Comment on Inside ICE’s Tool to Monitor Phones in Entire Neighborhoods
ReallyActuallyFrankenstein@lemmynsfw.com 3 weeks ago
FYI, the most relevant information to avoiding your phone showing up in ICE’s rented databases is how they are getting the location data:
The material does not say how Penlink obtains the smartphone location data in the first place. But surveillance companies and data brokers broadly gather it in two different ways. The first is from small bundles of code included in ordinary apps called software development kits, or SDKs. SDK owners then pay the app developers, who might make things like weather or prayer apps, for their users’ location data. The second is through real-time bidding, or RTB. This is where companies in the online advertising industry place near instantaneous bids to get their advert in front of a certain demographic. A side effect is that companies can obtain data about peoples’ individual devices, including their GPS coordinates. Spy firms have sourced this sort of RTB information from hugely popular smartphone apps.
This includes a link to a prior 404 story that may have a list of apps, but it’s paywalled and none of the archive sites seem to have it indexed: www.404media.co/candy-crush-tinder-myfitnesspal-s…
silence7@slrpnk.net 3 weeks ago
mmmac@lemmy.zip 3 weeks ago
Both of these sources seem like things that would be blocked by using a DNS sinkhole. I personally use technetium but pihole and adguard are more popular, but less feature rich and harder to set up as a recursive resolver.
AHemlocksLie@lemmy.zip 3 weeks ago
If they want to target more technologically capable users, they’ll just hard code the IP addresses so it doesn’t need DNS and make any IP changes in routine updates.
deliriousdreams@fedia.io 3 weeks ago
https://docs.google.com/spreadsheets/d/1Ukgd0gIWd9gpV6bOx2pcSHsVO6yIUqbjnlM4ewjO6Cs/edit?usp=sharing&ref=404media.co
This is the link to the full list provided in that article but it may also be paywalled by 404 Media which I am a subscriber to. It's also got more than 1K entries on it.
A lot of these seem to be mobile games, fitness apps, photo editing apps, and prayer apps though.
SlippiHUD@lemmy.world 3 weeks ago
My SMS app was on it. Which makes me sad because Textra was dope, I’ve moved to qksms.
ReallyActuallyFrankenstein@lemmynsfw.com 3 weeks ago
Thank you, that’s exactly what I was looking for. More than *10K entries, by the look of it…
deliriousdreams@fedia.io 3 weeks ago
Yeah. Typo. Seems to happen a lot when I'm typing fast on a phone screen. Sorry.
plenipotentprotogod@lemmy.world 3 weeks ago
In case you’re wondering how to get a list of all the apps installed on your phone, these instructions worked for me javathinking.com/…/how-to-get-the-list-of-all-app…
I just wrote a quick script to check my list against the google doc. The official Merriam Webster app and the official Letterboxd app both got flagged.
Echolynx@lemmy.zip 2 weeks ago
Can you share that script?
eleijeep@piefed.social 3 weeks ago
These are all presumably Android apps. Is there a list for IOS apps?
deliriousdreams@fedia.io 3 weeks ago
404Media say that their list is a comprehensive list of both Android and iOS apps. So no as far as I know that is the list.
Lucelu2@lemmy.zip 2 weeks ago
Do you think a Linux phone would have the same weaknesses?
deliriousdreams@fedia.io 2 weeks ago
I'm sure that app developers who want to sell user data because it is big business will find a way to do so, yes.
Phones for the vast majority of people are a black box. Most of the users have no idea how their apps work or what data is going where and they don't know how to check. People who work in cyber security, or the tech field (engineers, coders, developers etc) who's jobs revolve around this type of thing know how to check and generally take steps to avoid apps and services that siphon up this kind of user data.
I know little to nothing about the Linux phone. I haven't tried it. I haven't delved into what it can do and why it's "not ready for prime time".
So all I can do is extrapolate from what we already know which is, these apps request permissions that a lot of people give them without thinking about it. People do this on windows and Mac too. Humans and their lack of understanding/preference for convenience are the main problem. That and there's no regulations that hold these app devs accountable.
These apps aren't breaking the TOS of the Apps stores they're on.
My hope is that a lot of the Linux phone apps will be FOSS. That way the code can be independently audited. That would be better than the alternative.
tonytins@pawb.social 3 weeks ago
And, added it to the description.
DBT@lemmy.world 3 weeks ago
Not paywalled.