EFF should buy access and track all the cops who have access then list the locations against known drug suppliers and brothels etc.
Why bother with warrants when cops can buy location data for under $10k?
For less than $10,000, and without a warrant, cops can buy large amounts of location data on private citizens and track people's movements over long periods of time. Fog Data Science is a data broker that claims it collects [PDF] 15 billion sets of data points daily from 250 million US devices every month sourced from "tens of …
COMMENTS
-
-
Friday 2nd September 2022 06:54 GMT b0llchit
Re: What about non-US users of these apps?
It would probably be brushed away under the "legitimate interest" banner. Whether that is a valid reason or not does not matter. But you need to go through a lot of procedure before you can prove them wrong.
The real problem is to show that you have standing. How do you know that they tracked you when you do not have access to the data?
-
-
-
Friday 2nd September 2022 14:38 GMT Anonymous Coward
Re: What about non-US users ?
Anybody out there still using Android, anywhere? I'm in UK but don't see it being different elsewhere.
I've recently involuntarily downgraded to Android 12 (Moto G50, fwiw).
I no longer seem to be able to use SMS/MMS for text messages etc.
It seems to want to use internet data rather than telco SMS.
I'm not best pleased.
No more for just now as I'm pushed for time.
-
-
-
-
Friday 2nd September 2022 00:41 GMT Auntie Dix
The FTC Must Move More Quickly and Cast a Much Wider Net
"Fog Data Science is a data broker that claims it collects...15 billion sets of data points daily from 250 million US devices every month sourced from 'tens of thousands' of mobile apps with tracking code included."
Get an injunction. Force revelation of the "'tens of thousands' of mobile apps" and shut down all of them immediately.
Cut off funding for police to use the data-crooks' databases.
Throw out any case where police use this data to subvert getting a proper warrant.
-
Friday 2nd September 2022 01:01 GMT Falmari
Blah blah Software's privacy policies blah blah blah
"The biz told AP it buys its data legitimately from apps as per the software's privacy policies and user agreements."
Same old excuse, but is it true?
These investigation are always incomplete. The investigation should also include what the privacy policies actually are and where and when the user sees them.
Surely the investigation could also check some aps that use the tracking sdks that the biz is collecting data from. To see if that excuse is true.
Maybe the EFF could create an app using the sdk the the biz gets data from. Then see what a privacy agreement would have to contain to get the app into Googles and Apples stores. They could even download the app on to testers phones. Purchase data from the biz and see if those phones turn up in the data.
Then we might know if blah blah data legitimately blah blah software's privacy policies blah blah blah is true. I bet you find it is not true.
-
Friday 2nd September 2022 01:15 GMT martinusher
Its how we get around this pesky Bill of Rights
The Bill of Rights, those amendments to our Constitution that spell out what the government can and can't do, This tends to roadblock otherwise sensible legislation. For example, we can't go around applying universal ANPR and using it to automatically ticket people who are in the wrong lane or whatever because it falls foul of things like probable cause, illegal search and seizure and self-incrimination. Hand the job off to a private company, though, and its a completely different story. Its a win/win -- a willing customer for all those technological boondoggles that can spy and probe and a clean way of running mass surveillance without all those annoying legal issues.
Incidentally, there's nothing like "commercial confidentiality" for riding roughshod over disclosure laws.
-
Friday 2nd September 2022 03:33 GMT An_Old_Dog
"Datawashing" is tbe new "Money Laundering"
It seems like a lot of boogum for the prosecutors to show up in court and say, "This location data we paid a third party for shows the accused was at the scene of the crime at date-and-time X", without also having to show the chain of custody and proving the legality of the collection and transfer of that data at each step.
-
-
Friday 2nd September 2022 08:39 GMT Spazturtle
Re: "Datawashing" is tbe new "Money Laundering"
The US courts have already ruled that private companies hired by the police or prosecutors are not required to reveal their internal process and that the defence has no right to that data.
There was a case a few years ago, the police had a DNA sample but the first few labs they approached said that it was too degraded and contained an incomplete DNA sequence, and thus couldn't be reliably matched to a specific person as there would be too many matches to the partial sequence. Then they found another lab that said that they had a proprietary algorithm that could get a match. They used this match to arrest and charge somebody and the court ruled that the defence was not allowed to have the algorithm audited as it would violate the company's IP rights. The guy got convicted as juried hear 'DNA match' and think 'guilty'.
-
-
-
-
Friday 2nd September 2022 04:45 GMT Anonymous Coward
So.....if you want to avoid Fog, the NSA, GCHQ.....and all the other snoops....
(1) Burner phone.....SIM and pay-as-you-go minutes both for cash
(2) Minimum (perhaps zero) apps on the phone
(3) Phone only ever switched on in public places, never at home or at the office
(4) Take care to ensure that when making credit card purchases, the burner is switched off
(5) Make sure that anyone who PHONES or TEXTS to the burner knows that THEIR PRIVACY is at stake too!!
(6) New application of step #1 maybe every few months!!
Still, it's a pity that billions of folk out there SIMPLY DO NOT CARE!!!
-
Friday 2nd September 2022 08:41 GMT Pascal Monett
Re: (3) Phone only ever switched on in public places, never at home or at the office
I would think the reverse : phone only switched on at home or at the office.
The goverment already has that data from other sources. Where you go, on the other hand, should be your own private business, unless there's an emergency.
-
Friday 2nd September 2022 10:19 GMT Anonymous Coward
Re: (3) Phone only ever switched on in public places, never at home or at the office
@Pascal_Monett
True.....for your "normal" phone......but absolutely not true for a "burner"...
....remember......the idea of a "burner" is that the owner is anonymous, and cannot be linked to any account or to any regular location.
The original AC in this thread failed to mention the "normal" use of a "normal" phone......but the instructions #1 though #5 seem reasonable for a "burner".
-
-
Friday 2nd September 2022 11:34 GMT Anonymous Coward
Re: So.....if you want to avoid Fog, the NSA, GCHQ.....and all the other snoops....
Neither works. It is impossible to get your own SIM card even pay as you go without getting identified and registered unless of course you get it in the black market. Once you are identified it does not matter the phone anymore which type as the very nature of cellular network places you in one cell with location of the network after that and by triangulation of signals from adjacent cells they will know very accurately where you position. These is not movies or sci-fi agencies already have these type of capabilities thanks to collaborating telecom operators. If the telecom operators give the info on warranty or real time that anoo question. I would assume Homeland security or similar agencywould not need such warranty as they have the opportunity excuse of preventing real time threats and because the the issue is a split issue.They are tracking anonymous phone device identifier. The warrant would only be needed when they want to establish relationship between the device and the owner identify.
-
Friday 2nd September 2022 12:41 GMT Updraft102
Re: So.....if you want to avoid Fog, the NSA, GCHQ.....and all the other snoops....
How is it impossible to get a SIM card without registering? You go in, buy the starter kit with cash, walk out the door with the phone and SIM still not activated. This was how I did it with my "burner" phone that I used for more than 10 years!
-
Friday 2nd September 2022 12:42 GMT Anonymous Coward
Re: So.....if you want to avoid Fog, the NSA, GCHQ.....and all the other snoops....
@AC ... Quote: "...It is impossible to get your own SIM card even pay as you go ..."
In the UK, there are THOUSANDS of convenience stores selling SIMs and minutes for cash.....and with NO ATTEMPT AT ALL to get a name or an address or an account. In the UK, no "black market" required. In the UK, "burners" are not only possible, but very common!! Notice also that a UK "burner" may have roaming privileges in other countries!!
Of course, I do not know where you live. In other countries, what you say may be true!!
-
-
Friday 2nd September 2022 12:03 GMT Anonymous Coward
Re: So.....if you want to avoid Fog, the NSA, GCHQ.....and all the other snoops....
Those whose business entails a need to stay anonymous will know better than follow this user's misguided recommendations. Others will simply be wasting their time and money, as the "advice" given is incredibly useless.
-
Friday 2nd September 2022 12:36 GMT Updraft102
Re: So.....if you want to avoid Fog, the NSA, GCHQ.....and all the other snoops....
All you need to defeat this particular privacy violation is to have the device not have a persistent ID. The IMEI and IMSI are not readable to user apps, so Android phones use an advertising ID, generated (I believe) when the Google account is attached to the device. It is meant to be persistent.
So, instead, just have that advertising ID change each time it is queried. If the apps report a different advertising ID each time they have some bit of data, it does not build a mass of data that begins to clearly describe one specific individual. A datum by itself, not connected to anything else, is useless.
This is why I like Micro-G for degoogled (formerly) Android devices in lieu of Google apps. It does exactly this.
-
Friday 2nd September 2022 17:10 GMT æ¡æ²¢å¢¨
Re: So.....if you want to avoid Fog, the NSA, GCHQ.....and all the other snoops....
This seems like way too much work to achieve privacy on a phone, and for minimal phone functionality. Remember if you make calls or text, those are unencrypted, and you don't really have a way of verifying that your phone is actually off when it's off (this seems absurd, but look into it!). You also wouldn't really be able to stay in touch with people anyways, since your number changes every couple of months. Forget all about it if you have an android version that came from the manufacturer, because you're going to be tracked no matter what settings you toggle, and you can't even change the OS because you don't have root access to your own device! If I were you, I would just not use a cell phone at all, which would be easier and even more private.
For those now wondering how they're supposed to have a private phone, look towards installing custom android roms, or using linux phones (the one I have my eye on is the pinephone). From there, look into smaller details such as MAC address randomization. Even with a custom rom or linux phone, cell towers can still triangulate your location, but to get around this, keep mobile data off whenever possible and maybe wrap it in foil to make sure no signals from the hardware itself are trying to talk to the towers. Pinephone users have this one down because they have hardware kill switches. Consider watching Luke Smith's video talking about custom roms here https://www.youtube.com/watch?v=1PVvcJtwDm4
-
-
-
This post has been deleted by its author
-
-
Friday 2nd September 2022 15:16 GMT flayman
Don't let any old app access your location data!
I have two apps that are allowed to access location, and only when they are in use. These are Google Maps and the Shell application for using pay at the pump. If you agree to have an app access location data all the time and the terms allow that data to be sold, then I don't have a lot of sympathy.
-
Friday 2nd September 2022 17:40 GMT Dimmer
Re: Don't let any old app access your location data!
Think of your phone being rooted. What you change in the settings will not have the desired effect.
To test this, grab a laptop with wireshark on it. Plug it into a destination mirrored port on a switch.
Pass the wireless wan connection thru the switch using the source mirror port.
Turn off cellular on the phone and attach to your wireless.
You will see that there is nothing on the phone you can change (without a bit of hacking) that will stop it completely from calling home.
I went one step further and did a tunnel all on the phone to a firewall and blocked stuff there. It went around the vpn.
I want an app that will send out bogus location info to make me look like I am in lots of locations.
I would buy that in a heartbeat.
-
Saturday 3rd September 2022 05:35 GMT Anonymous Coward
Re: Don't let any old app access your location data!
I have such an app for you, and good news is that it's free for privacy focused folk like yourself.
(but quite expensive for the customers who pay to have their position pushed to someone else's phone when they would prefer not to be trackable )
-
Saturday 3rd September 2022 10:29 GMT flayman
Re: Don't let any old app access your location data!
I don't think that's the kind of data we're talking about. The article is only talking about installed apps that have access to location data. Anything else is just Google or Apple doing whatever they think they can and should, which is probably too much, but they are not going to be selling that data to third parties or turning it over to the authorities without a warrant. Anyone who is that paranoid needs to switch off the phone when they don't want to be tracked.
-
-
Friday 2nd September 2022 23:20 GMT martinusher
Re: Don't let any old app access your location data!
This morning my phone greeted me by telling me not only that I was in Kingman, Arizona, three years ago but proceeded to tell me all sorts of good stuff. Like everywhere I'd been visiting away from home over the last few years -- dates, locations and what have you. It also included some other handy statistics -- apparently I'd driven 2600 miles or so in the last year, cycled 53 miles and spent 40 something hours in a casino. The casino's interesting since I don't gamble and I haven't set foot in one for three years or so (they're a good place to stay and the food's decent)....I wonder if its omnipresent microphone has picked up the sounds of cards being shuffled at the various bridge games I get dragged off to and put two and two together? (...and made five)
Owning a cellphone is a bit like one of those ankle monitor things, just better designed (and unlike the real thing you pay for it). I don't even use the thing that much but they've got my number. Literally.
-