I believe, Truecaller is an auto opt-in and you have to manually opt out if you want your number not be listed. I had to "unlist" my number manually. Check if your number is already in and then unlist at https://www.truecaller.com/unlisting
One piece of legislation that I wish would exist is a universal opt-out requirement with no contracts. Many times you want to "opt-out" of something they require you to create an account or agree to something.
Since they have already done an action without your consent or agreements they should be able to remove you permanently without requiring you to agree to anything, signing up or mailing crap.
Indeed. You may also want to buy a bunch of (preferably pre-activated) SIM cards, as registering such accounts will require a phone number, and they limit the number of accounts that can be created with one phone number.
IIRC when looking into this some time ago, if someone who has your number uses truecaller then your number will reappear. So depending on your level of paranoia you might want to regularly check that unlisting page.
I just tried to put my phone number through it and it gave no indication of success or failure. Pulled up the debugger and see that it gives a 400 exception of "ProfileNotDeactivated" when I submit my number.
I have had many experiences where I tried to order tea at a small tea-stalls (digitally empowered) on the streets of India, and first thing they ask is my phone number! I reject anyone asking my phone number unless dire and a must-one. I also noticed that almost everyone will blurt out their number when anyone ask them.
Some businesses do exactly the same thing in the US. It is fascinating to be a bystander and hear how willing most people are to just give over their phone number. And of course, not just the store could be recording it, anybody within earshot could.
Many times, yes. But even places like great clips do it, and they're not giving discounts. At best, they might send you ads that give you coupons you could have gotten anyway.
Always worth remembering, in any case, that someone always registers <your-area-code>-867-5309. Use that to get discounts wherever, like Safeway. I remain a little surprised they didn't long ago put that number pattern on a blacklist.
In the U.S., if it's a supermarket or a large chain store, they either sell it to other companies, or use it as a unique ID for your purchase history and customer profile. Sometimes both.
I'm not sure what a small-time tea stall would do.
When you install the app they steal your contact list and populate their database that way. Most people are unaware of this, or don't care since we are a third world country and privacy is seen as a first world problem. The vast majority of thinking here is not very sophisticated about these types of topics. Only a very tiny fraction of the total population is averse to sharing personal information like phone numbers. It's common to see folks post their tax ID numbers etc on public forums, tweets, etc. too.
For a number of years it was quite common for folks in the lowest income brackets to change their phone numbers quite often because of rampant competition between mobile network providers. The "Mobile Number Portability" system was eventually introduced that minimized this to a large degree. Eventually the competition subsided and this reduced significantly to a point where it's not very common anymore per my understanding.
When I need to use Trucaller I use it via their web interface exclusively with a google account that has 0 contacts for them to steal. I remember finding my number listed many years ago as my name with (web developer) in parenthesis, likely stolen from some old customer of mine.
My wife installed TrueCaller on her phone. She is technical but not a developer.
I asked if she knows they steal your contact list and spy on you and her answer was “so? It’s just phone numbers and names and they need to get the data somewhere as they are providing the service for free”
I live in a developed country and we have a high standard of living.
Giving this anecdote to illustrate many people genuinely don’t see TrueCaller’s spying as a big deal. This is unfortunate but it’s how things often are.
Honestly it's the same thing with the (well-educated) people who have their entire lives on the Google cloud and don't have an issue with the privacy practices of Facebook and Tiktok. They know the companies use their data and they don't mind or care - all they want are their free services.
To them features/functionality/cost is first, and privacy is an afterthought. I see this view in a lot of people nowadays.
We definitely need some scenarios where this kind of spying plays out badly for the user, so we can use them in arguments against these practices. Without examples, I can't blame users for calling these dangers hypothetical, really.
It's worth noting that Instagram does this too, under the guise of "Find Your Friends." When you sign up for a new account, they aggressively prompt you to sync your contacts list with the app, and will continually prompt you in the future if you choose not to. Nearly all of my friends have this enabled.
This is not a one-time sync, either. It will upload future new contacts and changes.
And, finally, if you manage to create a new account without a phone number, Instagram appears to flag your account for suspicious activity at some point and mandates that you do. They can then correspond your phone number with other users' contact lists to determine your identity. It can even suss out if you provided a Google Voice/VOIP number and require a "real" one instead.
Contact lists should be treated like PII and have laws and technical controls against sharing them without the permission of the contact. Incredibly difficult to do no doubt. But if people are ok to share their contact let them. Let others opt out.
> When you sign up for a new account, they aggressively prompt you to sync your contacts list with the app, and will continually prompt you in the future if you choose not to.
Even everyone's much-loved Signal does this. Contacts sync is presented as "not now" or "yes forever." The "not now" message even explicitly says they'll bug you again.
No, they're still uploading the same data as they did before (last I looked into it, it was still enough data to rather easily reverse and get pretty good accuracy. if it wasn't accurate, it would have unacceptably many false-positives, so it's a necessary quality of the system).
Regardless of how you hash them, it needs to work on a phone, and it needs to be reasonably unique... so you can just enumerate literally every phone number ever on a decent computer in a few seconds and, if combined with basically any other information at all (like an area code), that's enough to figure out many or most contacts trivially.
The difference, which that article goes into, is that now they're going all-in on you also trusting Intel's SGX and thus every single thing in between you, them, their hardware delivery pipelines, etc. Which makes collecting that data completely ok (it's done securely now thanks to SGX!), because you should obviously trust Intel because CPU vendors have had such a fantastic track record in their on-chip security systems. (</sarcasm> in case that wasn't clear)
There's a lot to like about Signal's privacy, both in isolation and in comparison to other messengers. They're doing great work. But I have absolutely no idea why they persist in this data collection. Their bull-headedness on zero options around it for years on end smells more suspicious than anything else at this point tbh. About 3/4 of the people I've known who installed Signal immediately left forever because someone they knew contacted them to say "welcome" and they got super creeped out wondering how they knew they had joined. And then the contact-er frequently left too because they had no idea it wasn't consensual, and were creeped out as well.
Signal is worse, because when you sign up with a phone number, everyone that has your number in their address book gets a notification from Signal that you signed up.
Facebook has done this periodically over the years as well. So I'm not surprised they ported that feature over or independently evolved to it on Instagram. I had caught on to the concept of breaking the social graph by using a virgin email and never putting in a phone number not even for 2-factor even once. But then there is a great risk that they flag you for "spam" within days or minutes!
Honestly, Apple needs to get in front of this on iOS just like they've done partially with Location data, Photos/Videos, and data brokering. They need to let you select shareable contacts. Kind of like the Circles that Google Wave had. Instead of letting apps force you into an all or nothing approach.
India has a huge problem with spam / robo callers. Also its common for individuals to have more than 1 phone number, see how popular dual sim phones are.
Also true caller adds security when you're from an under represented or a minority groups. I especially know women who use Truecaller to make sure they know who is calling / texting them from new numbers.
You’re playing coy, India is a source of a huge number of the worlds phone scams. With Brazil being the “most spammed.” As a slightly related caveat, with how frustrating the scammers are for me in the Us I can only imagine Brazil. Their phones must ring 24/7.
Probably not. But their job is to keep track of all of this, they’ve clearly made a healthy premium, so I do believe they have a part in both not preventing it at this time and helping to prevent some of it going forward. Not sure what that entails but I get a dozen calls a day and need someone to yell at.
Having multiple SIMs in India will go away, or at least become something only the rich have, it's only a matter of time. This is because having that second SIM is no longer cost-free.
Multiple SIMs in India were a side-effect of it being near-free to have a prepaid SIM to receive calls. This was subsidized by high calling charges (calling from one part of India to another was expensive) and even higher data prices.
Then Jio entered the market with a ground-up 4G network and said, this is BS. Calls and texts are free, with no reasonable limits. We'll only charge you for data, and we'll provide 1.5GB a day or more -- starting at INR 150 a month paid 3 months at a time. The party ended for a lot of operators at that point as they hemorrhaged customers. Most operators simply folded or merged until now there are only 3 private players and one non-serious state player.
Driven by pressure from Jio, the other two private players (Airtel and Vi, aka Vodafone) have decided to amp up monthly charges for pre-paid phones. Essentially, if you're not spending at least INR 120 a month they don't want you. India has number portability so it's not like you're held hostage or anything.
INR 120 sounds super low but it's not for a lot of Indians who earn salaries closer to India's median per-capita income, and also it's an extremely limited level of service, for actual use you need to pay more -- typically around INR 250 monthly for 1.5GB data per day (remember, most Indians don't have wired Internet so 1.5GB data per day is not excessive). Jio and its competitors have hiked prices substantially, of course.
The last refuge for people on limited budgets is the state-run telco, BSNL, but the government will sell it -- it's only a matter of time. Expect prices to spike again, then.
Anyway, multiple SIMs in India are increasingly less viable for ordinary people. It'll take a while for behaviour to change, but it'll change.
Coincidentally, the US is also down to 3 mobile networks.
I wonder what the percentiles is for number of networks in populous and large countries. Perhaps 3 networks is the number of maximum economically viable long term networks due to the enormously high cost of installing all the fiber and cell station infrastructure across the country.
Another data point: Australia basically only has 3 nation-wide mobile networks.
They're broadly compatible from a handset perspective - sometimes there's better coverage for one or the other in some area or newer tech but for most day-to-day use you can get a SIM from any carrier and expect to be able to use it any (non-network-locked) device.
I’ve gone a few steps further and answered the “So?”. My wife thinks I’m a conspiracy nut even though I’ve provided proof of things that have happened. She thinks if it was that wide spread it would have been stopped already.
Fortunately we’ve agreed on not sharing kids pics and information on places like FB insta etc.
Not that someone cares, but in the EU she would be responsible for violating the GDPR. Many people don't know that they are responsible as private citizens.
I think a lot of that comes from the fact that phone numbers being private at all is not a universal consideration. My town still, every year, sends me a paper book full of every resident's address and landline telephone.
It used to be that the phone company would annually throw a book on your porch with everyone in your town's name, phone and address. I can see how someone with that as a mental model for contact lists wouldn't see a problem.
I'm old enough to remember telephone directories. Phone companies would publish listings of name, phone numbers and addresses of everyone who had a phone.
Fun fact: Elector rolls are public record. Your address is already out in the open.
> Giving this anecdote to illustrate many people genuinely don’t see TrueCaller’s spying as a big deal.
That's because it makes no material difference to them.
This illustrates the reverse lookup problem with these services. You can take pains to use a Google account with zero contacts. That safeguards the information of your contacts. But Trucaller already has your information because they get it from other people who have added you in their contacts list, and who aren't as privacy conscious as you are.
Can you explain what it is that gives you the right to hand other people's personal information to another entity?
Especially as part of a commercial transaction to a for-profit company?
"Hey, Bob! I'm going to give some company your name, phone number, occupation, and whatever else I know about you stored in my contact list in exchange for a beer. Is that OK?"
Do you make someone sign a legal document when you give them your number detailing the uses and limitations of how they can share your number? No. You don't.
Once you give your info away it is not "your" info anymore. It is info about you, but you do not own it.
Depends on the jurisdiction. Under the GDPR this might very well be illegal, though obviously enforcement of it is significantly lacking so it's unlikely to ever actually be tested in court.
I don’t know. If you give me a soda, that soda becomes mine to do what I want. I can pour it on the ground, drink it, or give it to someone else. I feel the same way about ways to contact someone. With today’s technology, they can block people they don’t like but it’s not my job to be their gate-keeper.
"When you install the app they steal your contact list and populate their database that way."
What if you avoid using the system default contacts store, i.e., keep it empty, and instead you use an app like OpenContacts.^1 To apps like TruCaller, it will appear the the user has no contacts.
true caller's dumping of one's contact list is no different what facebook did (and does, though now does with a bit more transparency than in the app's earlier days)
no. I'm still pissed off at facebook for doing that, and I tried at one point to convince a class action firm that deals in privacy related things to take it up as a case. I'd like if people who are upset at truecaller for this, aim some of their ire at facebook.
back in 2011. i had "heard" about this. i had an iphone 3GS and an iphone 2G at the time. the 3GS had gotten ios5 if i remember correctly.
installing the app, it asked me very strangely to "allow truecaller to access your contacts". it took me a few moments to decide no. at the time, IOS had a "parental setting" to hide permissions behind a separate password, like location, contacts, payments, gallery, web, yada yada.
i learned that truecaller works on "you give your contacts and in exchange we give you a one way access to just search for numbers with names and not the other way around.
over time, it became ubiquitous, with people relying on it because "who saves a contact".
now its an obnoxious app that comes preinstalled on all cheap custom roms, shows full page ads every time it displays on screen after a call, it even shows up AFTER you have disabled screen overlays, i assume it gets preferential treatment by these rom makers,
this is the reason why i have never signed up to whatsapp or given facebook any contacts access or even 2fa ( old fb account, not logged in 3 years)
I just assume every call not from a contact is spam and let them go to voicemail. It's even a built-in feature of the phone. That's the world we seem to live in now, where the POTS network has been thoroughly corrupted by the mere existence of SIP.
If I give you my phone number, and you have True Caller installed and save my number to your contacts, I unknowingly and unconsensually also give my phone number to True Caller and essentially the entire world.
It was the white pages but yes. That's why there is such a yawning gap between reality, where nobody gives a fuck if you know my phone number, and niche online privacy activism, where for some reason people care a lot.
For one, yellow pages was centrally managed by the phone company you were a customer of, and opt-in (you may be thinking of the white pages for residential customers, which was opt-out). Also, the information in the white/yellow pages is curated and just the name provided by the customer. TrueCaller gets every tidbit of information that your contacts decide to use to annotate your number. Many people use more in the description than just your name.
Thanks for the explanation, I didn’t grow up in the west/US so we had no such thing or service. I just remember movies with big yellow books with contact or company information.
I would say most people would use contacts like “Joe Plumber” or “Maria Tinder”.
Truecaller is kind of a substitute for identifying spam calls where I grew up where there is no alternative. Also helps when someone is calling you and you want to avoid answering them.
Most people definitely don’t care that it’s taking all your contact info though the utility of the app is well worth it.
Indias privacy laws are truly lacking. I am surprised that the government hasn’t enacted any laws for this yet.
I have a number of stories for this. Indians are so used to this that sometimes people are shocked when I say no to sharing information that they request.
For example in a startup, the HR reached out on WhatsApp to all employees in a group and asked for certain documents and information etc.
About Truecaller:
- It’s default opt in (with almost no way to opt out*)
- It requires access to your entire contact list - to mitigate this, I request Apple and Google to implement folders for contacts or something similar to how you can limit access to all photos on iOS per app. That way you can create an empty folder and share it with Truecaller
- It’s also impossible to change the wrong data that Truecaller somehow gets from some other contact list
My sibling recently got a new number and Truecaller assumed some other name and identity. Fellow Indians believe Truecaller more than they believe the person they are talking to (shows how much spam gets passed around)
This is NOT just TrueCaller. The same thing happens with Paytm and other payment apps.
Paytm for example assumed another identity and they requested us to submit multiple docs to prove our identity even though we never used the platform before. Even after multiple attempts and submitting multiple ids they refuse to change the data
In India, privacy is always secondary.
I remember, last time I was at jewelry shop in Western MH, I had to provide PAN card or Aadhar card since purchase warranted this check. W/o even thinking, folks in my family forwarded those details on Whatsapp.
So if you're a tourist you can't buy anything? Weird.
Spain has a similar thing for this, you have to give your NIE/DNIe number everywhere. Like when ordering something online. But not in brick and mortar shops.
Still I find it a very poor practice in terms of privacy.
Buying stuff through QR codes is very common in India now. You can pay for everything from groceries to street food using QR codes. It runs off the government-sponsored UPI standard. However, AFAIK you need an Indian bank account to be able to participate. It's quite a pain coming from abroad, and I just used cash instead. That does mean I have am prone to paying foreign withdrawal fees, but alas. It does work pretty well for the people of India though.
AFAIK you're only required to give these details when your total bill exceeds a certain amount (~50,000?) and it's largely because buying gold/jewelry is a vector of money laundering and tax avoidance. I don't buy jewelry but ran into this recently when my mother wanted some.
Yeah, I truly wonder when 80 percent of population surviving on less than 2-3 dollars a day why doesn't government just double down on privacy first leaving everything else aside.
Not sure why you are being sarcastic. Being poor doesn’t mean people don’t deserve privacy. In fact it can enable for more business opportunities.
Government doesn’t operate in series on an issue one by one. This is why you have so many ministries in the govt. Just because roads don’t exist doesn’t mean govt should stop building railways and only think of roads.
I believe that the point the sarcasm meant to address was that poorer people cannot afford to push back and prioritize their privacy the way that folks with more privilege can.
That's not the point though. Govt can sure enact/enforce tough laws. But poor people just don't care; for a few bucks they will happily part with their IDs and PII info. When demonetisation happened most of the ill-gotten currency made its way to the banking system through poor people's bank account.
In other words, privacy is a luxury that poor people can ill afford. Do poor deserve privacy? Absolutely. But it doesn't take much to get them part with their private data. They are stuck at the lowest level of Maslow hierarchy where as privacy is at least two level above them. Can government do something to protect their privacy? Probably, but I just can't see how it'll be successful when the citizens themselves don't care much about privacy.
I really like the idea to share a fake list. I think creating separate contact list folders is a bit much for the user, but adding a general permission grant option like "As if empty" or "Use placeholder" might be easier. An app requests my contacts? I can "grant" permission to an empty contacts list.
I think this idea generalizes to other permissions too. Want to know my location? I hit the "placeholder" button and the app gets some generic location that never changes. Valid data flows through, so the app can work, but not my private information.
An interesting side effect of these types of companies popped up during the Navalny team's investigation of Putin's alleged yacht in Italy. They got the ship's crew manifest and then used a database like TrueCaller to check it out. The manifest had the crewmember's name and a phone number - so when you look up the number associated with 'Alexander Pechurkin', other people have him listed as "Sanya FSB" "Alexander FSO" and "Alexander Graceful Procurement". [FSB = Russian security services, FSO ~= secret service, 'Graceful' = Putin's previous yacht]. Pretty interesting work history and descriptions for a Boatswain's mate in Italy.
I haven't checked but I'll bet I could get API service (for a fee) from Ekata and query these person IDs they are using and then fill out a whole social graph.
It's a neat trick but other than confirming mobile=true and carrier:
"carrier": {
"mobile_country_code": "311",
"mobile_network_code": "489",
"name": "Verizon Wireless",
"type": "mobile",
"error_code": null
... I haven't found much use for it.
The best way to run truecaller is to install this app called 'Island'. This creates a new profile called work profile for you. Use a new google id for this work profile. Then install true caller inside island. I rarely use it but all I have to do is turn on the work profile, look up a number and then turn it back off.
I keep all crap apps in the work profile since there is a shortcut in the android drawer to turn it off and on in 1 click. I also assume it saves a bit of battery since these apps can't drain it while work profile is off.
I find TrueCaller immensely useful. Especially to filter out and block spam callers. Spam calls and robocalls are a HUGE problem in India. TrueCaller flashes spam callers in red, you can reject the call and save a few precious minutes of your life. About half of the calls I receive a day are spam calls. If I were to answer them all and then reject it would be a waste of time and energy.
Most of these are not scammers trying to scare in the name of tax authorities or IT support scammers. They are mostly tele-callers trying to sell property, insurance, loans, credit cards and such. Nuisance nonetheless.
A cabinet minister (secretary in US administration) got a call like this out of the blue. That is when the India govt work up to the problem. Nothing was done so far though,
I used to use Truecaller, and it is useful, but it got gradually more and more obnoxious over the years, until eventually it would nag you about paid subscriptions whenever you opened the app, and throw up fullscreen ads whenever you received a phone call. So at that point I uninstalled it.
I think this shows limit of GDPR which maybe could be improved by making companies your data is shared with, seek authorization to treat those data directly, maybe let's say you sign up on $ocial network which share your data with mark€ting company, then maybe mark€ting has to send you an email to be authorized? So that Truecalled can get numbers from contacts list, but can't use them if not authorized?
I would love if that were the case, but I don't see how workable it is because caller id is spoofable, and people commonly need to pick up calls from local unknown numbers like doctors offices, mechanic, etc whose number you may not have(or who may call from a whole bank of numbers).
The best bet is to try to get a phone number from across the country. If you live in NY, get a phone number from a city you have no relation to, say Seattle. Then, anyone calling from Seattle is almost certainly spam and you can still pick up 212 or 646 numbers.
I did this by accident. Best bit of advice you can give, honestly. Most people don’t know that if you actually make friends with they guy/gal setting up your account (and not doing it online), you can literally choose your phone number. My phone number spells my (very popular) first name and is from an obscure part of the US. Any phone calls from there is spam. That being said, bots tend to use that prefix for spam, in general and for a few years there, I got a lot texts and calls: “missed call from this number, who dis” and “I don’t want your warranty” type of things. That was annoying.
Truecaller is massively popular in my country as well.
Before I knew any better, I was ignorant of the permissions and saw it as a worthy trade-off since my contact(s) will somehow end up there, if they weren't already. As all it takes is for someone else who has saved my number to download the app and give it permission.
Didn't give them much thought until I started seeing them buy advertisement spots in some of the local daily newspapers. They were getting greedy for more data. From that moment, I deleted my account and created a new account signed in only with a random Microsoft login and the app now lives in the work profile where there are no contacts.
The app will refuse to work until you grant it permission to make calls (read your IMEI pre-Android 10) and obviously read contacts permission. It is also quite intrusive. Coincidentally, the other app I found employing such dirty tactics by refusing to launch at all before being granted sensitive permissions is Whatsapp.
It is genius, really. Evil, but genius. Even just getting a reliable name for every number would be handy, I can see the value. But the killer feature is how much information your contacts leak in their description of you, so all of that can be correlated to build a more detailed picture of you.
I am sure someone can build a truly privacy respecting service like true caller and billion plus phone users in India would just sign up for it for something like Rs 100 a month or would they?
It is astounding that common person understands the tradeoff when using free service but these ignoramus critics do not.
Nobody really wants to pay for services, ever. We have trained them that everyone ought to be free. And the evil genius of truecaller is that you're not being asked to give up your own privacy, you are just giving up your friends'. And of course that comes right back around to you because if just one of your friends feels the same way, you're in the database too.
Was home few days back. Someone needed PAN details from Papa, he shared PAN, Aadhar and all other documents with other person on WhatsApp; including things he didn't ask for.
People don't know privacy and not aware of misuses in India.
And phone number in India is not considered private info. We keep putting banner with number everywhere offline to online.
> Truecaller’s database that includes users who did not register and did not give consent to having their numbers identified.
That's the problem with maintaining absolute privacy. The privacy and security of your information depends on other people even if you do everything to save it.
Many in the comment section told that they are using TrueCaller to avoid spam/robot calls.
In my personal experience, I found that not creating a TrueCaller account itself avoids having spam calls. I tried this by getting a new number years ago. I do get some spams, but from some services that I am using/has used a few months ago, and they want me to get back in (looking at you, ACT fibernet).
Anyway, it's okay to not use such an app for blocking contacts, most modern smartphones has blocking functionality, and some Free/Libre apps has ways to block a number range and works offline without ads. They are more than sufficient for most of us, use them instead.
But as the article said, not having proper legislation is the root cause of this problem, from how many services running in India can you delete your account (not unsubscribe/delete app, but delete “account” with personal information) from? Yeah, think about it.
Truecaller was a royal PITA when it came to privacy until I figured out how to fuck with the system.
1. Anyone that has your phone number and Truecaller automatically gets you a name:phone_number entry in the Truecaller database. To get around this, I created a Truecaller account using my own phone number on a phone with zero contacts and gave myself a fake name(with my choice of subtle cuss words). This takes priority over other entries in the database. Am not sure if it works that way anymore.
2. Anytime I need to look up a number, I sign in using a dummy gmail account that I have.
There were a good few years where people looked up my number on Truecaller and it showed up a very obscene name that would shock em.
136 comments
[ 3.3 ms ] story [ 107 ms ] threadHow do you check whether your number is "in"?
Once you do, you have to log in with either your Google or Microsoft identity and agree to let them download your contacts.
Since they have already done an action without your consent or agreements they should be able to remove you permanently without requiring you to agree to anything, signing up or mailing crap.
Seems seriously shady.
Always worth remembering, in any case, that someone always registers <your-area-code>-867-5309. Use that to get discounts wherever, like Safeway. I remain a little surprised they didn't long ago put that number pattern on a blacklist.
I'm not sure what a small-time tea stall would do.
For a number of years it was quite common for folks in the lowest income brackets to change their phone numbers quite often because of rampant competition between mobile network providers. The "Mobile Number Portability" system was eventually introduced that minimized this to a large degree. Eventually the competition subsided and this reduced significantly to a point where it's not very common anymore per my understanding.
When I need to use Trucaller I use it via their web interface exclusively with a google account that has 0 contacts for them to steal. I remember finding my number listed many years ago as my name with (web developer) in parenthesis, likely stolen from some old customer of mine.
I asked if she knows they steal your contact list and spy on you and her answer was “so? It’s just phone numbers and names and they need to get the data somewhere as they are providing the service for free”
I live in a developed country and we have a high standard of living.
Giving this anecdote to illustrate many people genuinely don’t see TrueCaller’s spying as a big deal. This is unfortunate but it’s how things often are.
To them features/functionality/cost is first, and privacy is an afterthought. I see this view in a lot of people nowadays.
This is not a one-time sync, either. It will upload future new contacts and changes.
And, finally, if you manage to create a new account without a phone number, Instagram appears to flag your account for suspicious activity at some point and mandates that you do. They can then correspond your phone number with other users' contact lists to determine your identity. It can even suss out if you provided a Google Voice/VOIP number and require a "real" one instead.
https://help.instagram.com/195069860617299
Even everyone's much-loved Signal does this. Contacts sync is presented as "not now" or "yes forever." The "not now" message even explicitly says they'll bug you again.
[1] https://support.signal.org/hc/en-us/articles/360007061452-Do...
Regardless of how you hash them, it needs to work on a phone, and it needs to be reasonably unique... so you can just enumerate literally every phone number ever on a decent computer in a few seconds and, if combined with basically any other information at all (like an area code), that's enough to figure out many or most contacts trivially.
The difference, which that article goes into, is that now they're going all-in on you also trusting Intel's SGX and thus every single thing in between you, them, their hardware delivery pipelines, etc. Which makes collecting that data completely ok (it's done securely now thanks to SGX!), because you should obviously trust Intel because CPU vendors have had such a fantastic track record in their on-chip security systems. (</sarcasm> in case that wasn't clear)
There's a lot to like about Signal's privacy, both in isolation and in comparison to other messengers. They're doing great work. But I have absolutely no idea why they persist in this data collection. Their bull-headedness on zero options around it for years on end smells more suspicious than anything else at this point tbh. About 3/4 of the people I've known who installed Signal immediately left forever because someone they knew contacted them to say "welcome" and they got super creeped out wondering how they knew they had joined. And then the contact-er frequently left too because they had no idea it wasn't consensual, and were creeped out as well.
Assuming they are telling the truth, why would you care that your contacts know you also use signal (like them)?
Honestly, Apple needs to get in front of this on iOS just like they've done partially with Location data, Photos/Videos, and data brokering. They need to let you select shareable contacts. Kind of like the Circles that Google Wave had. Instead of letting apps force you into an all or nothing approach.
Also true caller adds security when you're from an under represented or a minority groups. I especially know women who use Truecaller to make sure they know who is calling / texting them from new numbers.
That's everywhere, not just India.
Having multiple SIMs in India will go away, or at least become something only the rich have, it's only a matter of time. This is because having that second SIM is no longer cost-free.
Multiple SIMs in India were a side-effect of it being near-free to have a prepaid SIM to receive calls. This was subsidized by high calling charges (calling from one part of India to another was expensive) and even higher data prices.
Then Jio entered the market with a ground-up 4G network and said, this is BS. Calls and texts are free, with no reasonable limits. We'll only charge you for data, and we'll provide 1.5GB a day or more -- starting at INR 150 a month paid 3 months at a time. The party ended for a lot of operators at that point as they hemorrhaged customers. Most operators simply folded or merged until now there are only 3 private players and one non-serious state player.
Driven by pressure from Jio, the other two private players (Airtel and Vi, aka Vodafone) have decided to amp up monthly charges for pre-paid phones. Essentially, if you're not spending at least INR 120 a month they don't want you. India has number portability so it's not like you're held hostage or anything.
INR 120 sounds super low but it's not for a lot of Indians who earn salaries closer to India's median per-capita income, and also it's an extremely limited level of service, for actual use you need to pay more -- typically around INR 250 monthly for 1.5GB data per day (remember, most Indians don't have wired Internet so 1.5GB data per day is not excessive). Jio and its competitors have hiked prices substantially, of course.
The last refuge for people on limited budgets is the state-run telco, BSNL, but the government will sell it -- it's only a matter of time. Expect prices to spike again, then.
Anyway, multiple SIMs in India are increasingly less viable for ordinary people. It'll take a while for behaviour to change, but it'll change.
I wonder what the percentiles is for number of networks in populous and large countries. Perhaps 3 networks is the number of maximum economically viable long term networks due to the enormously high cost of installing all the fiber and cell station infrastructure across the country.
They're broadly compatible from a handset perspective - sometimes there's better coverage for one or the other in some area or newer tech but for most day-to-day use you can get a SIM from any carrier and expect to be able to use it any (non-network-locked) device.
If I am not mistaken some shell company bought the spectrum then Jio bought the shell company.
Fortunately we’ve agreed on not sharing kids pics and information on places like FB insta etc.
I have zero issues with my neighbors having my phone number. If I lived in a smallish place, extending that would be fine.
I have huge issues with spammers and con artists having it.
A locally distributed physical book works great for the first and, at the very least, makes the second work for it.
Online databases are basically made to order for the second, and are far more extensive than needed for the first.
It is just another example where adding automation and cheap storage actively makes a situation worse.
Fun fact: Elector rolls are public record. Your address is already out in the open.
> Giving this anecdote to illustrate many people genuinely don’t see TrueCaller’s spying as a big deal.
That's because it makes no material difference to them.
Especially as part of a commercial transaction to a for-profit company?
"Hey, Bob! I'm going to give some company your name, phone number, occupation, and whatever else I know about you stored in my contact list in exchange for a beer. Is that OK?"
Once you give your info away it is not "your" info anymore. It is info about you, but you do not own it.
Is it rude? sure, but not illegal.
Depends on the jurisdiction. Under the GDPR this might very well be illegal, though obviously enforcement of it is significantly lacking so it's unlikely to ever actually be tested in court.
okay.
I started using TrueCaller some 8 years back and the biggest reason for me to use it was to prevent Robo callers/spams.
What if you avoid using the system default contacts store, i.e., keep it empty, and instead you use an app like OpenContacts.^1 To apps like TruCaller, it will appear the the user has no contacts.
1. https://f-droid.org/packages/opencontacts.open.com.openconta...
https://github.com/sultanhamer/opencontacts
https://github.com/sultanahamer/opencontacts
Guess which one gets all the apps - It's definitely not the one that costs me over 100$/mo to maintain!
I also want to minimize their information about my network.
Oh it's the classist "I'm smarter than the average person in my country" crowd again.
Why do you assume you know better? Perhaps they know what they're trading and perhaps it's worth the cost.
I don't see anyone in this discussion saying that what Facebook did was OK.
Or is that the point that you're making? Because one person stole a car, it's OK for everyone else to steal cars, too?
back in 2011. i had "heard" about this. i had an iphone 3GS and an iphone 2G at the time. the 3GS had gotten ios5 if i remember correctly.
installing the app, it asked me very strangely to "allow truecaller to access your contacts". it took me a few moments to decide no. at the time, IOS had a "parental setting" to hide permissions behind a separate password, like location, contacts, payments, gallery, web, yada yada.
i learned that truecaller works on "you give your contacts and in exchange we give you a one way access to just search for numbers with names and not the other way around.
over time, it became ubiquitous, with people relying on it because "who saves a contact".
now its an obnoxious app that comes preinstalled on all cheap custom roms, shows full page ads every time it displays on screen after a call, it even shows up AFTER you have disabled screen overlays, i assume it gets preferential treatment by these rom makers,
this is the reason why i have never signed up to whatsapp or given facebook any contacts access or even 2fa ( old fb account, not logged in 3 years)
fuck truecaller
I didn’t grow up with them so I might be wrong.
I would say most people would use contacts like “Joe Plumber” or “Maria Tinder”.
Truecaller is kind of a substitute for identifying spam calls where I grew up where there is no alternative. Also helps when someone is calling you and you want to avoid answering them.
Most people definitely don’t care that it’s taking all your contact info though the utility of the app is well worth it.
I have a number of stories for this. Indians are so used to this that sometimes people are shocked when I say no to sharing information that they request.
For example in a startup, the HR reached out on WhatsApp to all employees in a group and asked for certain documents and information etc.
About Truecaller: - It’s default opt in (with almost no way to opt out*)
- It requires access to your entire contact list - to mitigate this, I request Apple and Google to implement folders for contacts or something similar to how you can limit access to all photos on iOS per app. That way you can create an empty folder and share it with Truecaller
- It’s also impossible to change the wrong data that Truecaller somehow gets from some other contact list
My sibling recently got a new number and Truecaller assumed some other name and identity. Fellow Indians believe Truecaller more than they believe the person they are talking to (shows how much spam gets passed around)
This is NOT just TrueCaller. The same thing happens with Paytm and other payment apps.
Paytm for example assumed another identity and they requested us to submit multiple docs to prove our identity even though we never used the platform before. Even after multiple attempts and submitting multiple ids they refuse to change the data
Aadhaar - “Universal” identifier. Needed for pretty much anything. Including, apparently, buying jewellery.
Spain has a similar thing for this, you have to give your NIE/DNIe number everywhere. Like when ordering something online. But not in brick and mortar shops.
Still I find it a very poor practice in terms of privacy.
Government doesn’t operate in series on an issue one by one. This is why you have so many ministries in the govt. Just because roads don’t exist doesn’t mean govt should stop building railways and only think of roads.
In other words, privacy is a luxury that poor people can ill afford. Do poor deserve privacy? Absolutely. But it doesn't take much to get them part with their private data. They are stuck at the lowest level of Maslow hierarchy where as privacy is at least two level above them. Can government do something to protect their privacy? Probably, but I just can't see how it'll be successful when the citizens themselves don't care much about privacy.
I think this idea generalizes to other permissions too. Want to know my location? I hit the "placeholder" button and the app gets some generic location that never changes. Valid data flows through, so the app can work, but not my private information.
https://youtu.be/WyYp9xPLa8s?t=423
These lists must be a gold mine for intelligence agencies.
Ekata reverse phone is a plugin inside the twilio plugins directory (or whatever they are calling it this week).
I wrote a unix command named 'lookup' which takes a single argument (phone number) and spits out "associated people" in a nice yaml output:
I haven't checked but I'll bet I could get API service (for a fee) from Ekata and query these person IDs they are using and then fill out a whole social graph.It's a neat trick but other than confirming mobile=true and carrier:
I keep all crap apps in the work profile since there is a shortcut in the android drawer to turn it off and on in 1 click. I also assume it saves a bit of battery since these apps can't drain it while work profile is off.
The best bet is to try to get a phone number from across the country. If you live in NY, get a phone number from a city you have no relation to, say Seattle. Then, anyone calling from Seattle is almost certainly spam and you can still pick up 212 or 646 numbers.
Before I knew any better, I was ignorant of the permissions and saw it as a worthy trade-off since my contact(s) will somehow end up there, if they weren't already. As all it takes is for someone else who has saved my number to download the app and give it permission.
Didn't give them much thought until I started seeing them buy advertisement spots in some of the local daily newspapers. They were getting greedy for more data. From that moment, I deleted my account and created a new account signed in only with a random Microsoft login and the app now lives in the work profile where there are no contacts.
The app will refuse to work until you grant it permission to make calls (read your IMEI pre-Android 10) and obviously read contacts permission. It is also quite intrusive. Coincidentally, the other app I found employing such dirty tactics by refusing to launch at all before being granted sensitive permissions is Whatsapp.
It is astounding that common person understands the tradeoff when using free service but these ignoramus critics do not.
People don't know privacy and not aware of misuses in India.
And phone number in India is not considered private info. We keep putting banner with number everywhere offline to online.
That's the problem with maintaining absolute privacy. The privacy and security of your information depends on other people even if you do everything to save it.
In my personal experience, I found that not creating a TrueCaller account itself avoids having spam calls. I tried this by getting a new number years ago. I do get some spams, but from some services that I am using/has used a few months ago, and they want me to get back in (looking at you, ACT fibernet).
Anyway, it's okay to not use such an app for blocking contacts, most modern smartphones has blocking functionality, and some Free/Libre apps has ways to block a number range and works offline without ads. They are more than sufficient for most of us, use them instead.
But as the article said, not having proper legislation is the root cause of this problem, from how many services running in India can you delete your account (not unsubscribe/delete app, but delete “account” with personal information) from? Yeah, think about it.
1. Anyone that has your phone number and Truecaller automatically gets you a name:phone_number entry in the Truecaller database. To get around this, I created a Truecaller account using my own phone number on a phone with zero contacts and gave myself a fake name(with my choice of subtle cuss words). This takes priority over other entries in the database. Am not sure if it works that way anymore.
2. Anytime I need to look up a number, I sign in using a dummy gmail account that I have.
There were a good few years where people looked up my number on Truecaller and it showed up a very obscene name that would shock em.
I hate Truecaller so much!