- cross-posted to:
- android@lemdro.id
- cross-posted to:
- android@lemdro.id
I saw this on infinity for Reddit earlier, I don’t know if there’s a workaround for this or not.
You must log in or register to comment.
They talk as if they’re protecting our privacy when it’s really a global surveillance net. The spin doctoring is insane.
Friendly reminder that Bluetooth has a larger network stack than Wi-Fi. Much more code, much larger available attack base. There have been many numerous Bluetooth vulnerabilities that allow remote code execution or theft of files.
This is truly becoming a surveillance state, in no way that can be debated. That want to be able to access everyone’s innermost thoughts (texts, notes, recordings, calendars, contacts, photos, you get it) without any chance of someone being able to protect against it.
Reminder that Google was the 2nd or 3rd company to commit to NSA’s PRISM program of feeding American’s data for future analysis.
maybe humanity shouldn’t have written so many dystopian cyberpunk books and pieces of media, gave us all the wrong ideas :|
Maybe we shouldn’t have handed our fucking lives over to corporations
Maybe they’re not ours til every single corpo is dead, and you should fight like the fucking dead to make this happen?
I dunno.
all of this
I really don’t disagree with you, but it’s so frustrating and tiring to try to work around all this stuff and use alternative tools that nobody else does, all while you’re viewed as a paranoid tinfoil hat wearer. Yes I know I shouldn’t care what other people think, but I also don’t want to be alone forever.
Find a good girl that doesn’t mind. Mine doesn’t care at all, she has her interests and I have mine. I’ll sit there and listen to her 5 minute lectures on makeup and perfumes, and every once in a while I’ll tell her about a vulnerability or something cool I found, and I know she’s paying as much attention as I do about makeup, but at least I can understand the basics of makeup without years of experimentation and learning.
True, it makes it harder to stay secure when people around you don’t care or don’t know how, but its still possible. Just have to set some solid boundaries sometimes.
“Privacy Sandbox” is just Google-controlled surveillance carried out with your phone/PC as the primary data provider. We’ve reached maximum perversion of the English language.
this sort of gaslighting through corruption of vernacular used to amuse me, but now I feel like the withering wojak face anymore
are you referring to the new “Privacy Sandbox” or the old “Privacy Sandbox”. because if there calling this new thing a “Privacy Sandbox” after the old one lost public attention after they kept promising it for years, I am going to laugh or maybe cry.
what they originally called “Privacy Sandbox”
it was a browser feature to remove the HTTP cookie and replace it with a cohort system. your browser would receve signals about your habbits. that you were buying domino’s pizza and announce to upcoming sites that you like pizza, but ya know… in a “safe” way.
I still see, “chrome is going to replace the cookie” and “RIP the humble cookie” every once in a while.
I’m pretty sure the old Privacy Sandbox was called FLoC, wasn’t it? This is definitely part of Google’s continued efforts to kill the (third-party) cookie in such a way that tracking your user activity will still be possible, but that Google itself will maximally benefit from because they’re the ones controlling how it’ll get implemented.
And given Google’s near-unilateral control of web browsing standards, who will say no? Their biggest partners? Mozilla?
Straight up 1984 Newspeak, where the Ministry of Truth is really concerned with lies, the Ministry of Peace is concerned with war, the Ministry of Love is concerned with torture, and the Ministry of Plenty is concerned with starvation.
It’s honestly Doublethink.
Whenever Google gets exposed for bad practices, people ignore it. And they believe this stuff is good or don’t care.
Bruh, so when android phones are turned off they’ll still waste energy locating people and sharing the location. And most phones don’t have a removable battery! Fucking nuts.
According to the posted link, the network can be turned off entirely if you wish, and you could just not use Google Play Services on your device, and that should also stop this.
GrapheneOS w/o Google tools Schoulf be safe.
It appears to require a Google account to do the tracking. So yeah, without Google services, you should be perfectly safe. Since you have no Google account registered on device and no services that run rogue in the background,
If the Bluetooth module itself is still running, it will be trackable
The article did not say specifically how it was getting added to Android 15, because if it’s in AOSP, then yeah, there’s definitely a problem. But if it’s in Google Play Services, which seems likely, then it would not be as big of an issue.
If it works anything like Apple’s Find My (which it appears to do) then no you won’t be trackable.
I don’t care. I want to be able to disable Bluetooth completely. If Android (even AOSP) doesn’t let me, it’s dead for me
You still can.
I’m just pointing out that your paranoia is out of ignorance, instead of a sound understanding of the technology.
*understanding of native English
GrapheneOS dev, mods and propagandists recommend and encourage the use of Apple and Google devices and services.
This one is in particular one of the key members of Graphene church of propaganda. https://i.imgur.com/bUdVCpH.jpg And if “propaganda” looks like a big word, look at this. https://postimg.cc/ZBqQ3pXD
Moreover, Graphene dev is a religious believer of Google and its vision. He specifically recommends the purchase and use of Google Pixels, and rules out any non-Google brand.
I am aware that there are highly opinionated people in the graphineOS team. we had a scandal a while back that shook up the company (and I to the best of my understanding, kicked off/demoted some members, if its didn’t I’m getting another phone) a little while back. for being so important for my life and the lives of many others, the tightrope of maintaining trust that the OS is safe is unacceptably wobbly.
“religious believer of Google and its vision”? can you show sources that explain this?
It is hard to show every single instance, but he pushes Chromium over Firefox because Tor Project devs slammed him, and he wants revenge.
https://lists.torproject.org/pipermail/tor-dev/2019-August/013995.html
https://i.postimg.cc/1P0cfmjX/Firefox-insecure-refuted.jpg
Out of the 5 years I have spent investigating these security morons in FOSS/privacy communities, I have looked at Graphene for roughly over 4 years, looking at their chatrooms, GitHub discussions, reddit comments and so on. Big Tech security is one thing these people push a lot for some reason.
https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
If you search and look hard enough, he pushes Chromium, calls Firefox insecure, even though it is debunked time and time again. See “they killed Firefox security” section in first link. madaidan and former GOS community mod cn3m were the main faux agenda pushers.
Micay also believes a lot in microkernel vision of Google, but Fuchsia has been cancelled recently. He also solely recommends Google Pixels, and refuses GOS support for other models since 6ish years or more, since Copperhead split happened. His minions/mods also love the idea of encouraging to use Google services.
GOS members even tell people to go fly/travel to get a Pixel from available countries. https://i.imgur.com/Yv9nvxy.jpg
I have a lot of stuff documented if you go through it.
Also, for some mysterious reason, Micay has an embargo beta patching partnership with Google, something LineageOS refuses to have. It is very fishy as well.
do you have a higher quality img, or text based version of this Firefox insecure graphic?. hard to read.
maybe you have this link to Undit
Unddit and all those are dead. You will not believe this, but I am having a bad time IRL, with a spinal injury, a blade cut on hand and a dead phone with lost data all within a couple weeks, which also had high quality screenshots. Make the best of these images, they should be readable. Sorry for that. Or maybe open on desktop monitor or in landscape on phone.
damn bro… really sorry to hear that, I hope you get better soon af, praying for you
interesting.can you explain what you mean by embargo beta patching partnership?
I’ve been following your comments and posts over lemmy and reddit actually, for a couple years. i dont agree with everything but it’s absolutely important to be researching beyond the popular/mainstream privacy community narrative, which I appreciate.
Custom Android build developers, LineageOS team, CalyxOS team and others do not affiliate with Google. This is something exclusive to Graphene, and is very fishy, yet goes unquestioned. Even their compliance with a law/norm exclusive to Japan - mandatory shutter sound - is extremely weird.
I have no clue why Graphene gets these beta patches so fast, that LineageOS and other project teams avoid. And it has been a very silent topic for years, outside of a couple mentions/hints by Micay.
could it simply be all the security research and code review they do? i mean, Graphene does have tons of upstream contributions. Two zero days just the other day for example.
While I like those options, they are definitely not for everyone. Those problems are collective, protecting the privacy of 1% of the population is as good as protecting nobody.
That’s definitely true. We definitely need more people to care about their privacy as well.
I think a growing number of “normal” people do, they are just less willing to make sacrifices for it than the types of people who populate this community, for example.
Oh yeah, you can totally turn it off. 🤫😉
On, that’s fine. I wouldn’t install that shit on my phone anyway.
As long as it’s not in AOSP, no problem
the new google massive surveillance apparatus is ready to be deployed
What do you think Google Maps and GSF are
More like, already deployed, this is just the announcement.
Apple already does it with their iPhone, just saying.
I know
It’s been on for years now. It’s just more effective now and will continue to get more intrusive.
Where is that mentioned? I can’t find that in the article
I also couldn’t find a mention, and it definitely does not make sense (and likely isn’t even possible) to run Bluetooth without Android itself running
…which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they’re offline.
Maybe this line is being misinterpreted?
It’s definitely possible. It may be using specific hardware to do the powered off tasks. Or it never be truly off, a small os running to managing these powered off tasks.
The second is more likely, it’s cheaper and easier. It can also be applied to older devices and requires less integrated design.
It’s mentioned in the linked article about Find My Device.
This is what it says
1. Locate offline devices
Locate your compatible Android phone and tablet by ringing them or viewing their location on a map in the app — even when they’re offline. And thanks to specialized Pixel hardware, Pixel 8 and 8 Pro owners will also be able to find their devices if they’re powered off or the battery is dead.
I don’t know that means Bluetooth will be running when the device is off. “Specialized hardware” could mean a full Bluetooth modem on backup power, but more likely it’s means there’s a low power beacon. Would be interesting if anyone does a teardown of the Pixel 8.
For non-Pixel 8 devices, definitely not. I assume “Offline” refers to the case where your device doesn’t have WiFi/LTE, but can still use Bluetooth to communicate with devices that do.
That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they’re offline.
That doesn’t say that. Although the article linked from there does, for Pixels.
And thanks to specialized Pixel hardware, Pixel 8 and 8 Pro owners will also be able to find their devices if they’re powered off or the battery is dead.
even with a dead battery? how? there must be something ‘turned on’ to send bluetooth signals or is this magic?
I suspect it still draws battery power, but extremely small amounts. Few mah left in the battery could power a BLE beacon for weeks. There would be some limit to this as draining the lithium battery too deeply will damage it.
Not necessarily, there are lots of completely passive beacon technologies. I seem to remember reading a few years ago about beacons powered by Wifi signals.
Obviously you also need other phones to be able to pick up those signals so it might take until phones with Android 15 become commonplace which might take a while. But it’s definitely doable.
Didn’t iPhone been doing it for years so you can still track your lost phone even if it’s turned off?
But this is Android, I’m sure there’ll be work around if you don’t want it. Personally I think it could be helpful.
You turn it off. It says so in the link.
User Controls: Android users always have full control over which of their devices participate in the Find My Device network and how those devices participate. Users can either stick with the default and contribute to aggregated location reporting, opt into contributing non-aggregated locations, or turn the network off altogether.
Right, Google definitely a man of their words. Like they are definitely not record anything in your Incognito Chrome tabs.
Didn’t iPhone been doing it for years
You’re trying to describe an action that has started in the past and is still taking place. “Didn’t” is simple past which indicates a concluded action. The correct tense you’d want to use here is present perfect progressive --> “Hasn’t iPhone been doing it for years”.
Edit: Although, I missed the “been” in your sentence, so you just picked the wrong verb. Not too far off 👍
I have some more questions, teacher
If I lived in a country for some years/time, how do I say that?
Also, if I worked as somebody?
And in general, difference between have been and had been?
Thank you
And in general, difference between have been and had been?
I’ll answer this because the two previous questions depend on what you want to express. Just a note before-hand, the best site for English grammar I know is ego4u.
First the quick answer:
- have been --> present perfect progressive: an action that took place in the past and continued until recently or is still continuing
- had been --> [past perfect progressive]: an action that started in the past and continued until some point in time in the past
Longer answer:
Conceptually, there are a limited number of possible tenses. Here is a picture from ego4u
Let’s say you want to tell a story. There are the static states you can describe
- Something is in a certain state right now e.g the person is alive, the table is on the second floor, life is great --> that’s the simple present
- In the past something happened and the action was completed e.g I stood there, the pool was filled, the plane got loud --> that’s the simple past
- A thing is in the future or there is an intent to do something in the future e.g we will be there, the train will be on time, they are going to have a party in the hotel --> simple future. Notice the use of will and going to. Those are two ways to express the simple future.
So, now that we’ve expressed a state, something that is unchanging, we would like to describe changing actions are particular strips in time:
- Actions that are currently taking place and ongoing e.g the person is living, the table is standing on the second floor, life is going great --> present progressive. Notice the difference from simple present above. The action is ongoing.
- A thing that’s going on in the past: I was standing there, the pool was being filled, the plane was getting loud --> past progressive. Again, compare with simple past from above
- Something in the future is changing: we will be standing there, the train will be waiting on time, they are going to be partying in the hotel --> future progressive
Alright, we have expressed points in time both static and changing, but what about actions that happen just before those points in time? They concluded or may be still happening. We call those “perfect” tenses.
- the person has lived here for ages, the table has stood on the second floor, life has been great --> present perfect
- I had stood there, the pool had been filled, the plane had gotten loud --> past perfect aka something that happened before a thing in the past
- we will have stood there, the train will have waited on time, they will have partied in the hotel --> future perfect = an future past action or action that will be the past in the future
And finally, if we look at the diagram we see one last group of progressives - perfect progressive. Remember, progressive describe something that’s still ongoing at the point in time. You may ask why they are needed when the “perfect” overlaps with the progressive - something that started before a point in time and continues to happen.
Well, that difference might be lost with time as they tend to become less and less important. A grammar purist might disagree but in colloquial English, my experience shows less and less people can tell the difference and I do have to look it up:The difference between “perfect” and “perfect progressive” is the focus of the tense. “Perfect” makes the result important and “perfect progressive” makes the duration or fluidity / continuity of the action important. I invite you to read this page on Present Perfect Simple vs Present Perfect Progressive. It explains it quite well.
Hopefully that will help you answer your two first questions.
I love you for being so human
Just a random person on the internet asked you to explain something, and you did, you’re so cool
Thank you for the explanation, I will really remember and keep it for my whole life
❤️🩹
(No sarcasm, really, people these days are so mean and tell you to look everything up yourself, or just get angry because you ask or don’t know. Even though you could just copy and paste, this is a human interaction. Really happy to see somebody’s still alive)
Hey, I’m glad the effort was appreciated 😇 Have yourself a great day!
Thanks, this actually helpful.
I’m sure there’ll be work around if you don’t want it.
Take the battery out of the phone. No battery no energy to run bluetooth
phone batteries used to be removable on the user level. hasn’t been that way in like 10 years.
There still are phones that can do this, and from 2027, all phones sold in the EU must allow user-replacement of batteries.
Fairphone?
Pixel 7 with GrapheneOS is looking like a good long term choice right now.
Graphene is built on Android. If you enable all the gsf on graphene with android 15 it can probably still run in the background while off.
“Probably” is doing a lot of heavy lifting there.
It’s all speculation at the moment.
kinda what @null@slrpnk.net said, we should probably wait for graphineOS’s expert opinion on the matter.
They said they won’t support it https://discuss.grapheneos.org/d/11520-android-find-my-device-when-powered-off/2
It seems like a waste of battery
OP blocked for clickbait.
Not a single mention in the article about whether Bluetooth is turned on or off.
Samsung has an opt in option for the Smart thing network. I guess Google will go the same route.
I think mod should step in and fix the title.
You’re right that it’s not at all what the article was saying.
I see HOW op got to that assumption.
RIP battery.
Depends how it’s implemented, my bluetooth “smartwatch” runs for around 2 years on a single CR2032.
There is also Bluetooth low frequency thingy with less data transfer. I wonder what Google will do and use while being turned off.
Can someone explain where the code for this will be located (aosp, gsf)? How can I make sure that it will never ever be activated? What Graphene’s response? etc
They said they won’t support it https://discuss.grapheneos.org/d/11520-android-find-my-device-when-powered-off/2
it looks like its going to be a hardware feature. if the main CPU is off, it implies the radio circuitry and its CPU (the BBM) are still powered. give google this at least, the special new Bluetooth API will be accessible to whatever OS is alive and awake to send commands (even if I don’t trust that “off” means “off”). the fact that its using encryption (that’s too complicated to be made out of Integrated Circut logic) means its likely another software feature added to the BBM co-processor (it handles all radio tasks on the phone). this all but confirms the BBM (at least going forward) will still get power, be awake and have access to the (transmit (TX) and reseave (RX) functions of the) radios even when everything else is properly off.
EDIT: or it could be an abuse of a generic BLE beacon mechanism that’s “just there for whatever the consumer would need it for”. but if they are doing proprietary encryption like they claim, that’s not really possible without updating the BBM’s software to add another feature.
How effective do you believe that a Faraday cage would be against this mechanism?
Probably about as effective as keeping an air tag or tile tracker in one. That is, if the problem behavior isn’t correctly disabled by or even encouraged the OS.
We could wait for the implementation from the GrapheneOS team ! I’m pretty sure that they would implement it in a way that would be safe for the user.
If it’s hardware controlled, then the Graphene OS team would have to find a flaw in the hardware, or trust that when they tell the hardware to shut off, that it really does shut off, or find a way to verify that the hardware is really of. But even if they could tell the hardware to shut off, verify that it’s off, and then shut down, the hardware could turn back on after the software is off and the software would be none the wiser.
The only way 2 ways anybody can be relatively sure this feature is off are:
- pulling the battery:
- good luck with that with phones that don’t have removable batteries
- hopefully there won’t be a small backup battery to power this specific circuit
- physically disconnecting this circuit from other circuits:
- that might mean saying goodbye to bluetooth functionality on the phone
The alternative is getting a linux phone with hardware that doesn’t have this feature.
Fuck, okay, Linux on my phone now, because corporations just spray shit on everything
I hope linux phones will become more of a thing as they aren’t there yet IMO. But of course you can always get a second hand phone… forgot that option
I hate that they don’t support them after a while, those with a locked bootloader wont even get a chance. It makes these phones junk from all the CVEs that are being found.
- What old model would you recommend?
- Is something like postmarketOS viable yet?
- What phones are/will be effected?
- Do existing phones planned for the program have the payload sitting there dormant or will the system updater (on googled android) need to download the payload?
- pulling the battery:
damn that really sucks… sounds like it may just be an OS/firmware change then that activates the radio controller?
either way this is is exactly why we need a new community built piece of hardware. we cannot keep being slaves to Google’s whims just to use Graphene. i know there are other OS’s but either way it’s still Big Tech dependence.
This is mostly Bluetooth LE so that you can use their new device finder network if your phone gets lost. Thieves often turn off the phone as the first step, so this may help a lot of people recover their devices.
Not really. Thieves know how powerful aluminium is against waves
Yeah, was gonna say get a one of those rf blocking baggies or something
Thieves simply use tinfoil to block all signals. They have pockets and bags lined with tinfoil, they don’t bother turning anything off.
Could still work against opportunity theft.
The question is: when a phone is turned off is it really turned off? The amount of software that needs to be running to manage Bluetooth leds to to believe they simply kill all applications (including the UI) and most services and leave the kernel and a few other things running. I might be wrong, but I would like to see some clarification on that.
You can turn off the phone???
Not completely. My understanding is that the baseband radio still always runs even when the application OS is shutdown, and it (often) has its own connections to the GPS, camera and microphone, sometimes even the filesystem (Samsung RFS). The battery not being removable makes this even more problematic IMO.
I guess the recommendation of turning off the Bluetooth to save battery, or the sarcastic comment that usually says “bro, just turn off the phone if you care too much about the battery” are gonna be obsolete now aren’t they?
Postmarket OS Here I come! Now just the problem of banking apps …
Bank on Firefox web browser on phone or computer.
Unfortunately many require 2FA with their app to log in via web browser
Doubt that. Banks officially always have a fully offline paperwork process as well. Every bank. So smartphone involvement is not mandatory, you could have a dumbphone with SMS capability for 2FA.
We are just used to and blinded by convenience in our sedentary lives.
