
NSA's Tips to Keep Your Phone from Tracking You - pcast
https://www.wired.com/story/nsa-tips-smartphone-data-canon-ransomware-twitter-bug-security-news/
======
flanbiscuit
> Turn off Bluetooth and Wifi

> Turn on Airplane Mode

> Decline location-sharing or at the very least restrict it to only when the
> app is open

These seem obvious but I guess need repeating. The last one is only an option
for Android 10+ users which apparently only account for ~25% of Android
devices out there. So 75% of Android users can't even do this yet. Not sure
about iOS but I know they've had it longer at least.

> Reset you phone’s Advertising ID

This one I personally was not aware of

> Don't use iOS and Android's FindMy or FindMyDevice features

What happens if I lose my phone though? I wonder what the numbers are on
people who have successfully retrieved their phone using these compared to
people who can see where their phones are but never got it back.

> consider using a trusted VPN provider.

I clicked on their link and just skipped straight to their "Advanced User"
recommendation, because this is HN, and they recommend Mullvad. Curious to see
what HN users think of that one.

[https://gs.statcounter.com/os-version-market-
share/android](https://gs.statcounter.com/os-version-market-share/android)

[https://source.android.com/devices/tech/config/tristate-
perm...](https://source.android.com/devices/tech/config/tristate-perms)

[https://mullvad.net/en/](https://mullvad.net/en/)

~~~
a5withtrrs
I met one of the founders/owners of mullvad at CCC in Germany over 8 years
ago. I gotta say, I've never met someone so happy to talk about how
unbelievably paranoid they are about security and how much effort went into
not only protecting the VPN endpoints themselves but the team's devices so
they can't be used as a point of compromise. Wasn't a sales pitch, just a
multi hour long discussion around privacy and tech that enables it.

I learnt a lot from that dude and have been using mullvad for years since
since it's the only VPN provider I've ever personally met. Oh yeah, decent
speeds etc as well :P

~~~
neonate
Can you share some of the things you learned? I'd be curious to hear about
unusual measures they've taken, especially around team's devices.

~~~
ta17711771
Zero-trust infrastructure is what you're looking for.

------
sawaruna
>Also important to remember is that GPS is not the same as location services.
Even if GPS and cellular data are unavailable, a mobile device calculates
location using Wi-Fi and/or BT. Apps and websites can also use other sensor
data (that does not require user permission) and web browser information to
obtain or infer location information.

Wondering what kind of sensory data they meant here, I had a look at the
citation[0]. If anyone else is curious:

>We describe PinMe, a novel user-location mechanism that exploits non-
sensory/sensory data stored on the smartphone, e.g., the environment’s air
pressure and device’s timezone, along with publicly-available auxiliary
information, e.g., elevation maps, to estimate the user’s location when all
location services, e.g., GPS, are turned off. Unlike previously- proposed
attacks, PinMe neither requires any prior knowledge about the user nor a
training dataset on specific routes. We demonstrate that PinMe can accurately
estimate the user’s location during four activities (walking, traveling on a
train, driving, and traveling on a plane).

[0] [https://arxiv.org/abs/1802.01468](https://arxiv.org/abs/1802.01468)

~~~
imglorp
Microphones too. Signage and TVs etc can emit ultrasonic beacons your devices
can hear, with applications like tracking your viewing habits and your
location.

Ditto the proximity sensor: it's just a photocell and a simple room light
could comprise a beacon. Flashing over, say 30hz would be invisible to us.

~~~
guessbest
A lot of the cheap wifi security cameras already use sound to transmit data
such as for pairing.

[https://setup.smartlink.pitneybowes.com/advancedTroubleshoot...](https://setup.smartlink.pitneybowes.com/advancedTroubleshooting)

------
james_pm
The actual guide instead of a summary in a Wired article.
[https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI...](https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF)

------
jonplackett
Isn’t it a bit ironic that the organisation most likely to be tracking you is
giving tips on how not to be tracked?

~~~
guessbest
They used to make a distribution of Linux called SELinux until Microsoft
successfully lobbied the government to make them stop.

[https://www.nsa.gov/what-we-do/research/selinux/](https://www.nsa.gov/what-
we-do/research/selinux/)

> The NSA, the original primary developer of SELinux, released the first
> version to the open source development community under the GNU GPL on
> December 22, 2000.

[https://en.wikipedia.org/wiki/Security-
Enhanced_Linux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux)

~~~
vngzs
Not exactly a Linux distribution. It's a kernel security feature for mandatory
access control - and it's reasonably good, if difficult to use.

Edit:

Found a source on the parent's claim.

[https://linux.slashdot.org/story/02/08/19/1750212/did-ms-
lob...](https://linux.slashdot.org/story/02/08/19/1750212/did-ms-lobbying-
stop-nsa-work-on-selinux)

~~~
guessbest
How about the NYTimes?

[https://www.nytimes.com/2001/09/07/business/us-vs-
microsoft-...](https://www.nytimes.com/2001/09/07/business/us-vs-microsoft-
the-lobbying-a-huge-4-year-crusade-gets-credit-for-a-coup.html)

> Last year, Microsoft even hired Ralph Reed, the political consultant who was
> at the time a senior adviser to the Bush campaign. His job was to urge Mr.
> Bush to take a softer approach toward the company if elected president.

GWB dropped the antitrust case again Microsoft after elected to be the
President of USA

~~~
vngzs
The specific point that NSA halted SELinux development at Microsoft's behest
(I had never heard of this) is more demanding of citations than Microsoft's
general lobbying of the federal government (which they certainly did). There's
no mention of NSA or SeLinux in that NYT article.

------
IRegretNothing
Month ago I built my own android app that automatically switches on airplane
mode whenever the display switches off (and vice versa). Made in 10 minutes
with Tasker, it's even in the play store.

Since then I really enjoy life again without any notifications, it's just
wonderful.

~~~
nikonyrh
I just use the moderate power saving mode which disables network traffic of
the background apps. Now my 2017 Samsung A3's battery lasts about 3.5 - 4.5
days / charge. If I need to be "urgently" contacted people can still call or
SMS me but I don't want any realtime notifications from apps.

------
slowhand09
Your phone? Ha!! Count the connected wireless devices in your home.
Cellphones, Amazon Echo, garage door opener, fitness watch, Ring doorbell,
cable tv boxes, tv's, computers, printers, tablets, digital pencils, modems,
wifi APs, earpods, wireless speakers, cordless phones, ovens, fridges, door
locks, light bulbs, automobiles, VR goggles, quadcopters... Are we there yet?

------
pella
3y ago:

"Does disabling Wi-Fi prevent my Android phone from sending Wi-Fi frames?"

[https://news.ycombinator.com/item?id=15141077](https://news.ycombinator.com/item?id=15141077)

------
082349872349872
You all probably already knew this, but I recently discovered "airplane mode"
does wonders for battery life. Then again, I'm from a generation old enough to
feel no qualms about wandering about with no device whatsoever, so YMMV.

~~~
Santosh83
Do recent phones actually honour the Airplane mode absolutely or do they still
allow WiFi/BT to bypass it, or override the user and activate the mobile radio
under exceptional conditions?

~~~
gruez
>do they still allow WiFi/BT to bypass it

AFAIK both android and ios disables wifi/bluetooth when you turn on airplane
mode, but you can turn them back on without exiting airplane mode.

>override the user and activate the mobile radio under exceptional conditions

Not sure about this one, but to my knowledge there isn't any.

~~~
zentiggr
I do this at home, my phone has a WiFi Calling option, and our entire block is
a near-zero cell signal area.

Airplane Mode + WiFi back on stops the battery loss from the phone hunting for
a tower all day.

------
zxcvbn4038
VPN usage is problematic - my phone provider blocks the major VPN providers so
I have to switch it off whenever I'm outside wifi range. About half the
financial sites I visit consider VPN usage a threat and the response ranges
from CapitalOne's extra authentication to Synchrony's lock out the account for
72 hours to Goldman Sach's refuse to load and ask you to call a toll free
number (where the confused rep just says they block some vpns and has no real
advice to offer).

There have been a number of cases where someone was a suspect in a crime
because their phone was in the area. I'm thinking it might be better to keep
the data service shut off all the time and just use wi-fi calling when I get
to where I'm going. Phones don't work on the subway and are a distraction when
driving, so maybe solve multiple problems that way.

~~~
pcast
I had the same problem some time ago (VPN providers blocked). I solved it
using DNS over HTTPs

------
chupasaurus
The only measure there is for the most of phones is to put them in a Faraday
cage.

------
curation
Did onion.com change their name?

------
ReptileMan
Root and firewall?

------
onetimemanytime
Unless you're a spook, isn't it pointless? We're bound to make mistakes. Or
just make it a bit more anon?

------
SergeAx
So, the world's most powerful surveillance agency gives me advice how to avoid
surveillance? Thank you, I'll pass.

------
tmaly
I always put my phone on airplane mode before going to bed. I just don't want
the extra radiation while I sleep.

~~~
tombert
Correct me if I’m wrong, but isn’t the radiation from the WiFi and Cell towers
in your bedroom regardless of whether your phone is on?

~~~
RealStickman_
His phone doesn't answer, so I'd think there would at least be less radiation.

~~~
Aachen
Indeed, the thing trying to reach a 2km distant tower 50cm from your head is a
bit more powerful than the signal coming from 2km away trying to reach your
phone.

~~~
tanatocenose
Your comment seems intuitively entirely backwards. You think the tiny battery
powered device in your bedroom is producing more EMF than the hundred foot
tower hardwired to the grid actively sending the same exact type of data to
thousands of devices in every direction beyond every wall that surrounds you?

~~~
Aachen
Absolutely.

If you're asking about _ability_ then yes: a grid-connected tower will both be
able to produce stronger radio waves and last much longer (indefinitely versus
some battery), but that's not legal, not what they do in practice, and
wouldn't make sense: if the tower is so much stronger, then only your phone
would be able to receive the tower. The tower wouldn't hear your phone's reply
if the phone were significantly weaker. Since both generally want the maximum
possible range, they'll transmit as much as regulations allow. A tower might
have bigger and more sensitive antennae, but not so much that the
transmissions are significantly different in power output. Both are safe to be
nearby, but in case of long phone calls with the cell phone at your literal
ear, your brain does heat up a measurable amount (if you have the right
equipment), or so I've heard.

To confirm this "both sides need to be roughly equally strong to hear each
other" story, do a 30 seconds search online, or for a practical example you
could look at the dBm (decibel-milliwatt) values your WiFi devices' output
(the access point versus the stations; it's not the same as cellular but in
the case of WiFi both are under your control so you might be able to observe
both values).

