Why would iOS be safer from spying than a well setup Android

[nospam]

In article <nntgrr$rv6$1@gioia.aioe.org>, Aardvarks
<aardvarks@a.b.c.com> wrote:

> Where is your proof?

apple and android developer documentation.

 

[nospam]

In article <nnthfm$sqe$1@gioia.aioe.org>, Aardvarks
<aardvarks@a.b.c.com> wrote:

Where is your proof?

apple and android developer documentation.

Remember: I already referenced the exact android developer documentation
which supported the experiment that I devised based on reading those
documents (which told me exactly which services generated the AdID!).

no you didn't.

you have *no* idea what how the advertising id is used or how someone
can be tracked *without* it.

you're fixated on removing something that doesn't actually make much of
a difference.

 

[Aardvarks]

On Thu, 4 Aug 2016 09:15:44 +0200, Michael Eyd wrote:

Like a good scientist I claimed (and gave reason for that claim) that
your test is not suitable for basing your conclusion. *I* don't have to
provide anything

Michael,
Again, I sure hope you don't vote.

I'm sure *you* believe that a World War II Bomber is *still* on the Moon,
simply because it's hard to prove (to you) that it's *not* on the moon.

Given your acutely obvious scientific acumen, this is right down the
"scientific" line of thought both you and nospam *consistently* display.

- World War II Bomber now *missing* from the moon!
http://preview.tinyurl.com/gvjt5fw
https://en.wikipedia.org/wiki/Sunday_Sport

 

[Aardvarks]

On Thu, 4 Aug 2016 03:54:40 -0400, tlvp wrote:

> So please don't attribute to me what I've never even contemplated; thanks.

Then why did your first post in this thread request:
"You tell me. You seem to be the one that's [asking]"

 

[Aardvarks]

On Thu, 4 Aug 2016 08:57:24 +0200, Michael Eyd wrote:

The only thing you've proven is that this ID is now not to be seen
anywhere in any of the Android Settings dialogues.

Michael

I sincerely hope you don't vote.

Look at this article, because it's something you'd eminently believe simply
because it's hard to prove it's *not* there...

- "World War II Bomber Found On The Moon"
https://en.wikipedia.org/wiki/Sunday_Sport
http://tinyurl.com/gvjt5fw

 

[Michael Eyd]

Am 03.08.2016 um 21:13 schrieb Aardvarks:

On Wed, 3 Aug 2016 11:04:13 +0200, Michael Eyd wrote:

You didn't prove that the ID is actually wiped out.

I am a scientist.

Questionable. Very questionable, indeed.

1. Like any true scientist, I provide my hypothesis that iOs is less
private than Android when it comes to being able to easily *eliminate* the
advertising ID. And, like any true scientist, I provided numerous
references which backed up my claims and which supported the experiment
that I devised and published out in the open.

The only thing you've proven is that this ID is now not to be seen
anywhere in any of the Android Settings dialogues. But that does not
mean at all that it is gone from the system. You still don't understand
the difference between data being present in the system and data being
presented to a user.

2. Like any true scientist, I provided the exact steps to my *experiment*,
which anyone on the planet can reproduce with any similar Android phone
(mine is an S3 on Android 4.3).

Those steps are fine, just that they don't prove your claim at all.

3. And, like a true scientist, I provided the results and conclusion that
the advertising ID was trivially easily completely eliminated from the
Android system.

Your conclusion is wrong (resp. cannot be based on your findings), and I
pointed that out. Actually, that's what scientists do when reading other
scientist's claims: Try to find weaknesses in them and point them out.

Like any true scientist, I know *more* needs to be
explored, such as the question of whether the Advertising ID is hidden
somehow,

Which directly contradicts your 'conclusion' that it's completely gone
from the system. So now you're pulling back on your claim.

and that similar tests need to be performed to see if it is as
easy to eliminate the advertising ID on iOS as it was on Android.

This is what scientists do.

Right, but not the point in question. You're changing subjects, again.

This is fact.

Now, what do *you* provide?

I provide what any good scientist provides: A fair criticism of the
weaknesses of your claim. And I let the scientific community decide what
they think of my findings. Actually, that's what's called 'scientific
process'.

Words?
Tht's it?
Just words?

I don't need anything more to debunk your conclusion as 'not based on
the given facts'.

> You are not a scientist.

At least as much as you are.

You, and nospam and Savageduck and tlvp, etc., are merely iOS apologists
who don't like the fact that it's trivially easy to completely eliminate
the advertising ID on Android, while it's probably almost impossible to do
the same privacy tweak on iOS.

So here we go again: Once you've proven wrong (like we did time after
time on numerous occasions) you start insulting people. That's
definitively not the behavior of a scientist.

And as for iOS: I have an easily reachable menu in the Settings app,
where I can (and have ;-) ) denied Ad-tracking, and where I can even
reset the ADID (by generating a new one).

Heh heh ... you really felt the need to say that?
Really?

Nothing more to hold against that? It must really upset you...

Even nospam and Savageduck and tlvp didn't feel the need to say that what
you have on Apple iOS is the same as what every Android user already has
with respect to *resetting* the advertising ID and telling advertisers not
to use it.

Then why do you care? Just leave that part of my answer unanswered - but
that wouldn't fit your need to be right on any occasion... ;-)

You probably don't even *understand* what I just wrote - but I'm sure
nospam (who, despite his constant baseless lies, actually *does* understand
everything that I write).

I do understand much more than you, including a lot about you.

Michael

 

[Michael Eyd]

Am 03.08.2016 um 21:32 schrieb Aardvarks:

On Wed, 3 Aug 2016 10:57:46 +0200, Michael Eyd wrote:

You seem to be unaware of the difference between data shown on a screen
and data stored internally in a computer system. The only thing you've
proven above is that you don't see this ID anymore in any (user
accessible) screen.

But you can't possibly know (at this time, after performing the steps
you outlined) whether it's still stored somewhere in the system, nor
whether it's still accessible by apps (or Android itself) whenever they
choose to do so.

I am a scientist.

Then behave like one! And not like a kid, stomping your feet.

1. I proposed my hypothesis & my references backing it up.
2. I showed the exact steps of my experiment for anyone to reproduce.
3. I showed the results for anyone to prove wrong.

And what do you provide?

Like a good scientist I claimed (and gave reason for that claim) that
your test is not suitable for basing your conclusion. *I* don't have to
provide anything more, it's *you* who has to prove that your claim is
still holding up, despite my well-founded criticism. If you knew
anything about the scientific process, you would know that that's the
way things work in the scientific community.

You *saying* there is a super-secret hidden secret advertising ID that is
secretly generated outside the well-known mechanisms that the references
prove exist, merely means that you're stretching for a conspiracy theory to
support your erroneous beliefs.

Oh, more insults. Is that all you have? Not even one of your
'well-founded' test results, not even one of your 'explain-all' screen
shots? No? Poor you.

Let me make my point clear one more time: In your test you deleted the
Google Play app. And I accept (without any problem) that you did so
successfully.

However, that does not mean at all that any background services for the
Google Play Services are gone just as well. Nor does that mean that any
data they stored is actually gone from the system. Just one example how
that could work: The Google Play Services may store the AdID somewhere
in a general Android storage area (seeing how easy it is in Android for
one process to get access to the data of another process, that's easily
possible, even without pulling the card of 'Google can do things with
system parts that apps wouldn't be allowed').

But you're claiming that by deleting the app all the data from the
background service are gone just as well.

> What are your references?

I don't need any, I just need to raise reasonable arguments that *you*
have to show as false or as not applicable. Reminder: Insults are not an
accepted way of proving your point right.

> Where is your experiment?

I don't need one. It's your experiment, you have to prove that it is a
valid basis for your conclusion.

> Where is your proof?

I don't need any proof. I only need to raise reasonable doubt. And I
did. It's your task to dispel them.

> You may as well tell me the earth is flat.

Oh, come on. That's even below your standards...

I often wonder why you Apple people resort to such lies, but I finally
figured why you make up *everything* in your self-imposed contrived world
that Apple Marketing so safely (says they have) built for you:
a. You're scared witless (hoping that Apple Marketing will protect you)
b. You only care about style (which Apple Marketing surely provides)
c. You accept single-button-mouse solutions (from Apple Marketing)

And more insults...

Fact:
- It's trivially easy to completely eliminate the Advertising ID from an
unrooted Android device (my test was on an S3 with Android 4.3).

Which is yet to be shown. By you, by the way, not by me.

Hypothesis:
- It's impossible to do the same privacy tweak on unrooted iOS.

I'm a scientist. I'm not afraid of facts.
Prove me wrong.

I showed that your conclusion cannot be based on your experiment. That's
all there is to do for my role in this discussion. Dispel that or bring
up a test that really proves your conclusion. *That's* the way science
works.

Michael

 

[tlvp]

On Wed, 3 Aug 2016 19:13:43 +0000 (UTC), Aardvarks wrote:

You, and nospam and Savageduck and tlvp, etc., are merely iOS apologists
who don't like the fact that it's trivially easy to completely eliminate
the advertising ID on Android, while it's probably almost impossible to do
the same privacy tweak on iOS.

Please leave me out of this rag-tag gaggle of contributors. I have never in
my life even held in my hand an iOS-configured object (no iGizmo of any
sort, ever !), so I hardly would qualify amongst "iOS apologists".

Nor have I ever indicated I "don't like" whatever "fact" it is you're
ranting about above.

So please don't attribute to me what I've never even contemplated; thanks.

Cheers; and carry on, -- tlvp
--
Avant de repondre, jeter la poubelle, SVP.

 

[tlvp]

On Wed, 3 Aug 2016 19:13:43 +0000 (UTC), Aardvarks wrote:

Even ... tlvp didn't feel the need to say that what
you have on Apple iOS is the same as ...

That's 'cuz I have no "need to say" things about what I know nothing about.
In that regard I'm trying to set a good example; but it's not working :-{ .

Cheers, -- tlvp
--
Avant de repondre, jeter la poubelle, SVP.

 

[Michael Eyd]

Am 04.08.2016 um 12:54 schrieb Aardvarks:

On Thu, 4 Aug 2016 08:57:24 +0200, Michael Eyd wrote:

The only thing you've proven is that this ID is now not to be seen
anywhere in any of the Android Settings dialogues.

Michael

I sincerely hope you don't vote.

Look at this article, because it's something you'd eminently believe simply
because it's hard to prove it's *not* there...

- "World War II Bomber Found On The Moon"
https://en.wikipedia.org/wiki/Sunday_Sport
http://tinyurl.com/gvjt5fw

Wow, and you claim to be a scientist, to think scientifically, to prove
everything you say. Instead you're insulting others (who didn't give any
reason for that), you're changing topics whenever you feel cornered, you
repeat claims that were already refuted and debunked instead of arguing
about them. But you wouldn't know how to sensibly argue, and if had a
recipe for that lying in front of you - as you've proven here time after
time.

You're nothing but laughing stock. Feel free to play that role even
longer, feel free to play your silly little games even longer, feel free
to think everybody but you is an idiot. But you'll have to do that
without me from now on.

Get lost,

Michael

 

[Michael Eyd]

Am 04.08.2016 um 12:54 schrieb Aardvarks:

On Thu, 4 Aug 2016 09:15:44 +0200, Michael Eyd wrote:

Like a good scientist I claimed (and gave reason for that claim) that
your test is not suitable for basing your conclusion. *I* don't have to
provide anything

Michael,
Again, I sure hope you don't vote.

I'm sure *you* believe that a World War II Bomber is *still* on the Moon,
simply because it's hard to prove (to you) that it's *not* on the moon.

Given your acutely obvious scientific acumen, this is right down the
"scientific" line of thought both you and nospam *consistently* display.

- World War II Bomber now *missing* from the moon!
http://preview.tinyurl.com/gvjt5fw
https://en.wikipedia.org/wiki/Sunday_Sport

That's exactly the way you think, not me.

Get lost,

Michael

 

[pfjw@aol.com]

On Tuesday, August 2, 2016 at 3:37:29 PM UTC-4, Aardvarks wrote:


>>Stuff.

Are you related to Danny D. by any chance?

 

[Chris]

Aardvarks <aardvarks@a.b.c.com> wrote:

On Wed, 3 Aug 2016 11:04:13 +0200, Michael Eyd wrote:

You didn't prove that the ID is actually wiped out.

I am a scientist.

You're many things, but sorry you're no scientist.

1. Like any true scientist, I provide my hypothesis that iOs is less
private than Android when it comes to being able to easily *eliminate* the
advertising ID. And, like any true scientist, I provided numerous
references which backed up my claims and which supported the experiment
that I devised and published out in the open.

2. Like any true scientist, I provided the exact steps to my *experiment*,
which anyone on the planet can reproduce with any similar Android phone
(mine is an S3 on Android 4.3).

3. And, like a true scientist, I provided the results and conclusion that
the advertising ID was trivially easily completely eliminated from the
Android system. Like any true scientist, I know *more* needs to be
explored, such as the question of whether the Advertising ID is hidden
somehow, and that similar tests need to be performed to see if it is as
easy to eliminate the advertising ID on iOS as it was on Android.

None of which tests your original hypothesis. Pointless exercise.

> This is what scientists do.

No. The traditional scientific method is you make an observation, develop a
hypothesis based on the observation, design an experiment ideally to
disprove your hypothesis, and then assess objectively whether the
experiment had achieved your aim.

Nowadays you can also develop hypothesis free experiments, generally where
your large amounts of data in an attempt to develop a hypothesis.

> This is fact.

Good scientist are rarely categorical. That's a fact

Now, what do *you* provide?

Words?
Tht's it?
Just words?

You are not a scientist.

You, and nospam and Savageduck and tlvp, etc., are merely iOS apologists
who don't like the fact that it's trivially easy to completely eliminate
the advertising ID on Android, while it's probably almost impossible to do
the same privacy tweak on iOS.

And as for iOS: I have an easily reachable menu in the Settings app,
where I can (and have ;-) ) denied Ad-tracking, and where I can even
reset the ADID (by generating a new one).

Heh heh ... you really felt the need to say that?
Really?

Even nospam and Savageduck and tlvp didn't feel the need to say that what
you have on Apple iOS is the same as what every Android user already has
with respect to *resetting* the advertising ID and telling advertisers not
to use it.

You probably don't even *understand* what I just wrote - but I'm sure
nospam (who, despite his constant baseless lies, actually *does* understand
everything that I write).

 

[Jeff Liebermann]

On Tue, 2 Aug 2016 19:37:23 +0000 (UTC), Aardvarks
<aardvarks@a.b.c.com> wrote:

Specific things only.
Not Marketing crap please.

Even your Smartphone battery status is tracking your online browsing:
<http://tech.thaivisa.com/warning-your-smartphone-battery-status-is-being-used-to-track-your-every-move-online/16596/>
<http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf>
Resistance is futile. So it capacitance and inductance. You will be
conglomerated into the data mass.


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

 

[Meanie]

On 8/3/2016 5:07 AM, Michael Eyd wrote:

Am 02.08.2016 um 21:37 schrieb Aardvarks:

(The iOS guys are like your basic used-car salespeople - they almost
never
tell the truth and they can only spout what the Marketing guys tell
them to
say - so we're not going to get any provable level of detail from them).

Even though we won't likely get anything from iOS guys that they didn't
read off of a glossy marketing brochure, I'll cc them, just in case
they do
know something of what they constantly talk about.

...

The Apple guys get all their ideas from the admittedly clever Marketing
machine (which knows how to play to their intense fear) so I doubt
they'll
be providing any real details to their accusations - yet they still
constantly accuse the Android users of being spied upon by Google simply
for using Android.

Do you really think it to be a good start of a discussion insulting one
of the groups you hope to be participating? Me not...

I just want to find out the correct answer to the question.

No you don't, you want your view of the world confirmed. Otherwise you
wouldn't have felt the need to insult the group that is most likely to
be of a different opinion.

Michael

So many complaints about this person and yet so many replies.

People sure don't know how to ignore but sure know how to whine.

 

[Aardvarks]

On Thu, 04 Aug 2016 11:01:27 -0700, Jeff Liebermann wrote:

Even your Smartphone battery status is tracking your online browsing:
http://tech.thaivisa.com/warning-your-smartphone-battery-status-is-being-used-to-track-your-every-move-online/16596/
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf
Resistance is futile. So it capacitance and inductance. You will be
conglomerated into the data mass.

Hi Jeff,

I've given up responding to the Apple Apologists who infest the iOS
newsgroup, so, you're the only one I'm responding to. Not one of them
provided a *single* valid datum (and we knew that from the start).

The iOS people can't comprehend actual *facts*.
It's beyond their capabilities.

a. They bought on pure style, facts be damned
b. They fear so much that Apple Marketing plays them like a fiddle
c. IOS users "just give up", which is how they handle their AdID privacy

But on to your point...

I *understand* your sentiment that resistance is futile, and I even echoed
that by stating that neither iOS nor Android is inherently more secure
because it's like saying which leaks water faster, a steel garbage can
peppered by buckshot or a plastic recycling bin peppered by buckshot.

However, with respect to *just* the advertising ID, the references I cited
explained the program that generates it, and, wiping out that program wiped
out the reference ID (as far as *anyone* can show) - so, at least on
Android, the recycling bin has a few holes you *can* plug up.

On the far more primitively less tweakable iOS, you can't plug those holes,
so, they exist, no matter what you do.

But, again, your point is valid that *both* platforms are so full of
security holes that only people who actually believe everything that Apple
Marketing spews forth would (falsely) feel more secure with one than with
the other.

Regarding your reference ...
https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/

It's interesting that Firefox calls the smartphone battery API in order to
figure out your battery level, such that the battery level can be used for
fingerprinting. https://www.w3.org/TR/battery-status/

It's also interesting that it's "slightly* less fingerprintable if you're
*not* connected to a charger.

This is interesting because panopticlick, last I checked, did not look at
this information - but - perhaps should. (I keep a clean browser from
fingerprinting.)

Also, when I look in App Ops Starter for the permissions granted Firefox,
they entail only:
- Location (typically I turn this off)
- Modify clipboard
- Read clipboard
- Post notification
- Vibrate
- Modify settings
- Draw on top
- Camera
- Record audio

So, it's disappointing that App Ops Starter doesn't list that Firefox has
access to the "Battery status" which is a *short-lived identifier*.

If Apps Ops Starter listed that short-lived identifier, we could simply
turn off that access from within App Ops Starter.

As for protection against this fingerprinting threat, it would be nice if
we can find an app that randomly adjusts the battery registers for the
three battery parameters that are reported by the battery monitor API:

1. The current level of battery (from 0.00 to 1.0)
2. Time, in seconds, for the battery to discharge
3. Time, in seconds, for the battery to charge (only if connected)

I read a few related references, which don't specifically mention laptops:
http://www.bleepingcomputer.com/news/security/how-battery-status-readouts-can-threaten-user-privacy/

Do you think this Firefox battery-status fingerprinting also works for
laptops?

 

[nospam]

In article <no0lof$1ajm$1@gioia.aioe.org>, Aardvarks
<aardvarks@a.b.c.com> wrote:

On the far more primitively less tweakable iOS, you can't plug those holes,
so, they exist, no matter what you do.

invalid assumptions.

 

[Aardvarks]

On Thu, 4 Aug 2016 20:13:16 -0400, Aardvarks wrote:

Do you think this Firefox battery-status fingerprinting also works for
laptops?

Some factual updates...

The battery-status API privacy exploit works on multiple browsers and on
multiple operating systems, including all the well known operating systems
for both mobile devices and computers.

Setting the following "about:config" option in Firefox should prevent the
exploit that Jeff kindly informed us about:

Change from: dom.battery.enabled;true
Change to: dom.battery.enabled;false

I'm not sure where the user.js file is located on iOS or in Android, but on
your computer desktops and laptops, it will be located in "aboutrofiles".

 

[Jolly Roger]

On 2016-08-05, Aardvarks <aardvarks@a.b.c.com> wrote:

On Thu, 4 Aug 2016 20:13:16 -0400, Aardvarks wrote:

Do you think this Firefox battery-status fingerprinting also works for
laptops?

Some factual updates...

The battery-status API privacy exploit works on multiple browsers and on
multiple operating systems, including all the well known operating systems
for both mobile devices and computers.

Does the exploit work in Safari?

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

 

[Aardvarks]

On 6 Aug 2016 00:25:17 GMT, Jolly Roger wrote:

> Does the exploit work in Safari?

In a quick read of these references...
https://www.theguardian.com/technology/2015/aug/03/privacy-smartphones-battery-life
http://www.independent.co.uk/life-style/gadgets-and-tech/news/phone-batteries-can-be-used-to-spy-on-their-owners-could-track-people-around-the-internet-10435578.html
https://it.slashdot.org/story/15/08/03/1728255/privacy-alert-your-laptop-or-phone-battery-could-track-you-online
http://www.wired.co.uk/article/privacy-hole-in-firefox
http://www.ibtimes.co.uk/smartphone-laptop-batteries-compromise-web-browser-privacy-suggest-security-experts-1513979
http://mashable.com/2015/08/04/battery-privacy-html5/
http://www.telegraph.co.uk/technology/internet-security/11782851/Can-your-battery-life-give-away-your-identity.html
http://www.belfasttelegraph.co.uk/technology/mobile-phone-batteries-can-be-used-to-spy-on-their-owners-could-track-people-around-the-internet-31423953.html
http://www.theinquirer.net/inquirer/news/2420547/phone-batteries-can-track-you-around-the-internet
http://blogs.wsj.com/digits/2015/08/04/7-ways-youre-being-tracked-online-and-how-to-stop-it/
http://eprint.iacr.org/2015/616.pdf
http://betanews.com/2015/08/03/privacy-alert-your-laptop-or-phone-battery-could-track-you-online/
http://www.dailymail.co.uk/sciencetech/article-3185191/Are-tracked-using-smartphone-s-BATTERY-LIFE-Information-harvested-make-websites-energy-efficient-identify-web-users.html
http://www.repubblica.it/tecnologia/sicurezza/2015/08/05/news/privacy_batteria_telefono-120471082/
http://www.liberation.fr/direct/element/quand-le-niveau-de-batterie-de-votre-telephone-devient-un-mouchard_14537/
http://tecnologia.elpais.com/tecnologia/2015/08/04/actualidad/1438686007_043163.html
http://www.nzz.ch/nicht-nur-der-akku-verraet-nutzer-ld.1278
http://www.police.be/fed/fr/actualites/298-surfons-tranquille-api-battery-status-un-espion-insoupconne
etc. (the last few are not in English though)

It seems it's "a little-known feature of the HTML5 specification" which
Firefox, Opera and Chrome support and it was "introduced by the World Wide
Web Consortium (W3C, the organisation that oversees the development of the
web˘s standards) in 2012".

Here's a quote from the first article:

https://www.theguardian.com/technology/2015/aug/03/privacy-smartphones-battery-life
"The researchers point out that the information a website receives is
surprisingly specific, containing the estimated time in seconds that the
battery will take to fully discharge, as well the remaining battery
capacity expressed as a percentage. "

"Worse still, on some platforms, the researchers found that it is possible
to determine the maximum battery capacity of the device with enough
queries, creating a semi-permanent metric to compare devices".