Not exactly related but on the topic of finding target's location, A few years ago i used to run a little demo of capturing probe wifi ssid network on prefered network list of nearby devices and used https://wigle.net/ to identify places that people has visited... it was eye opening for some people in the audience for sure.
I know this topics comes up ever so often here, but this is really amazing demo. A reminder that on Android you can use tools like XPL-EX (previously XprivacyLua) to heavily block such calls and libraries, or something simpler even like something like [App Manager](https://muntashirakon.github.io/AppManager/).
On the question of “why do they collect all this data” - brightness, battery life, headphone usage, volume etc: It’s not just because the data is valuable in itself, it’s also to ‘fingerprint’ the device across IPFA boundaries and in the face of things like NAT and VPNs. There are so many disparate data points that are different across different devices that two apps reporting an identical or near-identical set in a short timeframe are likely on the same device.
I haven't gone through setting it up (yet) but I imagine there should be differences between EU and US versions of the apps. Is that something you expect to and if so, are you recording that info in your survey?
Or am I just naive here?
Because you and almost everyone else agreed to the Terms of Service where you consented to let them stalk you until they can make an accurate enough simulation of you to sell increased chances to change your behavior to the highest bidder.
You can stop at any time. Cancel your cell phone subscription and turn off your phone. It is a perfectly valid choice.
True, but a Terms of Service document is the vehicle by which you are informed and consenting. If you're not willing to read the information you're choosing to remain uninformed.
This is not how the GDPR works, just because you stuff it in the ToS doesn't make it legal. Consent has to be explicit and freely given, using the service cannot hinge on accepting tracking.
Good stuff. You might find more interesting data by implementing Frida [0] into your process to snoop on encrypted traffic normally not visible due to pinned certificates.
> You can actually opt out of this. Vote for politicians that want to regulate this into illegality.
The parliament has more than one politician and the advertising companies pay better.
To opt out of it you need to put politicians in jail for conflict of interest and bribes and make campains against big tech (which could lead to your "suicide). Good luck with that.
Isn’t it what the EU is doing step by step to protect its citizens?
Politicians should be jailed, both on the legislative and executive side, including Presidents, if they ignore the law. France is showing this once again with hopeful Marine Le Pen and former president Sarkozy, together with dozens of their associates.
Not exactly related but on the topic of finding target's location, A few years ago i used to run a little demo of capturing probe wifi ssid network on prefered network list of nearby devices and used https://wigle.net/ to identify places that people has visited... it was eye opening for some people in the audience for sure.
Wow, the map gives a good insight of where "technological humans" are concentrated.
or where people are actually recording wifi networksk, wigle is kept up to date by volunteers
We all kind of know this is true, but it’s always really eyeopening to see to what extent these companies know everything about us.
Even worse is, I think, that somehow they are allowed to sell all the data and that you can basically buy data about everybody easily online[1]
[1]: https://media.ccc.de/v/38c3-databroker-files-wie-uns-apps-un...
I know this topics comes up ever so often here, but this is really amazing demo. A reminder that on Android you can use tools like XPL-EX (previously XprivacyLua) to heavily block such calls and libraries, or something simpler even like something like [App Manager](https://muntashirakon.github.io/AppManager/).
I have something similar:
https://appgoblin.info which let's you see trackers installed on mobile apps and an Android app that lets you see those on your phone.
I'm working on automating a flow similar to the OPs but with an emulator so it can run on a server, but it's pretty difficult.
If anyone has advice I'd love to hear it. My biggest problem is how finnicky getting the rooted emulator plus apps is.
My current flow for mitm and waydroid is here: https://github.com/ddxv/mobile-network-traffic
Hope anyone has some advice!
Edit: just want to mention that the OPs flow is definitely better for capturing real data and endpoints, but I didn't see how I could automate it?
author here to answer any questions or discuss an app
On the question of “why do they collect all this data” - brightness, battery life, headphone usage, volume etc: It’s not just because the data is valuable in itself, it’s also to ‘fingerprint’ the device across IPFA boundaries and in the face of things like NAT and VPNs. There are so many disparate data points that are different across different devices that two apps reporting an identical or near-identical set in a short timeframe are likely on the same device.
I haven't gone through setting it up (yet) but I imagine there should be differences between EU and US versions of the apps. Is that something you expect to and if so, are you recording that info in your survey? Or am I just naive here?
How the hell is any of this tracking legal?
Because you and almost everyone else agreed to the Terms of Service where you consented to let them stalk you until they can make an accurate enough simulation of you to sell increased chances to change your behavior to the highest bidder.
You can stop at any time. Cancel your cell phone subscription and turn off your phone. It is a perfectly valid choice.
Uninformed consent is not consent. And while you may enjoy your life without a mobile subscription, many would not.
>Uninformed consent is not consent.
True, but a Terms of Service document is the vehicle by which you are informed and consenting. If you're not willing to read the information you're choosing to remain uninformed.
This is not how the GDPR works, just because you stuff it in the ToS doesn't make it legal. Consent has to be explicit and freely given, using the service cannot hinge on accepting tracking.
> Because you and almost everyone else agreed to the Terms of Service where you consented to let them stalk you
Because some laws (GDPR) are only valid for some people.
No one took Stallman seriously in the early '00s cuz he looks like a total nerd.
Imagine living in the alternate universe where open source or privacy had a Jenny McCarthy.
solid observations and good analysis! so, seems too obvious, are you truly in pioneer territory - nobody else is doing what you've done here?
I mean, there should be something! Maybe not with this exact list of apps, but the code should be similar to other "how-to-record-traffic" guides.
Many thanks for your eyes opening article!
Hopefully you have a third article on the making testing whether common privacy technics are effective ?
Good stuff. You might find more interesting data by implementing Frida [0] into your process to snoop on encrypted traffic normally not visible due to pinned certificates.
[0] https://frida.re/docs/home/
And more specifically just use the maintained scripts from HTTP Toolkit.
https://github.com/httptoolkit/frida-interception-and-unpinn...
Are you aware of any sousveillance projects with the goal of identifying and monitoring the people responsible for this tracking?
You actually can opt out of this. Personally I have not had a cell phone subscription in ~5 years and only use cash IRL.
You can actually opt out of this. Vote for politicians that want to regulate this into illegality.
But then the government couldn't track you anymore with the help of those companies.
> You can actually opt out of this. Vote for politicians that want to regulate this into illegality.
The parliament has more than one politician and the advertising companies pay better. To opt out of it you need to put politicians in jail for conflict of interest and bribes and make campains against big tech (which could lead to your "suicide). Good luck with that.
Isn’t it what the EU is doing step by step to protect its citizens?
Politicians should be jailed, both on the legislative and executive side, including Presidents, if they ignore the law. France is showing this once again with hopeful Marine Le Pen and former president Sarkozy, together with dozens of their associates.