Fauxx is an open-source Android privacy tool that poisons data broker and ad-tech profiles by generating continuous, plausible, off-demographic synthetic activity from your device. The goal is simple: make your real behavioral signal statistically indistinguishable from noise.
Not my project, but though this is really cool and worth sharing.
I wonder if you could set up a second phone that is logged in with all your accounts, then use it for FAUXX, currently concerned about battery usage / background usage of device.
Like, does it need to be running continuously ALL DAY to effectively poison? Or is sometimes usage helpful? Second phone idea solid?
Anyone understand the data collection better have thoughts?
This method wouldn’t combat device fingerprinting, so it would be trivial for everyone but the aggregate data brokers to filter out as noise.
For a strategy like this to work, your legitimate traffic needs to be indistinguishable from the random traffic.
So basically it has to be running while you’re using it, and on the device your primarily use?
not necessarily. if ‘you’ are sending traffic, i (someone interested in your data) don’t really care where it comes from. Em is correct that it’s trivial to filter out, but it’s also another data point that is interesting and potentially relevant for them, so in practice they won’t.
tracking has gotten to the point where they can infer connections based off of users that have no interaction but otherwise share a location for a period of time (think coffee shop wifi, work). you have things in common with those people. maybe not a lot, but enough to be relevant in someone’s dataset somewhere.
so no, it doesn’t have to be running on your primary device to be relevant. i’d argue that it simply being on your home network would be enough.
I just found this app on droidify, really cool idea. Id love to see something similar on Linux. (imnotsure if something like that already exists)
Interesting, how useful is it if I’m always behind a VPN and browse privately (hardened browser, ad blocker, no-script, never logged in etc.)?
May be wrong but the way I see it it doesn’t help me much?
i only did a quick readthrough so my understanding of how it works is probably flawed. that said:
you could consider split-tunneling a browser outside of your normal stack for fauxx to pollute. that way your real activity remains as close to “ghost” as possible, and gives your device a fake fingerprint that will fool anyone not directly targeting you.
the reason I’d suggest doing it that way is that nobody’s personal device hygiene is perfect. flooding with synthetic data is a great way to help conceal when you slip up.
you’re kind of giving me a blank slate to talk here so let me hit the biggest point that is tangential to this conversation.
the easiest point for me to make is that if, on your phone, you bought your SIM card (and attached phone number) with payment info that can be tracked to your bank and your real name, your location is compromised whenever that card is online. this is something that the vast majority of privacy enthusiasts either neglect due to lack of knowledge, or cannot afford to remove from their threat profile due to the pervasiveness of cell networks in day to day life.
The most recent example i can give of this being necessary to consider in your privacy posture: In the US, ICE is using this combination of personal information and compromised locations to focus their efforts in neighborhoods with a primarily minority population.
whenever that card is online
Do you mean when the card is an active card viable for use? Or stored in the phone somehow? I’m curious what online means and if I am doing it… I don’t have any payments connected to a mobile phone but I do have a SIM card, probably paid for with a now expired card.
