[Plura-list] Google's new phones can't stop phoning home

Tue Oct 8 12:39:34 EDT 2024

Read today's issue online at: https://pluralistic.net/2024/10/08/water-thats-not-wet/

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

On October 23 at 7PM, I'll be in Decatur, presenting my novel *The Bezzle* at Eagle Eye Books:

https://eagleeyebooks.com/event/2024-10-23/cory-doctorow

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

Today's links

* Google's new phones can't stop phoning home: The call is coming from inside the house.

* Hey look at this: Delights to delectate.

* This day in history: 2004, 2009, 2014, 2019, 2023

* Upcoming appearances: Where to find me.

* Recent appearances: Where I've been.

* Latest books: You keep readin' em, I'll keep writin' 'em.

* Upcoming books: Like I said, I'll keep writin' 'em.

* Colophon: All the rest.

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 Google's new phones can't stop phoning home

One of the most brazen lies of Big Tech is that people *like* commercial surveillance, a fact you can verify for yourself by simply observing how many people end up using products that spy on them. If they didn't like spying, they wouldn't opt into being spied on.

This lie has spread to the law enforcement and national security agencies, who treasure Big Tech's surveillance as an off-the-books trove of warrantless data that no court would *ever* permit them to gather on their own. Back in 2017, I found myself at SXSW, debating an FBI agent who was defending the Bureau's gigantic facial recognition database, which, he claimed, contained the faces of virtually every American:

https://www.theguardian.com/culture/2017/mar/11/sxsw-facial-recognition-biometrics-surveillance-panel

The agent insisted that the FBI had acquired all those faces through legitimate means, by accessing public sources of people's faces. In other words, we'd all opted in to FBI facial recognition surveillance. "Sure," I said, "to opt out, just don't have a face."

This pathology is endemic to neoliberal thinking, which insists that all our political matters can be reduced to *economic* ones, specifically, the kind of economic questions that can be mathematically modeled and empirically tested. It would be great if all our thorniest problems could be solved like mathematical equations.

Unfortunately, there are key elements of these systems that *can't* be reliably quantified and turned into mathematical operators, especially *power*. The fact that someone did something tells you nothing about whether they *chose* to do so - to understand whether someone was coerced or made a free choice, you have to consider the power relationships involved.

Conservatives hate this idea. They want to live in a neat world of "revealed preferences," where the fact that you're working in a job where you're regularly exposed to carcinogens, or that you've stayed with a spouse who beats the shit out of you, or that you're homeless, or that you're addicted to Oxy, is a matter of *choice*. Monopolies exist because we all love the monopolist's product best, not because they've got monopoly power. Jobs that pay starvation wages exist because people want to work full time for so little money that they need food-stamps just to survive. Intervening in any of these situations is "woke paternalism," where the government thinks it knows better than you and intervenes to take away your right to consume unsafe products, get maimed at work, or have your jaw broken by your husband.

Which is why neoliberals insist that politics should be reduced to economics, and that economics should be carried out as if power didn't exist:

https://pluralistic.net/2024/10/05/farrago/#jeffty-is-five

Nowhere is this stupid trick more visible than in the surveillance fight. For example, Google claims that it tracks your location because you asked it to, by using Google products that make use of your location without clicking an opt out button.

In reality, Google has the power to simply ignore your preferences about location tracking. In 2021, the Arizona Attorney General's privacy case against Google yielded a bunch of internal memos, including memos from Google's senior product manager for location services Jen Chai complaining that she had turned off location tracking in *three* places and was *still* being tracked:

https://pluralistic.net/2021/06/01/you-are-here/#goog

Multiple googlers complained about this: they'd gone through dozens of preference screens, hunting for "don't track my location" checkboxes, and *still* they found that they were being tracked. These were people who worked under Chai *on the location services team*. If the head of that team, and her subordinates, couldn't figure out how to opt out of location tracking, what chance did you have?

Despite all this, I've found myself continuing to use stock Google Pixel phones running stock Google Android. There were three reasons for this:

First and most importantly: security. While I worry about Google tracking me, I am as worried (or more) about foreign governments, random hackers, and dedicated attackers gaining access to my phone. Google's appetite for my personal data knows no bounds, but at least the company is serious about patching defects in the Pixel line.

Second: coercion. There are a *lot* of apps that I need to run - to pay for parking, say, or to access my credit union or control my rooftop solar - that either won't run on jailbroken Android phones or require constant tweaking to keep running.

Finally: time. I already have the equivalent of three full time jobs and struggle every day to complete my essential tasks, including managing complex health issues and being there for my family. The time I take out of my schedule to actively manage a de-Googled Android would come at the expense of either my professional or personal life.

And despite Google's enshittificatory impulses, the Pixels are reliably high-quality, robust phones that get the hell out of the way and let me do my job. The Pixels are Google's flagship electronic products, and the company acts like it.

Until now.

A new report from Cybernews reveals just how much data the next generation Pixel 9 phones collect and transmit to Google, without any user intervention, and in defiance of the owner's express preferences to the contrary:

https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/

The Pixel 9 phones home *every 15 minutes*, even when it's not in use, sharing "location, email address, phone number, network status, and other telemetry." Additionally, every 40 minutes, the new Pixels transmit "firmware version, whether connected to WiFi or using mobile data, the SIM card Carrier, and the user’s email address." Even further, even if you've never opened Google Photos, the phone contacts Google Photos’ Face Grouping API at regular intervals. Another process periodically contacts Google's Voice Search servers, even if you never use Voice Search, transmitting "the number of times the device was restarted, the time elapsed since powering on, and a list of apps installed on the device, including the sideloaded ones."

All of this is *without* any consent. Or rather, without any consent beyond the "revealed preference" of just buying a phone from Google ("to opt out, don't have a face").

What's more, the Cybernews report probably *undercounts* the amount of passive surveillance the Pixel 9 undertakes. To monitor their testbench phone, Cybernews had to root it and install Magisk, a monitoring tool. In order to do that, they had to disable the AI features that Google touts as the centerpiece of Pixel 9. AI is, of course, notoriously data-hungry and privacy invasive, and all the above represents the data collection the Pixel 9 undertakes *without* any of its AI nonsense.

It just gets worse. The Pixel 9 also routinely connects to a "CloudDPC" server run by Google. Normally, this is a server that an enterprise customer would connect its employees' devices to, allowing the company to push updates to employees' phones without any action on their part. But Google has designed the Pixel 9 so that privately owned phones do the same thing with Google, allowing for zero-click, no-notification software changes on devices that you own.

This is the kind of measure that works well, but fails badly. It assumes that the risk of Pixel owners failing to download a patch outweighs the risk of a Google insider pushing out a malicious update. Why would Google do that? Well, perhaps a rogue employee wants to spy on his ex-girlfriend:

https://www.wired.com/2010/09/google-spy/

Or maybe a Google executive wins an internal power struggle and decrees that Google's products should be made shittier so you need to take more steps to solve your problems, which generates more chances to serve ads:

https://pluralistic.net/2024/04/24/naming-names/#prabhakar-raghavan

Or maybe Google capitulates to an authoritarian government who orders them to install a malicious update to facilitate a campaign of oppressive spying and control:

https://en.wikipedia.org/wiki/Dragonfly_(search_engine)

Indeed, merely by installing a feature that can be abused this way, Google *encourages* bad actors to abuse it. It's a lot harder for a government or an asshole executive to demand a malicious downgrade of a Google product if users have to accept that downgrade before it takes effect. By removing that choice, Google has greased the skids for malicious downgrades, from both internal and external sources.

Google will insist that these anti-features - both the spying and the permissionless updating - are *essential*, that it's literally impossible to imagine building a phone that doesn't do these things. This is one of Big Tech's stupidest gambits. It's the same ruse that Zuck deploys when he says that it's impossible to chat with a friend or plan a potluck dinner without letting Facebook spy on you. It's Tim Cook's insistence that there's no way to have a safe, easy to use, secure computing environment without giving Apple a veto over what software you can run and who can fix your device - and that this veto *must* come with a 30% rake from every dollar you spend on your phone.

The thing is, we know it's possible to separate these things, because *they used to be separate*. Facebook used to sell itself as the privacy-forward alternative to Myspace, where they would *never* spy on you (not coincidentally, this is also the best period in Facebook's history, from a user perspective):

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3247362

And we know it's possible to make a Pixel that doesn't do all this nonsense because Google makes other Pixel phones that don't do all this nonsense, like the Pixel 8 that's in my pocket as I type these words.

This doesn't stop Big Tech from gaslighting* us and insisting that demanding a Pixel that doesn't phone home four times an hour is like demanding water that isn't wet.

*pronounced "jass-lighting"

Even before I read this report, I was thinking about what I would do when I broke my current phone (I'm a klutz and I travel a lot, so my gadgets break pretty frequently). Google's latest OS updates have already crammed a bunch of AI bullshit into my Pixel 8 (and Google puts the "invoke AI bullshit" button in the spot where the "do something useful" button used to be, meaning I accidentally pull up the AI bullshit screen several times/day).

Assuming no catastrophic phone disasters, I've got a little while before my next phone, but I reckon when it's time to upgrade, I'll be switching to a phone from the @calyxinstitute at mastodon.social. Calyx is an incredible, privacy-focused nonprofit whose founder, Nicholas Merrill, was the first person to successfully resist one of the Patriot Act's "sneek-and-peek" warrants, spending 11 years defending his users' privacy from secret - and, ultimately, unconstitutional - surveillance:

https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute

Merrill and Calyx have tapped into various obscure corners of US wireless spectrum licenses that require major carriers to give ultra-cheap access to nonprofits, allowing them to offer unlimited, surveillance-free, Net Neutrality respecting wireless data packages:

https://memex.craphound.com/2016/09/22/i-have-found-a-secret-tunnel-that-runs-underneath-the-phone-companies-and-emerges-in-paradise/

I've been a very happy Calyx user in years gone by, but ultimately, I slipped into the default of using stock Pixel handsets with Google's Fi service.

But even as I've grown increasingly uncomfortable with the direction of Google's Android and Pixel programs, I've grown increasingly *impressed* with Calyx's offerings. The company has graduated from selling mobile hotspots with unlimited data SIMs to selling jailbroken, de-Googled Pixel phones that have all the hardware reliability of a Pixel, coupled with an alternative app suite and your choice of a Calyx SIM and/or a Calyx hotspot:

https://calyxinstitute.org/

Every time I see what Calyx is up to, I think, *dammit, it's really time to de-Google my phone*. With the Pixel 9 descending to new depths of enshittification, that decision just got a lot easier. When my current phone croaks, I'll be talking to Calyx.

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 Hey look at this

* Silicon Valley, the New Lobbying Monster https://www.newyorker.com/magazine/2024/10/14/silicon-valley-the-new-lobbying-monster

* Economies of Scale in Peer-to-Peer Networks https://blog.dshr.org/2024/10/it-was-ten-years-ago-today.html

* Frogger Walkable City https://woe-industries.itch.io/frogger-walkable-city (h/t Boing Boing)

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 This day in history

#20yrsago HOWTO censor the net with a Hotmail account https://web.archive.org/web/20041023150004/http://www.bof.nl/docs/researchpaperSANE.pdf

#20yrsago Pratchett’s “Going Postal”: Graft, hackers, and a semaphore Internet https://memex.craphound.com/2004/10/09/pratchetts-going-postal-graft-hackers-and-a-semaphore-internet/

#20yrsago Both Presidential candidates arrested while serving papers on CPD https://web.archive.org/web/20041009213011/https://badnarik.org/supporters/blog/2004/10/08/michael-badnarik-arrested/

#15yrsago Marc Laidlaw’s “Sleepy Joe” — sf story comic podcast about war, cable access and human bombs https://escapepod.org/2009/10/08/ep219-sleepy-joe/

#15yrsago Junky Styling: a manual for thrift-shop clothes-remixers https://memex.craphound.com/2009/10/09/junky-styling-a-manual-for-thrift-shop-clothes-remixers/

#10yrsago Kids who sext more likely to be comfortable with their sexuality https://publications.aap.org/pediatrics/article-abstract/47/Supplement_1/229/78000/The-Relationships-Between-Adrenal-Cortical?redirectedFrom=PDF

#10yrsago SWAT team murders burglary victim because burglar claimed he found meth https://www.techdirt.com/2014/10/08/swat-team-raids-house-kills-homeowner-because-criminal-who-burglarized-house-told-them-to/

#10yrsago Malware needs to know if it’s in the Matrix https://web.archive.org/web/20141009164227/http://thestack.com/mimicry-in-malware-giovanni-vigna-081014

#5yrsago After banning working cryptography and raiding whistleblowers, Australia’s spies ban speakers from national infosec conference https://www.theguardian.com/technology/2019/oct/09/melbourne-cyber-conference-organisers-pressured-speaker-to-edit-biased-talk

#5yrsago SQL Murder Mystery: teaching SQL concepts with a mystery game https://github.com/NUKnightLab/sql-mysteries

#5yrsago Washington establishment freaks out as Modern Monetary Theory gains currency https://www.bloomberg.com/news/articles/2019-10-07/economists-worry-that-mmt-is-winning-the-argument-in-washington

#5yrsago Hunter Biden’s Ukraine gig was corrupt, just not in the way Republican conspiracists claim it was https://theintercept.com/2019/10/09/joe-hunter-biden-family-money/

#5yrsago Gamers propose punishing Blizzard for its anti-Hong Kong partisanship by flooding it with GDPR requests https://www.reddit.com/r/hearthstone/comments/df0zx5/upset_about_blizzards_hk_ruling_heres_what_to_do/

#1yrago How Google's trial secrecy lets it control the coverage https://pluralistic.net/2023/10/09/working-the-refs/#but-id-have-to-kill-you

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 Upcoming appearances

* “Come distruggere il capitalismo della sorveglianza” (Pisa/Remote), Oct 12
https://www.internetfestival.it/programma/come-distruggere-il-capitalismo-della-sorveglianza/

* OKFN Tech We Want Online Summit (Remote), Oct 18
https://okfn.org/en/events/the-tech-we-want-online-summit/

* SOSS Fusion (Atlanta), Oct 22
https://sossfusion2024.sched.com/speaker/cory_doctorow.1qm5qfgn

* Eagle Eye Books (Decatur), Oct 23
https://eagleeyebooks.com/event/2024-10-23/cory-doctorow

* TusCon (Tucson), Nov 8-10
https://tusconscificon.com/

* International Cooperative Alliance (New Delhi), Nov 24
https://icanewdelhi2024.coop/welcome/pages/Programme

* ISSA-LA Holiday Celebration keynote (Los Angeles), Dec 18
https://issala.org/event/issa-la-december-18-dinner-meeting/

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 Recent appearances

*  Go Fact Yourself
https://maximumfun.org/episodes/go-fact-yourself/ep-158-aida-rodriguez-cory-doctorow/

* The great decline of everything online (Lately podcast)
https://www.theglobeandmail.com/podcasts/lately/article-cory-doctorow-podcast-interview/

* A Book Talk with Cory Doctorow and Woodrow Hartzog at BU Law
https://www.youtube.com/watch?v=Gkt9dlTX-gs

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 Latest books

* The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (the-bezzle.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3062/Available_Feb_20th%3A_The_Bezzle_HB.html#/).

* "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)

* "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).

* "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.

* "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)

* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 Upcoming books

* Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025

* Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 Colophon

Today's top sources:

Currently writing:

* Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Today's progress: 752 words (60068 words total).

* A Little Brother short story about DIY insulin PLANNING

* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025

Latest podcast:
  Spill, part one (a Little Brother story) https://craphound.com/littlebrother/2024/10/06/spill-part-one-a-little-brother-story/

This work - excluding any serialized fiction - is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

📠 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x9026DBBE1FC237AF.asc
Type: application/pgp-keys
Size: 3650 bytes
Desc: OpenPGP public key
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20241008/98428f6e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20241008/98428f6e/attachment.sig>