It's important everyone becomes educated about the fact that virtually every mobile app sells some part of your data that leads to some private company possessing the ability to draw a circle around your house on map and then detect all patterns of life without any PII.
I don't think it's fair to pit this as a US gov't surveillance problem. It's true though - the Government missions involved, where this type of data is relevant, face rather compelling offerings especially in complex times; e.g. immigrant/refugee surges where understanding the flow of people up to the border is important for stability.
All of this data comes from Big/Small/all tech; usually branded as "ad tech" or "mobility data". And the supply chain is rather murky, masked, and rebranded/repackaged numerous times between a network of data providers & downstream businesses.
Working close to Government... I've never seen any mission specifically seeking large-scale citizen-based tracking capabilities. US government in recent timeframes have seemed adamant about not purchasing any US-based location data & are cautious even for non-US based monitoring; especially as they learn more about the origins & scale of mobility data.
The FBI, ICE and DEA absolutely do scaled collection. DEA/ICE was known (ie NY Times article) to be tracking cars via LPR/camera a decade ago up and down I95, for example. Individual cities and other jurisdictions share LPR and camera data. Things like fusion centers and drug task forces probably get access to various forms of intel.
Civilian government is different - they are subject to lots of controls and audit, and usually take data protection seriously.
We need to start facing the fact that PII just isn't private.
It's not necessarily personally identifiable either (considering all the different ways to fake it, make mistakes, the inability to correct mistakes once the information is out there, and the unreliable methods used to verify identity)
Spoken like someone that's never had a partner with impulse control or anger issues. Keeping PII private is, IMO, like freedom of speech or privacy: it may seem trivial and unimportant when you don't need it, but it sure as hell matters to some people, and can keep them safe.
It matters to me a great deal, but I've just come to face the fact that much of what I and the various organizations who collect PII from me consider private is effectively publicly accessible, no matter what lip service to privacy these organizations give.
Our SSN's, names, ages, address, phone numbers, emails, locations, habits, interests, political opinions and affiliations, sexual orientations, medical histories and countless other "private" and identifying information are in countless databases and available to those willing and able to pay for, spy on, or steal them
I think there are some steps which can be taken to help mitigate this:
- use a VPN to obscure rough IP based location lookups and if the VPN has shared traffic it also make tracking more difficult
- limit apps which are useful with geolocation to use rough geolocation
- If on ios, opting out of app tracking will at least disable Apple’s advertising ID.
- Be mindful of granting bluetooth and network access.
For apps which require precise geolocation this becomes a problem (ex: google maps for navigation).
If you can, find an alternative with better privacy incentives (ex: apple maps).
For the stronger privacy willed when signing up for a service think about what information is identifying and whether or not it is worth withholding:
- use unique email addresses (ideally with a unique domain or a shared domain; ex: simplelogin)
- use a credit card with a unique number which can make payments under a unique name (ex: privacy.com)
- use a unique name
- phone numbers are a bit more tricky (ex: talkatone)
None of these things are perfect, introduce their own risks, and may trigger fraud alerts but I think they help in some of the situations listed above.
I admit this certainly isn’t realistic to expect of most people.
If you or anyone else have thoughts on this or know of other services, I’m all ears.
I always get annoyed how these programmers can have a good sleep at night given what they have done. Note that blaming it on the marketing VP is not fair. If even 50 % employees have a thought this tracking can be stopped.
The developers may not be aware of the full consequences of what they've been asked to do.
I was recently discussing the Uber revelations in an ethical tech group that I run. The most shocking part for me was that at one time the app was designed to behave differently depending on whether the user was categorised as law enforcement based on their usage history.
This surely required complicity at all levels, from management down to engineers and testers.
But someone point out quite astutely that such a feature can be generically framed as "optimise/adapt behaviour based on historical usage". It makes business sense to categorise a user's profession and alter ride costs based on that. All that's needed then is to give a higher-up the control over a dial that effectively nullifies law enforcement's ability to get a ride.
I can believe that some employees of these companies are genuinely shocked and surprised that this is being done, but few will refuse to do it, and fewer still will quit.
The sad fact is that our surveillance society was built with the willing cooperation of countless developers for whom money was far more important than the privacy of their users.
Framing this as "money vs privacy" is disingenuous. There are many other factors at play. It takes a lot of courage and social/emotional skill to be able to say "no" to a work request in a way that is assertive, respectful, and doesn't lead to becoming a pariah. Consistently doing this in the face of deadlines and incoming requests is a big investment of energy. Switching jobs whenever you find yourself in that position is also a big investment of energy. Not everyone has that energy to spare, for example if they have a young family, are going through bereavement, divorce or moving house, or have a health condition etc... .
if you are that talented enough where companies will continue to offer you $$ to program whatever they say, then yea you do have a lot of POWER and can say NO..
I don’t find it is generally one programmer enabling it. Decimation of privacy often occurs slowly at most orgs. One exception at a time. One “critical” temporary need on top of another. Often in different teams. The person who built the UI didn’t build the GPS modules. The person who built the GPS module didn’t build the data store. The person who built the data store didn’t deal with report exports. And that person didn’t deal with their privacy and compliance policies- or sales pipeline. Lots of people wanting to say yes and do a good job. Often leadership is caught up chasing a dollar
People are very willing to do almost anything against "the bad guys", defined by whatever ideology they were brought up with. Everyone doing this imagines that they're preventing crime and terrorism, and can probably point to a case in which it was.
Programmers selling out is the goal in and of itself these days.
It's gotten to the point where we just sorta accept that people want to work at places like Facebook and Google. There's so many of them that the thing to do is treat it like a morally neutral job or be seen as a weirdo.
And when the largest and most pervasive global surveillance systems history has ever known "aren't so bad", then nothing is.
Responsibility is still probably more in the product VP realm, but with a few internal "cambridge analytica" shops where the devs/data scientists know exactly what they are doing; however or more jazzed up by their desire to advance in their research domain.
For vast majority of devs, any level, the way data pipes out to different business units from your appliance at a large business is often obscure/unknown. You integrate SDKs and API's that are black boxes, you send data out to warehouses with 30 analytics teams measuring/creating new data products you'll never see.
I'd agree if we were talking about low-skill work where people are just scraping by. Programmers have the luxury of choosing from a wide range of places to work. We're all in a position where we can refuse work we find unethical, even if it means taking a pay cut.
Yes, but… I’ve seen that it is often just shades of bad. There are so few morally pure companies out there- they are all willing to do bad things for money. Or the vast majority of them. And it is hard to evaluate that upfront. Even the most virtuous will bend privacy for the right stakeholders
I should go work for Google? Because they clearly value privacy?…
You say that as if we all started out fresh from college with the ability to pick and choose the kind of dev work we do. Not everybody has the kind of safety net starting out that implies the ability to do that.
you are right but then you should work to get to a point where you can and will do whatever you want..you can destroy a system 2 ways, within or create your own
yup if you are that talented enough where companies will continue to offer you $$ to program whatever they say, then yea you do have a lot of POWER and can say NO to whatever you want
True, as long as there's money in it, but I'd bet the majority of people in adtech aren't in terrible positions, so I don't think that's the root of this. Do people generally care about acting ethically without circumstances forcing them to? Beyond paying lip service. And if you think so, do you think they generally care in the context of surveillance, where most of us haven't had first or second hand experience of any obvious cost?
C'mon, it's just someone with some opinions you don't like, not the bogie man.
It's not a rabbit hole to hear out someone you disagree with. Unless you're either afraid 1) they might be right, or 2) the listener doesn't have critical thinking skills. I get that #2 is scary, and it's a legit issue in society, but they shouldn't be listening to you either.
Also, there are good tear-downs Peterson's message online, the one you linked is... not.
I used to think that - despite his overreaching when it comes to politics and culture - he was probably a decent enough psychology researcher and self-help author.
However, having been through a fairly significant psychological journey myself and then reading the 12 Rules for Life, I'm quite worried that his rules have the potential to prolong or exacerbate psychological insecurities. Some of them, e.g. "Pursue what is meaningful" and "Make friends with people who want the best for you." are absolutely fine. But there is nothing there I can see about self-compassion or self-acceptance. If anything there's a general trend in the opposite direction of encouraging self-criticism. This probably works in the short-medium term for people who experience pleasure from validating their own self-critical thoughts, but I fear in the longer term that it will postpone or diminish their potential to love themselves.
Admittedly I have only read the rules themselves and not the whole book; in fact I'm reluctant to read the rest if that is the best he can do.
Just a quick link to alert people who may not realize who/what he promotes.
I read all sorts of terrible stuff, and it probably influences me more then I'd like, but it's easy to jump in the middle of something that "seems" reasonable on the Internet.
Jordan Peterson is indeed a good person to help answer, "Why do they do it?" Because the answer is always money, and Peterson is willing to be repeatedly make a fool of himself and compromise his supposed morals to pander to people who give him money and attention.
naive question, if you use f droid and you have location services on, use a bunch of social apps, have google maps on it, use it normally, what extra layer will f droid have with all of those leaks anyways?
F-droid is an app store that carries only FOSS apps that do not have any Google API's. These apps are generally safe. Some may require your location such as maps to function. The difference with most of these mapping apps based on OSM.org is that they do not transmit your location anywhere.
You can still install other proprietary location harvesting apps on your phone. If you do so, you are just minimizing the number of data harvesters.
To ensure nobody but you knows where you are:
1. Have only safe apps installed.
2. An OS that does not send your location to Google, Apple, or others
3. Your SIM must not be transmitting to the Telco's. This means no SIM or airplane mode.
You can make emergency calls without a SIM card. The phone identifies itself to the network (with IMEI), even if there is no SIM. The telcos, obviously, map IMEIs to SIMs. (Perhaps needless to say, but for basic operational purposes they have to quite efficiently triangulate your position, to know which cell tower to instruct your phone to use.)
Having no SIM does not help you conceal your phone's location at all, only perhaps to make it harder to map it to your identity.
I don't know if any location data might leak in airplane mode, but I would not be surprised if some did, for example, through NFC or Bluetooth.
This depends on what airplane mode means on your phone. With GrapheneOS, airplane mode blocks baseband transmission, but you can optionally still turn on Bluetooth and/or WIFI. If you dial 911, airplane mode is immediately turned off for the call to go through and stays off until you turn it back on.
WIFI triangulation or bluetooth mesh can be used for location tracking in particular areas. MAC address randomization and generic phone ID makes this more difficult, but broadcasts of known devices in WIFI or bluetooth scanning can give you away.
The worlds worst privacy offenders make/sell phones. Google. Samsung. Apple.
Google, no need to explain.
Samsung? All their apps, their keyboard, collect, collect collect.
Apple? Walled garden of share data with Apple.
And beyond this, for example on Samsung builds, the GPS daemon calls home(Qualcomm? looked into it a year ago...) to update agps data, but also... provide tracking info.
Any f-droid app that depends on location uses the standard android location APIs. That means you're submitting what RF networks (mobile and wifi) are visible, and Google then passes back an approximate location. Once you have a good GPS lock, the same data is submitted to Google again for inclusion in their database.
If you avoid installing Google Play services, you'll have to use a framework like microG that re-implements the Google APIs. microG lets you plug in a number of backends, with a default of sending the same data to Mozilla Location Services instead of Google. You can easily turn this off and use local-only location providers that either build their own database any time you have a GPS lock, or use downloads from opencellid.
Unified-nlp is another option to replace the Google location backbend. It similarly allows you to select location options or build your own local database.
None. F-Droid is just an app store whose apps tend to be very safe. It isn't a program to protect you from apps that you installed from other stores, or from google.
In the case of apps that are available on both f-droid and on the play store, the difference is that the f-droid versions will be compiled without google play services. This can limit functionality (for example, receiving notifications while the phone is asleep), but does increase privacy somewhat.
Significantly, there is very little overlap in the apps available on f-droid and the apps available on the google play store. Most play store apps siphon data, and most f-droid apps don't.
> Working close to Government... I've never seen any mission specifically seeking large-scale citizen-based tracking capabilities.
They tend to keep those kinds of things pretty secret. We didn't know about all kinds of spying they do on us for even decades after the spying started.
> Working close to Government... I've never seen any mission specifically seeking large-scale citizen-based tracking capabilities.
Further and rarely understood, but it never is about what the government currently does, but what it could do when change occurs.. like the Nazis could exterminate the dutch jews (was it then?) better because they had those registers.. like what if the next Putin/Orban/Trump takes over and wants to take some more steps..
General principle of data economy is one pillar for civil rights! Its abuse by companies right now is an super annoying but comparably small issue.
Every person, living and dead, has been uniquely identified and is tracked in near real time.
Source: I read the news, don't suffer from amnesia or willful ignorance.
We used Seisent (since bought by LexisNexus) in the mid-aughts. At the time, every person in North America was accounted for, with pretty good coverage of the Caribbean and Central America. The NSA bought a few clusters, then wove in their own datasets (phone use, location tracking, credit cards, library usage, email, etc).
There are many entities maintaining all encompassing panopticonic demographic databases. Governments and publicly traded companies. This is not refutable.
Ironically, in the USA, both voter registration and gun ownership are explicitly excluded. Because reasons. (You can't manage what you don't measure.)
We could, trivially, resolve all the policy food fights over vote registration "fraud", gun ownership, and conducting the consensus. Turn all those flash points into simple database queries.
We could, trivially, outright stop all anonymous trolling and disinformation. Purveyors of social media don't authenticate their users because they don't want to. Their business models require that they remain willfully ignorant.
South Korea used to require that people log in with their government ID to websites. Through an ActiveX control, even. I believe they eventually gave up on this level of direct tracking.
> We could, trivially, resolve all the policy food fights .. flash points into simple database queries.
The flashpoint is that people don't want to be queryable. You can't wish that problem away.
>We could, trivially, outright stop all anonymous trolling and disinformation. Purveyors of social media don't authenticate their users because they don't want to. Their business models require that they remain willfully ignorant.
Yes well what argument would you make, if you could or would, to change the current landscape?
Social (popular) medias all eventually implode. Lifecycle maturity models and all that. Seems to me that Facebook and Twitter are well into the top of their S-curves. (I can't speak to TikTok.)
If I wanted to accelerate their demise, I'd attack their revenue. Like pop the digital advertising bubble. Congressional and criminal investigations into digital ad fraud would mosdef do the trick.
--
If we could go back in time, perhaps lessons for whatever comes next, I'd advocate three general categories of reforms.
1) All the "well duh" stuff that Sen Mark Warner et al advocate. Here's the PR for SAFE TECH Act and Warner's white paper.
I particularly like clearly identifying bots. Some are authentic, legit activity. So not an outright ban of bots.
"Media literacy" is quixotic; I guess they want to say they tried.
I want to know more about "information fiduciaries"; see #3 below.
2) Nerf the algorithms, squelching instead of boosting viral content. Addressed by section 1.4 of this commission's recommendations. (Which also has a lot of "well duh" general purpose civil society stuff.)
3) Most radically: Individual property rights over personal data. My data is me. If someone is using my data in some economic way, I want my cut. This nicely dovetails (necessitates) the misc proposals of treating aggregated data as a liability, instead of as an asset. Which would totally flip the current script for investors, regulators, insurers, etc.
I've tried to understand the opposition to "personal data sovereignty" -- just came up with that, clever!, because I don't know what else to call it. I dimly recall some "privacy experts" in California concern trolling that state's initiatives. I think their reasoning was something like "we can't put a price on personal data because that'd encourage more collection". Um. Okay. Felt very cassandra, unattached to our reality. So a philosophical rather than a practical opposition, I suppose.
FWIW, talking about this stuff is really hard. My "pay me for using my data" proposal doesn't make sense unless the audience already understands the current ecosystem.
As I've said elsewhere, I worked on electronic medical records information exchanges. Our startup was bought by a national laboratory (Quest Diagnostics). I sat in various meetings and calls, with PHBs, lawyers, and other goons, brainstorming ways to further monetize medical records.
Back in the mid-aughts, every single participant (doctors, hospitals, labs, scripts, insurers, pharma) absolutely considered patient data as "theirs". And our potential partners like Google Health and Microsoft HealthVault and Cerner and EPIC were all hellbound in trying to figure out how to monetize it.
Agreed that this has been going on for years and Congress has done nothing to date. But ...
The Fourth Amendment Is Not For Sale Act, sponsored by Senators Wyden and Paul, has a hearing tomorrow morning -- and may actually have decent chance to pass Congress this session.
But I don't want private companies having this data either (on me, or others). Since we're barrelling full-speed towards corporate feudalism, I see this act as deflating the motivation to fix the root cause of the issue, and ultimately doing more harm than good.
In this case (and many others), "the perfect is the enemy of the good" is inverted. Such as algorithmic suppression instead of censorship. Outright censorship would alert us that there is something wrong, mere suppression fools us into thinking the problem is minor.
It is what you put into it? I won't get into detail but it is hard and thankless. Writing off all the public sector in the US is writing off the private sector BC of bad actors like the data marketers. Should we write them off entirely?
State is a longshot, depending on where you live and if your interests align with those in power. Being queer in a conservative area isn't going to get you results that keep you safe, and it is worse if your particular brand of queer is being trans. Transfolks aren't getting treated well from some state governments.
Local? There is a serious lack of power that local politicians wield and most won't be able to help you with your issues.
Buying? The NSA has backdoors in nearly everything through PRISM and they directly monitor internet traffic. Zero chance congress would/could put a stop to that.
Ability is separate from legality. Make it illegal and it will doubtless continue, but it will be a risk for those doing it and they can be punished if uncovered. If it could be tied to politicians they might again tighten the rules.
Far more satisfying than finding out your data is being siphoned and your complaints are met with a shrug and a chuckle.
I'm starting to think that it's time to make an open source and open-data platform for this.
Similar in scope to OSM, but for all people.
The goal of the project would be to reveal to the average person how much data is being collected about them, and how easy it is - with the end goal being to influence legislation to curb these practices.
As long as it remains in the shadows, it doesn't really affect the average person, and the convenience of digital devices will outweigh the privacy concerns.
Many of these harvesters offer data dumps to their products/users as required by California and other laws. They are quite eye opening. However few people ask for it. It may be willful ignorance. So even if you create this, many people won't want to see it and prefer to go on using their coveted brand of phone and apps. You would need to force them to look at it. See the fight scene in They Live.
These are the engineers and PM types that have know this for years:
- security engineering
- privacy engineering
- digital marketing
- data science
Maybe the first two did a vocal but bad job raising the flag due to how antagonistic some of that dialogue goes.
But to this whole post acting surprised - look around at what you work on and who with, and what you’re paid for doing it. Be the change you want to see, but people in tech acting surprised about this seems extremely disingenuous.
I absolutely hate when people respond to these kind of articles with "Why are people surprised". The truth is that no one is surprised. People are more disappointed, and frustrated, that this is allowed to happen, not just from a legal sense, but in a technical sense also.
People are surprised in this thread. The truth is I run into engineers who are oblivious to this, perhaps deliberately so. Accountability for this starts with the teams building these products and choosing what to/to not include as data.
Or; what I absolutely hate is engineers outside of privacy/security acting frustrated, while collecting checks on the back of this data. Like that group of ex-Facebook Trust and Safety that founded that ludicrous and smug user protection group in Boston based on their experiences at Facebook.
I saw a post a few months ago where an actual mobile security expert publicly said they did not have very high confidence in their own ability to cleanly buy and use a burner if the stakes were high eg government actively trying to build a case against them.
Since then I've been very skeptical of all claims of what you can "just" do to avoid being tracked. This problem can't be solved by individual action or paranoia it's too big and complex now.
>an actual mobile security expert publicly said they did not have very high confidence in their own ability to cleanly buy and use a burner if the stakes were high eg government actively trying to build a case against them.
I'm not sure what the threat model here is. If the "government actively trying to build a case against them" involves government agents following you in unmarked vans, then the government being able to track you through your SIM should be the least of your worries. If you're merely on some government watchlist (ie. there aren't agents following you), I don't see how it would be hard to cleanly buy a burner phone/sim, especially in the post pandemic age where face masks are socially acceptable.
I think "you want to do a communication that can't be later printed out and used against you publicly" is the threat model.
You can't really protect yourself from the US government in any meaningful sense if they decide to end or ruin your life, but what I described above seems like a reasonable thing that people would want to do for reasons both legal and not.
Pure conjecture on my part, and I haven’t worked in this area but I had lots of friends in gov security and mobile standards groups.
Nobody I’ve talked to thinks it’s possible to stay anonymous on any commercial cellular network.
You might be able to push a few anonymous phone calls or surf a few hours but soon your typical browsing habits, app usage and contacts will match you up with similar existing profiles based purely on the metadata.
Honestly just narrowing it down to a few dozen people is good enough to get unmasked.
The Federal Government purges data that was non-encrypted after a number of years.
The Federal Government retains a copy of all https-encrypted communications indefinitely on the understanding that the encryption may be broken at some point.
The push to HTTPS was gleefully supported by the US federal government. HTTPS is not a panacea, and is generally useless for most non-sales applications.
You're neglecting to consider the most important aspect of HTTPS, even if you don't care about privacy or believe the encryption will eventually be broken: integrity.
HTTPS significantly raises the bar on MITM attacks, such as ISPs adding or replacing ads with their own.
It also prevents folks sitting in the same coffeeshop as you from snooping.
Calling "generally useless" is incredibly uncharitable.
Considering that HTTPS completely and utterly fails to solve its stated purpose of cryptographic verification of content, it's basically security theater, the last vestiges of which have been completely broken by LetsEncrypt.
But I'm a luddite who also thinks we shouldn't have gone beyond HTML 4.01 as a spec, and that JS in the browser is a pox upon the web.
All encrypted communications are treated as foreign origin regardless of its true origin. The US government uses this twist of illogic to justify their domestic collection.
The phone network requires a geophysical route/medium across which to shluff a packet. Said packet is destined for an endpoint. Said endpoint is associated with a payer. Said payer, in order to pay, is virtually guaranteed to have had to do KYC at some point.
Ergo, if you can call, you can be tracked with only knowledge of the endpoint, and the topology of the networking medium.
Nature of the beast I'm afraid. Your forebearers wanted this. Are you not pleased? Does this mot make you feel safe? They worked very hard on it... For your safety, you see!
Do correct me if I'm wrong: but the push to HTTPS was mostly for its resistance to MITM attacks from bad-behaving ISPs and public WiFi, no? I really struggle to believe that the most powerful nation-state in the world would not be able to get certificates from certificate authorities overwhelmingly also hosted in the States. And besides, most information relevant to the government is just who's connecting to what, which is necessarily done unencrypted (via DNS or otherwise).
Directly answering your question: because phone companies are natural monopolies, and have strong incentives to prevent any public-access provider that wouldn't need unique identifiers tied to billing information from coming in. Location tracking is a direct consequence of cell towers only having a limited range: and because telcos have no real competitors, there's no way a privacy-centered carrier that sells itself on not doing anything with that data can pop up.
I do wish public access LTE existed in a similar form to free WiFi or municipal broadband. Or even just more municipal broadband.
This article is about individual apps siphoning location data to the US government à la Tim Hortons, though, not phone providers themselves tracking users, although that also does happen.
A large portion of the market for anonymous phones are for illegal purposes. For any company doing this at scale, they are inevitably confronted with this fact and can get in a lot of trouble if they are proven to be knowingly supporting crime groups/individuals.
Sincere question: what new steps would you recommend they take?
The iOS location request prompt uses very clear language while allowing for granular access, and the granted permissions are easily reviewed in Settings.
The App Store requires data usage disclosures, which are presented about as succinctly as possible.
They could mandate that apps share absolutely no location data with any third party, but that would break all sorts of things (external mapping APIs, for example), and it’d basically be impossible to police.
Are there mitigations they could provide that I’m missing?
> Are there mitigations they could provide that I’m missing?
Apple could start by stopping their constant tracking and uploading of MAC addresses around Apple devices.
That's right, even if your device has no telemetry whatsoever but has active WiFi / Bluetooth network scanning, Apple is still tracking you if someone close to you has an Apple device.
> We investigate what data iOS on an iPhone shares
with Apple and what data Google Android on a Pixel phone
shares with Google. We find that even when minimally configured
and the handset is idle both iOS and Google Android share
data with Apple/Google on average every 4.5 mins. The phone
IMEI, hardware serial number, SIM serial number and IMSI,
handset phone number etc are shared with Apple and Google.
Both iOS and Google Android transmit telemetry, despite the
user explicitly opting out of this. When a SIM is inserted both
iOS and Google Android send details to Apple/Google. iOS sends
the MAC addresses of nearby devices, e.g. other handsets and
the home gateway, to Apple together with their GPS location.
Users have no opt out from this and currently there are few, if
any, realistic options for preventing this data sharing.
Any app can get a general sense of your location from your IP address (unless you are using a VPN) since Apple's Private Relay feature only works in Safari and Mail, not in third party apps.
I would love the ability require apps to ask permission to access the internet, or even better, a way to limit connections to specific domains like Little Snitch can do on macOS.
Many apps don't have a legitimate need to access the internet such as a photo editing app or a single player game.
The OS is just part of what enables tracking; the cell company can track you just as easily regardless of OS. Apple's privacy claims are sheer marketing; their business is not so directly tied to mass surveillance like Google's, so they play the marketing game that the circumstances allow for.
This is a common false dichotomy. Border agents and random highway stops are done by state actors. Vanishingly small slice of them are james bond-esque high stakes games.
you’re fine with state actors being able to precisely target propaganda / inciting calls to violence based on psychological profiles etc, including your neighbors
state actors are much more prescient than that. From every tail light ticket to rain water collection law, the state bears every law on the threat of murder. That's the price for the social contract.
I'm more concerned that this data is available for sale in the first place. There should be a limit on the length of location history a telecom can collect for individual phone numbers and that data should never leave the telecom. We need stronger laws.
There's a cliff between America spying on their citizens (to see trends and to catch criminals that make themselves statistically relevant) and China spying on Americans (to commit ideological subterfuge).
Not that either are good, but given that some of the Chinese powers that be consider America to be an enemy the potential consequences are terrifying.
As a fellow non-mobile phone user, my life has drastically improved. There are many (MANY!) acquaintances whom this frustrates immensely (for they cannot instantaneously speak with me), but my inner circle all know how to reach me by pager a/o physically visiting.
As for my outer circle... good riddance (FWIW I am retired)!
Ha, I don't even have a pager. Just another thing being triangulated by cell towers that sell the location.
I have VoIP landlines... and SMS can go to my email, but that is the closest thing to telephony that I have.
I check email and chat from my desktop when I am in my home office when I want to be reachable.
I am mid 30s, so almost everyone in my social circle has their face buried in their phones at all times which is something I am all the more painfully aware of now, as that used to be me. I notice the families all at tables all on their phones. Now that I have some distance, it feels really gross.
I am just present in whatever I am doing and noticing my surroundings now. Slowing down. Life is short.
As a bonus, between not having a connection to cell towers and using only cash, I navigate the physical world mostly invisibly which means slightly less food for the corporate survilliance machines of the world.
The only real annoyance is restaurants that all want me to scan a QR code for menu/ordering, and have no idea what to do when I say I don't have a phone. One recently hooked up a tablet to a printer just to print a menu for me. They never complain as they realize instantly it is their own bad assumption that -everyone- has phones and they don't want to discriminate against me.
It feels like re-clearing a trail that has grown over sometimes.
Also for those wondering, you -can- have a lifestyle that integrates plenty of disconnected time and have tech jobs. I run a security consulting company and have ongoing consulting retainers with 10+ companies at any given time. I simply schedule time with them when they want it, and set a 24 hour response expectation.
I use a one-way pager with a receiver-only module.
The downside to this is there is no error correction/receipt.confirmation.
>I simply schedule time with them when they want it, and set a 24 hour response expectation.
This is how it has to be done. I also require minimum billing hours if they don't meet this expectation (or don't show up within 15 minutes of scheduled start time).
A receiver only module? I was not aware this was a thing, but that would indeed avoid all tracking and allow a method for important notifications to reach you. This is a really interesting option for my needs.
I imagine this must only work over 2g or 3g? Sadly both are being shut down soon and I can not see anyone making a 4G pager.
Credit card usage tied to a non-cell phone user. There are layers of patterns to watch and the best invisibility you can have is to blend in, which is scary, worrying, and terrifying because the powers that be would prefer to have a citizenry of crabs in a bucket rather than half a billion free-roaming cats to corral.
It makes their job a little bit easier and that's all that matters to them.
How does Apple’s removal of IDFA affect this? The ad companies no longer have a cross-app identifier that would be of any use in correlating data from a specific phone/person?
The phone company is still tracking your IMSI/IMEI, and they sell data too. The former is directly linked to your identity; the latter also trivially so for most people.
I understand there is a separate level of privacy issues caused by phone companies selling data, but all of the reports refer to data collected from apps which can't be IMSI/IMEI since that's not available from apps?
Phone companies track you by virtue of your phone talking to cell towers, and they do sell your data. What OS or software you run on the phone is irrelevant. Recent versions of Android do not allow user-level applications to read the IMEI/IMSI as far as I know, but that was not always the case. And in any case, it doesn't prevent the carrier from tracking you.
Fellow humans, there are alternatives to being tracked via cell phone! Your neck need not be under anyone's boot! You don't even need to give up any functionality:
Data service:
The simplest thing is to buy a prepaid SIM and top it off with cash. The lovely people over at /r/nocontract maintain a big spreadsheet so you can filter by various properties of the available contracts.
Another way to go is to pay for a postpaid plan with a virtual credit card (e.g., privacy.com). It won't be linked to your name at the telco, but of course privacy.com knows who you are.
Yet a third way to go, which is nascent, is buy an eSIM with crypto.
All these methods make you /pseudo/nymous, but obviously you're still identifiable by subscriber number and possibly IMEI, to put aside correlational things like your traffic profile. You can help this problem by routing everything through a VPN. Then you're pseudonymous but the cell carrier knows nothing about you other than that you use a VPN. Pay for the VPN with crypto. Of course now the VPN provider knows your traffic, but you're much more anonymous to them than you are to a telco. You make your choices. Defense in depth. Etc.
OS:
CalyxOS: https://calyxos.org/ Privacy-respecting Android distribution that replaces Google spyware with MicroG, so you can have your cake and eat it too. Most everything will work as you're used to, but it does still talk to Google to make that happen.
GrapheneOS: https://grapheneos.org/ Very much like Calyx, but extra-hardened and with no MicroG. No involvement with Google at all by default. You can use the work profile thinger in Android to set up an environment where you can run unprivileged Play services + whatever crapware you need that requires them.
LineageOS: https://lineageos.org/ The successor to CyanogenMod, will work with many different phones. More privacy and control than stock Android.
There are also many others: Sailfish, Replicant, e
Hardware:
CalyxOS and GrapheneOS run best on Pixel 3, 3a, 3XL, 4, 4a, 4XL, 5, 6, 6a. The path of least resistance is to get one of these phones and run CalyxOS (if there is an app you need to use that needs Google services like Firebase Cloud Messaging...note that many that can use FCM will run fine without), otherwise run GrapheneOS.
AT&T is able to tell when you activate your prepaid phone what other phones are nearby. Drug dealers have been unmasked using this. They thought they did everything right but someone had a normal phone plan near their phone as it was activated and then the pre-paid phones were around those with regular plan phones. Unmasking the whole group.
The best way is buy the prepaid phone from a 7/11 type store. Wait 6 months, go to the mountains in an old non-trackable car, leave your normal cellphone behind. Activate the prepaid phone. Put the pre-paid phone in a chip bag. Hand off the phone to the person who is going to use it but they put their phone in a chip bag before using the pre-paid one. Always protect your normal phone so it doesn't unmask your "secure" phone.
Do you have a cite or know the specific technology? If they do this using 4G it wouldn't be too accurate. Are they somehow turning on Bluetooth or something?
Never make voice calls with the SIM phone number. Only use the SIM for data when needed and away from your house. Always use VOIP, Signal, Jitsi, Jami..
There's clearly a market for the ExpressVPN types to market a packet sniffer that identifies who's getting what data, and potentially shut it down. Allow lists. etc. The tech isn't new, but it's not accessible to your average data-well a.k.a. end user, and risks breaking functionality....
So long as you have deep control of inbound and outbound peers you can deanonymize traffic by throttling one end and finding streams that are affected. The service providers selling faux security don't have to be involved.
I wonder why are we so complacent with these kind of things? Is it really just the fact that we got our bellies full, and live in climate-controlled homes? Or has there been some degeneration of the human body brought upon us with all kinds of new artificial materials we use, that might affect our bodies in ways we can't yet comprehend; or is it a psychological thing based on the results of technological achievements we consume?
Looking back at some of the European revolutions, it doesn't seem like so much is missing to cause an urge to revolt in people. So what is different? Why do we repeatedly allow this to happen?
I think the problems affecting the system are just too widespread and bespoke for the individual to resolve. To actually understand fully the scope of tracking etc, you probably need to be qualified to be a computer engineer or someone with a similar resume. That limits the amount of the population that is even capable of comprehending the news to a small sliver. Extend that to any field: biology, law, physics, economics, etc. Popular science reporting is terrible because the writers and the readers both lack sufficient debth to put things in context. Earnest law reporting is going to take a law degree as well as a stack of books to put things in their actual context. Economics is even worse; they say a grand unifying theory of economics is impossible because of the time it takes to study all its various schools of economic theory means it cannot be done in a single human lifetime.
The great danger of having the knowledge of all things in our society be limited to a handful of siloed specialists is that it leaves a lot of room for placing opinion, biased, or slanted reporting to the same weight as the actual facts, since no one is qualified to see what is true and what isn't. It allows people who have no experience on a given issue to be in control of its outcomes, which invites graft sooner than learned experience.
> To actually understand fully the scope of tracking etc, you probably need to be qualified to be a computer engineer or someone with a similar resume.
I think it is much more severe than that. To understand the full scope you'd be labeled a conspiracy theorist.
> So what is different? Why do we repeatedly allow this to happen?
It's not so much an "allow" as it is a "what's the alternative?" The problem at this point is so deeply rooted (in the form of life-long politicians and bureaucrats), the only solution is a full-blown reset. Unfortunately, there's no way to do that without violent revolution. Considering the scale and diversity of thought in the U.S., doing that effectively with the least amount of damage is next to impossible (too many loose cannons with mental issues). It also requires violence, which, if you take a non-aggression stance on problem solving (my own POV) then it's a stalemate.
At this point, the only "fix" seems to be atrophy and circumvention. Atrophy in the sense that you just let it all run its course and meet its eventual demise (anticipating pain and suffering as the system collapses) and circumvention in the sense that you look for ways to excuse yourself from it.
Earlier revolutions happened as part of much smaller civilizations (exactly why the American Revolution was possible—far less variables and far more homogenous thinking among the dissenting class). In a country of 300M+ people, any "revolution" is likely to dissolve into chaos no matter how well-organized or how principled its ideology.
> I wonder why are we so complacent with these kind of things?
There are many reasons for this. It's partly due to the illusion that the current internet culture has created that expressing one's voice on a social media platform is an effective form of protest. It is not. How many change.org petitions are people going to sign until they realize that it means absolutely nothing?
I think this one of the biggest and least-discussed erosions of public discourse and assembly. By fostering an online conversation at the expense of an in-person one, we wind up shouting into the abyss instead of at the people who deserve to feel the pressure.
See Fig 2. Note how tight the correspondence is between FAO Food Price Index >= 190 per "constant prices", i.e. cost of food adjusted for inflation, and the emergence of civil unrest.
There is a certain level of desperation necessary to spark revolution. Food prices seem to predict unrest remarkably well in MENA countries per the study linked above. Maybe our experience in "developed" nations is so well-padded with infrastructure and consistent resupply that we are simply not enough in want. The hungry can usually find enough food to survive, because there's so much accessible excess, whether by theft or charity.
To answer your question you only need to investigate under which conditions coercion succeeds in changing behaviour.
I believe that we can dismantle the current world order by providing a more persuasive alternative. Legitimacy is not absolute, but rather relative, and currently the things built on coercion are more legitimate, that is not a law of physics (thankfully it seems to be the other way around actually).
People would rather point at other countries and virtue signal about how bad they are rather than care about what's happening in their own country.
Couple that with brain dead nationalism about how the US is the best despite the fact that we're very much behind in many areas and it's not surprising that so many Americans blindly allow their own government to do so many outrageous things.
People have no intuition for what is technically possible or its implications in cases like this, including most people in tech. So they fallback to mentally modeling these cases in terms of things they are familiar with, without any sense of the inadequacies of the model. You can tell people these facts all day but they don't grok it, really, and it would be hard work to try to grok it, which few people have either time or inclination for. They may feel uneasy about it in some abstract sense but as far as they are concerned it doesn't affect them in a material way.
Humans make decisions based things they can imagine and effectively reason about. Humans struggle to incorporate elementary probability theory into their reasoning; anything that requires complex systems thinking, which these kinds of topics do, is only going to be practically accessible to a small percentage of the population.
>we got our bellies full, and live in climate-controlled homes
I think it's this plus we have no time and the time we have is preyed upon. So, you're fed and more or less comfy, but you're also stressed and tired about that next paycheck. And if you don't get that next paycheck, then you will no longer be fed and more or less comfy.
Identity politics is a distraction from class struggle.
Marxist theory acknowledges that capitalism provides too much to the proletariat to desire revolution, thus the focus on destroying capitalism and society.
When Google and apple came out during the pandemic and showed the anonymous data on every city… it was pretty obvious they were prepared for that way too quickly.
It’s safe to assume, you’re tracked 24/7 and everything’s recorded imo.
Given that Apple and Google are both tech companies it was probably just a (say) python script to get that kind of thing going. For google especially the data and being able to iterate is how they keep their edge.
Well selling that data is completely against their business model!
For example Google's entire revenue model is based on the idea you give them money and ads to show and they choose where best to show that. If they sold the raw data it would undermine that.
Basically no amount of money would be enough for Google to give away their entire business.
I'm sure they would be happy to sell data provided the person purchasing the data would not be in the ad space.
For example, if the government says, "here's $10B dollars / year" give us that data and we wont use it in ads. Google doesn't have a business incentive not to provide it the data.
I did this and was greeted with a prompt explaining said functionality and asking if I wanted to "Turn it on". There was another button beneath it with the option to "Skip". I clicked Skip to see what happens and all location info for every day I checked was empty ("No visits for this day").
So looks like this functionality is disabled by default. I don't recall ever using google maps on my phone before, let alone tweaking specific settings.
Note that this is just records of some of the federal agencies, not all of them, according to the linked ACLU report:
> "Although the litigation is ongoing, we are now making public the records that CBP, ICE, the U.S. Secret Service, the U.S. Coast Guard, and several offices within DHS Headquarters have provided us to date."
The NSA is still vacuuming up all the metadata and a good fraction of the content from the main nodes where it put those fiber-optic cable splitters on the main trunk lines what, 20 years ago or so? Under the Patriot Act provisions, pushed through Congress in late October 2001 wasn't it? Just a few days after the Senate got shut down by those anthrax letter attacks sent to Daschle and Leahy (no, it wasn't Bruce Ivins).
Then you've got the backdoors into Google and Apple, the whole PRISM thing... I doubt they've shut any of that down. See Yasha Levine's "Surveillance Valley" for more on that.
It's not quite China yet, but I'm pretty sure that when our politicians and bureaucrats and their corporate masters look at China's system, their main emotion is one of envy.
Funny thing is, they started the surveillance in late-2001 to suck all the records up. Where did they get the computers and storage devices to do that all at once? They must have been installing equipment for months or years, especially since I am pretty sure they even built a new data center on Fort Mead for it around that time. Now, this is 2001, when building a datacenter didn't just involve spinning up 1000 AWS EC2's and opening the spigot to S3, so this type of thing would have taken some time.
So the question is: did they pass a law to allow data collection because of 9/11 and other attacks, or did they pass a law because they wanted the NSA to be able to collect this data using computer systems they had been planning for years, and used those attacks as a pretext?
>Funny thing is, they started the surveillance in late-2001 to suck all the records up.
It started long, long before 2001. Here is a 2000 press release from the ACLU about global surveillance done by Echelon, which had already been ongoing for years (back when the ACLU cared about privacy issues):
By 1999 privacy advocates at already gotten together for an official "jam Echelon day".
>It was the latest in a long line of apparently futile online protest movements. On Thursday October 21 1999, internet users were urged to drop trigger words into their email so as to overwhelm Echelon, the massive surveillance project which is said to keep track of all electronic communications into and out of the USA, the UK, Canada, Australia and New Zealand.
Ah right, I remember when Echelon Watch[0] was launched, and made the rounds in chat rooms I frequented at the time... Of course most people dismissed it as conspiracy theory stuff :)
It was definitely being done before 9/11. I know of one data broker who was under contract with a certain TLA in the 90's to perform hardware assisted rapid data scanning.
I'm on the other side of the fence - I believe they can store all they need to. Backdoors into Google, AWS, and others were strongly hinted at if not fully exposed with all the leaks back in the Snowden days, so US Agencies may not even need to store some of the bulky stuff. But given the vast size and number of datacenters operated by US agencies, it seems likely they have a LOT of storage capacity. http://worldstopdatacenters.com/government-data-centers/
The NSA has an unlimited budget to store all the data they want. They have massive, billion-dollar data centers around the country (and the world?). The one in Utah is perhaps the best known.
>Nothing is unlimited. If it cut into our tank budget, or anything old retirees care about, something would happen.
Nothing is unlimited, especially inflation. The idea of a "budget" when the FED can (and does) create trillions of dollars out of thin air with a few keystrokes is antiquated. They can - and do - devote whatever resources they desire for "national security".
If I was them, I would not back up YouTube, but I might carefully scrape and discard.
Hell, if I was a _benevolent_ surveillance program, I'd probably run routine searches for illegal stuff on YouTube, both to find it myself, and to make sure YouTube's tripwires are working.
There is so much low-hanging fruit in terms of "interesting secrets per byte"
Like, I could believe all SMS messages are stored for a year or so.
Some random source says, "Over 6 billion texts are sent every day".
If a text is about 140 characters, and you use a dumb image classifier to transcribe photos as "Nude woman", "nude man", "dick pic", "image macro", "guns", etc., that's only about 1 TB per day, right?
365 TB to keep all US text messages for a year? Maybe my source is wrong. That sounds low. But, it's just text. Maybe it's right.
In fact, the upper bound for all US keyboard input for a year must be below 4.6 petabytes.
(350 million people typing 365 days a year, 16 hours a day, 40 words per minute, 1 bit of entropy per character after compression, 8 bits per word)
with large datasets like bioinformatics you often compress the data by extracting features and building matrixes, then only keeping things that score above a threshold
I legit believe they store everything they can because they've been doing exactly this for longer than anyone else. They are _the_ experts in metadata management.
> While the actual capacity is classified for NATIONAL SECURITY REASONS, we can say this: The Utah Data Center was built with future expansion in mind and the ultimate capacity will definitely be "alottabytes"!
I recall some natural disaster in Thailand being blamed for a hard drive shortage at the time, when it ended up being the NSA buying them all up for their Utah data center.
Edit: anyone downvoting want to comment on why this is implausible or not noteworthy to mention? It was a topic of discussion at the time.
What do you mean with this, specifically? Do you mean that China has a more comprehensive data collection apparatus, that the Chinese government has easier access to commercially collected data, or maybe that they exert their control more overtly than the US?
My understanding is that in the vast majority of these mass shooting cases, authorities are well aware of the danger but there's no enforcement mechanism for "probably going to do a mass shooting".
It's called not paying to bombard them with great replacement conspiracy theories all for a decade and instead paying twice as many teachers as well as getting dedicated mental health staff.
Judging by what is done (and what is not done) to remedy them, they sound more like a feature than a bug of our society unfortunately. People are able to storm political institutions when they are angry about an election, but just buy more weapons when their kids get killed. Go figure.
I could almost support the panopticon if that actually happened.
Adjacently, to make the point: we warehouse 1000s or rape kits but don't bother to process them. Like, wtf?
Big Data completely flips the problem of investigation. Instead of identifying suspects, chasing leads, gathering evidence, and verifying alibis, with Big Data you just rule out everyone who does have an alibi. Leaving only those who don't have an alibi, thereby revealing the perpetrators.
It's been a while since I've actively cared about protecting privacy. So I don't know if any one's talking about how Big Data impacts legal concepts (balances of concerns) hammered out over the centuries. Like what is reasonable doubt and presumption of innocence when prosecutors can prove that every one else has an alibi?
When I tried to talk about this stuff with other privacy advocates, presumably savvy about policy and whatnot, they'd look at me like I'm paranoid schizophrenic. So if the experts are still coming up to speed, it'll take that much longer for the policy maker, much less the general public, to become aware.
>It's not quite China yet, but I'm pretty sure that when our politicians and bureaucrats and their corporate masters look at China's system, their main emotion is one of envy.
The US has a much wider intellegence reach and surveillance, not only on our own citizens but on the worlds.
There are no "backdoors into Google and Apple." The government has to request specific accounts' data with a court order.
The NSA isn't "vacuuming up all the metadata and a good fraction of the content from the main nodes." It does full take in some countries with national security interest and collects data to or from some endpoints outside the US known to belong to foreigners with a court order.
We know all of this from the documents Snowden leaked and the documents the government declassified.
No, we learned that they were approved at roughly the same rate as other search court orders. Investigators aren't going to spend the time making an application for a court order unless it has a very high chance of being granted.
Not having any trust your government will somewhat do the right thing for its people must be such mental burden.
The world before cell phones was also one where people movement was incredibly easy to anticipate, a vast amount of people would have never traveled farther than a few gours by car from their birth place, buying online was an outlier and news sources could all be fully controled.
That wasn't some eden where a government had no idea what the average people would be doing or thinking or had a hard time controling.
We need to demand more options on technology platforms! We cannot impose effective consumer pressure when we are forced to choose between two locked down App Stores which make it impossible to categorically prevent these kinds of malicious actions.
How long do you think it would take for a "Little Snitch"-like application to pop up that firewalls location API access if the platforms were more open?
If you have (or are willing to buy) a compatible phone, GrapheneOS is as good as it gets in my experience -- pushes the envelope of usability and security more than any other mobile device OS yet. The sandboxed Google services compatibility layer (using device profiles) lets you have your privacy cake and eat proprietary apps when you need them, too.
I mean, we have that: Android has plenty of alternative ROMs, many of which have Google services removed or otherwise sandboxed. But, overwhelmingly, people (myself included) do not choose to take this route, because they are much less user-friendly, and you lose functionality.
Regarding "firewalling location API access", that's something that you get for default on both Android and iOS, no? Granted, there's no guarantee Google and Apple themselves are respecting those settings on their own platforms.
What I'm trying to say is that there should be significant pressure on companies like Apple and Google to take their successful and user friendly platforms and open them up so we can implement the functions we want without opting to replace the whole thing (rooted or jailbroken) ROMs.
We clearly have options. On an Android phone, you can install F-Droid, and you can flash a custom Android ROM. You can even pay for a phone with those things already set up.
I used to be skeptical of the skeptics, thought they were paranoid to worry about 'big tech' snooping and tracking our lives. Turns out it is not big tech but 'big govt' that I should've been worried about. We are in danger of turning into a surveillance state
We are a surveillance state. We(geeks) all made a fuss over it about 20 years ago and no one seemed to care so here we are. Every so often someone new realizes it, freaks out, and not much changes. I wish I weren't so cynical but at some point I just got tired of losing sleep over it.
The difference is surveillance states have historically leveraged people rather than passive tracking. It’s wildly different knowing your friends, family, even children are being indoctrinated to report you for things that may or may not have happened at which point you just disappear like many people you never heard from again.
It’s actively stressful in a way that cellphones just don’t evoke.
White or not if you are only middle class in middle america that ticket for the weed and steeper paraphernalia charge are going to hurt. Good luck getting the dumb things you've done as a teenager expunged unless you are actually upper class in middle america and therefore have access to legal council that your parents bankroll.
It is a sad kind of funny, watching people realize what happened.
I saw someone I know ranting elsewhere recently about how "nobody saw this coming" and "nobody warned us". I called him out on this, because I vividly remembered a conversation with him when he was telling me what a paranoid weirdo I was, and how self-important I was being, to assume anyone cared enough about what I had to say.
He claimed to not remember it. I found the email thread, mostly to make sure I wasn't wrong, but chose to stop responding instead.
I've worked for the Federal Government and for a variety of ad-tech companies. I am still much more terrified of "big tech" (and small tech) than "big government".
When I worked for the government I wanted to scrape some publicly available data from the web. Because the data involved information about people I had to write up a document explaining exactly what I was using the data for, exactly what information I would be collecting and why it was necessary, explain where the data was to be stored, and most importantly specify exactly how long I needed the data and when and how it would be safely removed. This had to be approved by a privacy officer.
I was shocked, because this is data that I, as a private citizen, could easily scrape. I asked why I had to do something so involved for a project I could easily do in my spare time. The answer I got was this: Because the government has extra authority they also have extra responsibility. As government employees we have more power to impact people's lives so it is our responsibility to be very explicit is what we do and why we are doing in.
In ad-tech there are oceans of data that are not publicly available, and in the US virtually zero restriction who looks at that data and what they can do with it. I've watched people move around town via trackers when the use they web, seen where they got coffee and seen which doctor they go to. I used this information to demonstrate to the legal team at previous company to care about user privacy. They were shocked but in the end made no real policy decision. Some of the big players likely have tighter security but only for business/PR reasons. I can assure you that a random data engineer at a mid-sized tech company has far more access to your personal secrets than an FBI agent.
Don't get me wrong, there are agencies in the government that have more surveillance power than they should and it is ripe for abuse. But don't think "it's not big tech", especially since there is a ultimately a thin line between big tech and big govt.
I'll agree with you that big tech is largely just an extension of big government. But I fear the government more than a large corporation because the government is the only agency with the authority to use lethal force.
That being said my understanding is that there were organizations that have ties back to 3 letter agencies that helped put up capital for several of the big tech companies back in the day.
The government is humongous. It would be naive to think all of government worked that way. There are certainly parts of the government that essentially answer to no one. There are trillion dollar black holes that still can't be explained.
> Because the data involved information about people I had to write up a document explaining exactly what I was using the data for, exactly what information I would be collecting and why it was necessary, explain where the data was to be stored, and most importantly specify exactly how long I needed the data and when and how it would be safely removed.
This just sounds like a design doc, which I do regardless of if it has to get reviewed by a privacy team or I'm doing anything sensitive. Maybe it's because I've worked for mostly google & ex-googler run companies, but this is just standard practice for me.
I think it's becoming increasingly apparent that there's not much difference between "Big Tech" and "Big Government." As this article makes clear, they have a symbiotic relationship with each other. Big Tech makes money from Big Government, which uses Big Tech to get around restrictions on what it's allowed to do on its own.
The trouble with big-everything is that they are indeed the big players, and therefore heavily invested in the status quo, and are the ones with power and influence. They don't want to fix things we see as problems, because they're doing just fine thank you.
Damn, even most of what we know is already a decade old information. I wouldn’t be surprised if the intelligence agencies had much more crazy new projects going on the last few years.
I also suspect there will be a point in the future where they’ll break encryption and we won’t find out until years later.. they already started looking into building a quantum computer in 2014, and I’d bet it’s not necessarily for morally acceptable research.
>I wouldn’t be surprised if the intelligence agencies had much more crazy new projects going on the last few years.
except this isn't even from "the intelligence agencies", it's from data brokers:
>The bulk of the data that CBP obtained came from its contract with Venntel, a location data broker that aggregates and sells information quietly siphoned from smartphone apps
I suspect the intelligence agencies are still in absolute surprise that all their hard work was for nothing and everyone will happily tell Facebook, Google, et al everything with no prodding at all, and all they have to do is slurp it up.
One thing I’d love to know is whether there is an upside and if so how much.
How many kidnapping victims get found or violent plots foiled by this tech vs old school police work?
Of course I suspect this info would be hard to get. Authorities would likely cook the books to make these things look more valuable than they really are.
No one cares. This kind of surveillance and massive overreach by intelligence agencies has been reported dozens of times for at least 20 years now.
The most recent example i remember was of facial recognition in airports. Media reported it, some people whined about it, oh maybe the people will demand privacy? lol. Now its standard procedure. Delta even does boarding based on facial ID by default.
"Raising awareness" does nothing. Commenting on online forums does nothing. The government is in control in every way, of the markets and hence jobs/unemployment, of privacy and surveillance. We've all become excellent at reporting and following bad news even while being completely incapable of effecting any change. The median person is too poor or dumb or disempowered for this to even crack the top 10 issues. They're complaining about gas prices and rent instead. We choose between 2 geriatric clowns who can't possibly keep up with what 100,0000 government employees are doing every 4 years and a congress that can't pass a law to save its life. Democracy is working super well lol.
Please don't speak for everyone. I care. Many people care.
You may feel as though the median person is too poor or dumb or disempowered, and that may disempower you, but there are many other people who tirelessly work against these types of overreaches, whether its' FOIA requests, campaigns, articles, or otherwise.
I see no point in such a post, it drifted into some sort of anti-democracy rant.
My point is to say that the standard playbook for creating social or policy change is broken. The playbook is roughly -
1. build awareness via a nice article like the link
2. people read it?
3. people do something about it?
But very few people read. The actual issues in broad public awareness are whatever crap is on Fox news. Beyond that, even if people get mad they have no structured way to demand a change and it rarely happens.
The rant is tangentially related because we still haven't seen any action on the Uvalde PD, abortion laws just got revoked, there is a war in Ukraine, we might soon be in a recession, the climate might kill us all, etc etc. These are issues where the public actually cares, but nothing seems to change. Surveillance is not even on the list with all the other fires burning.
I guess I'm just saying "caring" about an issue is meaningless in the absence of the power to effect any change. We dont even have the basic ability to ask a government official a question and get a straight answer. We don't seem to have any common knowledge or consensus on how to demand accountability from the government. These are much deeper issues that have to somehow be addressed before anything happens.
Most of those issues either are caused by the usual people that have been in power in congress, or aren't issues that Americans should even care about but have convinced to be (Ukraine) as to keep money spigots flowing.
Vote out the establishment in the senate and the house if you really want change.
Rule of thumb if they've been there for 50 years they're okay with the status quo, regardless of party.
I feel that the entire machinery of the government at the state and Federal levels is so thoroughly captured and corrupt that its levers can now never be used to cleanse itself.
The American people have/had rights they didn’t have to sacrifice to get, but which are valuable to a very determined and well-organized group of people, and so they are and will evaporate. The average American has never even heard of Snowden.
It won't. Technology brings too much power with relative ease, governments and corporations are and will use it to their own advantage. Most people want convenience above all things and, even if they don't, are relatively powerless to do anything about it anyway.
New governments may rise and current ones fall. Ditto large corporations. Any progress made in the pursuit of privacy will be mostly smoke and mirrors. The incentives are just too misaligned.
I have this half-baked thought that fighting surveillance to get rid of it probably isn’t the answer. Like most technologies, it can be used for good and bad.
What probably needs to happen are laws and regulations for how that data can be used against you, particularly by organizations that have a monopoly on violence.
Sadly that would upend the way most institutions work with information, so I’m not optimistic it would actually work in practice.
Good technology can be developed to fight surveillance in a reasonably convenient way. With time, it can attract enough people to make a change. See: https://qubes-os.org.
Fifteen years before Snowden, people were writing books about the NSA, GCHQ and the ECHELON system and apparently nobody gave a fuck, except some niche of politically interested or infosec people.
Can they tell us what members of our corporate security departments participated in Jan At this point we know our employers know but are covering it up so as not to anger RWers. We don't even know if insurrectionists were purged from corporate security departments or if the rest of the department has been vetted extra.
All we know is our employers want us back into the office to serve as their human shields.
I don't think it's fair to pit this as a US gov't surveillance problem. It's true though - the Government missions involved, where this type of data is relevant, face rather compelling offerings especially in complex times; e.g. immigrant/refugee surges where understanding the flow of people up to the border is important for stability.
All of this data comes from Big/Small/all tech; usually branded as "ad tech" or "mobility data". And the supply chain is rather murky, masked, and rebranded/repackaged numerous times between a network of data providers & downstream businesses.
Working close to Government... I've never seen any mission specifically seeking large-scale citizen-based tracking capabilities. US government in recent timeframes have seemed adamant about not purchasing any US-based location data & are cautious even for non-US based monitoring; especially as they learn more about the origins & scale of mobility data.