
Google collects cell tower info even if location services are disabled - kshatrea
https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/
======
IBM
It's amazing to me how many comments here excuse Google's behavior by offering
the impractical "solution" of just not using a smartphone (a false dilemma)
when the obvious answer is to get an iPhone. That's the advice of pretty much
everyone in the infosec field and I'm sure some of them will attest to that in
this thread.

~~~
lemagedurage
Apple provides a black box with iOS, they have full control. Maybe the next
iOS update comes with privacy intrusion because it's more lucrative.

A more sensible way of dealing wirh the issue would be to use an open source
Android version like AOSP or LineageOS, not run proprietary gapps, and replace
its functionality with F-Droid, MicroG and Yalp-store. Your location will stay
out of Apple's/Google's hands and you can still enjoy all convenience of a
smartphone. Keeping your freedom in your own hands.

~~~
eridius
> _Maybe the next iOS update comes with privacy intrusion because it 's more
> lucrative._

Apple has demonstrated time and time again their commitment to privacy and to
protecting user data.

Apple does not see user data as something to be hoarded. They see user data as
a _liability_ and work very hard to collect as little as possible in order to
provide the services they do.

The idea that Apple is going to discard all of this and add privacy intrusion
into iOS, doing a completely 180° on their business model and discarding all
of their corporate principles, is extremely unlikely.

~~~
eps
Careful there with Kool Aid.

~~~
snowpanda
Agreed, it would be nice to have an actual conversation about the issues in
the mobile market right now instead of pointing to one of the 2 major
companies, that nobody should really be 100% confident about.

IMO both Google and Apple aren't saints. Apple had a fairly similar headline
in 2011[1]. Now watch people here on HN explain why that was completely
different. It's a guarantee.

We really should be focusing coming up with ideas on what we can do. My friend
for example (and this isn't a perfect solution) but he bought 2 phones, one of
these for calling:

[https://images-na.ssl-images-
amazon.com/images/I/41AwGb3pKCL...](https://images-na.ssl-images-
amazon.com/images/I/41AwGb3pKCL.jpg)

(extremely thin in real life)

And then he caries a smartphone for encrypted chat apps etc. He removed a
bunch of hardware chips from the smartphone so even if you put a simcard it it
doesn't connect anywhere. Also the microphone was removed and some other
things. It works great. At first he had it with the simcard still in, but he
wanted more privacy. Personally, I would have kept a 4g only simcard or
something, it's kind of a trade-off because now he can only chat on wifi.

It's far from perfect, but at least he's trying something.

[1][https://www.theguardian.com/technology/2011/apr/20/iphone-
tr...](https://www.theguardian.com/technology/2011/apr/20/iphone-tracking-
prompts-privacy-fears)

~~~
djrogers
> Apple had a fairly similar headline in 2011[1]. Now watch people here on HN
> explain why that was completely different. It's a guarantee.

Ok, since you’ve so eloquently asked - a local copy of your location history
that colllected when location services are turned on _is_ completely different
from remotely collecting location data even when you’ve explicitly disabled
location services.

Any attempt to say these are the same thing has gone beyond naive to willfully
ignorant at best.

~~~
fhood
Thank you for pointing this out. For a community of fairly intelligent people,
hacker news comenters fall back on false equivalence near constantly.

------
sarcasmic
When I'm at work, I use my work computer, which has a long lived static IP, to
log into my personal Google account. I have configured all of my browsers to
clear cookies and storage upon closing. I never use signed-in Google Maps, but
I sometimes use it from that computer, from fresh browser while logged out.

A week ago, I moved from my previous home that was close to my work, to a
different city about 20 miles away. Since I wasn't sure where all the points
of interest are, I've been turning on location on my Android phone and using
signed-out Google Maps on my phone.

Yesterday, my work computer's signed-out Google Maps has centered its default
view on my new city, on the exact highway interchange next to which I now
live.

~~~
londons_explore
When signed out, Google maps' initial view is entirely based on IP address.
Sure, they could use cookies, but they don't. They could also use device
profiling, but they don't.

The IP -> location mapping is googles secret sauce, but it collects data from
a lot of places, and is for most users very accurate. We're talking street
level accuracy in many cases. The data you or another user feeds into it you
could easily get back as your reported location, especially if you were trying
to fool it.

Your phone doing a wifi scan for nearby access points to determine it's own
location, then doing a google search could easily mark your whole home
external IP as being in that place (after a few hours), which would then
affect non-signed in google services from other devices in your home.

There are cases it's very bad too though, especially VPN's and frequently-
shifting dynamic IP's.

~~~
akx
Anecdote about a bad case: I was in Barcelona for Mobile World Congress a
couple years back and Google insisted I was in Milan, because the rental wifi
was from there (I assume).

~~~
johnflan
I was at CCC in Berlin a couple of years back, the conference network was
assigned a subnet previously used in Russia - I was getting verification
emails from services I use for months after.

------
AdmiralAsshat
Years ago, I remember CyanogenMod advertising that their "Privacy Guard"
feature had something like a data spoof feature, where if an app
surreptitiously requested your location or info, the guard would feed it a
dummy number, garbage location, etc.

I've dug around and it seems like this no longer exists, if it ever did.
Privacy Guard now seems to just allow granular controls on what the apps are
allowed to request.

If it doesn't exist already, someone should definitely work towards
implementing something like it.

EDIT: I see that the related XPrivacy app has a menu option for "Fake Data",
so maybe this is what I'm thinking of.

[https://github.com/M66B/XPrivacy#features](https://github.com/M66B/XPrivacy#features)

~~~
perlwle
I was excited when I first heard XPrivacy and tried to use it from 2015-2016.

It worked as advertised but boy was it a hassle. I had a template XPrivacy
setting which constantly broke app. It was too common to find apps requiring
tons of permissions than they need and had to resort toggling the permission
to see which work.

I got fed up and switched to iPhone late last year.

With iPhone, I can at least control which data to share with the app. With
Android, I don't have control with either app or google.

I feel relieved and have been recommending iPhone to family and friends if
possible.

------
kop316
I am running Android 7.1.2. I remember in the older versions of android, when
you turned off the GPS, it would have to manually sync the receiver and it
would take minutes to get GPS lock. In the current version, when I turned off
location services, there is no "dot" indicating your location on Google Maps,
but it appears almost instantly when you turn it off. I have long suspected
that Android has the "coarse location" and "GPS location" always tracking, but
merely just does not give Apps the data until location services is turned on.

~~~
mikeash
There are other strategies for getting a lock faster. Most of the slowness for
a cold start with a modern receiver is receiving the ephemeris data (i.e.
where the satellites are at the moment), which is transmitted at a whopping 50
bits per second, and so takes about 30 seconds to receive. Once you have that,
the rest comes quickly. Older receivers with less computational power and less
clever techniques could take a long time to work out your position after that,
but modern ones can do it pretty much right away as long as the signal
strength isn't crap.

That ephemeris data is good for 2-4 hours, so one simple technique to improve
lock times is to save it, and then if you turn the receiver back on within
that window, you can reacquire a lock almost instantly using the saved
ephemeris data.

Another technique is to download the ephemeris data from a source that can
provide it more quickly, such as the cell network. This skips that long
transmission at 50bps from the satellites themselves. Pretty much any GPS chip
in a cell phone these days will do this. This is called assisted GPS, or
A-GPS. (This is not to be confused with another technique also called A-GPS,
where the GPS chip captures the signal and sends it to the cell tower to
offload the computation. This was a popular approach in older phones to comply
with 911 reporting requirements, but doing the computations onboard is cheap
now.)

Starting with a coarse guess of your location can also help shorten the time
to initial lock, although it should be fairly short regardless. That guess can
come from looking at cell signals along with known cell tower locations, and a
rough altitude estimate can be made from the device's barometer.

All of which is to say, getting a dot almost instantly when you turn on
location services doesn't necessarily mean too much here.

~~~
amartya916
Thank you (& kop316 for the parent comment) for taking the time to jot this
down. It made for a fascinating read for someone like me who is ignorant about
how these networks/connections work. Given Android's popularity/prevalence, do
you think that for "coarse" location awareness, using Wi-FI Direct + Bluetooth
for a local mesh with other Android devices is a possibility (basically, if
one of the devices in the mesh has location data enabled, the rest have coarse
location data)?

~~~
mikeash
Technologically I don't see why that couldn't be done. Transmit known
coordinates, do a rough estimate of your distance using signal strength, and
add that to the position error. If you get lat/lon from another device and it
looks like that device is 300ft away, then your position is lat/lon ± 300ft.

It could be tricky to do securely. How do you prevent a malicious device from
spoofing bad location data?

Android and iOS do something sort of like this already, determining position
by looking WiFi base stations with known locations and attempting to do some
triangulation. This can speed up a fix if the GPS signal is having trouble,
and can be essential for indoor location because GPS signals don't penetrate
structures well at all. My understanding is that the database gets built up by
the devices. When they have a good location fix, they'll report back on the
WiFi base stations they see, so that the mothership can build a database of
where the things are. This is a little bit like what you describe, but with a
really roundabout data path.

------
nvr219
If you care about personal privacy and security of your friends and family,
you should discourage them from using Android.

~~~
growse
Of course, this is meaningless without context.

Privacy from who? Security from what? What's the perceived threat we're trying
to protect against?

Everything is a tradeoff. To absolutely protect your privacy, you must never
be seen in public or interact with any other party in any way.

~~~
Brakenshire
This is sophistry, privacy in the sense that a private company is not
continuously compiling a list of every location you visit throughout your
life.

~~~
cube2222
And? How does that matter? What's dangerous in them collecting my location
information?

I actually have location history in google maps turned on deliberately. You
can't imagine how often it helped me to know where I was exactly, one and a
half year ago, at a precise time. (That's how I managed to get a copy of my
nexus 5x's warranty papers after it died on me)

I don't really care about them collecting info about where I go, because it's
actually useful for me. I probably would care if they were a small company
with no record, but I do know that the worst Google can do is to target ads
based on where I am.

I deeply hate ads, I prefer to pay, and I actually often pay the "no-ads"
premium if it's available, but if I do get ads, I prefer them to be as
personalized as they can possibly be, because this way they are at least
mildly useful sometimes.

~~~
katastic
>And? How does that matter? What's dangerous in them collecting my location
information?

What's dangerous about them compiling your medical history? Who are you afraid
of? Oh wait, that's a HIPAA violation.

I wonder if they keep track of the location of every doctor's office you
visit... and that abortion clinic... and that methadone clinic. Surely,
nothing to lose there.

The only information that isn't hackable, is information that's never gathered
in the first place. The more valuable the information, the more likely someone
will spend nation-state amounts of dollars to get it.

I propose Donald Trump use the NSA (legally) to steal all of this information
to track illegal immigrants who pass between Mexico and the USA border who
don't have a passport on file. And then send SWAT officers to break into
everyone's current location, throw them into vans, and send them back over to
Mexico.

Wow, that's really fucked up, huh? And Google made it possible.

~~~
cube2222
I do think that people wanting to break into my medical history, could much
easier just break into the system where my doctors hold my medical
documentation, at least that's 100x easier than breaking into Google. The
medical clinics have to check my ID anyways, so they have all the info about
me.

As for the second one: yes, if I'd be doing something inherently illegal,
having a phone with Google on it could be kind of dangerous to me. As I'm not
doing anything like that, I have no reason not to use it.

Yes, with technology comes digitalization of information, and people can hack
_any_ of the places my information is, wherein Google is one of the most
secure comparatively.

You could argue that digitalization is bad, but before that, you could just
find info on patients in the dumpster of the clinic.

~~~
kerberos84
Well the problem is they don't need to hack in to google. Google is more than
happy to sell your data to insurance companies for a reasonable $$$

~~~
katastic
And companies like Facebook can literally "correlate" you back to a real name
/ unique person. That's literally what they do for people who don't even have
Facebook profiles.

------
alwaysdoit
If you're concerned about this level of location tracking, don't carry a cell
phone at all.

Keeping track of which cell tower your phone is closest to is fundamental to
cellular technology. You can't make or receive calls unless Verizon, T-Mobile,
or whichever carrier you have knows which cell to communicate with you
through. Regardless of whether Google is tracking this, your carrier certainly
is, and with a warrant (or a national security letter), law enforcement can
definitely access this data. If you're worried about hackers, I can guarantee
you Google protects this data more securely than your carrier does.

~~~
urda
> I can guarantee you Google protects this data more securely than your
> carrier does.

This sentence is completely insane in this context, did we read the same
article? Google should _not_ have access to this data, and it sure as _hell_
shouldn't be sending it up to itself when disabled by the end-user. It's
absurd that you typed that out for an article titled "Google collects cell
tower info even if location services are disabled".

In what world does one operate in if you consider this as "Google protects
this data more securely than your carrier does"? Your carrier is supposed to
have this information (and in fact needs it), it's a complete privacy
violation for Google to be collecting it though.

~~~
aeorgnoieang
They were making a related but cogent point about the _security_ implications
of Google having this info versus the cell phone carriers. It did not,
directly or even by implication, contradict anything you wrote – you're right
that this is a privacy violation, but I didn't interpret the comment to which
you replied as denying that.

~~~
urda
It absolutely is relevant, let's take a moment and review the key point:

> I can guarantee you Google protects this data more securely than your
> carrier does

Part of acting as a company who cares about user's data includes _not
collecting_ data that is sensitive. This is _especially true_ with location
data, and is _extra especially true_ when you do it anyway without the user's
permission.

Acting like this proves to me, the end user, that google _does not guarantee
to protect this data more securely than my carrier_.

I can see how one could be easily confused by the original comment, but if you
take a moment and review it again you'll see it rings even more true now.

~~~
elefanten
No, you're still misunderstanding. The comment is only comparing how well
secured the data by whoever holds it. The claim is ONLY arguing that Google
would secure the data once they have it better than carriers would. It is not
arguing that Google is better at "acting as a company who cares about user's
data".

------
csours
> _" Although the data sent to Google is encrypted, it could potentially be
> sent to a third party if the phone had been compromised with spyware or
> other methods of hacking. Each phone has a unique ID number, with which the
> location data can be associated."_

If the phone is compromised, it doesn't matter what google has access to, the
tracking kit can just enable it's own tracking and spoof the system status
(depending on the level of the compromise)

If you have a concern about your phone tracking you, don't bring your phone
with you.

------
eyeareque
It’s funny how when asked about it, google instantly stated that it was being
removed and all location data was purged. It’s almost as if they saw how bad
it looks and how it hurts android’s reputation, but hoped no one would
notice/care.

~~~
megy
One wonders what other stuff is in there that we do not know about, and would
get a similar reaction. That is the first thing I though off.

------
yoran
_...and the company is now taking steps to end the practice after being
contacted by Quartz._

Classic example of Google's "ask for forgiveness, not permission" mode of
operation.

------
iirirjn888
I’ve always assumed location services = GPS

Meaning you can still be triangulated by towers

Which I had run legally for LEO at Sprint back in 2003-2005.

Towers gotta know where you are to provide service.

Don’t want to be tracked? Leave your phone at home.

Not saying it’s ideal but it’s how technology works.

~~~
thanksgiving
If I turn "airplane mode" on and you still track me, should you face a
penalty?

------
xnx
After watching Google closely for years, I'm pretty sure this was not
intentional or malicious.

Isn't this almost identical to what Apple was doing in 2011:
[https://arstechnica.com/gadgets/2011/04/how-apple-tracks-
you...](https://arstechnica.com/gadgets/2011/04/how-apple-tracks-your-
location-without-your-consent-and-why-it-matters/)

~~~
blub
After watching Google's privacy violations closely for more than a decade, I'm
pretty sure this was intentional and someone got a bonus for coming up with
the idea and implementing it. Google's real motto is more user data == good.

Saving location history in a local file is not the same as sending it to
Google, just like cutting your finger is not the same as getting your hand
blown off.

------
chiefalchemist
This could trigger a new line of wearables, one with a Faraday Cage sewn right
in. Right pocket is open, left pocket is a cage ;)

~~~
ksenzee
My first instinct was to laugh. My second was "I want this."

~~~
mxuribe
I had the same exact reaction as you! :-)

~~~
ZenoArrow
It's not impossible to do. You could weave a lightweight signal-blocking mesh
into a pocket without impacting wearability.

~~~
chiefalchemist
My point exactly ;)

------
jankotek
Question:

If I want Android without google services, what options do I have? So far I
know only cheap chinese phones and F-Droid app store.

~~~
gpvos
The Fairphone 1 was shipped without Google services; don't know about the
Fairphone 2.

~~~
yosamino
It's shipped with Google services, but the updater lets you change to without
Google services without hassle.

------
mindB
Another reason to order a Librem 5.

[https://puri.sm/shop/librem-5/](https://puri.sm/shop/librem-5/)

~~~
Tepix
Or - available right now - a Google Pixel phone with Copperhead OS
[https://copperhead.co/android/store](https://copperhead.co/android/store)

~~~
chrisper
Hmm.. this is the first time I heard of it. Maybe I will give it a try. After
all LineageOS does not work on Pixel yet I think

------
mtarnovan
I soon have to buy a new (smart)phone. Looks like this might just be the straw
that pushes me over to iPhone.

~~~
dingo_bat
I'd buy the new iphones in a heartbeat but I simply cannot spend that kind of
money and put up with weird compromises like no haedphone jack or no
fingerprint reader. I wish Samsung would have an option to run tizen on its
flagships.

~~~
maccard
> I simply cannot spend that kind of money and put up with weird compromises
> like no haedphone jack or no fingerprint reader

That category no longer applies solely to apple. Google's flagship phone [0]
is just as expensive as Apple's, has no headphone jack and no fingerprint
reader.

[0]
[https://store.google.com/product/pixel_2](https://store.google.com/product/pixel_2)

~~~
dingo_bat
Pixel 2 has a fingerprint reader. Although it has it on the back.

However, the phone looks very cheap and dated. I'd be willing to get an iPhone
over that :P

~~~
chrisper
The iPhone 8 looks quite dated as well, though.

------
malchow
This would seem to be a fairly monumental breach of the duty Google owes
consumers.

~~~
module0000
edited summary: The 'duty' is owed to shareholders, not to you. That duty is
to generate profits and protect shareholders' investment.

That's not how commerce works(anymore). You are technically a consumer...and
you are fundamentally the "product". Companies buying advertising are the
actual consumer - to which you(ie your data) are for sale.

If you cannot look at it that way, modern corporate America/Elsewhere will
never make sense. There is no free lunch, no company anywhere wants to help
you out of sheer kindness and goodwill. Free software? (sometimes) free phone?
...really?

~~~
flukus
Is running their brand name into the ground fulfilling their duty to share
holders?

~~~
module0000
You are looking at the effect and not the cause. The cause is "their
behavior", and their behavior is generating profits. The effect you state
about their brand name has yet to decrease profits. That means they are
fulfilling their duty, even if it's dirty/rotten/etc(doesn't matter, the
market doesn't care).

edit: I don't mean to come off as "you're wrong! they are awesome!". What I
mean is that until share prices stop rising, shareholders will encourage them
to do exactly what they have been doing so far. The morality of it is trumped
by the increase in share prices. Any feelings of shame or ill-gotten gains are
quickly erased as shareholder portfolios increase in value. When in doubt -
trust greed to predict behavior.

------
dingo_bat
As I noted on reddit, I am not surprised by this at all. Google's entire
incentive to maintain Android is the troves of data they collect about users.
Why would they let you turn it off? It doesn't make any sense. If you're
surprised as a user, you've been really naïve.

Imagine this: would apple ever let you _not_ pay for a new iPhone? Its entire
incentive in making iphones is to sell them for money. So it will never allow
you to get phones for free.

~~~
blub
I agree with you about Google, but it's more than fine for the people to be
surprised and/or outraged. That's how this gets fixed...

Google said they're taking steps to fix it. Surely they wouldn't lie to us.

~~~
dingo_bat
> Surely they wouldn't lie to us.

They kind of lied when they made the location tracking work even when you
disable it.

------
rgrieselhuber
Certain options should be hardware disable-able and this is one of them.

~~~
falcolas
While I don't disagree with you on any level, why would a hardware
manufacturer ever do that? Their customer is the companies selling us phones,
and most of those companies want the ability to collect data on their users to
use internally or sell for profit.

Shareholder profit > all, remember? /s

~~~
jackhack
This is an important distinction and deserves repeating:

The employees a of company (from executive level, down) work for the Board of
Directors, who are a proxy for the shareholders. The employees do not work for
the customer. If there is conflict between what a customer wants and what the
Board wants, the Board wins.

------
j_s
Google is definitely pushing location services hard.

I was happy to learn it's possible to disable Google Now yesterday:
[https://news.ycombinator.com/item?id=15743055](https://news.ycombinator.com/item?id=15743055)

Another option besides an iPhone is to replace Google Play Services:
[https://news.ycombinator.com/item?id=15617615](https://news.ycombinator.com/item?id=15617615)
(supported devices:
[https://wiki.lineageos.org/devices/](https://wiki.lineageos.org/devices/))

------
danjoc
Follow the money.

Location information, ads viewed, and offline credit card purchase
information. Google now has all three. Google uses this to determine which ads
led you to spend and sells more of those ads.

[https://consumerist.com/2017/05/23/google-following-your-
off...](https://consumerist.com/2017/05/23/google-following-your-offline-
credit-card-spending-to-tell-advertisers-if-their-ads-work/)

They're not going to stop collecting location information, even if you tell
them to.

------
yndoendo
"The revelation comes as Google and other internet companies are under fire
from lawmakers and regulators, including for the extent to which they vacuum
up data about users."

Since the FCC is taking the Alan Greenspan approach to a self-regulating
market / ISP, which nearly every Republican legislative office support. Which
lawmakers and regulators are up in arms?

------
preordained
Yah, if you thought changing privacy settings in $big_company software would
_really_ be honored, I have a bridge to sell you.

------
throw2016
This is the kind of creepy stalking behavior that Google and its apologists
have normalized and seek to further extend. It's ok to need a job but no
responsible individual can defend this massive, intensive and extensive
invasion of people's privacy.

------
codedokode
I am surprised that this is legal in all countries where Google products are
used. And by the way, I think Google won't be able to collect data from China.

------
on_and_off
>It is not clear how cell-tower addresses, transmitted as a data string that
identifies a specific cell tower

Couldn't it be used to avoid faulty towers ?

I am not an expert at all, but I was told several times that it was a
problematic issue.

Not that it would be an excuse for collecting it when location sharing is off
but I am curious to know why I can be helpful to FCM

I am really curious to know how Qz determined that Google was collecting this
data.

------
fimdomeio
Maybe this problem should also be viewed from a different perspective. This
companies are using the internet connections we pay for, for communications we
didn't really allowed. They should be forced to pay us for the unauthorized
use of our internet connections, and obviously for our data. if the costs
where high enough this kind of "hacking" would just stop.

------
a_imho
_The section of Google’s privacy policy that covers location sharing says the
company will collect location information from devices that use its services,
but does not indicate whether it will collect data from Android devices when
location services are disabled_

So why isn't Google is slapped with a fine then?

------
eps
This is not surprising in the slightest.

------
jm238
So, about that Linux smartphone...

It doesn't have to be perfect: calls and texts should work, a camera and
browser would be nice, and the complete freedom to use it and control it in
the way the user wants.

The first run to sell maybe 1,000 or 10,000 units? My cash is waiting...

------
rehemiau
I am using Android without Google Play Services. Some apps don't give me
notifications, but most of them work without an issue. Also, I'm using Firefox
with uBlock on this phone. Couldn't be happier with that setup and my phone's
battery life.

~~~
dingo_bat
Are you using a custom ROM?

~~~
rehemiau
At the moment yes, but some phones let you disable Google apps through
settings and I had this setup before. Another option is getting root access
and uninstalling Google apps this way.

------
exabrial
User: clicks "No location tracking"

Google: "Yah, ok, I know no means no, but...."

------
olegkikin
Just get one of those cases that block GPS signal, or even the one that blocks
all signals (but you won't be able to receive calls). They are only a few
bucks.

------
bprasanna
Not so surprising! It gave away the entire OS free just because it can use the
OS and applications living on top of it to mine people's personal data!

------
tempodox
Google really does have the Creep routine down by now.

------
ksk
Cell phone companies will probably hand over such info to any government
entity to comply with local laws. I suppose with Google they have it a bit
easy, because google links your identity to your phone, email, web search,
purchases, maps activity, etc. They don't have to issue 20 different legal
requests to each provider, and then combine that data. Other than that I don't
see how Google collecting this data is bad (if we're to assume that there is a
legitimate reason to do so).

------
kgarten
That might be a digression, but overall you have to "trust" a company or
software provider to some extend. Even if you have all source-code etc. there
are always possibilities to include a backdoor or similar if there's one
binary involved (in this case the compiler):
[http://wiki.c2.com/?TheKenThompsonHack](http://wiki.c2.com/?TheKenThompsonHack)

------
foobaw
I believe this was part of either an E911 requirement or CIQ(Carrier IQ)
feature. Nothing new and nothing crazy.

~~~
Tepix
You are mistaken.

------
cmurf
I'm moving up my research on migrating to Nextcloud, or some combination of it
and maybe FastMail. I'm sick of this kind of bullshit.

And the thing is, Google, Apple, Microsoft, are less still evil than Time
Warner, Verizon, Road Runner, Xfinity, etc. But I'm concerned they are not
sufficiently opposed to that fiefdom to maintain a neutral balance on the
internet.

------
arca_vorago
Once again, when do I start hearing apologies from the supporters of closed
source and mit/bsd (which allow tivoization like google did with android)?

When do we finally realize RMS was right all along?

------
lerie82
i thought this was already known.

------
chrisblackwell
Google...stop being that guy

------
tanilama
This is a non issue.

------
opilionesman
Google is newspeak for googol.

------
lerie82
i thought this was common knowledge

------
alexasmyths
"Do no evil"

There was a misprint, it was :

"Do no evil?"

------
mtgx
Figured they would do this and then hide it in Android OS/System so users
don't know it was Google's own services draining their battery life the whole
time.

If only they'd use this data to at least do something useful, like create a
machine learning-enabled firewall to block "rogue" cell towers like cell site
simulators. But no, of course not, it has to be done only for ads...

~~~
lern_too_spel
Where does it say it's for ads? The article says the data was dropped on the
floor.

------
bob_theslob646
Why is this a problem? What is the harm of them collecting cell tower
information? Is it possible to provide the same quality of service(s) without
the cell tower information?

~~~
legohead
bob_theslob646, we have identified you as being the only person around while a
murder was committed. We need you to come into the station.

~~~
chronice70
They can do that with or without cell phones tracking you.

~~~
jat850
Not being purposely obtuse, just confused (or unimaginative). How?

------
pob1234
VPN is the way to go. With tunnelbear they think I am in Jersey.

~~~
mtarnovan
Have you read the article? They collect cell tower info, you can't fool that
with a VPN...

