Almost all of us carry phones with us, often smart phones that contain a lot of sensitive data. It can be very difficult to keep that data secure because phones often give up a lot of our information without our knowledge or, sometimes, consent. Your phone can be sending data every two seconds. So what can you do about it?
Several years ago, I was struggling with an old phone and, as a way to prolong its life, installed CyanogenMod. That was an alternative operating system to Android which solved some of my performance issues, although it did cause some of its own issues. But it introduced me to the world of custom ROMs and all of my current devices are running the successor project, Lineage OS. Since I just recently re-installed Lineage OS on my phone, I thought I should briefly talk about it.
Lineage OS won’t be for everyone. There are a number of risks and drawbacks to installing Lineage OS or any custom ROM. I am using an LG G5 and ran into a number of issues with the latest version of Lineage OS which forced me to use one version earlier. (In fairness, the latest version is experimental and Lineage OS no longer officially supports the LG G5, so what’s available is less stable than usual.) In addition, you will usually void your warranty and can really mess up your phone. But…
There are also a number of benefits. You can get the latest software; manufacturers often stop supporting old models because its more profitable for you to buy a new phone, even if there’s no need to. This practice means you will normally miss out on new features or security updates if you run the stock android. In addition, you can remove a lot of preinstalled software (“bloatware”) which takes up space or can be used to spy on you.
Google and cellphone tracking
If we mention cellphone tracking and spying, it would be impossible not to mention Google. By now it must be common knowledge that Google is tracking as many people as it can. Sometimes this leads to amusing results, like fake traffic jams, but more concerning is when it leads to nightmarish results, like being accused of a crime because of Google’s location data. Google has even been sued for misleading customers into thinking it stopped tracking them when they turned off location services.
Given all of the above, when I installed the new version of Lineage OS, I did not install GApps – an extra ROM which is needed to have Google services. I have no Google services, no Play Store, no Gmail, no Google Maps, nothing. I’m not going to pretend it’s easy; it makes some things a lot harder but I am happy with that trade-off to keep Google out my phone. You might even be wondering, “How do you do anything!?” There are alternatives to the Google Play Store and there are alternatives to Google products which you can try, and I recommend you do, even on a standard Android phone.
Instead of the Play Store, you can use F-Droid, which has a collection of free and open source apps. (More on what that is in a bit.) Instead of Chrome, you can use Firefox or Icecat, a non-profit, open source internet browser which can sync your browsing between devices, has an amazing collection of add-ons and even helps you transfer large files. You can use DuckDuckGo, a privacy-respecting search engine, to find things. You can navigate around the world with OsmAnd, a GPS navigation tool that uses the crowd-sourced OpenStreetMap (OSM) data. If you download it from F-Droid you get the advanced version free. You can connect to your email provider through K9-mail. I’m not sure if there is a good free email provider; I use Posteo, a German provider with an emphasis on privacy and the environment. My calendar and contact list are also synced through Posteo.
I would like to also emphasise that invasions of privacy like cellphone tracking are not exclusive to Google. Currently, when governments are trying to do, or trying to look as if they are doing, everything they can about the Covid-19 pandemic, cellphone tracking is being implemented in several countries. While many people are concerned about government’s tracking innocent people, there is less concern when it is ostensibly to combat the spread of the corona virus. But there are two very important points that need to be considered if it will be used to fight corona virus.
Firstly, there is the case for the use of cellphone location data for containing corona virus is not that strong. Location data from cellphone towers is extremely broad and even GPS positions are only accurate to just under 5 m. GPS becomes even less accurate when there are buildings nearby, which happens to be the time people are most likely to come in contact with one another. The second problem is that we must be very cautious about granting such abilities to government as there is a risk that they will not relinquish them after the crisis. This is something that America has had to deal with since the attack on the World Trade Centre and one which we need to learn from. The American Patriot Act was originally meant to expire in 2005 but it has continually been renewed even to this year. Throughout history governments have used times of crises to play with people’s fears and undermine privacy and human rights.
I would like to make one slight diversion before we move on. After reading that South Africa will also be using cellphone tracking, I contacted my service provider, MTN, to ask them to confirm and explain why such a major change was not communicated to their users. After first getting a very strange response asking for my ID number and other personal information (which I did not provide), I was told, and I quote, “Please note that is fake news, please check News24.com/SouthAfrica/News.” Looking on News24, the only remotely relevant article was how the government is not recording phone calls or tracking people on social media without any mention of location data. So I sent an email to the publication that originally reported the location tracking but, later that same evening, I saw again that South Africa is planning to track cellphones. Either the people communicating with the public are unaware of what the company is doing or MTN is actively lying to its customers. Neither is particularly good.
FOSS (Free and Open Source Software)
Earlier in this blog I mentioned that F-Droid contains free and open source software but it’s actually a term which applies to nearly everything I mentioned. Does that mean you don’t have to pay for it? Sort of. Free in English has multiple meanings which can cause confusion when it comes to free software. We can use two other words to clarify our meaning; gratis meaning free as in free beer and libre meaning free as in free speech.
Apart from Posteo, everything I talked about is gratis. You don’t have to pay a cent to use it. Although, if you do use it, you should, ideally, contribute or donate, if you can. This works quite well for digital goods because, unlike a car or house, once a digital product is made, it can be replicated infinitely almost for free. While this really nice for the user, it’s the libre aspect that is most important.
Free software (libre) is based on four principles, called the Four Freedoms.
The freedom to run the program as you wish, for any purpose (freedom 0).
The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help your neighbor (freedom 2).
The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
Free software is important to make sure we have control of our own devices; they should be ours to use however we see fit. It also protects us all. Governments do not like it when citizens have control and they try to legislate against encryption and weaken security for everyone. By having free software, we are immune to these attempts to take control as we can look at the code itself and see that everything is doing what it is supposed to do. With traditional software, that’s not possible and there’s no way to confirm that something is secure. Free software saves us from putting blind trust in those whose interests are not aligned with our own.
Ideally, we should also extend this to hardware. If it isn’t possible to share the technical designs, we should, at a minimum, allow people to repair and/or modify their own devices. Currently, this isn’t possible; Apple and John Deere both oppose allowing people to repair their own computers or tractors respectively. Allowing people to tinker with their devices means they can solve their own problems, like when hackers started modifying old insulin pumps to help those with Type 1 diabetes. And this might be even more important in a time of crisis. Although the manufacturer did not press any charges, it would’ve been possible when some Italians started 3D printing valves that were in short supply for the hospitals.
For our freedom, security and health, we need a massive shift in the way that we view the world. Part of that requires an overhaul of the way we use copyrights and patents. These changes take time. What we can do right now, today, is use, share and support free and open source software.