
Smartphones and the location data marketplace - edward
https://www.nytimes.com/interactive/2019/12/20/opinion/location-tracking-smartphone-marketing.html
======
javajosh
Yeah, apps are bad, but what concerns me (well, scares me to my bones,
actually) is the prospect of malware below the app level. The operating
system, drivers, and hardware are all ripe for abuse at an unimaginable scale.
The "baseband" blob in particular seems like a holy grail of invasive
surveillance. And, theoretically, there's a huge opportunity for the
manufacturer of the PCB _and every chip on it_ , to add what is logically a
blob - a region of the chip that is mostly dormant, but reacts to some signal
and come's alive. And _we cannot verify that these features don 't exist_
because they are too small!

I mean, if I was China I'd be actively pursuing inserting this kind of trojan
horse in _everything_. Yeah, you'd only get to use it once at scale, but
that's all it would take. And you'd probably get away with targeted use for a
long time before anyone discovered it.

 _This_ , that is, national security, is the best reason to pass "right to
repair" laws, and build out replacement hardware and software options that are
_verifiably open_. Heck, if I was with NSA I'd be pushing hard to fund that
kind of work with NSA money.

~~~
amelius
> Heck, if I was with NSA I'd be pushing hard to fund that kind of work with
> NSA money.

But what if the NSA had their own backdoors installed in hardware made by US
firms?

~~~
javajosh
AFAIK very few PCB- or chip-level electronics are made in the USA. And this
kind of insertion would best be done at the last possible moment, at the
factory. So if you don't have the physical factories, you don't get this
opportunity. No doubt the NSA (or any national intelligence agency) would want
this, but you can't have it unless you have the physical fabs.

So, being practical engineers, if I was the NSA I'd make deals with telecom's
to 'assist' with writing the baseband. But the irony is that the device
manufacturer could easily disable this backdoor in favor of their own. Oops!
:)

~~~
amelius
> But the irony is that the device manufacturer could easily disable this
> backdoor in favor of their own.

I'm not sure it works that way. Perhaps the NSA could force certain US
companies to specifically design and install backdoors, and require these
backdoors to be always active. (One of my possibly ungrounded/paranoid fears
is that they do this with Intel ME).

~~~
sfifs
The balance of likelihood is they do on both Intel and AMD management engines
as that's what any competent agency should do in this age. To my mind, there's
no other real reason for the explosion of interest in ARM chips on server. ARM
design is sufficiently well understood and simple that usable chips can be
designed and fabbed away from the control of US companies even if it provides
poor performance trade offs.

------
amelius
We need to legally ban online targeted advertising, as it causes far more
problems than it solves.

I'm sure the internet will do fine with a less intrusive monetization scheme.

~~~
dantheman
What harm?

~~~
LaundroMat
Of the top of my head:

* Journalism no longer prioritizing truth, but eyeballs/clicks. * Immense user frustration * Waste of bandwidth (energy costs, etc)

I bet there are many more.

~~~
dantheman
Even without targeted advertising journalism would still use advertising,
they'd just make way less money.

~~~
newnewpdro
I agree with your first part, but the second part isn't true if it were
prohibited to do targeted advertising for _everyone_.

It's an arms race, you only earn less without targeting when your competitors
are targeting. When all advertising is equally poorly targeted, everyone's
getting their fair share of the available advertising dollars.

------
chiefalchemist
The book Dragnet Nation, from ~5 yrs ag, did a great job (then) on this
subject. That along with Chaos Monkeys help escalate my fear and paranoia.
Anyone I engage on the subject? They're oblivious.

[https://www.amazon.com/Dragnet-Nation-Security-Relentless-
Su...](https://www.amazon.com/Dragnet-Nation-Security-Relentless-
Surveillance/dp/B01LTHXKEU)

------
wizzwizz4
This is a good explanation suitable for the layperson. Though there are a few
confusing bits, like:

> _And every app is potentially leaking data to five or 10 other apps._

it's overall absolutely very good, relatively excellent.

------
dantheman
I don't understand why this reporting doesn't include the phone companies?
They have far more data.

~~~
jmccorm
Much of the public's understanding of cell phone tracking has centered around
the cell provider, the telephone network, and big players like Facebook and
Google. They're missing a big piece. The NYT is shedding light on this missing
piece.

This article puts the spotlight on yet another group of companies and another
tracking mechanism. These companies are small, virtually unknown to the
public, and they're providing SDKs which others are building real and useful
mobile apps upon. One example given was an otherwise legitimate weather app
which pulls your location to provide local weather data. You grant the app
access to your location information because it has a reason to have it, and it
does something useful with the data.

The article introduces the public to what you probably already knew. Those
SDKs can (and do) ingest that same location data for their own purposes. In
the article, they find that the SDK provides your fine location data to a
location services company (Cuebiq) for a total of twenty times over the course
of an eight minute walk. Most users have no idea this is going on behind the
scenes. They just see the weather app.

The article isn't attempting to dismiss other forms of tracking. It is trying
to better introduce a new form of tracking that most people poorly understand,
if at all.

------
dang
Related recent thread:
[https://news.ycombinator.com/item?id=21833718](https://news.ycombinator.com/item?id=21833718)

Since the article title is baity, we changed it in accordance with the HN
guidelines
([https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)).
If anyone suggests a better title, we can change it again.

~~~
pdkl95
I think the article's original title should stand. While some people might
consider it "baity", I would describe "Smartphones Are Spies" as an accurate
description of reality and the content of the article.

The article is making an a public accusation: a lot of spying is happening,
and they are naming some of the (in their opinion) responsible parties.
Changing that to a title that only indicates the general subject of the
discussion ("location data marketplace") obscures the article's thesis: "Your
smartphone is probably sending your precise location to companies right now."
(which is just a more detailed way of saying "smartphones are spies")

[regardless, it's your house, use whatever titles you want]

~~~
dang
As I said, I'm happy to change it to something better if anyone suggests it,
but "Smartphones are spies" is obviously sensational and this thread is
already filling up with low-quality comments.

The definition of a better title on HN, btw, is: more accurate and neutral,
and preferably using representative language from the article.

------
rolph
we need to create an app development regime that does not "trojanize" apps or
pirate any derivative data.

In my eyes the mobile industry as a whole has voluntarily succumbed to a
supply chain attack

------
8bitsrule
Good job. That 'location pings' animation looks chilling. Very appropriate.

------
tcd
The irony as this page blocks many attempts to send my information to known
data rapers.

You're part of the problem nytimes, how about you start setting the gold
standard and show the world you're better than others?

Oh wait, that data is too valuable to your business isn't it?

Can't wait to hear their so called "solutions".

~~~
dewey
At least in this case they mention that explicitly at the end of the article:

"Like other media companies, The Times collects data on its visitors when they
read stories like this one. For more detail please see our privacy policy and
our publisher's description of The Times's practices and continued steps to
increase transparency and protections."

------
iwantagrinder
If you're reading this and work in a role that helps companies turn profit
from these practices, fuck you.

~~~
dang
Please don't post unsubstantive comments here. We want curious conversation,
not denunciatory rhetoric, and the latter destroys the former.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
kjhrwerklj
Wow, the flagging is strong with this article.

Prediction: the whole article will be flagged soon. Too much heat on VCs.

~~~
dang
This article isn't being flagged. This and related topics are perennially
popular on HN. Some comments have been flagged, correctly, because they break
the site guidelines.

Would you please stop it with the trollish comments now? You've already posted
five to this thread. That's over the top.

