My phone is spying on me, so I decided to spy on it

Updated

If your phone is turned on and has signal, it can be communicating — whether you've asked it to or not — with a wide variety of companies, many of which you won't have any direct relationship with.

And yes, this can happen even when you're not using it.

Your phone and other personal computing devices know an awful lot about you. They know — and often share — things like where you are and where you're going, who you're friends with, what apps you use, which websites you visit and how often you visit them, who you email and call — the list goes on.

So it's worth asking: do you know what information your apps and devices are sharing about you? And who they're sharing it with? I thought I did, but now I'm not so sure.

I'm an avid internet user with a good understanding of privacy. I studied IT and work as a web developer. I reckon I know how plenty of technologies work.

But that very interest in technology and privacy has me reading more and more stories with headlines like Paranoia Is Now a Best Practice and What 7 Creepy Patents Reveal About Facebook. To be perfectly frank, it's getting harder and harder to resist donning that tinfoil hat.

Want to help?

Is there something you'd like to know about the data being shared by your devices? Let me know

I'm expecting a lot of data and might need some help sifting through it. Get in touch if you'd be up for that

of data and might need some help sifting through it. Get in touch if you'd be up for that Let's chat on Twitter where I will be tweeting about what I find using the #DataLife hashtag

You can email me on datalife@abc.net.au

My confidence that I know — mostly — what data is being recorded about me and what information my apps and devices are sharing has been slowly but surely eroding as the revelations keep coming.

As my doubt grew I decided I wanted to know for sure what my devices were actually sharing. Not just feel like I've got a pretty good idea — but really know. So I've hatched a plan to find out, and I'd like your help along the way.

Here's the plan

For about a week I'm going to intercept and record every bit of data sent from my two most personal internet-connected devices: my phone and my laptop. It will include all manner of personal information being sent to companies around the world.

If you're into that kind of thing, you can read all the technical details about how that's going to work.

At the end of it, I'll have something that looks like this.

Once I have the data recorded, I'll start digging through it to see what I can find out. And you'll get a chance to see some of that data too (just not my banking passwords, sorry).

Why does this matter?

Most people will never see the data that's leaving their phone. It's not easy to examine because it takes specialist software and a bit of technical knowhow to intercept it.

We essentially have to trust tech companies to do the right thing.

The problem with trust is that sometimes it's betrayed. And it has been betrayed repeatedly by companies big and small in recent years, like when Google kept tracking location even after you'd turned that setting off.

What do you want to know?

In the data I've already seen while getting everything set up, there are already a few surprises. For example, did you know that every time you open Safari on your iPhone, any website you have in your bookmarks can track that?

As much as I'm doing this to assess my own personal privacy in this smart phone, social media, internet of things age, I really want to have a conversation with you about it.

What are you interested in knowing? What are your concerns about what your devices share about you? Do you even worry about it?

Here's what I think I'll find:

A lot of requests: I'm expecting a lot of data and I think only a minority of requests will have been explicitly initiated by me.

I'm expecting a lot of data and I think only a minority of requests will have been explicitly initiated by me. Big companies will feature heavily: I think lots of requests will be sharing data with big companies like Facebook, Google, Twitter, Apple and Microsoft.

I think lots of requests will be sharing data with big companies like Facebook, Google, Twitter, Apple and Microsoft. Requests that are impossible to trace: There will also be a lot of data sent to companies which are much more obscure, many of which may be difficult to identify. I expect this to be difficult even for me, the person the data relates to.

There will also be a lot of data sent to companies which are much more obscure, many of which may be difficult to identify. I expect this to be difficult even for me, the person the data relates to. Some companies will have a surprisingly complete picture of my web browsing.

So get in touch, let's have a conversation. I'm on Twitter or you can email me if that's your thing on datalife@abc.net.au.

Technical details

If you're the kind of person who's interested in the technical details, here is the short version of how this all works.

I'm creating a VPN which my phone and laptop will use to access the internet throughout the data collection period.

The VPN will route all traffic through a separate virtual machine running mitmproxy, software designed to intercept, test and analyse HTTP requests.

Content and other request data for nearly every request (including HTTPS) will be logged.

There is more detail about the specific setup on GitHub. You could even try it yourself if you're really into it.

Want to keep up to date?

Sign up to keep track of this project, and to hear about interactives, visualisations and good reads from the ABC News Story Lab team. (No more than one email a week, we promise.) to keep track of this project, and to hear about interactives, visualisations and good reads from the ABC News Story Lab team. (No more than one email a week, we promise.)

Topics: social-media, internet-culture, computers-and-technology, internet-technology, information-and-communication, australia

First posted