COVID-19 Tracker Secretly Added to Smart Phones.

[Bob D]

Oh we're all being tracked by our phones and always have been, even before they all had GPS in them. It would be silly for any of the many entities who have access to that data to NOT be recording it.

The "opt-in" part is just that this framework doesn't do anything without a software trigger being downloaded, ostensibly at the user's request. Nothing is truly guaranteed to be opt-in only, as any of these promises are only as good as the corporate/government entity making them.

 

[bbbass]

Found this posted on Facebook. I checked my iPhone and yes it's there as described. Potential for abuse is enormous.

When was the last time something good for you was done by the government in secret?

"FYI: Do you know that a " Covid-19 " sensor has been inserted secretly into every phone. Apparently when every one was having a phone disruption earlier this week, they were adding COVID -19 tracker to our phones​

If you have an android phone, go under settings, then look for Google settings and see if it's there.​

If you are using an iPhone, go under settings, privacy, then health, it's there but not yet functional. The app can notify you if you've been near someone that have reported having COVID-19.​

Don't turn it on because you will be traced everywhere you go but once you update your phone, it will automatically be turned on on our phones. Just remember to go back in and turn it off."​

My Googoo settings says "Covid-19 Exposure Notice" and it's turned off. Wow!!!

 

[sobo]

My Googoo settings says "Covid-19 Exposure Notice" and it's turned off. Wow!!!

It "says" it's turned off. Remember, it's Google...

 

[papersoldier]

It "says" it's turned off. Remember, it's Google...

It's probably just "turned off" in the sense that it won't give you notifications. I'm confident that Google still has access to whatever data the tracker would provide were someone to opt-in to the service.

 

[bbbass]

It "says" it's turned off. Remember, it's Google...

Yeah, the modern day Google. But iPhone has been tracking, and listening, to folks for a long time. Either way, I've never had expectations of privacy, esp not since NSA, and China, built the big data farm.

 

[Dinglenutz]

Have a look and see what you see: Sign in - Google Accounts

 

[papersoldier]

Have a look and see what you see: Sign in - Google Accounts

Its hard for me to understand why people are willing to use any of Googles services after reading their Terms of Service. Same goes for Microsoft or Apple products.

There's obviously an exception for people who have to use these services for work since they don't have a choice - but for personal use? That's a hard pass for me.

 

[Dinglenutz]

When you connect to a cell tower, the operator can know your distance (via signal transit time) and rough direction (signal strength on each antenna and phase information) as well as the identity of your device. If you're in range of two or more towers, the information is even more precise. If you stop and buy anything with a credit card, or in the most Snowdenian of worlds, are seen by a camera, all that data can be fairly reliably correlated with you as a person by assuming that cell phone is yours.

Google account not required.

Target has (for instance) put BT and WiFI listening devices in stores and correlated those electronic fingerprints with checkout data for all sorts of data mining operations. TSA estimates wait times by tracking the unique signature of mobile devices as they move in the queue. Being observed in public is basically the definition of being in public.

 

[bbbass]

Its hard for me to understand why people are willing to use any of Googles services after reading their Terms of Service. Same goes for Microsoft or Apple products.

There's obviously an exception for people who have to use these services for work since they don't have a choice - but for personal use? That's a hard pass for me.

So what are the alternatives???

 

[Dinglenutz]

So what are the alternatives???

I guess one could use a prepaid for a limited time, only inserting the battery when not otherwise observable to make brief calls.

No one I know really wants to do that. Just getting prepaid phones and using them normally solves virtually nothing surveillance related. All the Google link I provided earlier does is show the data all cell operators collect on all phones.

 

[papersoldier]

So what are the alternatives???

Basically anything opensource with a good security and privacy track record. You can substitute Microsoft or MacOS with various Linux distributions, for your phone you can use opensource alternatives for your operating system (like GrapheneOS) or buy a completely opensource phone (Like PinePhone), and for Google you can use alternative apps that are way less intrusive acording to their terms of service (Tutanota or ProtonMail for e-mail, Owncloud for storing files, and various other apps developed on opensource software).

This obviously all comes at the cost of some convenience, and it's ultimately up to the individual to decide if they are more concerned with privacy vs ease of use.

 

[bbbass]

Basically anything opensource with a good security and privacy track record. You can substitute Microsoft or MacOS with various Linux distributions, for your phone you can use opensource alternatives for your operating system (like GrapheneOS) or buy a completely opensource phone (Like PinePhone), and for Google you can use alternative apps that are way less intrusive acording to their terms of service (Tutanota or ProtonMail for e-mail, Owncloud for storing files, and various other apps developed on opensource software).

This obviously all comes at the cost of some convenience, and it's ultimately up to the individual to decide if they are more concerned with privacy vs ease of use.

Thank you for the info!

I was aware of Linux, but I don't keep up, so not the others.

 

[papersoldier]

Thank you for the info!

I was aware of Linux, but I don't keep up, so not the others.

No problem!

For more info you can check out the site privacytools.io if you'd like. It has a pretty good rundown of how different companies and products stack up from a privacy perspective.

 

[bbbass]

No problem!

For more info you can check out the site privacytools.io if you'd like. It has a pretty good rundown of how different companies and products stack up from a privacy perspective.

What do you think of StartPage search engine as compared to other non-googoo choices???

 

[papersoldier]

What do you think of StartPage search engine as compared to other non-googoo choices???

I've heard good things about it, but I've never used it myself. I started using DuckDuckGo when it came around and have just stuck with that since it works well for me.

 

[Dinglenutz]

This obviously all comes at the cost of some convenience, and it's ultimately up to the individual to decide if they are more concerned with privacy vs ease of use.

I have various Linux distros running on a small rack stuffed with Dell R610 and R710 servers a few feet from where I'm sitting, some of those running virtual machines which also run Linux for various purposes. I am not a hard core Linux expert but I play one on TV. The reality is that what FOSS buys in terms of privacy is minimal. The biggest difference from a functional standpoint is whether there is the illusion of privacy or if the exfiltration of data is well documented in a EULA.

For a living, I write software that attempts to either exfiltrate data, recover hidden data, or prevent the same. That doesn't mean I know everything by a long shot, but I do know several things about this problem domain.

When you connect to a network, you are logged and remembered. When you visit a website, you are logged and tagged. It's really best to consider all networked interactions publicly observable even if the data exchange is obscured via encryption or other methods. The EULA just gives Google permission to avoid showing you ads you don't care about, freeing time to show you ads you might care about.

For most of us, we're just really not that interesting, and those who are won't be visiting online forums much.

 

[papersoldier]

I am not a hard core Linux expert but I play one on TV.

I think I've heard this from every Linux user I've ever met !

It's really best to consider all networked interactions publicly observable even if the data exchange is obscured via encryption or other methods

and this is probably the best advice you can give someone when it comes to being connected to the internet.

 

[papersoldier]

The reality is that what FOSS buys in terms of privacy is minimal.

I forgot to respond to this point: I didn't mean to imply that software being opensource automatically makes it better for privacy (here's looking at you Ubuntu), and I should have emphasised that one would have to specifically seek out those opensource projects that are privacy and security focused in order to gain any appreciable benefits in that regard.

 

[Dinglenutz]

One thing about it, I don't need supplemental heat in this room come winter.

 

[Dinglenutz]

one would have to specifically seek out those opensource projects that are privacy and security focused in order to gain any appreciable benefits in that regard.

A lot of those don't pay enough attention to the fundamentals to really be secure IME, but it's easy to paint with an overwide brush on this. If the bootloader isn't launched by a properly written and signed executable, everything that happens after that, which is almost everything, can't really be secured. That's just one way to break in.

Recently GRUB2 had a serious flaw that would allow more-than-root access to basically any machine that used it. That's all it takes.