The post "Everyone knows all the apps on your phone" argues that the extensive data collection practices of mobile advertising networks effectively reveal which apps individuals use, even without explicit permission. Through deterministic and probabilistic methods linking device IDs, IP addresses, and other signals, these networks can create detailed profiles of app usage across devices. This information is then packaged and sold to advertisers, data brokers, and even governments, allowing them to infer sensitive information about users, from their political affiliations and health concerns to their financial status and personal relationships. The post emphasizes the illusion of privacy in the mobile ecosystem, suggesting that the current opt-out model is inadequate and calls for a more robust approach to data protection.
This guide emphasizes minimizing digital traces for protesters through practical smartphone security advice. It recommends using a secondary, "burner" phone dedicated to protests, ideally a basic model without internet connectivity. If using a primary smartphone, strong passcodes/biometrics, full-disk encryption, and up-to-date software are crucial. Minimizing data collection involves disabling location services, microphone access for unnecessary apps, and using privacy-respecting alternatives to default apps like Signal for messaging and a privacy-focused browser. During protests, enabling airplane mode or using Faraday bags is advised. The guide also covers digital threat models, stressing the importance of awareness and preparedness for potential surveillance and data breaches.
Hacker News users discussed the practicality and necessity of the guide's recommendations for protesters. Some questioned the threat model, arguing that most protesters wouldn't be targeted by sophisticated adversaries. Others pointed out that basic digital hygiene practices are beneficial for everyone, regardless of protest involvement. Several commenters offered additional tips, like using a burner phone or focusing on physical security. The effectiveness of GrapheneOS was debated, with some praising its security while others questioned its usability for average users. A few comments highlighted the importance of compartmentalization and using separate devices for different activities.
Summary of Comments ( 392 )
https://news.ycombinator.com/item?id=43518866
Hacker News users discussed the privacy implications of app usage data being readily available to mobile carriers and how this data can be used for targeted advertising and even more nefarious purposes. Some commenters highlighted the ease with which this data can be accessed, not just by corporations but also by individuals with basic technical skills. The discussion also touched upon the ineffectiveness of current privacy regulations and the lack of real control users have over their data. A few users pointed out the potential for this data to reveal sensitive information like health conditions or financial status based on app usage patterns. Several commenters expressed a sense of resignation and apathy, suggesting the fight for data privacy is already lost, while others advocated for stronger regulations and user control over data sharing.
The Hacker News post "Everyone knows all the apps on your phone" (linking to a Substack article about app usage data collection) generated a lively discussion with several compelling comments.
Many commenters discussed the technical mechanisms behind this data collection, pointing out that it goes beyond simply tracking app store downloads. Several highlighted the role of "device graphs," which link together various devices and online identities belonging to the same individual through sophisticated cross-referencing of information like IP addresses, advertising identifiers, and shared accounts. This allows companies to build a comprehensive picture of a user's app usage even across different devices. Some elaborated on how this data is packaged and sold, emphasizing the scale and pervasiveness of this practice.
A recurring theme was the lack of genuine informed consent. Commenters argued that the current opt-out mechanisms are often buried in complex privacy policies or presented in a way that discourages users from exercising their choices. Some expressed skepticism about the effectiveness of privacy-focused operating systems or VPNs in fully mitigating this tracking, given the sophisticated techniques employed by data brokers.
Several commenters discussed the implications of this data collection, ranging from targeted advertising to potential misuse by governments or malicious actors. Some raised concerns about the chilling effect this surveillance could have on freedom of expression and association. The potential for discrimination based on inferred characteristics from app usage was also mentioned.
A few commenters offered practical advice on mitigating this tracking, such as regularly clearing advertising identifiers and being selective about the permissions granted to apps. However, there was a general consensus that individual efforts are insufficient and that stronger regulatory measures are needed to address the systemic nature of this data collection.
Some of the more compelling comments included specific examples of how this data is used, anecdotes about unexpected data linkages, and technical deep dives into the methods employed by data brokers. The discussion also touched upon the ethical implications of this practice and the broader societal consequences of widespread digital surveillance. While some comments offered a resigned acceptance of this reality, others expressed a desire for greater transparency and control over personal data.