iOS also gives you a warning from time to time about apps using your location in the background. I think iOS right now has the best location management.
People are surprised when seeing the Activity section in Google's account details, then freak out about Google tracking their location. At the very least Google is being transparent about it and gives you the option to turn that shit off.
Also I was pleasantly surprised to discover that Google Maps now remembers searches you've made without location history or app activity tracking being active. This wasn't the case about a year ago, when I last tried it, a dark pattern of sorts. They probably changed the behavior being forced by the GDPR or something similar.
So if you haven't done so, turn off "Location History" in your Google account: https://myaccount.google.com/activitycontrols (I turn everything off and I don't see a difference in usability)
On the article, I love the maps and the animations. Visualization is the best way to make people understand the threat.
On GDPR, I've seen people complaining about the high cost for implementing it, however for privacy it is a godsend.
I'd love for the Googles of this world to really make things easier for people not as familiar with technology. For instance lightswitches do not have a pause button.
If the lights in your living room total up to 85.5W, someone with access to fine grained power consumption logs can infer when you turned that light switch on or off.
Similarly, there's going to be a telltale power consumption profile for when you're in the shower, when you run your washing machine, when you turn on your television, etc.
This isn't widespread, but it's something to look out for going forward.
But being an EU citizen, I'm confident that they can't turn it on, legally, without explicit permission.
And GDPR is taken seriously, the EU requiring and sponsoring agencies that check for compliance in all EU countries.
Don't know how it is in the U.S. but I imagine that at the very least you can group with others in class action lawsuits, such that the effort of any one individual will be lower.
As long as it is illegal of course, otherwise you don't have a case. I heard California is adopting something similar to the GDPR too.
All over the page.
Paused this, paused that.
The bigger cost is to people's privacy, which is hard to quantify and hard for people to articulate why it's necessary. Collection and use of people's data is opaque and not at all transparent.
Which is why GDPR and other privacy legislation is needed.
Anyway I just get cynical when I see people talk about how evil Google is and how Apple protects privacy. Every company you do business with WILL sell of your personal data and that includes mobile operators, banks and ISPs. Until that is illegal the entire discussion about privacy is irrelevant and a sham.
Google can fuck right off with their location tracking. When I got my phone, it defaulted to asking me invasive questions about places I was visiting. The option to turn off those nag screens was hidden so deeply I felt compelled to neuter the entire shebang. Disgusting dark patterns.
Screenshot taken just now:
My next phone will be an Apple device due to this insidious crap.
This kind of insidious crap is the reason I've never considered Android as an option.
I have two Android devices for work, and they both stay in my work desk drawer. I'd never take them off campus.
Location history wasn't ever needed for remembering searches, FWIW.
It absolutely was. When I tapped on the search bar, there were no results and it told me to turn on location history.
It was really annoying, because there is no back button in the app, so if you search for your hotel, then for a restaurant, and then want to show the hotel again, you had to type the full address again.
They seem to have stopped doing that, it's now possible to use Google Maps on iOS without signing in, and you still see recent searches.
They still display a message "sign in to get better search results". And a second message: "Add your phone contacts to search for their addresses". But it's a lot better than it used to be.
The number is small enough that I pretty much can directly remember the thing I was thinking about, and why I searched for it. I don’t even want my device saving my recent searches.
Which is what we are talking about.
I thought I had turned it off. But I'm also using Google Fit, that somehow stores location history even if you've turned it off in maps. There's no way to turn it off.
Even better, when you try to delete the 'Location' data through the google settings, you'll get an 'An error was encountered while deleting data form Fit' (https://twitter.com/belloaleksander/status/10700087909074452...)
Its something you can probably build off the shelf - log position with durations, draw vectors on Open Street Maps. But Google has already given me the convenience in exchange for my privacy. Its one of the rare times I'm alright with that tradeoff.
Your phone is perfectly capable of making this map on its own. Why does it have to share all that information with the Google mothership?
Apple's phones do the same thing, but don't send your personal location history to Apple. (Though I believe the history isn't a full seven years.)
I've tried a lot of automatic backup solutions like syncthing but have had myriad performance or inconsistency problems over the years.
Its tied to my Google account rather than the physical device, and its not data I need to manually somehow keep consistent across devices because Google does it for me.
It's certainly possible to develop user-centric software with the same functionality and polish, at a grassroots level. The fact that the industry is being dominated by VC money looking for scalable winner-takes-all growth is indicative of the magnitude of what's really at stake.
I sympathize with the plight of those unknowingly being spied upon - I've had enlightening conversations with family members when I show them this very feature they weren't aware of on their Android devices - but it often feels like the demonization of Google treats it like nobody ever volunteers in. Because I definitely wouldn't pay for it, but its a nice service to have.
Apple's phones and computers do this, too. This is not unique to Google. What is unique to Google is that Google uses the information to profile you, while Apple just uses the information to draw a map.
- When you install MicroG/Google Play Services, they take over location services (i.e. they run in /system/priv-app, and if you disable their location, location on the device is disabled totally).
- Android by default has the default on option to scan wifi and Bluetooth when you turn them off to find wifi/bluetooth and coorelate it to your location.
- On my Pixel C, when if I try "high accuracy" or "battery saver" mode Location services, Google Play has tried to force me to agree to their location tracking and I have disagreed every single time. Location services does not work if I use "device only" (which is supposed to only use GPS).
- I have noted that on my phone now, if I disable location and then reenable it when I have moved more than 20-30 miles, the GPS has to reacquire the signal and can take up to 2 minutes (I also tried it when I drove several hundred miles, it took several minutes to reacquire). This is indicative of the GPS module being off totally. This was not so when it had Google Play Services on, it was able to reacquire my location extremely quickly, sometimes almost instantaneously even if I moved a long distance. I suspect that Google Play was still tracking my location even if I turned off location services (due to it totally controlling my location).
- EDIT: Another interesting note is that on my phone has had location services off and then turned just back on (i.e. no GPS lock), it appears to give the last time GPS was acquired as my current location. OSMAnd shows that location but says it doesn't know my location, but other apps do not realize that. I am suspecting that Android does not necessarily have a "stale" location, just the last reported location.
Putting my tin foil hat, I hypothesize Google anonymously tracks your location even if your location services if off (allowing them to do traffic, how busy a restaurant is, etc.).
EDIT: As correctly pointed out, networked assisted GPS is a thing, and may also play into the differences in GPS reacquiring. I believe that network assisted GPS is in AOSP. When I turn on and off GPS in Android, it appears to have the almanac for where to look for satellites based on SatStat, and how quickly my phone acquires the GPS signal is a function of where it used to be compared to where it is now. In addition, UnifiedNLP  scans for networks/cell towers and correlates it to location, it does not appear to implement networked assisted GPS.
This is more likely access to network assisted GPS.
To know your location, the receiver needs the GPS ephemeris and almanac data (basically the status/location/trajectories of the GPS satellites). This is transmitted by the satellites themselves, but extremely slowly (50 bps with the entire navigation message taking 12.5 minutes)#.
To speed things up substantially (almost instant vs minutes), this info can be delivered over the network instead. I presume that in your case it was being provided over the network as part of the Play services.
Thanks for explaining that. It explains why when I interfaced a GPS receiver yanked out of a 2001 minivan it took so long to lock into a location with my Palm Pilot.
This has already been reported.
I'm used to European cities, crowded, but without skyscrapers and in my city GPS is very reliable, but I realized that's only because we don't have tall buildings.
> - Android by default has the default on option to scan wifi and Bluetooth when you turn them off to find wifi/bluetooth and coorelate it to your location.
What the actual fuck?!
For the curious:
Don’t tell me a weather app needs to know my location all the time to give me the best weather info then sell my location to the highest bidder. Don’t tell me that buried in some 20 pages of leagalese in your Ts&Cs is some vague references that make this “legal.”
It is not acceptable to roughly the amount of people (and I include myself) who make a deliberate and self conscious decision to oppose it.
This is a small, small group. I have a phone with Replicant OS, which puts me within a niche group of an already niche group (those willing to install alternative OS and strip Google on their phone). In a wider computing sense - what percentage of HN use GNU/Linux? Of them, who runs as fully Free OS? What percentage of them are rocking a 12y.o. librebooted thinkpad?
The general public are apathetic at best. Contrary to popular opinion, people are not ignorant to the behaviour of tech giants - they just don't care enough to stop. Clearly, it is still an acceptable answer to consumers.
It's like claiming that people don't go vegetarian or vegan because they aren't aware of the suffering. Of course they are aware. It's just easier to keep eating hamburgers and live with the cognitive dissonance.
It's the same with these apps.
Contrary to your* opinion, people do care enough to stop but they don't know how. Tech giants have insinuated themselves into literally every aspect of their lives by abusing the lack of knowledge of the users. Now, they don't see a way out without drastic change.
How can you get a job if you don't have a phone? How can you get a job when literally every affordable phone tracks you?
Even my apartment complex online portal tracks me. What the flying fuck?
The only way to actively stop is to not have any computing device whatsoever. Good luck living in a modern world like that: even then there's still facial tracking and vehicle tracking.
People that say that consumers don't care enough to stop is living in their own bubble insulated from real people.
I'd guess the vast majority of HN users will be primarily users of Windows/Mac OS and proprietary software. Many HN users will use GMail, Google Maps, Google Play Services... an so on.
Are we going to pretend that your average HN user doesn't understand the pros/cons of their software choices? Personally, I'd prefer to credit them with the intelligence to have made a balance and reasoned decision (albeit one I fundamentally disagree with).
This trickles down to less tech savvy users too. Many of my colleagues in Medicine are more than aware of such issues due to rules and regulation on data storage and the like. They know, for example, why patient data should never be on Google Drive or GMail. They still continue to use those services for personal use, despite being aware, because they simply aren't sufficiently motivated to change their habits. GMail is familiar, and hence easy, so why switch to ProtonMail (for example)?
>How can you get a job if you don't have a phone? How can you get a job when literally every affordable phone tracks you?
I have a very good career and have used Replicant OS and Lineage OS. I now use a dumbphone because I dislike smartphones for other reasons. There are many, many successful people who can function perfectly well without the latest iPhone.
>People that say that consumers don't care enough to stop is living in their own bubble insulated from real people.
Please don't resort to ad hominem attacks on Hacker News. It is uncalled for, and there are more appropriate ways to put your point across.
I am not pretending that the average HN doesn't understand the pros/cons of their software choices. I own my own domain and with it I provide my own email, calendar, and the like. It's nowhere near as simple as it could or should be. It increases the barrier to entry in both cognition and technology required while hiding the actual cost of the decision to offload that data to a third party.
> They still continue to use those services, despite being aware, because they simply aren't sufficiently motivated to change their habits.
Again: bubble. Is it that they're insufficiently motivated to change their habits? Or is it that they've been trained (whether personally, or educationally, or through another employer) for something easier and haven't been given a solution just as easy?
> GMail is familiar, and hence easy, so why switch to ProtonMail (for example)?
For me, personally: both of them are off-site and not owned by me. For many others: they don't know of ProtonMail. For many of them: they can't afford ProtonMail.
> There are many, many successful people who can function perfectly well without the latest iPhone.
I wasn't talking just about phones. Computers, even your employer's computer, can track you; my employer uses GSuite.
> Please don't resort to ad hominem attacks on Hacker News.
I don't believe this was an ad hominem attack; I believe it was an observation.
I'm curious - how do you handle navigation (both in car and on foot) with a smartphone?
In the car I have a Garmin satnav unit which I can use. They are great quality and I paid about £20 or 30 for it used. I strongly dislike this modern trend for using phones in cars. They are too distracting (I hate this modern trend of huge tablet interfaces in cars for the same reason).
On foot... I honestly don't need maps that much. I struggle to recall ever needing to have live directions while walking. I have a good in-built navigation brain through - probably from growing up doing lots of hiking, orienteering, and so on. I also think that reliance on blindly following a screen stunts the development of such skills. I find I have a very good mental map of my city compared to younger friends.
I spent my teens and 20s without technology like this. I find it quite depressing when this question gets raised.
It hasn't been tested much in court yet, but the theory is that users should actually understand what the "deal" between them and the company is when they "agree" to those terms of service.
It seems pretty reasonable to me, otherwise stuff like slavery could also be brought back hidden in companies' ToS.
Not really. I agree that people accept it to some degree (I'd say out of helplessness), but that doesn't mean regular people expect a random free weather app is going to pawn off all all their contacts list to random scoundrels.
Personally, I was never bothered by the lack of GPS. I'm fine with offline maps. I have a satnav in the car which is the only time I really need minute-by-minute navigation.
I found the lack of WiFi to be a bigger issue. Mostly as I like podcasts. There is/was an option to use a WiFi adapter which works well if you plan in advance (i.e. use it when downloading a bunch of apps when setting up, or downloading a bunch of podcasts in one go).
Replicant OS is a really neat project, and they deserve some praise.
They are not and impact and buzz around articles like this show it. General public does not know enough about technology to understand the ramifications of what they do. For some it might be shocking to know it is this easy to reuse location data for other purposes, or that by mixing different data points, you can de-anonymize pretty much anyone. These are concepts that are clear when you work with or like technology, but are not natural and need to be explained and learned.
It seems Ford CEO thinks they can collect and monetize drivers data:
-- So the case I would make is that we have as much data in the future coming from vehicles, or from users in those vehicles, or from cities talking to those vehicles, as the other competitors that you and I would be talking about that have monetizable attraction.
--The issue in the vehicle, see, is: we already know and have data on our customers. By the way, we protect this securely; they trust us. We know what people make. How do we know that? It’s because they borrow money from us. And when you ask somebody what they make, we know where they work; we know if they’re married. We know how long they’ve lived in their house, because these are all on the credit applications. We’ve never ever been challenged on how we use that. And that’s the leverage we’ve got here with the data.
It really comes across that he doesn't understand what he's talking about around tech. "Transportation Operating System"? It's cargo-culted technobabble.
But yes it did veer in to the creepy side there
Insurance companies did it first by offering dongles that you can plug into your OBDII that would basically feed your driving data back to them.
I agree that it is scary and just feels not right. General population is so ignorant these days that most honestly don't care. They will just accept these things.
This data will be valuable to insurance companies, government, car manufacturers and who knows how else it could be used. You can literally tell who made a modification to their car and read all the data from the vehicle.....meh, future sucks.
One day we will wake up when we have zero freedom, all of our moves will be tracked...and we won't be able to have any privacy at all.
What I don’t understand is why these types of activities by hedge funds aren’t considered insider trading.
Insider trading laws don’t exist to make sure there isn’t information assymetry, the market is all about that assymetry. Insider trading laws are about insiders stealing from other shareholders.
I don't need to give the public access to my satellite images. But if I wanted to make a subscription service for 100k/month, I could. It would be non-public, but not insider.
It's likely The Times just didn't have enough, or access to, this data to do solid reporting.
If there are people in and out of the industry who are willing to share data that can advance an important story, these things might get out faster.
I've wanted to use a weather mesh network for a while in commodities and other spaces, but the info has been hard to collect without building a private sensor network.
You'd expect to find this data being stolen by trojans and sold for bitcoin by anonymous actors on blackhat sites, not by registered companies with offices and employees.
The US lacks GDPR-style general privacy law, but there is a very specific one for video rental records passed specifically as a result of exposure of Robert Bork: https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act
As examples I would cite federal hate crime legislation, enacted after a particularly abhorrent lynching of a gay teenager IIRC. Or the current change of approach to Saudi Arabia’s ruling sadists: of course their industrial slaughter and engineered starvation of children in Yemen is the far larger crime, but the smoking bone saw of Istanbul just grips us far more viscerally.
This is a brilliant, horrifying, piece of phrasing.
Mobile 3G/4G data networks are reusing those IPs, so at best you'll get a country or state-level accuracy.
The IP of home / business connections can be static and the accuracy can be good, however you're not taking that IP with you when on the move. So in order to track a user's movement, online services have to link that IP to some unique identifier of that user.
It's not insurmountable of course and native apps have no problem in generating such unique identifiers per user, however without consent it's now illegal to use a user's IP for tracking his location under GDPR and it's also illegal to generate unique identifiers for users without consent. Even logging IPs is now illegal, unless you're doing it for security purposes and only for a limited amount of time.
If you're lucky. Right now I'm on a Verizon connection that reports me being in New Mexico.
My phone's AT&T connection currently says I'm in Los Angeles.
I'm half a continent away from either of those places.
Of course, since ip "geolocation" is just ip data + location agregatted from ISPs. How can the OS maker "fight" this ?
It's also very frustrating if you are using the Wi-Fi APIs for legitimate purposes. Having to explain to a user why you need location permissions in order to set up a Wi-Fi peripheral isn't easy.
It's just worth noting that flipping a switch in your OS might not do much in terms of location tracking.
Its shameful that Android 2.3 let you have more control of your phone than Android 8.1.
As a bonus you can be confident those settings will remain the same after updates ;)
Stalking everyone and building increasingly creepy online profiles to target better is an abuse of basic human privacy, if you stop to think about it, and completely unethical and takes your hurtling down the path to a surveillance society.
The only reason its even possible because of the lacuna in a new space and laws catching up, and when they do, it won't be possible. The idea that making money makes everything ok is a primitive and fundamentally antisocial ideology. And if everyone thought like that would end civilization as we know it.
The problem is that, from small business to mammoth company, there is no codified, unified, agreed upon manifesto when it comes to handling data at any level. A "Constitution" of sorts that explains the rights and / or wrongs of the data usage of the average user. Somewhere where a user can look at a document, see which company falls where on the spectrum, decide if they are comfortable with the sharing of that, and actively signs off on it. As an addendum, it's also important to think, while my for example, email data might be shared, it will enable certain benefits that I sign off on like Google providing me flight details, etc., but it comes at what expense.
You'd get a wide spectrum of those who couldn't care less to those who are tin-foiled, but no matter where you fall on this spectrum, you'd at least know which software does what. If that manifesto-like document is broken, consequences would be maintained.
Unfortunately, something of that magnitude in this age would probably require the cooperation of large entities like Google and Facebook. Guess who profits from the current leaky model.
Honestly, Apple may be just about the only one capable of shifting the tide. They’re big, they claim a privacy focus, and they’ve delivered some (e.g. Apple Pay, iMessage). If they could come up with more secure technological replacements for the things that are currently leaked by apps, we might have a chance.
The “one time card” approach of Apple Pay seems like the basis for such a system. For example: stop giving apps “my location” tied specifically to me, instead give them “location of unspecified user” where that token goes away after one app transaction.
But that's not a scalable solution. Privacy legislation is required to raise the bar for everyone. Apple's not going to be able to sue or fine companies nor can they police companies about how they use data they've managed to collect.
The NYT article cites the company MightySignal claiming 1,200 Android and 200 iOS offending apps.
EDIT: The NYT outlines their reporters' testing, and the apps they used: https://www.nytimes.com/2018/12/10/technology/location-track...
Call it something like AppSideEffects.com "Things that may be harmful when using these apps/web sites"
I also don't actually find the current language of TOS prohibitively obfuscated, even though English isn't even my first language. The trouble is length far more than phrasing.
What could possibly work is to codify certain recurring segments, i. e. specify them once in a (complicated) law, then represent them in an understandable format, such as a visualisation. The "Nutritional Informations" come to mind.
Alternatively, a certification scheme grading different levels of data protection could work, such as it is currently used for organic food.
Or, you know, just outlaw the stuff that no sane person would ever accept unless forced to by the market converging on one, very low, standard.
I think this and legislation requiring a good faith plain text explanation of terms would work well together. You can have the legalese for the details, but many (most?) Things people care about can be talked about plainly.
If you could control this permission at the app level, many of the privacy issues brought out in the article would be mitigated.
No one on Twitter nor in their interview on The Daily answered my main question: What was the source?
Sure, they don't want to reveal private information about the people they highlighted, but what about the millions of dots they plotted on the map?
That data came from somewhere. Did someone leak it? Did The Times buy it? Some transparency would be great.
My main worry is that these practices allow many people to doxx and subsequently bribe journalists, lawyers, politicians, etc.
This feels like a judicial security hole. I wonder if something like responsible disclosure for software security issues could help, and what the moral issues are with that: doxx the people in charge of the laws, then contact them to say that you will make public how you obtained their personal data in <x time>, so they better make sure that the judicial hole is plugged before that time.
But on looking in the settings for Google Play Services there's no option to disable the Location permission in the permission settings, which means location is permanently on (if you keep the location sensors on)
> AirSage uses its massive source data and patented algorithms to understand the movement of population and trips start to finish, origin to destination every day for the entire country. It’s not just about the where and when. Through years of research and development, AirSage also knows the “why”, or purpose, of the more than a billion trips made in the United States every day.
> Understanding populations as they relate to the physical world has been the core competency of AirSage since the beginning. For any physical point of interest in the United States, insights like the home and work locations of people seen in an area or duration of stay or frequency of visits are all characteristics that can provide a new level of understanding never before capable.
> Brands and Marketers recognize that the world is not just about what takes place on the screen of a tv, computer or mobile phone. It’s about how technology helps enhance our real physical world. AirSage is a leader in providing insightful information about the audiences advertisers want to reach as they relate to the locations and places that people spend their time.
What do you say to those people?
For example, my brother is not techy at all, but he's big into cars.
I asked him if he would enjoy Ford sending everything he's doing in his car to the mothership, then selling that info to insurance companies, or used for "marketing." (immediately he understood the issues)
Then I ask if he's comfortable with knowing that if he accidentally speeds, turns too fast, or breaks too often, he may have to pay more for insurance.
This obviously won't work for everyone. I do have the "i have nothing to hide" friends, but i ask them what if someone DID have something to hide? Not everyone loves "showering with the windows open."
It's fine if they don't care about their lives, but what about their childrens lives, or lives of someone they care about? Once it hits that point, they usually just mention that it isn't important and go off about something else to change the subject.
Your insurance company will increase your premium if they see you're often out late at night.
Your employer could see if you use a vacation day to, possibly, apply at a competitor without him knowing it.
Workers at a nuclear powerplant might get approached by foreign actors intercepting their commute.
Regardless, this is a better headline style wise.
and i don't think that's a lot to ask. want me to pay for the 50cents storage costs ? sure.
It's worth paying attention to companies like https://alternativedata.org
For example, consider some of the navel-gazing bullshit projects they spend time on:
Particular “Project Feels”
Uncloaked WIFI probes also can expose you to stalker routers.
If you can achieve root, you will have much greater controls over privacy. Unfortunately, it seems cellphone manufacturers are moving away from giving users control over their devices.
Some of our team's work (past and present) that may be of interest to folks here:
- We analyzed the privacy of Android apps at <a href="http://privacygrade.org">http://privacygrade.org</a>. The basic idea is that we use crowdsourcing to generate a model of what people are concerned about, and then apply that to all the apps we crawled. We're working on an update of PrivacyGrade using network data too, to map out who knows what about us and why.
- Perhaps one of the biggest findings from our team's research is that over 40% of apps that use sensitive data only do so because of third-party libraries (e.g. advertisers or analytics). We've mentioned this in talks to the FTC, Google, Apple, and others, that these third party libraries are the biggest point of leverage here if we want to solve the problem. See this paper: <a href="http://www.cmuchimps.org/publications/does_this_app_really_n... this App Really Need My Location? Context-Aware Privacy Management for Smartphones</a> (PDF).
- <a href="https://privacyproxy.io/">https://privacyproxy.io/</a> (sorry, self-signed certificate is a bit out of date). This is a VPN that scans outgoing traffic for likely personally-identifiable information
- <a href="http://www.android.protectmyprivacy.org/">http://www.android.... This requires rooted phones, intercepts calls to sensitive data on your phone, and aims to help you make better decisions by surfacing these calls and showing you how what the majority chose to share
- <a href="https://privacystreams.github.io/">https://privacystreams.gi.... This is a new programming model that aims to make developers' lives easier, and improve privacy as a side effect by making accesses to sensitive data easier to analyze. A key observation is that most apps don't need fine-grained data, but currently apps require all-or-nothing access. For example, raw audio vs "just loudness", or exact GPS vs "what city". We offer stream-like processing that makes it easier for devs to get the granularity they want, which also makes the app much easier to analyze. So we can analyze an app and output "this app uses your microphone to get loudness"
- <a href="https://www.slideshare.net/jas0nh0ng/fostering-an-ecosystem-... an Ecosystem of Smartphone Privacy</a>, this is a talk I gave last month that summarizes a lot of our team's work on privacy
Our DARPA PM has asked us to focus a lot more on tech transfer activities for our final year, so if any of you are interested, send me a mail. (This is tech transfer in terms of getting industry to adopt our ideas, not necessarily commercialization or licensing.)