The realm of third-party trackers on Android

Luman android root cert

I was excited to learn about Lumen Privacy Monitor, as I’ve always wondered about the apps I have installed even when I have restricted the permissions wanted from the installed app.

New research co-authored by Mozilla Fellow Rishab Nithyanand explores just this: The opaque realm of third-party trackers and what they know about us. The research is titled “Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem,” and is authored by researchers at Stony Brook University, Data & Society, IMDEA Networks, ICSI, Princeton University, Corelight, and the University of Massachusetts Amherst.

“This is the start of a long project to uncover all the hidden data collection and data dissemination practices on the internet,” Nithyanand explains.

“There’s a huge lack of transparency around how mobile applications behave,” adds Narseo Vallina-Rodriguez, a co-author and researcher at ICSI. “People install software, but don’t know what that software is doing.”

The paper’s introduction lays out a troubling scenario: “Third-party services inherit the set of application permissions requested by the host app, allowing them access to a wealth of valuable user data, often beyond what they need to provide the expected service.”

To study this scenario, the researchers used Lumen Privacy Monitor, an Android app they built themselves over a two-year period.

So I installed it just to see what was going on with my Android devices. But there is a problem… Best summed up in this comment from Wcat.

Not open source? TLS interception? Before you install this stop and think about TLS interception. “Those who would trade privacy for security deserve neither.”

Luman asks for permissions to install its own root certificate, and this deeply worries me. TLS inception isn’t a trivial thing to be honest, I know its needed but it had me questioning how I really want to monitor the apps? Also if I remove the app, will the certificate be removed too/how would I know?

Right now, I’m keeping an eye on the app but haven’t installed the root cert yet.

Google clip, decentralised intelligence?

The reviews are appearing about the Google Clip camera. Its not great but to be honest, the only thing I found interesting about it on the announcement, was all the logic/intelligence was onboard. Google has become well known for doing the logic via their own cloud systems, so this was a surprise.

the main reason Google Clips isn’t as worrying as “Google camera that recognizes your family’s faces and records them automatically” sounds is that Google made a few carefully considered technical choices to protect its users’ privacy.

The first is that everything on Clips happens locally. Nothing is synced with Google’s cloud at all — except the photos you save into Google Photos. All the facial recognition happens on the device using its own processing power. None of it is paired up with whatever facial recognition you may have set up in Google Photos. It doesn’t pair faces with names, it just recognizes faces it sees a bunch over time. It also tries to ignore faces it doesn’t recognize. So if you’re at a park with your kids, Clips will endeavor to only take photos of your kids.

The clips the camera takes are also stored only on the camera itself. They don’t try to sync over to your phone unless you ask for them. They’re also encrypted on the camera, in case you lose it.

On first look, I thought it might be a similar replacement for Google Glass, then I thought maybe its the Google GoPro but it doesn’t seem to operate like a point and shoot. So I thought maybe a lifeblogging devices like the autographer and narrative clip. But it seems to be a different category all together.

Its a interesting device, but certainly pricey for a new category camera.

Google maps you have a speech problem

Google Maps

I love google maps but it has a problem.

I use it as a GPS when travelling around on my scooter, which means I don’t have a screen in front of me. Instead I’m reliant on the audio output to tell me where to go and when. I imagine for most people this sounds kind of crazy because they want to see the map and directions, but when it works it really works well. It says before the turning and then again just at the point of the turn. Pretty much once you get use to it, its just great and I find it weird sitting in peoples cars when they are not listening to the voice.

However there is a bug/problem.

I use to think it was just my Nexus 5X but its happened with my Google Pixel2 making it clear its a google maps issue.

Every once in a while, google maps stops talking and leaves you with silence.  This seems to be solved with a restart, which is hardly great when driving along. I imagine most users tend to have the display and don’t care too much about the voice. But if you are reliant on it, when it suddenly goes quiet you start to wonder. Worst thing about it is Google maps doesn’t say anything when you don’t need to take a turn. Meaning if you are going down a motorway you have to assume everything is fine.

Google maps fail

This is what happened as I drove down the M6 towards London not Bristol on Monday afternoon, wondering when the M5 turn off was coming. Now to be fair I was on the right motorway but when I came across the M6 toll road, I took it and that led me towards London.

M6 toll
Taking the M6 Toll road
M5 from Birmingham
The M5 I should have took

Google maps said nothing, so I just kept going expecting something over the headset when the turning came. To make things even more difficult I had my pixel 2 phone locked in the scooter charging, meaning I couldn’t see the phone unless I pulled over and turned off the engine. Once again not ideal.

Ok this example is quite extreme (but it happened) and you could say I should have been aware but I honestly didn’t see a sign for the M5 south. Its likely I wouldn’t as I took the M6 toll road.

Google maps has a speech problem and I’m not the only one who has experienced this.

Anyone else?

Nexus 5x issues ongoing…

Google Nexus 5x
I like the irony of the good place paired with the problems of the phone

I recently got my Nexus 5x back from Carphone Warehouse. This follows the sudden bootloop of my Nexus 5x in November.  They replaced the motherboard as it was still under its 2 year warranty. I was hoping they would just refund me for it, as I bought the Google Pixel2 on its launch.

But it will do for now, till it happens again and I’ll be demanding more. Right now its a spare/backup phone with my pay-as-you-go 3 sim inside. I did pause to think if I should upgrade to Android Oreo, but decided I should do it.

In the mean while its interesting to see some of the solutions people have come up with including this one using salty ice to keep the CPU cool.

Nexus 5x under ice

Riding the Bitcoin bubble up and out?

Bitcoin market price over last 8 years

Bitcoin is something everyone is talking about right now. I wouldn’t be surprised if my parents asked me about it soon.

It was a while ago when I received some bitcoins from a friend via tipjar.  I added the tipjar link on my blog and every once in a while I received a very small amount of bitcoins as tips. The amounts were so small that I didn’t really take note till I needed to move the wallet.

That was when I noticed the amounts were adding up to less decimal places  in bitcoin and the value in British sterling was also starting to add up to a few coffees. After the move to blockchain.info (no matter what I thought about the founder), I decided to keep an eye on the figure but forgot about it. Wasn’t till about a week ago, when I decided to have a quick look at the amount it was worth and was pretty shocked.

The tips were adding up to something quite big and thats when I decided maybe I should convert some to sterling and ethereum. I have never put any money into bitcoin, its all been donated or paid to me in return for something, I treated it as a bit of a joke to be honest. But over the last few weeks it became very real as I transferred quite a bit out and still had some left over, just in-case the bitcoin bubble keeps growing. But i’m simply not motivated enough to track its progress and put money into it. Ethereum I’ve found interesting since I first saw the videos about it so I’ll keep an eye on that too.

Thanks to everyone who tipped my blog or paid into my wallet over the last 3 years,  I owe a great gratitude to all those people. I’ll keep writing… feel free to keep tipping.

Do you trust grammarly?

grammarly - better writing made easy

Been looking at Grammarly for a while and to be fair they have been massively advertising too. Obviously Google & Facebook know I’m dyslexic and I imagine Grammarly are targeting people like me.

But I’m not keen on the process of sending the text to their centralised server. I understand but I think there is another way to do this, however that way conflicts with their business model. Maybe its a another case for something which should be a public service not left to the private sector?

I’m not the only one asking questions; I have been browsing the terms and conditions too and not keen on what I’ve read so far, the privacy policy alone speaks volumes.

I’ve been using Language tool as their privacy policy seems more reasonable to me and it can work offline and in a more decentralised manner.

Be interested to hear how others get on with it, maybe the benefits greatly outweigh the data ethical concerns?

 

Muzzling the Google Home Mini?

Google Home Mini at home

When I bought my Google Pixel 2, I received a free Google Home Mini as part of the pre-order deal. While in Madeira it finally came and today I went to Irlam to go get it.

I’ve never liked the idea of the Amazon Alexia and all devices which are listening for an activation word. I get the convenance but it doesn’t equal the given up privacy in my view. I turn off on my phones unless my screen is unlocked and I’m on the home screen (actively using the phone). I’ve been watching and reading how The Google Home mini has already received a ton of privacy strikes and disabled the touch controls.

My justification for getting the Google Home mini was purely to connect it to my Philips Hue lights. They are great but only if you have the app as the controls on the wall are way too simplistic to change colours, brighten and dim.

Unboxing the Google Home mini and getting it online, was pretty straight forward. I currently have it set with the mic on mute and the touch controls seem pretty basic (volume only). I’m surprised its powered with a micro USB cable not USB C and if I had a choice of colours, would have picked a darker colour instead of Chalk. Out of the box the home mini’s top touch fuctionality is disabled, I assume the firmware was updated when I setup the wifi.

Google Home Mini

I’m dispointment that there seems to be no way to connect the google home mini to the hue lights without doing it via the Philips Hue web. I currently blocking external access at my router for hue lights, so theres no way to control them remotely, although everything is on the same network. Honestly find it annoying that it can’t talk locally, especially since there is a good API via the Hue Bridge. I understand it needs internet access to do some processing but to control the lights? Sure this can be done locally?

I’m keeping an eye on dev sites to see what might come up, but right now its little use and I’d like to see more ways to muzzle its use to keep things local unless essential.

Docker & Tiny Tiny RSS sorted finally

TTRSS Php error

I have had on my task list for a long time to fix two problems with my Tiny Tiny RSS setup.

  1. Fix the problem I’m having connecting to TTRSS in a browser since a upgrade
  2. Sort out a decent RSS reader for Ubuntu

Originally it was working fine then a upgrade broke the web interface for me and many others. The confusing and joyful thing for me, was any application which talked to the API was unaffected. Meaning my Android clients were fine including the one on my eink tablet. However all the RSS clients on Ubuntu would either not connect to ttrss, were generally rubbish or wouldn’t work in later versions of Ubuntu (like RSS Owl). The advice seemed to point to using a browser extention.

The first problem was something to do with the PHP which seemed pretty easy to fix but all the solutions assumed you were running it all on a standard webserver and had control over everything. Of course I was running it within Docker and had no idea where config.php was or even where docker had installed anything.

After actually sitting down and looking around my server as a sudo not myself (its the first time I actually dedicated time to do), I found the Docker install and learned what docker was actually doing. My ttrss docker image is actually located under /var/lib/docker/aufs/mnt/{random hash}/var/www/ttrss/.

Under that I could find the config.php file and make changes so it was only accessible over my Vpn connection – yeah, I thought this was very clever but maybe obvious to everyone else. So the only way to hit the web front end of my ttrss install is via my Vpn but API calls are done without the Vpn.

As I found the root of ttrss, I was also able to finally install feedreader which is hightly rated by many. The problem I’ve always had is feedreader complained that it needed a certain plugin installed under ttrss’s plugin directory, which previously I couldn’t find to install. Of course now I know where it is and could copy it there, I was very pleased with myself. Next stop brunch at Ezra & Gil and wait for Feedreader to pull down full text for 8500+ items.

Dead pebble…?

Dead pebble 2 watch

On my leui half day, I decided to hit the Spa – keep me away from work stuff. Knowing the Pebble is waterproof I was kept an eye on how much time I was spending in the Steam room. To be honest I’ve used in many spas and swimming pools no problem but today it was stuck on the preference screen. I held the left button in and it felt weird and then collapsed in on its self. unfortunately (or stupidly) I did this while in the jacuzzi. It wasn’t in the water but I got the feeling my wet finger might have caused some water to go inside.

Later I tried to start it up after leaving it in the locker with ventilation, but it didn’t help as its now totally dead. Although I haven’t tried the bag of rice water damage trick.

Dead pebble 2 watch

It feels like my arm is naked right now and having to look at my phone to see the actual time or why its buzzing is almost as weird. I had thought about buying another pebble 2, now they are not being made. Looks like I’ll be doing that now, just hoping it will reach me before I go to Madeira. I guess thats the point of Amazon Prime?

Update – The next day

Dead pebble watch

So I hooked up my dead pebble to the charger and it kicked into action. After a long time and looking up the pebble SOS site with a bunch of searching the pebble forums; I was able to get it repaired with my phone again and usable again. I say usable but its never going to be waterproof again.

Dead pebble watch

I also noticed the rubber seal which I assume protects the inners of the watch is coming loose; plus the battery is depleating far quicker than usual. After half a day the battery was down to 50%. I’m assuming it might be the bluetooth discovery trying to connect to my phone killing the battery but I wouldn’t be suprised if it was down to the water damage in someway.

Right now its usable but the back button doesn’t work at all, even pushing the microswitch inside does nothing anymore. This means any sub menus can’t be reversed. I actually found the only way to get back to the clock, is to open the pebble app on my phone and switch the clockface. Not ideal but this means it can work enough for a short while, as notifications and messages automatically switch to the clock after a while.

It could be worst I guess…?

I bought a Google Pixel 2 and its bloody fast

Google Pixel 2

After my Google Nexus 5x died a few weeks ago, I switched back to my very old Nexus 5 with the broken screen. It was painful, especially with no fingerprint and of course the pixel filled screen. Knowing I would be switching, I put the bear minimum amount of apps on it and played the wait game with my google authenticator.

In the end I pre-ordered the Pixel 2 (which keep calling the Nexus 2) from Carphone Warehouse (mainly because I needed to guarantee I could get it at a certain day, before heading away)

It costed so much my credit card company rejected the transaction and I didn’t get the ability to say it was me before they rejected it. Yes the cost was eye watering but mainly because I’m use to the Nexus lines of £200 ish. Yes I considered other phones but I liked having pure google and the reviews of the Pixel2 were good (I didn’t get the XL version with the odd colour screen). The alternative colour ones were going take too long so stuck with pure black.

When I finally got my hands on it (Thursday) I was surprised how smooth, silky and solid it was. Compared to my Nexus 5x, it was quite a different feeling. You can feel the quality of design and build compared to the Nexus range.

Pixel 2

There are a lot of reviews of the in-depth Pixel 2 reviews so I won’t try and do that. But some surprises I had.

The speed of the fingerprint is out of control now, my nexus 5x was fast but this is like warp speed. The general speed of Oreo is zippy, especially compared to my dead Nexus 5x which got the upgrade soon before it died. I had some problems with the wifi but a reboot seems to have fixed it. Having 128gig of space online is kind of crazy, so finally my Plex life time subscription is making a lot more sense. I’m syncing all my podcasts and a lot of audiobooks. Trying to decide if I should put all my single tunes on it or not?

Moving things over was a bit painful only because I only had my backup Nexus 5 with the basic number of things on it not the Nexus 5x. The USBC to female USB A dongle was pretty handy I have to say, although I have done similar with NFC previously to start the pairing process.

Not having a audio jack isn’t a big pain for me as I’ve been monitoring how often I actually use the audio jack since the iphone jack removal; and it was low to not at all. The USB C jack is included and I also have a number of Bluetooth audio jacks I can use easily enough including on my helmet. Battery life so far seems very good with a whole day of my non-use taking only 38% of the battery. The figure said I had another day and a bit of battery use. I had a problem with the Wifi for a bit, which was only noticeable in things streaming like Yaste and Plex but after its second ever restart its all good now.

The camera is insanely fast and I reduced the resolution down because shooting 12+ mega pixel pictures is not so needed generally, although there is plenty of space. For the first time, I have also reduced my font size down to smallest across the whole of the phone, because the screen dpi is excellent enough for me to read the tiny text comfortability; oh and the Redshift feature finally means I loose twilight.

Generally I’m quite impressed with the Pixel 2 (but the price is still eye watering) but its only its 3rd day. Its super fast on everything including unlocking, switching tasks and taking pictures.

Update – Sunday 12th Nov

 

I felt like I needed to do a quick update.

I still am impressed with the Pixel 2 but every once in a while, the phone will just turn off (its happened 4 times so far). It always happens when using the Bluetooth headphones; I’ll be walking along and it will suddenly go silent like its lost the bluetooth connection, but my headphones doesn’t say its lost the connection. When I pull out my phone its blank and needs to be reset. Only then does the headphones say its lost the siginal. Its weird and I’ve done everything except reinstalling the phone

Besides this the phone is pretty solid and reliable. The Battery is still excellent and most of the time its only used 15-25% over the course of a day. I seen Google are rolling out updates for the Pixel 2 XL screen problem hopefully this will be high on their bug list too.

Goodbye Nexus 5x?

I left my flat Thursday heading for a train to York. Turning on my bluetooth headphones I noticed my Nexus 5x wasn’t connecting. One look at my phone and I noticed the screen was off. So I turned it back on and noticed the bootloader loop I had heard so much about.

While I made my way to York University, I tried multiple times to turn it on using different methods and it was in the taxi when I could actually type in my code to unlock the storage. Of course once it rebooted, it was back to the loop again. I also remember at some point watching the boot loader animation throw a error message which I wasn’t quick enough to snap. But I do remember it saying the storage was corrupt and it needed servicing?

By the time I was home again, it was dead. No matter how much I held down the buttons nothing would happen. I charged it up but there was no lights. Luckily I still have my Nexus 5 with the messed up screen, I had also thought about switching to the Google Pixel 2, but at £629 for the 64gig version, I just can’t bring myself to hit order (its a serious load of money especially since my Nexus 5x was £200) especially since I wasn’t sure if I would be in Manchester to actually get it. I had not realised it not actually officially available yet!

In the end after working with my Nexus 5 for a day, I decided to get the Pixel 2 with 128gig and buy it from Carphone warehouse only because I can pick it up from Manchester or London if needed. Just he last 24hours has made realise how much I use my phone for things like Monzo, 2 factor auth and much more. In the meanwhile I’l struggle through with the minimum number of apps on my Nexus 5 & 7.

I may attempt to un-brick my Nexus 5x when I got more time and in our R&D lab with the right tools. But seeing how I was waiting for the Pixel 2, I guess its time really.

Android Oreo upgrade on my Nexus 5x

Nexus 5x with Oreo upgrade

3 days ago I received the OTA update for Android Oreo on my Nexus 5x. I wasn’t really expecting it, as I’ve been keeping an eye out for my next phone (which is likely to be a Google Pixel 2 even at its much higher cost than my Nexus 5x)

Honestly I haven’t seen much differences except the background tasks are now in your face. Which isn’t a problem as I don’t have a lot running all the time (Timeused, Pebble & Twlight), be interesting to see how long apps like Uber stay in the background

I have noticed a drain on battery, for example my battery is at 88% right now and will stay alive for the next 9 hours. But to be fair its a old battery, I think the same use on Android N would be closer to 92% maybe.

Some of regular menus are shifted around and the small text which I have my phone set to, really is actually small. I am surprised there is no native bluelight filter (redshift, twilight, etc) but I guess it might upset all those apps which do this.

The upgrade was painless, it took 42mins as I was watching an American TV show as it upgraded its self.

Generally I’m happy with the state of the upgrade and although I know this is the last upgrade for the Nexus 5x; it might keep the phone going even longer.

Quantifying your smartphone usage mentioned recently

There’s a recent BBC documentary titled Secrets Of Silicon Valley, its not a bad watch at all. In part 2, the presenter installs an app to see how much time he spends on his phone through out the day. Very similar to what happened at the Quantified Self 2017 conference, but even I almost coked on my tea when the final figure of over 5 hours was announced for the day.

My monthly smartphone usage

Looking at my own usage, over the last month I spent 19hrs 1minute over 384 pickups, looking at my mobile phone.

I admit this is so very low in comparison to others.

By the way I’m still looking for a decent way to do this without abundance of features, battery use and in a data ethical way.

There’s life in Pebble still

Pebbles growing in work
Me, Jimmy and Alex – Photo credit to Jimmy Lee

Its ironic that since Fitbit bought Pebble and even Vector. There has been a bunch of interesting projects to keep Pebble going. Even Fitbit have been friendly to the idea of keep it going once they switch off their servers later this year.

At least two projects are hot on my task list.

What I find really interesting is the amount of Apple watch users who have switched to Pebble. First it started with my line manager (phil) who bought a pebble 1 a while ago, scratched it then sold it to me. He then bought a Apple Watch to go with his new apple phone; but it wasn’t long till he was frustrated with the charging and not being able to see the screen without the shake. I made clear my reasons for kickstarting the Pebble 2 and left it at that.

One day he totally surprised me one day with a pebble 2 watch in white and green. Good choice I said, even with the fear of what Fitbit would do with Pebble still looming.

I also sold my old pebble 1 watch to Andy at work with the warning of what Fitbit might or rather not do, but he was happy with the price.

Third was Jimmy, who had a old classic Casio watch he use to wear. He one day rocked up with a black pebble 2 watch and suddenly I felt the waters was turning.

Pebble 2.0

But the final surprise recently was with a Apple die-hard, Alex. Alex has apple stamped on his heart; me and Jimmy once had a conversation about the turning tide of pebble watches in work and thought who could be next? Jimmy did suggest Alex and I said nahh never, too tied to Apple. I even remember having a conversation with Alex about the Apple watch vs Pebble. I somehow forgot Alex use to own a Samsung Galaxy S4 plus a long time ago, mainly for VR.

He agreed on the advantages, and as designer to designer we critiqued the design decisions of the LCD screen and wondered if jobs would be happy with the one day battery? (to be fair me and Jimmy had a similar discussion before he turned up with one) Any way, that was a while ago and I almost fell out my chair when recently Jimmy announced Alex had ditched his Apple watch for a Pebble 2. I honestly thought he was kidding then I saw it on him.

Jimmy & Alex also have found services doing interesting custom watch faces, but I’m on the look out for more diverse apps (makers would be a plus). As I’d really like to see more things like ifttt on pebble. For example why not Monzo, Paypal balance status?

Pebble 2

Right now you can buy a Pebble on Amazon for between £40 – £90 depending on which one you get. I’d also say if you were considering a smartwatch, the pebble is still the only one I would consider even now.

My weekly smartphone use…

At the Quantified Self conference a few weeks ago there was a very interesting conversation & social experiment about smartphone use. Ever since I’ve been getting more interested in the good and bad uses of smartphones, even gave a summary of ideas collected over the different sessions.

But I’ve been thinking about my low usage at the conference and decided to seek out an app which just counts the usage and nothing more (most have other types of permissions to do all types of other things). Found Timefactory’s Time used did pretty much this (although I’d like a proper data export option), seems low on resources and very simple.

So above is my regular usage of my Nexus 5X over the last week, and this week was a regular go to work everyday and social event most evenings kind of a week.

Its low, agreed but I didn’t go out to not check it or anything. I carry my Nexus with me pretty much everywhere. But having my pebble smartwatch and other devices around me certainly has a massive effect on how many times I actually have to turn on the phone screen.

Look forward to sharing the month summary too.