So...user driven, except when it's not?
Yes, precisely, and I've been trying to get more information on the "when it's not part". right?
The "when its not" component is an exceptionally fast growing segment. Its faster than people can keep up with and is ever more weighted to this default position. Device ID capture is a perfect example of this. You cannot opt in/out of that if you own a smart phone.
So, it's likely that my knowledge on device ID is limited, but as far as I knew, device ID is now actually opt IN for iOS users since Apple ditched IDFA. Secondly, your device ID is changeable, anyone can change it whenever they want (it's not actually permanently assigned to your handset/tablet like your IMEI is). Also, I'm not aware of how device ID can be used to track location, as far as I know, it's used to trace behaviour online. Anything you can post on that would be appreciated. Here's some other ways that you can protect your privacy regards device ID tracking:
If you’d rather not be tracked, there are some counter-measures that you can employ beyond the official “opt-out” clause which may or may not be featured prominently in the Terms & Conditions of the web site or service you’re using.
Whenever you log in to Facebook or Google (or any third-party app which uses their services to validate its own operations) you leave a trail that can be used to identify your device. So diligently signing out of these accounts each time you finish using them is one option to avoid this.
If you subscribe to a lot of services, using a selection of different email addresses to sign up can help confuse your trail. Alternatively, you can use dedicated masking software, or a VPN (Virtual Private Network)/data management app which can block certain other applications from using your data connection whenever you’re online – which they’ll often do to push advertising to you directly, or to feed information back to an ad network that will serve you with promotions later.
There’s also an industry initiative known as AdChoices which allows users to opt out of internet tracking, altogether.
Game Over is clearly a hyperbolic comment, but its not far from the truth. While almost everything ive pointed out can be "managed", it rarely is. Or is managed by those like yourself that care. The problem is the less people care, the less need/market there it to keep working on stuff for people that do care. Its obvious from the behaviors of the vast majority of users and generational changes what direction were moving in - hence Game Over.
Well, it's game over for people who don't manage the risks, but that's not what this thread is about. I know that most people opt for convenience and ignorance, but this thread is about the opposite, how to be informed, right?
so Signal periodically access your device (because it doesn't store data on servers) to collect information, that data goes to a server to get matched with other data and then send matches back to the relevant devices, then deletes the records of this matching? Right. SO you're saying you cant build an association map from this?
Where did I say that?! I never said anything of the kind.
Its basically mapping associations every time it does this! We have to take their word that they just delete the data afterwards. Yeah even if I buy that their data is deleted, that could change either at a company policy level or directed by a government. I know that sounds tinfoil hat like, but again, its happened before and happens all over the world, so I sort of feel like trusting companies to do what they say with data is a 50/50 gamble most days.
Yes, I understand all that. But as I've said, this discussion is about managing what you can. If you don't believe that any companies will abide by their commitments and govts won't ever follow the law, then you either hide in a cave or accept that you'll never have any privacy. That's an extreme and unreasonable response - yes, of course companies have broken their own rules and the law and of course govts do unethical stuff, but that's not the rule, it's not even the norm!
This discussion is about working out where the line is between mitigating, managing and accepting risk. Signal is an example of a company/product that has a good reputation, states that it will protect your privacy and is even endorsed by your boy, Snowden. So, on balance, you manage risk by going with a group like Signal and accept the residual risk that they break their own rules, get hacked, etc. etc.
Take a quick look as the permissions you give signal when you use it. It's probably no different than any other messaging app. You are giving it effective full access to everything on your phone including location/gps data. Mull that over the list a bit, then consider the below.
In the permissions, you might notice something I've been banging on about - • read phone status and identity - Allows Signal to determine your phone number and Device ID. These are used to register for Signal.
So while no messaging data is stored or number (or is it stored, dunno, the messaging seems conflicted) or names, what is stored with your signal registration is your Device ID. It shows the Signal network that you're an authorised network user. Cryptohashed or not, Signal knows who you and the rest of its users are, explicitly, all the time. Combine that with all the other Device ID data you can just buy openly and legaly, what do you have? You have a company that can easily generate and sell insights. Worst is, to them those insights are identifiable on the individual level.
Actually, you
don't have to give it permission to location/gps data and most of the stuff on that list, it's optional in the app settings. Yes, you have to give it your number, ID, etc., which goes back to having to accept some level of risk.
I think you demonstrate a good understanding of it, but i think there are also gaps in your broader understanding of it. i.e. Device ID and what it means for privacy and data collection/monetisation seems to have been completely missed in your earlier points.
This is a moving target. When device id become the next privacy crusader target (which it has somewhat not surprisingly), expect the industry to pivot, just like the reserch chem drug market. Its simply too good to let go of.
I have never argued that phones don't give away data, I've only said that everything
you've highlighted (up until you mentioned device ID) was not the phone giving away data, but the user giving away data. And even now, I'm still not sure how device ID gives away as much as you says it does.
At the risk of repeating MYself, continued effort is not the name of the game. Convenience is. The majority of users are becoming less concerned with privacy. That's not an opinion either.
I genuinely don't understand why you're making that point. I
know that the majority of users embrace convenience and give away their privacy, I
know that developers create convenience and entertainment to capture data, I've never said otherwise. What I
am saying that if some one is eager to protect their privacy they can do so by informing themselves, taking the time to review settings and read privacy statements and commit to continued vigilance. In other words, if one inconveniences oneself, it
is possible to protect one's privacy to a significant degree and that it's
not game over. That's all.
You have to admit, we have less privacy today than we did 10 years ago. Why is that?
Yes, of course I admit it, that's
explicitly what this thread is about, right? Why is that? Because technology has enabled it. Again, I thought that was the point of this thread.
Reckon we'll just some how go back to pre internet levels of privacy or do you think its more likely the various classifications of data change to make less things classified as sensitive or worthy of being considered private?
It's going back and forth - right now there is a backlash against the way we give up data, Apple is leading part of that push. I think there will be a bit of split, where the majority go for convenience under the illusion that they have nothing to hide. But I think that there will be a growing segment within society that are privacy conscious and will create a lucrative market for more secure products. These products will always be abused by criminals and there will have to be some balance found between high-levels of privacy and government access. I have no idea where that will be.
I'm just here to tell you your devices are doing a whole bunch of shit you didn't know about that you have zero control over. And the thing is, no one is actually hiding it.
Other than your claims on device ID (which may be accurate), I'm still waiting for you to provide any actual detail/links on what what that whole bunch of shit is. though! I'm not saying I don't believe you, I'm sure it's actually true. I'm just looking for some,
any detail.
Here's an example of what I'm hoping you will provide - browser fingerprinting and how your browser is used to ID you:
https://browserleaks.com/