• Blaster M@lemmy.world
    link
    fedilink
    English
    arrow-up
    67
    arrow-down
    3
    ·
    9 months ago

    Don’t buy a phone on collateral credit (like from a cell provider that “gives” you a phone with service). If you must, ebay a phone and use paypal.

    If you can’t afford a $1200 phone by paying for it in “cash”, you need to aim lower.

    • electricprism@lemmy.ml
      link
      fedilink
      arrow-up
      22
      ·
      9 months ago

      Comments from the last post indicated it made no difference to having the killswitch on their devices as per screenshots.

      Still I agree, buying on credit is not a good idea.

    • coffeeClean@infosec.pubOP
      link
      fedilink
      arrow-up
      15
      arrow-down
      3
      ·
      edit-2
      9 months ago

      I must say Paypal shares customer data with over 600 corporations among other scummy things, so I boycott them. I also boycott eBay because the javascript required to use their website port sniffs your LAN and feeds that back to them, apart from other evils.

      But most importantly, I’m not necessarily worried that I would personally get burnt by this. But just like my unwillingness to buy an Intel CPU with a management engine (or AMD’s flavor of this), I am unwilling to buy a product that was designed to work against me. I do not want to finance anti-consumer suppliers. ATM I don’t know how to check whether my version of AOS has this “feature”.

      (BTW, I’m not the OP; I just linked their post here)

      • Blaster M@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        edit-2
        9 months ago

        Sniffs your local pc to look for remote desktop and vnc ports on it. I can see this being useful in finding RAT risks, but the portscan thing is something the browser should be blocking or sandboxing.

        As for PayPal, well, your cc / bank also shares lots of data.

        If your threat modelling is that severe, your best bet is Tor Craigslist, a couple blokes packing heat and a briefcase of money in a place with no parking lot surveillance.

        But then at that point security and safety is on you and your mates to implement.

        • coffeeClean@infosec.pubOP
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          edit-2
          9 months ago

          As for PayPal, well, your cc / bank also shares lots of data.

          Paypal is not a bank. Paypal is an additional MitM. Using Paypal adds another surveillance capitalist to the chain along with your bank and credit network. But indeed, the banks and credit cards are shit so I am fighting the war on cash quite hard. I’ve already been dragged into court for insisting on paying a creditor in cash. I won that case and will continue insisting on cash payments.

          If your threat modelling is that severe

          My threat model simply includes mass surveillance. Which is in the threat model of everyone who understands and embraces privacy. It’s worth noting that it’s not purely and infosec stance. I also object to feeding a supplier who is acting against me. The moment I detect that a supplier is working against me, I walk on ethical grounds. They have failed to earn my business. The snooping just happens to be the manner in which they are working against me.

          your best bet is Tor Craigslist,

          I was doing that at one time but something pushed me off. I don’t recall what… whether it was SMS verify or CAPTCHAs or phone numbers or fussy email address verifiers… something drove me off.

          • Blaster M@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            9 months ago

            Can’t help you there. Buying stuff isn’t anonymous, even brick and mortar stores have cloud surveillance cams now.

            • coffeeClean@infosec.pubOP
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              9 months ago

              Most of my shopping is done at street markets. When a big parking is filled with vans and portable tables on a weekly basis, there is no surveillance. But if I need something very particular then the cash option gets threatened. E.g. I would like to have a Flipper Zero but these are never at street markets and not even on any shelves anywhere.

              • Synnr@sopuli.xyz
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                9 months ago

                I have a Flipper Zero (and case and the extra components) that I’ll 99.99% likely never use. I’d love to get cash for it but I’d be asking twice what it’s worth because I like having it on ‘what if’ grounds.

                But I feel you, it’s unfortunate about the state of things. The EU just banned privacy coins. US is soon coming I’m sure. They won’t allow people to legally use them after the release of a central bank coin.

      • deur@feddit.nl
        link
        fedilink
        arrow-up
        1
        arrow-down
        5
        ·
        9 months ago

        So you just don’t buy anything? Get over yourself and your unhealthy obsessions.

        • coffeeClean@infosec.pubOP
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          9 months ago

          Ethical consumers patronize the lesser of evils, and go without if it’s feasible given only quite shitty options. Affluenza-driven OCD consumption is the unhealthy obsession that ethical consumers manage to avoid.

    • MisterFrog@lemmy.world
      link
      fedilink
      arrow-up
      10
      arrow-down
      3
      ·
      9 months ago

      I’m OOP, I bought this Pixel 6 phone outright directly from Google. This system app has no business being on my phone.

      And even IF it was purchased on credit, this is such an unfair power dynamic which hurts the most vulnerable in society.

      Miss a phone payment, get locked out, haha have fun trying to access your bank account (many people have a phone as their primary computing device to access banking, and further, many banks might have SMS 2FA).

      I say, there is no excuse for this. There were repo methods before software locks, and we’d ought to keep it that way.

      It doesn’t appear to actually be used, at least in Australia, but having the functionality built in at all should be straight up illegal in a caring society.

    • cm0002@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      9 months ago

      I don’t think any of the major (I know someone will probably come in here and tell me about some tiny provider that’s only in like 2 states that does) US carriers that do phones on secured credit, they default to unsecured credit. Maybe, they have an alternative plan for people with not so great credit, but I doubt it.

      • coffeeClean@infosec.pubOP
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        9 months ago

        Someone in the original thread said this swindle does not apply to the US. Though I’m a bit surprised… it’s the first place where I would expect this to happen.

        • halcyoncmdr@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          The US carriers install their own software loads onto phones they sell, with similar functionality, they don’t need to use this mechanism.