Posted by todsacerdoti 4 days ago
Location tracking of phones is out of control (arstechnica.com)
https://news.ycombinator.com/item?id=41930818
Related comment:
486sx33 8 hours ago | next [–]
About 2 years ago, an isp we use for one of our operations in Canada called R… which is also a media company and an advertising company… came to us and said hey! We have this amazing new technology , all you do is geofence your competitors and then we will retarget anyone who visits their location with your web ads for as long as you want! Since they are also the isp for mobile data , they just force replaced ads for the targets web browser. (Basically they inject ads)
They also made it clear their system is not at all dependent on your phone location services or even your advertiser ID, since they are the isp and the cell provider they just use your SIM ESN to track you. ( cell towers know where their users are, with better accuracy than ever now )
It worked, but it’s darn scary. This has been around for awhile.
If you've gone one step further and disabled location access for apps and disabled the global ad id, it would seem difficult to do the searches described.
The article refers to "25 percent of Apple phones". Is that just legacy phones running older versions of iOS prior to removal of IDFA?
If only our society had some orderly process to balance privacy with public safety - such as by having the cops explain to a judge why they need to track a given person, for how long, and so on.
Perhaps also some rules about what counts as a good enough reason, and telling judges they can't grant overly broad, blanket permission.
Someone should put something in the constitution about that.
> One DEA official had told Reuters: "Parallel construction is a law enforcement technique we use every day. It's decades old, a bedrock concept."
Constitution or not, they're doing it.
[0]: https://theweek.com/speedreads/651668/hundreds-police-office...
They've tried that approach but it's actually less efficient than "good old fashioned police work" because it turns out that 99/100 of your hits are gonna be lawful weirdos, 1/100 is gonna be a petty drug dealer and the career advancing prosecution you actually wanted would have been much easier to find by using normal methods like inferring that a dealer has a supplier, a spy has a handler, etc, etc and trying to suss out who those people are. The NSA figured all this out post 9/11 when they were building data haystacks in search of terrorists.
What the data haystacks do get used for is dragnet policing wherein an agency picks some crime they're gonna go hard on, pulls up a bunch of results of people who probably did it, tosses all the people who are likely to pose any risk to them (e.g. you don't see the ATF knocking on doors asking about Temu glock switches in bad parts of Detroit) and kicks in the doors of whoever's left.
The data haystacks are also really useful for witch hunts when they get egg on their face and need to make someone pay, like that time they prosecuted anyone and everyone who they could construe as having done anything to help the kid who bombed the Boston Marathon, and the January 6 people of whom a great number were certainly just hapless.
And this is in addition to the usual "opposition research" like the FBI bugging MLK and all that sort of crap.
Parallel construction makes the mere existence of these data sets extremely dangerous.
Not being skeptical, but curious
For example: https://marketinginsidergroup.com/marketing-strategy/digital...
This has been a widespread problem for the better part of at least half a decade, likely much more.
They managed to outsource it on accident just because of a shared need with advertisers to target people.
i think most people are on the fence / undecided, and the few that do "pick a side" only do so based on their personal life experiences (which includes family and community influences)
Also, people are influenced by what other people say, especially people in tech. You can see people on HN saying how hopeless it all is. People on HN and your social circle are listening to what you say.
Convenience wins out for the vast majority of people. People just want to be left alone and have nice things. As long as it is just advertisers knowing everything, the masses just won't care. Even if the state starts to take action, as long as it doesn't happen to them, they won't care either.
For some reason, when it comes to other causes, people repeat the obviously false (and hypocritical) right-wing talking point that it's all useless and hopeless.
(Throwing around words like 'wack' and 'preaching' isn't evidence or a stronger argument.)
These are not my words, but words I've been called when droning on and on about the evils of social media and ad tech. <shrug>
Welp, that's the final straw I needed to nuke that fucking GasBuddy app from my phone. Goddamn I hate them so much
https://news.ycombinator.com/item?id=16776028#16776762
I've pretty much deleted all apps. I'm working on dumping my phone all together but shit like mandated 2FA is screwing that up.
All you’d need is a camera to read QR codes, a display, a few kB of storage and some pretty basic processing.
But then I guess that storage would need to be encrypted with some sort of authentication. Hmm.
We could call it something like Web Authentication. I could even imagine small, keychain-sized USB authenticators that you have to touch a capacitive button on to approve an authentication :)
If you go to Settings -> Privacy, the top two options in iOS 18 are:
* Auto-deny Advertising ID access
* Which apps have location access ("X always, Y while using the app" is summarized right at the top)
Is that possible with IOS to avoid Apple? I think not.
Edit: Clarified my question as to what's possible with IOS.
I've heard that from a number of folks on various forums, although I have not experienced that myself.
No one has forced me to use such an app. Probably because I'd rather have my tonsils extracted through my ears than do anything financially related on my device.
Perhaps I'm just curmudgeonly and set in my ways, or perhaps my 25+ years of professional infosec experience tells me that these devices (brand/version/OS is irrelevant) are hopelessly insecure and shouldn't be used for anything important.
I'm guessing probably a bit of both.
That being said with the exception of Qubes desktop devices are dramatically less secure than Graphene, so unless you're foregoing digital payments altogether I don't see how you could avoid some degree of risk.
Why would I want to use anything from those scumbags?
>That being said with the exception of Qubes desktop devices are dramatically less secure than Graphene, so unless you're foregoing digital payments altogether I don't see how you could avoid some degree of risk.
You're talking out of your ass and it smells that way too. Yuck!
There are popular third-party libraries, used by apps, offering whatever functionality.
Those third-party libraries do deals with whoever, to include into the library whatever code it is the whoever wants to get out onto a ton of phones.
I worked for a company in Germany, who wanted to get some Bluetooth base station detection functionality out into phones, so they could track people.
Company put Bluetooth base stations into a bunch of locations, and then paid a major third-party library to include their code.
Bingo. One week later, millions of phones being tracked.
When you install an app, you are in fact installing God knows what from shady friend-of-a-friend-of-a-friend, who's got money.
Do not install commercial apps. Only install open source apps. Anything else, you're going to be abused, whether you know it or not.
This advice is about as practical as "go live in a cave". At some point, you have to decide whether avoiding the privacy harm limits your ability to function, and sadly, that is increasingly the case.
Crazy I work with Zoomers that install seemingly every dumb retail app so they can get a dollar off a Big Mac or whatever.
There's no reason for a "McDonalds App" to be on anyone's phone. I can wait a few minutes in line, thanks.
But, to answer your question, yes: I just checked and the spread seems to be $5.19 to $4.19 here. But to circle back to your original premise it's quite possible that even $15-ish is not worth the glucose/time spent interacting with this objectively terrible app and then driving to some likely inconvenient station
And that's why I gave my mother my iphone and went back on the wasteland that is Android.
She, as a normal person, doesn't understand all of these and go with the default settings. With apple it means she has 75% chance of being protected, with Google 80% chance of being tracked.
Me, as a nerd, i know about advertising id and I even root my phone to have afwall firewall.
This is why Google is just bad, they always technically allow you to do the right thing but it's buried under a ton of sub menu and convoluted settings. On purpose of course, their goal is to make money.
You can complain to the Irish DPA (because that's where the broker is likely hiding, pro-forma), which will respond within a year or two with a request for more information.
If the broker made the mistake to be domiciled in a location with a more competent DPA or you are willing to drag them to court, you might stand a better chance.
The developer got kicked out of the Play Store for bogus reasons, and had to continue to develop it as an externally funded effort. Support him, buy a pay what you want license, and give him a couple bucks for it if you value open source software like this.
(I'm not affiliated with the project, I just love the app and it runs on all my degoogled devices)
Additionally, degoogle your phone by installing an open source ROM like GrapheneOS [4] or LineageOS [5], and install only the most essential apps on your phone.
There's also App Warden [6] which audits installed apps, by scanning them for malicious libraries and adtrackers. It's based on the dataset provided by Exodus Privacy [7] where you can search for Apps or their APK identifiers and find out what kind of fingerprinting libraries they're using. For example, this is what the Facebook App uses behind the scenes [8].
Don't install gapps and neither the google play services. If you want an app store for the convenience of updates of open source apps, there's also f-droid [9], a libre app store for Android.
Additionally you should keep in mind that every app that needs google play services to run is spyware, by definition of what these services offer as APIs. Websites that require you to install their app to "verify" you are usually spying on your activity.
[1] https://openwrt.org/toh/start
[2] https://openwrt.org/docs/guide-user/services/dns/adguard-hom...
[5] https://wiki.lineageos.org/devices/
[6] https://gitlab.com/AuroraOSS/AppWarden
[7] https://reports.exodus-privacy.eu.org/en/
[8] https://reports.exodus-privacy.eu.org/en/reports/com.faceboo...
say, my parents own phones but don't do much on them except navigation, photos, messaging, and web browsing. if you're not into Uber, Doordash, mobile banking, and so on, then you're not really giving up much by switching to the alternatives.
generally, it's harder to _remove_ something from your life than it is to forego _adding_ it. if you're content with the functionality of your tech as it exists today, then a feasible route to de-apple/de-google really is to just not start doing too much _new_ with it, and within some number of years you'll find the alternatives have developed to the point where you can switch to them without going backward.
--
We made surveillance capitalism the default method of financing every free-at-point-of-use service on mobile devices before we understood what that meant, and people now have zero perception of the worth of mobile-based software. People happily pay for desktop software but the decades of everything on a phone being free by default despite the economics of that making no sense have made it borderline impossible to sell software to people for their phones.
At the same time government has been completely asleep at the fucking wheel with regard to any regulation to protect consumers. Consumers shouldn't have to know the "tradeoffs" of free software, they shouldn't need to vet vendors of software on app stores for privacy policies. People should be protected by default. This "informed consumer" garbage is why we can't get anything done in a regulatory sense because these companies will make the argument that users consented when talking to any layperson user of MyFitnessPal will have you understand they really did not within 5 goddamn minutes.
Could people read terms of service? Yes. Do they? No, because people have shit to do and nobody aside of an activist or someone with an interest in it is going to read 110 pages of terms of service each from the 50 services they're currently using and it's unreasonable to suggest that they should, and that's JUST the reading, even if they read it, do they understand it? Because most people according to a stat I saw recently about the United States read at about a sixth grade level, which is going to be a struggle to get through any legal document. And 4% apparently are completely illiterate.
I don't mean to rant here but this pisses me off so much. Our entire society is constructed around a set of assumptions about people who are at least some level of educated, with decent english literacy, who have the time and energy to dedicate to managing these various things, and yeah, if you're that theoretical person, you can probably do quite well for yourself in the United States. But what if you aren't?
What if you're one of the millions who have to work three fucking jobs to survive and don't have time to read the terms of service for twitter, and just want to relax? What if you're illiterate? What if you're disabled in some way that impedes your ability to read, or your ability to understand what data harvesting is or means? Does your inability to meet the standard I've outlined above just mean you're fodder for the scummy business alliance, ready to be taken advantage of at every single turn by everyone who can, because it's more profitable that way even if it means you will be broke, exposed, and/or otherwise exploited at every single turn and probably have a pretty miserable life?
I am long tired of living in a society that is clearly, bluntly, at every turn designed for companies to live and thrive in and not people. I'm tired of people being hung out to dry because "freedom." Nobody needs or wants the freedom to be recklessly and hopelessly exploited to the ends of the goddamn earth, and I'm sick of pretending there's no way for us to know that difference.
/rant
Not to be overly cynical, but I believe this is a feature, not a bug. I don't believe it's isolated to any one political ideology though. The system seems to rely on a perpetual underclass, and if you are slightly outside the norm or deficient, the system tends to use you as mulch for the uber wealthy's private jet funds.
I think it could work. You can call, text (probably hard, I remember those swipe-out keyboards) so you should be good in an emergency. But that's it - the rest you do on your desktop, where you have far greater control over the software you use and far less data available (no location, no photos, etc).
The trouble is there's some gaps. If you want decent pictures, you'll need a camera. If you want to do something simple like check your email, it's a whole thing.
I recently graduated college and by my senior year a lot of college functionality was done over phones (and phones only, no desktop or browser options). This ranged from ordering food at an official campus store, to requesting an advisior meeting or basic administrative functionality (tracking financial aid, filing a course exemption request). Granted, for the last you still could do it via other methods like email or an in person visit, but it was heavily deincentivized. Even the LMS switched to something that was designed as mobile forward.
The other thing I've noticed is that some countries like India effectively run on the phone and a dumb phone doesn't cut it for any business deals or even purchases. It's all done on the phone. You use your phone to order groceries, pay for them, and then track the delivery.
I'm actually flying now and things like TSA digital ID and CBP's MPC make it such a massive QoL difference that I think you'd be hard pressed to find people who'd willing go back.
cursing aside, you are doing them a favor by saying "they are asleep" .. it is not that simple; misaligned incentives for decision makers is a polite phrase
> Could people read terms of service…
Even if they do read licences and such, companies have a vested interest in making them as complicated, obtuse and self-serving that you have close to no recourse. It’s weasel-worded to the nth degree. They also change them largely at their leisure, and if the new terms are bad, again, there’s often very little you can do.
“If consumers don’t like it, they wouldn’t buy it” is the other lie that’s successfully kept itself alive. Consumers are kept time and spare-resource poor, and are largely presented with a predefined set of options to choose from that the companies at play feel like presenting us with. Rarely is there an _actual_ varied choice. Only the illusion. Combine that with scenarios in other industries like enterprise sales where the “customer” is an exec and the user just gets lumped with some garbage software.
That’s really the key difference between US and European thinking on privacy. Europe was slow but always thought it was fucked up. Americans don’t seem to grasp why they should care or understand how perverse their blindsight is.
Neoliberals look at GDP rising and have faith that the world is good. It's time to call these folks out for what they are: dogmatic zealots.
It's a passable measure of the financial class's wealth, which is not the same thing at all.
The use of GDP as the headline number in demagoguery is a psyop
Philosopher kings would fit it at the political level.