overview for coffeeClean

AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people's location info in c/[email protected]

[–] [email protected] 1 points 6 months ago

I had a faraday phone case at one point. They also make jackets with faraday inside pockets. I quit using the faraday pouch because if you use that as a convenient off switch, the phone works harder to find a tower, draining batteries. So to save juice you need airplane mode. There’s probably still reason to use a faraday bag along with airplane mode, but since I’ve parted with a GSM chip as well, it’s just not worth it unless you’re someone like edward snowden.

AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people's location info in c/[email protected]

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (2 children)

That’s insufficient. Mobile providers are not even getting your location through that Google mechanism that feeds Google. Their towers track your location even if you have GPS off.

I always tap “disagree” to location svcs when turning GPS on and take a hit on slow positioning. But that only cuts Google off. To cut the mobile carriers off, I keep my phone in airplane mode and also keep the GSM chip slot empty. In fact I don’t even carry a gsm chip. I believe in this state I can make emergency calls (IIRC, airplane mode automatically gets disabled when an emergency number is dialed).

AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people's location info in c/[email protected]

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

Yet a vast majority of people have no problem when people are forced to subscribe to mobile phone service:

https://infosec.pub/post/11658371

This kind of information should be startling enough to at least see the merit in not having a mobile phone subscription. But no, people will just say “that sucks” and continue to being the sucker while also expecting others to be equally naive or cavalier too.

from the article:

AT&T told The Register said it should not be blamed for the failure of those buying its data to obtain proper consent, and said it will fight the fine.

Private investigators are treated as legitimate consumers of that location data. An angry ex-boyfriend or ex-husband hired a PI to find out where his ex was, who then simply bought the location data from a mobile carrier. The guy used the info to find her and shoot her dead on the spot (headshot while she was driving a car). The data sharing was “legit” in that case, in the US where privacy laws are generally non-existent.

It’s strange how that murder case gets omitted in these articles about mobile carriers selling location data.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 1 points 7 months ago

They’re not at odds. We don’t have to choose between protecting UDHR Art.3 and Art.17. It’s foolish to disregard some portion of the UDHR needlessly and arbitrarily.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 8 points 7 months ago

The real problem with @[email protected]’s comment was to blame the victim. It may be sensible to blame the victim, but let’s not lose focus on the perp.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (2 children)

Don’t try to strawman this. Human rights are violated when someone is deprived of their property (their data in the case at hand). If food is withheld from starving people in Gaza, your argument is like saying:

“Claims human rights are being violated because someone failed to drive a truck”

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 5 points 7 months ago* (last edited 7 months ago)

beehaw.org defederated from lemmy.ml. And I don’t blame them. I actually try not to post to lemmy.ml or any of the Cloudflare-centralized nodes (lemmy.world, sh.itjust.works, lemm.ee, etc) but it slipped my mind when I posted here.

(edit) sorry, i'm confused. I thought beehaw.org defederated from lemmy.ml, but both the post herein and the original are on lemmy.ml yet you can reach this one. So I’m missing something. I wonder if you are able to see infosec.pub-mirrored content and maybe the original community has no infosec subscribers? hard to say.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

You’re very trusting of your corporate overlords. I’m sure they are grateful for your steadfast loyalty and trust.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (3 children)

No amount of money you pay for your phone up-front will make that malicious code magically go away. You can pay cash, and you can even tip the seller. The code that reduces your control remains in that device. If you don’t control it, you don’t own it.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 1 points 7 months ago

If you fail to use rights granted to you by free software licenses, you can blame yourself.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] -2 points 7 months ago* (last edited 7 months ago) (5 children)

You’re not getting it. Again:

If you don’t control it, you don’t own it.

Buying something does not mean you control it. You might have bought an Amazon Ring doorbell but if Amazon does not like your behavior they can (and will) render it dysfunctional.

If you don’t control it, you don’t own it.

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. in c/[email protected]

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (5 children)

I guess a closer analogy would be rental storage. If you don’t pay your mini storage bill, in some regions the landlord will confiscate your property, holding it hostage until you pay. And if that fails, they’ll even auction off your contents.

So in the case at hand the creditor is holding the debtor’s data hostage. One difference is that the data has no value to the creditor and is not in the creditor’s possession. It would be interesting to know if the contracts in place legally designate the data as the creditor’s property. If not, the data remains the property of the consumer.

This is covered by human rights law. Universal Declaration of Human Rights, Article 17 ¶2:

“No one shall be arbitrarily deprived of his property.”

If the phone user did not sign off on repossession of their data, and thus the data remains their property, then the above-quoted human right is violated in the OP’s scenario.

174

motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent. (infosec.pub)

submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]

93 comments fedilink

The technical mechanism:

https://play.google.com/store/apps/details?id=com.google.android.apps.devicelock

update

To be clear, I am not the OP who experienced this problem. I just linked them from here.

24

Situations where a Google account is essential -- feedback wanted (infosec.pub)

submitted 8 months ago by [email protected] to c/[email protected]

21 comments fedilink

cross-posted from: https://infosec.pub/post/9936059

I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).

If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

right to life

healthcare

freedom of expression

freedom of assembly and of association

right to education

right to engage in work and access to placement services

fair and just working conditions

social security and social assistance

consumer protection

right to vote

right to petition

right of access to (government) documents

right to a nationality (passport acquisition)

right of equal access to public service in his country

Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:

Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:

emergency apps (e.g. that dial 112 in Europe or 911 in the US)

banking apps

apps for public services (e.g. public parking)

others?

(education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.

(education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.

I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.

1

Situations where a Google account is essential -- feedback wanted (infosec.pub)

submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]

0 comments fedilink

I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).

If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

right to life
healthcare
freedom of expression
freedom of assembly and of association
right to education
right to engage in work and access to placement services
fair and just working conditions
social security and social assistance
consumer protection
right to vote
right to petition
right of access to (government) documents
right to a nationality (passport acquisition)
right of equal access to public service in his country

Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:

Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
- emergency apps (e.g. that dial 112 in Europe or 911 in the US)
- banking apps
- apps for public services (e.g. public parking)
- others?
(education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
(education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.

I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.

45

(Canada) An M&M vending machine error revealed facial recognition was used to illegally snoop on students (boycott Mars) (infosec.pub)

submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]

0 comments fedilink

cross-posted from: https://infosec.pub/post/8862635

“Only because of that official investigation did Canadians learn that ‘over 5 million nonconsenting Canadians’ were scanned into Cadillac Fairview's database”. Wow.

This Wired article is contradictory. The spokesperson says:

“an individual person cannot be identified using the technology in the machines. The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface”

I suppose it’s possible that a sloppy developer would name an executable Invenda.Vending.FacialRecognitionApp.exe which merely senses the presence of a face. But it seems like a baldfaced lie when you consider that:

“Invenda sales brochures that promised ‘the machines are capable of sending estimated ages and genders’ of every person who used the machines—without ever requesting consent.”

Boycott Mars

I already boycott Mars because they are a GMA member and they spend ~$½ million lobbying against #GMO labeling -- and they have been blackballed for using child slave labor -- and Mars supports Russia. This is another good reason to #boycottMars.

Update

Apparently a #LemmyBug replaced the article URL with a picture URL? The article is here:

https://www.wired.com/story/facial-recognition-vending-machine-error-investigation/

The vending machine pic is here:

https://infosec.pub/pictrs/image/2041d717-7cd7-4393-94f3-96aa87817aa7.jpeg