On the question of “why do they collect all this data” - brightness, battery life, headphone usage, volume etc: It’s not just because the data is valuable in itself, it’s also to ‘fingerprint’ the device across IPFA boundaries and in the face of things like NAT and VPNs. There are so many disparate data points that are different across different devices that two apps reporting an identical or near-identical set in a short timeframe are likely on the same device.
Because you and almost everyone else agreed to the Terms of Service where you consented to let them stalk you until they can make an accurate enough simulation of you to sell increased chances to change your behavior to the highest bidder.
You can stop at any time. Cancel your cell phone subscription and turn off your phone. It is a perfectly valid choice.
True, but a Terms of Service document is the vehicle by which you are informed and consenting. If you're not willing to read the information you're choosing to remain uninformed.
When it takes multiple lifetimes to read the Terms of Service for everything a normal person uses to get through daily life, it’s not a case of willingness
I do think apps should force people to actually scroll through ToS at a normal reading speed or tldr the horrible things they will do to you front and center like we forced the tobacco industry to do.
Most of humanity enjoyed their lives without pocket internet until the last couple decades. Saying people cannot be happy without that is like saying they cannot be happy without smoking.
This Apple or Google phone culture is a false dichotomy.
I run a b2b tech company in silicon valley, and have endless technical hobbies and do not need Apple or Google products or a cell carrier to be happy.
It is always possible to choose tech that you own and control. It just takes a bit more research because the open ecosystems lack marketing budgets.
This is not how the GDPR works, just because you stuff it in the ToS doesn't make it legal. Consent has to be explicit and freely given, using the service cannot hinge on accepting tracking.
It’s also because good UI/UX is expensive, open source has never been able to do it, and people are lazy. If you are a person who likes messing with computers and figuring stuff out, you are weird. Most people loathe it. It was super easy for superior UX to capture users and herd them into surveillance ecosystems.
Good stuff. You might find more interesting data by implementing Frida [0] into your process to snoop on encrypted traffic normally not visible due to pinned certificates.
I haven't gone through setting it up (yet) but I imagine there should be differences between EU and US versions of the apps. Is that something you expect to and if so, are you recording that info in your survey?
Or am I just naive here?
The difference should be only at the consent level, eg you might see less or more “Accept All” buttons with different design or different ToS linked.
I don’t believe there’s a real difference on the code or even SDK level based on geo.
On the question of “why do they collect all this data” - brightness, battery life, headphone usage, volume etc: It’s not just because the data is valuable in itself, it’s also to ‘fingerprint’ the device across IPFA boundaries and in the face of things like NAT and VPNs. There are so many disparate data points that are different across different devices that two apps reporting an identical or near-identical set in a short timeframe are likely on the same device.
How the hell is any of this tracking legal?
Because you and almost everyone else agreed to the Terms of Service where you consented to let them stalk you until they can make an accurate enough simulation of you to sell increased chances to change your behavior to the highest bidder.
You can stop at any time. Cancel your cell phone subscription and turn off your phone. It is a perfectly valid choice.
Uninformed consent is not consent. And while you may enjoy your life without a mobile subscription, many would not.
>Uninformed consent is not consent.
True, but a Terms of Service document is the vehicle by which you are informed and consenting. If you're not willing to read the information you're choosing to remain uninformed.
When it takes multiple lifetimes to read the Terms of Service for everything a normal person uses to get through daily life, it’s not a case of willingness
I read every legal contract I agree to. It is crazy not to.
If it is too long and hard to read, there is a reason for that and you can just opt out.
I do think apps should force people to actually scroll through ToS at a normal reading speed or tldr the horrible things they will do to you front and center like we forced the tobacco industry to do.
Most of humanity enjoyed their lives without pocket internet until the last couple decades. Saying people cannot be happy without that is like saying they cannot be happy without smoking.
This Apple or Google phone culture is a false dichotomy.
I run a b2b tech company in silicon valley, and have endless technical hobbies and do not need Apple or Google products or a cell carrier to be happy.
It is always possible to choose tech that you own and control. It just takes a bit more research because the open ecosystems lack marketing budgets.
This is not how the GDPR works, just because you stuff it in the ToS doesn't make it legal. Consent has to be explicit and freely given, using the service cannot hinge on accepting tracking.
> Because you and almost everyone else agreed to the Terms of Service where you consented to let them stalk you
Because some laws (GDPR) are only valid for some people.
No one took Stallman seriously in the early '00s cuz he looks like a total nerd.
It’s also because good UI/UX is expensive, open source has never been able to do it, and people are lazy. If you are a person who likes messing with computers and figuring stuff out, you are weird. Most people loathe it. It was super easy for superior UX to capture users and herd them into surveillance ecosystems.
He still looks like a nerd. I think it’s terminal.
Imagine living in the alternate universe where open source or privacy had a Jenny McCarthy.
Because no one made it illegal?
Good stuff. You might find more interesting data by implementing Frida [0] into your process to snoop on encrypted traffic normally not visible due to pinned certificates.
[0] https://frida.re/docs/home/
And more specifically just use the maintained scripts from HTTP Toolkit.
https://github.com/httptoolkit/frida-interception-and-unpinn...
Excellent, thank you. There’s a lot to Frida.
HTTP Toolkit only mentions using jailbroken iOS devices, but you can also use unjailbroken devices running v13+ via injection [0]
[0] https://frida.re/docs/ios/
I haven't gone through setting it up (yet) but I imagine there should be differences between EU and US versions of the apps. Is that something you expect to and if so, are you recording that info in your survey? Or am I just naive here?
The difference should be only at the consent level, eg you might see less or more “Accept All” buttons with different design or different ToS linked. I don’t believe there’s a real difference on the code or even SDK level based on geo.
Doesn't California have partially stricter laws than the EU?
solid observations and good analysis! so, seems too obvious, are you truly in pioneer territory - nobody else is doing what you've done here?
I mean, there should be something! Maybe not with this exact list of apps, but the code should be similar to other "how-to-record-traffic" guides.
Many thanks for your eyes opening article!
Hopefully you have a third article on the making testing whether common privacy technics are effective ?
Are you aware of any sousveillance projects with the goal of identifying and monitoring the people responsible for this tracking?