←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 1 comments | 02 Feb 25 17:07 UTC | HN request time: 0.479s | source
Show context
aucisson_masque ◴[02 Feb 25 23:29 UTC] No.42913013[source]
I paid for pcapdroid, it's a network monitoring app that use the vpn protocol on Android to monitor every packet sent, register which app made the request, to whom, dates and so on.

In it's paid feature, you can select app to block internet connection or you can select country, ip and host.

After browsing my internet logs, it shocked me to see some app I had absolutely no idea were spying so much.

Xiaomi home ? Yeah I knew Xiaomi app would be spyware. But Spotify for instance, how could I guess it sends every few hours data to remote server including Facebook ones.

Until I find replacement for Spotify, but most music streaming app do spy on its user (and I don't mean just learning what music you like), I can still block all the graph.facebook.com tracking.eu.miui.com Google ads.gdoubleclick.net and so on.

It's open source but firewall is paid feature, i highly recommend it if you're on Android.

https://f-droid.org/fr/packages/com.emanuelef.remote_capture...

There is even the possibility to decrypt packet and analyze them although it require root, i did it on another phone and yeah it's similar to what the author found. Every single bit of data, ip adress, since how long the phone is on, the wifi connections, when did I unlock the phone and so on.

Every data taken individually is not important to me but this stream of little data constantly going God knows where is creepy as fuck.

replies(1): >>42913755 #
adeon ◴[03 Feb 25 01:08 UTC] No.42913755[source]
If you have the equipment (e.g. a spare Linux computer and WiFi router) and know-how, you can set up something like mitmproxy (looks very similar feature set to the Android App, but likely requires more effort to set up) to your home network. That's what I did some weeks ago, and then basically the same exercise you did (just my whole network instead of just phone), looking what's going on. And yeah...it's not good.

Even if I trust some companies to be trustworthy, I can't possibly vet a gazillion entities getting telemetry requests, and not all of them can have their shit together, security, privacy or ethics-wise.

It made me ditch some Microsoft software, but overall escaping spying feels like a lost battle, unless you go do spartan Richard Stallman-like computing (IIRC he had pretty hardcore stance over the software he'll use).

replies(1): >>42916737 #
1. aucisson_masque ◴[03 Feb 25 10:11 UTC] No.42916737[source]
Well I believe it's Feasible.

Anyway like most things it's a journey, not an on off switch. First you get aware then you make change and the situation gets better, it doesn't have to be perfect to be better.

On my Android phone, I had to make clear cut on which app I could keep after seeing the logs. The apps from Google, microsoft, amazon they are all gone. Even the play services and the play store replaced with aurora.

It cuts at least 2/3 of the network requests.

Then you have the case of individual apps that use Facebook SDK or other advertiser, there are often alternatives in the open source community and when it's not the case there are always less privacy invasive alternative on the store.

For instance, my default Samsung weather app was sending lots and lots of data. The alternative on the froid were not in my taste.

I eventually found out about weawow, it's not open source but it doesn't require any weird permission, no ads, it's not constantly sending data in the background and my logs says it only connect to weather.weawow.com.

I mean it's fine.

After spending weeks with the firewall, i was able to identify the spying app and replace most of them. My network log now is pretty empty when I'm not using the phone.