I don’t like so called smartphones (flashy devices to mine your data and other reasons) but my regular no touchscreen phone’s microphone is no longer working as it should, making conversations difficult.
Enter a smartphone I received as a present, my phobia (for lack of a better word) to smartphones and my (misguided?) obsession with privacy: I don’t want to use this smartphone as my default phone because I’m scared the carrier, ISP or google are going to mine my data and trace my calls.
Which might be an overreaction, because each time I use my regular cell phone, the carrier knows when I’m calling from, who I’m calling and how long the call lasts.
So I ask you: how much more data would I be leaking if I use my new smartphone for calls only, compared to a regular, no touchscreen phone?
I’d say a normal phone is a lot worse than smartphones in general, unless you don’t care about all your communications being readable by the carrier. With a smartphone you can make actually encrypted calls and texts over trustworthy applications/protocols (Signal, Matrix, Simplex, etc.), on a phone you’re stuck with the carrier service; another thing that comes to mind is the storage, as far as I know there are no normal phones with an encrypted filesystem while it is default for a long while on Android.
On the other hand, if your new smartphone model isn’t loaded with a privacy respecting ROM you’ll also have at least some data sent to other third parties like Google and whatnot, but if you can change the ROM, then the potential for better privacy far outweighs the benefits of normal phones doing fewer things with your data by default. If you’re going to use your new smartphone like an old phone, to make carrier calls and SMS, then there will be near to no improvements (except storage security maybe) and as you say, more data snooping
A normal phone doesn’t have AGPS download ephemeris (edit:they may today, I haven’t looked into it for a while), doesn’t have Google Services tracking everything, or third party apps phoning home.
I’d say by default a smartphone is way worse, it has fsr more data collection by default, even without an account. Every data point a feature phone has, a smartphone has, plus more.
Voice calls and SMS use the exact same infrastructure in exactly the same way on both types of phones.
But it can be mitigated quite a bit on Android by not using an account on it, disabling GPS, wifi, Bluetooth.
They could also debloat it to reduce some of the background nonsense (Universal Android Debloat has a “safe to disable” list). (I’m assuming it’s not an unlocked Pixel or a phone that’s on the Lineage list).
If they don’t care about apps, I’d even add NoRoot Firewall, configure it for always on, and set it to block all network access by default. This would be a Global Pre-Filter using asterisk (*) for both the address and port fields with both Wifi and Cell boxes checked (system apps will still have network access, this only affects users apps on a non-rooted phone).
Other than root or flashing a custom OS (like Lineage or Divest, Graphene if they were lucky enough to get an unlocked Pixel), this is about the best that can be done.
Agreed 100%, I wish any smartphone could support Graphene
Sadly it’s only getting worse.
Google and hardware manufacturers aren’t motivated to make open devices. Quite the opposite, really.
They learned their lesson from the BIOS wars of the 80’s that resulted in standardized hardware interface, so any compliant OS could be installed. This is what gave MS the ability to beat IBM at their own game, and prevented strong DRM.
Phones don’t have a standardized BIOS like that, so each brand requires drivers built specifically for it (also a bit of a result of using Linux as the base, since it’s a monolithic OS). Without those drivers you can’t install an OS, and each device is different.
Google and friends like it this way, their long-term goal is fully locked down phones that you don’t control and can’t modify, so they can fully implement DRM.
Probably your best option now is getting a pixel phone and flashing it with graphene os.
If you can’t get a pixel phone you may want to use something like lineage os and make sure you don’t add any Google services to it.
100% this is the best choice for op IMO.
A big pro is that they literally don’t need any Google services whatsoever by the sounds of things
If you can’t get a Pixel, look for a phone on the DivestOS list (or the Lineage list, it can be way better than stock Android since it lacks Google anything).
DivestOS is Lineage, with some more work done, kind of between Lineage and Graphene. I really like it, actually prefer it over Graphene for my use-case (it can run MicroG as a user app in a work profile, so kind of a stepping stone for getting away from Google).
That’s amazing. Never knew about this phone.
DivestOS would be closer to what Graphene provides for more devices
As a lineageOS fork it has good compatibility, but the maintainer regularly updates the OS and maintains it with their own hardening patches as well as patches from GrapheneOS
And then install your main Apps from F-Droid (all Open Source and reviewed) and put eventual proprietary apps (get them from Aurora instead of Play) in a Shelter/Insular profile.
deleted by creator
F-Droid replaces some proprietary bits and adds warnings and all.
Yes, that is an overreaction. In my opinion, you should take your privacy precautions as far as you wish without significantly affecting your everyday life. Refusing to use your smartphone/not enjoying the experience because you are anxious about the data it is leaking suggests to me that you’ve gone too far down the rabbit hole and need to pull back a bit. There are measures you can take to increase the privacy of your smartphone, even if you can’t install an alternative operating system on it and need to use default Android. No it won’t be as private, but if the alternative is selling/returning this new gift then perhaps sacrificing some of your privacy is worth it (that’s something for you to decide).
The reality is that most people around the world have absolutely zero concern for their privacy and security and get by in life without any issues at all. It’s good to be informed and take precautions where necessary but it is statistically extremely unlikely that you will notice any negative change to your life because you choose to use a regular smartphone. Making choices about your privacy should come from a place of empowerment - you should feel good about them. If you are making choices because you are scared/paranoid, you probably need to take a step back from online communities such as this one. They can be useful sources of information but you can also get easily overwhelmed with information and/or try to change too much, too quickly and end up living and extremely paranoid and limited life. People who do this often then burn out and just give up entirely on their privacy, when a more moderate approach would have actually benefited them more long-term.
Here is an alternative Piped link(s):
measures you can take to increase the privacy of your smartphone
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Your fears about the smartphone are not unfounded. If you take a regular smartphone with you as you go about your day, it will collect a ridiculous amount of data against you. Even without Internet it will cache the data and transmit it once it has signal. Only way to stop it is to install a custom ROM.
Keep in mind that even a dumb phone can track you. If it’s connected to the cell tower then the telecom companies know your location and may share that with others. Also, calls and texts are not encrypted on a dumb phone and are probably being intercepted.
See if you can trade in your new cell phone for a Google Pixel and install GrapheneOS. That is currently the best privacy ROM. You can use this like a dumb phone and it will track you no more than a dumb phone could. To prevent tracking from cell towers, you can put it in airplane mode and use messaging apps over WiFi.
If you’re really only making phone calls, the built in location tracking is probably the biggest issue? AFAIK, you can only use an off the shelf iPhone with an Apple account, and a similar Android phone with a Google account, so your location will be tied to and referenced with those.
Apple have branded themselves as guardians of their users’ data, so many consider that a safe assurance. YMMV but it may be slightly better than Google’s Dodgier approach. When in doubt, go to settings and turn everything off you don’t use, location services foremost.
You may want to disable other apps that come with your phone as well. Basically anything you don’t use. I don’t know how much data can be harvested from background services of an app that doesn’t have a user signed in, but at this point I’d err on the side of caution. Plus, as you say, your position can always be approximated by your mobile carrier through the cell towers you’re connected to, but that goes for dumb phones as well.
Personally, I only use Android smartphones with custom ROMs like LineageOS without installing the Google apps or services framework because I Just Don’t Use Google. Instead I install microG to spoof the GSF to apps that require it. That’s a privacy compromise I can live with because I use my phone as an internet device as well. Needless to say I take privacy precautions on an app level as well.
I think on a lot of Android phones you can skip the Google sign in step and use it without an account, but it’s limited in the usual ways like no play store access, etc
Ah, okay. As I said, I haven’t really used off the shelf Android for years, so I’m happy to take your word for this.
Apple is only protecting you from other companies also getting the data they harvest from the phone.
Yup. And again, millions of iOS users take that as assurance of Apple’s trustworthiness. In this game, we all need to choose who we trust with our data 🤷
You can setup Android without a user account. I’m not sure about iPhone, I don’t believe that’s an option in the setup process (but it’s been a while, since I set mine up).
If your concern is whether your cellphone carrier has the ability to see who you are calling and for how long, this is true whether you have a smartphone or a “regular” phone.
With a regular phone they can also fairly accurately tell where you are, and read your texts. The main difference is the information goes to the carrier but not straight to Google or Apple.
They can do so with a smartphone too, they both use the same cellular network, so same voice calls, same plain-text text messages (SMS is a feature of the cellular network management, messages are injected into the cell management frames).
Even worse, smartphones use AGPS, so download from AGPS servers (providing another point of location data) and using that ephemeris data to improve location update times.
get a cuatom rom that is privacy focussed,your concerns are valid, mostly. Though dumb phones aren’t much better
My 2 cents: I have a similar relation with smartphones as yours.
In my case, what I fear the most is some app getting my contact list and using it to send some kind of “XXX has joined YYY service” notification to all of them. Also, I didn’t like that Google had all the data they wanted, so I ended with 2 smartphones:
- One de-googled (LineageOS without Google Apps) that I use for calls and trusted apps. This one has my contacts list.
- One default Android-Google without simcard for those apps that require oficial-Android (mainly banks apps) and any app I’m afraid could mess with the contact list.
AFAIK I’ve only had one incident because I trusted Telegram too much. There is always non-zero risk, but this works for me.
Similar setup here, for same reasons. But I go further: my contact list is empty. Not a problem if your contacts are all on Signal or Telegram rather than SMS or Whatsapp. IMO contact lists are privacy scourge #1. They allow everyone to grass on their friends with zero consent.
Dumbphones do all that too.
I think its a bit of a overreaction, but you can always download Foss apps even if you can’t download better private OSs, its not the best but its better then nothing
honestly for your threat model (from what I can read here) it’d actually make a lot of sense to use the smartphone. With something like Signal you get encrypted calls and messaging, which would help you circumvent your worries regarding tracing of conversations.
Of course you’d wanna do this on some de-googled android distribution as you seem to be concerned about that. Personally DivestOS, GrapheneOS or even plain LineageOS should all do fine
If you never enable any data services on your SIM (GSM only for calls) and never connect to WiFi. You’re not leaking anymore data than an old fashioned phone.
However, the fact that you are asking these questions does suggest you are probably being unhealthily paranoid. (Reading these replies, it seems you are in good company on this forum.)
I’m going to assume you are not engaging in high level cyber activities that would require you to adopt this level or paranoia. If you were, you wouldn’t be asking basic questions.
Instead, it sounds like you have developed an irrational fear of what tech companies can realistically do with your data and what level of harm they may wish to cause you.
Typically, they can log your search and browser data to determine if, for example, you like pizza. Then they may show you an advert for pizza or highlight the nearest Dominos on Google maps. But… they can only do that if you share that information with them in the first place by using your new smart phone (with none of the privacy settings enabled) to search for pizza and then using Google maps. Nobody is forcing you to do that. But is it really that bad even if you do?
Google are not going to clone you, or assassinate you or somehow work out you are not paying taxes or are engaging in illegal activity unless you use your phone to do it. And even then, they don’t go round grassing people up to the government for the fun of it. They just want you to click on adverts and, once you are aware of how they operate, it’s relatively easy to avoid them whilst still getting great value from a pretty incredible piece of modern technology.
Now, if you are genuinely worried about government targeting (I don’t know what country you live in) an encrypted messaging App will be significantly more secure than an unencrypted old GSM phone that is quite easy to intercept and relies on the integrity of your MNO provider.
My advice, stop worrying. You already have a cautious mindset so you won’t get tricked by these companies, but you could also be enjoying many of the benefits of being able to access all of humanities collective information from your pocket.
Over reacting, if you’re going to use computers and the internet, it’s literally the exact same thing. How much data you leak is 100% up to your practices, and of course phone choice. If you get a Pixel and run Graphene on it, you’re base is great. Beyond that, app choices become the next threat. Don’t use privacy invading apps you can’t trust, don’t give up data on the phone that you wouldn’t on a computer, then you can protect privacy as much as you can, while still being realistic and living normally.
The biggest hurdle is simply being aware of the threats you’re up against and how to mitigate them. 100% privacy isn’t a realistic goal. Minimizing the leaks and making it very difficult to connect the dots is a far more realistic plan.
Yes you are batshit crazy
why thanks…?