Are you on Android? Use Firefox with NoScript or uMatrix (also as your default webview) and setup AdGuard DNS [0] or a pi-hole. You could consider using a VPN like Orbot (free Tor-as-a-proxy) [1], PerfectPrivacyVPN (supports multiple exit IPs, multiple-hops, and server side firewall) or set one up using Algo/Streisand [2].
If you do not want to root your device:
1. Install NetGuard or No Root Firewall to view what's going on from network perspective.
2. Install ExodusPrivacy to generate a report on apps wrt sdks in use by them.
---
If you are okay to root the device:
1. Install XposedMod, and then XPrivacyLua module, and work through the options.
---
If you're okay with flashing a ROM:
1. Consider LineageOS + microG
2. If you are using Pixel, consider ChromeheadOS (edit: CopperheadOS) [3].
For anyone considering the above, this is a failing battle. The only way to stop this sort of tracking is if we have a cultural shift, start putting laws in place, and actually enforce them.
For example, did you know that many shopping malls track you with license plate readers? Did you know that your credit card transactions are up for sale? Or that your cell phone provider will give up your location to a third party with a flimsy consent?
I'm no expert but I do not agree with the 'failing battle' part... still quite a way to go in that regard, I think, specifically because the Math behind crypto hasn't failed us yet (ocassionally, the implementation has) and because the government agencies themselves need tech that helps them stay underground (Tor, for instance, continues to get funding from the US Government).
Is it getting difficult? Yes, absolutely. People still hold the 'nothing to hide' stance and most are okay giving up privacy esp if it means their life becomes a little more secure and things get more convenient (most would support AI powered street surveillance that helps keep tabs on criminals, for instance).
Its a failing battle to try and outsmart the people who are _professionally_ prying into your private information. You might make it harder for them, even harder to the point where you partially fall out of their datasets, but you will never truly escape. These days it isn't even enough to stop using privacy comprising technology. As I said above, the only real solution is a social one. If you try a technological solution you will always lose because you are significantly out funded.
Also: vote with your wallet. If you see a technology that aligns with your ethical goals, pay for it. To that end I will probably buy a Librem 5, even though I don't expect it will actually do much for my privacy.
In the end unfortunately none of the ad/tracker blocking solutions are solid; All an app developer has to do is use an IP address to fetch ads (avoiding dns resolution and thus dns based blocking won't work.)
Or, fetching the ads from the same hostname as also used by the app itself to provide whichever service the app provides, which means that hostname can't be blocked even by a firewall because the app itself will stop working.
So i agree, the only proper solution is laws to stop the privacy abuse.
The internet isn't a "US" thing. It's not a "EU" thing. It's not even a "China" thing (GFoC aside).
The internet's a worldwide thing. And that means, sure your puny law may say you can't do X (ad tracking). Ok. I'll just make a shell company in shithole country, pay some protection money, and run tracking or whatever. And that data I generate will be sold to anyone who wants to buy. I'll make it so everybody has to buy to compete - even if against the law.
And it too is a failing battle in the US. Experian, Equifax, and Transunion... If what happened regarding Equifax didn't bring the corporate death penalty either by fines or dissolution of their corporate charter, nothing will.
The advertising infrastructure is largely funded by the big advertisers, and legal issues certainly matter to them.
When (for example) Toyota is paying a bunch of money to target customers in France, they're playing with the same rules as Ford is when targeting the same customers. They don't have to do things against the law to compete in advertising, and they'll even be eager to identify competitors breaking advertising law to screw them over; there has been lots of legal action taken as a result of such industry self-policing to ensure that competitors aren't able to benefit from misleading advertising.
Sure, there are lots of businesses who would by "under the table" data and apply it illegally, and it is a huge advertising market - but it's absolutely dwarfed by the much, much, much larger advertising market funded by the major international public companies. The advertising money flowing from a single company such as Procter&Gamble or Nestle is larger than all the total advertising turnover from whole smallish industries. If you cut off the tracking-adtech companies from the legal market, it's like restricting oxygen for them - they'll still have some customers, but they'll get an order of magnitude less money to do their things.
Actually, in that case the centrality or Monopoly of the Apple store and the Google play store makes regulation easier. Censure Apple or Google for the apps sold in their marketplaces that violate the law and they will be taken down.
I'm not sure I see the objection? Are you saying that the US government doesn't have sufficient carrots and sticks to get app stores like the Apple Store or Google Play to remove apps from US markets that violate US law?
One could do a reverse DNS lookup and firewall the IPs too (admittedly, the IPs would have to be refreshed, and there might be issues with multi-record DNS enteries). See discussion: https://news.ycombinator.com/item?id=19258717
If you're worried about flashing your device, go spend $100 on a device off the LineageOS list of supported devices, and experiment with that instead. The odds are it'll go fine and you'll be happily using it three months from now.
True, not because it's 2019 but due to Project Treble's GenericSystemImages that cleanly separate OEM (Samsung, Sony, Lenovo) and silicon-vendor (Broadcom, Qualcomm, Mediatek) related blobs from the Android subsystem, such that the Android bits could be changed or updated independent of vendor support.
Even a cursory glance at some of the sections on XDA or a search for '2019' and 'brick a mobile' will reveal that they are not mutually exclusive events.
I meant to completely brick a mobile. As a newbie, it's possible to get into a boot loop, a black screen, etc. which are easy to recover events, but might seem as the end of the world.
I even remember having to short two pins in the motherboard of my mobile to recover from a particularly bad brick. And it worked fine.
But a complete brick, as in you have to throw away your mobile? Impossible, I'd say.
I would be a bit reluctant to run CopperheadOS now. Sadly the main developer left after somewhat hostile actions from the CEO, and there have been lots of changes in the organization.
IMHO the best option for a secure phone is pure Android without Google blobs. That is, AOSP on a Pixel phone. Plus an F-Droid userland.
If a Pixel is too expensive, you can always try to get an AOSP device-independent image on a new phone that supports Treble. For example, the super cheap Nokia 1 seems to work well [1].
Agreed. For anyone interested in doing their own monthly signed AOSP builds for Pixel phones with OTA updates, take a look at a project that I built that fully automates the process in AWS: https://github.com/dan-v/rattlesnakeos-stack.
AOSP is clean, but doesn't have anti tracking measures available in CopperheadOS: fake IMEI or MAC addresses (this has been mainlined in Android Q, though), for instance.
Apple seems to giving the appearance they are doing something about it. They claim they will remove apps that sell your location data. However Foursquare is still in the App Store, so we can’t take their claims seriously yet.
> They claim they will remove apps that sell your location data
They most definitely do not remove such apps.
Use an app like Charles Proxy or Burp Suite to inspect the traffic of your phone when running the “Perfect365” app. It is really remarkable, and Apple is aware of what they are doing.
The trust has been broken. There needs to be a way to make sure this is a transition to "paid, no ads/tracking" and not "paid plus ads/tracking".
One interesting side effect of GDPR is the surprising amount of PC games - games for which I paid price that's presumably profitable to the authors - that started throwing up consent forms.
You're approaching it rather theoretically. Yes, even a landline generates data and metadata, but do you feel watched when owning a landline the same way as when you see that you have like three different companies tracking you in every app or website?
I think some people feel a landline is better as far as surveillance goes, but I think that comes from back in the day before telecom companies realized that they were sitting on a goldmine. Today, every part of your interaction with any telecom company is monetized.
Maybe that's my European view on things, but I doubt that. They would have to tell me in the privacy policy that they share my phone records with third parties, with which category of companies they share them, and for what purpose. Moreover, after moving to Germany and getting a phone bill twice as high as I expected the first month, I could not even get my records to check what I was being billed for, because I did not opt in to storing that data. They (said they) didn't have the data because I didn't ask them to store it.
It wasn't a large enough amount (by far) to take it to court, though, so I can't know for sure, but lying about not having the data and keeping it secret when hundreds of employees are in the know (if they are indeed selling it, or at least a handful of employees if it's just storage for billing) sounds rather conspiratorial. A little like dieselgate, so I'm not ruling it out as possible, it just seems very unlikely.
I was definitely speaking from a US perspective. I would be so happy if the US would start doing more to lock up user data. We already protect health data (HIPAA) and I think it would be a great idea to extend that to all data connected with an individual or account.
It's amazing how different my phone feels since I've set up Wireguard to a server I have set up a few milliseconds away from me and put a pihole at the end of it, too. Blocking the (web) trackers at their source, coupled with less "wake up the radio to make this network call" is really quite nice, and the in-app advert spaces don't load except for a handful of folks doing (reasonable) native advertising.
Wouldn't you still have to wake up the radio to perform the (pi-holed) DNS lookup, though? Just curious because I would love to use a similar kind of system, but I am concerned about battery life.
I've been doing this for a few months now and the impact on battery life is noticeable but acceptable to me. iOS reports that WireGuard was responsible for 8% of my battery use today.
How much would it cost me to have a phone with all trackers turned off? (Or, perhaps, routed through a core application that requires whitelisting?)