Qualcomm chips are spying on phone users

htttps://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

1 Like

For the time beeing until it is fixed perhaps at least it can be blocked at home on router level!? Preferable openwrt ;- )

1 Like

intent to proxy the supl request is catalogued at https://gitlab.e.foundation/e/backlog/-/issues/5236 / and removing some infobits for the request is at https://gitlab.e.foundation/e/backlog/-/issues/6774

but what qualcomm markets at izat location services… not sure if this can be deactivated through settings or deblobbing is the only way. In the end, as nitrokey is kind of selling as news (this was widely published in 2016 when izat was released), baseband chips are their own OS. Even if you don’t feed them .so libs, they could be up to anything :slight_smile:

3 Likes

OPinion seems to be that that article is marketing bullshit rubbish. See e.g.

5 Likes

sure, tcpdump or didn’t happen, Nitrokey just rediscovered izats blanket privacy policy and sadly mixed both topics (a-gps and izat in-building location) and wrapped it in a sales pitch.

But the code is there to do wifi mac and gyro based location services outside Androids system facilities (what /e/ used fusedlocation and UnifiedNlp for and is similar in spirit).

You can incorporate the priv-app “com.qualcomm.location.apk” for the libraries and try to trigger it, see liblbs_core.so or libizat_core.so (on my older Moto qcom) for what they can do. I haven’t poked at it yet if it really yields a plain http call sending off wifi AP macs (beyond the xtra gps almanac fetch), but seems possible to me if you have everything in place.

Time to shine for @anon88181694 approach to better deblob than be sorry. Lineages policy is “be close to stockrom” in functionality, so you happen to get lots of proprietary libraries shipped, some of it is welcome by user opinion (ims, widevine+netflix etc), some not. It’s up to the maintainer of proprietary-files.txt of the device

1 Like

I’ve edited my original post to be clear to a more detailed/accurate one: https://divestos.org/misc/gnss.txt

3 Likes

structured, monospaced info, that will clarify the topic for many. You could resolve the acronyms right in the doc when introduced. I myself have a lot of words for nlp depending on context

1 Like

“Can’t you make a YouTube video?” in 3 … 2 … 1 … :wink:

@GaelDuval
You’re directly mixing up PSDS with SUPL, they are not the same.

There are multiple different location related issues here, see my writeup: https://divestos.org/misc/gnss.txt


Also update your browser already, it hasn’t been updated since December of 2022 and is extremely insecure and directly negligent to your users.

So this is Yet Another DivestOS advertizing corner at community.e.foundation?

3 Likes

You are amazing Gael.

I have a decade old project that has repeatedly uncovered issues and directly improved the surrounding ecosystem, yet you constantly accuse me of advertising when I’m advocating for all of our users as a whole.
I’ve repeatedly pointed out numerous issues with /e/OS for over two years now, few of which have been addressed or your team ever reached out for help.

You should be ashamed.

Do you even realize the complete non-overlap between our user base? I’m not selling cloud services or (insecure) devices.

2 Likes

I do not agree with you. You are not only advertising your OS, but you are trying to give a bad name to eOS.
I coudn’t imagine developers build themselves by destroying their competitors.
I thought working better was enough.

My goal was primarily to inform that there could be a potential data privacy issue here and secondly, that this article could generate negative publicity for /e/. By doing so, I also give the /e/ team the opportunity to officially react and comment on Nitrokeys advertising blog article.

Now, I hope that the discussion stays within the subject and remains objective and fair.

Or via Advanced Privacy directly in /e/ on the phone?

Noobishly yours

1 Like

Can we please stop being ridiculous? Thanks.
This is giving the /e/OS community a bad name. Instead, some appreciation would be in order for knowledgeable input which should be taken seriously.

3 Likes

those txt files I appreciate alot, customroms do good in comparing notes. But it’s bad form to derail a thread and be uncivil. This thread is not about chromium.

The attention on Nitrokeys article, whatever it failings, can prioritize what is already filed in the backlog. Stripping the SUPL of some identifiers is already merged in the S branch.

Proxying SUPL and statically hosting PSDS as other roms went ahead with looks good, but risks are outlined in the linked post by Gael - service continuity - what if your proxy gets blocked. How much caching can you do? What is legal to do?

In the end, proxied or not, option switches for any network connection will satisfy privacy interested users. If it’s asked at the first time setup wizard what the user prefers with guidance on how to reconsider later you can’t do wrong on them being enabled by default too.

My suggestion is that all of us stick to the topic and not use the forum to compare OS version. This takes away from the subject being discussed and reduces threads to acrimonious exchanges.

Also, when helping or discussing, please do not post links to any products / services / website you are a part of. In the past, we have banned other users trying out such blatant self-promotion. Rules cannot be selective.

6 Likes

Talk about other projects on your forums, not on /e/OS forums. Last call.

@Manoj

1 Like

This topic was automatically closed after 12 days. New replies are no longer allowed.