indeed I don’t. But if you’re away from home, and are an AA user then it is indeed very very useful if you are still going back home to the AA servers. Otherwise, iirc, 1.1.1.1 is possibly a reasonable bet. And it goes without saying that you stay well away from 8.8.8.8 / 8.8.4.4.

So for you, iOS is the o/s of choice. As is the iPad. The security is incredible. Don’t know anything about Android but the apps give me the shivers and if you’re interested in privacy you’d be mad to invest in a Google product such as Android. You could maybe even say that about Chrome, but I suspect it’s actually ok as there would have been such a stink the first time anyone sees any dodgy traffic going from Chrome to Google in their Wireshark/TCPDUMP. Wouldn’t know about the state of Windows 10/11. Linux = possibly not good as I presume that the distros vary and some may have a development time lag. And Linux apps are not assessed/certified or even digitally signed afaik. Over to the Linux experts for qualified comment. Given Apple’s very strong anti-govt anti-snooping / tracking policies even faking MAC addresses to prevent London Underground’s highly dodgy user tracking, I would suggest that you take a look at MacOS. I’ve never even seen it, such is my depth of ignorance. You may be a Linux fan so will appreciate its *nix foundations and iffy but not to be sniffed at app compatility with a suitable recompile.

[tubaman]

@Weaver, I think you've summed up why I can't get too worried about this as it's all just too difficult if you want a practical and easy to use solution.

[licquorice]

There's only one 100% solution to privacy, a lead lined coffin.

Life's too short to worry about it.

[Ronski]

Same here, doesn't bother me in the slightest, things like location history I find very useful, flip side is Google knows where I've been.

If you want the ease and convenience then you have to accept the downsides.

[g3uiss]

We live in a connected world. Sensible precautions like the man in the street should take, should be enough really.

[Chunkers]

Good advice, all, I'm probably just having a paranoid moment. I can always just go out without taking my mobile and feel free that way!

J

[XGS_Is_On]

VPNs are not relevant to privacy unless your ISP is a snooper.

If you want to talk to a web browser, use encryption all the way to that browser, not encrypted VPNs where your data traverses the internet in clear text after exiting the remote end of the VPN tunnel on its way across the internet to its final destination. That is the point at which you could be snooped, probably by a government. The server you’re going too has to also preserve your privacy and not track you. No forget VPNs unless you’re connecting to work or you home network. Use the new QUIC transport which is totally encrypted even including metadata and HTTP3 makes use of QUIC. Where it can, QUIC gives you the latest version of TLS always, as long as the destination server supports it. Choose a web browser that supports QUIC and HTTP3 and check whether the servers you talk to also speak QUIC - a requirement so that it can work.

I'd take issue with VPNs being pointless. They hide source IP address, something neither QUIC or IPv6 do for obvious reasons. Nearly all the traffic leaving the VPN will be encrypted because what went into the VPN client software was encrypted. It doesn't get decrypted by the VPN, it ends up encapsulated in another layer of encryption between client and VPN endpoint and the original encrypted traffic leaves the VPN client onwards.

Some light reading on the QUIC version incorporating TLS handshake compared with TLS over TCP - https://eprint.iacr.org/2019/433.pdf TL;DR QUIC uses TLS 1.3 but layers some transport layer security over the top.

FYI: TLS negotiates the highest revision available. Client capabilities are advertised and server may reject them and terminate the connection, which it can over TCP and must on the QUIC version incorporating TLS if version is below 1.3 - QUIC borrows the 0-RTT handshake from TLS 1.3.

For the paranoid a browser that burns all stored data and randomises browser fingerprint between each session alongside HTTP/3 transported over onion routing, whether TOR or commercial VPNs that allow a client to bounce off multiple endpoints, hold state data in RAM only and purge it regularly by overwriting with zeroes, is probably the way to go.

Or living off the grid in a bunker. That works too.

[Weaver]

You’re right. VPNs are not pointless at all. I should have said that I believe that they are pointless in addressing what I felt were this poster’s needs in this particular situation. I wanted to emphasise that you always have to trust the privacy policies of the server you’re visiting and a VPN won’t fix this, and secondly you still have to worry about the security of the clear text part of the path to the server if you’re truly paranoid about government installing surveillance kit on the internet itself. In short don’t visit Google using a VPN not even TOR. You could try DuckduckGo ,say, if you prefer their privacy policies and use TLS to get there.

[meritez]

Its not something I particularly worry about though I now have a NAS for some purposes.

However, I was reading about the Murena One phone which is an attempt at a phone without Google services baked in etc.

Android 11, Mediatek, not true UK LTE band support, 300 euros!

You could pick up a Pixel 6A, £400, CalyxOS installed, Android 12L and 13 coming soon with esim and 5G support and at least 5 years of software updates.

[celso]

Full privacy on a functional phone is impossible. For example, you can use a phone without any apps and use Firefox with uBlock Origin, but your network provider always has an idea of where you are because your phone connects to a cell tower.

You can have a more private phone though. Here you need to think about the tradeoffs and who your adversary is. There's a big difference between Facebook tracking you, trying to hide from your government that you read the BBC, and having the NSA or the GCHQ after you (you probably shouldn't use a phone at all).

Most people in the west need to worry about commercial collection. Many say that they don't care or that it doesn't matter because they have nothing to hide. I disagree because you can get into trouble even if you don't do anything wrong. If not now, maybe in the future.

Someone mentioned keeping the location history. I understand why it's useful, but for example, not long ago, a guy in the US was arrested because he happened to be in the same place where a burglary happened... by using legal means, the police compelled Google to provide data on who was in that area. Staying in the US, you're probably aware about changes to laws regarding abortions. Do you really think it's wise to tell multiple 3rd parties where you were? Maybe add some information to your cloud based diary about what you did on that day and also let some cloud based period tracking app how your period was off for 2 or 3 months... this was fine a year ago, but now these women are "criminals".

This is not paranoia, is just what's happening now and some may want to avoid it.

On a data business level, a few years ago I was talking with a friend about those member cards supermarkets have. They're nice because they give you discounts, but I mentioned that some of them had very bad "terms and conditions". My friend didn't see a problem with that because everyone eats, but he had health (or was it life?) insurance and also ate and drank a lot of not very healthy stuff, so I asked him if it would still be okay if the supermarket sold that information to the insurance company (it can be bad even if "anonymised"). It turns out that this nice bloke, which has nothing to hide, didn't want his insurance company to know he ate too much fast food because it could end up costing him more money. It wasn't happening as far as I'm aware, but the risk was there.

The point is, this stuff matters. There's a huge industry around data and just because you let Google or Apple have some data about you, it doesn't mean that it's a good idea to let them and everyone else to collect even more stuff. Also, just because you do something that is legal now, it doesn't mean that it will be in future (things can change quickly) or that your data isn't going to be used against you.

( On a side note, what might be bad of us, could be acceptable for others. When I think of Facebook, I think of tracking and Cambridge Analytica, but it's probably fine for someone in Iran right now. It all depends on who your adversary is and how this tracking can affect you. )

---

@Chunkers My suggestion is to find a middle ground between privacy and usability. Understand that you'll give some data away and that due to the nature of the technology, you can't have full privacy with it.

Personally I use Android with Google services, but I'm not uploading my photos, notes, etc, to their servers. I want to be able to make payments with my phone, but I still don't use any Meta/Facebook apps. I block ads and trackers, but not as much as I could because I still need to use my phone. I use macOS, not Linux, without any cloud stuff. If I have to use a VPN, I'll use a VPN not Tor. And so on. This is not perfect, but it's my middle ground.

I could go overboard and do much more. It would only take me 20 or 30 minutes to format my phone and install LineageOS without GApps (Google services), but then half of my apps wouldn't work and I couldn't use my phone as I currently do. I know I'd get tired of this, so I don't do it.

[celso]

@Weaver: I'm typing this on a Mac, so I'm not an "Apple hater" or anything like that, but they're not that good. Yes, they're better in some areas, but contrary to their advertisements, in others they're as good as (or worse, depending on the point of view) other companies. I'll give a few examples below, but tl;dr don't fall for their PR campains.

Location:

On iOS, when you enable your location, the device uses things like satellite signals, wifi networks, bluetooth beacons, cell network, etc, to guess your location. The device takes this information, sends it to Apple, and they'll return a more or less accurate location in a few seconds because they know that a combination of wifi networks with certain mac addresses are always seen in a certain area.

This is very useful because GPS signals are weak, don't work well indoors, cities with tall buildings, when the weather is bad, etc. Want a Uber, turn by turn navigation, etc? This is the way to go. But it also means that you're essentially telling Apple where you are.

On Android - like iOS - you have an option that does the same (with the difference of using Google instead of Apple), but there's a 3rd option that uses GPS only. This 3rd option takes longer to get a fix (like a plain GPS) and doesn't work well when you have tall buildings around you, but it isn't scanning your surroundings and then sending it to Google.

Essentially navigation on Android can be more private than it is on iOS.

Messages:

Most users think iMessages is end-to-end encrypted and very private, but that's not always the case. As mentioned on their support page:

Messages in iCloud

For Messages in iCloud, if you have iCloud Backup turned on, your backup includes a copy of the key protecting your messages. This ensures you can recover your messages if you lose access to your Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.

Essentially you don't know if your conversation is private or not because you don't know if the other user uses iCloud backups or not. If they do, Apple has the key and can read everything, making iMessages as private as Facebook Messenger, Snapchat, Tiktok, Skype, etc.

Not very private...

iCloud related functionality:

While iCloud seems to be better than other services, their encryption page shows that it's not as private as one might expect.

Photos/videos, notes, bookmarks, voice memos, browser bookmarks, device backups, etc, are all plain text for Apple. Yes, they encrypt their disks and yes, they don't transfer the data openly, but that's what Google, Facebook, Microsoft, Dropbox, Amazon Photos, etc, do too. They're the ones with the key...

Things like Private Relay are nice, but it's just a VPN that is used for a limited number of things (one of exit points is even operated by Cloudflare, which offers their "1.1.1.1 WARP" VPN based on Wireguard).

Safari:

Safari is full of privacy features... some are real, others are just there to make people that don't know what they're doing believe that they're very well protected (I'm thinking of the recent "tracker badge/counter" they added).

Apple decided to cripple extensions on Safari a while ago, so you can't use something as capable as uBlock Origin to block trackers, ads, etc. Depending on the type of user you are, something like Firefox is way better.

On iOS everyone is forced to use what's essentially Safari under the hood. Chrome, Firefox, etc, none of them can use their own rendering or javascript engine, limiting not only functionality, but also advanced extensions. Chromium is actually a better browser from a security point of view (with the problem being privacy), but you can't use it, not even some deGoogled version.


Apple's Ad business:

Google is the advertising and tracking company... what many don't know is that Apple is also in the same business and they're expanding:

- Apple ad business growing fast

- Apple growing its own ad business as privacy changes limit rivals

macOS:

Did you know that macOS contacts Apple every time we open an app to see if the app is safe or not? This is good for security as the app won't run if the signing key was revoked by Apple, but the OSCP request essentially tells Apple and anyone watching which apps you're using (they only transmit the key, but keys are associated with developers/apps). The query isn't even encrypted.

More about this:

- Your Computer Isn't Yours

- Apple Addresses Privacy Concerns Surrounding App Authentication in macOS

Almost two years since this was posted. No changes yet, as far as I'm aware.

App Store Privacy Labels:

Apple was prised when they introduced the privacy labels on their App Store. (Their iOS and App Store changes forced Google/Android to copy some of the functionality, so that was a good thing.)

The problem is that Apple's labels are not very accurate. See this reddit post and the comments. Apple says "Data Not Collected" and Google says that data is collected. Someone read the app description and, well, Apple's labels are wrong... they can't be trusted.

Apple's behaviour in some countries and some of their "privacy" ideas:

It's important to keep in mind that at the end of the day Apple is just a for profit company. The company that runs ads saying "what happens on your iPhone, stays on your iPhone" is the same that transferred iCloud data in China to Chinese control and is happy to work with the government to remove VPNs and other tools to avoid censorship (and they don't even allow you to "sideload" apps). As bad Google is and while they've tried to go back, they left China in 2010 because of censorship and attacks against their users.

I recommend reading the New York Times article about Apple in China (WayBackMachine, in case of paywall).

Not as a bad, but in Russia they also accepted to pre-install some local apps as required by local laws.

This is expected, by the way, but it shows that they're willing to break their own rules and "values" to stay in those markets... many were disappointed when Apple said they had plans to introduce a client-side scanner that would look at photos, videos, and messages for iCloud enabled users and check for "CSAM" content (more here). This already happens in the cloud, but this was supposed to happen directly in your device.

Now, I'm all for protecting children, but I don't think it's a good idea to have a device/system that can be easily tricked reporting you to the police. You know what's worse? This "privacy company", which bends over not to lose revenue (see China and Russia above), will comply with local rules and if someone tells them to scan for other stuff - even when iCloud isn't involved - they will.

This EFF article describes the issues with this idea.

Apple backtracked (for now at least) after the negative reaction, but it shows that they're not the "privacy company" many think they are.

---

Long story short, don't trust Apple more than you trust Google with your privacy.

[Chrysalis]

If tracking really bothers you then avoid getting a smart phone, or use it in offline mode only.  No mobile data, no wifi.

I used to tinker with it a bit years back in the kit kat days, rooting the phone, installing xprivacy, afwall etc.  It caused a lot of hassle to make things work reasonably well and there was very likely still tracking going on.

Android is designed with tracking in mind, simply going online e.g. will wake a bunch of apps up so they can phone home.