In recent interviews, I’ve gotten questions over if or how I use a smartphone. They’re so dangerous for someone like me, so it’s quite difficult to give an in-depth answer. But I published a paper with @bunniestudios a few years ago discussing some risks: https://www.tjoe.org/pub/direct-radio-introspection
Phone security has been something I’ve struggled with for a long time. I once spoke with @VICE’s @ShaneSmith30 about how it’s possible to physically remove internal microphones and cameras from a phone, but even that only mitigates a portion of the threat. https://invidio.us/watch?v=ucRWyGKBVzo
But as long as your phone is turned on, even with “location permissions” disabled, the radios in the phone that connect it to all the nice things you like are screaming into the air, reporting your presence to nearby cell towers, which then create records that are kept forever.
Software is equally important. The iOS and Android operating systems that run on nearly every smartphone conceal uncountable numbers of programming flaws, known as security vulnerabilities, that mean common apps like iMessage or web browsers become dangerous: you can be hacked.
If I were configuring a smartphone today, I’d use @DanielMicay’s @GrapheneOS as the base operating system. I’d desolder the microphones and keep the radios (cellular, wifi, and bluetooth) turned off when I didn’t need them. I would route traffic through the @torproject network.
I wouldn’t use WiFi at home, because global maps of every wireless access point’s unique ID—including yours—are free and constantly updated. I would use ethernet; yes, ethernet on a phone. I would deny network permissions to any app that doesn’t need it using an app firewall.
I would use an ad blocker. I would use a password manager. I would block third-party cookies in the browser. These last three are steps that absolutely everyone should consider, because they’re simple, cost little or nothing, and protect you while making your phone faster.
I would not (and do not) use email, except as throwaways for registration. Email is a fundamentally insecure protocol that, in 2019, can and should be abandoned for the purposes of any meaningful communication. Email is unsafe. I’d use @Signalapp or @Wire as a safer alternative.
This is only a partial list, but I’ll stop here. Even with all of these precautions, I still wouldn’t consider a smartphone “safe,” merely “safer.” The technologies underpinning our most basic systems of communication are insecure, and often insecure by design.
My point is not that you should use a smartphone like me, but that you shouldn’t have to. Privacy should not be a privilege, but because the legal system is broken, the average person today stands, at every stage of life, naked before the eyes of corporations and governments.
This system of predation has survived for so long because it occurs under the illusion of consent, but you were never asked your opinion in a way that could change the outcome. On the most consequential redistribution of power in modern life, you were never granted a vote.
The lie is that everything happening today is okay because ten years ago, you clicked a button that said “I agree.” But you didn’t agree to the 600 page contract: none of us read it. You were agreeing you needed a job; agreeing you needed directions, email, or even just a friend.
It wasn’t a choice, but the illusion of it. The consent you granted was never meaningful, because you never had an alternative. You clicked the button, or you lost the job. You clicked the button, or you were left behind. And the consequences were hidden for ten years.
They can point to the law and tell us this is legal. They can point to the world and say everything is okay. I disagree.