Delivery-Date: Thu, 11 Dec 2014 01:54:21 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 40BED1E0FC1;
	Thu, 11 Dec 2014 01:54:20 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 73ED030EDB;
	Thu, 11 Dec 2014 06:54:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4F87E2D6F9
 for <tor-talk@lists.torproject.org>; Thu, 11 Dec 2014 06:54:12 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id nBeFLZ0nI59F for <tor-talk@lists.torproject.org>;
 Thu, 11 Dec 2014 06:54:12 +0000 (UTC)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com
 [IPv6:2a00:1450:4010:c03::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id EE1802A9F9
 for <tor-talk@lists.torproject.org>; Thu, 11 Dec 2014 06:54:08 +0000 (UTC)
Received: by mail-la0-f51.google.com with SMTP id ms9so3717887lab.38
 for <tor-talk@lists.torproject.org>; Wed, 10 Dec 2014 22:54:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=n57xBpPfcy2TwcPvj9ZePf5EkRJm4y6+7WXxOYkcXUk=;
 b=T2XvHoLOt5rdh2snARANV7MQSF8Fok1KVMdd4x75EAQDQX2/rjkiiVkpvr0Wwmvelt
 RSQO9naoSn1GSoPH/36XSrGVmL9aQakbpM7R1H5hluVEcLvHlbhh2Mpir2Tr2h4u1vsS
 lfmNNxET8dHcTdcyghAR+CJUrXV3VflToxM4kpFWUveVBFtQttmMS7ydnucY2z1Qm/t9
 N+Spv95EctH0g9aMONuTpevd4rG9ePC4MVkk+qP6WpDgU0Gt9Me3TNjPEP/T4AhEy0gY
 5/8qO3zgW+GVNQLz6r5NX4VC/+fSXF6aAbmRM+2JjdwzjE+DGFaqloGO1aru096kP8Vd
 G6PQ==
MIME-Version: 1.0
X-Received: by 10.152.19.71 with SMTP id c7mr7976913lae.79.1418280845322; Wed,
 10 Dec 2014 22:54:05 -0800 (PST)
Received: by 10.112.15.2 with HTTP; Wed, 10 Dec 2014 22:54:05 -0800 (PST)
In-Reply-To: <1418167377.1534859.200954101.17F0174A@webmail.messagingengine.com>
References: <1418167377.1534859.200954101.17F0174A@webmail.messagingengine.com>
Date: Thu, 11 Dec 2014 08:54:05 +0200
Message-ID: <CAPkfgVb4wxWkhkWTRyAvo18jfdQEGh-jit+UOiocra0sz5uchA@mail.gmail.com>
From: Jon Tullett <jon.tullett@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Off topic- Android is suspect spyware?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 10 December 2014 at 01:22,  <andre76@fastmail.fm> wrote:
> Anything that google touches or promotes is very suspicious.

Anything that any corporation touches is suspicious by the same
measures, if you want to be sufficiently paranoid about it. You think
there's no Chinese spyware in Huawei phones, or that Apple is on your
side?


> Is there a way to eliminate all of the google bloatware and programs
> from an Android tablet and have a simple tablet that runs android
> without having to deal with google?

Yes. Get a forked device, like an Amazon Kindle Fire - such vendors
replace much of the Google software, often including the default app
store, with their own. But if you trust the third party more than
Google, your paranoia is broken.


> That google playstore monopoly
> drives me nuts!

This I don't understand at all. Of all the mobile ecosystems,
Android's has the least of an appstore monopoly. If you don't want to
use the Google Play Store, use another - there are numerous
third-party app stores. Or download apks directly and sideload them
(careful...this is where the malware lurks). All these are options
which don't exist in Apple or Microsoft devices. That's not a
criticism or endorsement, just a fact.

BlackBerry, curiously, is even more open - there's the default
BlackBerry World appstore, and BB10 ships with access to the Amazon
store for Android apps, and it supports easy sideloading AND provides
extra layers of app scanning beyond what Google does. But if you don't
trust Google, you shouldn't trust BlackBerry, for the same reasons.


> Rooting seems a partial answer to begin the process of modifying stuff
> on a device.

Only if that is the limit of your paranoia. You can root an Android
phone and rip out a bunch of stuff (the "Samsung decrapifier" is a
pretty good example of a bloatware removal tool), but there's still a
bunch of stuff that's off-limits, notably the code in, eg, the
baseband processor on the phone. Even if you could completely wipe a
phone, you couldn't be certain it was incapable of tracking or
eavesdropping. So the question is, how paranoid do you personally need
to be?


> What do you think?

I think you need to do some homework.

You should probably start with a personal risk assessment, then
research whatever measures are required to mitigate that risk. If you
are in a position where you need to be extremely paranoid about this
stuff, don't use a smartphone at all. Get a featurephone with no GPS
and a removable battery, and use it as a modem if you need to get
online, and take the battery out when you're in a sensitive situation.
If you just want to be tracked a bit less, root your Android
smartphone and use Orweb and orWall and suchlike. Avoid apps which are
ad-supported. Learn which services are what, and disable as many as
you comfortably can.

Or any of a number of options in between. It all comes down to what
level of risk you personally need to address.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

