Or give a 900 area code.

This argument assumes that they’d only do something if they could get perfect coverage, which isn’t very compelling for me. IMO the question should be “would it give enough access to more information to be worth it”, not “it’s only worth it if it gives access to all information”.

And, as the other commenter mentioned, it is difficult to get some Chinese phones, though not impossible and if this whole line of thought plays into that, the reasoning is probably as much about cutting off their access to this kind of thing as it would be about making it harder to avoid western agencies doing this. They’ve said the first one out loud (they being politicians justifying blocking Huawei), and wouldn’t have said the second part either way.

If it is present there, it doesn’t imply it’s only present there.

And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies. Same thing with infiltrations by intelligence agencies.

And no, it doesn’t mean that every phone in the world is compromised with this, which wouldn’t be that sophisticated, just stealthy. The sophisticated part would be part of the normal design process, it’s called DFT or design for test if you want to read about it, used legitimately to determine what parts of the chip have manufacturing flaws for chip binning.

Most phones don’t have an unlocked bootloader, and this post is about the data Google is pulling on factory pixels.

Why would they do all the work on the software side and then themselves offer a device that allows you to remove their software entirely? And if it’s worth it just from the “make more money from people who only want unlocked phones”, why isn’t it more common?

Mind you, my next phone might still be a pixel. Even if this stuff is actually there, I wouldn’t expect to be targeted. I can’t help but wonder about it, though, like just how deep does the surveillance or surveillance potential go?

You’re right that it’s pure speculation just based on technical possibilities and I hope you’re right to think it should be dismissed.

But with the way microchip design (it wouldn’t be at the PCB level, it would be hidden inside the SoC) and manufacturing work, I think it’s possible for a small number of people to make this happen, maybe even a single technical actor on the right team. Chips are typically designed with a lot of diagnostic circuitry that could be used to access arbitrary data on the chip, where the only secret part is, say, a bridge from the cell signal to that diagnostic bus. The rest would be designed and validated by teams thinking it’s perfectly normal (and it is, other than leaving an open pathway to it).

Then if you have access to arbitrary registers or memory on the chip, you can use that to write arbitrary firmware for one of the many microprocessors on the SoC (which isn’t just the main CPU cores someone might notice has woken up and is running code that came from nowhere), and then write to its program counter to make it run that code, which can then do whatever that MP is capable of.

I don’t think it would be feasible for mass surveillance, because that would take infrastructure that would require a team that understands what’s going on to build, run, and maintain.

But it could be used for smaller scale surveillance, like targeted at specific individuals.

But yeah, this is just speculation based on what’s technically possible and the only reason I’m giving it serious thought is because I once thought that it was technically possible for apps to listen in on your mic, feed it into a text to speech algorithm, and send it back home, hidden among other normal packets, but they probably aren’t doing it. But then I’d hear so many stories about uncanny ads that pop up about a discussion in the presence of the phone and more recently it came out that FB was doing that. So I wouldn’t put it past them to actually do something like this.

I was just wondering earlier today if Google kept the bootloader open to allow custom OS installation only because they had other hardware on the phone that would send them their information anyways, possibly through covert side channels.

Like they could add listeners for cell signals that pick up data encoded in the lower bits of timestamps attached to packets, which would be very difficult to detect (like I’m having trouble thinking of a way to determine if that’s happening even if you knew to look for it).

Or maybe there’s a sleeper code that can be sent to “wake up” the phone’s secret circuitry and send bulk data when Google decides they want something specific (since encoding in timestamps would be pretty low bandwidth), which would make detection by traffic analysis more difficult, since most of the time it isn’t sending anything at all.

This is just speculation, but I’ve picked up on a pattern of speculating that something is technically possible, assuming there’s no way they’d actually be doing that, and later finding out that it was actually underestimating what they were doing.

When trying to find a copy of Forza 4 (or one of them) after being disappointed with the cut down version they had on gamepass, I discovered it couldn’t be sold anymore because of a deal MS made with Porsche that eventually ran out.

Also set up a standardized licensing process that breaks the mini-monopolies of exclusive content.

Personally, I’d also limit copyright to specific works and not the characters, setting, etc. Then protect trademarks and use those to establish canon. Like in the MCU and DC universes, Spiderman and Batman don’t exist together, but in the Superhero Fan Universe, they are roommates and play genius billionaire vs superhuman with a sixth sense prank wars on each other.

This isn’t really about safety, it’s about gun manufacturer profits.

Most of them were cases where I wasn’t surprised they had data but a bit surprised they shared it.

I think my phone came with a sonos app installed, though not certain about that. I got rid of it if it was, though I can’t say if the most recent update from them was before or after that.

But a few of them I’m not really sure why they are on there. There was another one that I didn’t list that just had the label “IDK”, not sure if that’s a real name or “I don’t know”. I’m assuming they came from effective fingerprinting/tracking.

I might look into an addon that fakes some of the information the browser sends like OS version and resolution. Maybe that will make fingerprinting harder.

Some examples from mine if anyone is curious. I never use the fb sso or any of that shit, nor did I ever explicitly consent to any of these services sharing anything with fb.

• Spotify
• bookings .com
• ebay (haven’t touched my account there in over a decade but they still had data to send this year)
• windy .com
• duolingo
• tinder
• my bank
• opera
• sonos (I can’t think of any time I’ve ever even interacted with this one)
• samsung wallet (another one I never even set up)
• Uber eats
• calorie counter
• mediacom usa and euro (?)

Also, if you remove access via messenger app, it will show a confirm message without closing the screen. Clicking x goes back and it’s not on the list anymore. Whether they are actually leaving it disconnected or just hiding it, who knows.

Some of these services I didn’t use the same email that I used for fb, too, or any email at all.

I like grid for that because it’s by default per-site permissions and also by default allows the sites own cookies while blocking any cookies for other domains.

It can involve some trial and error to get things working if the site uses a CDN or third party services for functionality, but I’ve found that it hasn’t yet been necessary to enable any 3rd party cookies to get any functionality working (at least none that I wanted to get working, maybe other sites that use Google or fb accounts would automatically log me in if I had those ones enabled, but those are things I specifically want to block).

Usually I’ll just need to enable some scripts and media from CDNs.

Same thing that’s preventing them from ignoring your choices or not offering them in the first place: nothing technical; it’s all up to the legal system.

I’m not sure how sites generally do it, but from my web dev experience in the past, I wouldn’t be surprised if it is actually implemented as one giant cookie. Iirc cookies are attached to domains and one domain can’t access another’s cookies. So if they are sharing the data on their end, I’d guess it is one big cookie. If they have their site set up to make the clients share the data themselves, I’d guess there’s a cookie for each partner’s domain.

It’s even possible that the information is shared without using actual cookies at all, since data can be sent to servers using the http get request. If you see ? in the url, everything after that is a list of arguments and values… Though the entire URL (after the domain, which maps it to that server) is data and doesn’t have to map to a directory structure and file on a server. Maybe this falls under the umbrella of “cookie” despite technically not being a cookie.

Or maybe it’s a loophole where the legislation focused on just cookies and falls back to these methods. Probably not, because if it’s done on the client side, it would be easy to detect by anyone who knows how to look. But who knows what’s going on on the server side of things?

Edit: my knowledge here is dated and outside of my specializations, so consider this more technically informed speculation than necessarily applicable to how things generally work. I say this because I see another comment came in while I was writing this that contradicts mine about a giant cookie being technically possible. My own use of cookies was to store a session id so that php could find the data that was being stored server side that was necessary for site functionality (like storing logged in state, user id, and other internal stuff we don’t want users being able to change by editing a cookie). They worked like maps iirc where you just give them key:value pairs, thus could store an arbitrary amount of data.

How would an oppressed people even have a chance of overthrowing rulers who could read and control their minds?

The charged ones would likely have little trouble finding their counterparts. Especially the positrons, maybe electron shells would prevent anti-protons from getting to protons.

I’m curious how stable anti-neutrons are in a matter world (and how free neutrons behave, for that matter). Does anything stop them from just joining the first atom they happen to get close enough to? And how long before they get close enough to an atom if they do, in say Earth’s atmosphere?

DM: “So you’ve all been traveling for several weeks, anything you want to add about what you’ve been doing on the way?”

Player: “Uh, I spot check?”

DM, sighs, “Okay, roll for it.”

Player rolls an 18.

DM: “Along the way you notice the hidden chest and find a latrine shovel. Anything else you’re doing?”

Insert 5 minute argument that it should just be a normal shovel and therefore it shouldn’t be limited to just digging latrines.

DM: “Now that that’s settled, you can add your normal shovel that isn’t a latrine shovel but can still be used to dig latrines to your inventory and answer the question if there’s anything else you did, or maybe dug and then filled with something other than the dirt you just dug from it before filling it with the dirt you dug from it?”

Player: “Oh, I know! I listen! Uh I rolled a 6 :(”

DM: “You don’t hear anything and you all die from burst bladders and ruptured colons!”

Insert 5 minute argument about which one, since it was unlikely that each of their bladders and colons burst simultaneously.

Even today some parts need to be written in assembly, like context switches.

Olauncher is highly rated and collects/shares 0 data (at least according to the data safety section on its Google Play page, though I have no idea how reliable that is).

I installed it yesterday. I’m not hating it but not sure if I like it. It’s very minimal. Like you don’t even see the notification bar from the home screen and are limited to putting 8 apps on there (after you adjust the setting from 4). Everything else is on an alphabetical list, which has forced me to remember the names of apps instead of just remembering the icon and position I gave it in Nova. But it might just be something I need to get used to, so I’ll give it some more time.

If it look at the data safety section for Niagara launcher on Google Play store, it is also collecting and sharing data with 3rd parties. The cross section is a bit smaller than Nova’s but it was still enough for me to nope out of there.

And when that stops working, I’ll just stop watching any YouTube videos.

One reason you’ll have difficulty finding something that can do this with total anonymity is that it overlaps a lot with what financial scammers want to do: get the money (traceable but it will take some time for the other side to catch on) and use it in a way that isn’t traceable.