Contacts and Privacy

We analyze the contact list

July 2024 is very hot, you have noticed that in this period the auto electricians have a great job in recharging the air conditioning circuit of old cars, giving new freshness to the car. In the most difficult cases even if recharged, after a few days, the air conditioning may not work because it no longer cools. The solution is to understand where the circuit, now old, is leaking by blowing refrigerant with a tracer element.

To understand where the system flaws are is essential to be able to bring the current situation back to a coherent and safe state, everything depends on a greater awareness of our security flaws and to open up our confidential data to the outside world.

Are you able to activate your tracking elements to reveal where you have security and privacy gaps?

First intervention, which you had never thought of

Once upon a time there was an address book that you saved in the memory of your phone SIM, limited in the number of contacts and the number of characters to record. We all breathed a sigh of relief when big tech companies gave us a hand in welcoming our precious contacts into their cloud address books.

We complicate things: you that buy a Samsung or Xiaomi or Motorola do not understand why they in their turn offer a duplication of services including calendars, contacts, photos, cloud, music, appstore compared to the more coherent Google Pixel.

The answer is that you/we are their marketing product and they need to feed from the address book to build relationships. Everyone brings water to his mill, with a twist that if you want to continue reading the article I will reveal to you.

Google the big spy

Wherever you save your address book, on your mobile phone, on cloud of the brand of your mobile phone, Google has powers that go beyond the area of competence of the single application, so everything can bypass the consents to access your address book as other apps are forced to do, such as WhatsApp, Telegram and your trusty smartwatch.

Case study: the contact photo

If you export a contact or an entire address book through the vCard format

As the photos look like in the vCard registered on the Google cloud:

BEGIN:VCARD
....
FN:Tizio della Caio
...
PHOTO:https://lh3.googleusercontent.com/contacts/XYZ6tqnBPfsdy\_9uH2ZsMT\_9vut
 UbPTM3Nau7WkxNWZukuYDgLAvAnkNs
...
END:VCARD

Come si presenta la vCard registrata sul un sistema con traccianti assenti:

BEGIN:VCARD
....
FN:Tizio della Caio
...
PHOTO;ENCODING=b;TYPE=jpeg:/9j/4AAQSkZJRgABAQAAAQABAAD/4gHYSUNDX1BST0ZJ...
...
END:VCARD

The fact that the photo information is retrieved from the web and not incorporated into the vCard allows Google to know at any time what path the contact has taken, on which phone (version, brand etc. etc.), at which advertising identity the address book contact is associated with and I dare not think of how much other data it may hold.

Do you care about privacy?

You have been very careful not to add a photo of yourself in your contacts and social networks, think about it… you are still screwed if one of your contacts associates a photo of you in the address book with your telephone number or tags your name from a photo.

There is the solution

You throw to the nettles your phones and switch to Nokia 3110.

Below is the list of things to do (challenging): change phone with an operating system that brings Google’s operation inside a sandbox meaning all Google programs will have the same operation as a normal application without having any privileges. Adopt a profile system that allows you to completely isolate applications and without Google services, if you really can’t live without it create a specific profile. For example, to run banking applications, Android Auto and other gadgets. Adopt a home server CardDAV, CalDAV ¹ that provides service to the whole family independently from Google.