Comment by matwood
8 years ago
The problem is once it's at the cell carrier level it doesn't even matter if you use a dumb phone. They know roughly where you are based on tower triangulation.
8 years ago
The problem is once it's at the cell carrier level it doesn't even matter if you use a dumb phone. They know roughly where you are based on tower triangulation.
That's always been common knowledge, the shocker is that it's being transmitted to "everyone and their dog" or even being sold. Afaik that was never the case with dumb phones.
A dumb phone can be localized by cell triangulation. The US military disclosed that it was using such a technique in Afghanistan to locate Al-Qaeda targets (they disclosed this because Al-Qaeda had gotten so paranoid about he accuracy of US military operations that they had assumed they had human spies on the ground feeding the US information and began killing civilians on suspicion of spying).
> A dumb phone can be localized by cell triangulation. The US military disclosed ...
In the U.S., aren't dumb phones (or 'feature phones') locatable for E911 service?
3 replies →
What I meant was that selling location data obtained by triangulation wasn't / isn't done and would require different methods anyway.
...or maybe they had a lot of human spies to protect by telling tech stories.
> A dumb phone can be localized by cell triangulation. The US military disclosed that it was using such a technique in Afghanistan to locate Al-Qaeda targets (they disclosed this because Al-Qaeda had gotten so paranoid about he accuracy of US military operations that they had assumed they had human spies on the ground feeding the US information and began killing civilians on suspicion of spying).
they absolutely had spies on the ground who were likely civilians, eg the doctor who got bin laden's family's dna under the cover of a vaccine program. the narrative that they were only using cell tower triangulation may have a seed of truth but it sounds a lot like counterintel meant to throw off the trail to me.
1 reply →
Not my area of knowledge at all, so perhaps someone who knows radio better could chime in: Would it be possible to fool the triangulation from the device, by arbitrary (or intelligently) delaying the mobile radio signals? Or are they too dependent on timings and such to work?
> Would it be possible to fool the triangulation from the device, by arbitrary (or intelligently) delaying the mobile radio signals?
Not without messing up your ability to make and receive calls. Cell towers use precise timing and power-level measurements in order to do things like decide which cell-site is best, and to hand-over your call from one tower to the next without breaking your call or glitching.
Edit: Even if you were to play around with timing of responses of the radio signal, you have no control over how it radiates in free space. The time-delta between reception of the same signal by 3 towers at known locations is enough to triangulate your position. Maybe a unidirectional antenna pointing to just one tower might work, if there are no other towers within the beam behind it and no sideway leakages.
With highly directional antenna and carefully selecting your position, you could try to have your signal only to be heard by a single cell tower at the time. The network would get your distance from the tower, but with direction info from just one tower would be less accurate.
Expanding this, you could have N directional antennas pointed to N cell towers, and some individual delays on each of those antennas, it might be possible to fool the network triangulation. Such a setup would look highly suspicious if you were carrying it around, and it definitely wouldn't fit in your pocket.
There are no available cellphone radio baseband computers/transceivers that allow you do do things with that. You would literally have to implement the entire cell baseband from scratch with a software defined radio. It would be a very non-trivial project.
And it'd be useless unless you had many of these custom transmitters faking your signal spread out over large physical distances.
OsmocomBB and LimeSDR would like a word with you. Yes, the former is limited to GSM, the latter doesn't come with a TX amp and you'll need to supply suitable mid-power RF (no cooling for passives, carefull cooling of actives) antenna circulator/filter/switch, if you want to use your new amp. The hardware should be under 2k$ manufacturing in single-unit quantities, but it is HF design, including some distributed-element filters and power-handling at low GHz frequencies. Nothing particularly trivial to design, though the requirements in precision are not too stringent, so you won't need someone who can demand >100$/h while working outside of a major metropolitan area.
TLDR: GSM+LTE open-source SDR/hacked dumbphone baseband exists, suitable hardware is COTS for sub $2k.
As an amateur radio operator, I would expect nothing less for carrying a highly networked radio transceiver with loads of sensors including geopositioning.
Simply put: don't want to be tracked? Put your phone in a lead sealed box or leave it at home. Tracking only tracks the phone , not your person.
Yeah they know where you are at any given moment, but they don't have to record it. And they especially don't have to sell it to third parties. That's what we mean by "tracking".
So basically either give up your right for privacy or don't use any new technology? That doesn't look practical. A better idea would be to ban cell carriers (and anyone else) from using location data for anything except explicitly permitted by law, like help in emergencies or conducting investigations.
What would be most effective would be a pair of rules in tandem:
1. Allow the location data to be utilized by the cellular carrier only for legitimate engineering purposes relevant to the delivery of the cellular services. (The network needs to know your location in real time in order to route calls to you.) Also, allow the use of real time location data for emergency services in response to an emergency call. Potentially also allow the use of emergency services initiated real time locations, with a non-suppressible UI required to be presented to the user if this is performed.
2. Require that the cellular service providers purge / NOT retain this location data for any longer than is literally required to provide proper service.
The data retention policy #2 item here is essential in preventing temptation to come up with end-runs for the first rule. It's important that historic data that has no legitimate use under rule #1 not be preserved so that there isn't a mound of accumulating data of theoretically increasing value if only we could change / get rid of rule #1. That sort of thing will create ever mounting incentive to repeal / replace rule #1.
1 reply →
For communications technology: yes, that seems to be the norm.
Don't like the rules of the road, don't drive.
Don't like that your data goes over a third-party's network to get to its destination, don't put your data on a third-party's network.
Bans "by law" only work until the people making the law become people interested in your location and they change the law.
1 reply →
So basically either give up your right for privacy or don't use any new technology?
I think this is probably correct.
The problem with the ban you suggest is that it will degrade service in many instances. Some level of location tracking is necessary for all cellular phones to make a smooth handoff between towers or for example to load balance connectivity between different towers.
In the end the more personalized the service you want to have, the more "invasive." Opt in is probably the best total solution, however it quickly becomes an education game if you want it to be effective, and most people don't have the time or technical understanding to put up with a dozen different opt ins.
1 reply →
A better idea would be to ban cell carriers (and anyone else) from using location data for anything except explicitly permitted by law, like help in emergencies or conducting investigations.
That doesn't do anything to protect your data from being accessed by the State, which is actually the bigger problem.
9 replies →
Define me the following then about the metadata:
Who does your cell phone's location belong to?
Who does the tower's connection data belong to?
Who does the multitude of tower signal strengths belong to?
Who does the user's cell phone data belong to if allowing multiple apps to use it?
Answer: User's location data belongs: to the user, 3rd party apps they have allowed, and terrestrial cell companies that run towers with the appropriate frequencies for your phone.
The technology isn't the right area to change it. In the end, you're doing stupid stuff with encryption and still emitting point-source radiation that can and will be triangulated.
The best option would be to require the data be properly anonymized before being stored, used, or sold. That way the companies can still sell it for profit, the buyers can still gain useful insights from the data, and the users location is not available to anyone with enough money.
I'm not sure how possible it is to anonymize that kind of data in a way that prevents it from being deanonymized, or how useful the anonymized data would be to the buyers, but this seems like a better solution than a blanket ban to me.
There's no need for lead sealed box, Faraday cage will do. :) I think they even sell phone casing Faraday cage nowadays.
Empty potato chip bag will also do:
https://www.telegraph.co.uk/news/2017/11/27/australian-sacke...
Even simpler: don't want to be tracked? Don't have a mobile phone.
It doesn't help.
Your next car will support telemetrics. Your insurer will know how fast and how often you drive. Your wife will know where you've been going after work. The cloud will gather and retain everything else of non-obvious value, up to the point where it all magically disappears when your self-piloting car drives itself through a schoolyard at recess and the company claims they don't have enough data to determine their responsibility, and insinuates that perhaps it was your fault.
All your future appliances will be factory-bugged so Amazon can listen to you arguing with your wife and sell you marital counseling books. Or they sell you imported counterfeit electronic shit, leaving bored interns with unchecked privilege (or strangers poking around on SHODAN) to activate those products' extraneous cameras to spy on your daughter undressing.
The ubiquity of cellphones in the hands of the masses mindlessly recording every droll moment of their lives in public for a chance at YouTube fame, combined with better and better facial|licenseplate|whatever-recognition algorithms means you're always on a camera somewhere, your movements being tracked and your identity easily annotated. Your wife's divorce lawyer will have a field day with this.
Don't want to be tracked? Hoard cash and modify the serial numbers. Throw away everything with a network interface or bidirectional antennas of any kind. Don't leave the house. Slap tinfoil on your windows. Make yourself a nifty pirate hat with the remainder. Your friends and neighbors will think it's endearing for a while, then they'll stop coming around for some reason.
Just don't take a selfie of yourself in your fortress of solitude without scrubbing the geolocation data from the EXIF tags!
5 replies →
Unless your car has similar technology.