>We live in a world absolutely awash in corporate and state surveillance, where virtually all parties constantly position themselves to increase information gathering. We are literally talking about an abuse of the fine print in TOS by a government entity, and I am paranoid?
There's a pretty big difference between "some apps collect your location data and sell it, there's some clause buried in the ToS authorizing them to do it", and "your phone has hardware/software backdoors to collection location data even if the option is explicitly turned off". The former can plausibly be defended in court, whereas the latter is obvious fraud. Before you claim "but big corporations are above the law!", google recently paid millions to settle a lawsuit for tracking users in incognito mode, which sounds evil but was pretty banal in actuality. They didn't add some sort of backdoor to exempt their domains from incognito mode. Rather, they treated incognito sessions as regular sessions, such that if used incognito mode but visited a site that used google analytics, your visit would still be recorded.
>This is honestly so basic it almost feels like gaslighting to call me paranoid. Either keep your phone in a metal box, or presume it is compromised. Just like the the most basic level of opsec for virtually all relevant government agencies.
The police also has the ability to bug your house, but I think it's pretty paranoid for the average joe to think their house is bugged. "opsec" also involves doing a threat assessment and understanding what the most likely risks are, not assuming the FSB is out to get you and hiding in a bunker.
The OS and preinstalled / uninstallable apps from the OS provider, the phone manufacturer, the hardware manufacturers, sometimes the network provider have their own TOS, their own gag orders, etc. The TOS undoubtedly extends to the UI toggle, and even if it didn't they are almost certainly under gag orders about that functionality anyways. That is what I see as virtually unavoidable. Just accept that you are compromised and that your efforts are to mitigate, not eliminate data exfiltration.
You don't need to go full prepper mode to recognize the situation. I just want to promote honest awareness, not a specific course of action as a consequence of that awareness. My threat assessment is that this happens nonstop. It has been revealed to be the case in the past, in the present as per this article, and undoubtedly will only continue in the future.
>The OS and preinstalled / uninstallable apps from the OS provider, the phone manufacturer, the hardware manufacturers, sometimes the network provider have their own TOS, their own gag orders, etc. The TOS undoubtedly extends to the UI toggle, and even if it didn't they are almost certainly under gag orders about that functionality anyways. That is what I see as virtually unavoidable.
Again, there's a pretty big difference between an opt out, and a system that outright betrays the user. Moreover, what you said might work for someone who has location services enabled in the OS and don't realize there's preinstalled facebook with pre-approved permissions, but OP specifically mentioned disabling location services in the OS, which should disable it for all apps regardless of whether it's pre-approved.
There's a pretty big difference between "some apps collect your location data and sell it, there's some clause buried in the ToS authorizing them to do it", and "your phone has hardware/software backdoors to collection location data even if the option is explicitly turned off". The former can plausibly be defended in court, whereas the latter is obvious fraud. Before you claim "but big corporations are above the law!", google recently paid millions to settle a lawsuit for tracking users in incognito mode, which sounds evil but was pretty banal in actuality. They didn't add some sort of backdoor to exempt their domains from incognito mode. Rather, they treated incognito sessions as regular sessions, such that if used incognito mode but visited a site that used google analytics, your visit would still be recorded.
>This is honestly so basic it almost feels like gaslighting to call me paranoid. Either keep your phone in a metal box, or presume it is compromised. Just like the the most basic level of opsec for virtually all relevant government agencies.
The police also has the ability to bug your house, but I think it's pretty paranoid for the average joe to think their house is bugged. "opsec" also involves doing a threat assessment and understanding what the most likely risks are, not assuming the FSB is out to get you and hiding in a bunker.