Inside a Global Phone Spy Tool Monitoring Billions (404media.co) 40
A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. From the report: Hundreds of thousands of ordinary apps, including popular ones such as 9gag, Kik, and a series of caller ID apps, are part of a global surveillance capability that starts with ads inside each app, and ends with the apps' users being swept up into a powerful mass monitoring tool advertised to national security agencies that can track the physical location, hobbies, and family members of people to build billions of profiles, according to a 404 Media investigation.
404 Media's investigation, based on now deleted marketing materials and videos, technical forensic analysis, and research from privacy activists, provides one of the clearest examinations yet of how advertisements in ordinary mobile apps can ultimately lead to surveillance by spy firms and their government clients through the real time bidding data supply chain. The pipeline involves smaller, obscure advertising firms and advertising industry giants like Google. In response to queries from 404 Media, Google and PubMatic, another ad firm, have already cut-off a company linked to the surveillance firm.
404 Media's investigation, based on now deleted marketing materials and videos, technical forensic analysis, and research from privacy activists, provides one of the clearest examinations yet of how advertisements in ordinary mobile apps can ultimately lead to surveillance by spy firms and their government clients through the real time bidding data supply chain. The pipeline involves smaller, obscure advertising firms and advertising industry giants like Google. In response to queries from 404 Media, Google and PubMatic, another ad firm, have already cut-off a company linked to the surveillance firm.
We have the power to end this. (Score:2)
Dumb Phone (Score:3)
I'm not an off-grid living doomsday prepper type who transacts in cash with the security threads pulled out, but damn, stuff like this makes wonder if I might just be better off using a dumb flip phone. If nothing else, it would probably force me to live more "in the moment".
Then again, it would also force me to go back to terrestrial radio for music in the car. I...I don't think I can do that.
Re:Dumb Phone (Score:5, Interesting)
Just get a "private and Free" phone.
From "normal" to extreme: /e/OS
1
2 Lineage OS without google services
3 Librem 5 runing pureOS
4 pinephone running Postmarket OS.
I'm currently #2, trying #3. And I assure you, flip phone not necessary to kill off almost everything time wasting.
Re: (Score:2)
Re: (Score:2)
I have long been thinking about getting a Linux-based non-Googled phone.
My main uses are (in order of need):
(Ah, I see that /. removed ordered list tags at some point...)
I am assuming that most or all of those things are available on the open platforms. Maybe not the tap-to-pay since those seem to be specific to vendors, but it wouldn't be the end of the world for me if I had to give that one up.
Re: (Score:2)
Podcasts will work as long as its the standard RSS distribution model, not modern custom whatevers...
Cloud sync will work if you set it up. DAV, syncthing and others are your options.
I don't know about maps. Various OSM routers to the rescue I guess.
> NFC/Tap-to-pay
Good thing this is last., it's not possible on FLOSS phones. Banks usually require ARM Secure Enclave to enable that. Plus they build on top of Android/iOS.
Re: (Score:2)
Braxphone
brax.me
Re: (Score:2)
That's #2 , but preinstalled.
Same as a murena (murena.com) phone.
Re: (Score:2)
Re: (Score:2)
You could install the apps while on wifi then keep the phone off the network/cellular service and get most of it's functionality. If the phone isn't connected to a network while you are traveling, then it can't collect data on you.
Re: (Score:2)
Yeah, no, the phones I suggested really can't have most apps.
#2 is limited to f-droid and sideloaded apks
#3,4 is limited to whatever GNOME/KDE programs fit on the screen.
> on wifi then keep the phone off the network/cellular service and get most of it's functionality.
You couldn't even use offline navigation, as you don't have a guarantee the app doesn't tap into location. Depending on how much you trust Android permissions.
It can collect data, and send it later.
Re: (Score:2)
Doesn't matter how great your phone is, if you install and app thats spying on you.
In this case it seems it's the apps that were being used to spy on you, not the phone itself.
Re: (Score:1)
Re: (Score:1)
If you post your life on Facebook, you don't believe in privacy anyway. Anyone willingly submitting anything and everything for attention on Facebook clearly doesn't care.
Re: (Score:2)
If you sub to spotify, then that's probably true. I just buy all my music off bandcamp. My phone has gigs of mp3s. I connect to my car with bluetooth and use VLC to make playlists of all the songs I want to listen to. Sometimes I just play a folder that I've already categorized.
It's awesome and I'm hoping the artists gets a bigger cut from bandcamp then spotify.
So, doing this, you can get your flip phone for calls and then have your smart phone not connected to the cellular network and still use it as a mus
No exception. (Score:5, Insightful)
Privacy regulation is needed. Without any exception.
Re:No exception. (Score:5, Interesting)
Privacy regulation is needed. Without any exception.
Privacy regulation and we need to change the way companies are fined, including the leadership.
If a company makes US$1 Billion and get's fined US$5 million, well the fine is just a cost of doing business. On the flip side, if the company is fined 20 percent of income before any taxes, depreciation, or anything else for the first offense, that's a bit more problematic. Even more problematic when the fine rises, if the behavior reoccurs within 20 years, to 40 percent and finally 80 percent with a corporate death penalty. Investors might abandon the company after the second fine.
Wait, there's more...
Since executives, especially CEO's, love to tell us how indispensable they are to the company to justify their high compensation packages they're on the hook. So all company executives are stuck with the same fines as the company, based on their total compensation package. That's everything from pay to stock options to using the corporate jet to housing allowance or assistance. Everything. The fine will double similar to the company fine, 40 percent then 80 percent, but no death penalty. They just cant work as an executive, management, or serve on any board of any company that receives a cent from the government... including if that company owns a majority stake in any company that receives money from the government... for life.
This would be a good start at least.
Re: (Score:2)
Flog them 'round-the-streets. Decimate survivors. Sell wives and daughters to Saudi whore-houses.
This was the penalty for Roman sentries deserting their posts. The shoes fits post-mod C-suites very well.
Re: (Score:2)
This isn't rocket science, and I'm not even imprisoning them, simply fining them mate. Now if they break the law so much they get banned for life, it's not my fault it is their fault.
Re:No exception. (Score:4, Informative)
List of suspected apps? (Score:3)
Is there a more comprehensive list of the suspected apps (and platforms) available?
Re: (Score:2)
Re: Site name change (Score:4, Insightful)
Re: (Score:2)
This is why we need regulation (Score:5, Interesting)
I've tried to explain to people why data harvesting is a dangerous thing. The response I typically get is "it's only advertising, what harm is there?" The harm is when the data collectors only care about money and don't give a damn about who they do business with. The scum that trade in personal data are as ruthless as the Ferengi, and they'll sell to marketers and insurance companies and the police and Uncle Sam and the CCP, if the price is right.
Don't be surprised one day when you get a letter from your insurance company saying that your rates are increasing because some app on your phone monitored you and determined that you're an increased risk to insure.
Better yet, can you imagine what life would be like if you get arrested immediately after entering a foreign country, because that country has an extradition treaty with China, who has a warrant for your arrest because you posted a picture of Winnie the Pooh waving a Chinese flag to social media?
Just you wait, because that's what's happening in our Brave New World, unless we regulate this industry.
Re: (Score:2)
And how does it work for you?
I'm down to trying the following:
Every election could be the last election, and the elected power could decide to clean house/country. How do you think you would fare?
I also usually link https://medium.com/@hansdezwar... [medium.com]
The best "getting through" to people on the street I have seen was John Oliver describing it as the "Dick pic" program.
Re: (Score:2)
Yeah people say "Hur dur, how will your 2nd Amendment fare against stealth bombers" as if the US would carpet bomb whole cities. No if the US government ever goes full Hitler-Stalin-Skynet the primary weapon they will use against you is your own cell phone/internet history, your contact list, your location history, your idiot friend's history. They'll know whether you're white/diverse, and whether you're a political ally, political enemy, or suspiciously uninvolved in politics. Or the government is fine but
paywalled content (Score:1)
404 Media is really Vice's Motherboard (Score:2)
404 is really Vice's defunct Motherboard
Always consider the source when evaluating an article. Who owns the entity, who pays for it, who advertises in it. Try to sniff for bias.
The way 404 gets flogged in /., they come across as muckrakers with an agenda. But then again, this describes all news orgs - muckrakers with an agenda.
https://en.m.wikipedia.org/wiki/404_Media
Re: (Score:2)
They seem to be doing some good reporting though.
Don't load the nonsense apps... (Score:1)
hundreds of thousands of ordinary apps? (Score:2)
Re: (Score:2)
Most developers have adopted the adware/spyware model with delight. There are a few no-network applets but they're not in the top-100 list and Google makes a point of hiding which applets access Personally Identifying Information (PII). A Google search for no-network android applets is the answer.
It's a laborious process to click through Google Play listings to check the permissions of each applet and ensure it doesn't access contacts, messages and call history. Next on the ban-list is phone identity a
Take the Shiny Shiny, leave the Contact list (Score:2)
People were more interested in the Shiny Shiny than why an applet wanted their contact list and a de facto VPN. It's obvious a flashlight applet wouldn't be sending LOL-cat photos to your grandmother.
to those that know (Score:2)
Oh! (Score:3)
I was under the impression that phones were themselves a spy tool monitoring billions around the globe. Should I be using thicker tinfoil for my hat?
Re: Oh! (Score:2)
'simple binary'? Keep your disgusting outmoded mental health slurs and sexual paradigms to yourself!