Hacker News new | past | comments | ask | show | jobs | submit login
Google collects metadata from Android phones (borncity.com)
490 points by aethertap on July 1, 2016 | hide | past | favorite | 250 comments

The article seems to imply that this is a recent addition to the privacy policy. Google keeps archived versions of their privacy policies (https://www.google.de/intl/en/policies/privacy/archive/), and you can easily see that the "telephony log information" was added in the March 1st 2012 revision of the Google privacy policy.

You can see a summary on https://www.eff.org/deeplinks/2012/02/what-actually-changed-...

As the EFF mentions, this was a big privacy policy change, and it was widely announced. For example, I searched through my emails right now and found an email from Google (on my @gmail.com address) on 2012-01-28 announcing the change and asking me to "please take a few minutes to read our updated Privacy Policy and Terms of Service at http://www.google.com/policies".

For completeness sake, the diff from the changes on June 28th: https://www.google.de/intl/en/policies/privacy/archive/20160...

Disclaimer: I work at Google, but not on anything related to this. I speak for myself, not for the company.

EDIT: Interestingly, the language in the 2012 unified privacy policy matches very closely the language that was used in Google Voice's privacy policy since 2009: https://web.archive.org/web/20090315193708/https://www.googl...

> Google's servers also automatically collect telephony log information (including calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information, and types of calls).

The problem is that at the time they added a lot of "vague language" that maybe allowed them to do this, or didn't. But because Google may not be doing a certain collection of data then, it means journalists can't really attack Google for it, because everyone would point out that "it's just vague like that for legal reasons, but Google wouldn't actually do that." So whoever suggests they would do it gets shut down pretty quickly because he or she has no proof Google is doing that right then.

But then a couple of years later they turn on that data collection without anyone realizing, and it may take a few years before some do.

This happened with Microsoft do. When it was suggested that Microsoft can collect every key stroke because that's what their privacy policy says, most said "but that's crazy! Microsoft wouldn't actually do that" (even if that's what the policy says it can do). But the reality this we'd have no idea if Microsoft does indeed do that, maybe not for advertising purposes, but for law enforcement purposes (especially since half of the requests come with gag orders now, as Microsoft recently said when it launched the lawsuit against DoJ).

The default understanding of a privacy policy should be "if the policy allows something, then we should assume the company is doing exactly that." No other understand makes sense in practice.

According to that diff, Google moved from opt-in sharing of DoubleClick cookies, to...potentially default-in, with a possible opt-out option buried in some unidentified settings page?

gotta love the double standard.

when verizon did their super cokie, everyone went crazy (as they should).

now that its google (doing that since before verizon it seems) the top coment is a googler throwing the issue to the side in a hitchhikers-guide-to-galaxy way ("you should have checked the alpha centaury records in 2012")

I think the right reaction to this is moving to Android without the mothership. That is an Android stripped from any Google services.

I was quite sceptical about Android, partly because it has a foreign userspace and partly because there were no nice vanilla Android forks without Google code and with a focus on privacy.

I'm now tired of waiting for any Maemo successor to catch up and I reckon F-droid has become a pretty nice ecosystem. Also the announcement of CopperheadOS, Guardian Project and F-droid joining forces is exciting [1].

[1] https://guardianproject.info/2016/03/28/copperhead-guardian-...

I've gone the Google-free route a little while ago, and it's really been not nearly as bad as even I thought myself. The only thing that I'm still sort of missing, is the automatic calendar and contact backup. You could do that with something like OwnCloud/NextCloud or a CalDAV-service, but yeah, it is a non-trivial effort.

Otherwise, in case you do try it, here's some things that I found useful: If the apps on F-Droid aren't enough for your taste, you can also use Aptoide [0] to access a big portion of the apps that are available on the Play Store.

The Amazon Store is also an option, although their store is also not really the greatest when it comes to not invading your privacy.

And if you cannot live without some of the apps on the Play Store, or if you've paid for some apps there and would prefer to not lose access to them, I can recommend Raccoon [1] for accessing them.

There's also some online-services, like for example Evozi [2], which can download unpaid apps from the Play Store for you, but well, for one, usually only unpaid apps, and secondly, I have yet to find one of those services which is not hopelessly overloaded.

I think, if you look more into app-piracy tools, you might also find a web-service which let's you download paid apps, but I've personally just stuck to Raccoon, so I can't make any recommemdations there.

Finally, if one of your apps really does need Google Play Services, there's a project aiming to reimplement the functionality without the privacy problems, called microG [3]. I haven't personally tried it yet, but I think, it's somewhat hit-and-miss, so while it's probably worth trying, you shouldn't expect too much from it...

[0]: http://www.aptoide.com/

[1]: http://www.onyxbits.de/raccoon

[2]: https://apps.evozi.com/apk-downloader/

[3]: https://microg.org/

Mailbox.org gives you contact and calendar sync and backup for 1 euro a month. Plus email with your own domain.

Default language on their page is in German but everything is available in English (including support).

As for calendar and contacts you could pay for a provider who hosts them for you, usually with email. Unless that's not enough and want to get more self-hosted route, not just Google-free.

> when verizon did their super cokie, everyone went crazy (as they should). now that its google...

to be fair, one was a thing that happened, the other is a "by my reading of the ToS, they could do this"

also verizon was an actual man in the middle attack on their users.

The privacy policy actually says you don't have to check:

>Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent.

All fine, but it is left conveniently unspecified what is meant by "reduce your rights". In fact, I don't even know my rights as I was not explicitly presented them in the form of a list in the first place, making the "reduction" ambiguous.

Admittedly it is not as easy to spin this as a more explicit ToS, but I am sure that with a sufficient number of legal experts, this has considerable leeway in terms of interpretation.

On the other hand, if a court found them to have violated their own policy of not reducing rights without notification then they could get heavily fined.

Yes, it doesn't appear users have any explicit rights under the policy.

Obviously my rigth to privacy is not part of my rights under this privacy policy.

because they did change that, according to this very thread. With nice diffs and all.

To disable it on Android go to: Settings -> Google -> Ads -> Opt out of interest-based ads

But the surprise twist is that Apple does the same thing!

To disable it on iPhones go to: Settings -> Privacy -> Advertising -> Limit Ad

That setting on iOS refers to iAd, a service that died because it respected your privacy too much, and was therefore not appealing to advertisers. It seems unfair to compare Apple and Google on user privacy. They are poles apart.

> That setting on iOS refers to iAd, a service that died because it respected your privacy too much

That is absurd revisionism: iAd died because Apple stipulated a minimum ad spend of $1 million. They later dropped the minimum spend to $50, but the damage was already done and the platform was in a death-spiral.

iAd died because Apple unsuccessful tried to capture the 'premium' end of the Ad Market, not because it "respected user privacy too much".

"Apple is loathe to use customer data to deliver targeted advertising or personalized recommendations..."

...is false. They are loathe to allow anyone else access to it, and sold ads as many exchanges (like Facebook) do - not sharing user info, but promising they can target the demographic you want with precision.

And just to drive home the point, they will still be using targeted data when they start showing App Store ads in iOS 10. If you think there is no targeting there, you're hiding your head in the sand.

My theory goes like this - Apple gets to still advertise, lose its full iAd sales team, has a captive audience and ad platform and so can set pricing however they want, use native (better) ads instead of banner (worse and dying) ads, and so on.

Even the opt-out seems backwards. I checked the setting, immediately saw that the button was disabled and thought, "Oh, I'm good." Until I read the description and thought about it. The switch needs to be "on" to opt-out. http://imgur.com/ZZTL3ct

Important to note is that it also says "...if you clear your cache, you will lose your opt-out setting." What cache?

Yeah, dark pattern of UX all over again. Seriously, how about "never send any data to Google unless I explicitly requested it"? I guess that is not in their short-term interest though. Yeah, don't do evil unless you can... :(

And: Settings -> Security -> Apps with usage access (turn off for each app). And probably countless other settings too. Good luck finding, understanding and setting them, let alone keeping up with them from one upgrade to another! My guess is they are there for legal and PR reasons: "well, if you don't like it, you can just turn it off in Settings -> Somewhere -> Makes no Sense... See? It's not us, it's just you..." Seriously, I am not even in their jurisdiction. How dare they spy on me?!?

Thanks, I didn't know about this. It's set to opt-out and I don't recall doing that but may have at some stage.i wonder what the default is? The explanation below is unusually readable and come across an an explanation rather than the standard dense legalese that is in eula.

I have no "Google" option under my settings. Nexus 4, Android 5.1.1

You might have a separate "Google Settings" app.

My guess this may be related to personalized ads that you can configure here: https://www.google.com/ads/preferences

You can control a lot of what you see from that page (which has been around for at least 6 years).

Yeah, it was so well announced that multiple HN readers -- including me -- who strongly tend towards the privacy sensitive are shocked that they're doing it.

I'm just quoting the EFF's opinion really:

> They did a great job of informing users that the privacy policy had been changed through emails and notifications

That's about the only positive statement on that page. Here's context.

The title:

   What Actually Changed in Google’s Privacy Policy
   It Shouldn't Take a Letter from Congress for Google to Give Straight Answers 
   About Privacy Policy Changes
and the sentence after the one you quoted

   Unfortunately, while the policy might be easier to understand, Google did a 
   less impressive job of publicly explaining what in the policy had actually 
   been changed.  In fact, it took a letter from eight Representatives to 
   persuade them to provide straightforward answers to the public about their 
   new policy.  
and again

   Unfortunately, Google’s original explanation left much to be desired.  The 
   policy’s overview page said nothing about the substantive changes that were 
   occurring in the policy, and the FAQ was equally vague:

So yes, maybe Google notified people. But unless you view reading a large document written by lawyers as somehow pointing out that Google is now collecting the same data the NSA worked so hard to get their hands on -- the call logs of every android user -- that's nothing like notification.

Here's notification as written by someone who actually wants to notify rather than do the minimum possible to cover their ass while simultaneously obscuring what they actually collect:

   We will now record and store every phone number you call.
This goes a long way towards explaining why people trust Apple and distrust Google.

ps -- under substantial changes, nothing about telephony. So apparently the eff didn't see or didn't understand the change either.

All that says is that privacy-sensitive people are out of touch with reality.

This account belongs to a Google eng.

So what? He stated that, noted the sources for what he said. Genetic fallacy is a tired thing.

Are people really surprised about this anymore? I can't say that I am. Google is a company which makes a lot of money off of their platforms. I expect them to be collecting data wherever and whenever they can. I see stories like this every day but I've become accustomed to it because it's such a normal practice nowadays, especially from a company like google which provides so many advertising services. I'm not saying this is a good thing, absolutely not. I'm just saying that I've come to expect this kind of thing in the current day and age.

I make the same assumption and the chilling effect is frustrating. I assume everything I type on the internet is able to be tied back to me if anyone at the NSA etc wanted to look at me specifically. Unless you always use a VPN (or Tor) for all of your accounts and go through the unreasonable efforts of preventing browser fingerprinting, chances are this is true for everyone. And even those efforts are thwarted if they seize your devices, unless you use something like Tails OS.

Anonymity on the internet is dead for the regular user and it sucks. I wish something like Freenet was better and had more users/content.

It's dead if you use all these "free" services, "free" mobile os and services and "free" apps like Chrome browser, provided by Google,Facebook and co. By using these "freebies" you are willingly giving up data. People are effectively paying with their privacy, it is made completely clear. That's the model the "free" internet chose to go with. People don't seem to care about their privacy or don't understand the consequences of giving up all their data to Google and co. These collected data are not anonymous.

Any website that has any sort of third party analytics or advertising invades privacy. All three of the major browsers invade privacy (or allow it to leak out). Governments monitor and store data directly from ISPs. Windows 10, which isn't free, has tons of privacy issues.

The issue is not in any sense limited to "free" things.

From a consumer standpoint; is android free? I paid for the phone, I own it outright but Google still seems set on turning me into a cash cow.

Get a phone that allows you to flash a custom ROM and pick one without Google's apps.

"It's dead if you use all these "free" services, "free" mobile os and services and "free" apps like Chrome browser, provided by Google,Facebook and co. "

Don't forget about all of your packets being sniffed at every hop as they go through all those telco routers you pay to use. Dead there to unless you use tor too, but then you just get flagged for using tor.

>Anonymity on the internet is dead

All thanks to advertising companies. What a rotten state of affairs.

We may nerd out over their open source and tech, but aside from a few for-pay services (Apps for Business, Firebase, dev cloud, etc) Google is the largest advertising company in the world. When you choose a Google product, you are choosing that.

All thanks to the users of advertising companies who trade privacy for free or cheaper stuff. We used to have paid, more private tech. Still do actually. Almost no money in it with bankruptcies and acquisitions by shady firms more common than getting on Global 2000.

This feels a bit like blaming unsafe working conditions and 12-hour work days at the beginning of the industrial revolution on workers, because they signed the contracts (this was the prevailing narrative from factory owners at the time too).

At some point, society came to the conclusion that the workers and factory owners were not on equal footing, and so rules were instated, despite strong protests from the factory owners that contract law was sacrosanct and workers should be free to agree to anything.

Perhaps it's time for regulation to solve this dilemma?

People LOVE their phones and the functionality it provides, this is not analogous to being forced into shitty miserable manufacturing jobs to buy food for your kids. You can buy a dumbphone with a contact list that makes calls, but people don't.

That's actually a good example. Many honest people and criminals alike who value privacy are buying feature phones with no background apps, GPS turned off, and sometimes battery out. Been going on a long time. Great improvement in privacy or odds someone (outside nation-state) is going to remotely snatch your secrets. There's also regular press releases showing smartphones have lots of hackers targeting them.

Yet, people buy iPhones and Androids instead. They wanted those features over privacy or security. Next step was people posting hardening guides plus making private apps for these. Most people still didn't use them. Next step, given that and low sales of "crypto phones," was to make new crypto phones & mobile solutions that pre-hardened Android, pre-supplied key apps we needed, and provided things like remote wipe. Most people and businesses don't buy those even if the price gets down to a normal smartphone.

I mean, what else is even left to do to appeal to majority who won't buy a fully-featured, privacy-enabled, Android phone for Android prices? At this point, I feel comfortable saying the buyers are the problem or (said differently) they have a clear preference against any private phone companies produce. They're for existing UX, tons of apps, more tracking for app's features, cloud backups providers can read, faster, prettier, and so on. Everything that enables hackers.

So, I suggest companies just say "Screw it! I'm just going to do a marginal improvement on whatever customers want while making excuses when problems happen." Since telling them it's their own choice doing it or offering them a secure phone will both lead to financial losses.

This is a very good reply. My hat off to you.

That being said, could you give us a good example for these privacy-enabled phones and apps? I am willing to make a collection out of these and write a guide on hardening Android. And I am not just talking apps that are incredibly hard to use; I mean the better generation of them who are actually mass-audience-friendly.

Of course we must not forget that Android phones could have a backdoor at the kernel or even at the hardware level. But I still think we should do the best that we can. As many security researches say, you aren't absolutely breach-proof, but if you work hard enough you're not a target that's worth the effort, especially having in mind you're not a legitimate threat to any government.

I view this sort of like the people who got away from the Matrix in the movies; as the Architect and the Oracle implied, as long as these people aren't an escalating threat for the entire system, they're allowed to live however they choose.

What's your opinion on the Turing Phone and Sailfish OS in general, by the way? Do you think that it gives us a fair progress in the direction of the more snoop-proof end-user tech?

I'm going to focus on voice as messengers are all over the place. People originally wanted secure voice. They started out as custom or value-added devices that, if worth a crap, often had special protections like dedicated IC's for crypto and TEMPEST protection:


Those were usually very simple. A good thing compared to modern ones. They all cost in the $1,000-3,000 per unit range due to extra costs and low volume. Sectera Edge was probably most secure and rugged. Cryptophone was easy to use plus had nice features like hardened Windows and published source for crypto. You basically called the person, read out what was on your screen, listened to them do the same, and listen to each other's voices to make sure you recognized them. It was favorite outside of just defense use. Switched to Android later. That's the demo I found.



Note: The letters you see are the codes you read.

These were pretty expensive. So, companies started developing software for regular phones... often one or two models... that turned them into encrypted phones optionally with hardening. Prior list had some. SecureStar (PhoneCrypt), SecureGSM, and Cellcrypt come to mind. Eventually, recognizing encryption wasn't enough, this segment sort of combined with Android and other software to produce dedicated phones that were cheaper than older cryptophones. Well, some of them haha. Two examples with second being the open Redphone.



Examples of the phones produced include Boeing Black, Bull Hoox, the Cryptophones, and recently the Blackphones w/ Silent Circle. Blackphone was among the cheapest we saw at regular, smartphone prices. It was common for crypto phones to come with voice and SMS at least. Blackphone added quite a few privacy-oriented apps over most to be all-in-one solution. I remember that as an advantage.


Far as messengers, we have good open ones these days so I mostly forgot the others outside cryptophones and above. Signal is super easy, free, and quite secure. Main recommendation. There was also ChatSecure and TextSecure. Given open ones, no reason to trust commercial ones since subversion and BS is high in this industry. Still worth looking at them for how they do usability aspect to increase adoption. I know Threema got significant adoption. Worth looking at. I'm open to others' suggestions here on crypto apps with good security protocols that also have great usability. Thing is, if it's really end-to-end, usability is inherently lower than centralized one due to verification aspect. Anything truly frictionless is suspect in my view with Signal representing the high end of what I'm expecting.

Bruce Schneier, for Congressional submission, did ask us all to list as many crypto products as possible for him. You might find something of interest there. Here's that thread:



Note: Also, the original way we did this outside expensive cryptophones is called Voice over Secure IP (VoSIP). That means you set up the strongest VPN (or link encryptor) between two points that are communicating. Then, you force a normal app to go through it. One can automate this process so it's painless for users. Often stronger than average secure voice app given what scrutiny goes into some implementations of transport-level security. Or existence of dedicated lines between branches.

"I view this sort of like the people who got away from the Matrix in the movies; as the Architect and the Oracle implied, as long as these people aren't an escalating threat for the entire system, they're allowed to live however they choose."

Possibly but don't count on it. Depends where you live. The U.S. increasingly targets harmless citizens with anything it can up to and including just stealing their money without charges under civil forfeiture laws. Just using Tor or crypto is grounds for NSA to put increased scrutiny on you per the leaks. So, this isn't guaranteed. Keep real secrets off online or wireless devices period. Face-to-face only. The rest we have to keep doing more and more to protect. Can incrementally deploy it, though, where sales drive increases in not just features but assurance of more of the stack. My recommendation.

"What's your opinion on the Turing Phone and Sailfish OS in general, by the way? Do you think that it gives us a fair progress in the direction of the more snoop-proof end-user tech?"

Let me help you out by showing you what all they have to protect. You can look at this list, look at the marketing/technical material, and usually tell if it's going to be victim to future attacks.


By those standards, the above aren't even close. I haven't studied these phones where I can say much more, though. I do like aspects of Sailfish in terms of a more open phone but it's still owned by one company from Wikipedia's description. That one also licenses key I.P. in proprietary fashion. So, there is risk of it being another Google Android situation. Turing Phone article I read on Wired sounds like a pile of marketing BS plus lock-in waiting to happen. People are better off using apps like Signal, Redphone, Cryptophone, or Silent Circle that at least come from people who know what they're doing. Who we know have a track record. That's my (common) initial impression.

Thanks a lot! Bookmarking and downloading your reply. I'll most certainly use the following months to try and find the perfect balance between usable and secure app.

Sadly, on the topic of the Turing Phone, I suspected as much. I really like to believe but yes, they're quite new to the market and are still closed in terms of what they use for this alleged "more secure" phone/OS. I'm still interested but my enthusiasm is not so high compared to the time of the original announcement...

I wanted to use Signal several times but I have to admit, it's use-case and convenience points aren't looking well. I'll take a more serious look, though.

The big issue with Signal at the moment, is that it doesn't work on AOSP.

You can't use it without installing closed-source Google Apps (Play Services for GCM at minimum), and means you agree to hand over your phone metadata to Google (per the OP's top-thread). Moxie has stated he is open to consider high quality PR's to add Websocket functionality. (Removing close-source binary blobs would be a prerequisite to distributing on anything other than Google Play to though, which Moxie's also said isn't on the roadmap - I assume primarily because of resources).

In the meantime, Conversations.IM has OMEMO and Vector.IM has Olm/MegOlm.

There's not a lot of good voice options. Vector.IM's just added WebRTC, which is meant to be DTLS secured. CSipSimple does ZRTP, but it hasn't been updated in a long time.

None of the apps mentioned above has been audited and scrutinised to the extent Signal has.

If you really need privacy & security, CopperheadOS is the only Android distro AFAIAA that fits the bill at the moment.

Thanks for the tips on other apps and the Android distro. Much appreciated. Far as Signal issue, I did find this:


Perhaps some more volunteers putting effort in could remedy the situation.

You're welcome. Unfortunately, LibreSignal was shut down due to: https://github.com/LibreSignal/LibreSignal/issues/37#issueco....

I wouldn't pin too much hope on having a high quality PR written and integrated back to Signal soon. It doesn't look like a top priority for them. OWS also like the telemetry that Play gives them for diagnostics and have stated they won't be looking at FDroid unless someone can replace that.

Thanks for the link. That conversation was a bit disturbing as I read on. Least Moxie is allowing the code to be used.

Also remember that the factory owners at the time screamed that they could not afford any changes and it would bankrupt them and destroy the economy.

I dont defend the creepy advertisers but banning their crap would bankrupt and destroy them.

And imagine the online world loosing both Google and Mozilla. Or development of Firefox, Chrome, and Android slowing to a crawl as they went paid or donation-only. Big companies would win in browser and mobile market by default.

Red Herring.

Fixing the funding model is an independent problem.

I'm not saying that advertising and software development aren't prresently linked through funding. But the process is _fundamentally_ unbundled, through the vehicle of Free Software development and licensing.

The costs for advertising are approximately $500 per year per capita in the developed world (~1 billion persons), plus all the associated privacy, surveillance, security, and chilling-effects risks.

A shift of that basis from advertising to a syndicated content-and-development support tax would cut the cord between both advertising and content, and advertising and software development. Treating both writing of content (fiction, nonfiction, journalism, research) and software development as public goods could achieve some very strong social benefits (or at least present a different set of problems for us to jaw over on HN, though the concept of a technology startup incubator might also see some ground shifts).

Bust out of that box a bit, Nick.

Detachable headphones and mics.

"Fixing the funding model is an independent problem."

Oh no, it's a very, intertwined problem. One is only likely to succeed in business using models that are shown to work. A browser, secure platform, and so on is usually tens to hundreds of millions in labor. The only companies that have pulled that off either used premium, licensed software (eg Microsoft) or advertising (the rest). There's scores of attempts at alternative, business models to break into all these ad-dominated markets. Almost none of them work. So, this is important.

"through the vehicle of Free Software development and licensing."

It's possible but few have been built that way. There's a bunch of small players trying in the secure collaboration space. Making almost no money. Used iMessage, Facebook Messenger, WhatApp, and SMS instead. The ones making it, almost none in privacy, seem to be outliers that have lasted quite a while or VC-funded ones that we shouldn't trust due to sell-out risks.

"The costs for advertising are approximately $500 per year per capita in the developed world (~1 billion persons), plus all the associated privacy, surveillance, security, and chilling-effects risks."

Better to look at what it costs to develop top-notch products vs what they make on advertising, proprietary licensing, and FOSS licensing/support. What they make and if it justifies continuing the offering matter more than the $500/yr they probably haven't heard of. It's new to me, too.

"Treating both writing of content (fiction, nonfiction, journalism, research) and software development as public goods could achieve some very strong social benefits (or at least present a different set of problems for us to jaw over on HN, though the concept of a technology startup incubator might also see some ground shifts)."

I agree. It's just that 90-99% of buyers don't consistently for a decade or so.

"Detachable headphones and mics."

Mine and some others' designs call for simple switches that cut power or connection to mic, camera, and so on. That's doable if people want it. I'm also for jumper- and/or crypto-enabled updates of firmware that are tamper-evidence. Also doable.

"Bust out of that box a bit, Nick."

The model I've been considering is to get proprietary vendors to each contribute a bit of their revenue to the development of OSS dependencies. These might even be new proprietary vendors that are starting for the purpose of pushing better, paid software plus new models. The idea is that each of them contribute to say a mobile OS, a SSL library, a Linux/BSD, disk encryption, secure backup, and so on. As they improve and succeed, so do the critical components they are sponsoring. They can include it in the marketing material for customers along with examples like Heartbleed that came from supporting competition that didn't invest in critical infrastructure. So, there's immediate benefit, long-term maintenance, and public good all in one package. Selling the participants is the hard part here.

Note: I also thought getting CompSci people developing bug hunting or code generation tools to use them on these projects with their grant money would be nice, too.

Note 2: We haven't even gotten to the risk of patent suits on these companies whose business models have nowhere near as much money for lawyers or buying patents as those suing. That makes situation more dire at least in U.S..

The problem is separable in that it is conceptually possible to make organisation for software development independent of the business organisation that uses it. We've had this in the past, we have it now, though typically in smaller pieces. It's largely how Unix was developed (an unlikely consortium of a company which quite literally wasn't allowed to sell the product, but could make use of it, and a group of academic institutions in need of both computing tools and training projects), Usenet, the WWW, Linux, Apache, Debian, and more.

Your point that many Free Software projects make little money (at least as Free Software projects) misses the more salient point that they generally don't need to. Scratching itches, low barriers to collaboration, and solving problems in other application spaces makes this possible.

The giants' very reliance on vast revenue flows is also a vulnerability.

And no, I'm not arguing that costs disappear (though efficiencies do appear), but rather that they're distributed and loaded throughout numerous other organisations and activities making money on their own.

The "90-99% of buyers" problem is precisely why you look at funding alternatives which bypass per-copy market sales. I've been looking into the history of publishing and creative works, it's an interesting space. Patronage, busking/performing, crown sanction (essentially a content tax), BBC tax, etc. Information goods and markets interact very poorly: https://redd.it/2vm2da

(UC Berkely / Google economist Hal Varian has an extremely similar treatment which I ran across recently.)

The detachable headphones and mics comment was a reference to an earlier exchange we had, I thought you might recall it.

Your bust-out-of-the-box model isn't too far from what I'm suggesting for content tax/syndication. Whether voluntary (free-rider problem) or compulsory (politically difficult but possibly inevitable) you're distributing contribution to a shared resource. Much as, say, we ended up with language or the law.

Patent threats are also somewhat diminished through small pockets (less attractive target), or might be addressed specifically via legislation and/or international treaty. Say, something with a different philosophy than the TTP, TTIP, TiSA, and BITS crud being shoved down our throats by Google, Apple, Amazon, Microsoft, IBM, AT&T, et al.

The fun thing is that I have been suggesting that MS sell Windows to a non-profit foundation for a while now.

"This feels a bit like blaming unsafe working conditions and 12-hour work days at the beginning of the industrial revolution on workers, because they signed the contracts (this was the prevailing narrative from factory owners at the time too)."

That would make more sense if various companies didn't sink $1+ billion into more robust systems and software over the decades that most users & developers intentionally avoided in favor of what was faster, cheaper, supported buzzword/feature X, and/or was known unreliable/insecure. They make the same tradeoffs today. Look at use & tradeoffs of Facebook Messenger vs WhatApp vs Signal vs Threema [1]. Even when cheap/free and easy, vast majority will not make slightest effort for increased security and privacy.

[1] Not endorsing Threema so much as to say it was quite marketable & good example of what should get more adoption if users aren't to blame.

Itanium got posted here recently, too. It had enhanced reliability, stack protection, read/write/execute per page, and memory key isolation if one wanted it. Most server software that was mission critical continued to run on Xeon x86 instead of leveraging improvements in Itanium even when portable source was available for mere re-compile to Itanium. Why? Xeon was cheaper and took no extra effort.

Rinse, repeat for all kinds of software and tooling. There's often supply but little demand that pays. Which sucks extra here given high reliability or security costs more not less for producers. There has to be sustained demand that will pay at least 30-50% premium to develop each component or app. Since there's not, the companies are entirely justified in producing unreliable, insecure or surveillance-oriented garbage for people that exclusively use or buy such things. And the buyers are to blame wherever there were clear alternatives that were inexpensive given their choices collectively decide the issue.

"Perhaps it's time for regulation to solve this dilemma?"

I supported that on Schneier's blog with specific points showing where market consistently fails (even for itself) and how regulation would help:


Despite low demand, I also actually write a counterpoint justifying continued focus on niche that cares about quality/security with recommendations for "low-cost but high-value" practices to deliver that profitably as a differentiator. What's in this post is an example of how my software liability argument in other one might play out. Regulations would enforce stuff known to knock out problems consistently to form a better baseline without driving up cost or having vague stuff prone to frivilous lawsuits.


> All thanks to advertising companies

No, it's all thanks to the availability of cheap storage and video cameras and fast internet, driving the price of recording almost to zero. Couple that with the love people have for mobile phones, which are spying devices.

Aww come on, give the NSA some credit!

I'm not disagreeing with you but I'm curious what specific things you feel are 'chilled'? People in western countries can still write whatever they want - anti-government, anti-capitalism, whatever else. In fact there seem to be more conspiracy theories, Obama hate, and Clinton and David Cameron hate than at any time in human history. Like the most worry I have is having private actors look into my history and ban me from their sites or become targeted by hackers and such. That kind of stuff has a chilling effect much more to me than government/NSA/GCHQ, since they seem to have bigger fish to fry and they are ruled by law / principles taught in 'boot camp'

You wouldn't know about it if someone who was doing anti-government or anti-capitalism stuff got successfully blackmailed before achieving their objective.

This would maintain the illusion of things happening without actually allowing them to come to fruition.

Maybe not surprised, but they begrudge everyone else for this more than they do google, and that's what I think sucks. It seems OK for Apple/Google to do whatever they need to do to have a competitive app store with all its analytics and understanding its customer to sell it advertising but if other companies do it, its all the sudden the sky is falling

It's probably because Google is perceived as giving you something like search, email, maps etc, which is very valuable, and "in exchange" it does stuff that does not directly impact your life. Similarly with Apple, which also works as a status symbol.

The sequence is also important: first they build services and products, sell (or give away) them on their merits, and then turn the analytics to 11. Doing both at the same time is a no-no, but once a user is dragged in, natural laziness and other migration costs kick in.

They are long cons, and to be fair, the products are pretty nice.

The products are very nice. And to a point I have started to trust Google innately. Not that that is necessarily a good thing.

I understand their need for data. It makes business and technical sense. I just wish they made more of an effort to anonymous it. (but that won't happen as long as ads are the primary market of the web)

I think Google has done a great job of convincing us they're a tech company as opposed to an advertising company.

Apple service vary rarely suck people in. They usually start as unreliable nightmare and slowly grow into something usable, eventually rewarding user persistence with near on days of almost completely bug free usage.

Slack shown Google is lessenning markedly.

With very good cause.

>Are people really surprised about this anymore?

There is a significant portion of the population that doesn't know what metadata even is, much less that a company they use collects it and why that might be a problem.

Being a platform company doesn't necessarily mean you need to do surveillance on everyone who's on your platform! Apple's big move to differential privacy is one example of that.

You sincerely believe Apple doesn't collect every single message, every single site you ever visit and doesn't sell that information to advertisers? You are cute.

Apple's push for "privacy" has only one purpose - to cash in on government from the information. Now government gets it for free, so when there will be "privacy" they will need to pay money to Apple to read it. If there wouldn't be profit, Apple wouldn't push for any "privacy".

Sad state of affairs when an article about encroaching users privacy is met with such indifference.

Personally I'm not indifferent about any of this; it's very worrying, but I usually just have no idea what to say that contributes. So I, like most people I assume, prefer to lurk rather than to be vocal and emotional about what's going on.

Besides all of that, the older I get, the more I realise the following two things: #1 that we're entirely in the dark ages of technology (and science to a lesser extent), regardless of the technology we have acquired, because society, governance and the public discourses all seem so very crude - we don't know how to handle our newly found powers and dogmas are still very existent: they've just moved from religion to science and technology; and #2: that the entire ordeal we find ourselves in is wholly inevitable, and, for the most part, much less important than it appears to be, perhaps even insignificant in the grand scheme of things. I don't believe that there is going to be a global doom scenario, or at least, not more than medieval witch hunts and the rise (and 'fall' of sorts) of the Roman Catholic power and influence structure.

Historically speaking I'm inclined to think that the only element of humanity that survives everything that's happened, is human bonding and the forming of relationships and communities. In Roman Catholic wording, I'd say that everything else is a lot more temporal, and also very volatile and subject to change. If that comes across as indifference, so be it.

But that's just how I see things now, so feel free to poke holes in my theory.

I now expect the world to fall down on Google as they did on Microsoft with Windows 10, or will the SV darling be forgiven?

Personally I am not surprised in the sense that we could anticipate the coming occurrence of Google attempting to collect data in a reasonable manner, with the definition of reasonable tracking what people's current expectations actually are. When you say, "wherever and whenever," I would be surprised if I found out that Google had put up a bunch of thermal webcams around my house and were just looking at where I was inside of the house at all times. That would fall under the definition of, "wherever and whenever they can," but I don't believe they are doing that. However, they could be...and if an article comes out showing that they do, I will be surprised by that, yes. I was surprised to learn that Google was logging on to passwordless WiFi networks through the Streetview car. If they make a similarly high jump in their spying activity according to what people think they might be doing, I will be surprised. However if they just sort of track people's normal expectations, I won't be surprised. I think Google is still abiding by their, "don't be evil," mantra still applies, but what is considered evil by the majority of Google users changes over time. Does that make sense or no?

Few years ago i worked in security software company (antivirus, firewall etc). We collected almost all possible data about users. You can imagine what kind of data...system uptime, configuration, web searching history, even bank payment details.

From those days i am not surprised with this practice.

I just treat all my calls and SMS and whatever that goes through any phone or computer as publicly accessible information. Because that's what it basically is. If you want privacy, meet the person and talk to him, don't expect corporations to do anything in your interest that they are not forced to do.

For what it's worth, I have my doubts that this applies to a generic call/sms on any old Android device. I would think it's more likely to apply to services such as the Hangouts calling or Google Voice, and probably Google Fi, all of which make sense to collect that data, but the privacy policy doesn't absolve itself of that.

> When this Privacy Policy applies

> Our Privacy Policy applies to all of the services offered by Google Inc. and its affiliates, including YouTube, services Google provides on Android devices, and services offered on other sites (such as our advertising services), but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.

For what it's worth, I have my doubts that this applies to a generic call/sms on any old Android device.

Does it matter? This is completely in line with their privacy strategy the last few years. Slowly add new terms to the privacy policy, so that people find it acceptable. When asked, point to some unharmful or obvious application. At any rate, it makes it possible to do what the article stated. And since a lot of stuff happens in Google Play Services these days, it becomes kind of hard to find out how the privacy statement is operationalized.

> Does it matter?

Well, yes because that's the accusation, but no because you're correct in the sense is that you have to assume the worst if they aren't making it clear. Once the catch-all is in place they can do what they want and there doesn't have to be a clear indication that anything has changed.

I attempted to find something that would indicate they had to suddenly include that clause, but the closest I found was the introduction of Google Voice to the iPhone[1] a month before the SMS[2] was first mentioned. Apple's site makes no mention of metadata collection so I assume this has nothing to do with it.

The more I try to defend it the less convinced I am.

[1]: https://en.wikipedia.org/wiki/Google_Voice#Rejection_from_th... Mentions Sept. 2010 and Nov. 2010 as being important dates around the iPhone release.

[2]: https://www.google.de/intl/en/policies/privacy/archive/20101... First mention of SMS in Privacy Policy.

Their "Machine learning first" position[0] makes them even more dependent on data collection, even for basic things. I doubt the two trends are unrelated.

[0] https://news.ycombinator.com/item?id=11954988

This isn't a trend, they've collected such data since 2012.

And data science - being derived from statistics - tends to work better with a corpus of data than without one.

Disclaimer: These views are my own.

Isn't Messenger AOSP?

It's not. Google stopped open sourcing a lot of their apps with Android L. IIRC the material Calendar app also isn't open source.

Source: I was working on https://github.com/moezbhatti/qksms when Messenger was released.

The whole point of big data is to collect whatever is available and reason about how to use it afterwards. So I guess we can be pretty sure that Google collects as much as they can.

> For what it's worth, I have my doubts that this applies to a generic call/sms on any old Android device.

Why would you have such doubts? Companies are not in the business of making you comfortable and ensuring you have the privacy that you value, they're there to maximize shareholder value. Because you trust a corporation to not make money off of you by personalizing even further, if they can?

> For what it's worth, I have my doubts that this applies to a generic call/sms on any old Android device.

Why? What incentive is there to not collect that data if they've deemed it valuable enough to adjust their policies to collect it?

The blog post states that

> during each phone call, Android tries to connect to a Google server

The regular phone dialer and Messenger app are Google products. Therefore technically you are agreeing to allow them access to your regular call/SMS data.

So, we are pretty much bound to choose between Android and iOS, because of the whole apps platform thing.

I've always considered Google to be evil if not proven otherwise. It is a simple conflict of interest to trust Google with the user's privacy. They make money by creating profiles on users and serving relevant ads. I'd be an idiot to keep on asking them to play nice and respect my privacy.

Apple on the other hand seems to be aligned to respect privacy in principle, and publicly claims it doesn't violate user's privacy. But, there is no way to verify their system because of the proprietary nature. So I treat them as less evil.

Before you suggest something like Replicant. They are only slightly better than the feature phones because of the lack of the new and fancy apps and with a label that reads "If you need serious privacy stay away from any telephony-enabled device" http://www.replicant.us/freedom-privacy-security-issues.php

So, I guess the only choice is to stay paranoid and not trust your phone with any sensitive private data.

> So, I guess the only choice is to stay paranoid and not trust your phone with any sensitive private data.

Your metadata is sensitive private data, who you call, when you call them and how often you call them is sensitive.

Suicide Hotlines, Charities for LGBT people, Medical Numbers etc all build a picture about you and that's beyond personal contacts.

It says this right before the bolded part:

"When you use our services or view content provided by Google, we automatically collect and store certain information in server logs. This includes:"

I am not sure this applies to regular phone calls, no? Can someone explain here because I am certainly not understanding. Is this only for, say, Google Voice or related services that they have?

I actually imagine it does apply to most regular phone calls. Google offers a reverse lookup service in recent versions of Android. It fills in the name of the caller if it's not in your address book.

In all honesty though, you are prompted about whether you want to use this feature.

It mentions that google collects the data in server logs, the telephony in this case may be referring to google voice and not android OS since using android doesn't necessarily imply you're using google servers. (The play store, google services, etc does but can be avoided)

A Gooxit would be in order.

From time to time I wonder why the EU accepts foreign companies stealing so much personal data. China did the right thing. We should learn from them. India, afaik, also has better protection.

I moved my e-mail off Google a few years ago after the PRISM leaks (which the world seems to have collectively forgotten about), but it's not easy. I've posted an article before on my struggles with running my own e-mail server and my messages going straight to spam (even with valid DMARC, DKIM and SPF records).

I have a lot of friends internationally and I feel I can't exit FB, Google Hangouts, etc. The idea of federated social networking never really made it. :(

Use WhatsApp. At least they only have metadata and not the content of all your messages.

Would you mind posting a link to your article? I'd like to read it.

Don't give up with your email server! Slowly, more and more of my messages have made it to Gmail users' inboxes (rather than spam folders) over the past few months.

Classic example of the difference between nation-states and macro-powers btw. Should an individual market, even a rich one like the UK, complain about this and that, Google would shrug. But when it's the whole of the EU talking, they better listen.

> China did the right thing

I don't think China did the right thing. Their citizens were almost certainly better off with Google holding their meta-data and private email communications.

>> From time to time I wonder why the EU accepts foreign companies stealing so much personal data.

Isn't the EU trying to fix this by tearing up safe harbour and instituting new legislation?

This is a thing that I wish EU would "grow some" and step together instead of catering to (usually) US services/corporations.

Is the calling or called number only passed when "Caller ID by Google" is enabled?


Looks like a different `spying` mechanism. The one described in the article also sends metadata about texts.

Caller ID also applies to text messages, right? They have phone numbers on them too.

I don't care what people say, the ethics, or legality, you should consider dumping fake identifying info.



Use apps from other app stores, in my case F-Droid.

The functions of which xprivacy is capable seem excellent. Unfortunately, when I tried it I found it to be an enormous hassle to use. The UI was bad enough but upgrading Cyanogenmod with xposed and xprivacy was more of a nuisance.

Cyanogenmod's Privacy Guard is easy enough to use though its protections don't go as far as I'd like. Pdroid seemed to be a reasonable compromise in ease of use and protection between the two, though that seems no longer to be available.

Privacy Guard will not allow API calls and stuff them with fake data, which I imagine is not possible with Cyanogen or any conventional outfit for legal and regulatory reasons.

I do not think the UI is great, but articles like this are not either. I made my choice.

Indeed, Privacy Guard can't do that, unfortunately.

And people freak out about some Microsoft telemetry collection.

Until very recently, Microsoft's business model had not been about profiting off collecting user information. They were one of the last remaining companies who didn't attempt to monetise the crap out of their users.

> who didn't attempt to monetise the crap out of their users.

* By using and selling user data and profiles.

There's a reason people still refer to them as M$.

Because they would eliminate all viable competition then jack up their prices knowing that customers were locked in. Microsoft is late to the monetization of data game.

> Until very recently, ...

And then Microsoft acquired LinkedIn.

For the same reason people freaked out about a very easily disabled Amazon search integration in Ubuntu. People had higher expectations of Microsoft (and Canonical) than Google. Plus, the desktop / laptop environment is one in which regular monitoring outside of the browser is something usually only done by malware.

Microsoft should have recognized they were considered more trustworthy, in one sector anyways, than Google or Facebook. Building on that trust by building a Windows 10 with great privacy would have helped their reputation and stemmed the bleeding a bit. At any rate, I have no idea why MS doesn't just allow a "disable all tracking and telemetry" option on all versions of the OS. Would kill most of the complaints immediately, and most people wouldn't bother opting out so Microsoft would still have the data they think they need.

To me, this is no different than someone from Toyota demanding I tell them where I'm going, who I'm going with and for how long every time I drive somewhere because I drive a Toyota and those are the terms.

Google is kinda like having a psycho girl/boy-friend that wants to know your every move. Creepy.

As I've said before, I'd love to have an open source dumbphone. I know there are some big duct tape and PCB examples out there, but something polished and minimalistic would be fine with me. I think there would be a solid niche market in the current climate. I wouldn't buy a new one every other year and it would be way easier to lock down.

You can't buy an open source 2d printer, but can buy and build 3d OSS ones no problem. In like kind, I don't think people find dumbphones interesting anymore, sadly. Actually, why print at all when you can "Google Cloud Print"?

I know that at least Sprint already does this. You can typically see your call log on the bills, but getting text messages requires a notarized form.


Pretty much every telecom company keeps call logs for the sake of verifiability of the billing.

Telecom companies have a reasonable need for the information. (It's also impossible for them not to have it; otherwise they couldn't provide service at all.) Device manufacturers, not so much.

Half the enterprise apps I know stop working on cyanogen. Is there an alternative? Also is there a way to separate work and personal phone usage on a single device? Tools like mobile iron seem to demand all of my info be made available for whatever it deems fit for the corporate I work for.

The alternative is a physically distinct work and personal device. This has been the solution for many years. Only recently have people wanted to "BYOD" and use their personal device for work purposes.

On that point, I very recently discovered [1] that connecting an iOS device to an Exchange account via ActiveSync enables the organization's Exchange administrators to remotely wipe the entire contents of the device - not just the content actually provided via the account, but everything.

I am astonished and disappointed that Apple saw fit not to warn the user this could happen. Even Google gets this right; when you connect an Android device, you get a warning and are required to confirm before proceeding. It's inexcusable that Apple doesn't do the same - while I understand and agree with the reasoning behind the existence of the capability, the fact that it's silently enabled is appalling.

[1] Yes, I know it's hardly news, but (I flatter myself that) I'm generally reasonably savvy, and if I only just found out about it, then there's probably someone else reading this thread who could benefit from it being mentioned. So I mention it.

Current versions of iOS do make it clear.


Well, I'm running 9.3, and I never saw that message, or any other warnings about Exchange connections, while I had my phone connected to work email.

Is all this stuff only a concern when the device is enrolled via MDM? That seems improbable; the (several) sources I've found on the subject don't mention MDM in any context, but just warn that Exchange connection = remote wipe capability. Similarly, while I had my phone connected via Exchange, I visited the devices page in Outlook Web Access and saw that the "Wipe" option was enabled for the device.

It is news to me. I thought iOS simply didn't implement that functionality without being enrolled in MDM. With Android I knew about it and was able to build a custom firmware with that functionality disabled. I wonder if you can make an Exchange proxy that frees your iOS device via filtering.

If the phone is rooted, you should be able to just uninstall the Google Apps. For good measure, you could also block Google's IP-addresses in the hosts-file.

As for ways to use the same device for work and personal, newer Android-versions (I believe from Lollipop onwards) have the option to create different user-profiles. I think that would work, although I've never actually used them myself...

Depending on your device, you may be able to multiboot. See https://play.google.com/store/apps/details?id=com.tassadar.m...

Problem is when MobileIron/Corporate IT sees root activity has been done on a device, it refuses to load up anything else. So I am now stuck with checking for emails on the laptop.

It's 2016, device manufacturers should have gotten this right already instead of focusing on wallpaper.

You don't need root to multiboot. Or rather, you can multiboot something like Cyanogenmod with stock, and stock can be unrooted.

I was typing in a mac terminal, and needed to google something unrelated. Only to find google auto suggested on a very obscure command I just typed into the terminal. I'm almost certain keystrokes are logged when the chrome browser is running on a mac.

Or... confirmation bias.

Is there an Android fork where this isn't a problem and which you could suggest?

It's called Replicant. It is aggressively free in the GNU sense and has a limited installation base because of strict requirements in hardware due to blobs and general functionality.


If you want a compromise, like me, Cyanogen with out GApps. What other options do you have?

The more I got into Android, the sooner I realized it was a crap shoot when addressing your question and my core interests in hobbyist computing on phones just like computers.

This code won't be in Android but in the Google apps which are pretty much essential if you want to use Android (Play store, Chrome, Maps, Google play Services)

Play store alone has enough permissions to collect call metadata

Part of the problem is the large percentage of apps that are now tied to proprietary Android, and won't run without Google Apps installed. Even Microsoft apps like Outlook and Skype won't load without Google Play Services installed. (The version of Skype on the Amazon Appstore is around a year old, and won't even take my login credentials.)

So even if you find a relatively safe Android version to use, you're getting a heavily gimped experience where a very limited selection of apps work. (Generally, what you find on F-Droid.)

You're not missing out with Outlook... it's absolute garbage on Android. Use Nine instead, it's better and will work without Google Play Services.

Not to mention that Outlook stores your email on their servers to bring you push notifications.

Yeah, that's fair. Unfortunately, Skype is the requirement for me. I just noted Outlook because a Microsoft PM for it said Play Services was required and there wasn't any way around it.

That sucks. Is abstaining from Gapps a choice, or is it because of licensing?

You could try this: http://opengapps.org/

You are like the first person ever to say that Acompli (now Outlook) sucks.

Fantastic, does that come with a ribbon?

Hmm... so effectively Android is no longer open.

It was never really open.

And even though it uses Linux as kernel, even that doesn't matter.

The API surface that NDK code is allowed to use is so constrained that they could replace the kernel with something else and only OEMs would notice.

It is a challenging definition, but I would argue that it is not. Because while the core OS is open, you are not effectively able to fork it. Google's developer advocates heavily encourages the use of proprietary Google APIs in app development, which binds those apps to Google's proprietary packages.

I guess the question is how you define a platform or an operating system, but I think that the platform apps on it run off of is a major part of it. And the difference in what will run on AOSP and what will run on Google Play flavored Android is staggering.

Is there a page to check what popular app does not work on F-Droid or Cyanogen? Say something like Nokia's mapping app.

You can be pretty certain that any free software apps found in F-Droid will not require proprietary Google APIs. Every other app in the Play Store can be assumed to require them.

I don't know, but please tell me if you find one. I have F-Droid and Play on my phone, and disabled Google Play Services to see how many of the apps I have installed and use continued to work. Many gave me "must update Play Services" dialogs, some just crashed outright. I've been trying to transition to open apps or apps available outside the Play Store, but unfortunately, Skype is one need I can't work around right now.

I suppose Skype might work in a mobile browser via WebRTC, but from what I gather it's not there yet.

It's open enough that direct competitors, like Amazon, for example, can base their own OSs that have their own ecosystems on AOSP.

Google could be more open. But there isn't any evidence the parts of Android that are not open are not open in order to stop open or even competitive semi-closed Android derivatives.

They are open enough enable competitors to use the same technology platform, including some very valuable technologies like the ART compilers. If they intended to lock out competitors, they could easily have done so.

No, it's actually so closed that only Amazon-scale competitors can make viable forks. Samsung is maybe the only other company with the scale and scope to accomplish that, which is why Google has entered into some special arrangements with them.

Viable platforms require viable ecosystems. I don't see how you can get around that fact. That's what sets the lower bound for scale. If you do not have a an ecosystem that's comparable or, alternatively, sufficiently non-overlapping then you can't compete. Amazon's OS crew is relatively small.

Samsung can't compete because there is no viable Samsung ecosystem, and Samsung has not aligned with an ecosystem partner other than Google.

This is false if Android is an open platform. Because then it's "viable" by the very nature that tons of apps exist for it.

The problem is that Google is creating a walled garden, to prevent competing app stores. Apps developed on Android could be easily listed, downloaded, and installed on any flavor of Android. Samsung, Amazon, etc. could all have their app stores, and developers could script a simple command to update their apps everywhere.

However, by creating a proprietary layer like Play Services, Google has effectively made a proprietary fork of Android the dominant one, requiring different levels of effort to support non-Google phones.

Both Google-logo Android and AOSP Android OSs are open to alternative app stores, unlike Apple's products. Where are the garden walls? Conversely, most major apps are distributed through multiple app stores. Indeed that's the only way to sell in China. Only a narrow category of 3rd party apps need Play Services, and almost all of those can treat those APIs as optional.

Depending on how it is implemented. If it's coded into Android OS that's a bigger problem, if it's included in Gapps, you can just remove them of block their connections on firewall.

If I correctly understand `Last modified: June 28, 2016, they are writing`, this feature should not be available before that date, so either it comes as an update to a gapps or to Android.

Well when you first boot a custom rom like cyanogenmod or replicant or self-compile android, there is no such terms that you have to agree to. So this privacy issue is not with Android Open Source Project, but rather with the proprietary google apps.

Related question: given how short supported update cycles for Android devices are, which of the sub 100EURO Android phones on AliExpress are a reasonable choice in terms of installing an Android fork? I'm eyeing a cheap phone because I expect to buy another one in less than 2 years because of update support politics.

Not <100€ but I can only recommend the Wileyfox Swift [1] which replaced my old Nexus 4 (which I really loved). It runs Cyanogen OS (a commercial version of CyanogenMod).

[1]: https://www.wileyfox.com/swift/

Thanks for the suggestion. That one seems nice but too expensive for my use case. Since support cycles are abysmal, I'd like to get cheap devices and treat them almost as dispensable.

Very happy with my ulefone power, though there seems to be some hotspots on the backlight. Very capable device for the money.


Seconded. Does anyone know if the phone home "feature" has been removed from CyanogenMod?

Presumably any of Google's data gathering will use Google Play Services, and so using Cyanogenmod would be no protection against it if the gapps package has also been installed.

I'd be more upset about this if I weren't already using Google Voice and Hangouts to make all of my SMS's and calls so I know Google is watching - I'd rather give that info to Google than give it to my telco.

I assume the reach of HN means more than a few people who are reading this thread are currently working with telemetry or tracking data. Yet rarely do I see any posts offering an insider's perspective of how it is used. Obviously there are privacy and ethical barriers, not to mention NDAs. But without the opposing view these discussions are always heavily slanted toward the "data collection is bad" opinion with no evidence that the data being collected is actually being used in the nefarious ways being speculated.

Who will be the Snowden of the advertising industry?

Google tells you what it's doing with the data in the terms of service, though. What more do you need to know from a whistleblower that isn't already disclosed?

This most likely also collects call (meta) data about any phone called from Android and anyone calling a number terminating on an Android phone.

Additionally, Ursidae defecate in forest biomes.

Does someone really wonder about that?

Definitely not since we've learned that (some) webpages send each keystroke while on the login page.

What is this referring to?

> Facebook wants to know why you didn’t publish that status update you started writing.

> Unfortunately, the code in your browser that powers Facebook still knows what you typed—even if you decide not to publish it.* It turns out that the things you explicitly choose not to share aren't entirely private.


Reminds me of the Petraeus scandal where they communicated via unsent Gmail drafts in a shared account.


From https://en.wikipedia.org/wiki/Petraeus_scandal

    Petraeus and Broadwell used fake names to create free webmail accounts
    exchanging messages without encryption tools.
    They would share an email account, with one saving a message in the
    drafts folder and the other deleting it after reading it.


Wasn't that story thoroughly debunked? The data flows didn't support it, and Facebook denied it.

I believe this is referring to the ebay password submission that was on the front-page yesterday. The summary was that Ebay seemed to be sending each typed character of the password field back home.

The question to ask is whether Google would release a sequel to "The Lives of Others" [0].

[0] https://en.wikipedia.org/wiki/The_Lives_of_Others

It's a minor quibble but is it accurate to put the project under the US "government" umbrella (@usgov)? I don't think the USG existed in any meaningful sense before confederation.

"Fuck these guys"

Every major OS collects telemetry data, and most mobile OSes have an "advertising ID" (which you can disable.) This is to be expected in a world of "big data."

This is completely fucking ridiculous.

Of course Google's privacy policy says they can store that information. That's why I can go to google.com/voice and get a comprehensive, time-ordered, millisecond-precision (if you poke around the network tab a bit - I forgot that epoch values started "12" back then!) list of

> your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.

that I have made over the past 6 years, 10 months, and 20-something days.

This is a service they provided, that I'm using, if the data were not there, I would have gotten rid of my gvoice number, found a service that preserved my data like any self-respecting service provider (I'm really at a loss here - is this not available on iOS?) and complained loudly that Google Caused Data Loss For Users and should probably get hit with a lawsuit for damages.

I cannot believe how one-sided the discussion here is.

The claim that GOOG is capturing all this data on all calls and texts on all android devices is -completely- unsubstantiated. There's one link to a german-language blog, whose (admittedly, Google-) translated claim seems to be that they tested - a - phone. One. With phone calls. Did they test SMS too? Was there a network connection to google's servers? The omission could just be the translation, but right now I think this is actually a story with 181 comments about, at most, a phone that also has hangouts, that pings the server to tell google to mark their user as being in a call.

Completely ridiculous.

My only affiliation with Google is as a user.

Oh, and let's not forget here, that if Google were trying to subtly reinterpret "your use of our services" as "we capture everything from all Android devices", why on earth would they do a time-synchronized, easily-reproducible log when the call starts? (And how would they already have the call duration, blah blah blah at that time?) I can assure you, they're quite familiar with queuing data on the device to be sent later.

The most irritating comment thread I've read in a long time. None of what is being claimed is even remotely cogent, on the face of it, and the reaction is just an endless woe-is-me of "what did you expect, we all saw this coming, what can ya do, the companies these days, they're just not like they used to be" I mean, is this a brexit hangover or what?

Just sprinkle on a little "the NSA does exactly thing tho omg" and "metadata===murder" (yup, I think of you as js fanboys, that's how bad it is) just and... yeah, the expletive is necessary. Completely fucking ridiculous.

So we need a fork that runs sans Gapps

I would rather have a true GNU Linux phone/mobile computer...

I would pay a decent amount for a good phone like this. I'm wondering how the ubuntu phone is doing. I'd love it to become available

I've thought about getting a Pyra and then trying to use it for regular phone calls as well. What's not clear to me is what the landscape is for telephone software running on Linux that directly accesses the sim card. Does anyone know? I recall there being a libgsm, but a quick search isn't pulling up much information. I also recall there being at least two Raspberry Pi phone projects, this being one of them:


The software for this project can be found on github:


Candidly, the code there looks pretty simple. Most of it is using pygame for the graphics and then just sending serial commands to the modem. It looks like most of the complicated functionality is just part of the chip.

Anyway, yes, I've thought about doing a phone implementation on top of some kind of Linux distribution and Pyra was high on that list. If someone else has some information or knows of other projects that have done this, please let us know.

Already exists: Use cyanogenmod or replicant, and don't install google play services or any google apps.

Replicant has too limited support for devices as of now

i always assumed they went with 'ok, google ..' so that it could be legally considered consent

from google browser bar to google browser to google os to google isp. so nosy

before we jump to conclusions not based by facts..BB collects same info as part of device metric measuring..its a common secret that most mobile OSes both open source and closed source do this..

While BB gave Canda authorities access..Google by default does not..

> Google by default does not..

Not to be a tinfoil-hatter but can you be 100% sure of that?

We're not comparing market share, but privacy policies.

prism company in data collection shocker

I’m managing editor of mobilsicher.de (https://mobilsicher.de), the news site this story originated from. We are a relatively new site (launched in Sept. 2015) and only now looked into this.

The fact that it had remained undetected because no one had taken a closer look at it for several years does not mean that the questions we ask are unwarranted.

Peter Schaar, former German federal commissioner for data security and - at the time - chairman of the ARTICLE 29 Data Protection Working Party of the EU, says Google’s practices may even violate fundamental rights under German and European law.

The current German federal commissioner for data security is looking into it because of our reporting, so does the commissioner for data security of the German federal state of Hamburg, which has authority over Google because the company’s German headquarters are located there.

We will hopefully hear from them shortly on how they assess the situation. Also, a request for a statement from the Irish DPC (Google’s EU headquarters are located in Dublin) is under way.

Researching our original story, we of course asked Google to answer our questions on whose data exactly is collected under the provisions of the private policy, what data is collected, for how long, where it is stored and why Google thinks it can justify this data collection and processing on consent to their terms and services alone.

Now, after the story was picked up by dpa, Germany’s largest national news agency, and several influential tech news sites (German language only, Golem: http://www.golem.de/news/ueberwachung-google-sammelt-gesprae... | heise: http://www.heise.de/newsticker/meldung/Google-Wirbel-um-priv...), Google has now issued a statement that poses more questions than it answers. We published our story today (https://mobilsicher.de/aktuelles/google-speichert-telefondat...) and also provided an English language version (Google admits it collects telephony log information, doesn’t specify which exactly - https://mobilsicher.de/uncategorized/google-admits-it-collec...) because we think this discussion is very relevant for an international community.

We are a small team but will keep reporting on this, trying to clarify the legal situation as well as the technical details. For this we’ll be doing more of our own analysis. In case any of you has helpful information, i.e. logs showing telephony data being transmitted to servers, please let us know (m.spielkamp at mobilsicher.de). But please make sure it can be reproduced by us, otherwise we’ll have a hard time using it.

When is the story about Google storing the emails of all Gmail users coming out?

I've heard rumors they don't even just collect the metadata - they store the entire email! Indefinitely. Even if the sender wasn't using gmail, but included a single Gmail or Gapps user among the recipients, they're said to record the entire email, as well as the addresses of the sender and all the other recipients, who never consented to Google's privacy policy to begin with.

I mean, the scale of the violations, it boggles the mind.

No shit

In other news, water is wet.


Companies should rather post diffs, not "we updated the policy".[1] I don't intend to spend my time to go through myself, it's hard enough for one company, not a myriad of services we use nowadays.

But I guess this is a nasty way to implement some unpopular policies, then point the finger at the user stating he complied to it.

[1] And by fixing this I mean make it a law.

Thanks, didn't know that, I stand corrected in Googles case. Is this linked with the initial statement sent to users ?

Just go on activity controls and disable "device information": https://myaccount.google.com/activitycontrols?hl=en&pli=1&ot...

I disabled every control on this page months ago.

Unfortunately, the Google Maps app won't remember searches unless you're logged in and share your entire location history. There's just no way to keep a local history of places in Maps.

I'll get rid of Google Maps as soon as Maps.me let me stream OSM maps instead of downloading packages one-by-one.

Yeah, this is one of those extreme punitive peeves about the way Google has written it's products. It's either "we get all your data" or "even you don't get your data on the same device". There's no good reason not to let location history work on the local hardware.

A very good reason for Google though - they want your data. As is not providing full API to their service.

I voted with my wallet, bought an offline navigation app and disabled Maps.

And I applaud that, even if I wouldn't do the same. People need to understand that in a competitive market, you vote with your wallet. There's no such thing as a free lunch.

I guess people don't want to bother or say it costs money and yet they spend more on clothes/booze/magazines per month.

Same for email/calendar/contacts, 10 GB hosting + own domain = couple less beers per year and don't miss Gmail a single bit.

Machine learning/AI active on phone? By someone with policies like this? I'd rather use a fliphone and carry a small laptop around. Oh wait, maybe all we'll be left with will be Chromebooks sigh...

I'm interested, what app?

After testing couple trial apps, decided for Sygic. Found it reliable enough for EU, gets updated quite often. Main feature that was also important is that it supports downloading maps per country. Some other navigation apps at the time didn't, so you had to store multiple GBs for whole EU, which was a PITA on the Nexus phone at the time (no expandable storage - another display for Googles crazy bubble of downloading everything). On a phone with optional SD storage I own now, it asks where you want to put maps at install, so no space wasted on internal storage.

Maps.me is owned by mail.ru, so guess who will have your location data from it.

If you are using an Android or any other Google product you should assume every piece of data is being collected. If you don't want that, move to iOS.

Says the guy using a free gmail.com email address.

Personal attacks, which that crosses into, are not allowed on HN.

We detached this subthread from https://news.ycombinator.com/item?id=12016316 and marked it off-topic.

So pointing out hypocrisy and tainted credibility is not allowed on HN. I see. Neckbeard logical fallacy # 82

We're all hypocrites, so getting personally nasty about it is self-refuting.

There's nothing that matters here that requires personal disrespect to point out.

I gotta give it to you... you've got some immaculate logic going on there.

Depends when the service was signed up for as I see it - it used to be less creepy.

Indeed, I got a Gmail account when it was invitation only, and back then it didn't really seem particularly sinister. It was also very useful compared with the other services which were available (the excellent spam filtering was notable). Although I'd rather not I still use it mainly because the Inbox application is excellent and it is useful to be able to search my email archives. I have other accounts as well, of course.

Well 'decrypted', that's my spam account.


Please don't post unsubstantive comments.

But what is the paid alternative of all this privacy invasion? Even Apple is doing it now.

If you care about privacy on your mobile phone consider supporting alternatives such as Neo900 (preorders are available): http://neo900.org/faq#floss

I really want to support the Neo900 but the estimated $1,100 price tag for a complete phone is prohibitive.


I concur. Also, the long wait has been too long & the specs were weak when they announced it... how many years ago?

Neo900 & Sailfish broke my heart.

Agree that the mentioned price would be prohibitive.

But looking at how much people are willing to pay for smart watches, perhaps not.

That is a lot, but it isn't any more than a top of the range iPhone or (I assume) Android. For people who get phones on contract, it's probably cheaper to by the neo900.

If not enough people are willing to pay, nobody will create an alternative.


From a recent HN article:


"Starting with iOS 10, Apple is using Differential Privacy technology to help discover the usage patterns of a large number of users without compromising individual privacy."

To paraphrase, Apple has been collecting telemetry all along and is announcing that they're starting to a new proprietary algorithm to obfuscate it a bit.

You and I are reading that a different way. I see it as they're going to be able to collect this data for the first time since they've found a way to do so without compromising privacy.

Their privacy page seems to agree with my interpretation:


Though since iOS is closed source - we can't know for certain.

Cannot find specifics now(my N900 doesn't render many pages anymore), but it was widely known prior to 2010 that snApple slurps data every 45 min, or 16 x's a day. When I read that I thought it was an interesting coincidence that the ISS circles the Earth at the same rate.

Possible discussion from 2011, cannot open the page:


Don't think that's the right link, but it is complaints about data usage.

Specifics are hard to come by, perhaps it was a presentation or IRC revelations. Either way, search is no longer optimized for finding info for non-consumption results and Apple is accomplished at forcing NDAs and hiding specifics behind vague legalese... until circumstances arise that can no longer be vehemently denied and the flowery marketing speak flows: they seem to address the specific concerns without actually being definitive. Oh yeah, they often promise not to do questionable tasks, like accidentally tracking all iphones for over a year, too.

Links from the past:





PS: I know, I know, *everybody's doing it". That doesn't necessarily equate to being just, only that it is within our technological means. Some more relics from the past...




This clause was carried over from the Google Voice privacy policy when Google merged all of their policies into one in 2012.

I'm somewhat amazed at the near uniformity of opinions on this thread that having such information collected by Google (or other company) is an obvious bad thing. And that decision of millions of everyday people to give up their "privacy" in such a way is a very unfortunate reality of modern life.

I am open to argument, but it seems to me that most experience of terrible problems on the internet come from malware, browser hijacks, spam, basically the actions of criminals.

IMO, the only hope for a "civilian" in maintaining a semblance of online security is to rely upon the large providers of mass computing services.

I do not know of anyone who has had a negative experience as the result of not having a high level of online privacy.

From actions undertaken by the government or business.

The closest I know of is cases where individuals have been arrested on possessing or accessing child porn. There are also numerous examples in the media of people involved in the drug trade, or sex industries.

I don't think your average citizen is going to be swayed by such accounts that they should undertake costly efforts to protect themselves from such activities. On the contrary, I would hazard a guess that they would see the surrender of such "liberties" to be a net benefit to society.

I'm not saying this is a correct view, I could be persuaded that it's not, but I have yet been so persuaded. I'm befuddled by apparent disconnect here.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact