spyware

Last week, we discussed how the Republican-led US Senate was playing a game of “let’s figure out the one truly awful thing the voters didn’t ask for – and do it anyway“. And they came up with the bright idea of giving permission to Internet Service Providers to sell your private online usage information to third-party companies. Congress duly rubber-stamped the decision this week when they voted for it, and it now heads for President Trump’s desk for signature. Given that he likes to sign things, it’s a safe bet to assume that he will not oppose this bill.

But Verizon is not waiting for Donald to scribble his name on the bill, because they have already announced plans to install spyware on the Android smartphones of all their customers in “the coming weeks”. The move has outraged privacy groups like the Electronic Frontier Foundation, and a great many ordinary Internet users, including Trump’s own supporters.

appflash

The spyware will come in the form of a useless piece of bloatware called AppFlash, which will park itself on Android home screens – and which, from the sound of things, can’t be removed. It’s made by the same people who also made Evie Launcher, and it is useless because it does absolutely nothing Google doesn’t do. So it exists purely to provide “targeted advertising” – as if Verizon wasn’t making enough money already.

AppFlash ironically actually has a “Privacy Policy”, which confirms that it will :

“collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device”.

So the question remains, “what DOESN’T it want?”

But wait, it continues.

AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device”.

And to twist the knife, it tells you how much they are really going to screw you.

AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services and devices“.

Yes, AOL, the company that spammed everyone with installation disks 20 or so years ago. I never had to buy a drinks coaster ever again. THEY are getting your online user information? Be afraid, be very afraid.

aol meme

So what can you do as a pre-emptive strike? Well in our last article, we suggested some privacy-enhancing methods such as using a VPN. Honestly, until AppFlash comes out in the flesh, it would be rather impossible to give you cast-iron assurances of what you can do that will definitely work.

But based on their hilariously named “privacy policy”, we can make a few educated assumptions. You won’t be able to stop your ISP from getting device information such as your phone number, operating system, and what apps you use (there’s nothing to my knowledge that shields that information), but there are 10 other things you can perhaps try.

Stop Using Verizon

This would be a short-term solution, as very likely other ISP’s will also “do a Verizon” eventually. But cancelling your Verizon contract with a few choice words in your cancellation letter may get their attention. Don’t count on it though.

Stop Using An Android Phone

If this isn’t a good advert for why you shouldn’t use an Android phone, I don’t know what is. Say what you want about Apple, but you don’t get things shoved on your iPhone homescreen that you don’t want. Plus iOS doesn’t block privacy-related smartphone apps.

Start Deleting

Purge your Internet usage history right now. Seriously. Delete the lot. Temporary files, cookies, the whole nine yards. Start a bonfire and consign your entire Internet history to…..well, history. Because from now on, every scrap of information is up for grabs, because everything now has a dollar value attached to it.

Stop Using “Traditional Browsers”

Abandon browsers such as Chrome and move to the Tor browser immediately. There is an Android version of the Tor Browser called Orbot. Firefox also has a privacy-related version of their browser called Firefox Focus (the Android version requires compiling, so advanced knowledge is required). A third option is the Ghostery browser. Basically use a browser which stops collecting cookies and browsing history.

Make Sure That VPN Is Switched On

As we mentioned in the last article, a VPN is essential. We recommend Tunnelbear.

Stop Using Your ISP-Issued Phone Number

Encryption apps such as Signal, Telegram, and WhatsApp now offer not only encrypted messaging, but also encrypted phone calls and video calls. Start using them instead. In a pinch, I guess Skype might also be OK, but I would prefer an app that stresses its encryption protocols. Microsoft doesn’t inspire the same confidence.

Don’t Access Sensitive Websites On Your Phone

Are you going to a fertility clinic? A STD clinic? Are you browsing gay dating profiles? Are you organizing and/or attending political rallies and engaging in activism? Then DON’T USE YOUR PHONE BROWSER. Also, try to avoid online banking on your phone, and installing medical-related apps which will log your health information. Suddenly you might find your health insurance premiums increasing.

Turn Your GPS Tracking Off

Seriously, why do you need your phone to know where you are 24 hours a day, 7 days a week? The more it tracks you around the streets, the more information that is being sold to your ISP. Maybe your GPS has you walking through the Red Light District? Would you want your ISP to know you’re frequenting hookers?

Change Your Device Identifier

This involves a little bit more work, but a cursory look at DuckDuckGo (you don’t think I would search for this in Google, do you?) shows you can use an app called Android ID Changer. But only do this if you absolutely know what you are doing, as the potential to mess up your phone can be huge. Just ask the 5 year old kid next door to do it for you.

Install An App To Spoof Your GPS Location

Number 8 was to switch your GPS off, but if you MUST leave it on, the Google Android App Store has GPS spoofing apps you can try. Since I don’t have an Android, I can’t test them, so if you test any, let us know what you think of them.

The biggest thing you should be concerned about though is hackers probing to see if AppFlash has any weaknesses and back-doors. If so, they can get all of your user information, sell it to even less reputable companies than Verizon (if such a thing is even possible), and even insert their own spyware.

So let’s hope to God Verizon hasn’t rushed this through with dollar signs in their eyes, without thinking of the downsides for the users.