'optional' agreements not optional - am i missing something? Is that even legal in the EU?

'optional' agreements not optional - am i missing something? Is that even legal in the EU? - LG Velvet Questions & Answers

Hi,
LG has an "optional" agreement to its phone upgrade agreements. The 'optional' agreement(s) give LG permission to have full permissions to my information, the contents of the phone, etc., and to transfer whatever they want to their own legal jurisdiction - essentially bypassing/ignoring EU privacy laws. There is no plausible reason given for this 'optional' transfer agreement, regardless, the interface will not let you perform an update unless you agree to the 'optional' transfer agreement. Even though i know better, i considered the idea that it may be related to the wireless update mechanism, so i installed and used the windows update tool. I was surprised and annoyed to get *exactly* the same set of agreements with the 'optional' all your basez belong to LG agreement, that you *must* agree to to get an update.
The LG Velvet 5g is my second LG phone, i had the same problem with my previous phone. I thought it was a one off thing, now i know better. It continued to bug me with 'software update' click-through with optional (not optional) agreement interface.
The fact of the matter then is that 'optional' agreements are essentially required. Optional seems to be a legal fiction used to imply that a user made an 'informed decision' to give LG these privacy breaking permissions. This is demonstrably false, as you cannot proceed with any update without agreeing to give LG legal authority to your information. That this is a feature and not a bug is proven by the fact that the same 'optional' is not optional behavior is the same across multiple devices and platforms (android +windows).
In summary 'optional', even in legal terms, means that the agreement does not require it to go forward, but in every LG click through agreement interface that contains 'optional' agreements, require the selection to continue. If this was the US, that would be a class action lawsuit right there....
I have no interest in that. I want to use the phone i bought, i want to have updates, but i do not want to be forced to give LG the authority to ignore EU privacy laws to do it.
Am i missing something? Is there an option or something that enables you to give informed consent?

t1moc said:
Hi,
LG has an "optional" agreement to its phone upgrade agreements. The 'optional' agreement(s) give LG permission to have full permissions to my information, the contents of the phone, etc., and to transfer whatever they want to their own legal jurisdiction - essentially bypassing/ignoring EU privacy laws. There is no plausible reason given for this 'optional' transfer agreement, regardless, the interface will not let you perform an update unless you agree to the 'optional' transfer agreement. Even though i know better, i considered the idea that it may be related to the wireless update mechanism, so i installed and used the windows update tool. I was surprised and annoyed to get *exactly* the same set of agreements with the 'optional' all your basez belong to LG agreement, that you *must* agree to to get an update.
The LG Velvet 5g is my second LG phone, i had the same problem with my previous phone. I thought it was a one off thing, now i know better. It continued to bug me with 'software update' click-through with optional (not optional) agreement interface.
The fact of the matter then is that 'optional' agreements are essentially required. Optional seems to be a legal fiction used to imply that a user made an 'informed decision' to give LG these privacy breaking permissions. This is demonstrably false, as you cannot proceed with any update without agreeing to give LG legal authority to your information. That this is a feature and not a bug is proven by the fact that the same 'optional' is not optional behavior is the same across multiple devices and platforms (android +windows).
In summary 'optional', even in legal terms, means that the agreement does not require it to go forward, but in every LG click through agreement interface that contains 'optional' agreements, require the selection to continue. If this was the US, that would be a class action lawsuit right there....
I have no interest in that. I want to use the phone i bought, i want to have updates, but i do not want to be forced to give LG the authority to ignore EU privacy laws to do it.
Am i missing something? Is there an option or something that enables you to give informed consent?
Click to expand...
Click to collapse
Few device makers haven't yet jumped on the spyware and trashy ads bandwagon. I bought an LG TV and it has turned on data collection a couple of times without permission. It literally samples its internal video stream and uploads it for content matching, even from OTA and HDMI ports. Next time I file an official report (California laws).
The good news is that you can disable much of the spyware, including Google Apps, on your phone using ADB. Their TVs, ovens, air conditioners, and other Internet-of-Junk can simply not be given Internet access.

Related

Samsung KNOX 2.0 = NSA 3.0 ?

The Main Problem with KNOX
Is that end-users are left-out cold without any form of privacy control.
As cool as MDM is to the "enterprise" developer and from a hacker's
perspective, there's nothing attractive with this to the end-user. How
can the end-user be certain that his store-bought KNOX enabled device,
hasn't already been compromised by some "enterprise"?
Without fully transparent, open source and public KNOX documentation,
this will be practically impossible to answer. As far as we know from
recent past experiences, on how "curious" enterprises like Google,
Samsung and NSA have been, why should we trust them this time? Or what
about the mobile service providers themselves? We know from many recent
examples how companies like Verizon and AT&T have been spying on their
customers before.
What follows is a few enlightening excerpts from the latest KNOX
white-paper. Before reading this and having recent major KNOX related
developer issues, I have gone from a "KNOX-who-cares" person, to a vivid
Anti-KNOX-er! I will most likely stay that way, at least until our
devices are sold without KNOX, and only available as a voluntary device
add-on/feature, using open source as it's basis.
What about you? Would you be happy to walk around the streets with a
laptop that has a remote access tool that constantly tracks your every
move, picture, sound and friends you meet and call, all while not
informing of any of that? While being way beyond you control? In fact,
you will not even have any choice, if Godzilla and Samsung gets their
way, in the next year.
Attestation
Attestation offers verification of a mobile device's core system
software i.e, the boot loaders and the kernel, at runtime based on the
measurement data collected during trusted boot. Attestation can be
requested at any time by the enterprise's Mobile Device Management (MDM)
system. All security critical operations of attestation are performed in
Trustzone.
When requested, the Attestation feature reads the previously stored
measurement information and the fuse value (see Trusted Boot above) and
combines these data to produce an Attestation "verdict". This verdict,
which essentially an indicate for whether tampering has occured, is
simply returned to the requesting MDM. The Attestation result is
returned to the requesting MDM server with a signature based on the
device's unique "Attestation Certificate" that is configured in the
device during the manufacturing process. This ensures that the
Attestation verdict cannot be altered during transfer.
Any further action is determined by the enterprise's MDM security
policy. It might choose to detach from the device, erase the contents of
the secure application container, ask for the location of the device, or
any of many other possible security recovery procedures.
The KNOX Container
...
The enterprise can manage the container like any other IT asset using an
MDM solution. Samsung KNOX supports many of the leading MDM solutions on
the market. Container management is affected by setting policies in the
same fashion as those traditional MDM policies. Samsung KNOX Container
includes a rich set of policies for authentication, data security, VPN,
email, application blacklisting, whitelisting, etc.
...
The new container also allows enterprise IT administrators to control
the flow of information between the container and the rest of the
device. This allows enterprises to strike the right balance between
security and user productivity. Users can also control the data sharing
capability based on their personal preferences, within the limits
specified by the enterprise IT administrator.
Mobile Device Management (MDM)
Enrolling an Android device into a company’s MDM system typically begins
with the user downloading the agent application from the Google Play
store and then configuring it for work. Enterprises are facing
increasing help desk calls as more and more users are activating mobile
devices for work and run into issues during this process. In addition
the user is presented with prompts, privacy policies and license
agreements at various stages resulting in a poor overall experience.
The KNOX platform provides a unified enrollment solution that is simple
and intuitive, and eliminates many steps in the enrollment process.
The process begins with the employee navigating to a web page and
clicking on an enrollment link. The link to the original web page may be
provided to the employee via an e-mail or SMS, or via the company’s
internal or external website. Clicking on the enrollment link brings up
a screen that prompts for the user’s corporate email address. The device
then displays all notices for the user to accept, which include privacy
policies and agreements from Samsung, the MDM vendor and the enterprise.
Upon accepting the terms, the user is directed to a screen to enter the
password for the corporate account. If authentication is successful the
enrollment is complete. Any agent application required by the MDM server
is automatically downloaded and installed, without user intervention.
MDM vendors can take advantage of this feature and simplify the
onboarding process for enterprise users and significantly improve the
user experience and reduce support costs.
In a nutshell, this is legalized control and spying.

I believe the quoted features have to be enabled by the company paying for the subscription (ie employer providing the devices), which is pretty standard MDM. If you are going to agree to use a MDM (as such an employee would have to) I see no issue here unless I am missing something.
I would be much more worried about abuse of the baseband, than MDM software which isn't enabled by default. Much more likely, and better target.
E:V:A said:
The Main Problem with KNOX
Is that end-users are left-out cold without any form of privacy control.
As cool as MDM is to the "enterprise" developer and from a hacker's
perspective, there's nothing attractive with this to the end-user. How
can the end-user be certain that his store-bought KNOX enabled device,
hasn't already been compromised by some "enterprise"?
Without fully transparent, open source and public KNOX documentation,
this will be practically impossible to answer. As far as we know from
recent past experiences, on how "curious" enterprises like Google,
Samsung and NSA have been, why should we trust them this time? Or what
about the mobile service providers themselves? We know from many recent
examples how companies like Verizon and AT&T have been spying on their
customers before.
What follows is a few enlightening excerpts from the latest KNOX
white-paper. Before reading this and having recent major KNOX related
developer issues, I have gone from a "KNOX-who-cares" person, to a vivid
Anti-KNOX-er! I will most likely stay that way, at least until our
devices are sold without KNOX, and only available as a voluntary device
add-on/feature, using open source as it's basis.
What about you? Would you be happy to walk around the streets with a
laptop that has a remote access tool that constantly tracks your every
move, picture, sound and friends you meet and call, all while not
informing of any of that? While being way beyond you control? In fact,
you will not even have any choice, if Godzilla and Samsung gets their
way, in the next year.
Attestation
Attestation offers verification of a mobile device's core system
software i.e, the boot loaders and the kernel, at runtime based on the
measurement data collected during trusted boot. Attestation can be
requested at any time by the enterprise's Mobile Device Management (MDM)
system. All security critical operations of attestation are performed in
Trustzone.
When requested, the Attestation feature reads the previously stored
measurement information and the fuse value (see Trusted Boot above) and
combines these data to produce an Attestation "verdict". This verdict,
which essentially an indicate for whether tampering has occured, is
simply returned to the requesting MDM. The Attestation result is
returned to the requesting MDM server with a signature based on the
device's unique "Attestation Certificate" that is configured in the
device during the manufacturing process. This ensures that the
Attestation verdict cannot be altered during transfer.
Any further action is determined by the enterprise's MDM security
policy. It might choose to detach from the device, erase the contents of
the secure application container, ask for the location of the device, or
any of many other possible security recovery procedures.
The KNOX Container
...
The enterprise can manage the container like any other IT asset using an
MDM solution. Samsung KNOX supports many of the leading MDM solutions on
the market. Container management is affected by setting policies in the
same fashion as those traditional MDM policies. Samsung KNOX Container
includes a rich set of policies for authentication, data security, VPN,
email, application blacklisting, whitelisting, etc.
...
The new container also allows enterprise IT administrators to control
the flow of information between the container and the rest of the
device. This allows enterprises to strike the right balance between
security and user productivity. Users can also control the data sharing
capability based on their personal preferences, within the limits
specified by the enterprise IT administrator.
Mobile Device Management (MDM)
Enrolling an Android device into a company’s MDM system typically begins
with the user downloading the agent application from the Google Play
store and then configuring it for work. Enterprises are facing
increasing help desk calls as more and more users are activating mobile
devices for work and run into issues during this process. In addition
the user is presented with prompts, privacy policies and license
agreements at various stages resulting in a poor overall experience.
The KNOX platform provides a unified enrollment solution that is simple
and intuitive, and eliminates many steps in the enrollment process.
The process begins with the employee navigating to a web page and
clicking on an enrollment link. The link to the original web page may be
provided to the employee via an e-mail or SMS, or via the company’s
internal or external website. Clicking on the enrollment link brings up
a screen that prompts for the user’s corporate email address. The device
then displays all notices for the user to accept, which include privacy
policies and agreements from Samsung, the MDM vendor and the enterprise.
Upon accepting the terms, the user is directed to a screen to enter the
password for the corporate account. If authentication is successful the
enrollment is complete. Any agent application required by the MDM server
is automatically downloaded and installed, without user intervention.
MDM vendors can take advantage of this feature and simplify the
onboarding process for enterprise users and significantly improve the
user experience and reduce support costs.
In a nutshell, this is legalized control and spying.
Click to expand...
Click to collapse

jcase said:
I believe the quoted features have to be enabled by the company paying for the subscription (ie employer providing the devices), which is pretty standard MDM. If you are going to agree to use a MDM (as such an employee would have to) I see no issue here unless I am missing something.
I would be much more worried about abuse of the baseband, than MDM software which isn't enabled by default. Much more likely, and better target.
Click to expand...
Click to collapse
I don't know to what extent you're playing devils advocate, but I am still a bit surprised, you can't see any issues with this.
The issue is, that we're not able to see how this enabling mechanism work, and therefore cannot even make any half-baked guess if this is actually secure, or can be easily broken, abused or circumvented, if not so, already. In addition the MDM software is enabled by default, at least as far as my processes and device drivers present, shows. It's just not visibly activated, until you go through the signup procedures. Furthermore it seem that the MDM features are very well weaved into the baseband functionality. Not that baseband is using MDMD, but that MDM makes extensive use of the baseband and features not documented. But to what extent that is true, I can 't really say at this time, as I have not spent any time on it.
One more thing. They say that KNOX is a security "addition" to the default SELinux policies, but that is not the whole story. Actually it seem more that KNOX is replacing or overriding the SEL policies already present. How can we actually test and see this, when we're not even allowed (or given) the tools to do so?

E:V:A said:
I don't know to what extent you're playing devils advocate, but I am still a bit surprised, you can't see any issues with this.
The issue is, that we're not able to see how this enabling mechanism work, and therefore cannot even make any half-baked guess if this is actually secure, or can be easily broken, abused or circumvented, if not so, already. In addition the MDM software is enabled by default, at least as far as my processes and device drivers present, shows. It's just not visibly activated, until you go through the signup procedures. Furthermore it seem that the MDM features are very well weaved into the baseband functionality. Not that baseband is using MDMD, but that MDM makes extensive use of the baseband and features not documented. But to what extent that is true, I can 't really say at this time, as I have not spent any time on it.
One more thing. They say that KNOX is a security "addition" to the default SELinux policies, but that is not the whole story. Actually it seem more that KNOX is replacing or overriding the SEL policies already present. How can we actually test and see this, when we're not even allowed (or given) the tools to do so?
Click to expand...
Click to collapse
I'm not playing devils advocate, I'm saying that I don't think this is the route the NSA would take.

puzzled
I don't get it - I thought "knox" was just that thing that counts how many times you've flashed a custom rom (which can easily be removed and reset).
b

jcase said:
I'm not playing devils advocate, I'm saying that I don't think this is the route the NSA would take.
Click to expand...
Click to collapse
We are not able to see how any closed source security component works, and you investigate it the same way you investigate any closed source feature.

jcase said:
I'm not playing devils advocate, I'm saying that I don't think this is the route the NSA would take.
Click to expand...
Click to collapse
I think it's pointless to speculate in which route they would take, as they would certainly take whatever route available to accomplish their mission. Together with Google own INSTALL ASSET methods, MDM makes that even more simple on Samsungs.
I'm sure we'll see more posts like this in the near future.
FYI - How the NSA can 'turn on' your phone

E:V:A said:
I think it's pointless to speculate in which route they would take, as they would certainly take whatever route available to accomplish their mission. Together with Google own INSTALL ASSET methods, MDM makes that even more simple on Samsungs.
I'm sure we'll see more posts like this in the near future.
FYI - How the NSA can 'turn on' your phone
Click to expand...
Click to collapse
I'll make sure to remove such paranoia posts in the future, one is enough. I think a baseband attack is more likely, as it is more likely to impact more phones, from more OEMs, running more firmwares etc. The baseband is much harder to investigate as well, less people looking at it, more potential for bugs living longer, easier not to get noticed.

jcase said:
I'll make sure to remove such paranoia post in the future, one is enough. I think a baseband attack is more likely, as it is more likely to impact more phones, from more OEMs, running more firmwares etc. The baseband is much harder to investigate as well, less people looking at it, more potential for bugs living longer, easier not to get noticed.
Click to expand...
Click to collapse
Well, I'm not sure that post fulfill all the criteria of "paranoia", especially since it is mostly grounded in truth, apart from the CNN journalism. But my point is already there. When people have no insight or control over what's happening in their pockets, they start getting religiously paranoid. I guess from an anthropological point of view, paranoia has some kind of good survival function for the group. So it serves well as a counter balance to being completely ignorant.

E:V:A said:
Well, I'm not sure that post fulfill all the criteria of "paranoia", especially since it is mostly grounded in truth, apart from the CNN journalism. But my point is already there. When people have no insight or control over what's happening in their pockets, they start getting religiously paranoid. I guess from an anthropological point of view, paranoia has some kind of good survival function for the group. So it serves well as a counter balance to being completely ignorant.
Click to expand...
Click to collapse
It has been removed from the security forum, it is a copy paste of an article reportedly from cnn (no source link to back that), without any citations to the claims made. I will make a better effort to keep the forum accurate, and fud free in the future.
It has factual inaccuracies, and seems to be just a promo piece for a custom Android ROM that indeed has it's own issues.

@E:V:A
I do appreciate your posts, they are welcome here, but some of the posts ive been removing are just FUD, way out there or unsourced.

when I got my phone rooted and opened supersu, it suggested to disable KNOX. Before then, I didn't even know what KNOX is. I searched some information about it, looks like it is just security solution.

explanation
yueyejinghun said:
when I got my phone rooted and opened supersu, it suggested to disable KNOX. Before then, I didn't even know what KNOX is. I searched some information about it, looks like it is just security solution.
Click to expand...
Click to collapse
It's just a feature that counts how many times you've flashed a custom rom to your phone; easily removed and reset.

FIRST Read the OP and then the KNOX whitepaper.
and maybe someone will open this thread again...or remove it.

[Q] extent to which google tracking built in to Os

Hi, I am wondering to what extent Google has built into the android OS, ways of collecting data on the user, even when the user does not open a google account and uses only side loaded apps. ? Does anyone know the answer to this?

jaifora said:
Hi, I am wondering to what extent Google has built into the android OS, ways of collecting data on the user, even when the user does not open a google account and uses only side loaded apps. ? Does anyone know the answer to this?
Click to expand...
Click to collapse
Read this thread, even if it's about Xiaomi, on the 2nd page you will find your answer!

setmov said:
Read this thread, even if it's about Xiaomi, on the 2nd page you will find your answer!
Click to expand...
Click to collapse
I've read trough the second page and couldn't find what you're aiming at. So far as I can see it's only about xiaomi ROMs and their proprietary apps, that cause the security holes.

nerotNS said:
I've read trough the second page and couldn't find what you're aiming at. So far as I can see it's only about xiaomi ROMs and their proprietary apps, that cause the security holes.
Click to expand...
Click to collapse
What you were asking is actually just the same! Short answer: Google is in your phone at a API level, and there is no way to get rid of it!

setmov said:
What you were asking is actually just the same! Short answer: Google is in your phone at a API level, and there is no way to get rid of it!
Click to expand...
Click to collapse
It's not the same as the API itself is not the thing that sends the data. The apps that USE those APIs are the ones that route the data.
The apps on the thread
* AntHalService
* XiaomiServiceFramework
* Cleanmaster
* com.xiaomi.gamecenter.adk.service
* com.duokan.airkan.phone
Click to expand...
Click to collapse
None of them are Google apps. All of them are 3rd party. For example, my nexus 4 with stock Android doesn't have these apps, therefore no data is sent.

nerotNS said:
It's not the same as the API itself is not the thing that sends the data. The apps that USE those APIs are the ones that route the data.
The apps on the thread
None of them are Google apps. All of them are 3rd party.
Click to expand...
Click to collapse
An app has not to be Google proprietary. Android is!!! Are you aware of what info are sent out of your android phone without you will be able to intercept them? You are right, apps are sending info, as also Google per se are collecting info, all the time. Please, don't believe me, actually I'm suggesting you not to believe me, but sooner or later, you'll see! There is no firewall, root, or any other trick able to stop them or control them! The only way is to strip Android apart, and recreate a new API, but then, bye bye functionality!

setmov said:
An app has not to be Google proprietary. Android is!!! Are you aware of what info are sent out of your android phone without you will be able to intercept them? You are right, apps are sending info, as also Google per se are collecting info, all the time. Please, don't believe me, actually I'm suggesting you not to believe me, but sooner or later, you'll see! There is no firewall, root, or any other trick able to stop them or control them! The only way is to strip Android apart, and recreate a new API, but then, bye bye functionality!
Click to expand...
Click to collapse
Android is open source, if there were serious security exploits they would have already been found and patched out. If not by Google itself, then by 3rd party developers. It's true that Google collects data like your location, but ONLY if you allow it. Also, even if you're correct, disabling the internet will help anyone who's paranoid enough. Besides, the xiaomi thread deals in stuff a lot more serious (eg. money) than the misc data such as the % of time you spent playing a game. All in all, while it's possible to exploit Android and steal data from incautious users, Android as a system doesn't sell or give your key info (user, pass, card no etc.) to anyone.

nerotNS said:
Android is open source, if there were serious security exploits they would have already been found and patched out. If not by Google itself, then by 3rd party developers. It's true that Google collects data like your location, but ONLY if you allow it. Also, even if you're correct, disabling the internet will help anyone who's paranoid enough. Besides, the xiaomi thread deals in stuff a lot more serious (eg. money) than the misc data such as the % of time you spent playing a game. All in all, while it's possible to exploit Android and steal data from incautious users, Android as a system doesn't sell or give your key info (user, pass, card no etc.) to anyone.
Click to expand...
Click to collapse
That's right, we don't have to be afraid of Google to use our data like Xiaomi, but....here is what I know for sure:
(copied from Xiaomi thread)
The point is that is not important what OS you are using, or what is the phone manufacturer. All of them send your data to their "masters". Said that, let's take a look at google. The first time you boot your precious phone, and you connect to the net, Google will receive your IMEI, your phone number, your location (based on network or gps, depends) an all the data you have on your phone. Ok, I know, I know, they are the owners of the Android OS, and they can do whatever they want, and you will never know what they are doing if you have a stock rom, You will not know what they are doing as a power user with highly customized rom as well. Why? Well, because their API. To be clear, the API, also known as "application programming interface (API) specifies a software component in terms of its operations, their inputs and outputs and underlying types. Its main purpose is to define a set of functionalities that are independent of their respective implementation, allowing both definition and implementation to vary without compromising each other.(as per wikipedia)" in not always an "open source project" and the Android core platform API is not "open source" at all, even in the "AOSP" project. The point is that when you use an android platform, if you want it or not, Google receive your data. Let me go further....a month or so ago, Google has implemented their Gmail policy, and started a new monitoring program against pedophilia, and at my point of view, this is a good thing, but, you have to know what's going on. actually they scan every email in your inbox and to or from their Gmail service searching for clues. If they find something, then you're screwed, because they know who you are. Believe me, they know! But this is not the point, so, where they store all the infos on you, and your Gmail account, when they find nothing? Oh, of course on their servers in the US!!! Based on the Patriot Act, the "Agencies" do not need any kind of "court order" to take a peek inside your life. They can do whatever they want, and actually they are doing it. Google will never say NO, and it's obvious why. Based on what is above mentioned, all the US based companies do the same. Unfortunately, the most of the world use Android, even if the manufacturer is Chinese or Vietnamese or whatever else. If you strip Android apart because all of that and you want your privacy back, you will find an interesting thing, that your Android will no more work correctly, and you will find it unusable. This is exactly because the core functionalities that spy on us. We can discuss this as much as we want, but these are facts. To be completely sure that no one is spying on you, someone would have to rebuild the whole Android system, but without a lot of money and the right "crew" this will never happen. Same thing you can expect from Apple (no need to mention the leakage of their cloud system) or Microsoft. Xiaomi, also use services that need your personal data...cloud, sms, mms, whatever, and by buying their product you agreed with them. They will not stole your credit card, but their "agencies" will know who you are, and what you do. But, to be honest, they will do you nothing if you are a non-Chinese citizen. I have never seen Chinese Agencies doing something to the rest of the world, but I have seen US agencies doing bad things to their citizens and the rest of the world. So, let's be honest and admit it, as much as we talk about laws, no one is protected by them. If you are gonna buy a phone, you have to face the fact that you will be under surveillance and monitored. If you have the luck and you live in Switzerland, then you're ok, if not, well....face it, you are SOL. You have just to understand that no provider, manufacturer or OS developer will never solve this issue, because there is no interest.
About AOSP: (from their site!!!)
- First, the software gets built into a system image for a device, and put through various forms of certification, including government regulatory certification for the regions the phones will be deployed. It also goes through operator testing. -really? YES!
- Once the release is approved by the regulators and operators, the manufacturer begins mass producing devices, and we turn to releasing the source code. hmm....
- In some releases, core platform APIs will be ready far enough in advance that we can push the source code out for an early look in advance of the device's release; however in others, this isn't possible. - hahahaha, ask yourself why!!!
And this is just for start. This is not an app-related issue, we are talking about Android CORE! I love Android, I am using it actively and I am happy with it, it's just that sometimes I feel that this is not fair, but hey, who am I to told them what is or it's not fair? Is not a matter of OS, nor device. All have the same core functionality! NO PRIVACY for them! Accept it or not, these are facts.

I'll start with this:
First, the software gets built into a system image for a device, and put through various forms of certification, including government regulatory certification for the regions the phones will be deployed. It also goes through operator testing. Once the release is approved by the regulators and operators, the manufacturer begins mass producing devices.
Click to expand...
Click to collapse
Government regulatory certification means that the device being certified is built in compliance with the laws of a specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).

nerotNS said:
I'll start with this:
Government regulatory certification means that the device being certified is build and in compliance with the laws of the specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).
Click to expand...
Click to collapse
@nerotNS I am not going to make a discussion with you, on some points you are right, on others, you're very wrong! I would love to be like you!

So, between you, you seem to be saying that an android phone can definitely send info to Google via an app, but you disagree on whether there is anything built into the API which sends info to Google independently of any app which can be clearly seen in the OS. I am wondering if there is anyone who actually knows the answer to this, through being involved in the development of the OS, other than a Google employee who may not be free to tell the truth, if the answer would be unpopular. I wonder if a user can be free of their snooping simply by not opening an account or using any of their products, or whether the only solution is to wait for a truly independent developer to produce a stable, quality device?
QUOTE=nerotNS;56965212]I'll start with this:
Government regulatory certification means that the device being certified is built in compliance with the laws of a specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).[/QUOTE]
So, between you, you seem to be saying that an android phone can definitely send info to Google via an app, but you disagree on whether there is anything built into the API which sends info to Google independently of any app which can be clearly seen in the OS. I am wondering if there is anyone who actually knows the answer to this, through being involved in the development of the OS, other than a Google employee who may not be free to tell the truth, if the answer would be unpopular. I wonder if a user can be free of their snooping simply by not opening an account or using any of their products, or whether the only solution is to wait for a truly independent developer to produce a stable, quality device?

It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...

Well, you can always turn on Androids built in Device Encryption (if you don't mind slower r/w speeds). Combine that with a firewall and what you mentioned above and I think you're good.

"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?

unclefab said:
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
Click to expand...
Click to collapse
@unclefab finally someone with some common sense!!! BRAVO!!!!
I am really glad you have elaborated my post! Probably the most will not even see what we wrote here, but hey, someone maybe will be able to learn something new!
Again...BRAVO!!!!

unclefab said:
It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...
Click to expand...
Click to collapse
setmov said:
@unclefab - well said!!!
I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! Yes guys, when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage! You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device! I am no developer, and I am not calling myself as such, but I know what I am talking from a security stand point! I am not a conspiracy theorist, and I will not tell you what I am doing for living, but definitely I know what I am talking about! Some times people are definitely dumb! Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?Are you aware what a little cookie can do? Are you aware why they use fake cell towers? Are you aware why they collect your data? Ads improvement? Service Improvement? Court orders? Really? Google isn't storing your data? Or Facebook even worse? Can't you really see what is going on? You can think I am an idiot, but as @unclefab said, trust no one! I am telling you this as a fairy tale, you can or can't believe me, but check for yourself and you'll see!
No you're not good to go! Not if you're trying to avoid gov. agencies! And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time (at this time only Lollipop is causing issues to decrypt) !!! But hey, you have any right to believe otherwise!
Just a little off topic example....do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
Click to expand...
Click to collapse
unclefab said:
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
Click to expand...
Click to collapse
You guys are way too paranoid. First off, if you're all into don't track us down, why are you using the Internet in the first place? Now for the technical part.
The kernel is trying to get the the DNS because guess what? DNS is needed for Internet connectivity. Android is a smartphone and many of its services rely on having an Internet connection. So it's rather normal that a system-level part is trying to establish a network connection. OEM kernels have more of this compared to AOSP because they use their proprietary services.
And sure, you can use 3rd party apps, but they too can contain tracking data, and prior to 4.4/5.0 core system apps were open source, and you still don't have to use gapps.
Next, you can't change hardware embedded data like serial numbers for a number of reasons, security being one of them. If it was that easy you could never track down stolen phones for example. Much like a motor engine serial number in a car. Same goes for IMEI. Then you spoke about the past. Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online.
Further, yes you ARE good to go. Androids built in encryption system is pretty tough. If your bootloader is locked down, you have no custom recovery, it ain't that easy to get to your data (excluding nexus devices, because of their development nature this can be relatively easily bypassed). Plus, they'd have to have physical access to your device.
They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account. I've already explained why, plus it's for their statistics for example the number of active android devices, new Android device activations on a daily basis etc.
You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists.
Calling encryption dangerous is ridiculous to say the least. And yes, even "two story computers" are gonna have a bad time cracking it. Ever heard of a 256-bit AES?
Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too.
Conclusion: Yes, there are ways to compromise security and data. Yes you can block most of those ways. But this level of paranoia is ridiculous to say the least and sounds like something I'd see in a conspiracy TV commercial. Reading trough your posts here I half expected to see "The end is nigh. Hide your children!" kind of sentence. If you believe that we're all monitored, then throw your router trough the window, smash all your tech, and live in a candle lit room. But please don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV.
Now setmov I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance.

nerotNS said:
You guys are way too paranoid. First off, if you're all into don't track us down, why are you using the Internet in the first place? Now for the technical part.
The kernel is trying to get the the DNS because guess what? DNS is needed for Internet connectivity. Android is a smartphone and many of its services rely on having an Internet connection. So it's rather normal that a system-level part is trying to establish a network connection. OEM kernels have more of this compared to AOSP because they use their proprietary services.
And sure, you can use 3rd party apps, but they too can contain tracking data, and prior to 4.4/5.0 core system apps were open source, and you still don't have to use gapps.
Next, you can't change hardware embedded data like serial numbers for a number of reasons, security being one of them. If it was that easy you could never track down stolen phones for example. Much like a motor engine serial number in a car. Same goes for IMEI. Then you spoke about the past. Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online.
Further, yes you ARE good to go. Androids built in encryption system is pretty tough. If your bootloader is locked down, you have no custom recovery, it ain't that easy to get to your data (excluding nexus devices, because of their development nature this can be relatively easily bypassed). Plus, they'd have to have physical access to your device.
They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account. I've already explained why, plus it's for their statistics for example the number of active android devices, new Android device activations on a daily basis etc.
You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists.
Calling encryption dangerous is ridiculous to say the least. And yes, even "two story computers" are gonna have a bad time cracking it. Ever heard of a 256-bit AES?
Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too.
Conclusion: Yes, there are ways to compromise security and data. Yes you can block most of those ways. But this level of paranoia is ridiculous to say the least and sounds like something I'd see in a conspiracy TV commercial. Reading trough your posts here I half expected to see "The end is nigh. Hide your children!" kind of sentence. If you believe that we're all monitored, then throw your router trough the window, smash all your tech, and live in a candle lit room. But please don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV.
Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance.
Click to expand...
Click to collapse
@nerotNS
- First thing, I've wrote "Some times people are definitely dumb!" not @unclefab! Please prove me that what I wrote is not right!
- Second, everything WE said is right! Why are you trying so hard prove it otherwise?
- Third, you can see what you have the ability to see! Maybe in your country the prosecutors, law enforcement agencies or else, need a court order, in the US they don't! You know why? Because of Patriot Act! Maybe you don't even know what this is, and you haven't seen the effect of it, but this doesn't mean it not exist!
- Fourth, you have your believes, and I have mine, so I will respect that and not try to change yours, and for me this discussion is over!
To the OP @jaifora, men, believe what you want, you have the right to!
Good luck

@neronS
"Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online. "
Saying that shows that you are either very young, or that you have never left your home town, or both.
It's not the cold war anymore, true, now it's the so called war on terror, the US allways need to have an ennemy (before that back in the 90's it was the war on narcotics, but you may have not heard about it).
International laws you said?
You think the States care about those laws?
Did they care about it when the UN said that the invasion in Iraq violates such international laws?
Have you heard about the Abou Ghaib jail? That was another nice example on how international laws are followed by the States.
Apart from that, have you heard about corrupted indian officials tracking indian facebook users that expose their scamms?
Have you heard about that indonesian atheist that got severely beaten up by an angry mob because he had declared on his facebook account that he doesn't believe in god, and that endded up in jail (the atheist, not the mob) for blasphemy?
Have you heard about that bangladeshi blogger that may be executed cuz he wrote on his blog that he's an atheist?
You want more examples?
Oh yeah, I almost forgot, the states, the country of freedom and democracy, the country where you need a court order.
What a joke!
Have you heard about all what the US did these last 200 years? And have you heard about what the US is currently doing in 2014?
I guess you didn't, hence your last reply...
But as for me I did, and that's why I can't trust such a country. That said, I can't trust the european, the chinese, the indian or the russian either, not to mention the middle eastern, as I already said I trust NOONE...
"They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account."
Really?
What about permissions like access fine location (precise gps location), read sms, send sms without the user's knowledge, write sms, read bookmarks, write bookmarks, read contats, write contacts, read call log, write call log, read contact card, read user dictionary, get accounts on the device, perms that can be found in apps where such perms are not needed, you want more?
Have a look at all the data leakage when you connect to the internet, and you'll see that it's not only about a few digits...
"You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists. "
You have just proved once more that you have never been away from home.
The vast majority of android users are people from emerging countries where one can buy a phone without giving one's name (so no need to fake anything) and the same applies for the sim.
Those people are not rich arrogant westerners, who think they know everything because mum and dad sent them to a good school, and they don't have any subscription cuz in most of those countries it doesn't exist or if it does it's very limited.Those people buy prepaid credits when they have money, that's it.
How many people in the States? 315 millions.
How many people in western Europe? About 300 millions.
Add Canada, 30, Australia, 20, how many is that?
India, 1.2 billion or even more.
China, 1.2 billion and counting.
Africa, nearly 1 billion.
Indonesia, 250 millions.
Maybe you should leave your hometown and travel a bit, the world doesn't end in the west's boundaries.
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too. "
Do a search with "linux kernel nsa", you will learn a lot.
" don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV. "
Well, I haven't seen it on the tv, I have seen it on the field and I know very well what human beings are capable of, which you obviously don't.
So please, don't spread unfounded reinsurance that everything goes fine, that google and the governments are ok, just because a guy talking on their behalf on the tv said they are.
Then, you can call me a conspirationist or whatever, I don't care, I didn't write those posts for people like you but for people that have their eyes open.
"Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance"
Where did I call anyone "stupid?
You, on the contrary, said that:
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else".
So son, instead of playing mister moderator maybe YOU should watch a bit your language.
Ah the kids of today...:silly:

unclefab said:
@neronS
"Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online. "
Saying that shows that you are either very young, or that you have never left your home town, or both.
It's not the cold war anymore, true, now it's the so called war on terror, the US allways need to have an ennemy (before that back in the 90's it was the war on narcotics, but you may have not heard about it).
International laws you said?
You think the States care about those laws?
Did they care about it when the UN said that the invasion in Iraq violates such international laws?
Have you heard about the Abou Ghaib jail? That was another nice example on how international laws are followed by the States.
Apart from that, have you heard about corrupted indian officials tracking indian facebook users that expose their scamms?
Have you heard about that indonesian atheist that got severely beaten up by an angry mob because he had declared on his facebook account that he doesn't believe in god, and that endded up in jail (the atheist, not the mob) for blasphemy?
Have you heard about that bangladeshi blogger that may be executed cuz he wrote on his blog that he's an atheist?
You want more examples?
Oh yeah, I almost forgot, the states, the country of freedom and democracy, the country where you need a court order.
What a joke!
Have you heard about all what the US did these last 200 years? And have you heard about what the US is currently doing in 2014?
I guess you didn't, hence your last reply...
But as for me I did, and that's why I can't trust such a country. That said, I can't trust the european, the chinese, the indian or the russian either, not to mention the middle eastern, as I already said I trust NOONE...
"They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account."
Really?
What about permissions like access fine location (precise gps location), read sms, send sms without the user's knowledge, write sms, read bookmarks, write bookmarks, read contats, write contacts, read call log, write call log, read contact card, read user dictionary, get accounts on the device, perms that can be found in apps where such perms are not needed, you want more?
Have a look at all the data leakage when you connect to the internet, and you'll see that it's not only about a few digits...
"You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists. "
You have just proved once more that you have never been away from home.
The vast majority of android users are people from emerging countries where one can buy a phone without giving one's name (so no need to fake anything) and the same applies for the sim.
Those people are not rich arrogant westerners, who think they know everything because mum and dad sent them to a good school, and they don't have any subscription cuz in most of those countries it doesn't exist or if it does it's very limited.Those people buy prepaid credits when they have money, that's it.
How many people in the States? 315 millions.
How many people in western Europe? About 300 millions.
Add Canada, 30, Australia, 20, how many is that?
India, 1.2 billion or even more.
China, 1.2 billion and counting.
Africa, nearly 1 billion.
Indonesia, 250 millions.
Maybe you should leave your hometown and travel a bit, the world doesn't end in the west's boundaries.
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too. "
Do a search with "linux kernel nsa", you will learn a lot.
" don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV. "
Well, I haven't seen it on the tv, I have seen it on the field and I know very well what human beings are capable of, which you obviously don't.
So please, don't spread unfounded reinsurance that everything goes fine, that google and the governments are ok, just because a guy talking on their behalf on the tv said they are.
Then, you can call me a conspirationist or whatever, I don't care, I didn't write those posts for people like you but for people that have their eyes open.
"Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance"
Where did I call anyone "stupid?
You, on the contrary, said that:
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else".
So son, instead of playing mister moderator maybe YOU should watch a bit your language.
Ah the kids of today...:silly:
Click to expand...
Click to collapse
setmov said:
@nerotNS
- First thing, I've wrote "Some times people are definitely dumb!" not @unclefab! Please prove me that what I wrote is not right!
- Second, everything WE said is right! Why are you trying so hard prove it otherwise?
- Third, you can see what you have the ability to see! Maybe in your country the prosecutors, law enforcement agencies or else, need a court order, in the US they don't! You know why? Because of Patriot Act! Maybe you don't even know what this is, and you haven't seen the effect of it, but this doesn't mean it not exist!
- Fourth, you have your believes, and I have mine, so I will respect that and not try to change yours, and for me this discussion is over!
To the OP @jaifora, men, believe what you want, you have the right to!
Good luck
Click to expand...
Click to collapse
I apologize for the mistype I didn't mean unclefab, I meant setmov with his "stupidity" remark.
As for you, I HAVE been around the world quite a lot more than you think. And in case you haven't noticed, I said that you need to give your name ONLY if on contract. I even said that using prepaid doesn't include this. And even according to the Patriot Act they still DO NEED at least a search warrant, otherwise it would be breaking the US Constitution. All the examples you gave above may be true, but you forgot to mention the fact that it was all placed PUBLICLY AND WILLINGLY. The aftermath is a completely unrelated thing. And yes, even though I am 18 I k of quite a lot of the matter as well as other things. Assuming something about someone based on age is immature to say the least. And finally you told me to search Linux kernel NSA. Mate, if you believe everything on Google, I hope you have anti alien cannons in your house. Also claiming that westerners are "rich and arrogant" is considered nationalism. Don't do it, it's bad. Plus everything I learned, I learned on my own. Not in a "good school". As setmov said, as far as I'm concerned the discussion is over, I don't want this to become a public fight. If you wish further talk, you can contact me in a PM.

[Free Wi-Fi Password] User Data Policy & User Agreement

Terms of User Data Policy & User Agreement
These terms and conditions (“User Terms”) apply to your visit and your use of our websites (the “Website”), the Service and the Application (as defined below), as well as to all information, recommendations and/or services provided to you on or through the Website, the Service, and the Application. By using our Services, accessing our Website or downloading the Application you hereby agree to be bound by these User Terms.
• PLEASE READ THESE USER TERMS CAREFULLY BEFORE DOWNLOADING OUR APPLICATION AND/OR ACCESSING OUR WEBSITE OR USING OUR SERVICE.
• If you reside in a jurisdiction that restricts or prohibits the use of the Service or Application, you may not use the Service or the Application.
• The Service, Application and Website are provided by Free WiFi Password (hereinafter referred to as “we” or “us”). We provide the ability to obtain Internet access services offered by third party Internet access providers, business owners or individuals (the “Access Provider”), which may be requested through the use of an application supplied by us and downloaded and installed by you on your single mobile device (smart phone) (the “Application”). All services provided by us to you through your use of the Application are hereafter referred to as the “Service”.
• By using the Application or the Service, you enter into a contract with us (the “Contract”). If you are under the age of 13 you must not use our Service or download the Application. Your legal guardian or parent must agree to these terms for themselves and on your behalf if you are between 13 and 18 years old (or the age in your jurisdiction at which you are considered to be a minor). You represent that if you are registering on behalf of a legal entity, that you are authorized by such entity to enter into, and bind the entity to, these User Terms and register for the Service and the Application.
• These User Terms are subject to amendment by us from time to time. The amended version will substitute the former one upon release without further notice to you and will be made available on the Website for your review. The version on the Website shall be the most current version of the terms and shall apply to your use of the Service, Website or Application. By continuing to use the Service, Website or Application following the new User Terms being made available, you give your consent to the amended User Terms and they shall be binding upon you. You shall immediately stop using the Service, Website and Application provided by us if you do not accept the revised User Terms.
1. Service Rules
How does the Service / Application work?
The Application allows you to send a request for Internet access service to us. The Application detects the router information and sends your access information request to our platform. The platform matches the request with the shared password data stored on our platform and provides you with encrypted information via the Application to facilitate your connection. The password data is shared by an authorized Access Provider. The Access Provider has sole and complete discretion to share, not to share, or to blacklist the sharing of the WiFi passwords.
We do not provide Internet access services, and we are not a telecommunications carrier. It is up to the Access Provider to obtain authorization to offer/share Internet access, which may be requested through the use of the Application and/or the Service. We only act as an intermediary between you and the Access Provider.
The Website, the Application and the Service may from time to time contain advertisements or links to content provided by us and any of our third party vendors and partners. You agree that you shall have no claim, whether against us or any of our affiliates, third party vendors or partners, in respect of any income, profit or any other benefit, economic or otherwise, in respect of such advertisement or links. We will not be responsible for any third party content or links to any third party sites on our Website or the Application.
You may use the Services / Application as one of the following:
(a) “User” means a person who has downloaded the Application and consented to the User Terms for the use or potential use of the Application or Service.
(b) “Registered User” means a person who has signed up, consented to the User Terms and is registered with us for the use or potential use of the Application or the Service.
Both Users and Registered Users must agree to these User Terms before using the Website, Application or Services. However, certain additional product features will be made available to Registered Users from time to time, which may not be available to non-registered Users.
Changes to the Service / Application
We reserve the right to unilaterally change, suspend, limit, terminate or cancel the Website, the Application and/or the Service, partly or wholly, at any time for any reason, including but not limited to violation or evidence of violation of the User Terms, and without any prior notice to you.
Your use of the Service / Application
The information, recommendations and/or services provided to you on or through the Website, the Service and the Application is for general information purposes only and does not constitute advice. We will attempt to keep the Website and the Application and its contents correct and up to date but we cannot guarantee and are not responsible for ensuring that the Website and/or Application are free of errors, defects, malware and viruses or that the content on the Website and/or Application are correct, up-to-date and accurate. We may from time to time, but are not obligated to, create or provide any support, corrections, updates, patches, bug fixes or enhancements to the Website, the Application and/or the Services.
Violations of these User Terms
We will have the right to investigate and prosecute violations of any of these User Terms to the fullest extent provided by law. We may involve and cooperate with law enforcement authorities in prosecuting users who violate these User Terms. You acknowledge that we have no obligation to monitor your access to or use of the Website, Service, Application or any in-app content or to review or edit any in-app content, but we have the right to do so for the purpose of operating the Website, the Application and Service, to ensure your compliance with these User Terms, or to comply with applicable law or the order or requirement of a court, administrative agency or other governmental body. We reserve the right, at any time and without prior notice, to remove or disable access to the Website, the Service or Application for or take legal action against you, if we, in our sole discretion, consider you to have committed an illegal act, be in violation of these User Terms or be acting in any way which is otherwise harmful to the Website, the Service or Application or other Users or Registered Users. In addition, we shall assist in the investigation into your activities upon request from any regulatory authority.
Ownership of the Services / Application
We possess the ownership of and the right to operate the Service. We will provide the Service in accordance with the User Terms and the corresponding rules and regulations issued by us.
2. Your Rights and Obligations
2.1 By using the Application or the Service, you further agree that you will:
(a) only use the Service or download the Application for your sole and personal use and will not resell it to a third party;
(b) Not authorize any third party to use your account and will keep secure and confidential your account password or any identification we provide you which allows access to the Service and the Application;
(c) not assign or otherwise transfer your account to any other person or legal entity;
(d) not use an account that is subject to any rights of or belonging to a person other than you without appropriate authorization;
(e) not use the Service or Application:
(i) for unlawful purposes, including but not limited to sending or storing any unlawful material or for fraudulent purposes;
(ii) to send spam or otherwise duplicative or unsolicited messages in violation of applicable laws;
(iii) to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or in any way which violates any third party’s privacy or other rights;
(iv) to send or store material containing software viruses, worms, Trojan horses, malware or other harmful computer code, files, scripts, agents or programs;
(v) to interfere with or disrupt the integrity or performance of the Website, the Application or Service or the data contained therein;
(vi) for any form of malicious intent;
(vii) to cause nuisance, annoyance or inconvenience;
(viii) to upload or download large files or other unfair uses that may cause impairment of the Service for other Users, Registered Users or the Access Provider;
(f) not impair the proper operation of the network;
(g) not try to harm the Service or Application in any way whatsoever;
(h) not copy or distribute the Application or other content without our prior written permission;
(i) provide us with whatever proof of identity we may reasonably request;
(j) only share an Internet access point or information relating to an Internet access point which you own or are authorized to share;
(k) be responsible for ensuring that any information provided by you in relation to any Internet access point, including access passwords, are kept updated, unless you have notified us in accordance with these User Terms of your wish to withdraw your consent to sharing information to access your Internet access point. If there is any change to such information, you shall notify us and update such information within a reasonable period of time;
(l) notify us in writing if you wish to withdraw your consent to sharing or providing information relating to an Internet access point through the Application. We will remove all information relating to the Internet access point provided by you from the Application within 60 days of receipt of such notification from you;
(m) be responsible for standard messaging charges when requesting the Service or joining any contest held by us by SMS (if available in your jurisdiction);
not use the Service or Application with an incompatible or unauthorized device; and
(o) comply with all applicable laws of your home nation, the country, state and/or city in which you are present while using the Application or Service.
2.2 You must not attempt to gain unauthorized access to the Website, the Application or Service or its related systems or networks.
2.3 We may at our sole discretion cancel or delete your registered account if it has not been active for a reasonably long time.
3. Privacy Policy
Definition of personal data
You acknowledge that personal data is defined as data from which an individual (meaning a living or deceased natural individual and not including legal individuals such as incorporated bodies) can be identified. Examples of this may include: your official name, ID number, phone number, IP address and the email account you used to log in Google Play.
For what purposes do we process your personal data?
When you visit our Website and/or use our Application, we may process technical data such as your IP-address, visited webpages, the internet browser you use, your previous/next visited websites and the duration of a visit/session to enable us to deliver the functionalities of the Website and our Application. In addition, in certain instances, the browser and/or the Application may prompt you for your geo-location to allow us to provide you with an enhanced experience. With this technical data, our administrators can manage the Website and the Application, for instance by resolving technical difficulties or improving the accessibility of certain parts of the Website and/or the Application. This way, we are better able to ensure that you can (continue to) find the information on the Website and/or the Application in a quick and simple manner.
When you visit our Website and/or use our Application, we will also collect and process your data, such as your IP-address, country, language, mobile number, IMEI, device ID, MAC-address, information about the manufacturer, model, and operating system of your mobile device, including your mobile device’s screen resolution, and access point information, including SSID and BSSID. We use this data to enable us to deliver the functionalities of the Application, resolve technical difficulties, and provide you with the correct and most up to date version of the Application and to improve the operation of the Application.
When you register as a Registered User, we will collect your country, language, password, mobile phone number, IP-address and MAC-address. We will use your contact details to send you a welcoming SMS to verify your phone number and password, to communicate with you in response to your inquiries, and to send you service-related announcements, for instance, if our Service is temporarily suspended for maintenance. We will use your registration information to create and manage your account. If you are required to SMS us to complete the registration, standard SMS charges may apply.
We may also use your contact details to send you general updates regarding our news, special offers and promotions with your prior consent. You may at all times opt-out of receiving these updates by emailing us at [email protected] or by following the steps to unsubscribe more fully described in any relevant email you receive from us.
We also use your personal data in an anonymised and aggregated form to closely monitor which features of the Service are used most, to analyze usage patterns and to determine where we should offer or focus our Service. We may share this anonymised information with third parties for industry analysis and statistics.
Referrals
If you choose to use our referral feature in the Application to tell a friend about our Service, you will be prompted to enter your friend’s email address or mobile phone number or log into your preferred social network. Please ensure that you have your friend’s express permission to disclose this personal data before providing it to us. If you elect to refer a friend, we will automatically populate a message for you to send to your friend inviting him or her to try the Service on your behalf, however the actual message will be sent via your mobile device or social network and you will be able to edit the final message before you send it. We do not store your friend’s data.
Disclosure of personal data
When you request for Internet access services via the Application, we do not provide your personal data to any Access Provider.
We may employ third party companies (including our affiliated companies) and individuals to facilitate or provide the Service on our behalf, to provide customer support, to backup, maintain and process data (including your personal data we collected), to host our job application form, to perform Website-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website or Application’s features) or to assist us in analyzing how our Service is used. These third parties have access to your personal information only to perform these tasks on our behalf, are contractually bound not to disclose or use it for any other purpose, and are bound by legally enforceable obligations to provide to your personal information a standard of protection that is comparable to that under the Personal Data Protection Act (2012) of Singapore, as amended from time to time.
We will disclose your personal data to the extent that this is legally required, necessary for the establishment, exercise or defense of legal claims and legal process, or in the event of an emergency pertaining to your health and/or safety.
Your rights regarding personal data
As a User or Registered User, you have the right to access information regarding your personal account, including information that you’ve provided to us. You may at any time request correction or erasure of your personal data, and object to any processing of your personal data by emailing us at [email protected]. We will respond to your access and/or correction request within four weeks. You may also amend your personal details and withdraw any given consent using your account.
Security of personal data
We have taken appropriate technical and organizational security measures against loss or unlawful processing of your personal data. To this purpose, your personal data is securely stored within our database, and we use standard, industry-wide, commercially reasonable security practices as well as physical safeguards of the locations where data are stored. However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of information by you to us or to any third party is at your own risk.
4. Software Trademark
Any IPR involved in the Application, Services and Website (including that of our Connected Partners) signs and names of products and services shall be owned by us (or our Connected Partners as applicable). You are not allowed to display, use or otherwise deal with our (or our Connected Partners’) IPR or signs by any means or represent that you have the right to display, use or otherwise deal with such IPR or signs without our prior written consent. “IPR” shall mean any copyright, design rights (whether registered or unregistered), database rights, patents, utility models, trademarks, signs, logos, trade names, domain names and topography rights and any other intellectual property having a similar nature of equivalent effect anywhere in the world and any applications for or registrations of any of these rights.
5. Liability and Disclaimers
5.1 We shall in no circumstances be liable for:
(a) information or content transmitted over a WiFi hotspot by you or any User, Registered User or third party. Any information or content transmitted by you or other Users or Registered Users of the Application or third parties through the Application does not represent our view or policy;
(b) damages resulting from the use of (or the inability to use) electronic means of communication through the Website or the Application, including, but not limited to, damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or computer programs, and the transmission of viruses;
(c) damages resulting from the use of (or inability to use) the Website or Application, including damages caused by malware, viruses or any incorrectness or incompleteness of the information on the Website or Application;
(d) any damages, loss or third party claims resulting from your sharing of or providing access to a WiFi hotspot;
(e) the quality of the Internet access services provided by the Access Provider or any acts, actions, behaviour, conduct, and/or negligence on the part of the Access Provider. Any complaints about the Internet access services provided by the Access Provider should therefore be submitted to the Access Provider;
(f) any server crash or network interruptions caused by any event of force majeure or any other circumstance outside of our control, including any data loss or other damage suffered by you;
(g) any data loss or other damage suffered by you during or in connection with any upgrade of the Services, Website or Application; and
(h) any costs incurred by you, including any charges for data, messaging and other wireless access services, associated with your use the Application.
5.2 You hereby agree to compensate and indemnify us and any of our contracted partners and affiliates (our “Connected Partners”) for any claims, suits, requests, damages or losses, including reasonable attorney’s fees, from third-parties resulting from the your breach of this Agreement or resulting from information or content transmitted over a WiFi hotspot by you or any User, Registered User or third party, and hold us and our Connected Partners harmless for any claims, requests and suits against us or our Connected Partners.
5.3 You hereby acknowledge and agree that to the extent permitted by applicable law, we shall not be liable to you for any direct, indirect, accidental, special or follow-up losses, damages or risks caused by your use of or failure to use the Application and/or Services.
Your warranties, representations and undertakings
5.4 You shall be responsible for obtaining appropriate authorization from the owner of a WiFi hotspot when sharing such WiFi hotspot, including but not limited to the password and location of the WiFi hotspot, and for ensuring that all the information of any and all hotspots you share are secure. You hereby:
(a) warrant and undertake that you are either the owner of the WiFi hotspot or are appropriately and validly authorized by the owner of the WiFi hotspot to do so when sharing the details of such with us; and
(b) agree to indemnify us in respect of any loss or damage suffered by us in respect of a breach of this provision.
5.5 You hereby warrant, represent and undertake that any WiFi hotspot information obtained will be used by you strictly in compliance with any applicable laws. Any illegal action or breach of relevant law or rules is forbidden. We shall be exempted from any liability for any problems caused by the breach of this provision.
Exclusion of warranties
5.6 We do not provide the WiFi network connection or internet services and therefore we do not make any warranty or guarantee regarding the timeliness, security and accuracy of the Service, and you hereby agree that we shall have no liability to you in respect of or in connection with any communication failure.
5.7 To the extent permitted by applicable law, we do not give any warranties, representations or undertakings in respect of the Application, whether express or implied, or in decrees, including but not limited to problems related to merchantability, applicability, non-virus, negligence, or technological flaw, and any warrant and conditions, express or implied, to ownership and non-infringement.
6. Miscellaneous
6.1 You should read these User Terms clearly before using the Service, Website and/or Application.
6.2 Any invalidation of any clause, partly or wholly, shall not affect the validity of other clauses herein.
6.3 These User Terms shall be governed by the laws of Singapore. Any dispute, claim or controversy arising out of or relating to these User Terms or the breach, termination, enforcement, interpretation or validity thereof or the use of the Website, the Service or the Application (collectively, “Disputes”) will be settled exclusively by the competent court in Singapore.
6.4 These User Terms, together with any of our policies notified to you from time to time, set out the entire agreement between you and us and you have not entered into these User Terms in reliance upon any promise or understanding which is not expressly set out in these User Terms.
6.5 These User Terms may be translated into non-English language versions. In the event of any inconsistency, conflict or uncertainty between this English language version and any non-English language version of these User Terms, this English language version shall prevail and apply.
6.6 Any failure or delay by either of us in exercising our rights under these User Terms shall not constitute a waiver of such right and shall not restrict the further exercise of that right or any other remedy.
6.7 These User Terms shall apply to your relationship with us and shall not confer any rights on any third party.
Free WiFi Password
Last updated, Nov 2016

Wheres app

Verizon to Push AppFlash to gather all the datas!

What absolute [email protected]
So... how do we get around this?
The First Horseman of the Privacy Apocalypse Has Already Arrived: Verizon Announces Plans to Install Spyware on All Its Android Phones
Within days of Congress repealing online privacy protections, Verizon has announced new plans to install software on customers’ devices to track what apps customers have downloaded. With this spyware, Verizon will be able to sell ads to you across the Internet based on things like which bank you use and whether you’ve downloaded a fertility app.
Verizon’s use of “AppFlash”—an app launcher and web search utility that Verizon will be rolling out to their subscribers’ Android devices “in the coming weeks”—is just the latest display of wireless carriers’ stunning willingness to compromise the security and privacy of their customers by installing spyware on end devices.
The AppFlash Privacy Policy published by Verizon states that the app can be used to
“collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device.”
Troubling as it may be to collect intimate details about what apps you have installed, the policy also illustrates Verizon’s intent to gather location and contact information:
“AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device.”
And what will Verizon use all of this information for? Why, targeted advertising on third-party websites, of course:
“AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services and devices.”
In other words, our prediction that mobile Internet providers would start installing spyware on their customers’ phones has come true, less than 48 hours after Congress sold out your personal data to companies like Comcast and AT&T. With the announcement of AppFlash, Verizon has made clear that it intends to start monetizing its customers’ private data as soon as possible.
What are the ramifications? For one thing, this is yet another entity that will be collecting sensitive information about your mobile activity on your Android phone. It’s bad enough that Google collects much of this information already and blocks privacy-enhancing tools from being distributed through the Play Store. Adding another company that automatically tracks its customers doesn’t help matters any.
But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous.

AppFlash is just a custom bloated version of the Google Search Bar with intense focus on data mining. This is essentially a widget, which belongs to a package, which should be able to be disabled/uninstalled depending on its implementation. You may need a rooted phone to fully remove it from the system - but time will tell. Either way, this will end up in my pile of other Verizon 'Services/Apps' that are either uninstalled or frozen.
the_rev said:
But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous.
Click to expand...
Click to collapse
I find this comment amusing - eluding that 'hackers' don't probe every single aspect of a system and it's software, but now that this application is going to be pushed you better worry!

Calm down. The sky isn't falling yet.
"UPDATE: We have received additional information from Verizon and based on that information we are withdrawing this post while we investigate further. Here is the statement from Kelly Crummey, Director of Corporate Communications of Verizon: "As we said earlier this week, we are testing AppFlash to make app discovery better for consumers. The test is on a single phone – LG K20 V – and you have to opt-in to use the app. Or, you can easily disable the app. Nobody is required to use it. Verizon is committed to your privacy. Visit www.verizon.com/about/privacy to view our Privacy Policy.""
https://www.eff.org/deeplinks/2017/...e-has-already-arrived-verizon-announces-plans
Oh, and what can you do about it? You can vote every single individual in Congress that voted for repealing these protections out of office. Be vocal about this with friends and family. The general population does not understand this issue. I have answered so many questions like "So, if I clear my browser history this doesn't matter, right?" lately that it makes me sick to my stomach.

Averix said:
Oh, and what can you do about it? You can vote every single individual in Congress that voted for repealing these protections out of office. Be vocal about this with friends and family. The general population does not understand this issue. I have answered so many questions like "So, if I clear my browser history this doesn't matter, right?" lately that it makes me sick to my stomach.
Click to expand...
Click to collapse
This. Vote out every single person who voted to repeal what we've spent years fighting for. They let their own monetary gains guide their decisions and not what's best for the people, which is what their job is.
It's absolutely baffling to me how many people just don't give 2 fks about having companies mine personal and sensitive information about them. The classic "If you don't have anything to hide, then what does it matter" argument instantly enrages me.
Sent from my Samsung Galaxy S7 Edge using XDA Labs

just calm down.. I've been telling everyone about this for past 4 years.its not just this app.but hard bedded in every device..the only way to get rid of any of it is educate yourself on removing it. .as for the comment about hackers knowing the weaknesses.hes absolutely right...the good amd bad hackers.not all of us are bad.

All of this concern over potential "spyware" on our devices is laughable because some of you may be missing the big picture here. Regardless of carrier-introduced data capturing apps or malware, etc on the device itself, carriers already store all user data and wireless data transmissions, texts, etc. This data is accessed by whomever has the "authority" to access it. If you are a suspect in a homicide for example, the homicide detectives will get a quick signature from a judge to retrieve all of you phone records including gps, tower pings, internet, incoming & outgoing texts, etc. Who's to say who phone carriers share your regular data with? You can't prove if they do or don't.
Within the last few hours of Obama's presidency, he did the unthinkable by legalizing the sharing of intelligence and sensitive data between numerous intelligence agencies so they can all share sensitive data between one another at their whims. The obvious reason for this was to better mask the source of the information and blur the lines of responsibility for the data retrieved. Data not only from citizens, but from anyone in the government, FBI, CIA, NSA, etc is able to be retrieved at any time and used for legal purposes and even illegal purposes if you have been paying attention lately. We now get to enjoy complete invasion of privacy in our daily lives. Not just with our cell phones. I find this topic useless at this point. So I have to say... unless you're doing something illegal, you have nothing to be concerned about and electronic privacy is non-existent these days so don't let that fool you. Someone posted that my last sentence instantly infurates them... well this is the facts so be infurated my friend because it's the truth. Nobody is able to defeat the electronic data that is stored and accessed by those who have the "authority" to access it. Get over it.
As for defeating ads and stuff like that, well that's a different topic all together.

tx_dbs_tx said:
All of this concern over potential "spyware" on our devices is laughable because some of you may be missing the big picture here. Regardless of carrier-introduced data capturing apps or malware, etc on the device itself, carriers already store all user data and wireless data transmissions, texts, etc. This data is accessed by whomever has the "authority" to access it. If you are a suspect in a homicide for example, the homicide detectives will get a quick signature from a judge to retrieve all of you phone records including gps, tower pings, internet, incoming & outgoing texts, etc. Who's to say who phone carriers share your regular data with? You can't prove if they do or don't.
Within the last few hours of Obama's presidency, he did the unthinkable by legalizing the sharing of intelligence and sensitive data between numerous intelligence agencies so they can all share sensitive data between one another at their whims. The obvious reason for this was to better mask the source of the information and blur the lines of responsibility for the data retrieved. Data not only from citizens, but from anyone in the government, FBI, CIA, NSA, etc is able to be retrieved at any time and used for legal purposes and even illegal purposes if you have been paying attention lately. We now get to enjoy complete invasion of privacy in our daily lives. Not just with our cell phones. I find this topic useless at this point. So I have to say... unless you're doing something illegal, you have nothing to be concerned about and electronic privacy is non-existent these days so don't let that fool you. Someone posted that my last sentence instantly infurates them... well this is the facts so be infurated my friend because it's the truth. Nobody is able to defeat the electronic data that is stored and accessed by those who have the "authority" to access it. Get over it.
As for defeating ads and stuff like that, well that's a different topic all together.
Click to expand...
Click to collapse
The main issue is the blatant disregard by our government to even acknowledge the American people's privacy. Of course this all comes down to money and corruption as usual. For a simpler solution to a lot of these issues is remove all of the lobbyists, but I digress.

Look at it this way people. No one is pointing a gun at your head making you use cell phones social media, etc. If you don't want to be spied on buy a house in the mountains with no outside connections and enjoy life.

Do you think GDPR has been effective?

As Louis Rossmann keeps pointing out, the devices we buy today are no longer fully owned by us. It has almost become like we only pay for purchasing the hardware, but pretty much everything after that isn't under our full control, including the decision to replace a component (if it is broken).
The software that drives the hardware requires a whole lot of permissions (many of which are unnecessary for core functions) to be granted, and the hardware would be useless if those permissions aren't granted. The user is completely unaware of this when buying the hardware. So the money he paid for the hardware would be completely useless if he doesn't agree to the things that the software forces him to agree, AFTER THE SALE/ PURCHASE!
And then on top of everything is the Privacy Policy! Alteast 50% (and I'm being extremely conservative here) of the features you would want from any app is locked behind a Privacy Policy that:
1. No one reads or understands
2. Most of these Privacy Policies are simple copy-paste from standard templates. The makers of these apps too have no idea (forget control) about them.
3. 'Data collected and shared with 3rd parties will be handled in accordance with their respective Privacy Policies' is a total rubbish statement.
Even the most basic apps such as the gallery, file manager, music player, video player, etc. are locked behind Privacy Policies, and the apps won't work if you don't agree to them. This is ridiculous. And more so because these are new 'agreements' that are presented to you 'post the purchase'.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
GDPR passed by the EU is a welcome step in protecting user privacy, but is completely ineffective. All it does is to force OEMs or app developers to show a Privacy Policy message (that no one reads or understands), and then everything is the exact same as before.
Should data collection be stopped completely? But if not, should there be very strict regulations on what data can be collected? Should stock apps and software be allowed to collect data or have any sort of privacy policies, given that the customer paid to use the hardware out of the box, without having to agree to new contracts/ agreements he is completely unaware of at the time of purchase?

One of the very 1st screens that you see when you setup a phone (such as a brand new phone or a factory reset phone) is the OEM Privacy Policy. This is an agreement you weren't aware of when you bought the new phone.
This is an agreement you MUST agree to use a product that you already paid for. There isn't a choice available here.
Agreements must be presented BEFORE a payment is required, not after!

It is only a handful of companies that are the end users of data collected, such as Google, Facebook, and the OEM themselves. All the apps that collect data are essentially just a medium for these companies to collect user data. Most app developers themselves have no use for the data collected, except for passing them on to these companies in return for some payment.
Their declaration that 'Data is collected to improve the app or service provided' is mostly a lie.
Regulating what data is actually collected, and whether services such as those offered by Meta (formerly FACEBOOK) should even be allowed is something regulators must seriously look at.

First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.

wenyendev said:
First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.
Click to expand...
Click to collapse
GDPR, from what I know, is ONLY ABOUT OBTAINING USER CONSENT for collecting data about the user. Or atleast that is how the implementation has been.
Without user consent, data cannot be collected, which essentially results in the individual not being able to use the device, as that is how companies have ensured compliance.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
This defeats the purpose of ensuring user privacy that one would expect from a regulation like the GDPR.
Has GDPR been formulated in a way that protects user privacy? It is safe to say NO! All that it has done is to present the user with a policy statement that must be accepted, and there is no choice that the user has in respect of being able to use the device without accepting those.
More importantly, as pointed out in #3, the data is being collected by hundreds and thousands of apps, which by themselves have no control or use for the same. And all data ends up with a handful of corporations who process them in ways that are not clear to the user.
For example, most smartphones now come with Meta Services pre-installed. What is this service doing? I don't see an option to opt-out of it and still be able to use the device. OEMs don't allow for such services to be uninstalled either, so user has to rely on 3rd party tools to have them removed, and the process almost always has a negative implication on warranty.
It is time regulators all over the world start working in implementing laws in genuine ways that prevent corporations from abusing user privacy.

Then, that is not a question of consent, but of bowing your head or not.
Submit to my terms, and you will get this or that. Otherwise, you cannot use my apps, services.
It's like legalizing lynching, your privacy is violated, and the third parties remain unpunished, laws like GDPR are merely cosmetic.
At philosophical level, what we have discussed above could possibly (and humbly) be summarized in one sentence "which is to be master", from Lewis Carroll's "Through the Looking-Glass".
“When I use a word,” Humpty Dumpty said, in a rather scornful tone, “it means just what I choose it to mean — neither more nor less.”
“The question is,” said Alice, “whether you can make words mean so many different things.”
“The question is,” said Humpty Dumpty, “which is to be master — that’s all.”
Click to expand...
Click to collapse
A relevant legal case in history was Liversidge vs Anderson during WWII.
Liversidge v Anderson - Wikipedia
en.wikipedia.org

Database Info

welcome