Google Takes Its Tracking Into The Real World

Discussion in 'privacy general' started by TheWindBringeth, Nov 8, 2013.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    http://digiday.com/platforms/google-tracking/

     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    GPS off unless you need it to navigate.

    Android always pops up a permission request to use WiFi and Cell Tower assist - deny it every time.

    Keep WiFi off when not at home.

    Do not scan for open networks with the built in option (use WiFi Analyzer).

    In case you forget, spoof your machine name and MAC address (requires root)

    Block all communication of the GPS Service with a firewall (requires root).

    Just some counters, not opinion of Google's business model...but at least can *do* the blocking on Android...don't think you can on iOS/WindowsPhone/BlackBerry.
     
  3. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    isn't that because there is no need to block google on non google OS's?

    edit- you can deny and block WIFI/GPS requests on iOS at least
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I would think each company is trying to monetize location. Malls are trying to implement WiFi tracking, I know.
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    From that article...

    Things like the advertising ID built into some platforms (Android, IOS, .?.) and being signed into certain types of accounts will only make it easier for companies to uniquely identify you and correlate things.
     
  6. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    all that can be turned off with a few simple swipes on iOS without the need to root/jailbreak and without breaking functionality of the app

    non issue on iOS is what i was trying to say as google have to respect apples policies on iOS. obviously not the same on android
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    @treehouse786: I figured you probably meant that Google apps could be prevented from using IOS's location service. However, given the potential for IOS users to allow that, I thought it best to pull out that quote from the article.

    It would be interesting to see statistics for how many people completely disable location services (a miniscule percentage I suspect) and how many enable it but are genuinely selective about allowing specific apps to use it (a small minority I suspect). If my suspicions are correct, many users would be vulnerable to the type of tracking discussed here. Be it performed by Google or some other entity.

    As mentioned in another post (https://www.wilderssecurity.com/showthread.php?p=2299967#post2299967), I'm under the impression that IOS users *can't* actually turn off (prevent apps from reading) the IOS advertising ID or control it on a per-app basis. If you've seen something to the contrary I'd appreciate a link.
     
  8. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    as someone who supports a lot of iOS devices (BYOD), i would agree with you

    i disagree with you on this one, roughly 99% of iOS devices i encounter have denied location services to at least 1 app

    i'm not sure on this one, by reading the paragraph in the second pic it seems to be unclear as to whether if apps have initial access to the AID but have no right to act on it or have no right in the first place

    however, a simple screen press to reset the global AID is an excellent addition by apple

    the most powerful tool (in my opinion) on iOS to prevent tracking would be the ability to fully close apps which are not on use at the screen. i personally dont have a problem with google tracking me if i am activley using one of their apps (on screen) so its good to know that their tracking would instantly be stopped via me simply opening another app or by closing theirs
     

    Attached Files:

  9. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    i know its popular to bash on apples privacy record and on apple in general but i personally think android is the most privacy intrusive OS ever made for any device

    the problem with android is that it is created by a company who makes the bulk of their revenue via.... tracking/advertising

    iOS, windows phone and blackberry don't have anywhere the near same incentive to track/ad infest their users as the bulk of their revenue comes from hardware and software sales unlike google
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Privacy intrusive as in this? Do remember Android is open-source, and modifiable both ways.
     
  11. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    The developer library quote I pointed to in the other thread makes it somewhat clearer I think: "advertisingTrackingEnabled: Check the value of this property before performing any advertising tracking. If the value is NO, use the advertising identifier only for the following purposes: frequency capping, conversion events, estimating the number of unique users, security and fraud detection, and debugging". Apple can't police how it is used on servers though.

    That could help, assuming the user resets it very frequently and there are no undesired consequences from doing that. However... and I failed to mention this in that other thread... what would stop an app/server from keeping a history of advertising IDs that were seen on your device?

    Well this is why I brought up the cross-app advertising ID. Theoretically you could close a Google App which would stop *it* from causing tracking data to be sent to Google and then open another NON-Google app that resumes causing tracking data to be sent to Google. This could work because both apps have access to the same ID and thus the data they phone home can be correlated. Note: I'm not aware of any other apps feeding data to Google in such a way, I'm just trying to point out what it possible.
     
  12. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    please see this post

    3 screen presses > custom roms, especially for the majority of people
     
  13. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    but they can police what they pass on in the first place. seems to me that if the value is 'NO' then all the developers receive is a random identifier

    i don't see that as a legitimate concern as there are too many assumptions that have to be made. not much difference from me wondering if all mobile OS's creators are collaborating together for maximum profit. also, you seem to differentiate between the unique AID and another form of device identifier, as far as i know there is only the the 1 ID available for apps to use on iOS so i dont see how keeping a record of random ID's would help anyone link it to to other ID's. that is the whole purpose of the 'reset advertising identifier' option in iOS.


    this is an excellent point. although it again requires assumptions, this is a much more reasonable assumption than your previous one in my opinion. however as i somewhat already touched on, to expect to not be tracked whilst an app is running on the main screen is to be charitable to say the least but once an iOS user puts the phone in their pocket... the policies which are only a few swipes away decide what happens next
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    I would expect there to be cases where additional information is phoned home with the advertising ID. Example: App1 is some kind of search app that displays ads in the results. The advertising ID is allowed to be used for "frequency capping, conversion events, estimating the number of unique users" even when the Limit Ad Tracking feature is enabled. So one or more of those should provide cover for phoning the advertising ID home with every search. What the developer might do is phone home the search terms along with the advertising ID along with a LimitAdTracking boolean. So if/when Apple actually studied the code it would appear that the server would be honoring that boolean when deciding how to select ads. Another example: App2 is a financial app of some sort that phones home the advertising ID with every request (that accesses an account for which personal information is known). In addition to the exclusions previously mentioned, this app would also have the "security and fraud detection" exclusion available to it.

    The reset feature causes a new advertising ID to be generated. The idea being that if/when you reset it you detach yourself from information correlated with the previous advertising ID. If the user signed into an account while using the old advertising ID and later signed into the same account while using the new advertising ID they'd be "linking" their two advertising ID's together via activity. Another potential way such linking could be done is via an app that persists a "last seen advertising ID" variable. When that app retrieves the advertising ID it would compare it to the saved one, and if they don't match it would phone home both. The server would then know that it is dealing with the same device/user and can handle its database appropriately.

    Yes, I am making assumptions in the sense that I'm trying to mentally think of ways which these cross-app advertising IDs can be abused. Not just on IOS mind you.
     
  15. Seven64

    Seven64 Guest

    Google = NSA.
    I will TRY to avoid Google like the plague.
     
  16. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Who *isn't* NSA these days? Pick your poison, but I just think Android offers you the most choices to remain private if you put in the work.

    Again, I know nothing about what can be done to a Jail Broken iDevice. I'm pretty sure there isn't an open source version of iOS, but maybe you can spoof MACs, Machine Names, Permissions and Firewall it if you Jail Beak? Out of the box, taking advantage of all offered services, they are both atrocious. IMO.
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If the extent of the spying, tracking, etc made possible by these "smartphones" had been known at the outset, I wonder how many people would have refused to buy them.

    Unless one has a legitimate need to have 24/7 access to all of those services from anywhere and everywhere, IMO this battle isn't worth fighting.
     
  18. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Wrong!

    Google, Microsoft, Apple = NSA

    I have no choice but to use iPhone. However I am keeping my eyes open on something new when it becomes stable and fully featured.
     
  19. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Bro, Nexus 5 with SecureROM! :D
     
Loading...
Thread Status:
Not open for further replies.