"and notify the user when such attempts are made to their device."
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
We definitely won't get rid of it if we accept failure. I get that it seems extremely unlikely, but there's no use in trying to just mitigate the risk short term. One way or another that power will be abused eventually (if it isn't already).
What security state? They aren't doing this for anyone's safety. This is the surveillance and parallel construction state.
> What needs to happen is accountability.
No agency can have this power and remain accountable. Warrants are not an effective tool for managing this. Courts cannot effectively perform oversight after the fact.
> The only way to stop the rampant abuse is to treat data like fire.
You've missed the obvious. You should really go the other direction. Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
Strictly speaking, this is not completely true. When you call an emergency number, it’s very good that they can see exactly where you are. That was how this was sold 15+ years ago. But of course, that’s basically the only use case when this should be available.
> Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
I like the idea on principle, but I'll like it far less when I'm getting charged with computer fraud or some other over-reaching bullshit law.
For consequences, we need to do away with the notion of qualified immunity. Why should police officers, politicians, agents of the government have any immunity for their actions? They should carry personal liability for breaking the law and violating others’ rights. Otherwise, there is no reason they’ll change. Right now, at best you’ll sue the government and get some money, but all you’re doing is punishing other tax payers.
In the United States, qualified immunity is a legal principle of federal law that grants government officials performing discretionary (optional) functions immunity from lawsuits for damages unless the plaintiff shows that the official violated "clearly established statutory or constitutional rights of which a reasonable person would have known".
Under 42 USC § 1983, a plaintiff can sue for damages when state officials violate their constitutional rights or other federal rights.
Get rid of qualified immunity and enjoy no more fruit of the poisonous tree. I assume you are not familiar with the laws of evidence by your emotional position. One of the biggest problems the country faces is citizen literacy in all domains. If you improve citizen literacy across all domains you will solve all problems, until they take away our ability to vote. The "system" exploits those who cannot defend themselves.
Does it apply to the government like it applies to people? Is it enforced against governments like it is enforced against people and corporations? A core issue here is that laws, and the application and enforcement of laws, generally do not. Having said that I applaud the attempt and encourage pushing forward on the anti-surveillance aspects of GDPR while recognizing all laws are flawed.
If I send it to the company A, company B doesn't execute it unless they're a subsidiary of A (or A is their data controller) and my request was carefully crafted.
In the scenario you painted, that would mean that my _former_ friend has issued their request to me.
This community should be talking about meshcore more imho.
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
This isn't great advice if it's supposed to be an alternative to text messaging with a carrier (especially if you're using encrypted RCS).
For one, meshcore doesn't do a fantastic job of protecting metadata. Advertisements include your public key, and if I'm reading this[0] right, your GPS coordinates.
Second, the default public channel uses effectively no encryption at all.
Moreover, the network doesn't exhaustively prevent someone who intercepts a packet from identifying who sent it. It's no Signal.
All telemetry is off by default, you have to explicitly tune it on and then optionally permit specific contacts to poll it.
The PKI is basic because these networks are tiny and merging. And running on tiny computers ($5 boards with no display)
Public channel is public and it uses the default encryption key because it's a default channel, so by definition everyone is invited to participate. Not sure what your critique is.
And no, it's not trying to be signal. It's also currently less reliable.
Reticulum gets around a lot of these problems, as the (better) encryption is app-level (or even more fine-grained.) Its also not tied to lora, so you can interop easily with other transports. I made a websocket transport for it, and there is already TCP and UDP, and a couple non-lora radio transports. I also made a (works on web) js and Arduino client lib, and it has a few native client libs, so it can sort of be used on anything, even over traditional networks, or web clients. Meshcore and meshtastic are way more popular, but reticulum seems so much better, to me, for most things. It can still have overload problems, like any radio network, but no client is required to forward, so you can build a different kind of network ("only forward messages that are for my peeps" and marked correctly.) It also has "it costs compute PoW to send to me" which can greatly cut down on spam.
I only recently discovered Reticulum, only to then learn that the developer has retired from working on it. Do you know if there's still any community members carrying the torch?
I really want to get into these Lora based mesh tools but the range in my experience is terrible. Maybe I'm doing something wrong, maybe it's a lack of nodes in my area.
I just tested the other day. I'm in the midwest US so it's winter, no leaves. I managed to get about a quarter mile before my two portable nodes couldn't talk to each other. T-Echo with muziworks whip antenna.
Without a bunch of solidly placed, high elevation, high gain antenna nodes, this just isn't really that usable.
Plus, all the other issues others have highlighted.
What does this have to do with mobile carriers tracking GPS data? If you're implying we should use it instead of mobile phones that's not practical at all.
You could get a rough location for free. Every time you send a message, “observer” nodes connected to the internet publish the packet, and in the packet is the repeater path taken, repeaters have known locations and the first repeater is going to be near you.
Meshcore isn't, the firmwares are proprietary. Meshtastic is, but they whine about trademark stuff all the time and cry when anyone mentions Meshcore in their channels. LoRa radios themselves are all proprietary Semtech turf. I guess it's possible to run over 2.4ghz but the range predictably sucks compared to 900mhz.
Meshtastic has terrible defaults (every node rebroadcasts everything, every node sends telemetry), which makes sense in the backwoods but not anywhere close to civilisation.
> This community should be talking about meshcore more imho.
The fundamental problem of distributed networks is that you can either have centralized control of the endpoints, or your network becomes vulnerable to denial-of-service attacks. So meshcore/meshtastic are great because they are used only by well-meaning people. If they become more popular, we'll start getting tons of spam :(
euhm, well. 112 programmer here. There are multiple levels. Cell tower triangulation come in automatically from providers. But they are only in tower numbers. They might be wrongly entered by engineers, hence the confirming question about where you are. Second is subscription information, as in registered address. Chances are if called from nearby your address, you are at your address. Next is a text to your phone number, which is intercepted by firmware and sends gps coords back. This can be turned off, since implementation.
American carriers have a different protocol than the EU. The EU (and probably EU derived networks) uses a """secret""" SMS format that's opt-in, but the 911 system works differently.
The 911 feature can be activated fully remotely, the 112 feature is supposed to only activate when dialing an emergency number.
Did you read the article or are you merely responding to the title? The article begins by acknowledging triangulation and then moving on to the point of the article. The article is about commands built into the UMTS and LTE specs for requesting GPS from the device. Your comment seems to be about everything but the main point of the article.
Not by users. The new thing is that Apple allows users to disable this feature. Hopefully they still detect emergency calls on the phone and enable it unconditionally for those.
Note sure:
In my country exactly this feature is used by police & state enforcement to find locatin, because this "ping" message is not forwarded from the modem to the OS, so the OS is not aware of any of these messages
yeah, there always was. It's a service code, like getting your imei. But it was a weird long one, and manufacturer dependent. Now UI switches are created for it apparantly. Can't find it anywhere on the internet though. I don't work there anymore, so can't look it up.
I'll ask people, because I'm in the right circles. I want to know where it works. I've been VERY clear in my messaging to HN (on the RCS issue and having ear blown out by iPhone last week) that I am not going to glaze Apple even if the new modems they built interest me. They are usually sort of a neutral to me that has me more pissed off in the recent months than usual. Maybe send me one of your new devices if you don't want me pissed off anymore.
As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?
At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)
It isn’t restricted to Boost Mobile. It is only available on devices with the C1 or C1X modem, though. I assume this is because of specifics with the third party modems that most models in the wild have vs what Apple is doing in-house with their C1(X). If you call emergency services it will still provide precise location.
Serious question: will this limit the ability of 911 emergency services to help you?
I can imagine a scenario where emergency servies are authorized to send the ping to get your precise location and if you disable this, you may regret it. And a major feature of some phones/watches is the ability to automatically call 911 under certain fall/crash movement detection, where you might not have the ability to re-enable your GPS location.
But they still can track the cellular connection and do triangulation from that, no?
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
From the comments, it appears many are not aware that even the US government buys location data of users from data brokers - How the Federal Government Buys Our Cell Phone Location Data - https://news.ycombinator.com/item?id=17081684 ...
We really have a societal problem in that we allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
> We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
Thats basically the foundational idealogy of the united states. Thats not the issue.
The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.
>
allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
<
Somehow this reminds me about Blackwater / Xe Technologies? :-/
(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)
>We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.
>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.
I agree completely with your first paragraph, but I'm not sure what privatization has to do with it. Also, I agree that more regulation of private parties is needed. Or even better, break up the private companies that are like multi-state governments in terms of power.
This is why I advocate for making selling location/identifying data illegal. If nobody is allowed to sell it then the government cannot legally buy it.
Why not vote for some law limiting the government’s buying of this data? After all, I expect a say in how the government is run, so that seems like the appropriate path. I don’t see why I should expect a say in how AT&T is run. AT&T can’t raise an army, or enter my house, or shoot me.
None of this should be happening without the user's knowledge and consent. Swap out your phone carrier for Facebook and it should be plainly obvious why the current state of affairs is undesirable.
I think this feature is required for emergency calls if your specific carrier is not available/in reach - in emergency mode after the phone is restarted, it does connect to any carrier when calling 911, not only yours?
I spent ~5 years volunteering for a search and rescue team in New Mexico.
We definitely got the cellphone tower triangulation data. I never once saw GNSS data provided by a carrier. We used FindMeSAR https://findmesar.com/, the subject would usually text back the coordinates from the phone.
Just one data point.
The revolution that's occurred since my SAR volunteer days is the wide availability of satellite messenging on consumer phones. I'm guessing that's really changed the situation quite a bit.
The cell network routinely does TDoA triangulation in order to help choose which tower should serve the client mobile device. Accuracy is about 20m, and may be better at 5G frequencies. 911 gets the location from the mobile network provider, but the network provider could provide it to anyone, and they do.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
In the UK, it happens when you call 999 or 112. I don't think 911 is supported, although it probably should be (it'd be a mess to get everyone to agree to add it to their routing tables, but I bet there's a nonzero proportion of people who watch American TV programmes and think the emergency number is 911 - or, for that matter, American tourists).
When you dial 999 it forwards your phone's GPS location if it has a lock to the provider, who then forwards it on to one of the 999 call handling centres in the UK, who then in turn forward that on to the appropriate emergency service control room. All the various services use various different products for telephony and dispatch but they will show the incoming location, and often will prepopulate an incident with the location.
The system that does this is called "EISEC" - Enhanced Information Service for Emergency Calls - and has a lot of cool stuff defined in the spec (which is publically available! You can just go and read it! BT offer a "Supplier's Information Note" with the protocol and details of how the information is encoded) that also handles calls from landlines. These are easy - your telephone provider knows where you live. OMG! The phone company know where I live? Yes, dumbass, they pulled a wire right into your house, of course they know where it is. For VoIP the situation is a little different but you can notify your VoIP provider of the location that the number is being used at, and it'll inject that into the EISEC request.
You can do other cool stuff like if you've got fixed mobile telephone in a vehicle, you can assign the make, model, registration number, colour, and so on in the EISEC database, so given a call from a phone number they know what car they're looking for. No-one uses this.
The very great majority of calls coming in to 999 are from mobiles. It's extremely rare to get one from a landline.
None of the providers use triangulation for determining where a phone is, it's all GPS.
- Kröger, Jacob Leon; Raschke, Philip (2019). "Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping". Data and Applications Security and Privacy XXXIII. Lecture Notes in Computer Science. Vol. 11559. pp. 102–120. doi:10.1007/978-3-030-22479-0_6. ISBN 978-3-030-22478-3. ISSN 0302-9743.
- Schneier, Bruce (5 December 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Archived from the original on 12 January 2014. Retrieved 13 December 2009.
- McCullagh, Declan; Anne Broache (1 December 2006). "FBI taps cell phone mic as eavesdropping tool". CNet News. Archived from the original on 10 November 2013. Retrieved 14 March 2009.
- Odell, Mark (1 August 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 14 March 2009.
- "Telephones". Western Regional Security Office (NOAA official site). 2001. Archived from the original on 6 November 2013. Retrieved 22 March 2009.
- "Can You Hear Me Now?". ABC News: The Blotter. Archived from the original on 25 August 2011. Retrieved 13 December 2009.
- Lewis Page (26 June 2007). "Cell hack geek stalks pretty blonde shocker". The Register. Archived from the original on 3 November 2013. Retrieved 1 May 2010.
How that works is simple: there are regulations that force that the microphone used for calling is directly connected to the "baseband", which is under control of the carrier. It has to be, because of AT&T's argument: ONE misbehaving baseband can make cell phones inoperable in an area that's up to a kilometer in diameter. So AT&T's cell towers "need" to be able to send out a signal that permanently disables a phone's transmitter.
Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)
By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.
And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.
Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...
Here is an article about baseband and baseband processors.
One of the reasons I use iPhones is that Apple controls an integrated hardware/software experience, which makes it less likely that private information is being leaked despite the presence of privacy controls.
I wouldn’t be so confident. The article even references this. Apple has used third-party baseband devices in the iPhone since the beginning, which was from other manufacturers. All bets are off regarding security when this is the case. This does included microphone access.
The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.
My provider knows who I call, who I text, which websites I browse, my bank account number, my home address, my rough location, which countries I visited for holiday and through DTMF they can even sense which buttons I press on my handset.
Eh, no? How does your provider know all your bank accounts? If at all, then the one you are using for billing - but the 2FA apps do not expose such data to the provider? The Apps communicate via HTTPS calls in the background?
The radios on the supported devices can't access the microphone, GNSS, etc.
GrapheneOS has never supported a device without an isolated cellular radio since that isolation was in place even with the initial Nexus 5 and Galaxy S4. However, some of the devices prior to Pixels did have Broadcom Wi-Fi/Bluetooth without proper isolation similar to laptops/desktops. Nexus 5X was the initial device with proper isolation for Wi-Fi/Bluetooth due to having SoC provided Wi-Fi from Qualcomm. Pixels have avoided this issue for integrating Broadcom Wi-Fi/Bluetooth. Nexus devices left this up to companies like LG, Huawei, etc. and anything not done for them by Qualcomm tended to have security neglected. Qualcomm has taken security a lot more seriously than other SoC vendors and typical Android OEMs for a long time and provides good isolation for most of the SoC components.
Don't believe everything you read about smartphone security and especially cellular radios. There are many products with far less secure cellular radios which are far less isolated but rather connected via extremely high attack surface approaches including USB which are claiming those are better. A lot of the misconceptions about cellular come from how companies market supposedly more secure products which are in reality far worse than an iPhone.
Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone and cooperating with advertising or mobile tracking compainies to aggregate that data in useful ways. If you have a phone, people that want your location have it and there is nothing you can do.
>> Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone
> False. You can:
> 1) Leave the phone at home
If you're going to be pedantic, at least be pedantically correct. The tower (and carrier) would still know the location of your phone in that case. (It just wouldn't be with you.)
Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).
This is only provided to 911 (police & fire) by carriers alongside your 911 call.
Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.
Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.
But it seems this article is arguing is that there is another (non SMS based) way of accessing the precise location data which is not so difficult to access.
GPS on my old Android takes a minute or two to get a fix every time I turn it on, and I very rarely have GPS on at the same time as the cell radio, so I doubt they're getting more than triangulation from me.
I've noticed that when I travel, I get spam calls from the area code I am visiting. I have asked my cell provider if they monetize my location data, and they swear they aren't. But I don't trust them, given that no one else (other than Apple) would know where I am in real time. Recently switched providers and haven't experienced it since then. Wouldn't be surprised if there was a class action lawsuit someday.
Of course, this doesn't require having GPS location, just cell tower info is enough.
> But I don't trust them, given that no one else (other than Apple) would know where I am in real time.
Literally every website and app you use with any kind of shared analytics/ads gets your general location just from your IP address alone, and can update your profile on that analytics/ads provider.
It is far more likely this, than your cell phone provider.
Yeah it's a possibility if they matched up ad stuff with my home location and guessed at my phone number based on that.
But if they're trying to get me to answer the phone, calling from a local number actually makes me less likely to answer. Nobody would be calling my cell phone from the city I'm visiting. I'm more likely to pick up a call if the area code is from back home.
Pure Talk. Much cheaper than AT&T, and good customer service. But I found something that was cheaper on an unlimited basis. Between that and the sketchy calls I was getting, I decided to move.
I don't believe there is a way to intentionally break this system, nor to detect with 100% certainty that it's happening.
You'd need to run an open source baseband modem with settings and logs in all the right places. I don't think those exist.
Someone might be able to exploit the Linux kernel running on Qualcomm modems and build a tool for rooted Android phones after reverse engineering the baseband, but I imagine a lot of copyright lawyers and probably law enforcement people will send you very scary letters if you document remote location tracking features like these.
Also, if you have any 4G or 5G modem, your carrier already has a pretty good idea where you are. They probably log your location too. The advanced precision and timing information necessary for high speed cellular broadband is enough to get a decent location log. That also includes other connected devices such as cars, of course.
So what irked that since my brand-new iPhone uses a Qualcomm “modem chip” (god, the slide of terminology makes my skin crawl) I won’t have access to this feature.
I wouldn’t bet on it. If the baseband modem has access to location data then it could send it without the OS being able to intervene. I don’t know about Pixels, but many devices are highly integrated now that I would want some real thorough and specific research before I trusted that an OS could block the modem from sending location data.
Nope, any modern modem have gnss builtin, even if you buy say quectel modem now you will have that included and how you can access the location through AT commands. Bottom line: anything that connects to operators tower should be assumed it is tracked.
My guess is that this data is actually used for network analytics by the carriers and to determine if the device connecting to the tower should switch to another one.
This data is vital for a mobile carrier to make sure to have a good signal coverage under all the possible conditions.
It's just a guess since I've seen similar data being analyzed in a previous telco I worked at, but I don't know their exact source. The goal there was to improve the network quality. I guess you can do the same w/o GPS, but triangulation with cell towers is very coarse.
I’d imagine that the carrier will agree not to use any data they do receive for anything but a handful of purposes, but I suppose that depends on the extent of the technical solution.
The Google Pixel 10 can give you notifications when your location is tracked in this manner as well. I turned it on and have been notified a few times.
It is interesting that we let this happen. Modern phones are very useful devices, but they're not really mandatory for the vast majority of people to actually carry around everywhere they go, in many cases they merely add some convenience or entertainment, and act to consolidate various other kinds of personal devices into just one. If you wanted, you could more often than not avoid needing one. Yet, we pretty much all carry one around anyways, intentionally, and this fact is somewhat abused because it's convenient.
Having watched a fair bit of police interrogations videos recently (don't knock it, it can be addicting) I realized that police have come to rely on cell phone signals pretty heavily to place people near the scene of a crime. This is doubly interesting. For one, because criminals should really know better: phones have been doing this for a long time, and privacy issues with mobile phones are pretty well trodden by this point. But for another, it's just interesting because it works. It's very effective at screwing up the alibi of a criminal.
I've realized that serious privacy violations which actually do work to prevent crime are probably the most dangerous of all, because it's easy to say that because these features can help put criminals behind bars, we should disregard the insane surveillance state we've already built. It's easy to justify the risks this poses to a free society. It's easy to downplay the importance of personal freedoms and privacy.
Once these things become sufficiently normal, it will become very hard to go back, even after the system starts to be abused, and that's what I think about any time I see measures like chat control. We're building our own future hell to help catch a few more scumbags. Whoever thinks it's still worth it... I'd love to check back in in another decade.
This has been the case since the e911 project in the 1990's and is mandatory. Prior to this I would reset the message waiting indicator on their phone continuously to see what cells and cell sectors they were moving through but that would basically just show what road or roads they may be on and what direction they are going very roughly. Assisting the FBI with tracking kidnappers or at least that is what they told me.
There are loads of other tags that can be set on someones phone. My favorites were priority override and caller-id blocking override. This was before SS7 spoofing was so prevalent.
I don’t think this is news to any one, even none technical people are aware of this. And it goes beyond that, gov also buy location data used by other apps like dating apps or religion apps, among others.
There actually should be a push for an EU-wide legislation banning this kind of silent, precise location data collection. If anything, Germany is obsessed with Datenschutz but in many cases it's just laughable security theater.
I did not read the article. Reason: My response is "No shit, Sherlock."
Mobile carriers have so much information about you. They know exactly where you are, what you are doing (location combined with mapping tools) combined with who you are talking to.
They know when you are at home depot, when you are the grocery store, when you are at home, when you are awake, when you are asleep, etc.
In the U.S. there are very few laws stopping them from using all your data. In the E.U. you should definitely read up, as you aren't as protected as you think you are.
Forget Nation/State nonsense. You have an active relationship with a company who, by it's very existence and your business relationship, knows what you do all day long.
Don't even get me started about the rabbit hole surrounding 'incognito'/anonymous browsing.
EDIT: You've probably heard of Man-in-the-Middle attacks, right? They are the man in the middle. They will exploit this as best they legally can (and in certain cases, without regard to legality)
The best way to protect yourself is not to play the game at all. The same goes for your ISP, FWIW.
They don't need to get your GPS location. With 4G and 5G the timing and clock precision at the basestations is enough to multi-laterate you down to about 50m (prior 3G/2G stuff was more like 100-200 meters). They are required by US law to store this multi-laterated position data track (updated every time your phone announces itself to basestations) for 2 years. But most telcos store it for more like 5+ years because it's valueable and they sell it.
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
> The limit precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.
it should be my choice to decide if I want my privacy to be infringed upon in the name of safety. It should not be up to the carrier, or the manufacturer, or first responders or any level of government to make that decision for me.
Anyone happen to know what the arguments were from those who supported that bill?
Here's a summary. In late 2016 the FCC passed a rule that:
(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services,
(2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information,
(3) adopts data security and breach notification requirements,
(4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and
(5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
The bill, introduced early in 2017, nullifies that rule.
It passed the Senate 50-48, then the House of Representatives 215-205, and was signed by Trump.
The 52 Republicans in the Senate voted 50 yes, 0 no, 2 not voting. The 47 Democrats, along with the 1 independent, voted no.
In the House the 236 Republicans voted 215 yes, 15 no, 6 not voting. The 190 Democrats all voted no.
And at the end of the day if the location is a hundred meters off... it might still not matter because it's how you frame it with other evidence beyond a reasonable doubt.
Even the article mentions this.
> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.
I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.
Phones haven't always had GPS information and they could still be tracked, if you connect to enough towers they can triangulate your location. Cell towers have been able to do this based on your signal strength for a very long time and you cant turn it off. You don't even have to have a SIM card, if the cell radio is on it pings towers period, this is why a phone even without service can dial 911 and it will work. The IMEI of your phone is unique and cell towers can track it, the government has used this and there is no way to disable it. Its not as accurate as GPS but it can be good enough to figure out a route you take and general location
> But this is not the whole truth, because cellular standards have built-in protocols that make your device silently send GNSS (i.e. GPS, GLONASS, Galileo, BeiDou) location to the carrier.
No, please read the article. No one is saying carriers cant triangulate but carriers shouldn't be able to query the gps on my device and get precise GNSS data.
> Apple made a good step in iOS 26.3 to limit at least one vector of mass surveillance, enabled by having full control of the modem silicon and firmware. They must now allow users to disable GNSS location responses to mobile carriers, and notify the user when such attempts are made to their device.
They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.
And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.
Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.
Why would they? It's basic privacy no? Just because I want to pay money to carrier to provide me with data and phone service, I shouldn't have to give up my location from my device. I expect them to know my approximate location from cell tower data.
Generally I'd not expect them actively triangulate my exact location, but I'd realise that's at least possible - but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
> but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
Where does the article claim this turns on the GPS if off?
More abuse done to us. We never agreed for our GPS coordinates to tag along with calls for some assholes to see exactly where we are.
It is tiring. I am doing something about it by making technical contributions. If you are able to do the same, please do.
"and notify the user when such attempts are made to their device."
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
> We aren't going to remove the security state
We definitely won't get rid of it if we accept failure. I get that it seems extremely unlikely, but there's no use in trying to just mitigate the risk short term. One way or another that power will be abused eventually (if it isn't already).
> We aren't going to remove the security state
What security state? They aren't doing this for anyone's safety. This is the surveillance and parallel construction state.
> What needs to happen is accountability.
No agency can have this power and remain accountable. Warrants are not an effective tool for managing this. Courts cannot effectively perform oversight after the fact.
> The only way to stop the rampant abuse is to treat data like fire.
You've missed the obvious. You should really go the other direction. Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
> They aren't doing this for anyone's safety.
Strictly speaking, this is not completely true. When you call an emergency number, it’s very good that they can see exactly where you are. That was how this was sold 15+ years ago. But of course, that’s basically the only use case when this should be available.
13 replies →
> Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
I like the idea on principle, but I'll like it far less when I'm getting charged with computer fraud or some other over-reaching bullshit law.
You people are so cynical.
Its simply made for 911 calls.
In the 2G era there was no compute space to just put in extra evil shit for fun
https://en.wikipedia.org/wiki/Radio_resource_location_servic...
7 replies →
For consequences, we need to do away with the notion of qualified immunity. Why should police officers, politicians, agents of the government have any immunity for their actions? They should carry personal liability for breaking the law and violating others’ rights. Otherwise, there is no reason they’ll change. Right now, at best you’ll sue the government and get some money, but all you’re doing is punishing other tax payers.
In the United States, qualified immunity is a legal principle of federal law that grants government officials performing discretionary (optional) functions immunity from lawsuits for damages unless the plaintiff shows that the official violated "clearly established statutory or constitutional rights of which a reasonable person would have known".
Under 42 USC § 1983, a plaintiff can sue for damages when state officials violate their constitutional rights or other federal rights.
https://en.wikipedia.org/wiki/Qualified_immunity
Qualified Immunity only sets the bar or threshold that you have to meet in order to sue.
6 replies →
Get rid of qualified immunity and enjoy no more fruit of the poisonous tree. I assume you are not familiar with the laws of evidence by your emotional position. One of the biggest problems the country faces is citizen literacy in all domains. If you improve citizen literacy across all domains you will solve all problems, until they take away our ability to vote. The "system" exploits those who cannot defend themselves.
Committing a crime and also abusing your authority to aid in the crime should be greater than the penalty for just committing that crime.
Qualified immunity is the only legal doctrine I can think of where piling on extra crimes reduces your liability.
This is exactly what GDPR does.
Does it apply to the government like it applies to people? Is it enforced against governments like it is enforced against people and corporations? A core issue here is that laws, and the application and enforcement of laws, generally do not. Having said that I applaud the attempt and encourage pushing forward on the anti-surveillance aspects of GDPR while recognizing all laws are flawed.
6 replies →
Don't cheer that any policy be applied to technology you wouldn't want applied to your own brain.
Imagine you get Neuralink and your best friend files for the right to be forgotten. Then poof. All your memories together gone.
This right is applied per entity.
If I send it to the company A, company B doesn't execute it unless they're a subsidiary of A (or A is their data controller) and my request was carefully crafted.
In the scenario you painted, that would mean that my _former_ friend has issued their request to me.
In that case? Fair. Poof if that's their wish.
Otherwise? How do you imagine it work?
1 reply →
This community should be talking about meshcore more imho.
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
This isn't great advice if it's supposed to be an alternative to text messaging with a carrier (especially if you're using encrypted RCS).
For one, meshcore doesn't do a fantastic job of protecting metadata. Advertisements include your public key, and if I'm reading this[0] right, your GPS coordinates.
Second, the default public channel uses effectively no encryption at all.
Moreover, the network doesn't exhaustively prevent someone who intercepts a packet from identifying who sent it. It's no Signal.
[0] https://deepwiki.com/meshcore-dev/MeshCore/7.1-packet-struct...
All telemetry is off by default, you have to explicitly tune it on and then optionally permit specific contacts to poll it.
The PKI is basic because these networks are tiny and merging. And running on tiny computers ($5 boards with no display)
Public channel is public and it uses the default encryption key because it's a default channel, so by definition everyone is invited to participate. Not sure what your critique is.
And no, it's not trying to be signal. It's also currently less reliable.
But it's still safer than Sms, by a country mile.
1 reply →
You aren’t reading this right. Gps sharing is off by default on meshcore.
1 reply →
Reticulum gets around a lot of these problems, as the (better) encryption is app-level (or even more fine-grained.) Its also not tied to lora, so you can interop easily with other transports. I made a websocket transport for it, and there is already TCP and UDP, and a couple non-lora radio transports. I also made a (works on web) js and Arduino client lib, and it has a few native client libs, so it can sort of be used on anything, even over traditional networks, or web clients. Meshcore and meshtastic are way more popular, but reticulum seems so much better, to me, for most things. It can still have overload problems, like any radio network, but no client is required to forward, so you can build a different kind of network ("only forward messages that are for my peeps" and marked correctly.) It also has "it costs compute PoW to send to me" which can greatly cut down on spam.
I only recently discovered Reticulum, only to then learn that the developer has retired from working on it. Do you know if there's still any community members carrying the torch?
1 reply →
Great for small networks. Once bad actors find it, it will be attacked. See gnutella as the case study on unsupervised peer to peer networks
I just read gnutella page on Wikipedia, no mention of bad actors
3 replies →
I really want to get into these Lora based mesh tools but the range in my experience is terrible. Maybe I'm doing something wrong, maybe it's a lack of nodes in my area.
I just tested the other day. I'm in the midwest US so it's winter, no leaves. I managed to get about a quarter mile before my two portable nodes couldn't talk to each other. T-Echo with muziworks whip antenna.
Without a bunch of solidly placed, high elevation, high gain antenna nodes, this just isn't really that usable.
Plus, all the other issues others have highlighted.
Height is might.
I couldn't get ANYTHING on my first/test ESP32 (Heltec v2).
Anything. I didn't see any packets. Then I finally heard one station later when I held it high on the upper floor.
The I hanged it at the top of my roof and I currently have almost 130 repeaters and room servers.
In your scenario a couple of 5W handhelds woukd work better.
But I agree the usabity is very limited. This is why I think of hanging a couple of guerilla solar repeaters in my neighborhood :)
What does this have to do with mobile carriers tracking GPS data? If you're implying we should use it instead of mobile phones that's not practical at all.
Meshcore and -tastic have the huge problem that the encryption keys are bound to the device and not the app.
I've been using the T-Deck Pro and T-Lora Pager, so the device is the app.
I agree, there's way too much going on in the firmware, just make a dumb Lora-bluetooth bridge. Hell, just integrate a Lora radio in a phone.
3 replies →
The crypto is bad and the networks are extremely low bandwidth and quite unreliable and are vulnerable to jamming or spam/overload.
I’ve deployed lots of nodes, and the technology reminds me of ipfs: people who don’t use it much vastly oversell its capabilities.
I’ve been wondering this for a while and maybe someone has a clue.
Based on the very “bursty” nature of LoRA, how much does an adversary need to spend to radiolocate it? What’s the threat model there?
$20? These networks do not try to hide your location and triangulating known frequencies is trivial.
4 replies →
You could get a rough location for free. Every time you send a message, “observer” nodes connected to the internet publish the packet, and in the packet is the repeater path taken, repeaters have known locations and the first repeater is going to be near you.
Is it open source?
Meshcore isn't, the firmwares are proprietary. Meshtastic is, but they whine about trademark stuff all the time and cry when anyone mentions Meshcore in their channels. LoRa radios themselves are all proprietary Semtech turf. I guess it's possible to run over 2.4ghz but the range predictably sucks compared to 900mhz.
1 reply →
What, protocol? Basic apps? Yes.
5 replies →
If you go hiking with friends who aren't total nerds, the proprietary options offer a more consumer-grade experience. (ie, usable by them)
If you go hiking with a bunch of people into the backcountry, you don't want to rely on the cellular network.
Handheld radios, meshtatic (not meshcore), and in 5 minutes you're set up and good to depart. Or ideally inreach indeed.
Yeah just get inreach. It works even when you're out of range of anything.
Why Meshcore over Meshtastic?
There’s lots of YouTube videos about this but basically: you can specify routing.
Meshtastic has terrible defaults (every node rebroadcasts everything, every node sends telemetry), which makes sense in the backwoods but not anywhere close to civilisation.
1 reply →
> This community should be talking about meshcore more imho.
The fundamental problem of distributed networks is that you can either have centralized control of the endpoints, or your network becomes vulnerable to denial-of-service attacks. So meshcore/meshtastic are great because they are used only by well-meaning people. If they become more popular, we'll start getting tons of spam :(
It is surprising that these networks aren't more popular. There are still many places and situation where connectivity isn't available
Because they're terrible and fall apart if more than a few score people are on the same freqency at the same time.
It's because they aren't very resilient. More of an experiment than a purpose designed tool for the, uh, current environment.
euhm, well. 112 programmer here. There are multiple levels. Cell tower triangulation come in automatically from providers. But they are only in tower numbers. They might be wrongly entered by engineers, hence the confirming question about where you are. Second is subscription information, as in registered address. Chances are if called from nearby your address, you are at your address. Next is a text to your phone number, which is intercepted by firmware and sends gps coords back. This can be turned off, since implementation.
American carriers have a different protocol than the EU. The EU (and probably EU derived networks) uses a """secret""" SMS format that's opt-in, but the 911 system works differently.
The 911 feature can be activated fully remotely, the 112 feature is supposed to only activate when dialing an emergency number.
The US one is called E911: https://en.wikipedia.org/wiki/Enhanced_911
Wait wait, so if I know the "secret" SMS format I can text someone's phone and get their coordinates back?
2 replies →
>The 911 feature can be activated fully remotely
Source? Even if the phone isn't actively doing a 911 call?
1 reply →
Did you read the article or are you merely responding to the title? The article begins by acknowledging triangulation and then moving on to the point of the article. The article is about commands built into the UMTS and LTE specs for requesting GPS from the device. Your comment seems to be about everything but the main point of the article.
Did you read the complete comment?
> Next is a text to your phone number, which is intercepted by firmware and sends gps coords back.
2 replies →
> This can be turned off, since implementation.
Not by users. The new thing is that Apple allows users to disable this feature. Hopefully they still detect emergency calls on the phone and enable it unconditionally for those.
I believe they're talking about this feature (https://support.google.com/android/answer/9319337?sjid=18079...).
This is a system you can disable as a user, but it's not the on-modem feature discussed in the article.
Note sure: In my country exactly this feature is used by police & state enforcement to find locatin, because this "ping" message is not forwarded from the modem to the OS, so the OS is not aware of any of these messages
yeah, there always was. It's a service code, like getting your imei. But it was a weird long one, and manufacturer dependent. Now UI switches are created for it apparantly. Can't find it anywhere on the internet though. I don't work there anymore, so can't look it up.
I'll ask people, because I'm in the right circles. I want to know where it works. I've been VERY clear in my messaging to HN (on the RCS issue and having ear blown out by iPhone last week) that I am not going to glaze Apple even if the new modems they built interest me. They are usually sort of a neutral to me that has me more pissed off in the recent months than usual. Maybe send me one of your new devices if you don't want me pissed off anymore.
As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?
At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)
> triangulate
Trilaterate :)
What you need iPhone Air, iPhone 16e, or iPad Pro (M5) Wi-Fi + Cellular iOS 26.3 or later
A supported carrier: Germany: Telekom United Kingdom: EE, BT United States: Boost Mobile Thailand: AIS, True
Turn limit precise location on or off
Open Settings, then tap Cellular.
Tap Cellular Data Options.
If you have more than one phone number under SIMs, tap one of your lines.
Scroll down to Limit Precise Location.
Turn the setting on or off. You might be prompted to restart your device.
Apple doc: https://support.apple.com/en-us/126101
Only Boost Mobile in the U.S. Weird. About 7.5M subscribers. Maybe it requires 5G? Wonder if it works when roaming?
https://en.wikipedia.org/wiki/Boost_Mobile
https://en.wikipedia.org/wiki/List_of_mobile_network_operato...
https://en.wikipedia.org/wiki/5G_NR
AFAIK, other than maybe some 5G, Boost Mobile just resells service from AT&T.
1 reply →
Kinda funny that the most secure phone setup in the US is an iPhone Air on Boost Mobile. Who could have predicted that!
It isn’t restricted to Boost Mobile. It is only available on devices with the C1 or C1X modem, though. I assume this is because of specifics with the third party modems that most models in the wild have vs what Apple is doing in-house with their C1(X). If you call emergency services it will still provide precise location.
3 replies →
Serious question: will this limit the ability of 911 emergency services to help you?
I can imagine a scenario where emergency servies are authorized to send the ping to get your precise location and if you disable this, you may regret it. And a major feature of some phones/watches is the ability to automatically call 911 under certain fall/crash movement detection, where you might not have the ability to re-enable your GPS location.
The feature says it doesn't restrict the ability of 911 to locate you...
But they still can track the cellular connection and do triangulation from that, no?
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
From the comments, it appears many are not aware that even the US government buys location data of users from data brokers - How the Federal Government Buys Our Cell Phone Location Data - https://news.ycombinator.com/item?id=17081684 ...
We really have a societal problem in that we allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
> We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
Thats basically the foundational idealogy of the united states. Thats not the issue.
The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.
3 replies →
> allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes. <
Somehow this reminds me about Blackwater / Xe Technologies? :-/
(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)
1 reply →
>We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.
>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.
7 replies →
I agree completely with your first paragraph, but I'm not sure what privatization has to do with it. Also, I agree that more regulation of private parties is needed. Or even better, break up the private companies that are like multi-state governments in terms of power.
This is why I advocate for making selling location/identifying data illegal. If nobody is allowed to sell it then the government cannot legally buy it.
1 reply →
Why not vote for some law limiting the government’s buying of this data? After all, I expect a say in how the government is run, so that seems like the appropriate path. I don’t see why I should expect a say in how AT&T is run. AT&T can’t raise an army, or enter my house, or shoot me.
3 replies →
Emergency services (with the proper software) have been able to get your precise location from your phone for a while now.
This isn’t a new capability and shouldn’t be surprising.
None of this should be happening without the user's knowledge and consent. Swap out your phone carrier for Facebook and it should be plainly obvious why the current state of affairs is undesirable.
I think this feature is required for emergency calls if your specific carrier is not available/in reach - in emergency mode after the phone is restarted, it does connect to any carrier when calling 911, not only yours?
2 replies →
What is it’s a mentally ill person who is about to kill themself?
That’s the majority of uses for the system in the UK. People love to run away and waste police time.
2 replies →
You know about it because your regulatory body requires the system exist.
1 reply →
I spent ~5 years volunteering for a search and rescue team in New Mexico.
We definitely got the cellphone tower triangulation data. I never once saw GNSS data provided by a carrier. We used FindMeSAR https://findmesar.com/, the subject would usually text back the coordinates from the phone.
Just one data point.
The revolution that's occurred since my SAR volunteer days is the wide availability of satellite messenging on consumer phones. I'm guessing that's really changed the situation quite a bit.
One method is a "hidden sms" which your device sends after you called the emergency number on your own merit.
The article seems to describe another system which can be involved externally.
Surely that only happens when the phone user dials 911 ?
The cell network routinely does TDoA triangulation in order to help choose which tower should serve the client mobile device. Accuracy is about 20m, and may be better at 5G frequencies. 911 gets the location from the mobile network provider, but the network provider could provide it to anyone, and they do.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
https://www.wired.com/story/jeffrey-epstein-island-visitors-...
2 replies →
You're thinking of Phase II E911 in the US.
That's true, but you can always be triangulated down a couple hundred meters by figuring out which towers you're connected to.
1 reply →
How would that work?
12 replies →
In the UK, it happens when you call 999 or 112. I don't think 911 is supported, although it probably should be (it'd be a mess to get everyone to agree to add it to their routing tables, but I bet there's a nonzero proportion of people who watch American TV programmes and think the emergency number is 911 - or, for that matter, American tourists).
When you dial 999 it forwards your phone's GPS location if it has a lock to the provider, who then forwards it on to one of the 999 call handling centres in the UK, who then in turn forward that on to the appropriate emergency service control room. All the various services use various different products for telephony and dispatch but they will show the incoming location, and often will prepopulate an incident with the location.
The system that does this is called "EISEC" - Enhanced Information Service for Emergency Calls - and has a lot of cool stuff defined in the spec (which is publically available! You can just go and read it! BT offer a "Supplier's Information Note" with the protocol and details of how the information is encoded) that also handles calls from landlines. These are easy - your telephone provider knows where you live. OMG! The phone company know where I live? Yes, dumbass, they pulled a wire right into your house, of course they know where it is. For VoIP the situation is a little different but you can notify your VoIP provider of the location that the number is being used at, and it'll inject that into the EISEC request.
You can do other cool stuff like if you've got fixed mobile telephone in a vehicle, you can assign the make, model, registration number, colour, and so on in the EISEC database, so given a call from a phone number they know what car they're looking for. No-one uses this.
The very great majority of calls coming in to 999 are from mobiles. It's extremely rare to get one from a landline.
None of the providers use triangulation for determining where a phone is, it's all GPS.
What if I told you that carriers can also activate your phone's microphone without your knowledge and listen in on your surroundings?
What if I told you there are phones out there with hardware kill switches to physically cut power to microphones, cameras, and GPS?
I would ask for your source
"Mobile phone (cell phone) microphones can be activated remotely, without any need for physical access"
https://en.wikipedia.org/wiki/Covert_listening_device#Remote...
And the linked sources are:
- Kröger, Jacob Leon; Raschke, Philip (2019). "Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping". Data and Applications Security and Privacy XXXIII. Lecture Notes in Computer Science. Vol. 11559. pp. 102–120. doi:10.1007/978-3-030-22479-0_6. ISBN 978-3-030-22478-3. ISSN 0302-9743.
- Schneier, Bruce (5 December 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Archived from the original on 12 January 2014. Retrieved 13 December 2009.
- McCullagh, Declan; Anne Broache (1 December 2006). "FBI taps cell phone mic as eavesdropping tool". CNet News. Archived from the original on 10 November 2013. Retrieved 14 March 2009.
- Odell, Mark (1 August 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 14 March 2009.
- "Telephones". Western Regional Security Office (NOAA official site). 2001. Archived from the original on 6 November 2013. Retrieved 22 March 2009.
- "Can You Hear Me Now?". ABC News: The Blotter. Archived from the original on 25 August 2011. Retrieved 13 December 2009.
- Lewis Page (26 June 2007). "Cell hack geek stalks pretty blonde shocker". The Register. Archived from the original on 3 November 2013. Retrieved 1 May 2010.
1 reply →
How that works is simple: there are regulations that force that the microphone used for calling is directly connected to the "baseband", which is under control of the carrier. It has to be, because of AT&T's argument: ONE misbehaving baseband can make cell phones inoperable in an area that's up to a kilometer in diameter. So AT&T's cell towers "need" to be able to send out a signal that permanently disables a phone's transmitter.
Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)
By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.
And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.
Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...
Here is an article about baseband and baseband processors.
https://www.extremetech.com/computing/170874-the-secret-seco...
11 replies →
One of the reasons I use iPhones is that Apple controls an integrated hardware/software experience, which makes it less likely that private information is being leaked despite the presence of privacy controls.
I wouldn’t be so confident. The article even references this. Apple has used third-party baseband devices in the iPhone since the beginning, which was from other manufacturers. All bets are off regarding security when this is the case. This does included microphone access.
The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.
2 replies →
I empathize with the sentiment, but in reality Apple is as lazy as anyone else: https://www.technologyreview.com/2019/07/29/134008/apple-con...
3 replies →
My provider knows who I call, who I text, which websites I browse, my bank account number, my home address, my rough location, which countries I visited for holiday and through DTMF they can even sense which buttons I press on my handset.
Eh, no? How does your provider know all your bank accounts? If at all, then the one you are using for billing - but the 2FA apps do not expose such data to the provider? The Apps communicate via HTTPS calls in the background?
3 replies →
what about Graphene?
GrapheneOS only supports devices with isolated radios including but not limited to cellular. It's one of the hardware requirements:
https://grapheneos.org/faq#future-devices
The radios on the supported devices can't access the microphone, GNSS, etc.
GrapheneOS has never supported a device without an isolated cellular radio since that isolation was in place even with the initial Nexus 5 and Galaxy S4. However, some of the devices prior to Pixels did have Broadcom Wi-Fi/Bluetooth without proper isolation similar to laptops/desktops. Nexus 5X was the initial device with proper isolation for Wi-Fi/Bluetooth due to having SoC provided Wi-Fi from Qualcomm. Pixels have avoided this issue for integrating Broadcom Wi-Fi/Bluetooth. Nexus devices left this up to companies like LG, Huawei, etc. and anything not done for them by Qualcomm tended to have security neglected. Qualcomm has taken security a lot more seriously than other SoC vendors and typical Android OEMs for a long time and provides good isolation for most of the SoC components.
Don't believe everything you read about smartphone security and especially cellular radios. There are many products with far less secure cellular radios which are far less isolated but rather connected via extremely high attack surface approaches including USB which are claiming those are better. A lot of the misconceptions about cellular come from how companies market supposedly more secure products which are in reality far worse than an iPhone.
1 reply →
At this point I would be mildly surprised.
I would not believe you until you provided actual evidence.
Why, do you think it's the sort of thing you're likely to say?
Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone and cooperating with advertising or mobile tracking compainies to aggregate that data in useful ways. If you have a phone, people that want your location have it and there is nothing you can do.
False. You can:
1) Leave the phone at home
2) Use a phone with a hardware toggle switch that physically kills power to the cell modem, or turn off the phone and put it in a tested Faraday bag
3) Conspire with other citizens to make such location tracking illegal and to enforce that law
I’m tired of privacy doomerism. You have options, use them.
> If you have a phone, people that want your location have it and there is nothing you can do.
> False. You can: 1) Leave the phone at home
Then you dont have a phone, do you? Come on you are being pedantic for no reason.
5 replies →
>> Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone
> False. You can: > 1) Leave the phone at home
If you're going to be pedantic, at least be pedantically correct. The tower (and carrier) would still know the location of your phone in that case. (It just wouldn't be with you.)
Also, run an OS that doesn't allow every running process to read your GPS location. And allows you to turn off your cell modem.
So... Ericsson has a backdoor into every RAN and Core equipment they sell?
911 Product guy here...
TL;DR, this is nothing new.
Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).
This is only provided to 911 (police & fire) by carriers alongside your 911 call.
Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.
Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.
https://en.wikipedia.org/wiki/Enhanced_911
But it seems this article is arguing is that there is another (non SMS based) way of accessing the precise location data which is not so difficult to access.
GPS on my old Android takes a minute or two to get a fix every time I turn it on, and I very rarely have GPS on at the same time as the cell radio, so I doubt they're getting more than triangulation from me.
Yes but triangulation is really good. In cities it is pretty much down to an individual building due to the existence of many small cells.
I've noticed that when I travel, I get spam calls from the area code I am visiting. I have asked my cell provider if they monetize my location data, and they swear they aren't. But I don't trust them, given that no one else (other than Apple) would know where I am in real time. Recently switched providers and haven't experienced it since then. Wouldn't be surprised if there was a class action lawsuit someday.
Of course, this doesn't require having GPS location, just cell tower info is enough.
> But I don't trust them, given that no one else (other than Apple) would know where I am in real time.
Literally every website and app you use with any kind of shared analytics/ads gets your general location just from your IP address alone, and can update your profile on that analytics/ads provider.
It is far more likely this, than your cell phone provider.
Those websites don't have my phone number.
4 replies →
I'd be looking at ad networks rather than telcos in this case. https://www.eff.org/deeplinks/2026/01/google-settlement-may-...
Yeah it's a possibility if they matched up ad stuff with my home location and guessed at my phone number based on that.
But if they're trying to get me to answer the phone, calling from a local number actually makes me less likely to answer. Nobody would be calling my cell phone from the city I'm visiting. I'm more likely to pick up a call if the area code is from back home.
Use a VPN next time.
Does it still happen?
Name and shame. Which provider were you having this experience on? (If you don't mind sharing since you're no longer with them.)
Pure Talk. Much cheaper than AT&T, and good customer service. But I found something that was cheaper on an unlimited basis. Between that and the sketchy calls I was getting, I decided to move.
What are the alternative steps that we can take in Android? How to check if it is happening?
I don't believe there is a way to intentionally break this system, nor to detect with 100% certainty that it's happening.
You'd need to run an open source baseband modem with settings and logs in all the right places. I don't think those exist.
Someone might be able to exploit the Linux kernel running on Qualcomm modems and build a tool for rooted Android phones after reverse engineering the baseband, but I imagine a lot of copyright lawyers and probably law enforcement people will send you very scary letters if you document remote location tracking features like these.
Also, if you have any 4G or 5G modem, your carrier already has a pretty good idea where you are. They probably log your location too. The advanced precision and timing information necessary for high speed cellular broadband is enough to get a decent location log. That also includes other connected devices such as cars, of course.
You can probably trivially shield the GPS with an aluminium foil sticker once you know where the antenna is. The GPS sgnal is very weak.
I think the GPS antenna is either omnidirectional or very nearly so., since my phone can get location in many orientations.
So I don't think a single foil sticker would make much difference.
So what irked that since my brand-new iPhone uses a Qualcomm “modem chip” (god, the slide of terminology makes my skin crawl) I won’t have access to this feature.
Enemy of the State was accurate in 1998
I wonder if graphene on pixel is immune to these remote requests??
I wouldn’t bet on it. If the baseband modem has access to location data then it could send it without the OS being able to intervene. I don’t know about Pixels, but many devices are highly integrated now that I would want some real thorough and specific research before I trusted that an OS could block the modem from sending location data.
Nope, any modern modem have gnss builtin, even if you buy say quectel modem now you will have that included and how you can access the location through AT commands. Bottom line: anything that connects to operators tower should be assumed it is tracked.
It is not.
Anyone know why apple specifies this feature requires a supported carrier? Why would the carrier matter?
Phones are jammed full of features that get disabled or enabled on a per carrier and per country basis.
Most of those features are not user visible and are compatibility hacks - ie. "use lower profile in video calls if country = FR".
My guess is that this data is actually used for network analytics by the carriers and to determine if the device connecting to the tower should switch to another one.
This data is vital for a mobile carrier to make sure to have a good signal coverage under all the possible conditions.
It's just a guess since I've seen similar data being analyzed in a previous telco I worked at, but I don't know their exact source. The goal there was to improve the network quality. I guess you can do the same w/o GPS, but triangulation with cell towers is very coarse.
I’d imagine that the carrier will agree not to use any data they do receive for anything but a handful of purposes, but I suppose that depends on the extent of the technical solution.
The Google Pixel 10 can give you notifications when your location is tracked in this manner as well. I turned it on and have been notified a few times.
It is interesting that we let this happen. Modern phones are very useful devices, but they're not really mandatory for the vast majority of people to actually carry around everywhere they go, in many cases they merely add some convenience or entertainment, and act to consolidate various other kinds of personal devices into just one. If you wanted, you could more often than not avoid needing one. Yet, we pretty much all carry one around anyways, intentionally, and this fact is somewhat abused because it's convenient.
Having watched a fair bit of police interrogations videos recently (don't knock it, it can be addicting) I realized that police have come to rely on cell phone signals pretty heavily to place people near the scene of a crime. This is doubly interesting. For one, because criminals should really know better: phones have been doing this for a long time, and privacy issues with mobile phones are pretty well trodden by this point. But for another, it's just interesting because it works. It's very effective at screwing up the alibi of a criminal.
I've realized that serious privacy violations which actually do work to prevent crime are probably the most dangerous of all, because it's easy to say that because these features can help put criminals behind bars, we should disregard the insane surveillance state we've already built. It's easy to justify the risks this poses to a free society. It's easy to downplay the importance of personal freedoms and privacy.
Once these things become sufficiently normal, it will become very hard to go back, even after the system starts to be abused, and that's what I think about any time I see measures like chat control. We're building our own future hell to help catch a few more scumbags. Whoever thinks it's still worth it... I'd love to check back in in another decade.
Mobile carriers can get your GPS location
This has been the case since the e911 project in the 1990's and is mandatory. Prior to this I would reset the message waiting indicator on their phone continuously to see what cells and cell sectors they were moving through but that would basically just show what road or roads they may be on and what direction they are going very roughly. Assisting the FBI with tracking kidnappers or at least that is what they told me.
There are loads of other tags that can be set on someones phone. My favorites were priority override and caller-id blocking override. This was before SS7 spoofing was so prevalent.
I don’t think this is news to any one, even none technical people are aware of this. And it goes beyond that, gov also buy location data used by other apps like dating apps or religion apps, among others.
I'd be curious about alternatives like lte/5g hotspots, maybe even a DIY versions using hats or modules.
There actually should be a push for an EU-wide legislation banning this kind of silent, precise location data collection. If anything, Germany is obsessed with Datenschutz but in many cases it's just laughable security theater.
They can also just use math on their connection logs.
That would almost certainly not get anywhere near the accuracy of a GPS location.
I did not read the article. Reason: My response is "No shit, Sherlock."
Mobile carriers have so much information about you. They know exactly where you are, what you are doing (location combined with mapping tools) combined with who you are talking to.
They know when you are at home depot, when you are the grocery store, when you are at home, when you are awake, when you are asleep, etc.
In the U.S. there are very few laws stopping them from using all your data. In the E.U. you should definitely read up, as you aren't as protected as you think you are.
Forget Nation/State nonsense. You have an active relationship with a company who, by it's very existence and your business relationship, knows what you do all day long.
Don't even get me started about the rabbit hole surrounding 'incognito'/anonymous browsing.
EDIT: You've probably heard of Man-in-the-Middle attacks, right? They are the man in the middle. They will exploit this as best they legally can (and in certain cases, without regard to legality)
The best way to protect yourself is not to play the game at all. The same goes for your ISP, FWIW.
They don't need to get your GPS location. With 4G and 5G the timing and clock precision at the basestations is enough to multi-laterate you down to about 50m (prior 3G/2G stuff was more like 100-200 meters). They are required by US law to store this multi-laterated position data track (updated every time your phone announces itself to basestations) for 2 years. But most telcos store it for more like 5+ years because it's valueable and they sell it.
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
What law requires carriers to keep Cell Site Location Information for 2 years?
Removing this ability also prevents emergency services from determining device location in case its owner goes missing.
No
> The limit precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.
https://support.apple.com/en-us/126101
That’s when a person in distress is making the call. I was describing the situation where someone else is making the call.
it should be my choice to decide if I want my privacy to be infringed upon in the name of safety. It should not be up to the carrier, or the manufacturer, or first responders or any level of government to make that decision for me.
Can't this can be done in a less invasive way by whitelisting the emergency numbers and putting an extra button somewhere that sends the location?
Well yes. People have gone missing since there were people on Earth.
The fact that something has some good side effects does not make it good or even reasonable.
No? If the device is connected to a cell, they can still triangulate it just like normal.
In an emergency you might really want GPS precision.
2 replies →
Cell tower triangulation does not provide the same precision as GPS.
Triangulation does not provide granularity needed for emergency response.
You want EMS looking for a needle in a haystack while you are suffering a heart attack?
4 replies →
And this is how they’re able to track all of us, they’re triggering our fear response to give up our civil liberties.
Classic "government is evil" (but only western ones) (mentions Israel ofc) Good one.
https://en.wikipedia.org/wiki/Radio_resource_location_servic...
None of this matters. Your rights were taken away buy the corrupt ghouls supposedly "representing" you.
2017 Broadband Consumer Privacy Proposal
https://www.congress.gov/bill/115th-congress/senate-joint-re...
Anyone happen to know what the arguments were from those who supported that bill?
Here's a summary. In late 2016 the FCC passed a rule that:
(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services,
(2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information,
(3) adopts data security and breach notification requirements,
(4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and
(5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
The bill, introduced early in 2017, nullifies that rule.
It passed the Senate 50-48, then the House of Representatives 215-205, and was signed by Trump.
The 52 Republicans in the Senate voted 50 yes, 0 no, 2 not voting. The 47 Democrats, along with the 1 independent, voted no.
In the House the 236 Republicans voted 215 yes, 15 no, 6 not voting. The 190 Democrats all voted no.
Do they really need it? They can likely triangulate you without GPS regardless.
Cell tower triangulation does not provide the same precision as GPS.
What makes you think cell tower triangulation is the only data point being exploited to minimize position error?
10 replies →
And at the end of the day if the location is a hundred meters off... it might still not matter because it's how you frame it with other evidence beyond a reasonable doubt.
Even the article mentions this.
> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.
I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.
2 replies →
>Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres
It was 5 meters back in 2006 in urban areas.
Even if you have an Apple in-house modem, seems it can only be disabled with select carriers:
> Germany: Telekom > United Kingdom: EE, BT > United States: Boost Mobile > Thailand: AIS, True
So turning this "off" on other carriers results in GPS data still shipped off?
All over southern California and Nevada, facial recognition cameras have been put up aiming all four directions at most surface street intersections.
It’s also illegal to sell new cars without a cell modem in them.
The phones are the least of our worries.
Which jurisdiction is it illegal to sell new cars without a cell modem?
I honestly thought this has always been the case.
Phones haven't always had GPS information and they could still be tracked, if you connect to enough towers they can triangulate your location. Cell towers have been able to do this based on your signal strength for a very long time and you cant turn it off. You don't even have to have a SIM card, if the cell radio is on it pings towers period, this is why a phone even without service can dial 911 and it will work. The IMEI of your phone is unique and cell towers can track it, the government has used this and there is no way to disable it. Its not as accurate as GPS but it can be good enough to figure out a route you take and general location
https://www.rfwireless-world.com/terminology/cellular-tower-...
The article is not about cell tower triangulation
FTA:
> But this is not the whole truth, because cellular standards have built-in protocols that make your device silently send GNSS (i.e. GPS, GLONASS, Galileo, BeiDou) location to the carrier.
[dead]
[dead]
[dead]
[dead]
In other news, the sky is up
How is this news?
Why wouldn't carriers be able to ask your phone about what it thinks its location is?
No, please read the article. No one is saying carriers cant triangulate but carriers shouldn't be able to query the gps on my device and get precise GNSS data.
> Apple made a good step in iOS 26.3 to limit at least one vector of mass surveillance, enabled by having full control of the modem silicon and firmware. They must now allow users to disable GNSS location responses to mobile carriers, and notify the user when such attempts are made to their device.
Please reread OPs comment
They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.
And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.
Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.
I did read the article fine, thanks for asking.
The crux of the argument seems to come from this
> It’s worth noting that GNSS location is never meant to leave your device. GNSS coordinates are calculated entirely passively.
OK so? The fact that GPS is calculated passively means nothing about the phone being asked what its position is after the fact.
The article admits this capability is no secret
> These capabilities are not secrets but somehow they have mostly slid under the radar of the public consciousness.
If the article just wants to say phones should block that ability, fine. But don't pretend this is some shady BS.
1 reply →
The can ask but your phone maybe doesn’t have to tell them by default / you can opt out
Why would they? It's basic privacy no? Just because I want to pay money to carrier to provide me with data and phone service, I shouldn't have to give up my location from my device. I expect them to know my approximate location from cell tower data.
Generally I'd not expect them actively triangulate my exact location, but I'd realise that's at least possible - but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
It's all in the small print or acquired by deception.
> but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
Where does the article claim this turns on the GPS if off?
1 reply →
There's a difference in precision between cell tower triangulation and GPS. From 10-100 meters down to 1.
The cell network does not need to know where you are down to the meter and phones have no business giving this information up.