The post "Everyone knows all the apps on your phone" argues that the extensive data collection practices of mobile advertising networks effectively reveal which apps individuals use, even without explicit permission. Through deterministic and probabilistic methods linking device IDs, IP addresses, and other signals, these networks can create detailed profiles of app usage across devices. This information is then packaged and sold to advertisers, data brokers, and even governments, allowing them to infer sensitive information about users, from their political affiliations and health concerns to their financial status and personal relationships. The post emphasizes the illusion of privacy in the mobile ecosystem, suggesting that the current opt-out model is inadequate and calls for a more robust approach to data protection.
The Register reports that Google collects and transmits Android user data, including hardware identifiers and location, to its servers even before a user opens any apps or completes device setup. This pre-setup data collection involves several Google services and occurs during the initial boot process, transmitting information like IMEI, hardware serial number, SIM serial number, and nearby Wi-Fi access point details. While Google claims this data is crucial for essential services like fraud prevention and software updates, the article raises privacy concerns, particularly because users are not informed of this data collection nor given the opportunity to opt out. This behavior raises questions about the balance between user privacy and Google's data collection practices.
HN commenters discuss the implications of Google's data collection on Android even before app usage. Some highlight the irony of Google's privacy claims contrasted with their extensive tracking. Several express resignation, suggesting this behavior is expected from Google and other large tech companies. One commenter mentions a study showing Google collecting data even when location services are disabled, and another points to the difficulty of truly opting out of this tracking without significant technical knowledge. The discussion also touches upon the limitations of using alternative Android ROMs or de-Googled phones, acknowledging their usability compromises. There's a general sense of pessimism about the ability of users to control their data in the Android ecosystem.
A UK watchdog is investigating Apple's compliance with its own App Tracking Transparency (ATT) framework, questioning why Apple's first-party apps seem exempt from the same stringent data collection rules imposed on third-party developers. The Competition and Markets Authority (CMA) is particularly scrutinizing how Apple gathers and uses user data within its own apps, given that it doesn't require user permission via the ATT pop-up prompts like third-party apps must. The probe aims to determine if this apparent double standard gives Apple an unfair competitive advantage in the advertising and app markets, potentially breaching competition law.
HN commenters largely agree that Apple's behavior is hypocritical, applying stricter tracking rules to third-party apps while seemingly exempting its own. Some suggest this is classic regulatory capture, where Apple leverages its gatekeeper status to stifle competition. Others point out the difficulty of proving Apple's data collection is for personalized ads, as Apple claims it's for "personalized experiences." A few commenters argue Apple's first-party data usage is less problematic because the data isn't shared externally, while others counter that the distinction is irrelevant from a privacy perspective. The lack of transparency around Apple's data collection practices fuels suspicion. A common sentiment is that Apple's privacy stance is more about marketing than genuine user protection. Some users also highlight the inherent conflict of interest in Apple acting as both platform owner and app developer.
Umami is a self-hosted, open-source web analytics alternative to Google Analytics that prioritizes simplicity, speed, and privacy. It provides a clean, minimal interface for tracking website metrics like page views, unique visitors, bounce rate, and session duration, without collecting any personally identifiable information. Umami is designed to be lightweight and fast, minimizing its impact on website performance, and offers a straightforward setup process.
HN commenters largely praise Umami's simplicity, self-hostability, and privacy focus as a welcome alternative to Google Analytics. Several users share their positive experiences using it, highlighting its ease of setup and lightweight resource usage. Some discuss the trade-offs compared to more feature-rich analytics platforms, acknowledging Umami's limitations in advanced analysis and segmentation. A few commenters express interest in specific features like custom event tracking and improved dashboarding. There's also discussion around alternative self-hosted analytics solutions like Plausible and Ackee, with comparisons to their respective features and performance. Overall, the sentiment is positive, with many users appreciating Umami's minimalist approach and alignment with privacy-conscious web analytics.
The Asurion article outlines how to manage various Apple "intelligence" features, which personalize and improve user experience but also collect data. It explains how to disable Siri suggestions, location tracking for specific apps or entirely, personalized ads, sharing analytics with Apple, and features like Significant Locations and personalized recommendations in apps like Music and TV. The article emphasizes that disabling these features may impact the functionality of certain apps and services, and offers steps for both iPhone and Mac devices.
HN commenters largely express skepticism and distrust of Apple's "intelligence" features, viewing them as data collection tools rather than genuinely helpful features. Several comments highlight the difficulty in truly disabling these features, pointing out that Apple often re-enables them with software updates or buries the relevant settings deep within menus. Some users suggest that these "intelligent" features primarily serve to train Apple's machine learning models, with little tangible benefit to the end user. A few comments discuss specific examples of unwanted behavior, like personalized ads appearing based on captured data. Overall, the sentiment is one of caution and a preference for maintaining privacy over utilizing these features.
OpenHaystack is an open-source project that emulates Apple's Find My network, allowing users to track Bluetooth devices globally using Apple's vast network of iPhones, iPads, and Macs. It essentially lets you create your own DIY AirTags by broadcasting custom Bluetooth signals that are picked up by nearby Apple devices and relayed anonymously back to you via iCloud. This provides location information for the tracked device, offering a low-cost and power-efficient alternative to traditional GPS tracking. The project aims to explore and demonstrate the security and privacy implications of this network, showcasing how it can be used for both legitimate and potentially malicious purposes.
Commenters on Hacker News express concerns about OpenHaystack's privacy implications, with some comparing it to stalking or a global mesh network of surveillance. Several users question the ethics and legality of leveraging Apple's Find My network without user consent for tracking arbitrary Bluetooth devices. Others discuss the technical limitations, highlighting the inaccuracy of Bluetooth proximity sensing and the potential for false positives. A few commenters acknowledge the potential for legitimate uses, such as finding lost keys, but the overwhelming sentiment leans towards caution and skepticism regarding the project's potential for misuse. There's also discussion around the possibility of Apple patching the vulnerability that allows this kind of tracking.
Security researcher Sam Curry discovered multiple vulnerabilities in Subaru's Starlink connected car service. Through access to an internal administrative panel, Curry and his team could remotely locate vehicles, unlock/lock doors, flash lights, honk the horn, and even start the engine of various Subaru models. The vulnerabilities stemmed from exposed API endpoints, authorization bypasses, and hardcoded credentials, ultimately allowing unauthorized access to sensitive vehicle functions and customer data. These issues have since been patched by Subaru.
Hacker News users discuss the alarming security vulnerabilities detailed in Sam Curry's Subaru hack. Several express concern over the lack of basic security practices, such as proper input validation and robust authentication, especially given the potential for remote vehicle control. Some highlight the irony of Subaru's security team dismissing the initial findings, only to later discover the vulnerabilities were far more extensive than initially reported. Others discuss the implications for other connected car manufacturers and the broader automotive industry, urging increased scrutiny of these systems. A few commenters point out the ethical considerations of vulnerability disclosure and the researcher's responsible approach. Finally, some debate the practicality of exploiting these vulnerabilities in a real-world scenario.
This article details the creation of a custom star tracker for astronaut Don Pettit to capture stunning images of star trails and other celestial phenomena from the International Space Station (ISS). Engineer Jas Williams collaborated with Pettit to design a barn-door tracker that could withstand the ISS's unique environment and operate with Pettit's existing camera equipment. Key challenges included compensating for the ISS's rapid orbit, mitigating vibrations, and ensuring the device was safe and functional in zero gravity. The resulting tracker employed stepper motors, custom-machined parts, and open-source Arduino code, enabling Pettit to take breathtaking long-exposure photographs of the Earth and cosmos.
Hacker News users generally expressed admiration for Don Pettit's ingenuity and "hacker" spirit, highlighting his ability to create a functional star tracker with limited resources while aboard the ISS. Several commenters appreciated the detailed explanation of the design process and the challenges overcome, such as dealing with vibration and thermal variations. Some discussed the technical aspects, including the choice of sensors and the use of stepper motors. A few pointed out the irony of needing a custom-built star tracker on a space station supposedly packed with sophisticated equipment, reflecting on the limitations sometimes imposed by bureaucracy and pre-planned missions. Others reminisced about previous "MacGyver" moments in space exploration.
Summary of Comments ( 392 )
https://news.ycombinator.com/item?id=43518866
Hacker News users discussed the privacy implications of app usage data being readily available to mobile carriers and how this data can be used for targeted advertising and even more nefarious purposes. Some commenters highlighted the ease with which this data can be accessed, not just by corporations but also by individuals with basic technical skills. The discussion also touched upon the ineffectiveness of current privacy regulations and the lack of real control users have over their data. A few users pointed out the potential for this data to reveal sensitive information like health conditions or financial status based on app usage patterns. Several commenters expressed a sense of resignation and apathy, suggesting the fight for data privacy is already lost, while others advocated for stronger regulations and user control over data sharing.
The Hacker News post "Everyone knows all the apps on your phone" (linking to a Substack article about app usage data collection) generated a lively discussion with several compelling comments.
Many commenters discussed the technical mechanisms behind this data collection, pointing out that it goes beyond simply tracking app store downloads. Several highlighted the role of "device graphs," which link together various devices and online identities belonging to the same individual through sophisticated cross-referencing of information like IP addresses, advertising identifiers, and shared accounts. This allows companies to build a comprehensive picture of a user's app usage even across different devices. Some elaborated on how this data is packaged and sold, emphasizing the scale and pervasiveness of this practice.
A recurring theme was the lack of genuine informed consent. Commenters argued that the current opt-out mechanisms are often buried in complex privacy policies or presented in a way that discourages users from exercising their choices. Some expressed skepticism about the effectiveness of privacy-focused operating systems or VPNs in fully mitigating this tracking, given the sophisticated techniques employed by data brokers.
Several commenters discussed the implications of this data collection, ranging from targeted advertising to potential misuse by governments or malicious actors. Some raised concerns about the chilling effect this surveillance could have on freedom of expression and association. The potential for discrimination based on inferred characteristics from app usage was also mentioned.
A few commenters offered practical advice on mitigating this tracking, such as regularly clearing advertising identifiers and being selective about the permissions granted to apps. However, there was a general consensus that individual efforts are insufficient and that stronger regulatory measures are needed to address the systemic nature of this data collection.
Some of the more compelling comments included specific examples of how this data is used, anecdotes about unexpected data linkages, and technical deep dives into the methods employed by data brokers. The discussion also touched upon the ethical implications of this practice and the broader societal consequences of widespread digital surveillance. While some comments offered a resigned acceptance of this reality, others expressed a desire for greater transparency and control over personal data.