The problem is, I want location tracking. I want a piece of software to tell me where I left my headphones or my wallet. I want it to let me know that I left the house without my bag. I want to have a piece of software Tell me where I was 3 Thursdays ago at 7pm for what the date was The last time I went to a certain park. I want my navigation software to tell me that I need to make a left turn up ahead.
I just don’t want Apple or Google to have that information.
My carrier and my ISP know where I am, that is unavoidable. They don’t even need GPS to tell that they know where their assets are and they know which of their assets I’m connecting to. I am quite certain the NSA has access to that data as well.
sunzu2@thebrainbin.org
on 17 Jan 13:29
nextcollapse
I am quite certain the NSA has access to that data as well.
Yes and they don't want foreign actors to have it... You would think they would see this security vulnerability a decade ago but I guess they thought they were so far ahead on the gestapo game. Now everyone realized that telling corpos trade this data is a bad idea. But instead of lobbying for proper frameworks to protect the citizens we limo dick advice from your "friendly" glowie.
Clown approach to public police and national security. Sometimes it feels like they aren't even trying to do their stated jobs, they are ein the business of pleb control if we go by their behaviour but they surely don't provide "national security"
ace_of_based@sh.itjust.works
on 17 Jan 13:37
nextcollapse
Sometimes it feels like they aren’t even trying to do their stated jobs, they are ein the business of pleb control
I’m with ya. It’s like they have given up governance and desperately want us to forget that’s kinda what they’re for
stringere@sh.itjust.works
on 17 Jan 14:57
collapse
That’s exactly what they’ve done because their goal is to run the country like their own company.
Which is why going forward I am open palm slapping anyone who tells me they want the country run like a business.
ace_of_based@sh.itjust.works
on 17 Jan 15:11
collapse
I think ross perot started it. Can i ask you to go back in time and get ta slappin’? Save the timeline!
Yes and they don’t want foreign actors to have it…
They really don’t mind the westernized countries having it. Hell they share it with other 5 Eyes countries. What they very much mind is adversary nations having it.
You would think they would see this security vulnerability a decade ago
The NSA was publicly warning about this in 2020 as part of the original “Ban TikTok” push. The DoD was working to limit location data on smartphones at least as far back as 2014 and they got the warning to do that from the NSA.
The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.
They claim to have precise loc data, unless that’s not what you meant
homesweethomeMrL@lemmy.world
on 17 Jan 16:10
collapse
This data is harvested from apps rather than the phones themselves, as EFF explains, “each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called real-time bidding’ (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of.”
In this case, they took it from a marketing agency, who collected it from apps, who got it from the phones.
The “app” adds location services as a permission requirement. Then they add the API for the advertiser. When they app runs, it calls the API which gathers location data.
So you’d think you can just disable location services for the app.
But what happens when they end up stealing it from Waze, or Tile, or Apple. What happens when google just sells it to people?
The only reasonable option is to turn it off at the phone level. But even then, aGPS knows. Your Carrier knows.
To stop this from being a thing, it needs to be done from the ground up with a privacy respecting OS run by a privacy respecting company, serviced by a privacy respecting server.
so basically never.
homesweethomeMrL@lemmy.world
on 17 Jan 16:54
collapse
But what happens when they end up stealing it from Waze, or Tile, or Apple. What happens when google just sells it to people?
Indeed.
To stop this from being a thing, it needs to be done from the ground up with a privacy respecting OS run by a privacy respecting company, serviced by a privacy respecting server.
Google, Apple, etc selling the data is actually unlikely. They don’t want other advertisers data to be as competitive as their own.
The smaller players though, get more profit selling data because they’ll never compete with the giants on the targeted ads front.
MonkderVierte@lemmy.ml
on 18 Jan 11:21
nextcollapse
There’s the option of removing the main tracking framework, at least on Android (Play Services) or flashing a privacy respecting custom ROM. And Android has the “allow only during usage” option.
01189998819991197253@infosec.pub
on 18 Jan 23:13
collapse
I am quite certain the NSA has access to that data as well
DigitalNirvana@lemm.ee
on 17 Jan 13:48
nextcollapse
So what are y’all well informed, and security conscious folx doing? Truly location data can be useful for me, for people I want to know sometimes, but gets kind of concerning for certain entities to know and be able to track over time.
xombie21@lemmy.dbzer0.com
on 17 Jan 20:17
collapse
It’s an open-source alternative to Google maps but by linking it to home assistant it allows my wife to find my last known location if I go MIA, like get into a car crash. I prefer it since I store the location data on my own server and can control who has access to this information.
despotic_machine@lemmy.dbzer0.com
on 17 Jan 15:19
nextcollapse
I personally never bought nor have used a smartphone, and always use VPN services. I stopped focusing all my time on my IT career, work minimal hours now, and bought a small piece of farmland where I spend as much time as possible offline and outside. Just me and the police drones and spy satellites. 😆
Monument@lemmy.sdf.org
on 17 Jan 16:56
nextcollapse
This is my semi-lazy approach. I’m sure someone is going to tell me all the ways that I’m falling down on this front, but…
I switched over to iPhone in like 2019. I started getting ‘stealth’ ads in google maps while driving, and I just could not deal with it. It made me reconsider all of Google’s products, and I made an effort to get away from them. (The stealth ads were like “In a quarter mile, continue past the [name of store] on your right” on a perfectly straight road. At the time I was giving a lot of thought to dark patterns and how they influence our behavior, and I just could not see that occurrence as anything other than manipulation. Ironically, I’ve since learned it may have actually been due to GIS errors thinking the road curved when it didn’t, and Google not having a nearby street to use for reference, but like… I don’t know, and I don’t care.)
On my iPhone I set it up to never send advertising ID/opt out of ad personalization.
I don’t give apps permissions they don’t have a clear reason for needing - Your camera can give away your location because of photo geotagging. Network access can report on what devices you have on your network as well as your network information, which is something that’s trackable and geolocatable. In an extreme edge case, network access could be used to find file shares on your network and use those to gather information about you. Bluetooth for same reasons. There are advertising networks based on Bluetooth, since your hardware MAC is not changeable and is freely shared. It can be used to track your location within a store, or figure out where you’ve been. A device that connects your identity (email login or something) to your bluetooth MAC can be used to build profiles on where you’ve shop and what sections you loiter in stores. And obviously, location access. I semi-routinely audit which apps are on my phone, and remove ones I don’t use and restrict permissions that I may have granted for a good reason but no longer need the app to have.
I don’t use the same email for anything anymore. I use an email masking service to generate emails for different services.
I never give my last name to any site unless it’s for billing. And I often don’t give my real first name. I never give my real birthday to any site that isn’t engaged with money or the law.
I’ve removed or made ambiguous my profile on almost all social media. I no longer post my face to the internet.
I have used (but am not currently using) a service to request to remove me from online marketing/info sites like spokeo or whatever.
I also use a network-wide advertising blocker on my home network, and while I do have smart devices, they are blocked from internet access, with an upcoming plan to completely put them on an offline and isolated network.
The other thing that I did (accidentally) was to buy a new car that does not share data with advertisers or insurance companies. (Yet/to the best of my knowledge.) I’ve also gone through and audited my old accounts and requested not just account deletions, but data deletions. This is especially important for services that may have health, financial, or purchasing data.
When I move, I never file a change of address with USPS. First - I just know what’s important to me and update those addresses. But second, the USPS maintains a database of everyone in the U.S. called the National Change of Address (NCOA) Database, and that is more or less monitored by junk mail advertisers to track where people physically are and to send them junk mail. The only time I get junk mail that’s addressed to me is when my information is shared against my will from financial institutions under this stupid exception.
My next thing that I may wind up doing is seeing if I can start acquiring throwaway phone numbers to forward to my real number, so online services that require a phone number for delivery or whatever cannot use that piece of information consistently or well.
That all does sound like a lot, I guess. But it doesn’t feel like a lot. I just live my life and try not to leak my data.
Most of that (and the issue this article is about) would be moot if the U.S. would just pass consumer privacy protections, but noooo, we can’t have that. Instead they’re going to theatrically whine about other countries and pass laws to help Facebook and bolster U.S. controlled propaganda-outlets while not doing anything to actually solve the problem(s).
Thank you, that’s very thorough. And fortunately I’m just a few steps away from that level, so tightening up my act
won’t be such a chore.
vulture_god@lemmy.dbzer0.com
on 17 Jan 20:51
collapse
I use graphene OS and Magic Earth instead of Google maps. I only turn on location when navigating. GOS also surfaces app permissions in a more obvious and granular way so I tend to reject most permissions and wait to see if it breaks anything. I also try to use open source apps from F-Droid instead of the Google store. If I need an app on Google store, I use Aurora as my client so I can install apps anonymously.
There’s a number of additional steps I take. Although it seems like a lot, I still feel like I’m not doing everything I could. What really matters though is that I’m always making progress over time.
The degoogle sub is a good resource, as is the !privacy@lemmy.ml comm.
homesweethomeMrL@lemmy.world
on 17 Jan 14:54
nextcollapse
Our phones know where we are and they know where we have been—the problem is they have a nasty habit of sharing that information with others.
What. The. Fuck. Do you think you’re doing?? A “nasty habit”??? You know good and goddamned well they’re designed specifically to do that, and that location data is among the most prized of all personal information.
What sort of mindfuck juice are you chugging to write an inconcievably idiotic sentence like “phones do the cutest thing - they leak your location data! OMG! Squeeee”
riskable@programming.dev
on 17 Jan 15:04
nextcollapse
Jokes on them: It’s a trivial matter to leave location tracking on and then leave your phone at home, ship it somewhere, tape it under a bus seat, drop it from a bridge on to a barge, etc.
TheReturnOfPEB@reddthat.com
on 17 Jan 15:23
nextcollapse
I’m not letting the NSA design my use of technology nor am I letting Forbes be the siren song of my personal security from technology.
No one listened to Snowden a decade ago…but now the explanation is…official??
ShellMonkey@lemmy.socdojo.com
on 17 Jan 17:00
nextcollapse
Really? But my flashlight app says it needs location permissions to work…
My biggest gripe with Android perhaps is that somehow the nearby devices/location permissions is tied into WiFi and Bluetooth rather than just having a separate ‘communications’ permission to say who can use the network links.
unexposedhazard@discuss.tchncs.de
on 17 Jan 18:39
collapse
I dont really understand what you mean by the second. If an app has WiFi and Bluetooth access, then it has location access. Not including WiFi and Bluetooth under location permissions would be very bad, because the average person doesnt understand that those things can be used to locate you.
ShellMonkey@lemmy.socdojo.com
on 17 Jan 18:55
collapse
It could go both ways. Simple example might be an offline GPS app, allow it location but not network other than when downloading maps. Network based location is a crude thing at the IP level, but can get pretty accurate if based on BT/WiFi access point.
It’s a bit better with the ‘only when in use’ option on modern versions, but ‘in use’ could be a bit subjective if an app keeps a running service in the background. I seem to recall that Graphine has them split out as two distinct things.
unexposedhazard@discuss.tchncs.de
on 17 Jan 19:02
nextcollapse
Oh i see. CalyxOS has a built in firewall app to restrict that, which is handy.
The device will try and feed this info to Google for location when GPS can be reached. It’s possible to turn off, but the fact that it can be used is troubling. Anything that can be turned off at a toggle can get flipped back on with an update.
Per app? iOS has the same. And on always allow it’ll nag you several times saying app X used your location Y times over Z days, are you sure you want to keep “always allow”?
But iOS quickly gets annoying when talking about actually turning it off altogether. Have to go to the settings menu, can’t just pull down the quick settings drawer.
I don’t know about iOS, but on Android you can make a widget on your home page and set it to go directly to a setting of your choice. I did this for location.
But iOS quickly gets annoying when talking about actually turning it off altogether. Have to go to the settings menu, can't just pull down the quick settings drawer.
bluetooth and wife work the same... makes you wonder if user really need all that "convenience"
threaded - newest
US government: “Location tracking is bad and dangerous”
Also US government: “We’re not going to ban it, because that’ll cost corporations money”
Also US government: “We’ll just tell everyone to turn it off, so that it’s their own fault from now on!”
The left hand knows not what the right hand is doing.
The Shadow(government) knows.
shhhhh! They’ll hear you!
But I was in the light…
The problem is, I want location tracking. I want a piece of software to tell me where I left my headphones or my wallet. I want it to let me know that I left the house without my bag. I want to have a piece of software Tell me where I was 3 Thursdays ago at 7pm for what the date was The last time I went to a certain park. I want my navigation software to tell me that I need to make a left turn up ahead.
I just don’t want Apple or Google to have that information.
My carrier and my ISP know where I am, that is unavoidable. They don’t even need GPS to tell that they know where their assets are and they know which of their assets I’m connecting to. I am quite certain the NSA has access to that data as well.
Yes and they don't want foreign actors to have it... You would think they would see this security vulnerability a decade ago but I guess they thought they were so far ahead on the gestapo game. Now everyone realized that telling corpos trade this data is a bad idea. But instead of lobbying for proper frameworks to protect the citizens we limo dick advice from your "friendly" glowie.
Clown approach to public police and national security. Sometimes it feels like they aren't even trying to do their stated jobs, they are ein the business of pleb control if we go by their behaviour but they surely don't provide "national security"
I’m with ya. It’s like they have given up governance and desperately want us to forget that’s kinda what they’re for
That’s exactly what they’ve done because their goal is to run the country like their own company.
Which is why going forward I am open palm slapping anyone who tells me they want the country run like a business.
I think ross perot started it. Can i ask you to go back in time and get ta slappin’? Save the timeline!
You think the time line would be better if George Bush won?
You mean GHW Bush, grandson of Prescott Bush who was too busy helping Hitler get into power to take part in the Business Plot? That one?
You forgot the likely involvement with the assassination of JFK, too.
He would have won a second term if Ross Perot hadn’t split the vote.
They really don’t mind the westernized countries having it. Hell they share it with other 5 Eyes countries. What they very much mind is adversary nations having it.
The NSA was publicly warning about this in 2020 as part of the original “Ban TikTok” push. The DoD was working to limit location data on smartphones at least as far back as 2014 and they got the warning to do that from the NSA.
And yet this data is freely being traded as we speak...
Good job spooks 🤡
IT’S JUST THE ADVERTISING ID. NOT THE LOCATE PHONE PART.
Brought to you buy jerks who haven’t had their coffee yet and read TFA.
FTA, that TA linked to as it’s source
They claim to have precise loc data, unless that’s not what you meant
In this case, they took it from a marketing agency, who collected it from apps, who got it from the phones.
The “app” adds location services as a permission requirement. Then they add the API for the advertiser. When they app runs, it calls the API which gathers location data.
So you’d think you can just disable location services for the app.
But what happens when they end up stealing it from Waze, or Tile, or Apple. What happens when google just sells it to people?
The only reasonable option is to turn it off at the phone level. But even then, aGPS knows. Your Carrier knows.
To stop this from being a thing, it needs to be done from the ground up with a privacy respecting OS run by a privacy respecting company, serviced by a privacy respecting server.
so basically never.
Indeed.
Same as it ever was.
Google, Apple, etc selling the data is actually unlikely. They don’t want other advertisers data to be as competitive as their own.
The smaller players though, get more profit selling data because they’ll never compete with the giants on the targeted ads front.
There’s the option of removing the main tracking framework, at least on Android (Play Services) or flashing a privacy respecting custom ROM. And Android has the “allow only during usage” option.
I’mma drop this here.
So what are y’all well informed, and security conscious folx doing? Truly location data can be useful for me, for people I want to know sometimes, but gets kind of concerning for certain entities to know and be able to track over time.
Maybe running an OwnTracks server or something?
I run owntracks to my home assistant instance, it works great!
What is owntracks useful for?
It’s an open-source alternative to Google maps but by linking it to home assistant it allows my wife to find my last known location if I go MIA, like get into a car crash. I prefer it since I store the location data on my own server and can control who has access to this information.
I personally never bought nor have used a smartphone, and always use VPN services. I stopped focusing all my time on my IT career, work minimal hours now, and bought a small piece of farmland where I spend as much time as possible offline and outside. Just me and the police drones and spy satellites. 😆
This is my semi-lazy approach. I’m sure someone is going to tell me all the ways that I’m falling down on this front, but…
I switched over to iPhone in like 2019. I started getting ‘stealth’ ads in google maps while driving, and I just could not deal with it. It made me reconsider all of Google’s products, and I made an effort to get away from them. (The stealth ads were like “In a quarter mile, continue past the [name of store] on your right” on a perfectly straight road. At the time I was giving a lot of thought to dark patterns and how they influence our behavior, and I just could not see that occurrence as anything other than manipulation. Ironically, I’ve since learned it may have actually been due to GIS errors thinking the road curved when it didn’t, and Google not having a nearby street to use for reference, but like… I don’t know, and I don’t care.)
On my iPhone I set it up to never send advertising ID/opt out of ad personalization.
I don’t give apps permissions they don’t have a clear reason for needing - Your camera can give away your location because of photo geotagging. Network access can report on what devices you have on your network as well as your network information, which is something that’s trackable and geolocatable. In an extreme edge case, network access could be used to find file shares on your network and use those to gather information about you. Bluetooth for same reasons. There are advertising networks based on Bluetooth, since your hardware MAC is not changeable and is freely shared. It can be used to track your location within a store, or figure out where you’ve been. A device that connects your identity (email login or something) to your bluetooth MAC can be used to build profiles on where you’ve shop and what sections you loiter in stores. And obviously, location access. I semi-routinely audit which apps are on my phone, and remove ones I don’t use and restrict permissions that I may have granted for a good reason but no longer need the app to have.
I don’t use the same email for anything anymore. I use an email masking service to generate emails for different services.
I never give my last name to any site unless it’s for billing. And I often don’t give my real first name. I never give my real birthday to any site that isn’t engaged with money or the law. I’ve removed or made ambiguous my profile on almost all social media. I no longer post my face to the internet.
I have used (but am not currently using) a service to request to remove me from online marketing/info sites like spokeo or whatever.
I also use a network-wide advertising blocker on my home network, and while I do have smart devices, they are blocked from internet access, with an upcoming plan to completely put them on an offline and isolated network.
The other thing that I did (accidentally) was to buy a new car that does not share data with advertisers or insurance companies. (Yet/to the best of my knowledge.) I’ve also gone through and audited my old accounts and requested not just account deletions, but data deletions. This is especially important for services that may have health, financial, or purchasing data. When I move, I never file a change of address with USPS. First - I just know what’s important to me and update those addresses. But second, the USPS maintains a database of everyone in the U.S. called the National Change of Address (NCOA) Database, and that is more or less monitored by junk mail advertisers to track where people physically are and to send them junk mail. The only time I get junk mail that’s addressed to me is when my information is shared against my will from financial institutions under this stupid exception.
My next thing that I may wind up doing is seeing if I can start acquiring throwaway phone numbers to forward to my real number, so online services that require a phone number for delivery or whatever cannot use that piece of information consistently or well.
That all does sound like a lot, I guess. But it doesn’t feel like a lot. I just live my life and try not to leak my data.
Most of that (and the issue this article is about) would be moot if the U.S. would just pass consumer privacy protections, but noooo, we can’t have that. Instead they’re going to theatrically whine about other countries and pass laws to help Facebook and bolster U.S. controlled propaganda-outlets while not doing anything to actually solve the problem(s).
Thank you, that’s very thorough. And fortunately I’m just a few steps away from that level, so tightening up my act won’t be such a chore.
I use graphene OS and Magic Earth instead of Google maps. I only turn on location when navigating. GOS also surfaces app permissions in a more obvious and granular way so I tend to reject most permissions and wait to see if it breaks anything. I also try to use open source apps from F-Droid instead of the Google store. If I need an app on Google store, I use Aurora as my client so I can install apps anonymously.
There’s a number of additional steps I take. Although it seems like a lot, I still feel like I’m not doing everything I could. What really matters though is that I’m always making progress over time.
The degoogle sub is a good resource, as is the !privacy@lemmy.ml comm.
What. The. Fuck. Do you think you’re doing?? A “nasty habit”??? You know good and goddamned well they’re designed specifically to do that, and that location data is among the most prized of all personal information.
What sort of mindfuck juice are you chugging to write an inconcievably idiotic sentence like “phones do the cutest thing - they leak your location data! OMG! Squeeee”
Jokes on them: It’s a trivial matter to leave location tracking on and then leave your phone at home, ship it somewhere, tape it under a bus seat, drop it from a bridge on to a barge, etc.
I’m not letting the NSA design my use of technology nor am I letting Forbes be the siren song of my personal security from technology.
Why would I trust either of those sources ?
Have fun not using AES then.
I would just like to clarify I’m not a fan of the NSA. Just it’s not unusual for them also support security. I believe SELinux even stems from them.
Thanks for the suggestion… NSA?
That was my first thought too. Like, thanks for the reminder but aren’t y’all the ones who kinda want my location data on?
Yeah, them saying this really just means that they dont need location data to spt on you
No one listened to Snowden a decade ago…but now the explanation is…official??
Really? But my flashlight app says it needs location permissions to work…
My biggest gripe with Android perhaps is that somehow the nearby devices/location permissions is tied into WiFi and Bluetooth rather than just having a separate ‘communications’ permission to say who can use the network links.
I dont really understand what you mean by the second. If an app has WiFi and Bluetooth access, then it has location access. Not including WiFi and Bluetooth under location permissions would be very bad, because the average person doesnt understand that those things can be used to locate you.
It could go both ways. Simple example might be an offline GPS app, allow it location but not network other than when downloading maps. Network based location is a crude thing at the IP level, but can get pretty accurate if based on BT/WiFi access point.
It’s a bit better with the ‘only when in use’ option on modern versions, but ‘in use’ could be a bit subjective if an app keeps a running service in the background. I seem to recall that Graphine has them split out as two distinct things.
Oh i see. CalyxOS has a built in firewall app to restrict that, which is handy.
<img alt="" src="https://discuss.tchncs.de/pictrs/image/e2803757-b980-48b0-a168-124ac76f6b36.png">
Why should it be allowed to see the wifi SSID etc.?
<img alt="" src="https://lemmy.socdojo.com/pictrs/image/34c5363f-c6d6-42d0-b4f4-ab09a53001e3.png">
The device will try and feed this info to Google for location when GPS can be reached. It’s possible to turn off, but the fact that it can be used is troubling. Anything that can be turned off at a toggle can get flipped back on with an update.
I remember when government institutions caught a company doing shit like this they’d just cut their balls off, not issuing a whining psa
Really? I thought they’d deep throat them for data?
.
Android has a “allow only during usage”.
Per app? iOS has the same. And on always allow it’ll nag you several times saying app X used your location Y times over Z days, are you sure you want to keep “always allow”?
But iOS quickly gets annoying when talking about actually turning it off altogether. Have to go to the settings menu, can’t just pull down the quick settings drawer.
I don’t know about iOS, but on Android you can make a widget on your home page and set it to go directly to a setting of your choice. I did this for location.
bluetooth and wife work the same... makes you wonder if user really need all that "convenience"