Drat. Scratch iOS newsgroup. That was intended for Android, not iOS. (You can't do most of those privacy things on iOS, unfortunately for us.)
For example, Android works fine w/o a mothership tracking account while it's much more difficult to set up a functional iOS device without the Apple mothership tracking account tracking every moment of every day of your life.
Will resend to the corrected ng list. Please do not respond to this thread.
I'm in the same boat you are, as is everyone else. Functionality first, privacy second.
Not having the Android phone set to a Google account is, in my opinion and yours apparently, a good tradeoff between functionality & privacy.
No great loss of functionaity versus a great enhancement in privacy. That's a fair deal in my book (and, apparently, in yours).
Having set up umpteen Android phones for privacy, I appreciate your confirmation there are others who don't associate the phone with any Google Account.
However, in the functionality first, privacy second set of tradeoffs, there are "some" Google apps which provide a functionality that no other app can provide, are there not?
Take the simple example of owning a Google Account, which gives you the functional advantage of 15GB of email storage (and spam filtering).
Can we get that functionality elsewhere for a good tradeoff in privacy? I've found protonmail isn't close. Neither is Yahoo. Nor Apple mail.
Luckily, we can still obtain a reasonable functionality first, privacy second tradeoff (IMHO), if we ditch the Google GMail app on Android, and use any decent FOSS privacy aware replacement MUA, such as FairMail.
formatting link
A counterintuitive fact of the functionality first privacy second calculation, paradoxically so, is that the same GMail app on iOS is more private than the GMail app is on Android.
That's because the instant you log into the GMail app on Android, whether or not you want it to do so, it _creates_ a Google Account on the phone!
Yet the iOS GMail app does not. What do I do then to preserve functionality & privacy?
I use GMail on iOS and on Android I use FairMail instead.
There are other similar calculations that I run which others may benefit from my clarifications, where, for example, the Google Voice app provides functionality that I can't find elsewhere for citizens of the USA.
While WhatsApp provides similar functionality (in a different way) to European citizens, in the USA most of us use cellphones and landlines.
The Google Voice app provides free USA cellphone & landline calls, both ways, to a POTS number, and that's an important funcdtionality.
However... as with the GMail app on Android, the instant you log into a Google Voice account on Android, the Google Account is created on Android.
Not so with iOS.
Hence, yet again, to balance functionality & privacy, I use the iPad as a speakerphone telephone (via the Google Voice app) while I completely shun Google Voice capability on Android.
It would be interesting to learn from others who care about the functionality and privacy calculations what other ways there are on Android to preserve as much as we can of both.
Other than what you and others have suggested, the problem is it's an unknown moving target.
You noticed your unwanted Google account being created from using Gmail on the phone. More to the point is when it's not obvious what Google is doing in the background. And, to be fair, it's not only Google. I have a Huawei phone which, like many manufacturers, runs a modified version of Android (particularly so with Chinese phones after their disagreement with Google). So what is /that/ version doing in the background? It might be different from what Google Android is doing. Let's not forget that the hardware is supplied by Huawei too; any "backdoors" in those chips? And then, of course, you have the cellphone signal provider. Everything goes through them, so if it's unencrypted...
As it's possible to have more than one Google account associated with a single cellphone, perhaps jumping between accounts when using the phone might cause some confusion at Google HQ (although I'm sure they can work their way round that).
I want to learn whatever I can from people like you and Jeff Liebermann!
Yes. Indeed. You are completely correct. We can only protect against what we already know to be a threat (usually based on a news article or two).
Hence I agree with your observation that it's not only a "moving" target, it's a "growing" target, like snowball rolling down the hill on soft snow.
That's why, I think, we need each other. You know a lot. I know a lot. Jeff Liebermann knows a lot.
Lot's of people know a lot more than any one of us.
Yes Jeff. I noticed this _only_ accidentally, since all of a sudden I had a Google Account on my phone. WTF? Where'd that come from, I thought. So I deleted it. And then it came back. That's when I was able to reproduce why. (Same with Google Voice, or logging into Google Maps, etc., as I recall).
Some privacy things we notice because they're overt, such as the SSID_nomap privacy items, but some aren't obvious - such as the fact Wigle does NOT respect the _nomap request (AFAIK).
Then you have to come up with things that are NOT obvious, which is why a.i.w is involved in this thread, since your SOHO router comes into play with mobile phone privacy. Allow me to outline, briefly, what that's so...
a. You know about butterfly hash tables so you set your SOHO SSID unique b. In addition, you know about _nomap (& _optout_) for Google/Mozilla c. And you know it's not only your SSID but your unique SSN & GPS location d. Where SSN in here points out that the _AP MAC is unique_ to you alone e. And no, as Jeff Liebermann knows, that AP MAC can not easily be spoofed f. So you dutifully set the (already unique) SOHO SSID to append _nomap g. You "think" that _nomaop prevents it being "uploaded" to Google/Mozilla h. But (almost) every Android phone _still_ uploads your SSID to the net! i. WTF? Then you realize, it's on the Google server the _nomap is respected j. Worse, you find out that Wigle & NetStumbler maybe don't respect _nomap k. Now what? You think. You ponder. You google. You search. l. You come up with an idea after testing how Android handles hidden SSIDs m. What if you make the SSID _hidden_ (i.e., not broadcast) you ponder? n. You search a bit more and you find it that maybe that will work o. If you don't broadcast the SSID, then it's NOT uploaded to the net! p. At least not for most Android phones that don't have Wigle/Netstumbler q. But a hidden SSID opens up another privacy can of worms, doesn't it. r. Now you have to set your phone to _look_ for that hidden SSID s. That means everywhere you go, your phone _broadcasts_ that hidden SSID t. Yikes! So you set your phone to NOT re-connect after losing signal u. While you're at it, you set Android 10+ to a random MAC per SSID v. On Android 11+ Developer options, you set a random MAC per connection w. So now, when the connection drops, it doesn't ask to reconnect at home x. But the benefit is it doesn't broadcast your unique SSID outside home y. You could have accomplished that task with an automated home geofence z. But that would necessitate location - which is another can of worms!
Jeff... I ran out of letters, so I'll stop there... but it goes on, which is your point and which is mine where, I can't help but logically and rationally reasonably agree with you that it's hard to protect against what we don't know about...
But at least we can protect against what we _do_ know about.
Oh indeed! Take the case of turning on location (which comes after "z" above)!
How many people know that when Google Maps turns on "location" it uses its own Google-specific activity which is different from the "normal" location. Action = ACTION.MAIN (android.intent.action.MAIN) Package Name = com.google.android.gms Class Name = com.google.android.gms.location.settings.LocationAccuracyActivity Category = CATEGORY.LAUNCHER (android.intent.category.LAUNCHER)
Every other method to turn on location does _not_ use that - they use this: ACTION: "android.intent.action.MAIN" PACKAGE: "com.android.settings" CLASS: "com.android.settings.Settings$ScanningSettingsActivity"
They do different things! Pop Quiz!
Guess which one turns on lots more privacy losing stuff, Jeff! C'mon. Guess!
C:\> adb shell am start -n com.google.android.gms/.location.settings.LocationAccuracyActivity
Yup. We need debugging information. We can use adb for "some" of that, but the problem I have with adb is that I don't understand yet how best to cull the output into something usable.
C:\> adb shell am start -n com.google.android.gms/.gcm.GcmDiagnostics (take a look at the mtalk.google.com traffic, for example)
Hmmmmm...... I never thought of having even one account, let alone multiple accounts, but I prefer no account on the phone (or on the Windows PC).
What I'd love to know is what other privacy measures I can take on either. Any suggestions?
I doubt you'll learn anything from me you don't already know, except perhaps to be overcautious and not use your phone for *anything* where you require even the smallest amount of privacy.
Indeed. This is the Android equivalent of Rumsfeld's "unknown unknowns"!
We can try, but, with a moving target we can't always be sure we'll succeed. What is successful today might not work tomorrow.
I guess the only thing is to assume that someone - and you know who that someone is - is *always* listening, and act accordingly.
Hi Jeff, For my analogy below, it may be important to note that one of my degrees is in the life sciences, so I know we're being "attacked" by microbes.
My analogy is that privacy is no different, strategically, than hygiene.
At any one time you might not know exactly which microbes are attacking you, but if you practice personal hygiene, you'll keep most of them at bay.
As with microbes attacking us from all sides, we pretty much know their modus operandi, so while we can't protect against every individual attack, if we practice personal hygiene, we can protect in general from most.
However, privacy, like hygiene, is a never-ending set of habits.
We agree that privacy is akin to personal hygiene habits. You can assume you're being attacked and hence you keep clean accordingly.
To that end, if others on this newsgroup can add to our privacy practices, that would be of benefit to all since together we know more than alone.
Sort of. It reminds me of the film "Rollerball": "In a futuristic society where corporations have replaced countries, the violent game of Rollerball is used to control the populace by demonstrating the futility of individuality."
Google, Apple, Microsoft, Facebook, Twitter, Tik Tok, etc, etc, etc...
I think that's the wrong lesson for the masses in terms of privacy.
There is only futility when people _stop_ fighting for their privacy. It's the same as with any other basic principle inherent in human life.
*Privacy is no different in principle, than personal hygiene*
People who abrogate their personal hygiene habits are, in general, disgusting people (e.g., they upload _your_ contact information).
Notice my point is people who give up on privacy are disgusting people not because they give up on their privacy - but they invaded _your_ privacy.
Those disgusting people are uploading _your_ kids' contact information to Internet servers, and those disgusting people are uploading _your_ personal SSN (aka, MAC) to Internet servers, and those disgusting people are ...
My opinion?
People who abrogate on privacy are as disgusting to humanity as people who give up on personal hygiene habits (for exactly the same reasons on both).
Privacy is no different than personal hygiene... where not sticking your hands in dirt is no different than not logging into mothership accounts.
In response to Carlos, I've finally added the trolls to my (rather complex) scripts which comprise what most of you would call a newsreader to add Joerg Lorenz, among many others so that I don't see what Carlos was responding to from that moron.
However, I do wish to further flesh out the important topic by requesting advice from the intelligent few on this newsgroup who have something of value to offer in terms of how to obtain privacy from the motherships.
Since people who abrogate on privacy are no less disgusting to the rest of us than people who abrogate on personal hygiene, it behooves us to know what the basic steps each of the intelligent people here do for privacy.
One of the basic steps I do, and which I recommend others do, is related to avoiding, unless absolutely required, any mothership tracking account.
Never set a computer to a mothership tracking account
Never log into apps which _create_ that mothership tracking account
Avoid apps which _require_ a mothership tracking account
Note that with iOS this kind of privacy is almost impossible so we're only talking Android here when we're discussing our mobile device privacy.
In terms of mothership tracking accounts, other than email servers, can you think of any reason to have an app that must have a mothership account?
I can't. Can you? (this is the collective "you" of the intelligentsia out there)
You're welcome to give up on your privacy just as you give up on your education and just as you give up on your freedom and just as you give up on personal hygiene - all of which you give up because it's easier for you.
But it turns out freedom isn't easy - you have to fight for it - just as you fight for privacy and you continually strive for education and just as continually, you wash your hands and brush your teeth for personal hygiene.
Privacy is no different than freedom, education, or personal hygiene. People who give up (because it's easy) are disgusting to the rest of us.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.