
What Location Tracking Looks Like - grellas
https://www.eff.org/deeplinks/2011/03/what-location-tracking-looks
======
wewyor
If anyone was like me and clicked back after they read the short quotes be
sure to click through to here: <http://www.zeit.de/datenschutz/malte-spitz-
data-retention>

Quite cool, even though it is indeed scary.

~~~
DanI-S
Creepy, but I'd pay for this as a service! Would be a nice travel memento, for
example.

------
billybob
TL;DR - A German man got all the data his cell company had collected on him,
correlated it to his other public data on the web (Twitter, etc) and made an
online, animated map of his life. Illustrates how much can be known about
someone from these two sources and argues for restricting what carriers
collect and what governments can get from them.

------
lowprofile
This makes me want to get a tinfoil hat. Now do I give up one of my most vital
tools because someone knows where I am at almost all of the time? Do I trust
the government to make sure this data is not misused? Or do just go all in and
make sure the google, fb, twitter etc have it too and continue to whistle
through the graveyard? There has to be a realistic middle ground to protect
privacy but with the global data cloud surrounding us I have no idea what that
would be.

~~~
kgo
You can get a pay-go phone, sometimes with cheaper unlimited rates than AT&T
and Verizon, although they won't subsidize the purchase of a nice smart phone.
(And I'm not too happy with the data transfer speed on Boost.)

This obviously wouldn't prevent against a targeted attack. If the phone
company or the government wanted to track YOU specifically, they could
probably figure out your phone number by looking at the calls your family and
friends have made and finding the union, and retrieve the info from there.

But if someone wants blanket info, i.e. a list off all the people at a G-20
protest or whatever, a computer won't be able to instantly figure out who you
are. Someone would have to start investing real man-hours to accomplish this.
This hopefully gets too cost-prohibitive for large scale tracking of the
general population.

~~~
lowprofile
I think there is a move afoot to have to sign and show ID to get a pay-go
phone so that they can tie the number back to an individual.

~~~
elai
I got a prepaid SIM at t-mobile recently and they asked for id. You can buy
unused sims and such although.

------
ck2
Airplane-mode is your friend.

But why are carriers storing this tracking information for more than 24 hours,
unless of course it's by government demand.

~~~
davidw
> But why are carriers storing this tracking information for more than 24
> hours, unless of course it's by government demand.

This information can be invaluable in crime investigations. Think if you're
abducted and manage to keep your phone with you and on - they can track it.

It's a situation where the data can be valuable, but someone needs to watch
the watchers.

~~~
wmf
IMO the question is: do they start recording your location after the
warrant/subpoena or do they just record it all the time?

~~~
kgo
I imagine it would make sense to keep records for a few billing cycles. It
wouldn't be unreasonable to have to deal with a customer dispute 3-6 months in
the future. But I imagine it's also just plain easier to truncate the logs
every six months or every year.

~~~
wmf
What do billing cycles or customer disputes have to do with my location?

~~~
kgo
Well I guess roaming charges are getting a bit passe these days, but I could
still see someone arguing they were never in Niagara Falls, or that they were
on the American Side (normal rate) and not the Canadian Side (crazy rate.)

But in principal, I can see why a company would think any and all info they
have might be useful in a dispute.

~~~
evandavid
You could still keep a record of all calls made, and the tower(s) used to make
each call, without getting down to this level of granularity. I might be wrong
here, but it seems that they're storing a stream of triangulated location data
for a given handset, regardless of the actual network activity like calling.

Let's say that the carriers only stored call records with tower IDs for each
call. If there was a dispute every so often because a call was made on a
close-by tower that itself happened to be located in a different toll bracket
(resulting in an incorrect overcharge to the customer), I'm sure the carrier
would happily write off that charge if you disputed them about it, which is
probably what they'd do right now anyway.

There must be another reason they're keeping it, even if it's just a case of
it being super-cheap to store, and they think that they might figure out
something to do with it later.

~~~
trotsky
Here is a link to comments about this story when it was carried in the NYT:

<http://news.ycombinator.com/item?id=2371548>

The discussion included that they use it for modeling traffic patterns and
areas to help them plan capacity and new towers. I'm sure they use it for
other things as well.

------
re1s
This is insane.

Can this information be used in court?

The information here is inconclusive ( <https://www.eff.org/issues/cell-
tracking> ), but I'm surprised I've not heard of a case where this sort of
data was presented as evidence?

~~~
evandavid
I'd also like to know whether this information can be or has ever been used in
court as evidence. "Where were you on the night of such and such...?" may
become a question of the past. Frightening.

~~~
trotsky
Oh yeah, it does get used in court in the US. I paid attention to a murder
trial of a neighbor that happened nearly a decade ago, and they presented
evidence of his cell tower connections contradicting his story of whether he
was in a certain state at the time. It was by no means a substantial part of
their case though, they were just piling things on. But yes, it's definitely
admissible, I assume it happens all the time.

~~~
ams6110
Falls under the category of circumstantial evidence, which can certainly tip
the balance beyond the "reasonable doubt" criteria if there is enough of it.

------
ams6110
I guess I don't have a big problem with this, law enforcement would need a
warrant to get the information, and in most cases it would only confirm or
repudiate what they already know or suspect. It's just a more convenient way
to surveil a suspect, and for the suspect it's easier to counter: turn off
your phone, or better yet leave it somewhere where you're not.

~~~
itistoday
_law enforcement would need a warrant to get the information_

No, it doesn't.

<https://www.eff.org/issues/nsa-spying>

~~~
trotsky
The NSA isn't a law enforcement agency. Rightly or wrongly, US intelligence
agencies seem to have a rather different set of rules these days than the rest
of us are following, including most law enforcement. Bottom line is if they're
wanting to use it to convict you of a crime they'll need a warrant for it
(before most judges, at least).

If you're worried about NSA (llegal) spying in general, presumably the
carriers retaining the data only makes it a bit easier for them. Since the
info will need to be traveling around the network while you're active, they
could easily just intercept that like they intercepted the voice calls.

------
oniTony
Oh neat, this is kind of like 4sq, but without opt-in and happening ~200 times
per day (also, no badges).

------
erikstarck
I'd be OK with this if there was some way for me to access this data
programmatically. That would also make the data collection more transparent.

------
cskau
Neighbouring Denmark (where you'd track me down) put a law into effect some
years back saying that all telcos must log basically everything all the time
about everyone.

This makes me wonder if I could request to see these full logs from my cell
and Internet provider. Would make some interesting data for mining.

Plus I'm sure they'd hate handing it over, which makes this that much sweeter
!

------
nl
For those interested, <http://veriplace.com/> allows you to do this kind of
serverside phone location tracking yourself.

They say they give people good privacy controls, but it is very unclear if it
works on an opt-in or opt-out basis (they claim to track 180 million phones in
the US)

~~~
ruff
It's opt-in--definitely no way to get a locate without a device owner
providing permission to do so. It's kind of like a Facebook app, if you're
using a service that uses Veriplace to get location information, any end user
can log in and modify (or deny) what information that service can access.
Location data is only stored as specified by your Veriplace settings and
otherwise isn't kept around.

Veriplace is a location aggregator (for details, see
[http://developer.sprint.com/site/global/go_to_market/aggrega...](http://developer.sprint.com/site/global/go_to_market/aggregators/service_enablers/serviceenablers.jsp)).
Essentially, every carrier has a disparate location infrastructure that would
require significant development and customization to integrate with. Simply
too much work for most developers. Veriplace and other aggregators provide a
much simpler, singular API for accessing location data across multiple
carriers.

To be clear--these companies are tightly regulated and strictly watched over
by both the government and the carriers. It's not these services that should
be the concern, it's more so data retention policies and what not of carriers
where the data originates.

~~~
nl
_It's opt-in_

You may be right about it being opt-in - although the "We locate 180 million
[phones]" makes that unclear. I don't see how they can claim that if it is
opt-in.

 _definitely no way to get a locate without a device owner providing
permission to do so._

It's not clear to me what you are saying here. The carriers know where every
phone is (by the cell being used), which is the location used for non-GPS
enabled phones. Veriplace may not let you as a developer see this, but given
that _veriplace_ seems to get access to your location without permission, I
think it is misleading to say there is _no way_ to get access to your
location.

 _these companies are tightly regulated and strictly watched over by both the
government and the carriers. It's not these services that should be the
concern, it's more so data retention policies and what not of carriers where
the data originates._

See, I disagree. I think if Veriplace can get this data then it isn't beyond
imagination for other companies to get access to the data from the carriers
too.

------
fbailey
I actually met him at the start of this (Erlangen), it feels even more weird
if you think about how much data you can correlate if you have more than one
persons data. This could be big - you will probably get millions of funding
even pre launch.

~~~
chrisjsmith
At the cost of violating everyone's right to privacy? It should not be a cash
cow if it's as unethical as that.

~~~
fbailey
I totally agree - it was a joke on color

~~~
chrisjsmith
If I got color, I'd understand the joke!

------
dmd
On the other hand... I actually have Google Latitude turned on all the time,
which gives me (and whoever's spying on me) data like <http://goo.gl/23iBj>
all the time.

------
itistoday
On this topic, would you switch telecom providers for privacy?

<http://news.ycombinator.com/item?id=2385463>

