Hacker News new | comments | ask | show | jobs | submit login

I'm in the space as well. I've tried telling my congressmen but they ignore me. I'm waiting for the backlash, especially will all the recent privacy issues. It hasn't happened yet and the problem is so large that I honestly doubt whether the public will ever truly grasp what the scope.

The advice I always give when this topic comes up us to be very careful with what you install on your phone. The least expensive mobile location data tends to come from random apps collecting the data to sell it, and ad networks. Permission to use your GPS is permission to track you until you uninstall the app.

If you're willing to have your name attached to this, if / when it does finally blow up, please make an effort to talk to news organizations about who and when you initially reached out to congress people.

If you're not comfortable with your name being publicly attached, at least give news orgs the information and request confidentiality.

Part of the reason congress people can punt is that the cost of inaction < cost of action before it penetrates media.

A big part of shifting that equation is starting to publicize "You had all the information available now on X date and did nothing" as loudly as possible. Naming and shaming has been healthy for vulnerability disclosure.

Are you able to send them a copy of their individual location data, or the location data of their staffers/friends/family? That might make for a potent wake up call. Though, you'd want to run that by an attorney first.

Screw that. Put together a consumer stalking website, sell the data directly. Advertise, make tons of money, and let the outrage from that bring light to the entire industry.

And then be the only one sent to jail as the scapegoat for the rest

It's not illegal.

Do it on the dark web.

Move to Myanmar first?

To get initial traction, you can even call it “where’s waldo” to get the publicity of a trademark suit. go for broke — you’d be going to jail anyway once any meaningful legislation is put into place

The point is to encourage legislation. So happily shut down on a pile of money.

  I'm in the space as well. I've tried telling my
  congressmen but they ignore me.
If you have hard evidence, forward it to the journalist or newspaper that broke a similar recent story, or whose reporting of that story you respected.

Maybe you can find a journalist you respect for their reporting on Cambridge Analytica, the Paradise Papers, Edward Snowden and so on?

It's not that easy when you're not in their network. I've tried to contact a few journalists recently as I discovered twitter knows everything about youporn's user which considering their track record in term of security and the amount of politician in there could have some pretty bad effects.

It goes like this: https://pbs.twimg.com/media/DczGQICUQAA9ljF.jpg

The domain "syndication.twitter.com" tracks everyone but the page says: "Sorry, that page doesn’t exist!". The point is I haven't been able to run the story so far

Seasoned cybersecurity journalists use Securedrop, Signal, Jabber and the U.S. mail to protect sources, among other tools.

that's only the low end. app gps usage shows up on the UI.

the article discusses when the ISP/telco sells the data that you have zero visibility on. there's no way to get around this.

btw, apple and google ad spyware process (google play service) will collect gps and wifi data without any user visible UI, not to mention download ads in the background.

> btw, apple and google ad spyware process (google play service) will collect gps and wifi data without any user visible UI, not to mention download ads in the background.

Would be nice to see actual proof of this. I am very familiar with all network traffic an iOS device may emit and do not know what you are referring to here.

Thanks for the tip. I've made a habit of turning off location services on Android once I'm done using navigation (Waze), do you know if this sufficiently blocks all background tracking for apps I've consented to allow GPS location tracking? Thanks.

Carrying a cell transmitter allows them to triangulate your position. It's not as awesome as GPS but it still meets a lot of needs.

What about a state senator or representative? Could your state start enacting a privacy framework, that would apply to businesses that wanted to do business in your state? Sort of like California emissions for cars.

Can you name and shame the congressmen that ignore you?

Or can you make a tip to one of the newspapers? Given the facebook privacy news saga this might get picked up.

I don't think naming and shaming will do anything, but maybe when somebody's location data embarrasses them, they will do something about it. I think a good analogy is the Video Privacy Protection Act.

I'm a liberal in Texas so being ignored by politicians is nothing new to me.

Talk to a congressperson who knows about cyber like Ron Wyden.

FFS. "Cyber" is an adjective. Not a noun.

Just because the less-technically adept parts of the infosec community & even more hapless government workers wanted to sound cool doesn't suddenly make it right.

That's how colloquial language develops, however.

This is true. But it doesn't make every new development an intelligent or useful one.

But then I also just enjoy responding with "Cyber what?" whenever someone uses it as a noun. The correlation between people who are asked and can then provide a relevant noun has not been high.

Seems kinda useful, to group knowledge regarding computers & the internet, and how they impact other industries.

Language just got cybered.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact