Comment by wpietri
8 years ago
For those who want to try out LocationSmart, you can use it here: https://www.locationsmart.com/try/
They were about two blocks off, and located me by cell tower. Apparently they don't have (or at least don't admit to having) A-GPS level data for me.
Tested and same result.
I have a strong suspicion that it intentionally places you some distance from where it knows you actually are. Unless there is some underlying reason why it would never be 100% accurate -- I've seen dozens of people post their results and every time it's 1-300 meters off.
And it's not just "no one tests while under the cell tower" because the location it gave me was 150 meters in the opposite direction of the cell tower that I can see out my window. And the location it gave was smack in the middle of a neighborhood I know well and know to be free of cell towers. Or I'm just paranoid.
I just used the internet site it said up to 14 miles off in accuracy on the results page. It was actually 4 miles off with my wifi off and GPS off and ZLAT off. I'm also pretty sure the location it picked is very close to an existing cell tower.
What is ZLAT?
1 reply →
Did you have WiFi on? Several companies have basically mapped (wardriving) nearly every wifi spot in the US and have correlated that with GPS. The vast majority of these wifi spots never, or rarely, move. By using several known wifi locations and their given latency, you can accurately predict location without cellular or GPS, like, down to the tens of meters.
I'm somewhat weary. This might be the final missing piece to connect your mobile phone number to your mobile browser user agent, or even worse, your desktop browser agent.
If the mobile carriers are selling your real time location data, I don't think there is much stopping them from also selling your browser user agents.
I believe that dmichulke means that when the phone number is linked to the user agent it's much more dangerous than when they are sold without that connection being known.
*wary
Or leery
1 reply →
Just tried it and was pretty accurate for me as well. How is it even legal for our cell phone providers to sell this data...?
You agreed to it when you signed the terms of service
Laws can and should override terms of service. The question of why it's legal isn't about contracts, but about basic privacy rights enforced (or not) by the legal system.
Can you post the SMS opt-in message you received? Curious as to whether this is exploitable as well
LocationSmart: Reply YES or YES LS to confirm consent for cloud location & messaging demo. Reply HELP for help, Reply STOP to cancel. Msg&Data Rates may apply.
That is what I was sent.
I'm betting the opt-in is something along these lines
"FirstName LastName wants to obtain your location..."
Also betting that you can put 160 characters into those fields, so effectively a blank SMS is received
Betting further still that you can just spoof the SMS reply
mine was 4.5 miles off