Why bother with warrants when cops can buy location data for under $10k? For less than $10,000, and without a warrant, cops can buy large amounts of location data on private citizens and track people's movements over long periods of time. Fog Data Science is a data broker that claims it collects [PDF] 15 billion sets of data points daily from 250 million US devices every month sourced from "tens of …
It would probably be brushed away under the "legitimate interest" banner. Whether that is a valid reason or not does not matter. But you need to go through a lot of procedure before you can prove them wrong.
The real problem is to show that you have standing. How do you know that they tracked you when you do not have access to the data?
Anybody out there still using Android, anywhere? I'm in UK but don't see it being different elsewhere.
I've recently involuntarily downgraded to Android 12 (Moto G50, fwiw).
I no longer seem to be able to use SMS/MMS for text messages etc.
It seems to want to use internet data rather than telco SMS.
I'm not best pleased.
No more for just now as I'm pushed for time.
"Fog Data Science is a data broker that claims it collects...15 billion sets of data points daily from 250 million US devices every month sourced from 'tens of thousands' of mobile apps with tracking code included."
Get an injunction. Force revelation of the "'tens of thousands' of mobile apps" and shut down all of them immediately.
Cut off funding for police to use the data-crooks' databases.
Throw out any case where police use this data to subvert getting a proper warrant.
"The biz told AP it buys its data legitimately from apps as per the software's privacy policies and user agreements."
Same old excuse, but is it true?
These investigation are always incomplete. The investigation should also include what the privacy policies actually are and where and when the user sees them.
Surely the investigation could also check some aps that use the tracking sdks that the biz is collecting data from. To see if that excuse is true.
Maybe the EFF could create an app using the sdk the the biz gets data from. Then see what a privacy agreement would have to contain to get the app into Googles and Apples stores. They could even download the app on to testers phones. Purchase data from the biz and see if those phones turn up in the data.
Then we might know if blah blah data legitimately blah blah software's privacy policies blah blah blah is true. I bet you find it is not true.
The Bill of Rights, those amendments to our Constitution that spell out what the government can and can't do, This tends to roadblock otherwise sensible legislation. For example, we can't go around applying universal ANPR and using it to automatically ticket people who are in the wrong lane or whatever because it falls foul of things like probable cause, illegal search and seizure and self-incrimination. Hand the job off to a private company, though, and its a completely different story. Its a win/win -- a willing customer for all those technological boondoggles that can spy and probe and a clean way of running mass surveillance without all those annoying legal issues.
Incidentally, there's nothing like "commercial confidentiality" for riding roughshod over disclosure laws.
It seems like a lot of boogum for the prosecutors to show up in court and say, "This location data we paid a third party for shows the accused was at the scene of the crime at date-and-time X", without also having to show the chain of custody and proving the legality of the collection and transfer of that data at each step.
The US courts have already ruled that private companies hired by the police or prosecutors are not required to reveal their internal process and that the defence has no right to that data.
There was a case a few years ago, the police had a DNA sample but the first few labs they approached said that it was too degraded and contained an incomplete DNA sequence, and thus couldn't be reliably matched to a specific person as there would be too many matches to the partial sequence. Then they found another lab that said that they had a proprietary algorithm that could get a match. They used this match to arrest and charge somebody and the court ruled that the defence was not allowed to have the algorithm audited as it would violate the company's IP rights. The guy got convicted as juried hear 'DNA match' and think 'guilty'.
(1) Burner phone.....SIM and pay-as-you-go minutes both for cash
(2) Minimum (perhaps zero) apps on the phone
(3) Phone only ever switched on in public places, never at home or at the office
(4) Take care to ensure that when making credit card purchases, the burner is switched off
(5) Make sure that anyone who PHONES or TEXTS to the burner knows that THEIR PRIVACY is at stake too!!
(6) New application of step #1 maybe every few months!!
Still, it's a pity that billions of folk out there SIMPLY DO NOT CARE!!!
I would think the reverse : phone only switched on at home or at the office.
The goverment already has that data from other sources. Where you go, on the other hand, should be your own private business, unless there's an emergency.
@Pascal_Monett
True.....for your "normal" phone......but absolutely not true for a "burner"...
....remember......the idea of a "burner" is that the owner is anonymous, and cannot be linked to any account or to any regular location.
The original AC in this thread failed to mention the "normal" use of a "normal" phone......but the instructions #1 though #5 seem reasonable for a "burner".
Neither works. It is impossible to get your own SIM card even pay as you go without getting identified and registered unless of course you get it in the black market. Once you are identified it does not matter the phone anymore which type as the very nature of cellular network places you in one cell with location of the network after that and by triangulation of signals from adjacent cells they will know very accurately where you position. These is not movies or sci-fi agencies already have these type of capabilities thanks to collaborating telecom operators. If the telecom operators give the info on warranty or real time that anoo question. I would assume Homeland security or similar agencywould not need such warranty as they have the opportunity excuse of preventing real time threats and because the the issue is a split issue.They are tracking anonymous phone device identifier. The warrant would only be needed when they want to establish relationship between the device and the owner identify.
How is it impossible to get a SIM card without registering? You go in, buy the starter kit with cash, walk out the door with the phone and SIM still not activated. This was how I did it with my "burner" phone that I used for more than 10 years!
@AC ... Quote: "...It is impossible to get your own SIM card even pay as you go ..."
In the UK, there are THOUSANDS of convenience stores selling SIMs and minutes for cash.....and with NO ATTEMPT AT ALL to get a name or an address or an account. In the UK, no "black market" required. In the UK, "burners" are not only possible, but very common!! Notice also that a UK "burner" may have roaming privileges in other countries!!
Of course, I do not know where you live. In other countries, what you say may be true!!
Those whose business entails a need to stay anonymous will know better than follow this user's misguided recommendations. Others will simply be wasting their time and money, as the "advice" given is incredibly useless.
All you need to defeat this particular privacy violation is to have the device not have a persistent ID. The IMEI and IMSI are not readable to user apps, so Android phones use an advertising ID, generated (I believe) when the Google account is attached to the device. It is meant to be persistent.
So, instead, just have that advertising ID change each time it is queried. If the apps report a different advertising ID each time they have some bit of data, it does not build a mass of data that begins to clearly describe one specific individual. A datum by itself, not connected to anything else, is useless.
This is why I like Micro-G for degoogled (formerly) Android devices in lieu of Google apps. It does exactly this.
This seems like way too much work to achieve privacy on a phone, and for minimal phone functionality. Remember if you make calls or text, those are unencrypted, and you don't really have a way of verifying that your phone is actually off when it's off (this seems absurd, but look into it!). You also wouldn't really be able to stay in touch with people anyways, since your number changes every couple of months. Forget all about it if you have an android version that came from the manufacturer, because you're going to be tracked no matter what settings you toggle, and you can't even change the OS because you don't have root access to your own device! If I were you, I would just not use a cell phone at all, which would be easier and even more private.
For those now wondering how they're supposed to have a private phone, look towards installing custom android roms, or using linux phones (the one I have my eye on is the pinephone). From there, look into smaller details such as MAC address randomization. Even with a custom rom or linux phone, cell towers can still triangulate your location, but to get around this, keep mobile data off whenever possible and maybe wrap it in foil to make sure no signals from the hardware itself are trying to talk to the towers. Pinephone users have this one down because they have hardware kill switches. Consider watching Luke Smith's video talking about custom roms here https://www.youtube.com/watch?v=1PVvcJtwDm4
This post has been deleted by its author
I have two apps that are allowed to access location, and only when they are in use. These are Google Maps and the Shell application for using pay at the pump. If you agree to have an app access location data all the time and the terms allow that data to be sold, then I don't have a lot of sympathy.
Think of your phone being rooted. What you change in the settings will not have the desired effect.
To test this, grab a laptop with wireshark on it. Plug it into a destination mirrored port on a switch.
Pass the wireless wan connection thru the switch using the source mirror port.
Turn off cellular on the phone and attach to your wireless.
You will see that there is nothing on the phone you can change (without a bit of hacking) that will stop it completely from calling home.
I went one step further and did a tunnel all on the phone to a firewall and blocked stuff there. It went around the vpn.
I want an app that will send out bogus location info to make me look like I am in lots of locations.
I would buy that in a heartbeat.
I have such an app for you, and good news is that it's free for privacy focused folk like yourself.
(but quite expensive for the customers who pay to have their position pushed to someone else's phone when they would prefer not to be trackable )
I don't think that's the kind of data we're talking about. The article is only talking about installed apps that have access to location data. Anything else is just Google or Apple doing whatever they think they can and should, which is probably too much, but they are not going to be selling that data to third parties or turning it over to the authorities without a warrant. Anyone who is that paranoid needs to switch off the phone when they don't want to be tracked.
This morning my phone greeted me by telling me not only that I was in Kingman, Arizona, three years ago but proceeded to tell me all sorts of good stuff. Like everywhere I'd been visiting away from home over the last few years -- dates, locations and what have you. It also included some other handy statistics -- apparently I'd driven 2600 miles or so in the last year, cycled 53 miles and spent 40 something hours in a casino. The casino's interesting since I don't gamble and I haven't set foot in one for three years or so (they're a good place to stay and the food's decent)....I wonder if its omnipresent microphone has picked up the sounds of cards being shuffled at the various bridge games I get dragged off to and put two and two together? (...and made five)
Owning a cellphone is a bit like one of those ankle monitor things, just better designed (and unlike the real thing you pay for it). I don't even use the thing that much but they've got my number. Literally.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
