I’ve had some internal struggles on this. Have used graphene for a long time and the last phone completely avoided using any G products (not even sandboxed) but still worry about the hardware, especially with the new AI chips. Can’t imagine that the ability to fingerprint using their hardware isn’t available.
So I vacillate between Fairphone/PinePhone with Linux or just anonymity through the masses with iOS. It sucks, the whole turn. Either get a fully functional smartphone and pick your poison or use a limited or dumb phone but know your smart TV/car/computer/etc will still be there for vulnerability.
If it is the Android that comes with the phone, it comes with Google Play and Google Services libraries installed. It is tracking you already. If you use Duckduckgo at least they will not know what you search for (and you will get better search than AI-ridden Google search…).
If you want an Android that doesn’t track you all the time, listens to you and those around you, etc etc, you need to use a vanilla android like https://lineageos.org/ as it comes, and not install the Google Services packages. This means that you may not be able to use some bank apps or popular apps such as Uber, etc that heavily depend on Google Services. Some chat apps may also have a delay in receiving messages.
Yes it sucks. It’s doable though. Welcome to the future. If we do nothing it will get even worse.
Edit: some governments are pushing for apps to not depend on Google propietary libraries. For example in the EU transit apps (city, trains ticket planners etc) are being migrated away from using Google Maps and into OpenStreetmaps, and those apps run nicely with a vanilla LineageOS. We need to keep this momentum.
:/ There’s old and cheap phones that are still supported. Support varies between models. I have a Oneplus 6 running the latest Android, 15, perfectly fine. It has 6 years. The camera is ok, but could be better.
Manufacturers and Google end support for Android phones within 2-3 years of their release (not 2 years since you buy it). Afterwards they don’t get security updates which is quite dangerous given that we do everything on the phones nowadays, and we will do even more.
Note that those old official, unsecure phones are allowed still to do banking and other things. Even if they aren’t secure. The manufacturers don’t care, they want you to buy a new phone every 2 years from them.
And the actually secure phones running LineageOS, with up-to-date Kernel and security patches, with latest Android, sometimes are not allowed to run banking apps or other things in the name of security. Google and manufacturers don’t care about security at all. They just want control.
Check the unofficial builds on XDA. My bet is that it exists. The unofficial builds are rock solid if you’re wondering. I have a 10 year old smartphone that runs Lineage18 flawlessly on an unofficial ROM
I would also have a look at the XDA forum. A very large percentage of devices that are not officially supported have unofficial ports (Lineage and others) that run 99% as well as the official ones.
e.g. my old Galaxy S8 was not official supported but one of the staff members of XDA made a port that runs like an absolute dream.
Not sure there is. Dimensionality of the trackble elements is very high. All of them have to either be the same or fuzzed across large groups of users.
it can be fixed but would require herculean engineering efforts, the biggest problem atm is the canvas. most of the other things can be fixed via defaults that are returned to the webapps unless explicit permission to access them is granted. like there is never a reason to return errors for session storage if its disable. just return a memory implementation that doesn’t persist beyond the window life. little changes like that would go a long way to removing the bits of information.
What ate realistic ways to protect ourselves?
Use alternative browsers (Safari, Firefox) and alternative platforms (iOS, GrapheneOS).
I’ve had some internal struggles on this. Have used graphene for a long time and the last phone completely avoided using any G products (not even sandboxed) but still worry about the hardware, especially with the new AI chips. Can’t imagine that the ability to fingerprint using their hardware isn’t available.
So I vacillate between Fairphone/PinePhone with Linux or just anonymity through the masses with iOS. It sucks, the whole turn. Either get a fully functional smartphone and pick your poison or use a limited or dumb phone but know your smart TV/car/computer/etc will still be there for vulnerability.
Presumably combined with Tor or a VPN or multiple ISPs.
Thing is, then you stand out as one of the very few people using that alternative.
but everyone in alternative can look same or have different fingerprint each time.
Do you think it can track me in duckduckgo on android?
If it is the Android that comes with the phone, it comes with Google Play and Google Services libraries installed. It is tracking you already. If you use Duckduckgo at least they will not know what you search for (and you will get better search than AI-ridden Google search…).
If you want an Android that doesn’t track you all the time, listens to you and those around you, etc etc, you need to use a vanilla android like https://lineageos.org/ as it comes, and not install the Google Services packages. This means that you may not be able to use some bank apps or popular apps such as Uber, etc that heavily depend on Google Services. Some chat apps may also have a delay in receiving messages.
Yes it sucks. It’s doable though. Welcome to the future. If we do nothing it will get even worse.
Edit: some governments are pushing for apps to not depend on Google propietary libraries. For example in the EU transit apps (city, trains ticket planners etc) are being migrated away from using Google Maps and into OpenStreetmaps, and those apps run nicely with a vanilla LineageOS. We need to keep this momentum.
Some of my critical apps depend on android/iOS, guess I am screwed
Just checked on that site and my phone is too old. :/
:/ There’s old and cheap phones that are still supported. Support varies between models. I have a Oneplus 6 running the latest Android, 15, perfectly fine. It has 6 years. The camera is ok, but could be better.
Manufacturers and Google end support for Android phones within 2-3 years of their release (not 2 years since you buy it). Afterwards they don’t get security updates which is quite dangerous given that we do everything on the phones nowadays, and we will do even more.
Note that those old official, unsecure phones are allowed still to do banking and other things. Even if they aren’t secure. The manufacturers don’t care, they want you to buy a new phone every 2 years from them.
And the actually secure phones running LineageOS, with up-to-date Kernel and security patches, with latest Android, sometimes are not allowed to run banking apps or other things in the name of security. Google and manufacturers don’t care about security at all. They just want control.
Sorry, I meant that I checked the supported device listings and mine isn’t there. They have similar but newer models.
I also have a somewhat unique processor so even jailbreaking it is a bit crazy.
Check the unofficial builds on XDA. My bet is that it exists. The unofficial builds are rock solid if you’re wondering. I have a 10 year old smartphone that runs Lineage18 flawlessly on an unofficial ROM
Thanks. I just spent some time on XDA and unfortunately there’s scant support for my processor.
No joy today it seems.
I would also have a look at the XDA forum. A very large percentage of devices that are not officially supported have unofficial ports (Lineage and others) that run 99% as well as the official ones.
e.g. my old Galaxy S8 was not official supported but one of the staff members of XDA made a port that runs like an absolute dream.
And my phone is too new :(
Not sure there is. Dimensionality of the trackble elements is very high. All of them have to either be the same or fuzzed across large groups of users.
it can be fixed but would require herculean engineering efforts, the biggest problem atm is the canvas. most of the other things can be fixed via defaults that are returned to the webapps unless explicit permission to access them is granted. like there is never a reason to return errors for session storage if its disable. just return a memory implementation that doesn’t persist beyond the window life. little changes like that would go a long way to removing the bits of information.