#CandyCrush can bring #ICE agents to your door.
ICE has bought access to some surveillance tools developed by Penlink.
If you read the description of that company on their website you’ll find an overdose of fluffy and probably AI-generated corporate jargon that doesn’t mean anything:
Penlink is a global leader in digital intelligence solutions. Our compliant and certified solutions simplify complex data, empowering public safety and organizations to make informed decisions quickly and effectively. We believe in the power of data-driven intelligence to accelerate clarity in decision-making for global security, strategic operations, and the most critical missions.
In short: they make tools to spy on people. Through their mobile phones.
And it’s not like they do any kind of rocket science. They have some boring location trackers injected in a bunch of crappy ads SDKs used by some crappy free apps on the Google and Apple stores.
Commercial location data collected through trackers voluntarily installed by people on their phones can be queried without a warrant. Or it can be sold to data brokers, who in turn can resell it to whoever they want.
The list of impacted apps found so far is publicly available here. 12,373 apps at the time of writing.
The list includes mostly games (some Candy Crush and Angry Birds releases, many card games and solitaires, gambling/casino games, sudokus, football simulators etc.).
But it also includes photo editors, weather apps, pregnancy date calculators, network speed analyzers, many VPN apps, and many apps most likely used by foreigners (there are many local Arabic, Chinese, Spanish, Italian and Indian apps in the list).
Among those that caught my eye: Vinted, Flightradar24 and IlMeteo.
My two cents, especially if you are an American citizen:
Avoid apps installed through the Play/Apple stores unless you really know and trust their developers. Use #FDroid instead.
If you can, use #GrapheneOS, or an #Android ROM without Play Services, or that allows you to sandbox individual apps or the Play Services themselves.
It’s even better if you can sandbox or deny the Nearby Devices permissions on the Play Services, if your ROM permits it. Nearby known Wi-Fi networks can also reveal a lot about your location.
If the urge of playing that random animal crossing game that someone was playing at your hairdresser’s can be contained, then please contain it.
Remember that you can also install those apps on your computer at home through something like Waydroid or any Android emulator, in a sandboxed environment without much sensitive data. Without putting location trackers always with you in your pocket.
If Angry Birds asks to access your location, ask yourself why a game whose purpose is to throw chickens at pigs needs to know where you are.
Periodically review from your phone’s settings which apps have access to your location, and when they tried to access it last time. An app that has no apparent reason to know where you are, and repeatedly tries to access your location while you’re not using it, is usually a big red flag.
Always use Tor or a VPN that you trust (like Mullvad or Proton) to browse the Web. If you have the technical skills, try and go the extra mile. Set up your own VPN with a Pihole that blocks all trackers and forwards all external traffic through your trusted VPN, and wire your mobile devices to it too. If you can self-host, then self-host as much as you can.
I’d be tempted to say “go around with a dumbphone if you think that you’re at risk”, but that may make things worse. Nowadays it’s very uncommon for anyone to step out of their house without a smartphone. If ICE stops you and you show them your grandma’s dumbphone they may actually harass you even more.
This part of the story where surveillance capitalism turns into plain boring totalitarian surveillance was so predictable.
#USPol
https://archive.ph/HYbBG
