[HN Gopher] The global surveillance free-for-all in mobile ad data
___________________________________________________________________
The global surveillance free-for-all in mobile ad data
Author : todsacerdoti
Score : 189 points
Date : 2024-10-23 11:39 UTC (11 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| sandworm101 wrote:
| Many worry about how these tools will be used to persecute people
| such as women seeking reproductive medical services. That is a
| problem. But what will people think of those same tools being
| used to enforce protection orders, to spot parole violators? I
| know where my opinions fall, but I also realize that the bulk of
| the population would trade in their privacy for any perception of
| increased safety.
| jcgrillo wrote:
| If I were in law enforcement, had no morals, and just wanted to
| convict as many people as possible I'd build a system that
| automatically assembles a virtual dossier on _everyone_ using
| these data streams. Then I 'd implement detection heuristics
| that look for interesting dossiers. These could be used as the
| "classified" component of a case built by parallel
| construction[1].
|
| [1]https://en.m.wikipedia.org/wiki/Parallel_construction
| potato3732842 wrote:
| Not even. It's worse. They aren't even useful for that.
|
| They've tried that approach but it's actually less efficient
| than "good old fashioned police work" because it turns out
| that 99/100 of your hits are gonna be lawful weirdos, 1/100
| is gonna be a petty drug dealer and the career advancing
| prosecution you actually wanted would have been much easier
| to find by using normal methods like inferring that a dealer
| has a supplier, a spy has a handler, etc, etc and trying to
| suss out who those people are. The NSA figured all this out
| post 9/11 when they were building data haystacks in search of
| terrorists.
|
| What the data haystacks do get used for is dragnet policing
| wherein an agency picks some crime they're gonna go hard on,
| pulls up a bunch of results of people who probably did it,
| tosses all the people who are likely to pose any risk to them
| (e.g. you don't see the ATF knocking on doors asking about
| Temu glock switches in bad parts of Detroit) and kicks in the
| doors of whoever's left.
|
| The data haystacks are also really useful for witch hunts
| when they get egg on their face and need to make someone pay,
| like that time they prosecuted anyone and everyone who they
| could construe as having done anything to help the kid who
| bombed the Boston Marathon, and the January 6 people of whom
| a great number were certainly just hapless.
|
| And this is in addition to the usual "opposition research"
| like the FBI bugging MLK and all that sort of crap.
| dylan604 wrote:
| If you had a location that was a known drug hot spot, you
| could use this data to see who frequented that location.
| Using that info, you could use "good old fashioned police
| work" to contact each person and get them to roll on
| someone else. That's much easier than sitting in a stakeout
| trying to ID those that come and go.
| jcgrillo wrote:
| Or you watch them, find out where the stash house is, and
| call in an "anonymous tip" to another agency. They get a
| warrant, raid the stash, and it's all above board (or
| near enough).
|
| Parallel construction makes the mere existence of these
| data sets extremely dangerous.
| dboreham wrote:
| Surely ML is better than that? Otherwise no targeted
| advertising would work.
| wepple wrote:
| Any references to back up the suggestion that a data driven
| approach doesn't work?
|
| Not being skeptical, but curious
| pessimizer wrote:
| You can do things far more interesting than that with the
| dossiers on everyone that absolutely exist right now and that
| algorithms are constantly being run over. You can frame
| people for crimes for which you _know_ they will have no
| defense, exactly like the Stasi did, and privately confront
| them about it. As they plead their innocence, tell them that
| you want to believe them, and if they can do a little work
| for you, they 'll not only be arrested, but be rewarded! How
| would you like a job at Mother Jones, or the Guardian?
| jareklupinski wrote:
| > the bulk of the population would trade in their privacy
|
| i think most people are on the fence / undecided, and the few
| that do "pick a side" only do so based on their personal life
| experiences (which includes family and community influences)
| mmooss wrote:
| First, it's not a binary choice. It depends on the
| circumstance.
|
| Also, people are influenced by what other people say,
| especially people in tech. You can see people on HN saying
| how hopeless it all is. People on HN and your social circle
| are listening to what you say.
| dylan604 wrote:
| No they're not. You preaching against tech just comes
| across as wack job crazy to those that don't care or
| already disagree. Maybe they aren't as far as thinking
| you're a wacko, but they've definitely grown tired and
| calloused from the non-stop and probably at least ignore
| it. Evidence by all the people continuing to use social
| media.
|
| Convenience wins out for the vast majority of people.
| People just want to be left alone and have nice things. As
| long as it is just advertisers knowing everything, the
| masses just won't care. Even if the state starts to take
| action, as long as it doesn't happen to them, they won't
| care either.
| mmooss wrote:
| History shows clearly that people can be very motivated
| by political and social issues; they will die for them.
| Right now, for example, people on the right are very
| motivated and active, often to their own detriment in
| terms of wealth, health, politically and socially.
|
| For some reason, when it comes to other causes, people
| repeat the obviously false (and hypocritical) right-wing
| talking point that it's all useless and hopeless.
|
| (Throwing around words like 'wack' and 'preaching' isn't
| evidence or a stronger argument.)
| dylan604 wrote:
| >(Throwing around words like 'wack' and 'preaching' isn't
| evidence or a stronger argument.)
|
| These are not my words, but words I've been called when
| droning on and on about the evils of social media and ad
| tech. <shrug>
| ideashower wrote:
| The U.S. Government is purchasing tools like these and using
| them: https://www.404media.co/inside-the-u-s-government-bought-
| too...
|
| This has been a widespread problem for the better part of at
| least half a decade, likely much more.
| sailfast wrote:
| To do it on their own would be illegal. To buy it from a
| commercial vendor is an easy contract to write. Quite
| something. Perhaps we should write a new law making it
| illegal.
|
| They managed to outsource it on accident just because of a
| shared need with advertisers to target people.
| michaelt wrote:
| _> But what will people think of those same tools being used to
| enforce protection orders, to spot parole violators?_
|
| If only our society had some orderly process to balance privacy
| with public safety - such as by having the cops explain to a
| judge _why_ they need to track a given person, for how long,
| and so on.
|
| Perhaps also some rules about what counts as a good enough
| reason, and telling judges they can't grant overly broad,
| blanket permission.
|
| Someone should put something in the constitution about that.
| jcgrillo wrote:
| Counterpoint:
|
| > One DEA official had told Reuters: "Parallel construction
| is a law enforcement technique we use every day. It's decades
| old, a bedrock concept."
|
| Constitution or not, they're doing it.
| TechDebtDevin wrote:
| They're also using these tools to stalk women[0]
|
| [0]: https://theweek.com/speedreads/651668/hundreds-police-
| office...
| 93po wrote:
| if you have a legal reason to track someone, make them wear a
| tracker. don't make everyone else lose their privacy and
| freedom to move without government oversight
| mdaniel wrote:
| > such as AccuWeather, GasBuddy, Grindr, and MyFitnessPal that
| collect your MAID and location and sell that to brokers.
|
| Welp, that's the final straw I needed to nuke that fucking
| GasBuddy app from my phone. Goddamn I hate them so much
| 2OEH8eoCRo0 wrote:
| It's a damn shame. I've stopped using pretty much all apps
| because I can't trust any of them. My phone is practically
| stock.
| mdaniel wrote:
| I would _guess_ that the systemic solution to this problem is
| one of those whole device VPNs that doesn't choose to hide
| your location but rather blocks access to ad and tracker
| networks. I actually have DDG's Privacy Pro VPN
| <https://duckduckgo.com/duckduckgo-help-pages/privacy-
| pro/vpn...> but my life experience has been that it breaks
| more things than it helps but I guess it's time to at least
| try it
| casenmgreen wrote:
| It's worse than you think.
|
| There are popular third-party libraries, used by apps,
| offering whatever functionality.
|
| Those third-party libraries do deals with whoever, to include
| into the library whatever code it is the whoever wants to get
| out onto a ton of phones.
|
| I worked for a company in Germany, who wanted to get some
| Bluetooth base station detection functionality out into
| phones, so they could track people.
|
| Company put Bluetooth base stations into a bunch of
| locations, and then paid a major third-party library to
| include their code.
|
| Bingo. One week later, millions of phones being tracked.
|
| When you install an app, you are in fact installing God knows
| what from shady friend-of-a-friend-of-a-friend, who's got
| money.
|
| Do not install commercial apps. Only install open source
| apps. Anything else, you're going to be abused, whether you
| know it or not.
| autoexec wrote:
| Stay away from Samsung. Their default apps (which you often
| can't uninstall or disable) collect massive amounts of data.
| The default Samsung keyboard that came installed with an old
| Galaxy I had was logging every single letter I typed in every
| app and sending it to a third party whose privacy policy said
| it was being used for marketing research, to determine my
| intelligence, education level, habits, attitude, etc.
| arcanemachiner wrote:
| Seems like one of those apps that would work fine from the
| website.
| mdaniel wrote:
| (a) I'm about to find out (b) at least some casual tire-
| kicking shows that their mobile website is just as ragingly
| dumb as the app is, so that actually makes me feel a little
| better - it's not that the app itself is stupid, it's that
| their dev team is
| jjulius wrote:
| Genuinely curious, since I've never heard of the app until
| this very moment - do you actually find that you save a
| noticeable amount on gas? I tend to notice that prices are
| _incredibly_ similar from station to station in whatever
| general metro area I 'm in, to the point where it almost
| doesn't make a difference which station I go to. Has it
| actually shown a benefit wrt driving out of your way as
| opposed to stopping at the most convenient spot on your
| commute?
| mdaniel wrote:
| Reasonable people are going to differ about what
| "noticeable" means, and it will further differ based on
| the size of the tank in your vehicle, since a $0.04
| difference times 8 gallons is not going to be the same as
| times 75 gallons
|
| But, to answer your question, yes: I just checked and the
| spread seems to be $5.19 to $4.19 here. But to circle
| back to your original premise it's quite possible that
| even $15-ish is not worth the glucose/time spent
| interacting with this objectively terrible app and then
| driving to some likely inconvenient station
| frogblast wrote:
| You can still use the app. You get asked both to have the app
| get access to the MAID, and get access to location. If this is
| a problem, it is a problem because you said Yes to both. You
| could have said No. You can change that choice now.
|
| If you go to Settings -> Privacy, the top two options in iOS 18
| are:
|
| * Auto-deny Advertising ID access
|
| * Which apps have location access ("X always, Y while using the
| app" is summarized right at the top)
| mdaniel wrote:
| I thank goodness I don't use iOS because I enjoy having the
| ability to use MY phone as if _I_ own it and not Tim Apple
| dbtc wrote:
| I haven't used android in a while, how is it different?
| nobody9999 wrote:
| LineageOS[0] (and/or other non-Google OS)+F-Droid[1]
| (and/or other third-party app stores) allow you to avoid
| Google altogether. Which is nothing new.
|
| Is that possible with IOS to avoid Apple? I think not.
|
| [0] https://lineageos.org/
|
| [1] https://f-droid.org/en/
|
| Edit: Clarified my question as to what's possible with
| IOS.
| us0r wrote:
| I've been bitching about GasBuddy since at least 2018 (I'm sure
| even further I'm too lazy to keep looking).
|
| https://news.ycombinator.com/item?id=16776028#16776762
|
| I've pretty much deleted all apps. I'm working on dumping my
| phone all together but shit like mandated 2FA is screwing that
| up.
| philipov wrote:
| At this point, 2FA is the only thing I use my phone for
| anymore. It's the only reason I even have a phone; I spent
| about a year without one until I had to for 2FA. But I don't
| need to carry it around anywhere for that. It would be
| inaccurate to call it a "mobile" device.
| waterproof wrote:
| It wouldn't be too hard to create a physical device that
| can only be used to set up and retrieve Authenticator-app
| style 2FA codes.
|
| All you'd need is a camera to read QR codes, a display, a
| few kB of storage and some pretty basic processing.
|
| But then I guess that storage would need to be encrypted
| with some sort of authentication. Hmm.
| fsflover wrote:
| Sounds a bit like Precursor.
| reaperducer wrote:
| The first time I ran into the concept of having my mobile phone
| data sold to a third-party was in 2003, when I went to the Czech
| Republic.
|
| Right after I crossed the border from Austria, my U.S. cell phone
| started lighting up with spam SMS messages. At first, it was from
| the local cell phone carrier welcoming me to .cz. A few minutes
| later, a message from T-Mobile letting me know I was roaming in
| another new country. Then a few minutes after that, SMS spam for
| hotels, then restaurants, then casinos. All of this in a time
| before "smart" phones.
|
| I'm not surprised to see it's gotten so much worse.
| dylan604 wrote:
| A few years ago, I visited Detroit, and the next morning I
| received the messages from the Canadian (assuming Rogers)
| telecom welcoming to Canadia. I was spared the rest of the
| spam. Though it was the first time that I had ever considered
| the tech issues of being near a border and receiving multiple
| national signals like that must be a "fun" challenge.
| kjkjadksj wrote:
| I flew to somewhere else in the US last month and I started
| getting political sms spam dependent on that location. It took
| a good two weeks after I got back for my sms spam to normalize.
| TechDebtDevin wrote:
| Use and Configure Pi-Hole[0]
|
| [0]:https://jeffmorhous.com/block-ads-for-your-entire-network-
| wi...
|
| Also a video for those more YT inclined:
| https://www.youtube.com/watch?v=eCA24qJBG8Q
| nickburns wrote:
| This does nothing for a mobile device that either concurrently
| maintains its cellular 'data' connection together with its Wi-
| Fi connection (and whose apps are permitted to access both)--or
| leaves the LAN without connecting remotely via a force-tunneled
| VPN. And even _with_ such a VPN, the cellular NIC continues to
| maintain baked-in alternate routes on both Android and iOS. All
| that 's before we even get into specific Pi-Hole and LAN
| config, not to mention DoH.
|
| Krebs and everyone else he cites is right--it's time for Apple
| and Google to eliminate MAID altogether.
|
| ETA: Do not downvote this parent! _Use trustworthy ad blockers
| anywhere and everywhere you can!_
| autoexec wrote:
| DoH/DoT along with hardcoded IPs make DNS ad blocking
| impossible.
| switch007 wrote:
| And TLS. Sure it stops lots of other bad things, but it is
| quite the blocker to doing content filtering of the page
| contents.
| TechDebtDevin wrote:
| Do you know of any blogs/articles I can read more on this?
| autoexec wrote:
| https://ericlathrop.com/2021/03/dns-over-tls-lets-google-
| ser...
|
| It isn't just people using DNS filtering for ads that have
| this problem. Network admins at companies face the same
| problem (see for example
| https://cleanbrowsing.org/help/docs/block-dns-filtering-
| evas...)
|
| Some browsers, apps, or devices _might_ let you disable DoS
| /DoT or _might_ let you configure it to use your own DNS
| server, but none of them have to let you and even when they
| give you that option they can still do whatever want
| (https://discourse.pi-hole.net/t/chromium-bypasses-pi-hole-
| by...)
|
| Obviously any application or device using a hardcoded IP
| address will bypass DNS entirely so DNS filtering isn't
| going to work. See https://old.reddit.com/r/pihole/comments
| /djacup/im_starting_...
| OptionOfT wrote:
| Not sure why you're downvoted.
|
| You create a server and host it on IP x. You create a cert
| for it. You add the public key to your app.
|
| Your app can now communicate with that IP over port 443 with
| that certificate. Remember that the idea that the domain must
| match the one in the certificate is a setting, enforced by
| the browsers. If you run your own code you can perfectly
| override that.
|
| Now you can do whatever you like on that connection.
|
| In fact, you don't HAVE to go that far. Many applications
| these days do private key pinning and use that connection to
| load the ads. IMDb does that on the iPhone.
|
| MyQ and myBMW use the same to 'protect' the connection. MyQ's
| implementation of this, and subsequent implementation of
| CloudFlare's bot protection completely broke home-assistant's
| connection. All because they want you to use their app (and
| get bombarded with ads).
|
| Doh/DoT was supposed to bring in MORE privacy for users, as
| it allowed users to resolve addresses without the system
| servicing the connection (ISP / StarBucks / McDonald's) from
| being able to see or modify the responses (think captive
| pages).
|
| But all it brought was more spying. I am a firm believer that
| I should be able to inspect all traffic that an application
| sends out over my internet connection.
| ndriscoll wrote:
| Not completely impossible. You could have a default deny
| firewall, have your DNS resolver trigger an update to allow
| outgoing connections to the resolved IPs, and possibly also
| require connections pass though an SNI-sniffing proxy that
| only allows domains that your DNS resolver has allowed.
| Essentially by default you'd be blocking all custom
| protocols, and you'd only allow what looks like well-behaved
| TLS web traffic to allowed domains to flow.
|
| Bad traffic could flow to a "good" domain, and then you need
| to decide whether that domain is actually "good".
| JohnMakin wrote:
| couldn't they just hide their ad endpoints behind the proxy
| that serves their site? I can think of multiple ways to do
| this that aren't very difficult. I have had to implement
| something in my work to get past certain adblocking
| behavior that was going by domain
| ndriscoll wrote:
| Sure, but now you've at least made them use a more
| expensive L7 proxy to do it, and you can decide to block
| malicious actors like that entirely (blocking the "good"
| domain).
| JohnMakin wrote:
| nginx can do this pretty easily by just using proxy_pass
| directives, if I recall, it has been a while though
| ndriscoll wrote:
| Yes, you can do it with an L7 proxy. You've been able to
| do that all along though, so I suppose there are reasons
| why surveillance networks prefer to not proxy through the
| websites that host their scripts. That has nothing to do
| with DoH to subvert network security monitors though.
| ToucanLoucan wrote:
| _This turned into a hell of a rant, I apologize but I 'm still
| kind of proud of it._
|
| --
|
| We made surveillance capitalism the default method of financing
| every free-at-point-of-use service on mobile devices before we
| understood what that meant, and people now have zero perception
| of the worth of mobile-based software. People happily pay for
| desktop software but the decades of everything on a phone being
| free by default despite the economics of that making no sense
| have made it borderline impossible to sell software to people for
| their phones.
|
| At the same time government has been completely asleep at the
| fucking wheel with regard to any regulation to protect consumers.
| Consumers shouldn't have to know the "tradeoffs" of free
| software, they shouldn't need to vet vendors of software on app
| stores for privacy policies. People should be _protected by
| default._ This "informed consumer" garbage is why we can't get
| anything done in a regulatory sense because these companies will
| make the argument that users consented when talking to any
| layperson user of MyFitnessPal will have you understand they
| really did not within 5 goddamn minutes.
|
| Could people read terms of service? Yes. Do they? No, because
| people have shit to do and nobody aside of an activist or someone
| with an interest in it is going to read 110 pages of terms of
| service each from the 50 services they're currently using and
| it's unreasonable to suggest that they should, and that's JUST
| the reading, even if they read it, do they _understand_ it?
| Because most people according to a stat I saw recently about the
| United States read at about a sixth grade level, which is going
| to be a struggle to get through any legal document. And 4%
| apparently are completely illiterate.
|
| I don't mean to rant here but this pisses me off so much. Our
| entire society is constructed around a set of assumptions about
| people who are at least some level of educated, with decent
| english literacy, who have the time and energy to dedicate to
| managing these various things, and yeah, if you're that
| theoretical person, you can probably do quite well for yourself
| in the United States. But what if you _aren 't?_
|
| What if you're one of the millions who have to work three fucking
| jobs to survive and don't have time to read the terms of service
| for twitter, and just want to relax? What if you're illiterate?
| What if you're disabled in some way that impedes your ability to
| read, or your ability to understand what data harvesting is or
| means? Does your inability to meet the standard I've outlined
| above just mean you're fodder for the scummy business alliance,
| ready to be taken advantage of at every single turn by everyone
| who can, because it's more profitable that way even if it means
| you will be broke, exposed, and/or otherwise exploited at every
| single turn and probably have a pretty miserable life?
|
| I am long tired of living in a society that is clearly, bluntly,
| at every turn designed for _companies_ to live and thrive in and
| not _people._ I 'm tired of people being hung out to dry because
| "freedom." Nobody needs or wants the freedom to be recklessly and
| hopelessly exploited to the ends of the goddamn earth, and I'm
| sick of pretending there's no way for us to know that difference.
|
| /rant
| nickburns wrote:
| Long and winding but you make cogent points. Shit pisses me off
| too. Already a couple 'but, but... they consented to this when
| they installed it!' comments here. Those types know not what
| kind of corporate misbehavior they enable, nay are complicit
| in.
| CAPSLOCKSSTUCK wrote:
| I know it goes beyond cell phones, but as someone who agrees
| with you and has the means and know-how, I find opting out
| through personal choice impossible. If you don't carry a cell
| phone, how do your loved ones reach you in an emergency? etc.,
| so the only real way to win is through regulation. And the laws
| and enforcement won't change anytime soon for the reasons you
| mention. Super frustrating.
| consteval wrote:
| One solution is dumb phones! It's an idea I've been toying
| with but haven't committed to yet.
|
| I think it could work. You can call, text (probably hard, I
| remember those swipe-out keyboards) so you should be good in
| an emergency. But that's it - the rest you do on your
| desktop, where you have far greater control over the software
| you use and far less data available (no location, no photos,
| etc).
|
| The trouble is there's some gaps. If you want decent
| pictures, you'll need a camera. If you want to do something
| simple like check your email, it's a whole thing.
| vmfzdq wrote:
| I think the trouble spreads further than that. In so many
| cases mobile phones have become the defacto tool for people
| that it's functionally impossible to survive without them.
|
| I recently graduated college and by my senior year a lot of
| college functionality was done over phones (and phones
| only, no desktop or browser options). This ranged from
| ordering food at an official campus store, to requesting an
| advisior meeting or basic administrative functionality
| (tracking financial aid, filing a course exemption
| request). Granted, for the last you still could do it via
| other methods like email or an in person visit, but it was
| _heavily_ deincentivized. Even the LMS switched to
| something that was designed as mobile forward.
|
| The other thing I've noticed is that some countries like
| India effectively run on the phone and a dumb phone doesn't
| cut it for any business deals or even purchases. It's all
| done on the phone. You use your phone to order groceries,
| pay for them, and then track the delivery.
|
| I'm actually flying now and things like TSA digital ID and
| CBP's MPC make it such a massive QoL difference that I
| think you'd be hard pressed to find people who'd willing go
| back.
| mistrial9 wrote:
| > asleep at the fucking wheel with regard to any regulation to
| protect consumers
|
| cursing aside, you are doing them a favor by saying "they are
| asleep" .. it is not that simple; misaligned incentives for
| decision makers is a polite phrase
| ToucanLoucan wrote:
| I mean, with regard to tech in specific I think it's a bit of
| both? Every time anything to do with technology hits the
| congress and ends up on C-SPAN it is always _so fucking
| embarassing._ It 's like watching grandma and grandpa try and
| riddle out a new Smart TV's remote, except there's way more
| of them, and a subset of them are proud they don't understand
| a fucking thing about what they're talking about.
| jcgrillo wrote:
| If you want to be in the U.S. diplomatic corps you have to
| pass the foreign service exam. The same requirements should
| apply to running for national office. That would at least
| set a literacy baseline. It'll never happen though.
| renjimen wrote:
| Good rant. The dominant global ideology is neoliberalism AKA
| free market economics, which has regulatory laxness as its
| bedrock. That's why fixing this basic shit is an uphill slog,
| rather than common sense.
|
| Neoliberals look at GDP rising and have faith that the world is
| good. It's time to call these folks out for what they are:
| dogmatic zealots.
| psd1 wrote:
| GDP is a crappy measure of a nation's wealth.
|
| It's a passable measure of the financial class's wealth,
| which is not the same thing at all.
|
| The use of GDP as the headline number in demagoguery is a
| psyop
| losteric wrote:
| It's interesting that American neoliberalism perpetuates this
| thinking of staunch independence, an unrealistic notion that
| every man fully defends and stands for their own interests. It
| seems to espouse _creating_ the terrifying Hobbesian ""natural
| state""... any notion of collective defense by default, as
| outlined here, is rejected as "idealistic socialism /paternal
| states"... even that phrase, "paternal", being used as a
| pejorative says so much about the American psyche (I still
| blame Cold War-era anti-communist propaganda for lobotomizing
| America's society thinking capabilities).
|
| That's really the key difference between US and European
| thinking on privacy. Europe was slow but always thought it was
| fucked up. Americans don't seem to grasp why they should care
| or understand how perverse their blindsight is.
| JohnMakin wrote:
| > I don't mean to rant here but this pisses me off so much. Our
| entire society is constructed around a set of assumptions about
| people who are at least some level of educated, with decent
| english literacy, who have the time and energy to dedicate to
| managing these various things, and yeah, if you're that
| theoretical person, you can probably do quite well for yourself
| in the United States. But what if you aren't?
|
| Not to be overly cynical, but I believe this is a feature, not
| a bug. I don't believe it's isolated to any one political
| ideology though. The system seems to rely on a perpetual
| underclass, and if you are slightly outside the norm or
| deficient, the system tends to use you as mulch for the uber
| wealthy's private jet funds.
| vmaurin wrote:
| I worked 12y the ad-tech industry, and 3y in a company using this
| kind of data to measure performance of "drive to store"
| campaigns: doing online campaign, then seeing if people visit the
| actual real store based on geo data. The company was actually
| controlled by the CNIL (French regulator) according GDPR, so we
| were "anonymizing" data, meaning hashing one way the IFA (unique
| phone id for advertiser) and storing location within a 300mx300m
| square I put some quote around anonymizing because geo data from
| your phone in the evening/night is enough to know where you live
| (with 300m precision). The rest of the industry in France and
| Europe was still a far west though (around 2020)
| drawkward wrote:
| Advertising is a virus that eventually infects all ecosystems.
| antiframe wrote:
| And that is why I use exclusively open source software that
| respects the user.
| m463 wrote:
| that sounds suspiciously like an ad. :)
| pixelpoet wrote:
| Governments and big tech/media try to brand anyone
| knowledgeable about privacy measures as pedophiles, and it's
| incredibly effective because they control the laws and
| narrative. Doesn't help that a huge fraction of people
| conflate having something to hide with not wanting everything
| be public, and in the vast majority of cases are blissfully
| and willfully ignorant so long as they get their Instagram or
| TikTok.
|
| At a societal level we fully deserve all this because
| apparently we can't be fucked to care about basic rights
| anymore (cf. "everyone gets the government they deserve"),
| too lost in Huxley's dystopian future of infinite dopamine
| distractions.
| photonthug wrote:
| > And that is why I use exclusively open source software that
| respects the user.
|
| We're all proud of you but this is barely related to avoiding
| ads. You can build your own car too, and you'd still have to
| look at the billboards on the highway. Or you could build
| your own phone and never giving anyone the number, then
| you'll _still_ get to enjoy 5 spams /day during election
| season when someone decides to simply call every phone number
| in the region.
|
| Ads are the new certainty besides death and taxes. If they
| aren't in your face yet, be assured that whole legions of
| shitheads are very busy trying to make it happen.
| realusername wrote:
| Even if you would never see an ad in your life somehow, you
| would still have to pay for it on the products you buy.
|
| The advertising industry is so large that it's basically
| private taxation, except that you get nothing in return from
| it.
| add-sub-mul-div wrote:
| The best concert I ever saw was one I only knew was in town
| because of an ad.
|
| My interests align with advertisers to an extent. I do want
| to know what products are out there. I'm an adult, I won't
| forget that their descriptions of their products are
| biased.
|
| Surveillance advertising is a bad thing, but it doesn't
| help to take the most extremist position possible.
| Advertising is information, and it's not difficult to use
| that information to your benefit.
| n_plus_1_acc wrote:
| Billboard ads don't yell as you at least. They are like
| two orders of magnitute less annoying than video ads
| drawkward wrote:
| I follow the bands I care about seeing. There are other,
| less intrusive modalities for communication than
| advertising.
| janalsncm wrote:
| We can go back and forth on whether police should have access to
| this data and what regulations should be put on how/why it should
| be accessed. I think reasonable people can disagree about
| details, and cultural expectations around privacy and safety
| probably means there isn't a single best answer.
|
| But I don't think anyone can honestly say the right amount of
| regulation is zero, which is what we have now. It is absolutely
| bonkers to me that anyone off the street should be able to gather
| such highly granular data about any other person as long as they
| can pay.
| alexashka wrote:
| Banning advertising would fix it the corporate level.
|
| Philosopher kings would fit it at the political level.
| pnw wrote:
| Can someone explain how this works on iOS post Apple's removal of
| IDFA? The advertising ID (MAID) in any specific app is relevant
| only to that app, so it seems like it would be useless for
| profiling? I don't see how apps can access any other identifiers
| on iOS. Even the wifi MAC address is randomized.
|
| If you've gone one step further and disabled location access for
| apps and disabled the global ad id, it would seem difficult to do
| the searches described.
|
| The article refers to "25 percent of Apple phones". Is that just
| legacy phones running older versions of iOS prior to removal of
| IDFA?
| lcnPylGDnU4H9OF wrote:
| I think the 25% is referring to the users who willingly select
| the option to allow tracking. It sounds like this report
| actually corroborates Apple's claims of the impact of this
| decision.
| JohnMakin wrote:
| > One unique feature of Babel Street is the ability to toggle a
| "night" mode, which makes it relatively easy to determine within
| a few meters where a target typically lays their head each night
| (because their phone is usually not far away).
|
| There are very few reasons in my mind that anyone, especially law
| enforcement, would need this "feature" and they're all pretty
| dark.
| jcgrillo wrote:
| I could see this being extremely valuable to law enforcement if
| they're planning on making an arrest. They're a lot more likely
| to not get shot by the suspect if they know they're asleep.
| It's also the sort of thing that's not germane to making their
| case against the suspect--it's tactically relevant but
| strategically irrelevant. So we need something more than the
| 4th amendment here? That's actually a question I'm not a lawyer
| and don't know what this actually implies. Naively, it seems to
| me that if information is inadmissible in making their case,
| law enforcement _should have no access to it_ and, probably,
| neither should anyone else.
| JohnMakin wrote:
| That only would matter on no knock warrants, right? That's
| the best case I can think of (still bad imo, I think no knock
| warrants are abused and lead to bad outcomes more often than
| good ones).
| jcgrillo wrote:
| Yeah I agree it all adds up to nothing good.
| CatWChainsaw wrote:
| If the insane micromanagey level of tracking were legally
| designated by its proper practical result, which is stalking, it
| would be a crime. And since the modern zeitgeist is ruled by the
| Ruthlessness Gap, anyone who works in "advertising"/tracking
| ought to have their personal information and whatever they used
| their surveillance techniques to snoop on gets broadcast in a
| public database. That could be one great application for Google
| Glass... watching the watchers.
| amarcheschi wrote:
| If I use an ad id on android, is this id the identifier I can use
| to make a gdpr request to brokers regarding accessing and
| deleting my data? I don't have an ID but I'd be curious about
| doing that, in a similar way to xandr with its uuid2 (although
| xandr does just looks bad and not this terrible)
| cookiengineer wrote:
| Additionally to an OpenWRT [1] Wi-Fi router or Adguard Home [2]
| DNS proxy that you can run for yourself, there's also this
| excellent app firewall project called NetGuard [3].
|
| The developer got kicked out of the Play Store for bogus reasons,
| and had to continue to develop it as an externally funded effort.
| Support him, buy a pay what you want license, and give him a
| couple bucks for it if you value open source software like this.
|
| (I'm not affiliated with the project, I just love the app and it
| runs on all my degoogled devices)
|
| Additionally, degoogle your phone by installing an open source
| ROM like GrapheneOS [4] or LineageOS [5], and install only the
| most essential apps on your phone.
|
| There's also App Warden [6] which audits installed apps, by
| scanning them for malicious libraries and adtrackers. It's based
| on the dataset provided by Exodus Privacy [7] where you can
| search for Apps or their APK identifiers and find out what kind
| of fingerprinting libraries they're using. For example, this is
| what the Facebook App uses behind the scenes [8].
|
| Don't install gapps and neither the google play services. If you
| want an app store for the convenience of updates of open source
| apps, there's also f-droid [9], a libre app store for Android.
|
| Additionally you should keep in mind that every app that needs
| google play services to run is spyware, by definition of what
| these services offer as APIs. Websites that require you to
| install their app to "verify" you are usually spying on your
| activity. Ditch them, your life continues without giving them
| your focus time.
|
| Focus time is a limited concurrency, spend it only on the things
| you really need, not on what you really want.
|
| [1] https://openwrt.org/toh/start
|
| [2] https://openwrt.org/docs/guide-user/services/dns/adguard-
| hom...
|
| [3] https://netguard.me/
|
| [4] https://grapheneos.org/
|
| [5] https://wiki.lineageos.org/devices/
|
| [6] https://gitlab.com/AuroraOSS/AppWarden
|
| [7] https://reports.exodus-privacy.eu.org/en/
|
| [8] https://reports.exodus-
| privacy.eu.org/en/reports/com.faceboo...
|
| [9] https://f-droid.org/
| wepple wrote:
| Care to clarify what these things do and why it's relevant to
| the posted article?
| cookiengineer wrote:
| I tried to clarify it a little more, but I think if I would
| go into more detail I should write a separate article about
| it. It's relevant as to that I'm describing what you can do
| against the mentioned problems in the article, and how to
| avoid being surveilled by advertisement conglomerates.
___________________________________________________________________
(page generated 2024-10-23 23:00 UTC)