While there is certainly some way of blocking those requests, it is important to understand the consequences of doing so. From my understanding this would block the download of A-GPS data at the very least. So unless you don’t use your GPS at all, this might get sort of annoying as you’ll have to wait quite some time for a fix.
1 Like
just used GPS with OSMand yesterday and got a fix after 2-3 minutes.
It really depends on the circumstances. With A-GPS it’s usually a question of seconds. Depending on how old the cached GPS data is, it could be relatively fast or dozens of minutes before the GPS chip has downloaded the relevant almanac data. Just saying, you can do whatever you think is right with that information, of course.
2 Likes
Some German broadcasters under public law have website wrappers for their TV teletext online, especially the mobile versions are pleasantly minimalistic, for example https://www.ard-text.de/mobil/100
2 Likes
@hirntot : DivestOs developer = @SkewedZeppelin. See some posts in this thread.
There are 3 parts pending from Android: GrapheneOS, CalyxOS und Co. unter der Lupe – Custom-ROMs Teil1 ⋆ Kuketz IT-Security Blog : /e/, GrapheneOS and DivestOS
And I wouldn’t be surprised if in the next weeks the last one makes the race 
Whatever this AVV contains, it does not matter. As Qualcomm is a company located outside the EU, transferring any personal data of EU based users to outside the EU is illegal¹ according to the GDPR. Also, there was no informed consent to transferring data to Qualcomm, which also makes it illegal. (yes, I know, this makes quite a lot of devices and software in the digital world illegal)
No, this “feature” is not necessary for using the Fairphone as a smartphone. Also, no matter whether it was necessary or not, an informed consent would be needed, which is clearly missing here.
Thanks for these questions. They render the “necessary” statements of other users incorrect.
Regarding IP addresses, see the ECJ’s ruling on Breyer’s case. Overly simplified: Yes, IP address can be personal data.
The concept of IMEI is similar to the IP address: Both are globally unique and chosen by your ISP. The IMEI is persistent, which makes it even more likely personal data than the (potentially dynamic) IP address.
The quotes by Qualcomm describing which information their chips are sending basically confirm that they are violating the GDPR. I bet if their (GDPR aware) lawyer read this text, it would never have been published. In case anyone wants to sue Qualcomm or a smarphone vendor using Qualcomm chips, this might be all the evidence needed.
Disclaimer: I am not a lawyer, just someone with interest in civil rights necessary to keep our democracy running. Also, I’m not involved with any smartphone or smartphone OS vendor. I do own a Fairphone, and while it has a few (mostly security/privacy) deficits, it is still my favorite smartphone.
¹ This is especially true for the US, with the EU-US Privacy shield being declared invalid by the ECJ
3 Likes
As you mention the privacy shield
And overall, no its not illegal to transfer data to US, as long as the US company adheres to EU law (simplified). Its not that black and white neither with GDPR.
1 Like
Not a security guy, I tend to belive what a renowned German security consultant 5 and hacker has to say about it (from his blog, Google translation with minor correction):
But he obviously writes nonsense (using his words). Even Qualcomm admits that they collects individual device data (serial, IP, …): Privacy Policy | Qualcomm (4th paragraph).
I don’t remember an opt-in process as mentioned in paragraph 2 of that text.
He posted on April, 28, based apparently (by his link) on the Nitrokey page. I am not sure Qualcomm and Nitrokey left their pages unrevised after both got a lot of flak. Possibly Qualcomm admitted the data collection later, and Nitrokey may have added substantial information not posted at the time, I have not checked now.
But I trust fefe based on that, although in political/societal/matters he gives sometimes (intentionally?) distorted information and claims later it were continuous training in critical media alertness (“Medienkompetenzübung”), I don’t remember him ever doing that with technical security matters (and leave it uncorrected).
He has the laudable habit of posting “updates” (only on web page, not in RSS) that expand context, correct misunderstandings, add reader-provided info, etc… If he was wrong (and reader will tell him) this is openly admitted and corrected, leaving the original post untouched. The post in question has such an update, but it only expands on encrypted cloud storage and e2e encrytion.
Fefe aside, thank you for sourcing deeper up to date information! That’s helpful.
1 Like
@kraltix
I emailed fefe my corrections and never received a reply or noticed any follow up on their website.
In the time since this issue came out, numerous systems have put mitigations into place, see my updated notes: https://divestos.org/misc/gnss.txt
I still also hold that my DivestOS has had mitigations for this on many devices since 2017.
If he accepts mail from you. When I attempted to reach him, my mail was summarily rejected. No way to argue.
I still read his blog, though increasingly with misgivings about his positions on many things.
I had recognizable material or content suspiciously inspired from my mails appear in updates several times, and at least three (that I remember, maybe more) posts recommending web pages I recommended to him.
…A matter of tastes/interests maybe.
That’s how I know his habits for years. He sure has a lot of knowledge but he has not a style of communication I can accept between intelligent people who grew up with a cultural background.
Therefore I stay with “but he obviously writes nonsense”.
If the corrections were sent very soon after his post he surely should have posted a correction. But then, he seems to have only a brief period of reading mails and post corrections to a post, and you may have missed the time window.
Or something… After all, that’s just some guys blog, not a bug tracker or a reference site that should be up to date forever. I guess the number of mails he receives for a post ranges up to the lower three digits, and he will have to resort to only skimming subject lines to keep a sane mind. Writing juicy subjects would increase the chance of a reaction then. 
With a high number of mails, ‘arguing’ personally about posts, especially in replies to individuals, is not feasible if you have a full time job and a life, and I’d not expect him to be superhuman. I had a good number of mails that went without any discernible response, but then, I did not nourish high expectations to see one. So I don’t invest too much time when I compose a mail to him.
Let’s agree we disagree here, and thanks again for the info update!
I didn’t mean that the mail was ignored. It was rejected as in bounced. I got it back from his MTA.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.