I regret getting a pixel, and not a fairphone with a removable battery
With the current level of oversight on the police (police of police is a meme by now), and the level of cybersecurity at the government, everyone's phones will be activated within a few months.
At least some government agent will have fun watching what ppl visit on the internet during their spare time, and can enable the camera to watch what they're doing when they review the content.
The fight against crime is ramping up !
I don't get why they don't hire back more detectives and accountants to really investigate actual evidence, instead of just listening to potential criminals for hours.
They have been reducing the force for 15 years (especially the forces that investigated financial and workplace crimes)
Who knows if Framework[0] survive long enough, they might create a phone with choices like GrapheneOS[1] etc. Their 16" laptop reminds me of Project Ara[2].
A Pixel phone probably gives you the best chance of resisting this sort of attack. The most vulnerable phones are the older, cheaper phones that run outdated versions of Android. Pixel phones are generally the first to get security updates, and so the quickest to get patches when spyware companies start using new bugs.
Wouldn't a Pixel phone be vulnerable to USA giving Google a 'national security letter' saying to make your phone remotely accessible with a personalised update, say? Google seem like they could - and if paid, would - readily do that whilst other companies could hide behind lack of resources or whatever.
I just assumed that USA three letter agencies paid larger companies upfront to implement back doors; seems to fit with past form. Why would they not do that. Indeed it always struck me the debacle with Huawei where USA government smeared then to prevent their equipment being used in UK was so that USA-manufactured equipment with USA-controlled backdoors would be implemented instead ... it might only have been financial protectionism but it just seemed too big a protest.
No, according to the Snowden documents, the NSA spun up the MUSCULAR program specifically because Google was refusing to play nice. This was where they dug up dark fiber between Google data centers to tap into the information being sent between them. Within a month after the MUSCULAR leak, Google was encrypting all comms between data centers, which in theory, killed all the MUSCULAR taps.
Nexus/Pixel devices literally come out of the box with Verizon background crapware installed that you cannot disable or remove even if you're not a Verizon customer.
I use T-Mobile and I bought my Pixel 5a directly through Google at an official in-person Google store. Does my phone have this Verizon bloatware? What apps should I be looking for?
I googled it and I'm only seeing people complain about this Verizon bloatware from people who bought it through Verizon.
Google don’t index sites which contain that kind of information. :)
More seriously, I too would have bought a Fairphone (for ethical reasons) to replace the crap second-hand Android phone that I’d been using for the past 8 years. However, I recently received a gift of a new iPhone so I probably won’t be getting a new phone for another 8 years or so. The iPhone doesn’t have any bloatware and it does have lots of options for security and privacy so I’m happy to use it from that point of view. Aside from not being able to remove the battery, I don’t think the average user can do much better than that, given that they have no insight into or control over the baseband layer.
I’ve never owned a Pixel but I’d expect (hope) that one purchased directly from Google would be similar to in iPhone bought from Apple.
Nexus devices did have such “feature”. IIRC it was activated by a carrier SIM upon first boot and some people were quite sad after inserting say AT&T SIM into their supposedly “unlocked” phone.
Sure , if you buy a pixel from Verizon or any of the other major providers directly . I didn’t have that problem when I bought a pixel couple years ago directly from Google’s online store to use on T-Mobile’s network.
There's always the faraday bag or simply not taking it to your meeting/activity that have been the recommended options for opsec even when phones had removable batteries.
Regarding the Faraday bag, as I mentioned in another comment, that is not useful because the phone could be recording your audio anyway and then just transmit it later when you take it out of the bag. What you'd really want is some kind of soundproof box, but I'm not sure if an effective one exists because microphones can be sensitive and audio recordings can be amplified.
Faraday bags are not effective against all frequencies. Specifically the 5G frequencies are known to be very difficult to block with a cage ( but do have relatively short ranges)
That's implying that it is actually off and not just pretending to be off, and that it requires a command to start recording instead of just constantly recording and only uploading when commanded to
Far enough down the threat model rabbit hole the real solution is just ditch the phone if you're doing anything mildly antigovernment. That at least forces them to do a bit more work to spy on you.
That's always one of the big issues in opsec/security discussions, we can always imagine a more motivated or well funded attacker but the likelihood of those being deployed against you change with the difficulty of implementing those methods.
Would putting it inside a microwave work? I think I recall Snowden did that but I'm not entirely sure I remember correctly.
Edit: on the other hand, I'm now considering the possibility that the phone might be recording your audio even without network access and then transmit it later when you take it outside the microwave. So you'd have to be physically far away from the microwave for the microphone not to hear you, which means the microwave and faraday cages don't add anything useful.
They're already allowed to shoot you if you don't stop your car, all in the name fo fighting terrorism, so I'm not surprised they can snnop at your camera and microphone.
I'm quite sure this is linked to the recent protests.
Je suis Charlie > je suis la gendarmerie > l'etat, c'est moi. Back to 1655 in three easy steps.
With the current level of oversight on the police (police of police is a meme by now), and the level of cybersecurity at the government, everyone's phones will be activated within a few months.
At least some government agent will have fun watching what ppl visit on the internet during their spare time, and can enable the camera to watch what they're doing when they review the content.
The fight against crime is ramping up !
I don't get why they don't hire back more detectives and accountants to really investigate actual evidence, instead of just listening to potential criminals for hours. They have been reducing the force for 15 years (especially the forces that investigated financial and workplace crimes)
That would be more effective.