Via email from Chet (who worked with me at Microsoft on the location services for Windows Phone 7):
It is Big Tech that knows more about you than your spouse and that if they so choose could make your life miserable. As I discussed many times when we were working on location, carrying a device is like having a private detective assigned to you. Fitbit is just another source.
In East Germany they at least had to assign real people. Now, everyone can be tracked and monitored in real time without lifting a finger.
We have invented the tech that will enslave us.
This was in response to an announcement that Fitbit is now officially a part of Google.
He has a point.
But there is another point to be made as well. Intelligence sources, which your phone is, can be manipulated to your own advantage.
If your cell phone location is proof you were at some location then doesn’t your phone not being at some location prove (or at least represent evidence) you weren’t there?
You’d have to be really careful because they are not just monitoring one device – that’s why I was not happy to hear that Fitbit joined Google. Put that data together with credit/debit card activity, cams, facial recognition, messaging, social activity, internet use, and it becomes a complex hidden web of surveillance. You’re walking into the world of the fixer.
Note that devices which have location are being included in more and more products – including your car, tools, tractor, pets, toys, and perhaps even you. Why not? The chips are cheap and allow companies to monitor their users and even assist them for a price.
I don’t know what it would take, but we really need is something like a bill of rights along with or else clause on a global bases (god, how can I suggest that!).
Automated surveillance is wonderful but never forget the maxim, “Garbage in. Garbage out.”. If we develop methods for feeding truckloads of bad data into the system the system becomes useless
I fully expect to see a surge in such services. Spend some money, and 4chan fills their database with nonsensical, contradictory garbage data (trust me, those obnoxious little buggers would LOVE that).
Suddenly, the database tells them that Jay Dee is a trans Indian living in Antarctica and their preferred meal is roasted squid.
It’s already crap. 99% of what’s collected is garbage for anything other than training AI.
I mean truly. How many real bad guys are out there needing to be tracked and controlled?
Most people in modern society go to work, home, and some form of entertainment. So what? Their boring as hell.
Their training robots to do it because humans fall asleep.
All the info collected by the Stasi was for what?
It was all to find away to justify the Stasi’s existence to some maniac sociopaths. Just as it is today. Pathetic as it gets.
How many real bad guys are out there needing to be tracked and controlled? We no longer know, There was a SCOTUS case in the sixties that said a requirement for felons to register their residence with the local police was an unconstitutional burden on the felon (this was when the right to privacy was discovered in the Constitution, previously it was a right to be left alone).
That of course has been used by everyone from purse snatchers, minor drug dealers, on up to the 9/11 terrorists to move unseen through society.
The problem with “how many bad guys” is that your definition of “bad guy” and the left’s definition are very different. By their definition, there is a very large number of bad guys, and in any case their goal is to be able to track anyone so they can be ready for the moment when any given person is redefined to be a “bad guy” for having the temerity of disagreeing with their agenda.
Jamming GPS is illegal, but spoofing it with a very low power device that only reaches a phone a few inches away would be fine. It’s probably not all that easy but it’s clearly doable; the information is openly available.
Another alternative would be to replace the software (if you have a smartphone, as opposed to a “feature phone” as I do). At one time Blackphone was in the business of doing this; I’m not sure if they are still around or if they are still doing such a thing.
If you know something is an information source for those that wish you ill, with some care and forethought, it is now your tool to confounding them.
Isn’t it our obligation as citizens in a free society to take whatever reasonable means are available to us to confuse and elude those who wish us ill?
I think that many of you are still underestimating capabilities and thinking in terms of one device.
For example, suppose that you wanted to buy something that you don’t want recorded. What are your choices? Cash and prepaid credit card are two possibility that seem secure and in and of themselves they are. But what about the security cameras, facial recognition system, payment systems, automated inventory tracking systems, and car tag scanners, and then your devices?
So you drive to a store, go in, make your purchase and then leave. What’s recorded? Everything. Of course it is just a bunch of data streams, but they can be pieced together. The automated inventory system records that the item was purchase at 10:34am, on Jan 21, at a store by a person using a prepaid credit card. They still don’t know who you are, but they now have your picture. Then you walk out to your car and the parking lot cameras match your picture when you get into your car and then track you home as you go through intersections with more cameras. Note that they don’t need your face to connect you to your car.
And if you evade the parking lot cameras? They still have a list of possibilities by using the tag scanners coming and going from that location for that time window. Then they correlate each of those to get candidates and repeat the travel surveillance.
This is all without using your devices. Now with the candidate ids, they now go back and look for the location data from your devices matching the store in the time window. Now they know its you. What if you fed garbage into your phone’s location data? Did you remember to take off you Fitbit and other devices?
If that does not work then they just look for repeated uses of the prepaid visa (you did throw it away?). Are you still using your realistic mask? Did you use it to make an online payment? If so they know it’s you.
And if all that does not work then they just keep repeating the process until you make a minor mistake.
PS. Realistically I would be surprised if the above scenario’s data is fully automated today, but it is possible especially with the Patriot Act 2. That act will target the unwoke crowd and domestic terrorism by legalizing spying on Americans by their government.
Yes. I’m reminded of the observation here recently that TOR is not secure against traffic analysis (or words to that effect). Indeed, traffic analysis is a surprisingly powerful tool if you have enough data and enough compute power, and by its nature is quite hard to defend against.
I’ve been thinking that a TOR variant which has short-lived rather than long-lived connections would be a useful thing to have. And/or one that generates dummy traffic. That in fact is a well known tool for VPNs; if data is correctly encrypted you can just send dummy traffic all the time to conceal whether you have anything meaningful to say at a given time, or not.
Equality was the Twentieth Century Myth.
Liberty is the Twenty-First Century Myth.
Even if Liberty is defined as the right to be left alone, and not the right to privacy, however that is defined outside a woman’s right to choose and someone’s right to be high, there are too many people out there who have the disease of mind that tells them they know better than everyone else what others should be doing, how they should spend their time and how they should spend their money.
Or will it be used against you as evidence of bad faith and/or criminal intent?
Remember “honest people have nothing to hide” which translates into “if you’re encrypting stuff that obviously means you have criminal intent”.
That’s not how the location services on the phone works. I wrote the code for this for Windows Phone 7 (ask Chet, he was on the same team). I’ve not looked at the Android code but from user level testing I know it worked the same in the 2011 timeframe.
The phone has a “modem” chip/CPU (I think was what the chip was called) that handles everything to do with the carrier network and cell towers. There is also a CPU for handling the user applications.
The two chips communicate but they are pretty much independent.
The modem also has the GPS “smarts”. The GPS information cannot be blocked by the user. When you call 911 the GPS information, and if necessary the cell towers you are connected to, give the network your position for dispatching emergency services to your location.
The location services on the user application side uses the cell tower IDs and a database of the cell tower ID on a server in some datacenter to approximate your location to within about one kilometer. If your phone “sees” one or more WiFi router MAC addresses (it doesn’t have to actually connect to them, just have them within range) it will send those MAC addresses to some datacenter (or have them cached in a local “map” of a few kilometers on a side). That collection of MAC addresses can resolve your location down to about 100 meters (or better, I had code that could get it down to about 10 meters and was writing up an invention disclosure when my boss told me my efforts were “a negative contribution to the company” and I quit).
Notice that the location can be resolved down to 100 meters or less with no cell services, no GPS satellite visibility, and without a connection to WiFi. Just visible WiFi signals. The VPN didn’t even have anything to connect to and even if it did the user CPU operating system location services were way “upstream” of the Internet connection and completely oblivious of the VPN.
If the GPS chip has good satellite visibility then the user CPU will get the GPS information from the modem/GPS and can get 10 meter or better location resolution.
This location information from the cell-tower/WiFi/GPS is available to all the phone applications that you have given permission to use it. The Facebook app reports to Facebook servers pretty much constantly. All Facebook accounts you have logged into with your Facebook app will have the location trail of that device associated with it.
Also, from exceedingly reliable sources (I know someone who has done this) that if you “know the right person” at Facebook you can call them up, give them the Facebook username and they will tell you where the person is in real time and where they were over the last few days/weeks/months. No “paper” trail, no getting approval, no log files, just a phone call and a friendly chat with a friend at work.
If you haven’t already come to this conclusion, delete the Facebook app on your devices.
If you want to mess with the WiFi location services take your Wi-Fi router with you as you travel. Shield your phone from GPS satellites and turn off the cell radio and as long as your phone “sees” only the one WiFi router it will think you have not moved (this is how I discovered Android location services did it essentially the same as my code, I moved my router in Redmond to Boomershoot Mecca and Android phones inside the shipping container with no cell service or GPS signal insisted they were in Redmond). But if other phones start seeing that router in a new location they will report it’s true position to the server in a remote data center.
Another way to make things interesting is to do GPS spoofing in some location where there are a lot of phones and WiFi signals. All those WiFi signals will now be reported as being at some new location. It might take 24 hours or so for the database to be updated but those WiFi signals will be then associated with some new location until they are updated again a day after the spoofing has been turned off.
Apps on the phone can’t access the modem/GPS. Only the phone operating system can do that. The apps can request GPS data from the O/S, but if the user didn’t give the app permission it won’t receive the data.
The cell network has access though, because the network has direct contact with that “side” of the phone. It is the network side of the phone that law enforcement and the phone company get their location info from.
It probably depends on the phone, but apparently the modem subsystem isn’t all that secure. I remember articles on the web showing how they can be replaced, and some open source projects with code to do so. There are issues with that, of course, such as the absence of FCC type certification for that code, but that’s a legalistic issue, not a functional one.
No, it’s not information that you weren’t at a certain location at a certain time, precisely because you could have left it home.
Besides which, that’s a narrow view. The real danger is that they will know where you have been and who you have contacted and who contacted you. That allows a scarily accurate profile to be built up, such that they can predict with fair accuracy where you will be and when you will be there