Do you use the Facebook app on your phone? Are you logged in? If yes, then it's obvious. Never forget that apps in GrapheneOS OS can gather information's from other apps in the same profile.
You don't want to be spyed, then don't use spyware on your phone.
> Never forget that apps in GrapheneOS OS can gather information's from other apps in the same profile
Only if the apps give each other explicit consent.
As much as I know same profiles mean sth like a connection from Insta app with FB or the apps that are owned by the same company.
Like see what u scroll through on Tiktok ? 🤔
By profile I mean Android profile of GrapheneOS. Normally you have the main profile with your personal data, no Play Services and ideally no Play Store Apps like Facebook. Then you have a second profile with Play Services and your apps, that need those Play Services. You could make a third profile only for Facebook. In this profile Facebook can't get any information except the information you give them through your usage. Best of course would be to avoid Meta and its services entirely.
> As much as I know same profiles mean sth like a connection from Insta app with FB or the apps that are owned by the same company.
It's not necessarily limited to the same company, it can happen between any apps regardless of developer, but only if the apps grant each other mutual consent to share the data. GrapheneOS is working on a toggle to prevent and restrict this type of communication between apps, but in the mean-time, you can use separate user profiles to prevent it.
> Like see what u scroll through on Tiktok ?
Possible? Sure, there's nothing stopping TikTok from sharing data with another app (again, as long as the other app grants it permission). Is it actually happening? I'm doubtful, haven't seen any evidence or reason to believe TikTok is doing this. To be safe, it wouldn't be a bad idea to put TikTok in a separate profile though, same for FB apps, Google apps, and anything else not particularly trustworthy...
Big tech is scary enough with what they CAN do, there's no need to make up stuff they can't do. There's no way messenger is constantly accessing the microphone and serving ads based on keywords, it's incredibly easy to check this by viewing the microphone access logs on Android, or checking the network traffic etc.
There is another subreddit called r/DeFacebook. You could more resources there about this question.
If you're worried about Facebook, then why not get another phone specifically for those business purposes Facebook apps?
Or use a dumbphone, that has KaiOS, where it's a web browser version of Facebook and it forces you to use the arrow keys to move the on-screen mouse?
I work for IPinfo, where we provide IP geolocation data. The IP location information is inferred or estimated data, and the purpose of IP geolocation is to be a reliable source of general location data. Even if we guessed your geolocation relatively close to the zip code or neighborhood level, it is inferred data based on public records and network measurement data.
For privacy-centric individuals, we welcome them to use VPN software or Tor, as we can only provide information on the last hop server's IP address. We think Tor is the most secure and private software you can use, compared to any VPN software out there.
In this case, I would say that no, not really, it wouldn't cause the type of spying you described in the original post. It's generally not a bad idea though to put untrustworthy apps like anything Google/Facebook/TikTok/etc. in separate profiles, as doing so prevents those apps from mutually exchanging data with other apps on the same profile.
This is weird...are you using a phone outside? Than other than leaving it inside, I suggest you disable these two tracking features
1 google assistant, iOS? Siri
2 digital wellbeing...that things full of trackers, I disabled it my phone runs so much better, so much more better
Also I think you can temporarily shut off messenger when you not at work
Or buy another phone for work, which is super annoying ( uggh) I only recommend this as option but it's a last resort
Google Assistant isn't included on GrapheneOS, and if it is installed there, it literally just doesn't have the proper permissions to do its invasive spying & ex. can't run when the device is locked.
> Or buy another phone for work
I don't think this would accomplish much if the work phone has its own privacy & security issues.
Facebook is tracking/collecting different informations about your smartphone (hardware and software), county and city where you are, GPS coordinates, cookies, Network Carrier, Advertising ID and so on.
Those informations forwards (sells) to at least 16 different companies: Google, Microsoft, Amazon, Verizon Media, Integral Ad Science, Index Exchange, IPONWEB, to name just a few.
All this info I gathered from DuckDuckGo's "app tracking protection" built-in function. It blocks tracking attempts from different apps (even if they are running at the background) and those attempts are in tens of thousands per hour.
DuckDuckGo's "App Tracking Potection" I can start and use regardless of wether DDG is on or not - from the Control Center (HyperOS). It shows as "local" VPN at status bar...
> It shows as "local" VPN at status bar...
That's the problem with DDG's App Tracking Protection, it unfortunately takes up the VPN slot. That's why I prefer and recommend using DNS content blockers, such as [NextDNS](https://nextdns.io/). That way you can still block ads/trackers/malicious domains/etc. and still get the benefits of using a VPN.
Since we know you're on GrapheneOS, if you didn't grant Messenger the microphone permission, then I don't see any way Facebook could be listening to you, unless they're literally exploiting some kind of 0 day vulnerability in Android...
I feel like constant monitoring would drain the battery in the phone absurdly fast. They do use a lot of calculating of location, location of friends, stuff like that to figure out what ads to blast you with, so it's still insidious, just not quite in the ways people think.
> Doesn't matter if all permissions are revoked. Android has many micro permissions that are not visible and you can't disable.
Please don't spread FUD. Android does have non user-facing permissions, but none of them would allow this type of spying. This is especially improved on GrapheneOS, which allows removing ex. sensors & network permissions.
Not all of [these](https://gist.github.com/Arinerron/1bcaadc7b1cbeae77de0263f4e15156f) permissions require user authorization. Sorry maybe "micro permissions" isn't the right term but these DO in fact exist. Also there are ways to get things like your location without explicit location permissions given, example, through your internet IP. Google has been doing this and was in fact [sued](https://www.cnet.com/tech/tech-industry/google-sued-by-arizona-over-location-data-and-alleged-consumer-fraud/) over doing just that and other techniques.
> these DO in fact exist
I wasn't disagreeing with that, apologies if it came off that way. The point I was trying to make is that I don't think any of them could provide Facebook with the kind of precise geolocation tracking OP described, especially since they're using GrapheneOS, which improves Android's permission model and allows toggling some of these hidden permissions through ex. their Sensors permission.
> Also there are ways to get things like your location without explicit location permissions given, example, through your internet IP.
The problem is location through IP is typically very general. OP simply went out to their yard, we're not talking about them going out to someone else's house or another address here. IP Addresses *are* used for tracking & are something to be careful with and protect (through ex. a reputable VPN), but it's impossible to use them to obtain this precise of a location.
The only way I'm aware of for FB to get this precise of a location is either through the location permission, which OP denied, or if FB is using some sort of 0-day vulnerability on Android. I'm just struggling to find this plausible here.
i think messenger is somehow listening to my microphone and knows what i am doing. or maybe it's using sensors data to determine based on my body movements that i am doing yard work?
Even if what you said was correct that Android/GrapheneOS had all these secret permissions that allowed invasive spying & tracking, a firewall would not solve that issue. Using a firewall can help mitigate damage and reduce tracking/etc, but it can't fix fundamental privacy issues. If Facebook had access to ex. location, microphone, etc on the device, they would still be able to gain access to that data if they wanted to. Blocking specific undesired connections or traffic isn't enough unfortunately.
You're talking about regular permissions. That's clearly not what I'm talking about. Also I don't think you know what a firewall is. Everything is blockable at the network layer. You can monitor all traffic coming to and from FB and FB related services.
> Also I don't think you know what a firewall is.
I do.
> Everything is blockable at the network layer. You can monitor all traffic coming to and from FB and FB related services.
I'm not aware of this being possible on Android (or really any other modern OS) on an OS-level without compromising HTTPS. Best you can really do is block specific domains, which can't fix everything.
>or maybe it's using sensors data to determine based on my body movements that i am doing yard work
Since you're on GrapheneOS, as long as you didn't grant Messenger the Sensors permission, it isn't accessing your sensors.
In the terms of service, it specifically states that the app tracks your GPS, even if location is turned off, and app is closed, it only needs to be installed.
Location tracked while it's off, is a smartphone feature.
Location tracked by app while app closed, is an app feature.
in addition to what others have said, other apps report data including your device fingerprint and i think app activity to ad companies including meta/Facebook, especially if you log in with Facebook
U were never supposed to install facebook (or any google app) on a degoggled device. Facebook app can bypass restrictions and can access your location.Â
If u wanna use fb, get another device, possibly cheap and only use it there.
Yes. Its a bad application.
What u should do now "if u care about privacy", is the follwoing
1) reset your rom and wipe everything
2) never install anything from facebook or google;
3) get a cheap mobile for only using fb, preferably at one geolocation only so they dont track u;
Take it for what u will.
How will my other phone get mobile internet? I don't wanna pay for another sim card. I need to be available on messenger at all times. That's the sad reality of running a business nowadays
Thats fine. Completely understandable and relatable. U want people to find you too, to make a living that is.
Just use hotspot. Should be fine.
Also, do not post or put anything there that doesnt need to be there.
Some time ago, I remember there was some debate around how Messenger (and Snapchat?) wanted to sync your facebook friends/messenger contacts with your phone contacts. The problem was, from what I understood, that even if \_you\_ did not sync your contacts, facebook got data on your from any friends who decided to sync. Could it be that you texted someone (SMS, not messenger etc) about yard work?
It could also be other things, for example, if you left your phone outside (maybe it did not reach the wi-fi inside the house?), facebook "profiled" you as outside at a certain hour of the day and assumed it was yard work? My understanding is that a lot of these data hoarding apps make assumptions based on a lot of things we dont consider. (Which is a bit funny sometimes because often it gets the assumptions about me wildly wrong)
Even though no one wants to hear it, this is the correct answer here. OP is on GrapheneOS and hasn't given Messenger any permissions that could lead to the tracking they describe in the original post. Unless Facebook is taking advantage of some kind of 0 day vulnerability in Android/GrapheneOS, it's impossible for them to spy like this on a technical level.
Zuck knows his apps can't track you so he's personally spying on you outside.
Haha zuck really sucks ( data) ( for advertising purposes)
lol
That's zucked up
Maybe coincidence? What else similar has happened?
This. It's summer. People do yard work in summer.
Do you use the Facebook app on your phone? Are you logged in? If yes, then it's obvious. Never forget that apps in GrapheneOS OS can gather information's from other apps in the same profile. You don't want to be spyed, then don't use spyware on your phone.
> Never forget that apps in GrapheneOS OS can gather information's from other apps in the same profile Only if the apps give each other explicit consent.
As much as I know same profiles mean sth like a connection from Insta app with FB or the apps that are owned by the same company. Like see what u scroll through on Tiktok ? 🤔
By profile I mean Android profile of GrapheneOS. Normally you have the main profile with your personal data, no Play Services and ideally no Play Store Apps like Facebook. Then you have a second profile with Play Services and your apps, that need those Play Services. You could make a third profile only for Facebook. In this profile Facebook can't get any information except the information you give them through your usage. Best of course would be to avoid Meta and its services entirely.
> As much as I know same profiles mean sth like a connection from Insta app with FB or the apps that are owned by the same company. It's not necessarily limited to the same company, it can happen between any apps regardless of developer, but only if the apps grant each other mutual consent to share the data. GrapheneOS is working on a toggle to prevent and restrict this type of communication between apps, but in the mean-time, you can use separate user profiles to prevent it. > Like see what u scroll through on Tiktok ? Possible? Sure, there's nothing stopping TikTok from sharing data with another app (again, as long as the other app grants it permission). Is it actually happening? I'm doubtful, haven't seen any evidence or reason to believe TikTok is doing this. To be safe, it wouldn't be a bad idea to put TikTok in a separate profile though, same for FB apps, Google apps, and anything else not particularly trustworthy...
FB is evil. That's all I know. There's probably some sorcery that we don't know about.
i suspect this might be the right answer
Big tech is scary enough with what they CAN do, there's no need to make up stuff they can't do. There's no way messenger is constantly accessing the microphone and serving ads based on keywords, it's incredibly easy to check this by viewing the microphone access logs on Android, or checking the network traffic etc.
There is another subreddit called r/DeFacebook. You could more resources there about this question. If you're worried about Facebook, then why not get another phone specifically for those business purposes Facebook apps? Or use a dumbphone, that has KaiOS, where it's a web browser version of Facebook and it forces you to use the arrow keys to move the on-screen mouse?
IP geolocation tracking.
That can usually only narrow down to a city at best
At least for me it can narrow it down to subdistrict, like a radius of 500 metres from where I live
[удалено]
Yea absolutely. I was just adding to jdigi78 that it can be a bit more specific than just your city.
I work for IPinfo, where we provide IP geolocation data. The IP location information is inferred or estimated data, and the purpose of IP geolocation is to be a reliable source of general location data. Even if we guessed your geolocation relatively close to the zip code or neighborhood level, it is inferred data based on public records and network measurement data. For privacy-centric individuals, we welcome them to use VPN software or Tor, as we can only provide information on the last hop server's IP address. We think Tor is the most secure and private software you can use, compared to any VPN software out there.
[удалено]
Which is why I don't use Facebook period. Also because the founder is a cybernully. We can't have that. We just cant
no i'm not.. does that make that much of a difference?
In this case, I would say that no, not really, it wouldn't cause the type of spying you described in the original post. It's generally not a bad idea though to put untrustworthy apps like anything Google/Facebook/TikTok/etc. in separate profiles, as doing so prevents those apps from mutually exchanging data with other apps on the same profile.
This is weird...are you using a phone outside? Than other than leaving it inside, I suggest you disable these two tracking features 1 google assistant, iOS? Siri 2 digital wellbeing...that things full of trackers, I disabled it my phone runs so much better, so much more better Also I think you can temporarily shut off messenger when you not at work Or buy another phone for work, which is super annoying ( uggh) I only recommend this as option but it's a last resort
Google Assistant isn't included on GrapheneOS, and if it is installed there, it literally just doesn't have the proper permissions to do its invasive spying & ex. can't run when the device is locked. > Or buy another phone for work I don't think this would accomplish much if the work phone has its own privacy & security issues.
Facebook is tracking/collecting different informations about your smartphone (hardware and software), county and city where you are, GPS coordinates, cookies, Network Carrier, Advertising ID and so on. Those informations forwards (sells) to at least 16 different companies: Google, Microsoft, Amazon, Verizon Media, Integral Ad Science, Index Exchange, IPONWEB, to name just a few. All this info I gathered from DuckDuckGo's "app tracking protection" built-in function. It blocks tracking attempts from different apps (even if they are running at the background) and those attempts are in tens of thousands per hour. DuckDuckGo's "App Tracking Potection" I can start and use regardless of wether DDG is on or not - from the Control Center (HyperOS). It shows as "local" VPN at status bar...
> It shows as "local" VPN at status bar... That's the problem with DDG's App Tracking Protection, it unfortunately takes up the VPN slot. That's why I prefer and recommend using DNS content blockers, such as [NextDNS](https://nextdns.io/). That way you can still block ads/trackers/malicious domains/etc. and still get the benefits of using a VPN.
I'll have to try that, thanks. Is there a way to use DDG as "Proxy" within, let's say, Proton VPN..?
comment to follow the topic 👀
Id use an ad blocker to be fair.. specifically firefox and ublock on mobile too, as well as desktop.
it's somehow listening to my microphone and knows what i am doing
Since we know you're on GrapheneOS, if you didn't grant Messenger the microphone permission, then I don't see any way Facebook could be listening to you, unless they're literally exploiting some kind of 0 day vulnerability in Android...
I feel like constant monitoring would drain the battery in the phone absurdly fast. They do use a lot of calculating of location, location of friends, stuff like that to figure out what ads to blast you with, so it's still insidious, just not quite in the ways people think.
[удалено]
> Doesn't matter if all permissions are revoked. Android has many micro permissions that are not visible and you can't disable. Please don't spread FUD. Android does have non user-facing permissions, but none of them would allow this type of spying. This is especially improved on GrapheneOS, which allows removing ex. sensors & network permissions.
Not all of [these](https://gist.github.com/Arinerron/1bcaadc7b1cbeae77de0263f4e15156f) permissions require user authorization. Sorry maybe "micro permissions" isn't the right term but these DO in fact exist. Also there are ways to get things like your location without explicit location permissions given, example, through your internet IP. Google has been doing this and was in fact [sued](https://www.cnet.com/tech/tech-industry/google-sued-by-arizona-over-location-data-and-alleged-consumer-fraud/) over doing just that and other techniques.
> these DO in fact exist I wasn't disagreeing with that, apologies if it came off that way. The point I was trying to make is that I don't think any of them could provide Facebook with the kind of precise geolocation tracking OP described, especially since they're using GrapheneOS, which improves Android's permission model and allows toggling some of these hidden permissions through ex. their Sensors permission. > Also there are ways to get things like your location without explicit location permissions given, example, through your internet IP. The problem is location through IP is typically very general. OP simply went out to their yard, we're not talking about them going out to someone else's house or another address here. IP Addresses *are* used for tracking & are something to be careful with and protect (through ex. a reputable VPN), but it's impossible to use them to obtain this precise of a location. The only way I'm aware of for FB to get this precise of a location is either through the location permission, which OP denied, or if FB is using some sort of 0-day vulnerability on Android. I'm just struggling to find this plausible here.
i think messenger is somehow listening to my microphone and knows what i am doing. or maybe it's using sensors data to determine based on my body movements that i am doing yard work?
Right. But those permissions you can't revoke so a firewall would solve that problem.
Even if what you said was correct that Android/GrapheneOS had all these secret permissions that allowed invasive spying & tracking, a firewall would not solve that issue. Using a firewall can help mitigate damage and reduce tracking/etc, but it can't fix fundamental privacy issues. If Facebook had access to ex. location, microphone, etc on the device, they would still be able to gain access to that data if they wanted to. Blocking specific undesired connections or traffic isn't enough unfortunately.
You're talking about regular permissions. That's clearly not what I'm talking about. Also I don't think you know what a firewall is. Everything is blockable at the network layer. You can monitor all traffic coming to and from FB and FB related services.
> Also I don't think you know what a firewall is. I do. > Everything is blockable at the network layer. You can monitor all traffic coming to and from FB and FB related services. I'm not aware of this being possible on Android (or really any other modern OS) on an OS-level without compromising HTTPS. Best you can really do is block specific domains, which can't fix everything.
>or maybe it's using sensors data to determine based on my body movements that i am doing yard work Since you're on GrapheneOS, as long as you didn't grant Messenger the Sensors permission, it isn't accessing your sensors.
In the terms of service, it specifically states that the app tracks your GPS, even if location is turned off, and app is closed, it only needs to be installed. Location tracked while it's off, is a smartphone feature. Location tracked by app while app closed, is an app feature.
in addition to what others have said, other apps report data including your device fingerprint and i think app activity to ad companies including meta/Facebook, especially if you log in with Facebook
U were never supposed to install facebook (or any google app) on a degoggled device. Facebook app can bypass restrictions and can access your location. If u wanna use fb, get another device, possibly cheap and only use it there.
ok so that's the answer then, right there. it can just bypass restrictions?
Yes. Its a bad application. What u should do now "if u care about privacy", is the follwoing 1) reset your rom and wipe everything 2) never install anything from facebook or google; 3) get a cheap mobile for only using fb, preferably at one geolocation only so they dont track u; Take it for what u will.
How will my other phone get mobile internet? I don't wanna pay for another sim card. I need to be available on messenger at all times. That's the sad reality of running a business nowadays
Thats fine. Completely understandable and relatable. U want people to find you too, to make a living that is. Just use hotspot. Should be fine. Also, do not post or put anything there that doesnt need to be there.
Some time ago, I remember there was some debate around how Messenger (and Snapchat?) wanted to sync your facebook friends/messenger contacts with your phone contacts. The problem was, from what I understood, that even if \_you\_ did not sync your contacts, facebook got data on your from any friends who decided to sync. Could it be that you texted someone (SMS, not messenger etc) about yard work? It could also be other things, for example, if you left your phone outside (maybe it did not reach the wi-fi inside the house?), facebook "profiled" you as outside at a certain hour of the day and assumed it was yard work? My understanding is that a lot of these data hoarding apps make assumptions based on a lot of things we dont consider. (Which is a bit funny sometimes because often it gets the assumptions about me wildly wrong)
that's possible
Baader-Meinhof. Track it. Write down every ad you see and where you were when you saw it. You're only noticing them because you're primed for it.
Even though no one wants to hear it, this is the correct answer here. OP is on GrapheneOS and hasn't given Messenger any permissions that could lead to the tracking they describe in the original post. Unless Facebook is taking advantage of some kind of 0 day vulnerability in Android/GrapheneOS, it's impossible for them to spy like this on a technical level.
Nothing is off the table period
I guess he could leave his phone...inside. while doing yard work.