Paranoia OS

Relevance of data poisoning

With the modern data practice whether companies want to target users with ads (As quote from Triston Harris "The business model of google is to get everyone to buy 0.3 pairs of shoes"), or government wanting to crush descent and have an atomized society (authoritarian/autocratic societies actually are easier to govern as you can just solve the people who raise the issues instead of the issues).

Incentive structure

While places like EU focuses on using laws to ban certain practice, as we see in US the political climate can flip on a dime over night. A truly widely adopted system that will remove companies incentive to collect your data.

Core idea of removing incentive

If the data collected is useless to the data collector, it will remove company's incentive to collect and analyze such data.

Design requirement of Paranoia OS

OS level modification (can be a deeply customized distribution of Linux/Android which has some of the core packages modified)

• For wider access, it needs to be free, but can not be opensource (How to make it financially sustainable?)
  • Reason it needs not to be open source is that if it's open source, the companies will very fast implement countermeasures. Unless the implementation can be on a layer that application software (even factory installed software like google/apple pre-install which we assume will have more system level privilege) won't be able to recognize API call (I don't think it's achievable, but I'll be happy if I'm wrong) 
• Enabling condition
  • Modern data plans are cheaper with more GBs, and most people have access to WiFi at most of the time.
• Core Idea
  • Account traffic sharing and scrambling for non essential data (eg, not identity/financial related info), this is less feasible, as this targets more of a core function from Apple/Google, that the company will probably just change TOS or just modify the software to ban this.
    • Explanation, when a request of google map location is sent, the all users world wide will randomly send location update/request through eathother's account. In this way, knowing a certain account's location wouldn't yield any analytic value to remove their incentive to collect this data.
  • A more feasible idea to disincentivize application level apps to collect data.
    • A lot of modern apps seems to request a lot of unnecessary permission to tap into user's media/calendars/contact lists.
    • Modern Mobile OS has Allow/Allow one time/Deny options. however a lot of apps will just quit if you deny the access. So for convenience, most users will just allow to use the function, basically caving to company's demand.
    • Other than the existing options, add a fourth option like "spoof" or "scramble", that it give app the information, but instead of streaming in real data, it will stream fake data. It's implemented in an OS level so the app will have no way to know.
      • Eg 1. when contact list permission is asked, it will give the contact of randomly generated (prelim idea, as companies may be able to detect this trick) contacts, allowing the user to use the app while not showing realife personal contact to the company.
      • Eg 2. when location is asked, instead of feeding real location, a random location is fed to the app. This might need a more nuanced setting, as sometime it might be ok if you appear to be in another country, but other times, giving proximate location probably make sense, but system can prevent the precise location being given allowing the company to know your pattern of life.
    • One way access: some time like video/image app will legitimately need to save video/image, there should be an option to let them access the media folder where the app can only see the files the app created. (This will need to implement new feature to the FS in OS cores to make app full can't distinguish that it only have partial access)

Potential is still dim

While the hypothesis is when data are scrambled/spoofed, it poisons the data enough where the company will not be able to generate meaningful/useful analytics, it will disincentivize companies to even implement data collection mechanism that ultimately will benefit all users. The effect won't be significant enough if it doesn't hit a critical mass of users. And this kind of software usually exist in the form of custom ROM which is only accessible to very few tech guru who know how to JTAG/flash a phone or root the android.

But it doesn't mean if a dev community is interested in this idea, they can't start putting something together to test a proof of concept.