this post was submitted on 27 Oct 2023
189 points (95.7% liked)

Privacy

32177 readers
603 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So I got Fairphone 4, with /e/ os, a couple of days ago. When I connected it to my NextDNS I saw that it was trying to connect to some weird addresses, like every 5-10 minutes. I searched Internet a bit and found out that it was something with snapdragon cpu and location services. I travel a lot and use Organic Maps for navigation, so location was enabled almost all day on the phone. I turned off location services and connections stopped, and everything was fine for a couple of days.

Today I came home, checked logs in NextDNS and saw that phone started doing the same connections almost constantly even with location turned off.

Can I do something about this, other than allowing these connections? These connections are probably so numerous because they are getting blocked. If I allowed them, phone would maybe call home once in a couple of hours. I would rather not allow them, but I don't want 20% of battery to be eaten by this.

you are viewing a single comment's thread
view the rest of the comments
[–] MigratingtoLemmy@lemmy.world 7 points 1 year ago* (last edited 1 year ago) (1 children)

Ah, I didn't manage to recollect your mention of NextDNS in your post. There's no need to change anything regarding your DNS settings in such a case; it won't take much of your battery.

Here's a related discussion on the /e/OS forum: https://community.e.foundation/t/qualcomm-chipsets-data-collection-linked-to-the-a-gps-service-in-e-os/48982. Note that the domain mentioned in the discussion is izatcloud.net, however, for your purposes you can consider it the same as the domains you're seeing.

What can /e/OS do?

The SUPL-A/GPS case is well-know for a long time. Though it’s probably a low impact case in term of user’s privacy, we are evaluating how to prevent or mitigate it in /e/OS.

Options we have today:

  1. Block SUPL requests using /e/OS’ Advanced Privacy tracker control. But that would probably kill the A/GPS service, making the GPS location service very, very slow.
  2. Proxy SUPL requests to anonymize their originr. That’s an option but it can be blocked if we send too much traffic to the SUPL servers. This would likely happen because /e/OS has a lot of users, and would have an impact in term of service continuity.
  3. Figure out how /e/OS users can use Advanced Privacy IP scrambling features to fake SUPL calls origin IP address.
  4. …?

You might want to try option 1 and check. Please revert back to this comment after attempting to do so, so that others can benefit from this idea.


XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device

They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they’re exclusively using that now…). Of course it should be blocked. But it’s necessary to allow one of those 3 domains in order to make the GPS work properly.

And here's the Wikipedia article on what is it that the Qualcomm chip is trying to gather: https://en.wikipedia.org/wiki/Assisted_GNSS

[–] Cossty@lemmy.world 4 points 1 year ago (1 children)

Thx for very detailed reply. I was trying to do the option 1, but I couldnt find how to do that. I am guesing that because dns is blocking the requests they dont show in the app. That would mean the app and dns are doing the same thing, so it doesnt really help.

I might just allow them, because I need the gps to work properly.

[–] MigratingtoLemmy@lemmy.world 2 points 1 year ago (1 children)

I don't have experience with e/OS/, I can only really say what I gather from their documentation.

Note that:

when I activate fake location in AP but keep location turned off in system settings the app organic maps does not show my fake location but asks me to enable location. Therefore I presume: Yes, location off in system settings means no location for any app.

The thing about modern android and location settings is that when it is turned off that also means the GPS. So probably correct, no location for any app.

Link to discussion: https://community.e.foundation/t/advance-privacy-fake-location-with-location-turned-off/50052

I would suggest utilising the Fake my location toggle for when you would not like apps to access your location, however, I am not sure if it will work against requests from low-level firmware such as directly from a Qualcomm chip. That's a question for the developers.


Another point that is mentioned in this post is the fact that tracker detection and blocking (which is now native to e/OS/) can't work with DoT providers like NextDNS. Indeed, the app and the DNS filters you're using with your DNS provider attempt to do the same thing here.

Note that the “tracker manager” of Advanced Privacy can’t work with DNS over TLS (DoT).

[–] Cossty@lemmy.world 1 points 1 year ago

I use location only for/with Organic Maps, otherwise it is turned off, so using fake location seems pointless.

It looks like if I want to use gps without problems I have to allow these connections. Or switch to pixel and GrapheneOS. Other chip makers like mediatek, samsung probably have something similar, so that isnt option either. I just got this FP4 and I like it alot, so I guess I'm stuck with qualcomm getting some telemetry.

Thank you very much for your help.