Note: I've written this over a number of days, and it's a big topic. It's probably disjointed and needs clarification, refinement and building on. I'd love your feedback, questions and general comments so as to help me improve. My partner's friends all know I'm a staunch privacy advocate. It's not uncommon for one of them to ask me a question, via her Facebook page, or email, and I'm always quite happy to share my thoughts. Usually, it's a one line response and tips on finding out more.
This question, though, was met with silence, a pause, a smile and a one line response: "I'll have to write a whole blog post about that topic!"
"I am trying to find out which devices do not track data and send it off to the big data collection hole in the ether. Can you ask your privacy-guru if he is aware of any smart-phone devices that do not have this (or other) data collection tools? I was under the impression that Blackberrys were safe in this regard, but I have not been able to confirm this"
Let me say, first of all, if you do not want to be tracked, do not use a mobile phone. Every mobile phone, whether it's a smart phone or an old Nokia 2110, is a tracking device. While on, it is constantly in contact with the nearest cell tower, usually more than one. Your mobile network provider knows which cell towers you're connected to, and during what time periods.
Mobile Phones are Tracking Devices that allow you to make Phone Calls
This means that the location of your phone can be determined, while on, and within range of a cell tower, to an accuracy of 50m in some areas. Many privacy conscious people don't own a mobile phone. That said, most people still want a mobile phone, and being tracked by the mobile network provider is unavoidable. The best you can do to avoid the privacy concerns of being tracked is to have an anonymous SIM card. Unfortunately these are not available in most countries nowadays, as governments seek to require verified registration in the name of national security.
So, let's continue with the premise that we understand that the use of a mobile phone inherently necessitates that mobile network providers will be able to track us, and move on to other undesirable artefacts of mobile phones. We need to define and understand these before we can discuss them.
Who Owns Your Phone?
The overarching issue in this case is ownership and permission; who owns the phone, the software, the rights to install software, the permissions to access the phone's hardware, the ability to upgrade software, the ability to make a phone call, the speed at which we can send data. Do you have permission to use your phone the way you want to use it? Consider a recent patent application by Apple for a system that can disable a phone's functionality at certain times, or when determined to be in a certain location. The underlying purpose of this patent was to allow venues to disable recording of live performances, but it's not hard to imagine this being used to disable video and audio recording within a 2km radius during a planned protest, or to disable the use of mobile broadband at an Olympic venue.
If you have an iPhone, you'll know you can only install applications that Apple permit. Recent news included reports that Apple are now forcing links to Podcasts to open in their application, making your choice irrelevant. Apple also don't allow you by default to install software they don't deem suitable. Android phones are similar, but allow you to insall unverified applications by changing a system setting, whereas iPhones need to be rooted or jailbroken, a process that, debatably, opens the phone to more security concerns for an average phone user.
Android phones are more open. The software that runs on them is open source, which means there are more developers who have access to test and find bugs and security vulnerabilities. Feature enhancements can come from anyone, and you can even take the whole of Android and create your own version. While most people, even developers like me, will never bother to, there are other versions of Android available that are relatively easy to install and provide extra functionality or features. I run CyanogenMod on my phone, for example. On iPhone, you have to run iOs.
But What's the Problem with Who Own's My Phone?
If you have to run iOs on your iPhone, or you still run the default operating system on your Android phone that came from your cell phone provider, you're potentially running unknown code, and that code may contain features that will violate your privacy. It's not inconceivable, and indeed it's happened, that cell phone providers include code that allows them to track what you're doing on your phone. Every time you type a character, visit a web site, type a password, read an email, make a phone call, even via VoIP (which would mean your mobile network provider can't see using normal phone billing software), that action can be logged and transmitted to any server on the internet.
There was a case in the US where one provider was logging a lot of user actions and having them sent to a server for analysis. The premise was that it helped them with support and usage monitoring to improve services. With mobile phone companies facing competition for phone calls and SMSs (think Voice over IP, Skype, Voxer, HeyTell, iChat, email) they're finding they can't subsidise their plans with call rates any more.
Some providers decided that they'd slow down any connections to services that competed with their products, which in turn led to "Net Neutrality" discussions and proposals for banning this anticompetitive behaviour in law.
If your mobile provider can monitor what you do on your phone, before it gets sent anywhere, no amount f encryption is going to help you. If they have virtual eyes watching your actions, your privacy is lost. It's been proven this happens.
If you own, or at least have a high level of trust in the software you run on your phone, you can have a degree of confidence that your privacy is assured at the point of origin; the point where your communications and actions start.
[Update 4th Oct 2012 16:37 AEST] In an article published yesterday, Dear Apple: Deleting your users’ apps without notification is rude and arrogant, author John Koetsier writes:
A mobile phone is an intensely personal piece of technology. My phone is mine. I bought it, I pay for it, I use it, and I fill it with apps. It travels with me wherever I go, it stays by my bed at night, and it wakes me up in the morning. It tells me what’s happening, it connects me to the world, and it lets me share what I’m doing with those I love. How dare you reach into my phone and delete my apps?
Indeed, how dare Apple do this. Because, in fact, John doesn't own the phone. He physically owns the hardware, but the terms of the licence of the software dictate that Apple can do pretty much whatever they want, with your pre-given consent. You agreed to the license, remember?
Who Made Your Phone?
Your phone's hardware - the wifi card, the motherboard, the mobile transmitter - are all little black boxes. Even if you run an open source operating system on your phone, the hardware is the foundation of the phone. If your phone is hard-wired to respond to a signal from your mobile network provider in a certain way, the software you run will not stop it. There is no reason your mobile network provider could not send a signal that activates your GPS and returns your location to them without you knowing. And, under current legal precedent, there is no reason your government could not instruct your mobile network provider to do so without informing you.
There's not much you can do about this. The one thing you can do is buy an OpenMoko phone, which boasts open source hardware, but I've no idea what the operating system is like or what the range of apps are.
You Haven't Mentioned Blackberry!
Blackberry, to me, are like iPhone. They are a phone produced by one company running their own operating system. They provide a great experience because they control the whole process from creation to interface. But the walls are closed and you have no control.
You Haven't Mentioned Windows Mobile
I have no intention of reviewing Microsoft products. They might be great, but to me, the company represents the hight of innovation stifling and anti-competitive behaviour. Happy to take this in to another post.
Google Play Alternatives
I've touched on software ownership, but the way you install software can create privacy and security issues too. Consider the greater question of your privacy in the Google network. Rather than repeat myself, checkout my posts Google Double Plus Bad? and Making the Switch from Google. Recap: Google know everything about you, and can track you everywhere, on many web sites that even they don't own or control. How, then, can you truly be free of tracking when your Android phone connects to Google Play to install applications, check for updates. If you choose not to have a Google Account, you can't even connect to Google Play anonymously.
So, an alternative is needed, and it just so happens there are two great ones that I use regularly.
F-Droid is a repository of free and open source software. All the applications in this repository are licensed so that you have the right to control the software in any way you like. You might not know how to code, but the software allows you to find any capable developer to modify it in any way you like. The best benefit of open source though is security; as the code is available to everyone, it has likely been seen by many more and varied developers with different levels of skill. It's been reported that open source software has bugs and security issues resolved more quickly than closed source proprietary software.
AndroidPit is similar to Google Play. It hosts commercial and open source applications and also has a pay-for model allowing authors to sell their apps through the AndroidPit market place.
Okay, so you have a phone, you know your mobile provider knows where you are and that you can't do anything about it, but you are running a secure operating system, and are reasonably sure no-one is logging your interactions on the phone. For the most part, no-one else can track you. But, you need to make phone calls, send SMSs, browse the web, update Facebook and catch up on Twitter. As son as you send anything, it can be logged.
You make a phone call. Your mobile provider knows who to, when, where you are, where they are, how long you spoke for. They could technically record your conversation without you knowing.
You send an SMS. Your mobile provider knows who you sent it to, when, where you are, where they are when they receive it, what time they receive it. They store the message on their servers. They may not delete it once delivered.
You leave a voice mail. Your Mobile provider knows who it's for, when left, and from where. They know when and where it was received. They store the message on their servers. They may not delete it once delivered.
You visit a web site. Your mobile provider knows where you are and when you request it. They know the domain name of the web site you're visiting. They can log the full URL and the contents of the web page that are returned. They could store this. They may be able to log and store anything you submit in a form.
Encrypt the World
Let's just get one thing straight. Encryption is not bad. It's not used by evil people to cover their tracks. Well, not just by evil people. We are taught that if you have nothing to hide, you have nothing to fear, and yet we still close the curtains when we get dressed and the door when we go to the toilet. We put letters in envelopes. Encryption is the act of keeping something private, only to be accessed by its intended recipients. There's nothing untoward, dodgy or conspicuous about it.
So, now that you're okay with encryption and realise that it's a tool you can use to protect your privacy online, let's look at tools available for your phone.
Caveat lector: I use Android, so this section is Android specific. There are tools for iOs and Blackberry OS, but I don't know them. Some of the tools I use are available for other platforms.
There's really not a lot you can do about regular phone calls; in the same way you need to connect to your mobile provider, and they by virtue of that know where you are, you need them to connect your call, so they know everything about that call. It's possible to use make the call and then encrypt the voice signal so they can't record the conversation, but, in my opinion, the pay off isn't worth the effort. They still know a lot about the call, just not the content. Easier would be to make Voice over IP (VoIP) calls. These use your data to make the call, not your call minutes, so will depend on your reception, but you can encrypt your calls easily. I don't actually use any tools for this yet, but will be looking in to it. I'll update here when I do. If you have any suggestions, please leave them in the comments.
Very much like phone calls, your mobile provider will know who sends whom what and when. You can more easily encrypt your SMS text though, because it's just text, and decryption time isn't important. A second delay to get the message is acceptable, whereas delays in phone call decryption can create broken and distorted playback. My firs tool of this post is TextSecure, available on F-Droid, Google Play and, for those who want to compile it themselves, or contribute, on GitHub. (The author has requested TextSecure be removed from F-Droid. I'm currently trying to find a way to have it put back.)
The problem with voicemail is people leave it for you. If you don't want any unencrypted messages being left, ask your mobile network provider about disabling this feature. They might be able to provide you with the ability to leave an outgoing message but not take voicemail, so you could suggest an alternative method of communicating with you.
The best first step is visit all web sites via HTTPS. Now, not all sites support this, so you cannot get 100% coverage, but where you can, all your data is encrypted. Of course, your mobile network provider will still know which server hosts the web site you visited. In addition to stopping your mobile network provider from tracking your web usage, you may wish to stop the web sites you're visiting from knowing where you're from. Every time you request a web page, you send your IP address, which identifies at the very least the country or city you live in. It can identify you.
If you are concerned about this form of tracking, find a Tor application for your phone. I use Orbot on my phone. This will route your request via another location. Further, your mobile network provider will not see what site you're requesting, which server you're connecting to, or even what type of data you're sending or receiving; if your browsing the web, downloading images or sending email.
- A phone is inherently not secure or private.
- Your mobile network provider will always know where your phone is on when it's transmitting.
- You can encrypt most of your communications, but will need others to also support that encryption.
- When using online services such as email, find a provide who will protect your privacy and security. I'll be offering that very soon, hint, hint.
- You don't know what the hardware is doing. Software on the phone can still be overridden by backdoors in the phone's hardware.
I'm not going to tell you what you shoudl do, but I know that after reading this, many people will probably have more questions than they did to start with. The best I can do is tell you what I want. I want open hardware, but that's some way off at the moment. I'll settle for a device that runs Android, as Android is open source. I currently have an HTC Nexus One (the original Google Phone).
On this Android capable phone, I would install CyanogenMod without any of the Google programs. I currently don't have Maps or Play. My contacts aren't backed up to Google, nor is my calendar. I have another solution doing that for me.
Improving this Article
As requested, please let me know what you'd like me to expand on, what you don't understand, where I'm wrong, what can be improved, what I've missed. Anything to help make this better. Thanks!