Boffins propose Pretty Good Phone Privacy to end pretty invasive location data harvesting by telcos Computer science boffins have devised a way to prevent the location of mobile phone users from being snarfed and sold to marketers, though the technique won't affect targeted nation-state surveillance. "We solve something that had previously been thought impossible – achieving location privacy in mobile networks," Paul Schmitt …
"But just because it's legal doesn't mean that MVNOs will rush to disavow data sales revenue and to implement technology that puts their customers' interests above their own."
Without legislation, this is just an academic paper. Great work and a novel solution that, unfortunately, no companies, be they MVNOs or their data customers, is asking for.
It's time for governments to act in the interest of their constituents instead of their contributors. I'm not holding my breath.
Reductio ad Absurdum
https://en.wikipedia.org/wiki/Reductio_ad_absurdum
sorry, had to be said
we NEED privacy, it is a basic right, that we have tried to maintain for millenia,
we have doors on bathrooms for example ?
but yea, NO Co is ever going to shoot that particular golden egg laying avian financial incentive until it IS made law, and by law, I mean the real thing, not something with enough loopholes to allow said incentive to take flight and start again :oP
> I agree and if you need legislation to make them use this solution why not instead make it illegal to sell this data instead.
Because then that's an endless arms race of what is and isn't legal, with small modifications each time. Just preventing the entire possibility in the first place would be better.
It's an interesting idea, which could be taken up by some vendors to include as an option in the standards.
I would like to see operators offer this as an option for their MVNOs. Then, even without legislation, this could be used by MVNOs who wish to promote their privacy as a competitive differentiator (for example, maybe someone like AAISP might choose to offer this). Legislation (to require all MVNOs to use this) could follow some time later.
Initially only MVNOs one would be likely to trust anyway would use it (but even then they can say "look - even if Dido Harding became our CEO she wouldn't be able to screw up your privacy"). But it could become a valuable competitive feature in time.
This post has been deleted by its author
If I'm a 5ms ping time away from you, I could be hundreds of miles away. Unless you think that having telcos know what country you're in at the time matters, that's fine. Let them have a circle that big around my location.
The phone could deliberately add some delay based on how long the phone itself measures the ping time as. If it knows say 30ms is the point where voice communication starts to suffer, and you measure 11 ms ping time, you can add say 14 ms. If you later measure 7 ms then you add 18 ms. If still later you measure 19 ms you add 6 ms. Good luck using ping times to radius out anyone when they are all in a huge circle that spans half of Europe.
The problem is more the control of the endpoint. So long as I'm connecting to a tower owned by the telco, it knows where I am. If I call via wifi, it is only how good it can geolocate that IP address. And based on where geolocation stuff thinks my home is located, that's pretty poor (almost always 30-50 miles off)
This post has been deleted by its author
This post has been deleted by its author
Drives around with wifi scanners
Creates accurate maps of wifi access points
Builds the operating system used by around 90% of the smart phones sold worldwide
Can see which wifi points are close to the phone
Can relate wifi information to information on other phones nearby
Knows everything about the user of each phone
Can build behavioral patterns based on phone proximity
In short, the proposed solution only solves half of the equation.
The article says this won't stop government surveillance. Will it affect the autolocating of the phone when calling 911? (That's US, like 999 for UK.) I suspect that uses the GPS features of the phone rather than relying on the carrier-reported location, but I'm not sure. That's actually a really useful feature - you don't have to explain in detail exactly which state, county, city, then street you're on. (Especially if the answer is "I'm not sure, I wasn't the one driving.")
If you're calling 999/911, then I'd recommend also having the what3words app installed on your phone. It can pin point your position to within 3m based of GPS data.
I'm house hunting for a place 250 miles away... I can't easily pop round to look at a place... and estate agents rarely bother putting in the exact location on the maps, nor do they give you the actual address until you book a viewing. Meaning you have to hunt around a location trying to find the property you are looking at on maps and often can't because they put the pointer in the centre of a village instead of actually on the property.
So I started asking for the what3words location from them... some couldn't be bothered, some could... I refused to deal with those that refuse too, and last time I was up there for a few days looking at half a dozen places... I dropped a few notes through doors letting the owners know that their agent is costing them viewings and potential sales because they can't be bothered to let me know 'where' the property actually is unless I make a 500 mile round trip.
And experience has shown emergency services, in the uk at least, that what3words has some major design flaws. Researchers are suggesting redesigning the algorithm and changing the choice of words, in much the same way that the International Phonetic Alphabet was created after WWII, changing the UK "able, baker, charlie, dog..." to "alpha, bravo, charlie, delta..."
M.
In the UK a combination of EISEC and Advanced Mobile Location SMS is used to geo-locate emergency service callers. This shouldn't be affected by the proposal since transmitter information and/or a phone-based AML protocol is followed.
I know a lot of people are saying nothing will change, but what this does is stop the phone companies saying that it's impossible or too expensive to implement when the relevant authority asks how privacy can be improved. Of course this will happen right after we start seeing flying pigs.
Isn't this just a "know your place" swipe at an activist using the police as the stick? Was someone in the board monitoring the activists social media accounts? I am speculating the fingerprinting and DNA swab would piss most innocent people off complaining about greedy rich people.
Big business weaponising law enforcement cannot be a new thing..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
