- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
An amazing bit of digital detective work here. Seems like Linux mobile is your only off ramp from being exhaustively tracked
You must log in or register to comment.
All HTTP requests include your ip address, you don’t “consent” to giving it to anybody. You can geolocate somebody based on ip address but it won’t be very accurate
True, it’s storing the IP address that is the issue.
Use a VPN. Problem solved.
Not the magic bullet people think they are. Oh, and you can’t turn it off, so you’ll have to take the loss in network speed on absolutely everything. And better know how to configure each device so it doesn’t go ahead and check leak your IP anyways, which also restricts choice of devices you use. Cause remember, if any device on your network ever connects to the net without the VPN, then your anonymity just went out the window.
Not the magic bullet people think they are.
No one thinks VPNs are “magic bullets”. I don’t know why this gets repeated ad nauseum.
Oh, and you can’t turn it off, so you’ll have to take the loss in network speed on absolutely everything.
True but it’s not that bad.
And better know how to configure each device so it doesn’t go ahead and check leak your IP anyways
Just choose a good provider. You don’t need to configure anything.
if any device on your network ever connects to the net without the VPN, then your anonymity just went out the window.
That’s what kill switches are for.
No one thinks VPNs are “magic bullets”. I don’t know why this gets repeated ad nauseum.
Ooh, I know why! It’s because YouTubers hawk their preferred (sponsored) VPN as if it was silver bullet and that it’s dangerous to use your mobile device out in public or worse – public WiFi – without it. You can’t blame John or Jane Doe from parroting what their favourite YouTuber claimed.
I agree it’s a powerful tool! I was specifically responding to “problem solved” in the previous comment. My reply was in no way meant as a general review of VPNs.
Using a VPN just moves the trust to another middleman.
Yeah, a middleman you get to choose. That’s a huge improvement. There are plenty of trustworthy VPN providers.
Tor over VPN
You can set up wireguard vpn on a tiny instance in Amazon or Google, and bounce traffic through that one. Then you control what gets logged (Amazon may have logs over all outgoing connections from all instances somewhere though).
You can even make it change it’s public ip every day if you want.
So use a trustworthy middleman? Surely you can find someone more trustworthy than advertising companies?
Is that tinfoil hat comfortable?
Using a VPN means that all your traffic is routed through a possibly malicious actor.
This problem solved, but whenever you change your network or IP and then periodically, your phone will report to Firebase, so you can receive push notifications.
You can block those with software that simulates a local VPN with a filter, but you won’t get any more push notifications. Now push notifications are not just the ones you see. Some apps use invisible ones to get infos they need to work.
Make sure you disable or properly configure webrtc. Even with a VPN it will leak your true IP address.
Check here.
but it won’t be very accurate
Which they actually acknowledge in the blog post.
Kind of interesting that they’re smart enough to understand how to sniff packets but not enough to understand that IP address = location.
Author noted:
As a quick note - location shared was not very precise (but still in the same postal index), I guess due to the fact that iPhone was connected to WiFi and had no SIM installed. If it was LTE, I bet the lat/lon would be much more precise.
And this was with location services off. How precise is a “postal index” in the author’s country (presumably Spain) I wonder.
Wonder how the app sent geolocation with Location Services disabled.
Does this happen to users in the EU? It’s highly illegal to gather data without consent here obviously. Even processing other data to derive location (which is personally identifiable information) means processing data for purpose that’s different to one that was consented to (if they tried to get any consent at all). There are big companies implicated here so it’d be easy to fine them into submission in jurisdictions that allow it.
That’s crazy. As it’s (almost) impossible to prevent those data to be sent from the phone, would it be possible to make the data useless ? For instance by sending loads of fake json payloads for some ids ? Then enjoy my data which says at the same time that I’m in Vancouver, Lisbon, Paris, on my low cost and super expensive phone, with volume at max and zero,… Not possible I guess ?
Even with Linux it wouldn’t be that safe, if apps were doing this crap.
You’d want to be using only Linux apps that weren’t recording and reporting everything. Much easier to get in Linux than Apple/android
You know the towers log data too, right? And that websites themselves can track you regardless of what OS you use, right?
Privacy is good, but stop with this “Linux is a magic weapon” BS.
Separate dongle for internet using a hotspot can help. No system is perfect but Linux phone is an excellent first step
We just have to stop using the internet at this point
