this post was submitted on 27 Oct 2023
189 points (95.7% liked)

Privacy

31973 readers
223 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So I got Fairphone 4, with /e/ os, a couple of days ago. When I connected it to my NextDNS I saw that it was trying to connect to some weird addresses, like every 5-10 minutes. I searched Internet a bit and found out that it was something with snapdragon cpu and location services. I travel a lot and use Organic Maps for navigation, so location was enabled almost all day on the phone. I turned off location services and connections stopped, and everything was fine for a couple of days.

Today I came home, checked logs in NextDNS and saw that phone started doing the same connections almost constantly even with location turned off.

Can I do something about this, other than allowing these connections? These connections are probably so numerous because they are getting blocked. If I allowed them, phone would maybe call home once in a couple of hours. I would rather not allow them, but I don't want 20% of battery to be eaten by this.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 126 points 1 year ago* (last edited 1 year ago) (2 children)

I found a few links summarising this:

On 4th and 5th generation Pixels (which use a Qualcomm baseband providing cellular, Wi-Fi, Bluetooth and GNSS in separate sandboxes), almanacs are downloaded from https://qualcomm.psds.grapheneos.org/xtra3Mgrbeji.bin which is a cache of Qualcomm's data. Alternatively, the standard servers can be enabled in the Settings app which will use https://path1.xtracloud.net/xtra3Mgrbeji.bin, https://path2.xtracloud.net/xtra3Mgrbeji.bin and https://path3.xtracloud.net/xtra3Mgrbeji.bin. GrapheneOS improves the privacy of Qualcomm PSDS (XTRA) by removing the User-Agent header normally containing an SoC serial number (unique hardware identifier), random ID and information on the phone including manufacturer, brand and model. We also always fetch the most complete XTRA database variant (xtra3Mgrbeji.bin) instead of model/carrier/region dependent variants to avoid leaking a small amount of information based on the database variant.

Note sure if e/OS/ has taken as much care as Graphene has to make the requests more private. Then again, they don't claim to be the most private OS, just De-Googled.


Edit: this is also a good read for further attempts to make your device more private: https://grapheneos.org/faq#other-connections

[–] [email protected] 10 points 1 year ago (3 children)

Android is so troublesome, I am tempted to just install Ubuntu Touch and be done with this.

[–] [email protected] 45 points 1 year ago (1 children)

I have a linux phone on the shelf, because in real life I need apps that are only available on android ...

[–] [email protected] -5 points 1 year ago (2 children)
[–] [email protected] 26 points 1 year ago (1 children)

Banking, usable gps navigation with live traffic, workout tracker that can read and log gps and data from my Polar H10 and smartwatch.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I use online banking and Garmin smartwatch so when Linux phone becomes mainstream, I don't be locked down

plus it looks like WhatsApp is getting interoperability and we may see a semi open source Linux client

[–] [email protected] 2 points 1 year ago (1 children)

You want a Linux phone but then use whatsapp? Just wow

[–] [email protected] 1 points 1 year ago (1 children)

yeah

everyone I know uses WhatsApp

and privacy is not an incentive for them to switch over to signal because again, everyone they know also uses WhatsApp

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Everybody I know uses whatsapp, but they also use threema because every time I get asked for whatsapp I tell them that I am only on threema.

Worked out fine. Everybody that actually wants to chat with me got it. And after some privacy related whatsapp news they made their friends migrate and so on.

For other cases there is plain old calls and emails. Chat is really just a small convenience and not necessary at all. I'd never sacrifice my privacy for.

[–] [email protected] 6 points 1 year ago (1 children)

For me, it's something to use a Mi Band and banking apps. The rest would probably be doable on GNU phone as well.

(I only said "GNU", since both operating systems already use the Linux kernel.)

[–] [email protected] 17 points 1 year ago (2 children)

Ah, it's just a quirk of e/OS/. Nothing much - and you can run a DNS filter on your mobile to get rid of this problem (Bonus: won't take too much of battery since it'll not be operating a VPN since you're root)!

I haven't heard much about Ubuntu Touch - does it work well?

[–] [email protected] 2 points 1 year ago (2 children)

I am kind of new to all these privacy things. So what do you exactly mean by getting rid of this problem? I have DNS which blocks these connections but phone is still making them. How can I make the phone stop doing that?

Ubuntu Touch is just a linux distro for your phone. I actually haven't used it yet, but according to their website, the Fairphone 4 has really good support. So I might try it.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (1 children)

Ah, I didn't manage to recollect your mention of NextDNS in your post. There's no need to change anything regarding your DNS settings in such a case; it won't take much of your battery.

Here's a related discussion on the /e/OS forum: https://community.e.foundation/t/qualcomm-chipsets-data-collection-linked-to-the-a-gps-service-in-e-os/48982. Note that the domain mentioned in the discussion is izatcloud.net, however, for your purposes you can consider it the same as the domains you're seeing.

What can /e/OS do?

The SUPL-A/GPS case is well-know for a long time. Though it’s probably a low impact case in term of user’s privacy, we are evaluating how to prevent or mitigate it in /e/OS.

Options we have today:

  1. Block SUPL requests using /e/OS’ Advanced Privacy tracker control. But that would probably kill the A/GPS service, making the GPS location service very, very slow.
  2. Proxy SUPL requests to anonymize their originr. That’s an option but it can be blocked if we send too much traffic to the SUPL servers. This would likely happen because /e/OS has a lot of users, and would have an impact in term of service continuity.
  3. Figure out how /e/OS users can use Advanced Privacy IP scrambling features to fake SUPL calls origin IP address.
  4. …?

You might want to try option 1 and check. Please revert back to this comment after attempting to do so, so that others can benefit from this idea.


XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device

They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they’re exclusively using that now…). Of course it should be blocked. But it’s necessary to allow one of those 3 domains in order to make the GPS work properly.

And here's the Wikipedia article on what is it that the Qualcomm chip is trying to gather: https://en.wikipedia.org/wiki/Assisted_GNSS

[–] [email protected] 4 points 1 year ago (1 children)

Thx for very detailed reply. I was trying to do the option 1, but I couldnt find how to do that. I am guesing that because dns is blocking the requests they dont show in the app. That would mean the app and dns are doing the same thing, so it doesnt really help.

I might just allow them, because I need the gps to work properly.

[–] [email protected] 2 points 1 year ago (1 children)

I don't have experience with e/OS/, I can only really say what I gather from their documentation.

Note that:

when I activate fake location in AP but keep location turned off in system settings the app organic maps does not show my fake location but asks me to enable location. Therefore I presume: Yes, location off in system settings means no location for any app.

The thing about modern android and location settings is that when it is turned off that also means the GPS. So probably correct, no location for any app.

Link to discussion: https://community.e.foundation/t/advance-privacy-fake-location-with-location-turned-off/50052

I would suggest utilising the Fake my location toggle for when you would not like apps to access your location, however, I am not sure if it will work against requests from low-level firmware such as directly from a Qualcomm chip. That's a question for the developers.


Another point that is mentioned in this post is the fact that tracker detection and blocking (which is now native to e/OS/) can't work with DoT providers like NextDNS. Indeed, the app and the DNS filters you're using with your DNS provider attempt to do the same thing here.

Note that the “tracker manager” of Advanced Privacy can’t work with DNS over TLS (DoT).

[–] [email protected] 1 points 1 year ago

I use location only for/with Organic Maps, otherwise it is turned off, so using fake location seems pointless.

It looks like if I want to use gps without problems I have to allow these connections. Or switch to pixel and GrapheneOS. Other chip makers like mediatek, samsung probably have something similar, so that isnt option either. I just got this FP4 and I like it alot, so I guess I'm stuck with qualcomm getting some telemetry.

Thank you very much for your help.

[–] [email protected] 1 points 1 year ago

Just a heads up - Been following UT for some time and the major for me is that there is currently no VolTe support. Major bummer for US folks. There's workarounds, at least for pixel3a but its not 100% reliable.

Also SMS / MMS can be troublesome as well. Can't download images while on WiFi??? Group MMS doesn't work.

Great system, works well but I can't make it my daily driver

[–] [email protected] 1 points 1 year ago

i tried it on my pixel 3a, its neat, and i can run android apps in waydroid, but I don't like the navigation

[–] [email protected] -1 points 1 year ago

GrapheneOS really is the only Android that should be used. I hope e/OS and others just fork it, add a nicer UI and all.