(I know many of you already know it but this incident I experienced made me so paranoid about using smartphones)

To start off, I’m not that deep into privacy rabbit hole but I do as much I can possibly to be private on my phone. But for the rest of phones in my family, I generally don’t care because they are not tech savvy and pushing them towards privacy would make their lives hard.

So, the other day I pirated a movie for my family and since it was on Netflix, it was a direct rip with full HD. I was explaining to my family how this looks so good as this is an direct rip off from the Netflix platform, and not a recording of a screening in a cinema hall(camrip). It was a small 2min discussion in my native language with only English words used are record, piracy and Netflix.

Later I walk off and open YouTube, and I see a 2 recommendations pop-up on my homepage, “How to record Netflix shows” & “Why can’t you screen record Netflix”. THE WHAT NOW. I felt insanely insecure as I was sure never in my life I looked this shit up and it was purely based on those words I just spoke 5min back.

I am pretty secure on my device afaik and pretty sure all the listening happened on other devices in my family. Later that day, I went and saw which all apps had microphone access, moved most of them to Ask everytime and disabled Google app which literally has all the permissions enabled.

Overall a scary and saddening experience as this might be happening to almost everyone and made me feel it the journey I took to privacy-focused, all worth it.

  • The 8232 Project
    link
    fedilink
    arrow-up
    26
    arrow-down
    1
    ·
    edit-2
    2 months ago

    First off, if you’re concerned about phone privacy, consider a custom OS for your phone that respects privacy such as GrapheneOS.

    It’s easy to figure out that your device isn’t listening to a constant audio stream 24/7, since that would drain battery and send a lot of noticeable data over the network. However, it is entirely possible to listen for certain keywords as you mentioned, and send them encrypted with another seemingly legitimate packet. There’s no way to be 100% certain, but it is possible in theory without draining too much battery.

    The steps you took are good, making sure that apps don’t have any permissions they don’t need. Privacy is a spectrum, so it’s not “all or nothing”. As I mentioned before, if you’re seriously concerned about mobile privacy and want a solution, you can get a custom operating system that can remove any privacy invasive elements. GrapheneOS also allows you to disable the camera and microphone system-wide (although this functionality is present on some other Android builds).

    If it eases you any, a lot of these advertisements happen to be coincidence and trigger confirmation bias. It could be that those ads happened to show up by coincidence, or that advertisers managed predicted your interests, or that you got tracked by some other means while downloading the movie. The possibilities are nearly endless.

    • bruce965
      link
      fedilink
      arrow-up
      10
      ·
      2 months ago

      You should install Rethink and see how much garbage your phone constantly transmits and receives. And this is not even a kernel-level firewall, so who knows how much data Google actually exfiltrates…

      I don’t know about a constant audio stream, nor about keywords, but I noticed that Google Keyboard sends out some data every time you type anything. It’s not even that subtle.

      • The 8232 Project
        link
        fedilink
        arrow-up
        8
        ·
        2 months ago

        If anything, I love GrapheneOS for its “Network” permission toggle. It’s nice knowing that my keyboard (or any other unnecessary apps) can’t phone home.

        • bruce965
          link
          fedilink
          arrow-up
          3
          ·
          2 months ago

          GrapheneOS is certainly on my wishlist too, but Pixels are quite pricey. I guess Rethink is the poor man’s version. Just a per-app firewall.

          • EngineerGaming@feddit.nl
            link
            fedilink
            arrow-up
            3
            ·
            2 months ago

            Maybe Divest/Lineage could be an option instead. Although you have to choose a device wisely (and even among supported ones, some have trouble unlocking the bootloader), there is a chance you’d find a suitable cheaper one.

            Personally no regrets spending $300 on a Pixel 7a but still painful to hand over this much.