Posted on 7 Comments

Global Vaccine Passports Have Arrived Courtesy of Google, EU

On June 30th, 2021, the Google Developers blog announced the launch of vaccine passports in Android through its Passes API.

Less than 24 hours later, the European Union, long mired in a sea of national standards for digital jab records, rolled out its EU-wide vaccine passport.

Two completely different vaccine passport schemes unveiled on the same day, encompassing the whole of the Western world? What are the odds!

Exceedingly low, of course. This level of coordination belies yet another blitz in the ongoing rollout of a global, technofeudal control grid. The EU has arguably been at the forefront of this rollout – its standardized digital jab certificate is little more than an aggregator for the draconian technology now operating at the Nation-State level.

Adoption of this unified standard is already approaching 100% of EU Member States. Doublethink rhetoric of restoring the Schengen Area’s “freedom of movement” abounds, even as additional barriers to travel are erected.

In this sense, Google and the US are playing catch-up. While de facto vaccine passports have been implemented sparingly in places like New York, California, and Hawaii, an ever-expanding number of States have banned the notion outright.

Yet herein lies the insidiousness of the public-private partnership model: Technocrats can use governments where it suits them, corporations where it does not, and an increasingly bizarre fusion of the two where necessary. Even the propaganda rollout surrounding jab passports is bifurcated by this model, with the EU using official government bulletins while Google syndicates the news via trendy tech blogs.

And though many States in the US have passed legislation or executive action to curb the implementation of vaccine passports, Google could care less.

Google Passes: Vaccine passports for all, regulation be damned

Like the contact tracing API before it, political resistance alone is proving ineffective against the technological implements of the Great Reset. Even the staunchest State level opponents to this agenda have done nothing to halt the hyperactive Bluetooth surveillance grid running on Android and iOS devices – on the contrary, many have used taxpayer money to help finance its data harvesting operations.

Similar political action against digital vaccine passports will not halt Google’s rollout via the Passes API, either.

In fact, Google’s selection of the Passes API to implement vaccine records is telling in its own right, given the information it already stores: Boarding passes for airlines. Travel tickets. Event tickets.

While legislative action in States like Florida may allow you to attend a Miami Dolphins game with your biological privacy in tact, the same may not be said for travel. The battle over Federalization of airline travel was lost on November 19th, 2001 with the creation of the Transportation Security Administration, whose influence has been expanding ever since – the latest privacy affront being the REAL ID Act, which mandates highly insecure RFID technology for interstate air travel.

Even more dangerous are biometric companies with government contracts, like CLEAR, whose terminals are already widely used at TSA PreCheck terminals and event centers.

Google Passes and other digitized jab certificates are simply a competing product. One that is already in the pocket of 85% of Americans alone, with similar adoption levels in Europe.

Products marketed for “convenience” like TSA PreCheck biometrics will, over time, become mandatory – the REAL ID Act itself is a perfect example of this Fabian creep. Passed all the way back in 2005, its full implementation has been pushed back multiple times due to individual State holdouts, most recently until 2023.

But these delays are immaterial – the framework’s existence is all that matters, as despite not being enforced, privacy-violating RFID technologies are now the norm for US driver’s licenses. Jab certificates like Google Passes will be no different. Once in place, they will be utilized – if not immediately, then in the future.

Not only can the Passes API integrate with third-party pharmaceutical companies to track jab history, it is also capable of storing results from dubious PCR tests. This level of biodigital convergence sets an unsettling precedent, as Silicon Valley’s expectation is that your medical history will now be in your pocket at all times, integrated with their servers, and subject to whatever authority may ask for it.

Passes is not an isolated product, either – it’s a development suite within the broader Google Pay SDK.

There are technical reasons why Google may have chosen to use the Pay SDK as opposed to a health-focused API like Google Fit – QR code generation, limited use passes, and encrypted keyrings are already present in the Passes API. However, despite Google Pay’s scant consumer use at present, the long-term intent is crystal clear: Access to financial services and medical records will be intertwined.

In Closing

The post-2020 era has pushed humanity to the precipice of a longstanding dream of our would-be comptrollers. Whether it is Newt Gingrich’s Age of Transitions or the late Zbignew Brzezinski’s Between Two Ages, the kind of biodigital convergence represented by digitized medical passports has been at the forefront of the Technocratic agenda for decades.

As Silicon Valley attempts to bridge the “last mile” of mandated biometric surveillance, resistance to these aims on an individual level remain multivariate – ditch your smartphone, or at least utilize a privacy-respecting alternative that is incompatible with Google or iOS services. Starve the business of travel and entertainment industries that would see us become serfs in exchange for bread and circuses.

If you’re in the EU, use paper records instead of digital equivalents, or better yet, refuse to comply at all.

Educate well-meaning policymakers to the threats represented by the pseudo-private sector and impress upon them that the dangers of State surveillance are rapidly being outpaced by Terms and Conditions mandated by smartphone companies.

Neofeudal Technocracy is desperately trying to extract humanity’s consent to these draconian efforts before the next phase of the so-called Great Reset.

Don’t let them.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this:
Posted on 41 Comments

Meet Jigsaw: Google’s Intelligence Agency

It’s no secret that Google regularly collaborates with intelligence agencies.

They are a known NSA subcontractor. They launched Google Earth using a CIA spy satellite network. Their executive suite’s revolving door with DARPA is well known.

In the wake of the January 6th Capitol event, the FBI used Google location data to pwn attendants with nothing more than a valid Gmail address and smartphone login:

A stark reminder that carrying a tracking device with a Google login, even with the SIM card removed, can mean the difference between freedom and an orange jump suit in the Great Reset era.

But Google also operates its own internal intelligence agency – complete with foreign regime change operations that are now being applied domestically.

And they’ve been doing so without repercussion for over a decade.

From Google Ideas to Google Regime Change

In 2010, Google CEO Eric Schmidt created Google Ideas. In typical Silicon Valley newspeak, Ideas was marketed as a “think/do tank to research issues at the intersection of technology and geopolitics.

Astute readers know this “think/do” formula well – entities like the Council on Foreign Relations or World Economic Forum draft policy papers (think) and three-letter agencies carry them out (do).

And again, in typical Silicon Valley fashion, Google wanted to streamline this process – bring everything in-house and remake the world in their own image.

To head up Google Ideas, Schmidt tapped a man named Jared Cohen.

He couldn’t have selected a better goon for the job – as a card-carrying member of the Council on Foreign Relations and Rhodes Scholar, Cohen is a textbook Globalist spook. The State Department doubtlessly approved of his sordid credentials, as both Condoleeza Rice and Hillary Clinton enrolled Cohen to knock over foreign governments they disapproved of.

Google Ideas’ role in the 2014 Ukraine regime change operation is well-documented. And before that, their part in overthrowing Mubarak in Egypt was unveiled by way of the Stratfor leaks.

More recently, the role of Google Ideas in the attempted overthrow of Assad in Syria went public thanks to the oft-cited Hillary Clinton email leaks:

Please keep close hold, but my team is planning to launch a tool on Sunday that will publicly track and map the defections in Syria and which parts of the government they are coming from.

Our logic behind this is that while many people are tracking the atrocities, nobody is visually representing and mapping the defections, which we believe are important in encouraging more to defect and giving confidence to the opposition.

Given how hard it is to get information into Syria right now, we are partnering with Al-Jazeera who will take primary ownership over the tool we have built, track the data, verify it, and broadcast it back into Syria. I’ve attached a few visuals that show what the tool will look like. Please keep this very close hold and let me know if there is anything eke you think we need to account for or think about before we launch. We believe this can have an important impact.

-Jared Cohen to State Dept. Officials, July 25, 2012

With all this mounting evidence, surely Google Ideas was decommissioned. Surely Jared Cohen was swiftly ousted from his position at one of America’s premier Big Tech darlings for crimes against humanity, right?

Of course not!

Why scrap all that hard work when you can just rebrand and shift your regime change operations to domestic targets?

Google Jigsaw – USA Psyop Edition

Google Ideas was renamed Google Jigsaw in 2015 after years of bad press and controversy – this time with an eye on performing psychological operations in the United States.

But all that experience data mining and overthrowing Middle Eastern nations wasn’t just thrown out. Rather, Jigsaw repurposed its internal psychological operations program (code-named Operation Abdullah) to instead target “right-wing conspiracy theorists,” as revealed by privacy researcher Rob Braxman.

Using a technique known as the redirect method, Jigsaw attempts to populate outbound links to dissuade potential thought-criminals from looking at wrongthink.

Make no mistake – the redirect method is about more than manipulation of search engine results. It’s one thing to manipulate the content of searches based on query strings, but to target the psychology of the searcher themselves requires an accurate psychological profile of the person doing the searching.

And Google has psych profiles in spades thanks to centralized Google logins: To Android phones, to Gmail accounts, to adjunct services like YouTube, even to children via Google Classroom.

You don’t even need to use Google’s search engine to populate them with weaponized data. In fact, search alone provides far fewer avenues for offensive metadata usage than a cell phone.

We would implore readers to take a look at Jigsaw’s site. It’s a study in how to use front-end design to creep out your visitor, as a snippet of JavaScript code ensures your cursor is tracked in a spotlight throughout your visit:

Jigsaw’s front-end design team has a clear message for you: There’s nowhere to hide.

The site also uses another bit of intelligence tradecraft known as “transferrence” – it’s a simple psychological tactic of shifting blame from yourself to your target.

The four subheaders on Jigsaw’s homepage, Disinformation, Censorship, Toxicity, and Violent Extremism demonstrate this tactic at work.

  • There is no greater source of media disinformation than MSM and the information served up by Google search engines.
  • Big Tech are at the forefront of destroying free speech through heavy-handed censorship, Google among them.
  • Psychological manipulation tactics used by the social justice crowd doubtlessly instill toxicity in those subjected to them.
  • And Google’s well-documented history of participating in bloody regime change as described in this article are textbook cases of violent extremism.

Yet Jigsaw markets itself as combating these societal ails. Of course, nothing could be further from the truth, just as Google’s former company tag-line of “Don’t Be Evil” was a similar reversal of reality.

And yes, regime change aficionado Jared Cohen is still the CEO of Google Jigsaw. In fact, Jigsaw, LLC was overtly brought back in-house as of October 2020.

In Closing

As we’ve described in previous articles, vast swaths of the State-controlled Panopticon are currently being outsourced to Big Tech companies.

Call this phenomenon a public-private partnership. Call it the Great Reset. Call it Agenda 2030, or Agenda 21, or “stakeholder capitalism,” or any of the other euphemisms dreamt up by these hapless would-be oligarchs to sell neofeudal Technocracy to the public.

Making intelligence services pseudo-independent from the State is simply a mandatory prerequisite for fully globalizing them.

Furthermore, as the Biden administration seeks to reclassify half of the country as domestic extremists, it’s no secret that companies like Google, with their vast data weaponization programs, will play a key role in identifying Public Enemy #1:

You.

There is no “silver bullet” solution to this problem. Nearly all consumer electronics can be exploited at very low levels. Even the Internet itself is a longstanding military intelligence operation.

But this doesn’t mean any action short of becoming a Luddite is meaningless!

If data is the new oil, it’s time to shut off your well:

  • Abstain from using Google Mail, Docs, or Search where possible.
  • Seek out alternative social media and content creation platforms.
  • If your smartphone requires heavy dependence on Apple or Google for logins or closed-source apps, consider privacy-respecting alternatives.
  • Familiarize yourself with common data harvesting tactics and take action where you can.

While a full list of meaningful action is beyond the purview of this post (or any single blog entry for that matter), the important takeaway here is this:

We cannot opt out of mass government surveillance. But we knowingly consent to most forms of “privatized” intelligence gathering.

Take the first step and revoke your consent.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this:
Posted on 17 Comments

PROOF: You Cannot Disable Contact Tracing

As we have covered in previous posts, there is no simple way to disable contact tracing on your smartphone.

If you’re using an iPhone or an unmodified Android device, the Exposure Notifications toggle in your settings is simply for show – a Potemkin village of privacy. There’s no way to audit the code and verify that your phone is no longer a hyperactive Bluetooth location tracker when you switch your contact tracing slider from ON to OFF.

However, this privacy threat was theoretical… until now.

News broke this weekend on Hacker News that, at least in the State of Massachusetts, Google can outright ignore your contact tracing preferences.

But it gets worse.

They can also install State-sponsored tracking applications without your knowledge or consent.

The application in question, MassNotify, does not have a visible icon on your smartphone. It cannot even be found by direct search in the Google Play store. For all intents and purposes, it is a ghost in the machine.

Yet if you live in the State of Massachusetts and have an Android phone, MassNotify has likely been installed on your smartphone completely unbeknownst to you.

As one user from Hacker News reports:

I turned off auto-updates in the Play store (Settings -> Network preferences -> Auto update apps -> Don’t auto update apps) and went to sleep.

This morning I woke up with a cheerful notification that Google can help with COVID notifications and gov.ma.covid19.exposurenotifications.v3 installed — the app was pushed overnight over explicit instructions NOT to update (sure, one can say auto-install != auto-update, but it is worrying that forced pushes can happen even with every single relevant UI switch turned off).

madars

This user goes on to detail the ADB logs confirming malicious intent – if you’re the technical type, we’d recommend you take a look.

The fact that Google can ignore user input barring auto-updates should be unsettling enough, as it means you have no autonomy over the software running on your device. Yet Hacker News user madars goes one step further, confirming that they had disabled Exposure Notifications as well:

Yes, I confirmed last night that Settings -> Google -> COVID-19 Exposure Notifications was off.

madars

To make matters even worse, they also confirm there is no record of MassNotify having been installed to the average smartphone user – and that it’s possible two separate binaries of MassNotify were shipped depending on the user’s contact tracing settings:

Aside, I read somewhere but have not confirmed this myself that manually enabling that setting leads to a flow for installing the gov.ma.covid19.exposurenotifications app, whereas the forced update is gov.ma.covid19.exposurenotifications.v3 — note the extra v3.

By the way, MassNotify app is not visible from Play Store search (both on mobile and on desktop — https://play.google.com/store/search?q=MassNotify) and does not create an icon — you can only find it in Play Store via its internal name (e.g. a link like https://play.google.com/store/apps/details?id=gov.ma.covid19…), and would have to specifically look in system dialog for all apps to see if it is installed.

madars

Not only are Google and the Massachusetts Department of Public Health covering their tracks when installing this unsolicited spyware, they’re tracking whether or not you are the type of person who would disobey contact tracing edicts in the first place!

Google is not simply ignoring user consent in their ongoing mass surveillance dragnet. They are actively enabling governments in creating a “biosecurity surveillance” apparatus – whether you want to participate or not.

Previously, Apple and Google required the installation of third-party software like MassNotify to integrate with the contact tracing API, but as of October 2020, both companies offer this “service” in-house.

When the Davos and World Economic Forum crowd stress the need for public-private partnerships, this is what they mean: A panopticon that fuses the data collection efforts of pseudo-private entities like Google with the enforcement arm of the State.

So how do you really disable contact tracing?

The simplest solution to disable contact tracing is arguably the hardest for most people:

Get rid of your smartphone.

No, that does not mean go out and buy a flip or “dumb” phone in lieu of your fancy new iOS or Android device – even dumbphones are notoriously smart in the era of the Great Reset.

It means get rid of your cell phone altogether.

Are you capable of that? Many people aren’t – either due to employment circumstances, lifestyle, or lack of rural Internet access. Even simply leaving phones at home is increasingly difficult in a fully networked society.

There is, however, a secondary solution:

Use a phone that respects your privacy.

Unbeknownst to many, there are alternate operating systems for many smartphones that contain no contact tracing code – and optionally – no connection to Big Tech services whatsoever. The smartphone in your pocket right now may be capable of attaining this privacy with a bit of elbow grease.

And if you’re not the technical type, there are even outfits that offer preconfigured privacy smartphones.

They’re not a “silver bullet” by any means, but go a long way in protecting you from the threats described above.

Furthermore, simple solutions like faraday bags can sever all wireless communications with ease – just in case the panopticon decides to use cell carriers themselves for contact tracing in lieu of Big Tech APIs (which, if you live in the UK, is already happening).

It’s easy to become disheartened or fatalistic in this emerging Technocratic era where digital autonomy and privacy are viewed as little more than a pipe-dream. Yet for the time being, there are still avenues of escape for those willing to venture off the beaten path laid for us by Silicon Valley predators.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this:
Posted on Leave a comment

LineageOS vs OxygenOS: Should You Switch?

When it comes to custom ROM choices, OnePlus users are awash with options! As such, choosing LineageOS vs OxygenOS is a hot topic among OnePlus smartphone owners.

While most users will likely stick with the stock OxygenOS image, LineageOS is a popular alternative. Why might someone choose LineageOS over OxygenOS, given that both purport to be as close to “stock Android” as possible?

For starters, LineageOS is widely known as a great ROM for breathing new life into old smartphones. Owners of dated OnePlus models can keep their software up to date long after it has stopped receiving official updates.

Yet a second reason for reconsidering OxygenOS is now emerging: Privacy.

Privacy from who, you might ask? Both OnePlus itself and, optionally, the Google surveillance dragnet.

OxygenOS and Data Harvesting Backdoors

As a hardware manufacturer, we’ve got to hand it to OnePlus. Their smartphones are of incredibly high build quality and their commitment to unlocked bootloaders is a rarity, especially in the US smartphone market.

We at PrivacyToGo happily carry fully degoogled OnePlus devices in our shop without OxygenOS for this reason.

However, the stock OnePlus ROM, OxygenOS, has a more sordid history.

2017 was a rough year for OnePlus, the Shenzen-based manufacturer behind OxygenOS, as two major privacy scandals rocked the company.

First came the revelation of OnePlus Analytics, a tool that can only be described as spyware. Privacy researcher Chris Moore unveiled on his blog a set of API calls being made by OxygenOS, and the revelations were startling.

OnePlus was collecting vast swaths of data on OxygenOS users without their consent, including:

  • Serial number
  • Phone number
  • MAC address
  • IMEI (unique device identifier)
  • IMSI (unique carrier identifier)
  • ESSID (wireless network data)
  • Timestamped application usage

That’s a lot of personally identifiable information.

Just weeks later, another privacy researcher revealed Engineer Mode, a backdoor to OnePlus root access in devices with Qualcomm chips.

OnePlus was quick to retract their data harvesting operation, but the question remains: Can OxygenOS be trusted with your data in the future?

Well, as of September 2016, OnePlus merged development of its Chinese-only HydrogenOS with OxygenOS. In other words, the Chinese Communist Party’s surveillance requirements are now being applied to OnePlus devices the world over.

Furthermore, OnePlus development of OxygenOS only began after a high-profile trade dispute in India barred them from shipping CyanogenMOD (the predecessor of LineageOS) to that market. Rather than sell OnePlus devices with open-source alternatives by default, OnePlus opted to develop its own OS with spyware in tow.

But if this isn’t enough reason for privacy aficionados to choose LineageOS vs OxygenOS, the second threat to your digital autonomy is far more pervasive.

Google Apps: A Privacy Nightmare

If you’re an Android user concerned about privacy, Google is doubtlessly the biggest threat to your autonomy.

The risks presented to individual privacy by closed-source Google Apps on Android are almost too many to list. Contact tracing. Hyperaccurate location data. Device fingerprinting. Alert snooping.

An exhaustive list is beyond the scope of this article.

But when it comes to LineageOS vs OxygenOS, the choice is clear: OxygenOS cannot be degoogled.

LineageOS, by contrast, is almost tailor-made to remove Google spyware.

By default, LineageOS ships with no Google Apps or centralized Google fingerprinting whatsoever. In the battle of who is closest to “stock Android,” LineageOS is the clear winner over OxygenOS and its built-in Google App suite.

In addition, forks of LineageOS exist to restore some of the GSuite’s core functionality while simultaneously providing disinformation to Google servers, all while remaining open-source. The same is simply not possible with OxygenOS.

In short, if avoiding Google’s heavy-handed surveillance is the reason you bought a OnePlus device, you’re best off getting rid of OxygenOS altogether.

LineageOS vs OxygenOS: In Closing

For the privacy-conscious smartphone user, OxygenOS is simply not preferable.

OnePlus-developed software has proven time and again that it cannot be trusted with sensitive user data. And worse, Google as a whole is equally untrustworthy despite powering a shocking 87% of all mobile internet traffic.

Thankfully, OnePlus’s longstanding commitment to unlocked bootloaders means that smartphone owners aren’t stuck with OxygenOS unless they want to be.

If privacy is at the forefront of your tech concerns, consider flashing LineageOS to your OnePlus smartphone.

And if you’re concerned about Big Tech snoops like OnePlus and Google but are intimidated by the technical nature of changing your smartphone’s OS, you can always purchase a degoogled OnePlus device directly.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this:
Posted on 24 Comments

How Contact Tracing Works – Two (Equally Creepy) Case Studies

Do enough people know how contact tracing works?

One of my favorite weekly news wrap-up shows recently covered an interesting story.

It was from the Telegraph and entitled, “Millions ‘unwittingly tracked’ by phone after vaccination to see if movements changed.

The article’s contents are interesting – if not unsurprising – to those against the rising Surveillance Oligarchy. But the reversal from “contact tracing” the supposed ill to instead surveilling the vaccinated is worth noting, as is the method of tracing described in the article.

Is humanity aware of the multivariate methods of contact tracing beyond the toggle switch in iOS and Android?

And just how do the methods being used by the Anglo-American Establishment at Oxford University in the above Telegraph story differ from those being dreamt up by Silicon Valley?

The short answer is that multiple entities (namely your cell carrier, Google, Apple, and their State and corporate affiliates) are all vying for their position in the emergent Panopticon. The long answer has to do with resolution and accuracy of metadata, but we’ll get to that momentarily.

“We kill people based on metadata.” -General Michael Hayden

Most people know that contact tracing is a form of person-to-person surveillance using cell phones. Some know that Bluetooth is involved. Others are aware that cell carrier data can be used for contact tracing directly.

The deeper story lies in how each of these methods is accomplished, and by whom.

In this article, we’ll take a look at the technicals of contact tracing – examining the (limited) source code and source documents where possible and unveiling other engineering methods utilized where we can.

Apple <3 Google: A Match Made in Hell

The first time Apple and Google crossed paths, Google CEO and Apple board member Eric Schmidt silently stole the concept for Android from Apple’s iOS.

The two operating systems now account for nearly 60% of all web traffic.

So it is no surprise that these surveillance titans, after cornering most of modern web traffic, turned to weaponize it under the auspices of a public health crisis in May of 2020.

Despite a propaganda push to ensure the public that contact tracing surveillance data is “private,” it is anything but – while a lone hacker may have trouble fetching and decrypting packets sent by this contact tracing API, the companies behind contact tracing and their affiliates have already pwned you.

Apple and Google can ruminate all they want that their contact tracing data being sufficiently encrypted and private:

…yet their own API documentation reveals that all contact tracing is done on the Big Tech surveillance grid:

This code from Google’s contact tracing API (or Application Programming Interface), is closed-source and unauditable. But for the layman, the concept of the API is simple – it’s a bit of code that performs calculations from a third-party server and returns data to whoever asked for it.

In the case of Apple and Google’s contact tracing API, they’re the ones crunching the numbers. And they can share those results with whoever they want – governments, health insurance providers, police, intelligence agencies, you name it.

This doesn’t sound very private to me.

Even if identifiers to these API calls are 100% anonymized and encrypted, Apple and Google can still associate your identity based on your Gmail or iCloud device login. In other words, the opposite of private.

While both Apple and Google have alleged methods to disable contact tracing in their settings, there is no way of verifying that this functionality is actually turned off. Apple’s code is entirely closed-source, and while the Android Open Source Project is fairly open, Google’s contact tracing and gApps code is anything but.

And like any good future-proof protocol, the contact tracing API is extensible – in other words, its spec allows transfer of data over Bluetooth that can be defined in the future which may or may not have anything to do with alleged “health” screening:

Note the “Reserved for future use” byte identifiers

If Big Tech is good at anything, it’s stacking functions; today’s contact tracing API to fight a supposed global health menace is tomorrow’s turnkey vaccine passport (or social credit system). And the associated metadata predefined by the contact tracing Bluetooth spec demonstrates that additional capabilities were planned from the beginning.

Google has been performing hyperaccurate location snooping via WiFi triangulation for nearly a decade. Contact tracing is simply the latest iteration – spying from device-to-device via Bluetooth. This technology has likely existed for many years as well.

What is surprising is its blatant openness.

While both Apple and Google attempt to bedazzle users with talk of public-private key cryptography on intake servers, make no mistake – every phone with iOS or a Google account installed has a unique fingerprint, which makes associating an encrypted key with your identity relative child’s play:

Apple and Google admit to fingerprinting “legitimate user device(s)” while simultaneously claiming confidentiality.

Given that we have no idea what other metadata is logged by these “ingestion servers” or the associated database schemas, this assurance of anonymity is no more legitimate than a condo on Olympus Mons.

Both Google and Apple took this surveillance apparatus to new heights in late 2020, offering to collate data directly for State agencies without the need for them to build their own applications. Surveillance as a Service.

Yet in a world where cell phone carriers and three-letter agencies already have so much data about us, why have Apple and Google gone to such great lengths to establish their contact tracing APIs?

Privatizing former State apparatuses is one reason. Most people “consent” to smartphone Terms and Conditions, which are admissible in court. It’s hard to say that anyone consents to what happens in Bluffdale, Utah.

But another is granularity of data – Apple and Google already have a direct pipeline into your digital existence, no backdoors required. They log your location. Your emails. Your text messages. Any alert popup whatsoever, an oft-overlooked surveillance tool. Your speech. Even the way you move via accelerometer.

Why steal what is given freely?

Pipelining this data directly to the highest (or most powerful) bidder is an obvious information warfare benefit.

And your cell carrier wants in on the action, too.

Oxford University and the Cell Carrier Snoops

The kind of “vaccine tracing” surveillance described by the Telegraph is a completely different beast. Rather than utilize the contact tracing API data, Oxford University opted to go to cell carriers directly:

Cell tower data vs. API collection data, via the Telegraph

Oxford couldn’t take advantage of the contact tracing technology above (yet) as they were explicitly tracking those who’d taken the jab, not those diagnosed with the magic virus.

But as a relatively competent programmer myself, I bet they wish the contact tracing API could fulfill this mandate. The resolution of data and amount of potential information collected is simply much more personal, and in turn, accurate, when using Apple and Google’s API.

And as described above, Google and Apple’s Bluetooth specification is already extensible enough to support this use-case in the future.

Given these limitations, Oxford went to cell phone carriers directly. And there’s still a good amount of data to collect at the cell tower level, from the IMEI (device identifier) to the IMSI (carrier customer identifier). So the above assertion that the data collected is not “individual surveillance” is patently ridiculous, as there’s at least two unique identifiers collected by cell towers off the top of my head.

With 5G, this information nexus expands rapidly.

High-gigahertz spectrum RF like 5G is something of a trade-off – it allows significantly greater resolution of location data on urban serfs and far greater speed of data transmission while making only incremental surveillance gains in the countryside.

So if you are tracking a city like, say, London, for “vaccine reactions,” 5G fits the bill pretty well. What’s good for the goose is not necessarily good for the gander, as they say.

Yet this is also a prime example of mutual back-scratching – while telecoms themselves have a role to play in the emergent Surveillance Oligarchy, cell phone OS companies also stand to benefit from emergent 5G technologies. Imagine a future where Google and Apple have the bandwidth at the cell tower level to “livestream” your camera and microphone perpetually without your consent.

No need to imagine, as in many urban environments, this future is the present.

In Closing

In this article, we’ve examined two methods of how contact tracing works – the Silicon Valley API method and the cell carrier method, how both can be weaponized for either “health” screening or vaccine tracing, and how the latter’s methods ultimately enforce the former.

As an individual, what can be done to opt out?

Clearly, ticking off the “no contact tracing” option in your smartphone’s settings is simply not sufficient. Especially in a world where vaccine passports will soon supplant “illness” tracing using the same underlying technology.

If you’re using an iPhone, the solution is simple: Pitch it.

If you’re using an Android smartphone, you at least stand a chance against API metadata aggregation, the most dangerous form of corporatocratic surveillance described in this article.

Your ultimate solution is to degoogle – the Android OS is, for the time being, open-source. This means you can flash your own variant of Android without Google, or if you’re so inclined, purchase a degoogled phone directly.

There’s not much that can be done regarding carrier tracking aside from pulling your SIM card or ditching your phone entirely – even flip phones are no longer a viable alternative, with the phaseout of 3G and Google’s recent purchase of KaiOS.

The emergent digital Panopticon is rapidly taking shape around us, and while the front door slammed shut in May of 2020, there are still windows of escape.

Seize them while you can.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this:
Posted on Leave a comment

5 Open Source F-Droid Apps That Rock

fdroid

When it comes to software that respects your privacy, the open source F-Droid store is your one-stop shop for Android apps.

Whether you’re using a fully degoogled smartphone or simply looking to use FOSS (free and open source) software on your vanilla Android smartphone, F-Droid offers some serious perks over the closed-source and spyware-laden Google Play Store.

Looking to get started with F-Droid? Here’s some of our favorite apps to get you started!

1. NewPipe

We certainly understand why people don’t like YouTube these days.

Censorship is rampant. It’s a Google property. And the YouTube app’s inability to block ads or listen to videos with your phone’s screen off (unless you pay up, of course) is problematic, to say the least.

That’s where NewPipe comes in. It’s an open-source YouTube scraper that allows you to watch videos, subscribe to creators, and even download content without using a Google account.

NewPipe is also ad-free by default!

You can even listen to videos with NewPipe while your phone’s screen is shut off. ? It’s a great touch for listening to podcasts and music on the go!

2. AntennaPod + Feeder

Okay, this one’s cheating a bit. AntennaPod and Feeder are two separate apps.

But they’re both RSS feed parsers, so that makes it okay, right?

AntennaPod is a podcasting app. It’s arguably the best Android podcatcher out there, open source or not. The fact that it’s available on the open source F-Droid shop is just icing on the cake.

AntennaPod can take manual RSS feed submissions if you want to subscribe to your favorite creators directly. It also supports PodcastIndex, a new podcast aggregation service trying to compete directly with iTunes and Spotify. There are even apps pushing blockchain-hosted podcasts directly to AntennaPod!

Feeder, by contrast, is for text-based RSS feeds. Why let algorithms serve your news to you? With Feeder, you can subscribe to your favorite blogs and news outlets directly and get them pushed straight to your degoogled smartphone.

Dictate by algorithm is one of the most insidious methods used by Big Tech to manipulate social outcomes. RSS-based apps like AntennaPod and Feeder go a long way in fixing this.

3. FairEmail

Your degoogled phone doesn’t have Gmail. That’s probably for the best.

But how do you manage the rest of your email accounts? Individual browser apps are cumbersome, and if you’re managing multiple inboxes, they can quickly become a chore.

FairEmail is a fantastic open source F-Droid email client. They support Gmail, Outlook, Yahoo, Yandex, and all POP3 accounts by default. And if you know your email server’s credentials, you can add any self-hosted email client as well.

Email is, by its nature, not a private technology. But limiting the number of services that have access to your emails by default is still a worthwhile endeavor.

As a runner-up, ProtonMail also has a closed-source app that you can install via Aurora Store. However, self-hosted email inboxes are always preferable to third-parties, even encrypted ones.

4. OsmAnd+

OsmAnd+ is an open source navigation app.

It’s not as user-friendly as Google Maps or as full-featured as Waze. But if you value your autonomy and privacy, even while using GPS, OsmAnd+ is a great option.

And if you’re using OsmAnd+ on a fully degoogled phone, then you can rest assured that Google’s location services and creepy WiFi triangulation technology aren’t active.

We’ve got a full article on using GPS with degoogled phones here.

5. Aurora Store

Aurora Store is the premier Google Play Store replacement.

It’s a portal to the same apps you know and love in Google’s Play Store, but with an open source and privacy-respecting implementation. If you simply can’t go without some of your favorite “normal” apps, Aurora Store is the best place to get them.

How does Aurora Store respect your privacy while downloading apps from Google services, though?

First and foremost, Aurora Store does not require a Google account or login. They create an anonymous account on your behalf to avoid leaking data to Google.

The second cool feature offered by Aurora Store is device spoofing. This basically allows your phone to “lie” to Google services about your device type and language when downloading apps and offers a huge privacy boost over using Google Apps directly.

But be wary – many degoogled ROMs do not actually support device spoofing by default!

All phones we sell here at PrivacyToGo support device spoofing and we have a more comprehensive article on this topic here.

In Closing

Whether you’re using a fully degoogled smartphone or simply looking to reduce your dependency on Google spyware, installing and using apps from F-Droid is a great start.

Some of the apps you’ll find in F-Droid might not be as polished or feature-rich as you’re used to, but the trade-off in terms of privacy is unparalleled. We hope this brief guide gets you started on your journey using more FOSS software on Android!

For those who want to take smartphone privacy to the next level, a fully degoogled smartphone is the natural next step.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this:
Posted on 2 Comments

GPS on a Degoogled Phone

One of the most common questions we get about degoogled phones is, “Can I use GPS on a degoogled phone?”

The confusion here is understandable!

By its nature, a degoogled phone will not work with Google Maps or Google Navigation services. For some people, this is a huge deal-breaker.

However, all hope is not lost. There are a lot of options for navigation outside of Google Maps, and even outside of cell phones themselves.

But before we talk about alternatives to Google Maps on degoogled phones, let’s talk about why Google Maps itself is so dangerous to your privacy.

Weaponized WiFi

Ever wonder how your Android or iPhone device has such insanely accurate location data?

“Normal” GPS is only accurate within a few hundred yards, but Google can peg your location within mere feet!

They do this through a technology called WiFi triangulation.

Your phone is constantly scanning for WiFi access points wherever it goes, and Google has been logging and stealing locations of all routers in the world for over a decade.

In short, if your phone is ever within range of a router whose location Google knows, they also know exactly where your phone is, even without GPS.

The signal strength of your WiFi isn’t just for your convenience, it’s also used to determine your location in vicinity to a wireless access point.

With the advent of contact tracing technology, Google is now admitting they can also do this with Bluetooth in relation to other people’s phones.

Very creepy stuff! For some people, the convenience of Google Maps is worth this trade-off. But it’s important to understand just how large this violation of privacy is in order to make informed decisions.

Alternatives to Google Maps

Now that we’ve identified why Google Maps is such an affront to your privacy, let’s explore some alternatives for GPS on a degoogled phone.

This is Will Smith in Enemy of the State.

Don’t be like Will Smith.

OsmAnd+

OsmAnd+ is an open-source client that uses Open Street Maps for navigation. It is by far the most popular open-source GPS client and also the best.

In addition to being open-source and privacy-respecting by default, OsmAnd+ also has a number of unique features, like the ability to download and use maps completely offline!

OsmAnd+ is far from perfect, though. You won’t have the convenience of simply searching for a business and mapping to it as you do in Google Maps.

And sometimes, Open Street Maps will have trouble pulling a location from an address. You might have to resort to using coordinates instead.

But overall, it’s a very serviceable GPS app for occasional mapping needs.

MapQuest

Does anyone remember MapQuest? Well, they’re still alive and kicking!

Rather than use GPS directly, you can use a service like MapQuest to deliver directions to your phone. You won’t get turn-by-turn directions this way, but you will have a predefined route that you can follow.

Is this less convenient than Google Maps? Definitely.

Is using a service like MapQuest worth it to retain your privacy? That’s up to you.

Standalone GPS Unit

Before the advent of smartphones, standalone GPS was the only option for turn-by-turn navigation.

And thankfully, it’s still a great option!

GPS companies are not data surveillance companies like Google – their business is selling GPS units and making sure you get from Point A to Point B.

They make their money by providing you with a good product and service, not by spying on you and selling your data to third-parties.

GPS units aren’t cheap – a good one can cost upwards of $100, almost the cost of another budget smartphone. But they offer a great mapping experience without surrendering your autonomy in the process.

Use Two Phones

This option may sound counterintuitive at first, but it’s actually the method we use here at PriviacyToGo.

The method is simple:

  • Use your degoogled phone for 99% of your daily use
  • Keep a second phone as a backup, turned off (and ideally in a faraday cage) and use it only for GPS

This is a great option for those who have an old cell phone lying around – and who doesn’t have an old phone or two collecting dust somewhere? πŸ™‚

You also get another benefit from going this route, and that’s the ability to use your old phone as a honeypot for your privacy.

Your old phone, whose identity Google and countless other trackers already know, will generate a “false” fingerprint of your phone usage habits. All the while, your “real” phone, the degoogled one, is not leaking this information to Big Tech.

This option is also ideal for professional couriers, like those who drive for Uber and Lyft, who require Location Services to do their job.

In Closing

When it comes to GPS on a degoogled phone, there are a lot of options at your disposal.

Some options, like standalone GPS, are even more convenient than using Google Maps. Others sacrifice some convenience in exchange for increased privacy.

If you are the type of person who only uses GPS every now and then, all of the above options are great to consider. Heavy GPS users might require a bit more forethought.

Either way, life after Google doesn’t mean a life without GPS!

Ready to take the next step? We sell degoogled phones at our shop.

Share this:
Posted on Leave a comment

Will The Linux Phone Ever Take Off?

Let’s talk about the possibility of a user-friendly Linux Phone… by talking about the present of the Linux Desktop.

I’ve been using Linux as a daily driver for almost 10 years. My first experience was not a great one.

The Linux Desktop

Sometime in 2006, I eagerly burned a copy of Ubuntu Dapper Drake and installed it on my desktop. I didn’t know the first thing about the open-source software movement, but the idea of a free (as in beer) OS was understandably appealing to a high school kid.

My experiment ended shortly after I failed to connect to the Internet as driver support was scant in those days. D’oh! Back to the familiarity of Microsoft spyware I went.

Six years later and armed with basic command-line skills, I gave Ubuntu another shot, and I’ve run some form of Linux on all my machines ever since (Canonical has lost my trust, but that’s a story for another day).

When my dad’s aging MacBook stopped receiving software updates, I didn’t hesitate to install Linux to keep him secure and free from Big Tech snoops. My dad isn’t technical. He uses a web browser, LibreOffice, and prints the occasional document.

Yet it took the Linux desktop roughly 24 years, from 1991 to 2015, until it was usable by someone like my father for the most basic tasks.

And despite the significant advantages Linux has to offer software developers and the privacy-conscious, there’s plenty of tasks it’s still ill-equipped for! Advanced video editing, 3D modeling, and gaming, to name just a few.

What does this have to do with the future of a user-friendly Linux smartphone? Everything!

The Linux Phone

Let’s consider that the first pure implementation of Linux on a phone was in 2011 with the inception of Ubuntu Touch. Today, Ubuntu Touch has all the same problems that Ubuntu Desktop had when I tried it back in 2006.

  • It has poor hardware support
  • There are virtually no apps available
  • It’s difficult to install

Ubuntu Touch is simply not suited for daily use yet.

While I eagerly await a world where I can rid myself of Android permanently, we’re just not there. Until then, a degoogled phone is probably the best compromise of privacy and usability we can hope for.

Share this:
Posted on 1 Comment

More AOSP Details – Round Two!

A user on the awesome No Agenda Social app raised some interesting points regarding our latest article. Rather than keep them to ourselves, we figured we’d share our response as a blog post in case anyone else raises these questions in the future.

Thanks for the valuable feedback – our intent here is not to confuse, but to illuminate, and you’ve brought up some good points that require more specificity. We have no dog in this proverbial fight as both Lineage and Graphene are great OSes, we just think the former is a bit more n00b friendly.

That being said, Pixels sold from US carriers are notorious for poor bootloader unlock compatibility. Some carriers require a SIM unlock first (T-Mobile, AT&T) and others, like Verizon, have locked bootloaders in perpetuity. A brief search of the XDA-Developers forum will demonstrate how much difficulty there is in trying to unlock a bootloader on handsets with an incompatible SKU.

Pixels outside of the CDMA-dominated US market are largely unlockable, and many European countries have laws specifically disallowing bootloader and SIM locks. So if you’re in Europe, this device compatibility issue probably doesn’t apply to you πŸ™‚

The only way to absolutely guarantee bootloader unlockability on a US Pixel out of the box is by purchasing a Pixel from Google directly or sourcing an aftermarket phone that was purchased from the Google Shop. Google’s nomenclature refers to these as “Google Edition” and “Developer Edition” in their package inserts depending on the generation. It’s great if you can source non-OEM Pixels with unlockable bootloaders, but you’re at the whims of the carrier here. We hear Best Buy sells OEM Pixels in the US, so that’s another option.

As for Aurora Store, yes, you can download it on F-Droid with GrapheneOS – but it totally defeats the purpose of a degoogled phone, as Graphene does not support signature spoofing for Google API calls. In fact, the Graphene team is almost militantly AGAINST adding signature spoofing via MicroG because “security”:
https://www.reddit.com/r/GrapheneOS/comments/bnfx6r/signature_spoofing_support/

For the record, the LineageOS team also refuses to add signature spoofing by default. That’s why we focus on the MicroG fork of Lineage in particular here at PrivacyToGo as we feel providing disinformation to Google is not just a cool feature, but a moral obligation πŸ˜‰

The trade-off here is clear: Security or privacy, which do you value more? If you’re using Aurora via Graphene right now and value your privacy, we’d highly recommend you uninstall it and use an alternative like APKPure instead. You’ll sacrifice push notifications and easy updates, but if your intent is to avoid Big Tech snitches, Aurora Store without metadata disinformation is still giving Google a decent amount of usage data about you.

If you can ride with Graphene in perpetuity, God bless you, truly. It’s an OS that’s designed for open-source apps first and foremost. Most people aren’t willing to make that trade-off to preserve privacy (yet), but we hope the world will get there in time.

Share this:
Posted on 25 Comments

LineageOS vs GrapheneOS – Which Degoogled ROM is Right for You?

When it comes to choosing LineageOS vs GrapheneOS (or any other degoogled ROM for that matter), confusion abounds and debates can get very heated!

The tl;dr is that it doesn’t matter much from a privacy perspective. Any variant of Android without Google and based on the Android Open Source Project is going to offer unparalleled privacy and security gains over a traditional iPhone or Android smartphone.

However, there are subtle differences when comparing LineageOS vs GrapheneOS that are worth exploring.

Here at PrivacyToGo, we’ve chosen to focus our efforts on the microG fork of LineageOS, though we’re happy to flash GrapheneOS for Pixel customers on request.

Why do we think LineageOS is the best degoogled ROM for most people? Let’s get into it!

Device Support

GrapheneOS is only supported by Google Pixel devices. That may change in the future, but for now, if you want to use GrapheneOS, you have to use a Google smartphone.

Furthermore, you cannot use just any old Pixel phone. You have to secure a Google Edition Pixel in order to flash GrapheneOS or any other custom ROM. This means that the vast majority of Pixels out there cannot actually be degoogled as their bootloaders are locked.

If you want to ensure you’re getting a degoogleable Pixel, you have to buy it directly from Google.

We don’t like the idea of lining Google’s pockets to escape Google.

By contrast, LineageOS supports hundreds of devices.

We would much rather support manufacturers like Motorola and OnePlus who are committed to supporting privacy ROM options by default.

Community

By virtue of its massive popularity, the LineageOS community is also massive! That means if anything goes wrong, bugs are quick to be fixed.

That also means discussion boards about LineageOS are always buzzing. It’s nice to know that there is a large support network of other users just like you should you need to ask questions.

Dangerous App Installs

GrapheneOS comes installed with only one app store, the open-source F-Droid store.

LineageOS also comes with F-Droid. It’s a fantastic service and we would strongly recommend looking for open-source apps on F-Droid before turning to Google Play!

But if you want to use your favorite apps from the Google Play store, you won’t find them in F-Droid. You’ll have to install them some other way.

On modified builds of LineageOS, there’s a great app called Aurora Store that allows you to download apps directly from Google in 100% anonymity. This is called device spoofing and feeds disinformation to Google about your device type, language, and even location.

You get the security and convenience of Google’s Play Store while retaining your privacy. It’s a win-win.

By contrast, a GrapheneOS user who wants to install their favorite app is going to have to install files from a third-party source that may or may not be secure. Yikes! An advanced user knows how to avoid these pitfalls, but your average smartphone user is sure to make mistakes here that could compromise their security.

Age

LineageOS is here to stay.

The project has been around since 2016 and is the direct descendant of CyanogenMOD, the earliest Android ROM that started all the way back in 2011.

In comparison, GrapheneOS is much younger and had a very rocky start to its development. Their team is growing and the project is doing some amazing stuff, but it’s yet to prove the test of time in the same way as LineageOS.

Hardened Memory Allocators and Other Niceties

This is one area where GrapheneOS takes the cake.

They are pioneering alternate implementations of a lot of Android features to reduce attack vectors, but their hardened memory allocator is probably the most impressive. This is a very low-level feature that the average person would never encounter, but if you’d like, you can read more about memory allocators here.

A security professional, for example, may have good reason to choose GrapheneOS over LineageOS.

In Closing

When it comes to LineageOS vs GrapheneOS, they’re both excellent choices.

Advanced users might gravitate towards GrapheneOS, whereas LineageOS is much closer to being “soccer mom approved.”

Open-source fanatics ready to leave behind all “normal” apps will also find GrapheneOS more appealing.

And frankly, if you’re the type of person who loves nerding out over AOSP ROM choices, you can probably flash GrapheneOS or LineageOS yourself! There’s a guide over at No Agenda Phone that can get you started with Graphene flashing, and a bevy of device-specific guides for LineageOS on their wiki.

It all depends on your device, personal preference, and level of knowledge. But for the average smartphone user, LineageOS is simply much more approachable and user-friendly.

Finally, if all this talk of ROM flashing and device selection is more than you want to deal with, we’ve got you covered. Head on over to our shop, where we sell a wide variety of degoogled phones ready to use out of the box.

Stay informed, stay free.

The best degoogled smartphone and privacy news, straight to your inbox.

Share this: