
Companies use smartphone locations to help advertisers and even hedge funds - pcl
https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html
======
bad_user
iOS now forcing "While Using" option on all apps is the greatest thing ever.
Before this, some apps where forcing the "Always" option on users. Uber and
Waze come to mind.

iOS also gives you a warning from time to time about apps using your location
in the background. I think iOS right now has the best location management.

\---

People are surprised when seeing the Activity section in Google's account
details, then freak out about Google tracking their location. At the very
least Google is being transparent about it and gives you the option to turn
that shit off.

Also I was pleasantly surprised to discover that Google Maps now remembers
searches you've made without location history or app activity tracking being
active. This wasn't the case about a year ago, when I last tried it, a dark
pattern of sorts. They probably changed the behavior being forced by the GDPR
or something similar.

So if you haven't done so, turn off "Location History" in your Google account:
[https://myaccount.google.com/activitycontrols](https://myaccount.google.com/activitycontrols)
(I turn everything off and I don't see a difference in usability)

\---

On the article, I love the maps and the animations. Visualization is the best
way to make people understand the threat.

On GDPR, I've seen people complaining about the high cost for implementing it,
however for privacy it is a godsend.

~~~
kop316
I respectfully disagree on Google being entirely transparent about tracking
location, especially if you run Android + Google Play Services. I have a
tablet (Pixel C) that runs LineageOS + Google Play Services and a Phone (Nexus
5x) that runs LineageOS vanilla (no MicroG, no UnifiedNLP, no Google Play
Services). Some things I have noted:

\- When you install MicroG/Google Play Services, they take over location
services (i.e. they run in /system/priv-app, and if you disable their
location, location on the device is disabled totally).

\- Android by default has the default on option to scan wifi and Bluetooth
when you turn them off to find wifi/bluetooth and coorelate it to your
location.

\- On my Pixel C, when if I try "high accuracy" or "battery saver" mode
Location services, Google Play has tried to force me to agree to their
location tracking and I have disagreed every single time. Location services
does not work if I use "device only" (which is supposed to only use GPS).

\- I have noted that on my phone now, if I disable location and then reenable
it when I have moved more than 20-30 miles, the GPS has to reacquire the
signal and can take up to 2 minutes (I also tried it when I drove several
hundred miles, it took several minutes to reacquire). This is indicative of
the GPS module being off totally. This was not so when it had Google Play
Services on, it was able to reacquire my location extremely quickly, sometimes
almost instantaneously even if I moved a long distance. I suspect that Google
Play was still tracking my location even if I turned off location services
(due to it totally controlling my location).

\- EDIT: Another interesting note is that on my phone has had location
services off and then turned just back on (i.e. no GPS lock), it appears to
give the last time GPS was acquired as my current location. OSMAnd shows that
location but says it doesn't know my location, but other apps do not realize
that. I am suspecting that Android does not necessarily have a "stale"
location, just the last reported location.

Putting my tin foil hat, I hypothesize Google anonymously tracks your location
even if your location services if off (allowing them to do traffic, how busy a
restaurant is, etc.).

EDIT: As correctly pointed out, networked assisted GPS is a thing, and may
also play into the differences in GPS reacquiring. I believe that network
assisted GPS is in AOSP. When I turn on and off GPS in Android, it appears to
have the almanac for where to look for satellites based on SatStat, and how
quickly my phone acquires the GPS signal is a function of where it used to be
compared to where it is now. In addition, UnifiedNLP [1] scans for
networks/cell towers and correlates it to location, it does not appear to
implement networked assisted GPS. [1]
[https://github.com/microg/android_packages_apps_UnifiedNlp](https://github.com/microg/android_packages_apps_UnifiedNlp)

~~~
ddeck
_> if I disable location and then reenable it when I have moved more than
20-30 miles, the GPS has to reacquire the signal and can take up to 2 minutes
(I also tried it when I drove several hundred miles, it took several minutes
to reacquire). This is indicative of the GPS module being off totally. This
was not so when it had Google Play Services on, it was able to reacquire my
location extremely quickly, sometimes almost instantaneously even if I moved a
long distance. I suspect that Google Play was still tracking my location even
if I turned off location services_

This is more likely access to network assisted GPS.

To know your location, the receiver needs the GPS ephemeris and almanac data
(basically the status/location/trajectories of the GPS satellites). This is
transmitted by the satellites themselves, but extremely slowly (50 bps with
the entire navigation message taking 12.5 minutes)#.

To speed things up substantially (almost instant vs minutes), this info can be
delivered over the network instead. I presume that in your case it was being
provided over the network as part of the Play services.

#
[https://en.wikipedia.org/wiki/GPS_signals#Navigation_message](https://en.wikipedia.org/wiki/GPS_signals#Navigation_message)

~~~
kop316
Heh, interesting. My assumption is that even network assisted GPS is a part of
AOSP versus Play Service. This assumption was that UnifiedNLP [1] scans for
networks/cell towers and correlates it to location, it does not appear to
implement networked assisted GPS.

[1]
[https://github.com/microg/android_packages_apps_UnifiedNlp](https://github.com/microg/android_packages_apps_UnifiedNlp)

------
code4tee
“We’re not doing anything not disclosed in our terms of service.” is rapidly
becoming a no longer acceptable answer to consumers.

Don’t tell me a weather app needs to know my location all the time to give me
the best weather info then sell my location to the highest bidder. Don’t tell
me that buried in some 20 pages of leagalese in your Ts&Cs is some vague
references that make this “legal.”

~~~
random878
I would respectfully disagree.

It is not acceptable to roughly the amount of people (and I include myself)
who make a deliberate and self conscious decision to oppose it.

This is a small, small group. I have a phone with Replicant OS, which puts me
within a niche group of an already niche group (those willing to install
alternative OS and strip Google on their phone). In a wider computing sense -
what percentage of HN use GNU/Linux? Of them, who runs as fully Free OS? What
percentage of them are rocking a 12y.o. librebooted thinkpad?

The general public are apathetic at best. Contrary to popular opinion, people
are not ignorant to the behaviour of tech giants - they just don't care enough
to stop. Clearly, it is still an acceptable answer to consumers.

It's like claiming that people don't go vegetarian or vegan because they
aren't aware of the suffering. Of course they are aware. It's just easier to
keep eating hamburgers and live with the cognitive dissonance.

It's the same with these apps.

~~~
inetknght
> _Contrary to popular opinion, people are not ignorant to the behaviour of
> tech giants - they just don 't care enough to stop.

Contrary to _your* opinion, people do care enough to stop but they don't know
how. Tech giants have insinuated themselves into literally _every_ aspect of
their lives by abusing the lack of knowledge of the users. Now, they don't see
a way out without drastic change.

How can you get a job if you don't have a phone? How can you get a job when
literally _every_ affordable phone tracks you?

Even my apartment complex online portal tracks me. What the flying fuck?

The only way to actively _stop_ is to not have any computing device
whatsoever. Good luck living in a modern world like that: even then there's
still facial tracking and vehicle tracking.

People that say that consumers don't care enough to stop is living in their
own bubble insulated from real people.

~~~
random878
>people do care enough to stop but they don't know how

I'd guess the vast majority of HN users will be primarily users of Windows/Mac
OS and proprietary software. Many HN users will use GMail, Google Maps, Google
Play Services... an so on.

Are we going to pretend that your average HN user doesn't understand the
pros/cons of their software choices? Personally, I'd prefer to credit them
with the intelligence to have made a balance and reasoned decision (albeit one
I fundamentally disagree with).

This trickles down to less tech savvy users too. Many of my colleagues in
Medicine are more than aware of such issues due to rules and regulation on
data storage and the like. They know, for example, why patient data should
never be on Google Drive or GMail. They still continue to use those services
for personal use, despite being aware, because they simply aren't sufficiently
motivated to change their habits. GMail is familiar, and hence easy, so why
switch to ProtonMail (for example)?

>How can you get a job if you don't have a phone? How can you get a job when
literally every affordable phone tracks you?

I have a very good career and have used Replicant OS and Lineage OS. I now use
a dumbphone because I dislike smartphones for other reasons. There are many,
many successful people who can function perfectly well without the latest
iPhone.

>People that say that consumers don't care enough to stop is living in their
own bubble insulated from real people.

Please don't resort to ad hominem attacks on Hacker News. It is uncalled for,
and there are more appropriate ways to put your point across.

~~~
badpun
> I now use a dumbphone because I dislike smartphones for other reasons. There
> are many, many successful people who can function perfectly well without the
> latest iPhone.

I'm curious - how do you handle navigation (both in car and on foot) with a
smartphone?

~~~
random878
Without a smartphone?

In the car I have a Garmin satnav unit which I can use. They are great quality
and I paid about £20 or 30 for it used. I strongly dislike this modern trend
for using phones in cars. They are too distracting (I hate this modern trend
of huge tablet interfaces in cars for the same reason).

On foot... I honestly don't need maps that much. I struggle to recall ever
needing to have live directions while walking. I have a good in-built
navigation brain through - probably from growing up doing lots of hiking,
orienteering, and so on. I also think that reliance on blindly following a
screen stunts the development of such skills. I find I have a very good mental
map of my city compared to younger friends.

I spent my teens and 20s without technology like this. I find it quite
depressing when this question gets raised.

------
ja1215
Freakonomics did an episode not too long ago with the new CEO of Ford. The guy
was practically salivating at the mouth about all the data new vehicles will
be collecting and how Ford could potentially monetize it all. Scary times
ahead.

~~~
wesd
I submitted that article on HN but it didn't get any attraction.

It seems Ford CEO thinks they can collect and monetize drivers data: \-- So
the case I would make is that we have as much data in the future coming from
vehicles, or from users in those vehicles, or from cities talking to those
vehicles, as the other competitors that you and I would be talking about that
have monetizable attraction.

\--The issue in the vehicle, see, is: we already know and have data on our
customers. By the way, we protect this securely; they trust us. We know what
people make. How do we know that? It’s because they borrow money from us. And
when you ask somebody what they make, we know where they work; we know if
they’re married. We know how long they’ve lived in their house, because these
are all on the credit applications. We’ve never ever been challenged on how we
use that. And that’s the leverage we’ve got here with the data.

~~~
anitil
Struggling to find this article - could you link me to it?

~~~
wesd
Can an Industrial Giant Become a Tech Darling? (Ep. 357)

[http://freakonomics.com/podcast/ford/](http://freakonomics.com/podcast/ford/)

~~~
anitil
Ok listened to it, finally.

It really comes across that he doesn't understand what he's talking about
around tech. "Transportation Operating System"? It's cargo-culted
technobabble.

But yes it did veer in to the creepy side there

------
afpx
Hedge funds have been using location data to ‘predict’ corporate earnings for
at least 5 years, that I know of. There’s also speculation that they use the
data to identify locations of VIPs and where they’re going (by clustering
activities of the VIP’s entourage). It’s unfortunate that news organizations
as reputable and prominent as the NYT only get on these stories so late in the
game. This information would have been more useful to the public back in 2013.

What I don’t understand is why these types of activities by hedge funds aren’t
considered insider trading.

~~~
kasey_junk
Because the hedge funds are by definition not insiders? They are literally not
using non-public corporate data at all.

Insider trading laws don’t exist to make sure there isn’t information
assymetry, the market is all about that assymetry. Insider trading laws are
about insiders stealing from other shareholders.

~~~
afpx
Well, it is non-public data. I once spoke with a lawyer to see if I could
legally use location data to do the same thing (for instance, it’s easy to
correlate changes in activity at certain retailers with quarterly earnings),
and I was told it’s risky.

~~~
froindt
Non-public and insider are two different concepts. I could send a satellite to
space, take pictures of parking lots, count cars, and it'd be a pretty decent
indicator to the relative success of a retailer. Add some other signals into
the model and it'd probably be good.

I don't need to give the public access to my satellite images. But if I wanted
to make a subscription service for 100k/month, I could. It would be non-
public, but not insider.

~~~
kasey_junk
[https://www.google.com/amp/s/www.thestreet.com/amp/story/136...](https://www.google.com/amp/s/www.thestreet.com/amp/story/13680468/1/orbital-
insight-uses-satellite-images-to-give-hedge-funds-trading-tips.html)

------
devit
Why is selling this data not illegal and harshly prosecuted?

You'd expect to find this data being stolen by trojans and sold for bitcoin by
anonymous actors on blackhat sites, not by registered companies with offices
and employees.

~~~
pjc50
It hasn't yet been used to expose a congressman?

The US lacks GDPR-style general privacy law, but there is a very specific one
for video rental records passed specifically as a result of exposure of Robert
Bork:
[https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act](https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act)

~~~
shaki-dora
A more generous interpretation, that does not require buying into the generic,
unactionable cynicism that everyone is corrupt, is simply that new laws
require neat, easily comprehensible and emotional stories to be enacted.

As examples I would cite federal hate crime legislation, enacted after a
particularly abhorrent lynching of a gay teenager IIRC. Or the current change
of approach to Saudi Arabia’s ruling sadists: of course their industrial
slaughter and engineered starvation of children in Yemen is the far larger
crime, but the smoking bone saw of Istanbul just grips us far more viscerally.

~~~
pjc50
> the smoking bone saw of Istanbul just grips us far more viscerally.

This is a brilliant, horrifying, piece of phrasing.

~~~
shaki-dora
To give credit where it's rarely due, I believe I stole that particular turn-
of-phrase from Lindsey Graham.

------
rollulus
I like it how iOS displays this arrow when location services are or were used,
and how one can see in "Privacy -> Location Services" a brief history of which
app did what, and enable or disable location access at all per app.

~~~
izacus
That does nothing for IP based geo location though. Every rest request to
modern cloud services gets geotagged and those tags can be surprisingly
accurate in populated areas for people that use wifi.

~~~
mariusmg
>That does nothing for IP based geo location though

Of course, since ip "geolocation" is just ip data + location agregatted from
ISPs. How can the OS maker "fight" this ?

~~~
esc861
Android requires apps request location permissions in order to access Wi-Fi IP
info.

~~~
gbear605
Aren’t they able to get the ip just by connecting to any server?

~~~
esc861
Yes, although they won't get the whole Wi-Fi scan list, which means no fine
grained triangulation, and also no BSSID, but it's definitely imperfect.

It's also very frustrating if you are using the Wi-Fi APIs for legitimate
purposes. Having to explain to a user why you need location permissions in
order to set up a Wi-Fi peripheral isn't easy.

~~~
izacus
That doesn't matter at all if your request is being location stamped because
it came from a Starbucks / your home WiFi IP.

------
fouc
That reminded me to check my privacy > location services settings and look for
any apps that have "Always" and change them to "While Using" only

~~~
llampx
I wish there was something similar on Android. I used to keep my Location
services off but needed to switch it on for Google Maps and HERE maps so I got
lazy and leave it always on.

Its shameful that Android 2.3 let you have more control of your phone than
Android 8.1.

~~~
Iolaum
Not exactly android but if you buy a phone supported by LineageOS then you
have that functionality from privacy guard. You can set various app
permissions to always ask as well as other things such as (dis)allow an app to
start at boot.

As a bonus you can be confident those settings will remain the same after
updates ;)

------
shaki-dora
The production value of these lavish spreads by the New York Times is
impressive.

~~~
52-6F-62
IIRC Mike Bostock used to work for them and while there was responsible for
D3js and more. They've taken the smart path in publishing and took the
transition to digital seriously.

[https://bost.ocks.org/mike/](https://bost.ocks.org/mike/)

------
throw2016
Here is an idea for online advertising. Use IP and text based contextual
targeting. No stalking required.

Stalking everyone and building increasingly creepy online profiles to target
better is an abuse of basic human privacy, if you stop to think about it, and
completely unethical and takes your hurtling down the path to a surveillance
society.

The only reason its even possible because of the lacuna in a new space and
laws catching up, and when they do, it won't be possible. The idea that making
money makes everything ok is a primitive and fundamentally antisocial
ideology. And if everyone thought like that would end civilization as we know
it.

------
bigpicture
The next thing I want Apple to do: If an app will request location services,
it must: 1\. Have a specific publicly available URL that contains all
"location data" terms, conditions, and privacy information. 2\. Monitor that
URL and reset the permission dialog if the URL ever changes. 3\. Immediately
disable location services for that app if the URL disappears.

------
pookieinc
What is the correct way to regulate this?

The problem is that, from small business to mammoth company, there is no
codified, unified, agreed upon manifesto when it comes to handling data at any
level. A "Constitution" of sorts that explains the rights and / or wrongs of
the data usage of the average user. Somewhere where a user can look at a
document, see which company falls where on the spectrum, decide if they are
comfortable with the sharing of that, and actively signs off on it. As an
addendum, it's also important to think, while my for example, email data might
be shared, it will enable certain benefits that I sign off on like Google
providing me flight details, etc., but it comes at what expense.

You'd get a wide spectrum of those who couldn't care less to those who are
tin-foiled, but no matter where you fall on this spectrum, you'd at least know
which software does what. If that manifesto-like document is broken,
consequences would be maintained.

~~~
makecheck
The way to do it is to push for new data formats where the inherent value of
even “leaked” information is going to be limited by the format (e.g. expires
in some form, and/or must _always_ be combined with some new recently-
refreshes data to be considered valid).

Unfortunately, something of that magnitude in this age would probably require
the cooperation of large entities like Google and Facebook. Guess who profits
from the current leaky model.

Honestly, Apple may be just about the only one capable of shifting the tide.
They’re big, they claim a privacy focus, and they’ve delivered some (e.g.
Apple Pay, iMessage). If they could come up with more secure technological
replacements for the things that are currently leaked by apps, we might have a
chance.

The “one time card” approach of Apple Pay seems like the basis for such a
system. For example: stop giving apps “my location” tied specifically to me,
instead give them “location of unspecified user” where that token goes away
after one app transaction.

~~~
Despegar
Apple in some ways is like a quasi data privacy regulator because they have
control of the App Store. They can use App Store policy to forbid these third
party frameworks being included in apps.

But that's not a scalable solution. Privacy legislation is required to raise
the bar for everyone. Apple's not going to be able to sue or fine companies
nor can they police companies about how they use data they've managed to
collect.

------
moneil971
Are people reading this article surprised that your devices know your
locations? We are constantly getting "helpful" notifications that should make
it VERY clear that's happening: "Parked car location updated" "It's 8am, are
you on your way to work?" "Can you share feedback about that restaurant you
were at but didn't check in at?" If people don't already know, then good for
the Times for making sure everyone is checking their settings and paying
attention.

------
DaveWalk
Where is the list of offending apps? How hard would it be to name and shame
them and keep track?

The NYT article cites the company MightySignal claiming 1,200 Android and 200
iOS offending apps.

EDIT: The NYT outlines their reporters' testing, and the apps they used:
[https://www.nytimes.com/2018/12/10/technology/location-
track...](https://www.nytimes.com/2018/12/10/technology/location-tracking-
apps-privacy.html)

------
askaboutit
It’s going to take serious amounts of data leaking before something is done to
combat this.

~~~
jacquesm
A couple of politicians having their affairs outed would do it.

~~~
asdff
Evidently that doesn’t damage your public support anymore.

------
matty_makes
Someone should create an app that translates a companies T&C into layman terms
with simple stuff like "they track your location", "sell your usage data",
etc. Just need a team of lawyers to interpret them, and a nice web site.

Call it something like AppSideEffects.com "Things that may be harmful when
using these apps/web sites"

~~~
lost_vegetable
Terms Of Service; Didn't Read is very close to what you're looking for.

[https://tosdr.org](https://tosdr.org)

~~~
Vinnl
And more people who contribute reviews are always needed:
[https://edit.tosdr.org](https://edit.tosdr.org) (tool in beta, but
functional)

------
beau
Why do Apple and Google get a pass here? Who knows what apps are doing with
your photos and contacts. Apple doesn't. Facebook was grilled for not
aggressively shutting down an app that sold much less sensitive information.

~~~
bilbo0s
FB didn't explicitly give you the ability to shut the offending app down.

------
larrybud
There needs to be a distinction at the api & permissions level between course
and fine geolocation. My weather app doesn't need to know my exact address...
location within a half mile or mile would be fine. Similarly with "gas station
locator app". But my GPS navigation app DOES need fine location.

If you could control this permission at the app level, many of the privacy
issues brought out in the article would be mitigated.

------
catacombs
I would love for someone from The Times who worked on this story to share the
source of their data.

No one on Twitter nor in their interview on The Daily answered my main
question: What was the source?

Sure, they don't want to reveal private information about the people they
highlighted, but what about the millions of dots they plotted on the map?

That data came from somewhere. Did someone leak it? Did The Times buy it? Some
transparency would be great.

------
Vinnl
> On Fysical’s map, a bright red box near the Capitol steps indicated the
> general location of President Trump and those around him, cellphones pinging
> away.

My main worry is that these practices allow many people to doxx and
subsequently bribe journalists, lawyers, politicians, etc.

This feels like a judicial security hole. I wonder if something like
responsible disclosure for software security issues could help, and what the
moral issues are with that: doxx the people in charge of the laws, then
contact them to say that you will make public how you obtained their personal
data in <x time>, so they better make sure that the judicial hole is plugged
before that time.

------
kkarakk
i quite like when apps use my location info to do unique things like recommend
places in the vicinity that are good(foursquare) or give me specific filters
for a location(snapchat) phones should obfuscate the location provided in some
way so that users can take advantage of location services without continuously
sharing my movement to the backend

------
djhworld
Just looking at location settings on my android phone, it says Google Play
Services queried my location recently

But on looking in the settings for Google Play Services there's no option to
disable the Location permission in the permission settings, which means
location is permanently on (if you keep the location sensors on)

------
sitkack
I scanned the article, but this mostly sounds like they are painting this as
an application behavior. It isn't true. There are tons of companies that use
RAW location data that you cannot opt out of.

[https://airsage.com/](https://airsage.com/)

~~~
trendia
AirSage is very clearly offering non-anonymized (read: private) information
about individuals. That is, they offer "insights like the home and work
locations of people".

> AirSage uses its massive source data and patented algorithms to understand
> the movement of population and trips start to finish, origin to destination
> every day for the entire country. It’s not just about the where and when.
> Through years of research and development, AirSage also knows the “why”, or
> purpose, of the more than a billion trips made in the United States every
> day.

> Understanding populations as they relate to the physical world has been the
> core competency of AirSage since the beginning. For any physical point of
> interest in the United States, insights like the home and work locations of
> people seen in an area or duration of stay or frequency of visits are all
> characteristics that can provide a new level of understanding never before
> capable.

> Brands and Marketers recognize that the world is not just about what takes
> place on the screen of a tv, computer or mobile phone. It’s about how
> technology helps enhance our real physical world. AirSage is a leader in
> providing insightful information about the audiences advertisers want to
> reach as they relate to the locations and places that people spend their
> time.

------
rdruxn
I often have trouble explaining to people why this is problematic. I encounter
the "I've got nothing to hide" or "Who cares if I get ads that I'm more
interested in?" arguments.

What do you say to those people?

~~~
LeftTurnSignal
I try to relate to something they understand a bit more, usually a field their
interested in.

For example, my brother is not techy at all, but he's big into cars.

I asked him if he would enjoy Ford sending everything he's doing in his car to
the mothership, then selling that info to insurance companies, or used for
"marketing." (immediately he understood the issues)

Then I ask if he's comfortable with knowing that if he accidentally speeds,
turns too fast, or breaks too often, he may have to pay more for insurance.

This obviously won't work for everyone. I do have the "i have nothing to hide"
friends, but i ask them what if someone DID have something to hide? Not
everyone loves "showering with the windows open."

It's fine if they don't care about their lives, but what about their childrens
lives, or lives of someone they care about? Once it hits that point, they
usually just mention that it isn't important and go off about something else
to change the subject.

------
berns
The original title was much better: Your Apps Know Where You Were Last Night,
and They’re Not Keeping It Secret.

~~~
catacombs
You're likely seeing a version of the headline meant for social media.

Regardless, this is a better headline style wise.

~~~
berns
This is the title of the New York Times article and as posted here before it
was edited.

------
lifeisstillgood
i want my location history - for me. i just don't want it sold to third
parties. if google will store it foe me and map my walks etc, great- but i
don't want them to sell it or even use it much.

and i don't think that's a lot to ask. want me to pay for the 50cents storage
costs ? sure.

------
growlist
Any gap in the market for a privacy phone? i.e. Android customised to block
all telemetry by default.

~~~
craftyguy
LineageOS gives you Android without google, and fine-grain app permission
control.

------
gamesbrainiac
I keep Location Services on iOS and GPS off at all times, unless I really need
them. Even on iOS, I make sure that the only app that can use it is google
maps. This works great for privacy, but I have issues with compass
calibration.

------
kumarski
I've brokered terabytes of data over the last 10 years.

It's worth paying attention to companies like
[https://alternativedata.org](https://alternativedata.org)

------
mlthoughts2018
This seems hilariously sanctimonious and hypocritical from NYT.

For example, consider some of the navel-gazing bullshit projects they spend
time on:

\- [https://investors.nytco.com/press/press-releases/press-
relea...](https://investors.nytco.com/press/press-releases/press-release-
details/2018/The-New-York-Times-Advertising--Marketing-Solutions-Group-
Introduces-nytDEMO-A-Cross-Functional-Team-Focused-on-Bringing-Insights-and-
Data-Solutions-to-Brands/default.aspx)

Particular “Project Feels”

\- [https://digiday.com/media/project-feels-usa-today-espn-
new-y...](https://digiday.com/media/project-feels-usa-today-espn-new-york-
times-targeting-ads-mood/)

------
stabbles
Any tips for avoiding location sharing on Android?

~~~
cauldron
I believe as long as you connect to WIFIs that are already geolocated by other
people's phones, you are in.

Uncloaked WIFI probes also can expose you to stalker routers.

------
jasonhong
Folks here may be interested in knowing that our team has been working with
many others on building out a Privacy-Enhanced Android, which seeks to offer
new programming models, new isolation mechanisms, and new user interfaces to
help improve the entire ecosystem of privacy. This is a DARPA-funded project.

Some of our team's work (past and present) that may be of interest to folks
here: \- We analyzed the privacy of Android apps at <a
href="[http://privacygrade.org">http://privacygrade.org</a>](http://privacygrade.org">http://privacygrade.org</a>).
The basic idea is that we use crowdsourcing to generate a model of what people
are concerned about, and then apply that to all the apps we crawled. We're
working on an update of PrivacyGrade using network data too, to map out who
knows what about us and why.

\- Perhaps one of the biggest findings from our team's research is that over
40% of apps that use sensitive data only do so because of third-party
libraries (e.g. advertisers or analytics). We've mentioned this in talks to
the FTC, Google, Apple, and others, that these third party libraries are the
biggest point of leverage here if we want to solve the problem. See this
paper: <a
href="[http://www.cmuchimps.org/publications/does_this_app_really_n...](http://www.cmuchimps.org/publications/does_this_app_really_need_my_location_context-
aware_privacy_management_for_smartphones_2017/pub_download">Does) this App
Really Need My Location? Context-Aware Privacy Management for Smartphones</a>
(PDF).

\- <a
href="[https://privacyproxy.io/">https://privacyproxy.io/</a>](https://privacyproxy.io/">https://privacyproxy.io/</a>)
(sorry, self-signed certificate is a bit out of date). This is a VPN that
scans outgoing traffic for likely personally-identifiable information

\- <a
href="[http://www.android.protectmyprivacy.org/">http://www.android...](http://www.android.protectmyprivacy.org/">http://www.android.protectmyprivacy.org/</a>).
This requires rooted phones, intercepts calls to sensitive data on your phone,
and aims to help you make better decisions by surfacing these calls and
showing you how what the majority chose to share

\- <a
href="[https://privacystreams.github.io/">https://privacystreams.gi...](https://privacystreams.github.io/">https://privacystreams.github.io/</a>).
This is a new programming model that aims to make developers' lives easier,
and improve privacy as a side effect by making accesses to sensitive data
easier to analyze. A key observation is that most apps don't need fine-grained
data, but currently apps require all-or-nothing access. For example, raw audio
vs "just loudness", or exact GPS vs "what city". We offer stream-like
processing that makes it easier for devs to get the granularity they want,
which also makes the app much easier to analyze. So we can analyze an app and
output "this app uses your microphone to get loudness"

\- <a href="[https://www.slideshare.net/jas0nh0ng/fostering-an-
ecosystem-...](https://www.slideshare.net/jas0nh0ng/fostering-an-ecosystem-
for-smartphone-privacy">Fostering) an Ecosystem of Smartphone Privacy</a>,
this is a talk I gave last month that summarizes a lot of our team's work on
privacy

Our DARPA PM has asked us to focus a lot more on tech transfer activities for
our final year, so if any of you are interested, send me a mail. (This is tech
transfer in terms of getting industry to adopt our ideas, not necessarily
commercialization or licensing.)

------
raphipsp
The article says NYT was able to go through the users' location histories.

How?

------
shubb
Anyone know where to get the kind of dataset that the times has?

~~~
shaki-dora
If you use Google Maps to share your location with friends, you can find an
URL (using the browser’s devtools) that is stable and gives you location data
in JSON.

