I don’t like so called smartphones (flashy devices to mine your data and other reasons) but my regular no touchscreen phone’s microphone is no longer working as it should, making conversations difficult.

Enter a smartphone I received as a present, my phobia (for lack of a better word) to smartphones and my (misguided?) obsession with privacy: I don’t want to use this smartphone as my default phone because I’m scared the carrier, ISP or google are going to mine my data and trace my calls.

Which might be an overreaction, because each time I use my regular cell phone, the carrier knows when I’m calling from, who I’m calling and how long the call lasts.

So I ask you: how much more data would I be leaking if I use my new smartphone for calls only, compared to a regular, no touchscreen phone?

  • QuazarOmega@lemy.lol
    link
    fedilink
    arrow-up
    64
    arrow-down
    1
    ·
    11 months ago

    I’d say a normal phone is a lot worse than smartphones in general, unless you don’t care about all your communications being readable by the carrier. With a smartphone you can make actually encrypted calls and texts over trustworthy applications/protocols (Signal, Matrix, Simplex, etc.), on a phone you’re stuck with the carrier service; another thing that comes to mind is the storage, as far as I know there are no normal phones with an encrypted filesystem while it is default for a long while on Android.

    On the other hand, if your new smartphone model isn’t loaded with a privacy respecting ROM you’ll also have at least some data sent to other third parties like Google and whatnot, but if you can change the ROM, then the potential for better privacy far outweighs the benefits of normal phones doing fewer things with your data by default. If you’re going to use your new smartphone like an old phone, to make carrier calls and SMS, then there will be near to no improvements (except storage security maybe) and as you say, more data snooping

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      11 months ago

      A normal phone doesn’t have AGPS download ephemeris (edit:they may today, I haven’t looked into it for a while), doesn’t have Google Services tracking everything, or third party apps phoning home.

      I’d say by default a smartphone is way worse, it has fsr more data collection by default, even without an account. Every data point a feature phone has, a smartphone has, plus more.

      Voice calls and SMS use the exact same infrastructure in exactly the same way on both types of phones.

      But it can be mitigated quite a bit on Android by not using an account on it, disabling GPS, wifi, Bluetooth.

      They could also debloat it to reduce some of the background nonsense (Universal Android Debloat has a “safe to disable” list). (I’m assuming it’s not an unlocked Pixel or a phone that’s on the Lineage list).

      If they don’t care about apps, I’d even add NoRoot Firewall, configure it for always on, and set it to block all network access by default. This would be a Global Pre-Filter using asterisk (*) for both the address and port fields with both Wifi and Cell boxes checked (system apps will still have network access, this only affects users apps on a non-rooted phone).

      Other than root or flashing a custom OS (like Lineage or Divest, Graphene if they were lucky enough to get an unlocked Pixel), this is about the best that can be done.

      No Root Firewall

      Universal Android Debloat Tool

        • BearOfaTime@lemm.ee
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          11 months ago

          Sadly it’s only getting worse.

          Google and hardware manufacturers aren’t motivated to make open devices. Quite the opposite, really.

          They learned their lesson from the BIOS wars of the 80’s that resulted in standardized hardware interface, so any compliant OS could be installed. This is what gave MS the ability to beat IBM at their own game, and prevented strong DRM.

          Phones don’t have a standardized BIOS like that, so each brand requires drivers built specifically for it (also a bit of a result of using Linux as the base, since it’s a monolithic OS). Without those drivers you can’t install an OS, and each device is different.

          Google and friends like it this way, their long-term goal is fully locked down phones that you don’t control and can’t modify, so they can fully implement DRM.

  • Fake4000@lemmy.world
    link
    fedilink
    English
    arrow-up
    43
    arrow-down
    1
    ·
    11 months ago

    Probably your best option now is getting a pixel phone and flashing it with graphene os.

    If you can’t get a pixel phone you may want to use something like lineage os and make sure you don’t add any Google services to it.

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      edit-2
      11 months ago

      If you can’t get a Pixel, look for a phone on the DivestOS list (or the Lineage list, it can be way better than stock Android since it lacks Google anything).

      DivestOS is Lineage, with some more work done, kind of between Lineage and Graphene. I really like it, actually prefer it over Graphene for my use-case (it can run MicroG as a user app in a work profile, so kind of a stepping stone for getting away from Google).

    • MonkderZweite@feddit.ch
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      11 months ago

      And then install your main Apps from F-Droid (all Open Source and reviewed) and put eventual proprietary apps (get them from Aurora instead of Play) in a Shelter/Insular profile.

  • Ilandar@aussie.zone
    link
    fedilink
    arrow-up
    17
    ·
    11 months ago

    Yes, that is an overreaction. In my opinion, you should take your privacy precautions as far as you wish without significantly affecting your everyday life. Refusing to use your smartphone/not enjoying the experience because you are anxious about the data it is leaking suggests to me that you’ve gone too far down the rabbit hole and need to pull back a bit. There are measures you can take to increase the privacy of your smartphone, even if you can’t install an alternative operating system on it and need to use default Android. No it won’t be as private, but if the alternative is selling/returning this new gift then perhaps sacrificing some of your privacy is worth it (that’s something for you to decide).

    The reality is that most people around the world have absolutely zero concern for their privacy and security and get by in life without any issues at all. It’s good to be informed and take precautions where necessary but it is statistically extremely unlikely that you will notice any negative change to your life because you choose to use a regular smartphone. Making choices about your privacy should come from a place of empowerment - you should feel good about them. If you are making choices because you are scared/paranoid, you probably need to take a step back from online communities such as this one. They can be useful sources of information but you can also get easily overwhelmed with information and/or try to change too much, too quickly and end up living and extremely paranoid and limited life. People who do this often then burn out and just give up entirely on their privacy, when a more moderate approach would have actually benefited them more long-term.

  • UnpopularCrow@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    11 months ago

    If your concern is whether your cellphone carrier has the ability to see who you are calling and for how long, this is true whether you have a smartphone or a “regular” phone.

    • floofloof@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      11 months ago

      With a regular phone they can also fairly accurately tell where you are, and read your texts. The main difference is the information goes to the carrier but not straight to Google or Apple.

      • BearOfaTime@lemm.ee
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        11 months ago

        They can do so with a smartphone too, they both use the same cellular network, so same voice calls, same plain-text text messages (SMS is a feature of the cellular network management, messages are injected into the cell management frames).

        Even worse, smartphones use AGPS, so download from AGPS servers (providing another point of location data) and using that ephemeris data to improve location update times.

  • Handles@leminal.space
    link
    fedilink
    English
    arrow-up
    9
    ·
    11 months ago

    If you’re really only making phone calls, the built in location tracking is probably the biggest issue? AFAIK, you can only use an off the shelf iPhone with an Apple account, and a similar Android phone with a Google account, so your location will be tied to and referenced with those.

    Apple have branded themselves as guardians of their users’ data, so many consider that a safe assurance. YMMV but it may be slightly better than Google’s Dodgier approach. When in doubt, go to settings and turn everything off you don’t use, location services foremost.

    You may want to disable other apps that come with your phone as well. Basically anything you don’t use. I don’t know how much data can be harvested from background services of an app that doesn’t have a user signed in, but at this point I’d err on the side of caution. Plus, as you say, your position can always be approximated by your mobile carrier through the cell towers you’re connected to, but that goes for dumb phones as well.

    Personally, I only use Android smartphones with custom ROMs like LineageOS without installing the Google apps or services framework because I Just Don’t Use Google. Instead I install microG to spoof the GSF to apps that require it. That’s a privacy compromise I can live with because I use my phone as an internet device as well. Needless to say I take privacy precautions on an app level as well.

      • Handles@leminal.space
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Ah, okay. As I said, I haven’t really used off the shelf Android for years, so I’m happy to take your word for this.

      • Handles@leminal.space
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Yup. And again, millions of iOS users take that as assurance of Apple’s trustworthiness. In this game, we all need to choose who we trust with our data 🤷

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      11 months ago

      You can setup Android without a user account. I’m not sure about iPhone, I don’t believe that’s an option in the setup process (but it’s been a while, since I set mine up).

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    11 months ago

    Your concern is well reasoned. A smartphone is a much larger risk surface compared to an application specific dumb phone. Running an entire operating system, increases the number of exploitive holes you could be running it anytime. You’re almost guaranteed to be running at-risk software.

    You can mitigate that risk, by using graphene as people have discussed. But if you truly don’t care, get another dumb phone. It’s hard to exploit the remotely, it’s hard to install software remotely, Pegasus doesn’t try target them. It’s a smaller risk surface.

    That being said, if you want some of the benefits of a smartphone. You can do so limiting your risk surface. Run stock Android, or graphene,. Make sure you’re okay with the permissions you provide. And most importantly keep your software up to date. That’s a reasonable level of paranoia versus utility trade-off

  • Crul@lemm.ee
    link
    fedilink
    arrow-up
    5
    ·
    11 months ago

    My 2 cents: I have a similar relation with smartphones as yours.

    In my case, what I fear the most is some app getting my contact list and using it to send some kind of “XXX has joined YYY service” notification to all of them. Also, I didn’t like that Google had all the data they wanted, so I ended with 2 smartphones:

    • One de-googled (LineageOS without Google Apps) that I use for calls and trusted apps. This one has my contacts list.
    • One default Android-Google without simcard for those apps that require oficial-Android (mainly banks apps) and any app I’m afraid could mess with the contact list.

    AFAIK I’ve only had one incident because I trusted Telegram too much. There is always non-zero risk, but this works for me.

    • JubilantJaguar@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Similar setup here, for same reasons. But I go further: my contact list is empty. Not a problem if your contacts are all on Signal or Telegram rather than SMS or Whatsapp. IMO contact lists are privacy scourge #1. They allow everyone to grass on their friends with zero consent.

  • BlanK0@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    11 months ago

    I think its a bit of a overreaction, but you can always download Foss apps even if you can’t download better private OSs, its not the best but its better then nothing

  • cerulean_blue@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    11 months ago

    If you never enable any data services on your SIM (GSM only for calls) and never connect to WiFi. You’re not leaking anymore data than an old fashioned phone.

    However, the fact that you are asking these questions does suggest you are probably being unhealthily paranoid. (Reading these replies, it seems you are in good company on this forum.)

    I’m going to assume you are not engaging in high level cyber activities that would require you to adopt this level or paranoia. If you were, you wouldn’t be asking basic questions.

    Instead, it sounds like you have developed an irrational fear of what tech companies can realistically do with your data and what level of harm they may wish to cause you.

    Typically, they can log your search and browser data to determine if, for example, you like pizza. Then they may show you an advert for pizza or highlight the nearest Dominos on Google maps. But… they can only do that if you share that information with them in the first place by using your new smart phone (with none of the privacy settings enabled) to search for pizza and then using Google maps. Nobody is forcing you to do that. But is it really that bad even if you do?

    Google are not going to clone you, or assassinate you or somehow work out you are not paying taxes or are engaging in illegal activity unless you use your phone to do it. And even then, they don’t go round grassing people up to the government for the fun of it. They just want you to click on adverts and, once you are aware of how they operate, it’s relatively easy to avoid them whilst still getting great value from a pretty incredible piece of modern technology.

    Now, if you are genuinely worried about government targeting (I don’t know what country you live in) an encrypted messaging App will be significantly more secure than an unencrypted old GSM phone that is quite easy to intercept and relies on the integrity of your MNO provider.

    My advice, stop worrying. You already have a cautious mindset so you won’t get tricked by these companies, but you could also be enjoying many of the benefits of being able to access all of humanities collective information from your pocket.