It is tiring. I am doing something about it by making technical contributions. If you are able to do the same, please do.
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
We definitely won't get rid of it if we accept failure. I get that it seems extremely unlikely, but there's no use in trying to just mitigate the risk short term. One way or another that power will be abused eventually (if it isn't already).
What security state? They aren't doing this for anyone's safety. This is the surveillance and parallel construction state.
> What needs to happen is accountability.
No agency can have this power and remain accountable. Warrants are not an effective tool for managing this. Courts cannot effectively perform oversight after the fact.
> The only way to stop the rampant abuse is to treat data like fire.
You've missed the obvious. You should really go the other direction. Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
Strictly speaking, this is not completely true. When you call an emergency number, it’s very good that they can see exactly where you are. That was how this was sold 15+ years ago. But of course, that’s basically the only use case when this should be available.
As it stands, a cop has to get a warrant to enter and search your home, for example. If we remove that hurdle because we also don't trust the courts then we just have more searches.
I get the reaction to turn on the whole system, I have very little faith in it myself. But I don't think many people are really aware of or ready for what would come without it.
The problem is that individuals no longer have confidence in their institutions, for both good reasons (official corruption, motivated prosecutors, the dissolution of norms of executive behaviour) and bad ones (propaganda on Fox News, and the long tail of disinformation online).
The question becomes: how can citizens have confidence their rights will be protected? What structure would protect the right to privacy?
This was well understood in the decades following WW2, and many countries implemented protections of this kind, only to roll them back again later when people had forgotten why they existed, and believed once more that everything will be fine as long as the “right” actors were in power.
Warrants are so easy to obtain and so abused it is required that we all do something differently.
I like the idea on principle, but I'll like it far less when I'm getting charged with computer fraud or some other over-reaching bullshit law.
Its simply made for 911 calls.
In the 2G era there was no compute space to just put in extra evil shit for fun
https://en.wikipedia.org/wiki/Radio_resource_location_servic...
...you could just listen to calls in the clear. Pager traffic was completely unencrypted as well.
Under 42 USC § 1983, a plaintiff can sue for damages when state officials violate their constitutional rights or other federal rights.
https://en.wikipedia.org/wiki/Qualified_immunity
Qualified Immunity only sets the bar or threshold that you have to meet in order to sue.
The cops involved in the most recent Minneapolis shooting will almost certainly face no repercussions because of this. The state can bring a case but the feds are clearly uninterested, they would simply take the case into federal court and spike it.
Qualified immunity is the only legal doctrine I can think of where piling on extra crimes reduces your liability.
They're raising the possibility of asking _why_ the data was collected if there was no emergency?
Of course if the telco doesn't store the rewuests/responses, there will be no records to show.
Way you could argue it doesn’t apply to government is that the government makes the law so they can make the law that makes data processing and having your name on some kind of registry required.
But still they have to show you the reason and you can escalate to EU bodies to fine your own country if they don’t follow the rules.
Imagine you get Neuralink and your best friend files for the right to be forgotten. Then poof. All your memories together gone.
If I send it to the company A, company B doesn't execute it unless they're a subsidiary of A (or A is their data controller) and my request was carefully crafted.
In the scenario you painted, that would mean that my _former_ friend has issued their request to me.
In that case? Fair. Poof if that's their wish.
Otherwise? How do you imagine it work?
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
For one, meshcore doesn't do a fantastic job of protecting metadata. Advertisements include your public key, and if I'm reading this[0] right, your GPS coordinates.
Second, the default public channel uses effectively no encryption at all.
Moreover, the network doesn't exhaustively prevent someone who intercepts a packet from identifying who sent it. It's no Signal.
[0] https://deepwiki.com/meshcore-dev/MeshCore/7.1-packet-struct...
The PKI is basic because these networks are tiny and merging. And running on tiny computers ($5 boards with no display)
Public channel is public and it uses the default encryption key because it's a default channel, so by definition everyone is invited to participate. Not sure what your critique is.
And no, it's not trying to be signal. It's also currently less reliable.
But it's still safer than Sms, by a country mile.
1. Telling someone to use one of these devices because their phone carrier might look up their location is silly in the first place, because meshcore doesn't even eliminate the possibility of being tracked geographically.
2. It protects your messages better than SMS but if you care about the privacy of your messages, it's infinitely worse advice than suggesting someone use Signal or another app that actually replaces SMS securely.
I just tested the other day. I'm in the midwest US so it's winter, no leaves. I managed to get about a quarter mile before my two portable nodes couldn't talk to each other. T-Echo with muziworks whip antenna.
Without a bunch of solidly placed, high elevation, high gain antenna nodes, this just isn't really that usable.
Plus, all the other issues others have highlighted.
I couldn't get ANYTHING on my first/test ESP32 (Heltec v2).
Anything. I didn't see any packets. Then I finally heard one station later when I held it high on the upper floor.
The I hanged it at the top of my roof and I currently have almost 130 repeaters and room servers.
In your scenario a couple of 5W handhelds woukd work better.
But I agree the usabity is very limited. This is why I think of hanging a couple of guerilla solar repeaters in my neighborhood :)
:)
Based on the very “bursty” nature of LoRA, how much does an adversary need to spend to radiolocate it? What’s the threat model there?
Note: did things in .mil
I’ve deployed lots of nodes, and the technology reminds me of ipfs: people who don’t use it much vastly oversell its capabilities.
Handheld radios, meshtatic (not meshcore), and in 5 minutes you're set up and good to depart. Or ideally inreach indeed.
The fundamental problem of distributed networks is that you can either have centralized control of the endpoints, or your network becomes vulnerable to denial-of-service attacks. So meshcore/meshtastic are great because they are used only by well-meaning people. If they become more popular, we'll start getting tons of spam :(
The 911 feature can be activated fully remotely, the 112 feature is supposed to only activate when dialing an emergency number.
The format is not secret either, it's just binary encoded.
Source? Even if the phone isn't actively doing a 911 call?
>The dispatcher's computer receives information from the telephone company about the physical address (for landlines) or geographic coordinates (for wireless) of the caller.
> Next is a text to your phone number, which is intercepted by firmware and sends gps coords back.
I don't think it indicates their article reading either way and wouldn't personally wager a guess. They are just adding their own personal experience to the conversation.
Not by users. The new thing is that Apple allows users to disable this feature. Hopefully they still detect emergency calls on the phone and enable it unconditionally for those.
This is a system you can disable as a user, but it's not the on-modem feature discussed in the article.
As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?
At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)
Trilaterate :)
A supported carrier: Germany: Telekom United Kingdom: EE, BT United States: Boost Mobile Thailand: AIS, True
Turn limit precise location on or off
Open Settings, then tap Cellular.
Tap Cellular Data Options.
If you have more than one phone number under SIMs, tap one of your lines.
Scroll down to Limit Precise Location.
Turn the setting on or off. You might be prompted to restart your device.
Only Boost Mobile in the U.S. Weird. About 7.5M subscribers. Maybe it requires 5G? Wonder if it works when roaming?
https://en.wikipedia.org/wiki/Boost_Mobile
https://en.wikipedia.org/wiki/List_of_mobile_network_operato...
Unfortunately Boost/Dish struggled significantly with finances and customer attraction post COVID, largely due to two problems (seamless roaming between their own network and partners’, and more importantly, getting manufacturers like Apple to build compatible phones). When the current president came into the picture, the FCC essentially forced the sale of Dish’s primary spectrum licenses to administration-friendly SpaceX, for future Starlink use.
As of now, they are in the process of moving their customers to AT&T (and possibly a secondary agreement with T-Mobile), but they seem to be maintaining their own network core - that’s likely why they’re able to implement support for this, while AT&T does not.
Why does it list specific carriers, then?
I can imagine a scenario where emergency servies are authorized to send the ping to get your precise location and if you disable this, you may regret it. And a major feature of some phones/watches is the ability to automatically call 911 under certain fall/crash movement detection, where you might not have the ability to re-enable your GPS location.
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
Thats basically the foundational idealogy of the united states. Thats not the issue.
The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.
It's so much worse than even those of us who are moderately interested in mass surveillance know.
Somehow this reminds me about Blackwater / Xe Technologies? :-/
(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)
>Somehow this reminds me about Blackwater / Xe Technologies? :-/
Is there some context I'm missing? Skimming https://en.wikipedia.org/wiki/Blackwater_(company) it shows they might have perpetrated some war crimes, but that alone doesn't really make them worse than the US military. For instance, consider https://en.wikipedia.org/wiki/July_12,_2007,_Baghdad_airstri....
It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.
>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.
> 'Does Drinking Buddy exist?' 'Of course he exists. The Party exists. Drinking Buddy is the embodiment of the Party.' 'Does he exist like you or me?' 'You do not exist', said O'Brien.
> Oceanic society rests ultimately on the belief that Drinking Buddy is omnipotent and that the Party is infallible. But since in reality Drinking Buddy is not omnipotent and the party is not infallible, there is need for an unwearying, moment-to-moment flexibility in the treatment of facts.
You're right, it should be even more scandalous for the government to get information out of my drinking buddy, because the information I told him was in confidence, and he promised he wouldn't tell anyone. My cell phone provider, on the other hand, clearly says in their ToS who they'll share data with and in what circumstances.
They value it alright. At several dollars per person.
Anyone who offers them money?
https://ballotpedia.org/States_with_initiative_or_referendum
This is why they get their laws passed.
This isn’t a new capability and shouldn’t be surprising.
That’s the majority of uses for the system in the UK. People love to run away and waste police time.
Between buying a phone and reading the OS EULA to providing an E911 address to my carrier, I can count at least three disclosures of this feature.
Nothing is secret or magic here.
We definitely got the cellphone tower triangulation data. I never once saw GNSS data provided by a carrier. We used FindMeSAR https://findmesar.com/, the subject would usually text back the coordinates from the phone.
Just one data point.
The revolution that's occurred since my SAR volunteer days is the wide availability of satellite messenging on consumer phones. I'm guessing that's really changed the situation quite a bit.
The article seems to describe another system which can be involved externally.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
https://www.wired.com/story/jeffrey-epstein-island-visitors-...
https://5g-tools.com/5g-nr-timing-advance-ta-distance-calcul... shows an example of the parameters necessary. I don't think you can get your smartphone to dump those stats for you, but the granularity of the individual distance measurement is in the tens of centimeters.
Of course this strongly depends on cell infrastructure being placed precisely, continuously updating correction factors, and a bunch of antennae being around the target to get measurements for, but in most cities that isn't much of a challenge if the operator is working together with whoever wants to spy on citizens.
The last time I checked, that included Google Play Services, and some of their iOS apps.
That's true, but you can always be triangulated down a couple hundred meters by figuring out which towers you're connected to.
Last time I called 911 (well, it's 112 in my country) my android phone asked if I want to provide gps coordinates. I did, but they still asked for address, so probably this is not integrated/used everywhere.
This is a specific service inside the phone that looks for messages from the carrier requesting a GPS position, it could just refuse, or lie. It's not the same as cell tower triangulation.
I think it would be sufficient to just have a log of this information being queried, and cases where the information has been pinged without a legitimate use case would the be investigated.
https://rapidsos.com/public-safety/unite/
When the call comes in they can click a button and query RapidSOS for current 911 calls for that number and pull the information inwards.
https://www.baycominc.com/hubfs/2025%20Website%20Update/Prod...
When you dial 999 it forwards your phone's GPS location if it has a lock to the provider, who then forwards it on to one of the 999 call handling centres in the UK, who then in turn forward that on to the appropriate emergency service control room. All the various services use various different products for telephony and dispatch but they will show the incoming location, and often will prepopulate an incident with the location.
The system that does this is called "EISEC" - Enhanced Information Service for Emergency Calls - and has a lot of cool stuff defined in the spec (which is publically available! You can just go and read it! BT offer a "Supplier's Information Note" with the protocol and details of how the information is encoded) that also handles calls from landlines. These are easy - your telephone provider knows where you live. OMG! The phone company know where I live? Yes, dumbass, they pulled a wire right into your house, of course they know where it is. For VoIP the situation is a little different but you can notify your VoIP provider of the location that the number is being used at, and it'll inject that into the EISEC request.
You can do other cool stuff like if you've got fixed mobile telephone in a vehicle, you can assign the make, model, registration number, colour, and so on in the EISEC database, so given a call from a phone number they know what car they're looking for. No-one uses this.
The very great majority of calls coming in to 999 are from mobiles. It's extremely rare to get one from a landline.
None of the providers use triangulation for determining where a phone is, it's all GPS.
https://en.wikipedia.org/wiki/Covert_listening_device#Remote...
And the linked sources are:
- Kröger, Jacob Leon; Raschke, Philip (2019). "Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping". Data and Applications Security and Privacy XXXIII. Lecture Notes in Computer Science. Vol. 11559. pp. 102–120. doi:10.1007/978-3-030-22479-0_6. ISBN 978-3-030-22478-3. ISSN 0302-9743.
- Schneier, Bruce (5 December 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Archived from the original on 12 January 2014. Retrieved 13 December 2009.
- McCullagh, Declan; Anne Broache (1 December 2006). "FBI taps cell phone mic as eavesdropping tool". CNet News. Archived from the original on 10 November 2013. Retrieved 14 March 2009.
- Odell, Mark (1 August 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 14 March 2009.
- "Telephones". Western Regional Security Office (NOAA official site). 2001. Archived from the original on 6 November 2013. Retrieved 22 March 2009.
- "Can You Hear Me Now?". ABC News: The Blotter. Archived from the original on 25 August 2011. Retrieved 13 December 2009.
- Lewis Page (26 June 2007). "Cell hack geek stalks pretty blonde shocker". The Register. Archived from the original on 3 November 2013. Retrieved 1 May 2010.
Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)
By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.
And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.
Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...
Here is an article about baseband and baseband processors.
https://www.extremetech.com/computing/170874-the-secret-seco...
This is simply not true.
Source: I own a phone where this is not the case. Many Linux phones internally attach their wireless devices via USB, so there is good separation.
Also many upscale phones have decoupled the baseband from things that were once connected to it, as an attempt to improve security. (On iOS for instance the main CPU controls wifi.)
Cellular, Wi-Fi, Bluetooth, GNSS NFC, UWB, etc. do get implemented on secondary processors running their own OS but on mainstream smartphones those are typically well isolated and don't have privileged access to other components. The cellular radio in an iPhone or Pixel is on a separate chip but that's a separate thing from it being isolated. Snapdragon devices with cellular implemented by the main SoC still have an isolated radio. Snapdragon implements multiple radios via isolated processes in a microkernel-based RTOS where the overall baseband is also isolated from the rest of the device. There are a lot of lower quality implementations than iPhones, Pixels and Snapdragon devices but the intention is still generally to have the radios isolated even if they don't do it as well as those.
Edit: I’ll add that I think smartphone “security” is almost impossible to achieve, given the complexity of everything and the opacity of modem vendor stacks, which is why I just assume endpoint compromise. I use my phone rarely and with toggle switches normally “off”, and I don’t consider it a secure device or use it very often. If you believe that a secure phone is possible, however, then Graphene is definitely a better fit than a Linux phone.
(Founder/lead dev/ex lead dev, can't recall exactly)
Really? Does the radio somehow become the USB Host in this equation and magically start driving the conversation? How?
I'm going to need a specific citation for this, given that it seems trivially falsifiable by the existence of bluetooth headphones (which the baseband obviously can't control), not to mention other sorts of call forwarding features like the one iPhones have.
What is the tamper resistant number that is kind of the IMEI?
The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.
Apple found out the hard way with the iPhone 4. Their secrecy didn't help. People doing real world testing had a case that made it look like an iPhone 3s and that also happened to mitigate the death grip problem. We know this because one was stolen and given to gizmodo.
And that was even only antenna design, they still used a standard RF stack then.
That assertion is a bit overblown. And people can easily find out it's overblown with a bit of research.
But at the same time, my whole philosophy is never let it touch any network connected device at all if it is critical. I don't care if it's an Apple device.
Here's reality, mobile carriers have been able to get your location from nearly the inception of mass market mobile phone use. I'm not sure anyone really believed their location was somehow secret and not discoverable. If you're using the phone or internet networks, you're not anonymous. Full stop.
Forget whatever anyone told you about your VPN, or whatever other anonymization/privacy machine that Mr McBean is selling Sneetches these days. Assume everyone is tracked, and some are even watched. Therefore everything you do or say with your devices should be considered content that is posted publicly with an uncertain release date.
Where? Apple's whitepapers aren't audited by anyone other than themselves.
> Assume everyone is tracked, and some are even watched.
Fatalist non-sequitur.
I am entirely, 100% certain that my telco can't just enable the microphone on my iPhone and record me, short of some 0-day exploit. I simply cannot make that bet on many other devices.
https://grapheneos.org/faq#future-devices
The radios on the supported devices can't access the microphone, GNSS, etc.
GrapheneOS has never supported a device without an isolated cellular radio since that isolation was in place even with the initial Nexus 5 and Galaxy S4. However, some of the devices prior to Pixels did have Broadcom Wi-Fi/Bluetooth without proper isolation similar to laptops/desktops. Nexus 5X was the initial device with proper isolation for Wi-Fi/Bluetooth due to having SoC provided Wi-Fi from Qualcomm. Pixels have avoided this issue for integrating Broadcom Wi-Fi/Bluetooth. Nexus devices left this up to companies like LG, Huawei, etc. and anything not done for them by Qualcomm tended to have security neglected. Qualcomm has taken security a lot more seriously than other SoC vendors and typical Android OEMs for a long time and provides good isolation for most of the SoC components.
Don't believe everything you read about smartphone security and especially cellular radios. There are many products with far less secure cellular radios which are far less isolated but rather connected via extremely high attack surface approaches including USB which are claiming those are better. A lot of the misconceptions about cellular come from how companies market supposedly more secure products which are in reality far worse than an iPhone.
Could you perhaps elaborate on what the more-secure alternative to USB ACM would be?
1) Leave the phone at home
2) Use a phone with a hardware toggle switch that physically kills power to the cell modem, or turn off the phone and put it in a tested Faraday bag
3) Conspire with other citizens to make such location tracking illegal and to enforce that law
I’m tired of privacy doomerism. You have options, use them.
> False. You can: 1) Leave the phone at home
Then you dont have a phone, do you? Come on you are being pedantic for no reason.
I have a phone so I have options if I need to be reachable or reach someone immediately while out (rare), or for travel. And because some services, mostly banks, refuse to accept VOIP numbers but require a verified phone number.
It was the selling point of mobile phones before smartphones became a thing. It obviously hasn't been the main selling point of mobile phones since then.
> False. You can: > 1) Leave the phone at home
If you're going to be pedantic, at least be pedantically correct. The tower (and carrier) would still know the location of your phone in that case. (It just wouldn't be with you.)
TL;DR, this is nothing new.
Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).
This is only provided to 911 (police & fire) by carriers alongside your 911 call.
Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.
Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.
Of course, this doesn't require having GPS location, just cell tower info is enough.
Literally every website and app you use with any kind of shared analytics/ads gets your general location just from your IP address alone, and can update your profile on that analytics/ads provider.
It is far more likely this, than your cell phone provider.
And I don't know about you, but I've put my phone number into a lot of apps and sites. Sometimes it's required, sometimes it's for 2FA, etc.
It doesn't matter if you don't give your phone number to many companies, it only takes one.
It's also not clear why I would have an uptick in spam calls when I'm traveling. I get 2x/week at home and 2x/day when traveling.
But if they're trying to get me to answer the phone, calling from a local number actually makes me less likely to answer. Nobody would be calling my cell phone from the city I'm visiting. I'm more likely to pick up a call if the area code is from back home.
Does it still happen?
You'd need to run an open source baseband modem with settings and logs in all the right places. I don't think those exist.
Someone might be able to exploit the Linux kernel running on Qualcomm modems and build a tool for rooted Android phones after reverse engineering the baseband, but I imagine a lot of copyright lawyers and probably law enforcement people will send you very scary letters if you document remote location tracking features like these.
Also, if you have any 4G or 5G modem, your carrier already has a pretty good idea where you are. They probably log your location too. The advanced precision and timing information necessary for high speed cellular broadband is enough to get a decent location log. That also includes other connected devices such as cars, of course.
So I don't think a single foil sticker would make much difference.
Most of those features are not user visible and are compatibility hacks - ie. "use lower profile in video calls if country = FR".
This data is vital for a mobile carrier to make sure to have a good signal coverage under all the possible conditions.
It's just a guess since I've seen similar data being analyzed in a previous telco I worked at, but I don't know their exact source. The goal there was to improve the network quality. I guess you can do the same w/o GPS, but triangulation with cell towers is very coarse.
It is interesting that we let this happen. Modern phones are very useful devices, but they're not really mandatory for the vast majority of people to actually carry around everywhere they go, in many cases they merely add some convenience or entertainment, and act to consolidate various other kinds of personal devices into just one. If you wanted, you could more often than not avoid needing one. Yet, we pretty much all carry one around anyways, intentionally, and this fact is somewhat abused because it's convenient.
Having watched a fair bit of police interrogations videos recently (don't knock it, it can be addicting) I realized that police have come to rely on cell phone signals pretty heavily to place people near the scene of a crime. This is doubly interesting. For one, because criminals should really know better: phones have been doing this for a long time, and privacy issues with mobile phones are pretty well trodden by this point. But for another, it's just interesting because it works. It's very effective at screwing up the alibi of a criminal.
I've realized that serious privacy violations which actually do work to prevent crime are probably the most dangerous of all, because it's easy to say that because these features can help put criminals behind bars, we should disregard the insane surveillance state we've already built. It's easy to justify the risks this poses to a free society. It's easy to downplay the importance of personal freedoms and privacy.
Once these things become sufficiently normal, it will become very hard to go back, even after the system starts to be abused, and that's what I think about any time I see measures like chat control. We're building our own future hell to help catch a few more scumbags. Whoever thinks it's still worth it... I'd love to check back in in another decade.
This has been the case since the e911 project in the 1990's and is mandatory. Prior to this I would reset the message waiting indicator on their phone continuously to see what cells and cell sectors they were moving through but that would basically just show what road or roads they may be on and what direction they are going very roughly. Assisting the FBI with tracking kidnappers or at least that is what they told me.
There are loads of other tags that can be set on someones phone. My favorites were priority override and caller-id blocking override. This was before SS7 spoofing was so prevalent.
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
Mobile carriers have so much information about you. They know exactly where you are, what you are doing (location combined with mapping tools) combined with who you are talking to.
They know when you are at home depot, when you are the grocery store, when you are at home, when you are awake, when you are asleep, etc.
In the U.S. there are very few laws stopping them from using all your data. In the E.U. you should definitely read up, as you aren't as protected as you think you are.
Forget Nation/State nonsense. You have an active relationship with a company who, by it's very existence and your business relationship, knows what you do all day long.
Don't even get me started about the rabbit hole surrounding 'incognito'/anonymous browsing.
EDIT: You've probably heard of Man-in-the-Middle attacks, right? They are the man in the middle. They will exploit this as best they legally can (and in certain cases, without regard to legality)
The best way to protect yourself is not to play the game at all. The same goes for your ISP, FWIW.
> The limit precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.
The fact that something has some good side effects does not make it good or even reasonable.
You want EMS looking for a needle in a haystack while you are suffering a heart attack?
How might people suggest that this would work, do you suppose?
"We've narrowed the victim's location down to one city block, boys! Assemble a posse and start knocking on doors: If they don't answer, kick it in!" ?
(And before anyone says "Well, it can work however it used to work!" please remember: Previously, we had landline phones in our homes. When we called 0118 999 881 999 119 725 3 for emergency services, there was a database that linked the landline to a street address and [if applicable] unit.
That doesn't work anymore because, broadly-speaking, we now have pocket supercomputers instead of landlines.)
Everyone was effectively doxxed yet it was never a security issue.
And if the phone rang, it was answered. It was almost certainly a real person calling; spam calls were infrequent to the point of almost never happening.
It was a different time, and it is lost to us now.
(We do still have public name-to-address databases, though. For instance: In my state of Ohio, that part of a person's voter registration is public information that anybody can access. Everyone is still effectively doxxed and it's still not a security issue.)
2017 Broadband Consumer Privacy Proposal
https://www.congress.gov/bill/115th-congress/senate-joint-re...
Here's a summary. In late 2016 the FCC passed a rule that:
(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services,
(2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information,
(3) adopts data security and breach notification requirements,
(4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and
(5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
The bill, introduced early in 2017, nullifies that rule.
It passed the Senate 50-48, then the House of Representatives 215-205, and was signed by Trump.
The 52 Republicans in the Senate voted 50 yes, 0 no, 2 not voting. The 47 Democrats, along with the 1 independent, voted no.
In the House the 236 Republicans voted 215 yes, 15 no, 6 not voting. The 190 Democrats all voted no.
https://en.wikipedia.org/wiki/Radio_resource_location_servic...
Certain devices (especially tablets) don't have GPS or various sensors integrated and still can tell you your approximate location, if WiFi is enabled.
If you want to play around a bit, you can try my tool that queries Apple's location services for your nearby networks. The precision is remarkable.
Back when my OG iPod Touch was minty and new (2008, IIRC), it was in many ways a stripped-down iPhone.
One of the features that was stripped out was GPS: It didn't have that at all. It also lacked Bluetooth.
But it did have a Maps app, and it also had location services. This used visible wifi access points and a database back home on the mothership to determine location.
It was pretty neat at that time to take this responsive, color-screened pocket computer with me on a walk, connect it to a then-ubiquitous open SSID, and have it figure out my location and provide a map (with aerial photos!) of where I was. It wasn't ever dead-nuts, but it was consistently spooky-good.
It's pretty old tech at this point, and devices still use it today.
(Related tech: Those plastic table tents that you take with you at McDonald's after ordering at the kiosk? They're BLE beacons. Sensors in the ceiling track them so that the person bringing the tray with food on it knows about where you're sitting before they even walk out of the kitchen. And modern pocket supercomputers use the locations of these and other beacons, as well, to help trilaterate their position. Urban environments are replete with very chatty things that don't move around very much.)
Is it a coincidence most smartphone manufacturers were suddenly all on board with removing the 3.5mm jack and forced Bluetooth? A mesh network of sorts like Amazon is doing with Ring. I even sometimes forget to save my battery and turn Bluetooth off when I'm not using my earbuds. It's probably a false sense of security having it disabled because I'm sure it's doing something in the background anyways. I can't say for sure though. Kind of like years ago with Google getting caught with the whole location data thing. I'm sure the average Joe doesn't care if Bluetooth is enabled 24/7.
I try and not be on the tin foil bandwagon, but every once and a while I come across things that make you go hmmm...
Wi-Fi is better for positioning since BSSIDs are (mostly) static and APs don't move around.
On top of that, BLE usually uses random addresses - so it won't be of much help knowing that you were around CC:B9:AF:E8:AE at 10:05 AM - since that address is likely random.
This kind of trilateration relies on beacons that don't move around (much). (And phones move. That's kind of their whole point.)
Fortunately for location data, there's a ton of Bluetooth beacons that are in reasonably fixed locations: Google used to give them away for businesses to use, but things like smart TVs, speakers, and game consoles are all pretty chatty about broadcasting their presence over Bluetooth to anyone in earshot. (And it's easy enough to observe with any app that displays nearby Bluetooth beacons. I see over a dozen right now where I sit in my suburban home.)
Even the article mentions this.
> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.
I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.
For example, if you drop a pin a hundred metres off from the incident, then when you're maybe several hundred metres off the column of smoke is probably a better indicator of locus than the wee dot on your screen.
It was 5 meters back in 2006 in urban areas.
> Germany: Telekom > United Kingdom: EE, BT > United States: Boost Mobile > Thailand: AIS, True
So turning this "off" on other carriers results in GPS data still shipped off?
It’s also illegal to sell new cars without a cell modem in them.
The phones are the least of our worries.
https://www.rfwireless-world.com/terminology/cellular-tower-...
FTA:
> But this is not the whole truth, because cellular standards have built-in protocols that make your device silently send GNSS (i.e. GPS, GLONASS, Galileo, BeiDou) location to the carrier.
Why wouldn't carriers be able to ask your phone about what it thinks its location is?
> Apple made a good step in iOS 26.3 to limit at least one vector of mass surveillance, enabled by having full control of the modem silicon and firmware. They must now allow users to disable GNSS location responses to mobile carriers, and notify the user when such attempts are made to their device.
They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.
And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.
Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.
The crux of the argument seems to come from this
> It’s worth noting that GNSS location is never meant to leave your device. GNSS coordinates are calculated entirely passively.
OK so? The fact that GPS is calculated passively means nothing about the phone being asked what its position is after the fact.
The article admits this capability is no secret
> These capabilities are not secrets but somehow they have mostly slid under the radar of the public consciousness.
If the article just wants to say phones should block that ability, fine. But don't pretend this is some shady BS.
It is shady BS, and it’s why this phrase appeared in the article. Just because industry insiders are aware doesn’t mean it’s not shady.
The same applies to modern cars reporting their information back to manufacturers.
Generally I'd not expect them actively triangulate my exact location, but I'd realise that's at least possible - but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
Where does the article claim this turns on the GPS if off?
While this is an important question, I don't see the sources mentioning it, what the standards mandate, and how the phones behave.
For example the wiki article https://en.wikipedia.org/wiki/Radio_resource_location_servic... describes the protocol as using the GPS and not as getting the location info from Android.
The cell network does not need to know where you are down to the meter and phones have no business giving this information up.
