I don’t like so called smartphones (flashy devices to mine your data and other reasons) but my regular no touchscreen phone’s microphone is no longer working as it should, making conversations difficult.
Enter a smartphone I received as a present, my phobia (for lack of a better word) to smartphones and my (misguided?) obsession with privacy: I don’t want to use this smartphone as my default phone because I’m scared the carrier, ISP or google are going to mine my data and trace my calls.
Which might be an overreaction, because each time I use my regular cell phone, the carrier knows when I’m calling from, who I’m calling and how long the call lasts.
So I ask you: how much more data would I be leaking if I use my new smartphone for calls only, compared to a regular, no touchscreen phone?
I’d say a normal phone is a lot worse than smartphones in general, unless you don’t care about all your communications being readable by the carrier. With a smartphone you can make actually encrypted calls and texts over trustworthy applications/protocols (Signal, Matrix, Simplex, etc.), on a phone you’re stuck with the carrier service; another thing that comes to mind is the storage, as far as I know there are no normal phones with an encrypted filesystem while it is default for a long while on Android.
On the other hand, if your new smartphone model isn’t loaded with a privacy respecting ROM you’ll also have at least some data sent to other third parties like Google and whatnot, but if you can change the ROM, then the potential for better privacy far outweighs the benefits of normal phones doing fewer things with your data by default. If you’re going to use your new smartphone like an old phone, to make carrier calls and SMS, then there will be near to no improvements (except storage security maybe) and as you say, more data snooping
A normal phone doesn’t have AGPS download ephemeris (edit:they may today, I haven’t looked into it for a while), doesn’t have Google Services tracking everything, or third party apps phoning home.
I’d say by default a smartphone is way worse, it has fsr more data collection by default, even without an account. Every data point a feature phone has, a smartphone has, plus more.
Voice calls and SMS use the exact same infrastructure in exactly the same way on both types of phones.
But it can be mitigated quite a bit on Android by not using an account on it, disabling GPS, wifi, Bluetooth.
They could also debloat it to reduce some of the background nonsense (Universal Android Debloat has a “safe to disable” list). (I’m assuming it’s not an unlocked Pixel or a phone that’s on the Lineage list).
If they don’t care about apps, I’d even add NoRoot Firewall, configure it for always on, and set it to block all network access by default. This would be a Global Pre-Filter using asterisk (*) for both the address and port fields with both Wifi and Cell boxes checked (system apps will still have network access, this only affects users apps on a non-rooted phone).
Other than root or flashing a custom OS (like Lineage or Divest, Graphene if they were lucky enough to get an unlocked Pixel), this is about the best that can be done.
Agreed 100%, I wish any smartphone could support Graphene
Sadly it’s only getting worse.
Google and hardware manufacturers aren’t motivated to make open devices. Quite the opposite, really.
They learned their lesson from the BIOS wars of the 80’s that resulted in standardized hardware interface, so any compliant OS could be installed. This is what gave MS the ability to beat IBM at their own game, and prevented strong DRM.
Phones don’t have a standardized BIOS like that, so each brand requires drivers built specifically for it (also a bit of a result of using Linux as the base, since it’s a monolithic OS). Without those drivers you can’t install an OS, and each device is different.
Google and friends like it this way, their long-term goal is fully locked down phones that you don’t control and can’t modify, so they can fully implement DRM.
Probably your best option now is getting a pixel phone and flashing it with graphene os.
If you can’t get a pixel phone you may want to use something like lineage os and make sure you don’t add any Google services to it.
100% this is the best choice for op IMO.
A big pro is that they literally don’t need any Google services whatsoever by the sounds of things
If you can’t get a Pixel, look for a phone on the DivestOS list (or the Lineage list, it can be way better than stock Android since it lacks Google anything).
DivestOS is Lineage, with some more work done, kind of between Lineage and Graphene. I really like it, actually prefer it over Graphene for my use-case (it can run MicroG as a user app in a work profile, so kind of a stepping stone for getting away from Google).
That’s amazing. Never knew about this phone.
And then install your main Apps from F-Droid (all Open Source and reviewed) and put eventual proprietary apps (get them from Aurora instead of Play) in a Shelter/Insular profile.
deleted by creator
F-Droid replaces some proprietary bits and adds warnings and all.
DivestOS would be closer to what Graphene provides for more devices
As a lineageOS fork it has good compatibility, but the maintainer regularly updates the OS and maintains it with their own hardening patches as well as patches from GrapheneOS
Yes, that is an overreaction. In my opinion, you should take your privacy precautions as far as you wish without significantly affecting your everyday life. Refusing to use your smartphone/not enjoying the experience because you are anxious about the data it is leaking suggests to me that you’ve gone too far down the rabbit hole and need to pull back a bit. There are measures you can take to increase the privacy of your smartphone, even if you can’t install an alternative operating system on it and need to use default Android. No it won’t be as private, but if the alternative is selling/returning this new gift then perhaps sacrificing some of your privacy is worth it (that’s something for you to decide).
The reality is that most people around the world have absolutely zero concern for their privacy and security and get by in life without any issues at all. It’s good to be informed and take precautions where necessary but it is statistically extremely unlikely that you will notice any negative change to your life because you choose to use a regular smartphone. Making choices about your privacy should come from a place of empowerment - you should feel good about them. If you are making choices because you are scared/paranoid, you probably need to take a step back from online communities such as this one. They can be useful sources of information but you can also get easily overwhelmed with information and/or try to change too much, too quickly and end up living and extremely paranoid and limited life. People who do this often then burn out and just give up entirely on their privacy, when a more moderate approach would have actually benefited them more long-term.
Here is an alternative Piped link(s):
measures you can take to increase the privacy of your smartphone
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Your fears about the smartphone are not unfounded. If you take a regular smartphone with you as you go about your day, it will collect a ridiculous amount of data against you. Even without Internet it will cache the data and transmit it once it has signal. Only way to stop it is to install a custom ROM.
Keep in mind that even a dumb phone can track you. If it’s connected to the cell tower then the telecom companies know your location and may share that with others. Also, calls and texts are not encrypted on a dumb phone and are probably being intercepted.
See if you can trade in your new cell phone for a Google Pixel and install GrapheneOS. That is currently the best privacy ROM. You can use this like a dumb phone and it will track you no more than a dumb phone could. To prevent tracking from cell towers, you can put it in airplane mode and use messaging apps over WiFi.
If you’re really only making phone calls, the built in location tracking is probably the biggest issue? AFAIK, you can only use an off the shelf iPhone with an Apple account, and a similar Android phone with a Google account, so your location will be tied to and referenced with those.
Apple have branded themselves as guardians of their users’ data, so many consider that a safe assurance. YMMV but it may be slightly better than Google’s Dodgier approach. When in doubt, go to settings and turn everything off you don’t use, location services foremost.
You may want to disable other apps that come with your phone as well. Basically anything you don’t use. I don’t know how much data can be harvested from background services of an app that doesn’t have a user signed in, but at this point I’d err on the side of caution. Plus, as you say, your position can always be approximated by your mobile carrier through the cell towers you’re connected to, but that goes for dumb phones as well.
Personally, I only use Android smartphones with custom ROMs like LineageOS without installing the Google apps or services framework because I Just Don’t Use Google. Instead I install microG to spoof the GSF to apps that require it. That’s a privacy compromise I can live with because I use my phone as an internet device as well. Needless to say I take privacy precautions on an app level as well.
I think on a lot of Android phones you can skip the Google sign in step and use it without an account, but it’s limited in the usual ways like no play store access, etc
Ah, okay. As I said, I haven’t really used off the shelf Android for years, so I’m happy to take your word for this.
Apple is only protecting you from other companies also getting the data they harvest from the phone.
Yup. And again, millions of iOS users take that as assurance of Apple’s trustworthiness. In this game, we all need to choose who we trust with our data 🤷
You can setup Android without a user account. I’m not sure about iPhone, I don’t believe that’s an option in the setup process (but it’s been a while, since I set mine up).
How about this perspective? You are being tracked regardless. Do you have friends? Do they have your number? You have a tracking ID. Have you ever used the Internet at home not on a VPN and not on a fingerprint-preventing browser (i.e. JavaScript off)? You have a tracking ID.
This tracking ID is surrounded by data it gathers from your interactions with others, regardless of whether you want it to or not. Your lack of presence here is far more telling than actually existing. Unless you literally live off the grid no contact, there’s no getting away from it.
On the bright side, guess what? These tracking IDs are practically solely for advertising metrics. The chances of any of this data being meaningful beyond “vestmoria likes vintage cheeses after” is pretty much nil. I would even go so far as to say by having a presence in this space you are likely to be less targeted by prying eyes that actually matter, as opposed to right now where you are a clearly visible dark spot in a sea of lit beacons.
To put it another way - privacy now is through obfuscation, not lack of existence. Google solved the dumb-phone problem in 2013 and they have had advertising IDs on these from the moment they get used. They have had your data already for a long, long time now. Your advertising ID is better used clicking on every ad you come across using AdNauseam than it is trying to de-google a smartphone or avoid carrier data. Make the data on you inaccurate and worthless.
If you really want to avoid using tracking aspects of a smartphone, your best bet is convincing your people to download signal or matrix and use them exclusively, with notifications turned off on the phone. You’ll want to run a VPN you trust. Others suggested custom ROMs to get away from Google, though I’m personally no fan of MicroG either.
I think it’s worth considering accepting that unless you are very specific in how you use it, there is no real feasible way to not be tracked. Even if you take all precautions, even then, you are still being tracked by other peoples phones. With that in mind, your mental health should be put at ease knowing that rather than trying to avoid it, there are ways of feeding it dirty data to make you look like everyone else.
Using Linux you probably already are aware of quite a bit of this, but I’ve always felt that being off the grid or off the radar of adver-govs is a false hope and while there may be measures against it there’s nothing that actually prevents it in full and it’s so much more effort than allowing it to happen but lying about yourself. So what if they have data on you if it’s irrelevant! On top of that, what does it matter if your calls have data on them (date/length). The content of the calls is a different story of course, I don’t have a solution for that.
Maybe you can fake phone calls by spoofing phone models and locations and having their conversations spoken via AI.
If your concern is whether your cellphone carrier has the ability to see who you are calling and for how long, this is true whether you have a smartphone or a “regular” phone.
With a regular phone they can also fairly accurately tell where you are, and read your texts. The main difference is the information goes to the carrier but not straight to Google or Apple.
They can do so with a smartphone too, they both use the same cellular network, so same voice calls, same plain-text text messages (SMS is a feature of the cellular network management, messages are injected into the cell management frames).
Even worse, smartphones use AGPS, so download from AGPS servers (providing another point of location data) and using that ephemeris data to improve location update times.
Your concern is well reasoned. A smartphone is a much larger risk surface compared to an application specific dumb phone. Running an entire operating system, increases the number of exploitive holes you could be running it anytime. You’re almost guaranteed to be running at-risk software.
You can mitigate that risk, by using graphene as people have discussed. But if you truly don’t care, get another dumb phone. It’s hard to exploit the remotely, it’s hard to install software remotely, Pegasus doesn’t try target them. It’s a smaller risk surface.
That being said, if you want some of the benefits of a smartphone. You can do so limiting your risk surface. Run stock Android, or graphene,. Make sure you’re okay with the permissions you provide. And most importantly keep your software up to date. That’s a reasonable level of paranoia versus utility trade-off
My 2 cents: I have a similar relation with smartphones as yours.
In my case, what I fear the most is some app getting my contact list and using it to send some kind of “XXX has joined YYY service” notification to all of them. Also, I didn’t like that Google had all the data they wanted, so I ended with 2 smartphones:
- One de-googled (LineageOS without Google Apps) that I use for calls and trusted apps. This one has my contacts list.
- One default Android-Google without simcard for those apps that require oficial-Android (mainly banks apps) and any app I’m afraid could mess with the contact list.
AFAIK I’ve only had one incident because I trusted Telegram too much. There is always non-zero risk, but this works for me.
Similar setup here, for same reasons. But I go further: my contact list is empty. Not a problem if your contacts are all on Signal or Telegram rather than SMS or Whatsapp. IMO contact lists are privacy scourge #1. They allow everyone to grass on their friends with zero consent.
get a cuatom rom that is privacy focussed,your concerns are valid, mostly. Though dumb phones aren’t much better
Dumbphones do all that too.
I think its a bit of a overreaction, but you can always download Foss apps even if you can’t download better private OSs, its not the best but its better then nothing
Well I’ve had a smartphone since 2012, just to try it. Honestly I don’t feel it has added quality to my life. Having specialized devices such as a camera, GPS, mp3 player and so on is actually more convenient and not more expensive. For example a GPS has a longer and more reliable battery life.
2012 was 11 years ago, so out of curiosity: do you still have the same smartphone, and why are you still using one if it hasn’t improved your life?
No at some point they become uselessly slow or won’t receive necessary updates. Like even some dumb chat app requires a ton of resources. And I’ve also had an iPhone that worked just fine until there was an update. After that it wasn’t practical to use any more and I switched back to android.
I’ve had 4. And I’ve used each one until it was completely useless.
I bought 2 of those 4 for my work. I do vr/ar and some clients require ar on the phone or tablet. And I needed one of them when I had an Airbnb, because you need the app for that. The again you can replace that with android running on a pi or sum.
Truth be told I have a Motorola Droid running Android 1 and if all you need is a phone with some email and sms texting it works fantastic. Even has a physical keyboard.
I’m not even going to ask when the last security update came out 🤣
Lol, yeah that’s an issue.
Lol, having separate devices is more convenient?
The smallest camera I can pocket weighs 5x my phone, is about 10x thicker.
GPS, same.
Mp3 player, about the same as my phone.
Computer/web browser? Well, nothing is as small as a phone.
I get all that in a single device with a phone weighing 8oz, measuring 6"x3"x3/8".
Separate devices is better if your use-cases for them have strong independence (e.g. Only use GPS in the car/on motorcycle, only use a camera when doing dedicated photo shoots, etc). If anything I’d say multiple devices is less convenient even then, it’s just that those devices work better for those use-cases, making the tradeoff of less convenient worthwhile. I’d much rather use a dedicated camera sometimes (and do), when I’m taking lots of pics and want to go faster.
But for most people, these activities are strongly related, and occur throughout their day. It would be far less convenient to carry multiple devices and have to pull them out and handle for these activities.
That depends on what you want out of them. If you want to minimize the amount of stuff you’re carrying around as your top priority, sure, phones are great. But if you want ease of use for a specific task without unwanted interference? They’re not always the best.
Like, if I were doing any sort of meaningful photography, I’d want my actual camera. It’s easier to shoot with, it allows for more control, and no notifications or phone calls are going to suddenly interrupt a shot.
When it comes to a music player, it’s mostly good, but what if I want to keep listening to music while doing other stuff on my phone, or while talking to someone? Phones are pretty bad at that sort of multitasking. There are certain websites I can’t read while listening to spotify, because something completely inaudible takes over the sound channel as soon as I load the page.
As to making phone calls? The number of dropped calls or calls with one-way audio is absolutely absurd, and not something I ever ran into on older dumb phones.
Convenience ultimately depends on use case. It is nice to always have some kind of camera on me, even if it’s kind of a half assed one. Ditto to a computer, a music player, and a phone. But they’re definitely not more convenient to use.
There’s a reason dials, macropads, tablets, midi devices, and things like that are popular. It’s usually a lot easier to control physical stuff sitting in front of you than it is to interface with some abstracted UI. Like, typing is so bad on phones that it spurred the creation of contemporary AI.
I find they’re a pain to use and I only have one out of social pressure, and privacy or not I’m constantly confused on why they’re so popular.
I just use a throwaway account and have the rule of not putting in any data that I don’t want to be read - which is barely anything any way because I do all my computing on my Linux laptop. I figure if they’re collecting location data and recording me then they’re just associating it with “random guy x” because I’ve never given it anything else. I should look in to one of the de-Googled Android distributions but I have so little interest and energy in anything to do with it, if it could be made totally private I would still rarely use it.