Hacker News new | past | comments | ask | show | jobs | submit login
Tracking Phones, Google Is a Dragnet for the Police (nytimes.com)
411 points by rasmi 12 days ago | hide | past | web | favorite | 203 comments





I turned off almost all tracking in Android a while ago, but never scanned the data it collected. I recently looked at what data was associated with my Google account, and there I saw: every voice command I ever issued my phone, and when I used what app. I could see at 9:30am I opened my camera app. I can see I viewed a notification at 9:45am. And so on. I deleted it all, but my guess is it probably still lives somewhere in Google.

I knew they tracked search. I knew they would use my voice usage to make it better. I didn't realize how pathological they were in tracking literally everything I did with my phone and tying it to my account, down to what apps I opened and when. It's creepy as hell.

It really made me want to just exit this whole smartphone shitfest, because I have to assume they're still tracking all this data, just not making it visible. Maybe Apple is better, maybe not. The problem is I can't know for sure, and if they lie - what could I do about it anyways?


I installed NoRoot Firewall, it has a "Access Log" tab, that logs all connections (allowed or block). My phone just didn't shut up'. Every other second some app (that wasn't in the foreground) was talking to some IP. My battery was getting slaughtered and my privacy as well.

I proceeded to disable the "Run in background" almost every application, kept only a handful that are really needed (e.g. Signal). Since then my battery lasts for 3 days, and my "Access Log" only moves minimally.


Question - does stopping apps from running in the background actually help privacy?

Can’t the app just buffer all that data (including time stamps) and just send it when you use it again?

Or is the app truly “turned off”?


This is how I do it. I cache everything I need to send and send it when I can. I do it in the context if sales information in places with poor connectivity like music festivals.

The app can't collect and buffer data if it is not running.

Are you sure? I’m currently learning how to develop apps for Android and during my testing I was surprised that you’re able to send silent data-only notifications to devices, even when the app is closed / removed from the drawer. You’re able to run background functions like update a local SQLite database but I haven’t tried making requests to a backend server yet (my guess is it works too) or accessing any sensors.

You're totally correct, you can do pretty much anything you want in Android running in the background. But the post you replied to is referring to Stopping an app .. via the app info in settings. In this case it stops the background service component until you launch it manually again. Noone apart from power users and developers would do this though.. most people likely don't know what the stop app function does.

There are OS battery optimisations which kick in eventually though, which result in most non system apps to be stopped automatically to save battery. Once again, they won't startup in the background again until being manually launched. This is my general understanding gained from working for a couple of years on an Android app that runs in the background and receives silent notifications.


I don't develop apps for Android, but I do for iOS. I will assume that my operating systems knowledge though is from Windows/Unix. To use Windows terminology, an app is running either as 'manually launcher's or as a service (system launched). Android (at least my Honor phone and any tablet I ever used) gives me the ability to manually intervene and change the auto-launch and the background running. I windows that would be things found (and 'killed') in SysInternals AutoRuns.

I don't leave 'everything on default' in the power/background running settings, and thus I don't give the apps the option to do what the device decidsd. Plus with the firewall I Block all the nasties (e.g. 31.13.x.x - FB, or the various IPs for ads and tracking).


Can anyone recommend a good alternative for iOS to do just this?

Just go into Settings and disable "Background App Refresh" for all the apps you don't want running in the background. And also check your Battery section to see which apps use the battery the most.

I'm a recent convert to iOS (I've used Android for 7+ years) and I find that it "phones home" a lot less than Android. You can easily run a Wireshark and confirm it yourself.

https://www.bleepingcomputer.com/news/google/idle-android-ph...


I like how “a lot less” is the new standard, compared to “at all”

Well, if you look at the study [0] you can see that you can get rid of the most of the tracking by disabling App Background Refresh, removing the Google apps and by running a content blocker. If you do all those steps, Big Google won't be getting much identifiable data about you.

>Both Android and Chrome send data to Google even in the absence of any user interaction. Our experiments show that a dormant, stationary Android phone (with Chrome active in the background) communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour. In fact, location information constituted 35% of all the data samples sent to Google. In contrast, a similar experiment showed that on an iOS Apple device with Safari (where neither Android nor Chrome were used), Google could not collect any appreciable data (location or otherwise) in the absence of a user interaction with the device.

>While using an iOS device, if a user decides to forgo the use of any Google product (i.e. no Android, no Chrome, no Google applications), and visits only non-Google webpages, the number of times data is communicated to Google servers still remains surprisingly high. This communication is driven purely by advertiser/publisher services. The number of times such Google services are called from an iOS device is similar to an Android device. In this experiment, the total magnitude of data communicated to Google servers from an iOS device is found to be approximately half of that from the Android device.

[0] https://digitalcontentnext.org/wp-content/uploads/2018/08/DC...


It's a shame google maps is so much better than the alternatives, but it's probably somewhat related to the amount of data they collect.

But think about that for a second.

Apple spends something like 1 billion dollars a year on Apple Maps. There is no strategic reason for them to do maps. They aren't making money from it. They are anonymising the statistics they gather. They chose to spend this insane amount of money doing something completely foreign to them just so their customers don't have to use Google Maps.

Let that sink in.

It's incredible.

As for the quality of Apple Maps—yes, it was rubbish when it first launched but today it is usually (depending on your city and your specific usages) within cooee of equally good. In fact I tend to find Apple Maps often superior for walking and public transport directions in an unfamiliar city.


Apple's motivation to grow Apple Maps is the same as Google's motivation to grow their maps product-- commoditize the complement.

They both spend lots of money on maps in the hope that users will use those maps on each corporations platform. The difference is Apple makes money selling the device and services, Google makes money selling your attention to advertisers.

The real driving force for Apple to spend that money was Google restricting features in their iOS app.


Commoditising the complement is a compatible thesis to my aforementioned point.

Also, it was leaked somewhere that Google was willing to give iOS all the features as long as Apple would allow all the user tracking. I can't speak to how reliable that is, but it wouldn't surprise me.


> It's a shame google maps is so much better than the alternatives

I don't need the best possible mapping application, I just (occasionally) need one that's "good enough". More and more, for me, "good enough" means keeping a static image of the maps of the area that I'll be in.


You can probably find one in the app store just based on reviews.

Pretty much all "no root firewalls" work the same way.. The software pretends to be a VPN client in order to get the network traffic and filter it.

Since you're letting the software have control over all your network traffic, make sure you trust the software manufacturer.


> The software pretends to be a VPN client in order to get the network traffic and filter it.

This is why I stick with root firewalls -- I also use a VPN, and I don't think you can have your Android device use more than one VPN at a time (without rooting it).


They track and consume and correlate/associate everything. That is their business: they sell their ability to know everything about you to anyone willing to pay for that information. All of their products feed into their core business.

Google is the most invasive and predatory attack on privacy ever; by no small margin.


>they sell their ability to know everything about you to anyone willing to pay for that information

Can you prove this? Extraordinary claims require extraordinary evidence, and that's a real whopper of a claim.


It's not an extraordinary claim, it's literally what google claim to do by selling targeted ads.

It's somewhat concerning that anyone would consider it an extraordinary claim.

I wonder how it is that they think Google rationalises providing so many free or below cost products to consumers?

Edit: downvoted without response. K.


Where do I buy this user data? I would like to purchase it. dleslie claims they will sell it to "anyone willing to pay for that information".

> it's literally what google claim to do

It's literally the opposite of what Google claims to do.

https://safety.google/privacy/ads-and-data/


Please be more charitable with your interpretation if you want to debate the merits of what is being claimed.

> they sell their ability to know everything about you to anyone willing to pay for that information

This does not actually claim they will sell you a copy of the raw data. That is Google’s “crown jewels” and they protect it fairly well, although not always perfectly.

In the past you could see the query on a referral URL. In the past you could see PII coming through this way as well. You could target ads against this PII, etc.

But anyway, what Google does is let you target ads based on their absolute knowledge of the user. What you are Searching for, where you are Searching for it, etc.

Google tracks you incensently so that they can more effectively sell things to you, or sell others the ability to sell things to you.

But increasingly it seems that Google tracks its users just because it can. Just in case that clickstream or that app history or that voice recording might become useful someday. Google tracks you like a paranoid government might track its citizens, afraid that some scrap of data might come back one day to be useful in its almighty question for [control / dollars / training an AI / optimization / whatever].

The nominal cost of storing one more piece of metadata is zero, the potential future value seemingly limitless, and perhaps the fear of Management asking for some piece of data you didn’t think to record is so great, they seem to just record all the things.


>This does not actually claim they will sell you a copy of the raw data.

That's fair. That was my misreading of their original comment. I'm so used to seeing this misinformation I took it as just another example.

>But anyway, what Google does is let you target ads based on their absolute knowledge of the user.

That's right. The page I linked from Google is actually very transparent about how it works.


Thank you, you said it better than I would have.

You buy this information indirectly any time you use any of Google's targeted advertising services. And yes, anyone can buy into it.

>buy this information indirectly...

Which means what?

If you aren't actually getting user information, then simply put you aren't buying user information. Anything else is twisting words to distort their meanings.


You know exactly what it means and maybe you're moving into semantic disagreement. Google does not sell the raw user information itself to its paying customers but it does sell it indirectly by giving them access to excellent targeting tools based on all those things it knows about you, me and X and Y individuals. Maybe im not being perfectly precise but to me that fits the bill for buying information indirectly.

> That is their business: they sell their ability to know everything about you to anyone willing to pay for that information.

Google has information about you. Incredibly detailed, intimate information about you. Harvested by collecting and correlating all of your usage of their products and services.

Anyone can pay Google to use that knowledge in pursuit of other services, like targeted ads. No, you do not get access to that knowledge directly, but Google has it and is using it when paid to do so.

In effect, you can pay Google to have indirect use of that knowledge.


Yes, Google collects user data and uses it for ad targeting. That's a more fair telling of the situation. If this concerns you, you may opt-out of the process.

I cannot opt out of my friends and family sharing that information which includes me, like address books. I cannot easily and effectively opt out of browser tracking. Opting out is not a reasonable option.

In addition to this, if the data exists, at some point in the future it will be compromised. The only way to avoid this is to not collect it.

And to anyone who says “I have nothing to hide” — imagine your worst enemy having all this information about you easily searchable with the intention to weaponize it for their purpose.


No need for a worst enemy. Just expose your email and password on Facebook or Twitter and tomorrow all your personal and professional contacts will be thinking you are crazy. Maybe you'll be able to save your relationship. Certainly not your job. Edit: spelling

> And to anyone who says “I have nothing to hide”

To anyone saying that, they need to stop quoting Nazi propaganda. Term is coined by (but not originating from) Goebbels.

Note: The origin is from a fictional dystopia.


Thank you. A great way to address the sentiment.

I mean I get why people say it. But we have to also be honest with ourselves. If it is something (strongly) pushed by societies that we utterly despise (be the Nazis, the dystopian writing of Sinclair (origin), or Voldemort's puppet state), it probably doesn't align with the beliefs of a free society.

The phrase is too frequently used by societies that we consider to not be free, being pervasive enough that a single use in literature would tell you that the characters live in an oppressive regime. Yet somehow we can make that connection but don't make it when actual politicians and citizens repeat it.

Personally I feel sickened that the phrase is so pervasive in our society (goes beyond the US). Just as I'd be if people were constantly saying "Work will set you free."


It's not feasible. It requires all the players to cooperate and one leak will ruin it.

We will have to use punishment as deterrent for someone who is harming other with all of this information.


I would guess that most of the people not worried because they have nothing to hide don't have a worst enemy.

Or at least, a worst enemy that they don't see as one.

And I think most people just don't realise. My grandmother was setting up a new Kindle Fire tablet recently, and asked me "Do I want to set up Alexa?". I just said "Do you want Amazon having a recording of everything you say to it?", and she replied, "Oh, no I don't then", but I doubt it had even crossed her mind before.

> It really made me want to just exit this whole smartphone shitfest

Yes, this is why I've decided to bail on the smartphone nonsense as well.

To make the problem worse, it isn't just Google you need to protect yourself from. You also need to protect yourself from the vast majority of apps that are out there as well.

It's become an intractable security nightmare, and I no longer consider smartphones as fit for purpose.


Have you tried Lineage OS?. It's an open source Android distribution, it doesn't include Google's proprietary stuff (Google Play services and such, even though you can include it if you really want to) and works surprisingly well.

Even without Google or Apple, they police have the cell service providers. In the case of the Austin bomber from a year ago[0], police got cell tower records from the multiple bombings and figured out who was at all the locations. Cell phones are little trackers unless you turn them off or don't carry one.

[0] https://www.google.com/amp/s/www.nbcnews.com/news/amp/ncna85...


Reading that article reminds me of a rather prophetically-accurate movie starring Will Smith and Gene Hackman "Emeny of the State"[0]. Granted, for a film that came out in 1998 it probably wasn't too hard to guess where things were headed w/rt surveillance compared to how seemingly prescient writings from the likes of Orwell and Bradbury were for their respective times.

What stands out to me about the movie (because I went and fished out my DVD and decided to watch it this fine afternoon) was just how detailed David Marconi was in his depiction of brotherly tracking and surveillance.

[0] https://en.wikipedia.org/wiki/Enemy_of_the_State_(film)

Edit: attribution for the plot goes to writer David Marconi, I've fixed this for any fellow movie geeks who also care about such things ;)


Hackman was also in another movie about spying and paranoia - The Conversation. Great movie. I know it’s not about nation states spying but wanted to add that here

Hackman played the same character in both movies. His character in enemy of the state has some deliberate references (the raincoat, the workshop, the opening sequence).

Oh? Thanks for the recommendation, I'm a big fan of Hackman's acting and spy movies especially-lately, so I'll definitely be looking this up. Cheers

It's a great movie. Harrison Ford plays a secretary if I recall correctly.

The Conversation is an absolute classic.

I hate to be this off topic, but also 'Heist' is a great movie which features a lot of social engineering and exploitation tactics to drive the plot.

There are 2 films with this title, from 2001 and 2015. https://en.wikipedia.org/wiki/Heist_(2001_film) https://en.wikipedia.org/wiki/Heist_(2015_film) Both have stellar casts.

2001 had a much higher acclaimed script and was more appreciated by viewers

Funnily enough, it also has Harrison Ford in it as well (one of the earlier films he was in).

Yeah, he's great there, almost uncanny how different and cold he is in that role.

Francis Ford Coppola said that “The Conversation” was his favourite Francis Ford Coppola movie.

Watching “Enemy of the State,” it is quite clear that Hackman’s character is a nod at The Conversation’s Harry Caul. He plays an ex-spook who is extremely paranoid about surveillance, which is the exact state Caul gets into at the end of The Conversation!


Directed by Francis Ford Coppola

"Eye in the Sky" (2015) https://en.wikipedia.org/wiki/Eye_in_the_Sky_(2015_film) explores this theme as well. A very good film starring Helen Mirren that seems to have slipped under the radar.

Too bad Gene Hackman became an actor, instead of a CRISPR scientist

I remembered watching that and thinking that it was apt.... but there's no damn way anyone gets access to all those different systems managed by different groups seamlessly. The bureaucracy involved would be immense, the various systems that can't talk to each other efficiently endless. I imagined all the overhead that would go into that and it hurt my brain ;)

A fun thought exercise to break the "can't do it" perspective. Imagine someone says they'll give you 10 million dollars to get it done, could you do it then?

I think the challenge is you don't know where the "runner" you're tracking is going and the variety of surveillance systems they tap into is a pretty big unknown.

The inefficiency of administration is the last protection of our privacy ?

I worry what happens when / if that isn't the case anymore.

Just with data we're crossing what seems like a lot of "too late" moments.


The modern solution is that they give a contractor like Palantir access to all the gov databases, and the contractor builds a unified UI.

Well, there's DEA's Special Operations Division (SOD). As I recall, they've done ~real-time busts of drug shipments. That is, from a cellular intercept in California to pulling over a semi on I95 for a broken taillight.

>prescient writings from the likes of Orwell

While I agree some autocracies resemble Orwell's 1984, I hardly think western states fit the description. The powers undermining Western Democracies are a complex mix of corporate/state sponsored media, surveillance capitalism, and other more mundane forms of corruption and collusion. The fact that I can state these things without fear speaks volumes about the opposition to autocratic and anti-liberal forces. Bradbury's distraction based autocracy is a lot more interesting because it beats you over the head with a different type of control that in smaller doses could be used to disuade or control in a less Autocratic society.


The problem is compounded by the fact that 4G and beyond have location triangulation specific features specially built in to them. The tech is only going to improve as today it isn't as accurate as GPS.

I found that this Wikipedia article is a great little read: https://en.wikipedia.org/wiki/Mobile_phone_tracking


Just read that 5G is going to be exponentially more precise at location tracking than 4G because there will be many, many more base stations with comparatively short range.

> Even without Google or Apple, they police have the cell service providers

Important to keep in mind that additional information provides corroboration at least in the mind of the jury and also detracts from issues regarding the information.

This is illustrated by one of those Datelines' (or 48 Hours don't remember) that I saw recently. They exhumed a body to determine if the deceased was buried with contact lenses on. They then had some expert do tests with pigs to determine that it was really a contact lens and not something else. It was very clear right off that it was (anyone who has worn contacts would know this and additionally they even were marked with numbers on the lens). But the expert still went to this long and drawn out trouble (buried dead pig's eyes with lense on) that they clearly didn't have to do. Reason? You spend more time in front of the jury with a long story and it detracts from the problems with the story to begin with (someone iirc said 'she never goes to bed with contact lenses').

Similar and unrelated is restaurant food. Put a lot of vegtables on the plate and a fancy sauce swirl to detract from the small piece of meat or fish you have given the diner.


They need to bend over backwards with evidence because terrible shows like CSI and NCIS have convinced jurors that crime labs can perform magic and that they should acquit despite a preponderance of evidence unless there's a giant stack of lab reports and a manic pixie dream nerd testifying.

They should. Preponderance of evidence is for civil charges, criminal charges require proof beyond a reasonable doubt.

The standard in criminal law is "beyond a reasonable doubt", which is a higher standard than "preponderance if evidence" which only satisfies civil claims.

Vegetables are good food. Swirls looks nice. These are things people enjoy, not distractions.

I did not say 'only reason'. Of course there could be other benefits. And I am guessing we are not talking about the same restaurant experiences either.

veggies are real cheap compared to meats. 1 pound of meat or seafood is 4-30 dollars wholesale versus 1-5 dollars a pound for veggies, so after markup, what are most dishes going to contain? Fillers: carbs and veggies.

> veggies are real cheap compared to meats.

That depends a lot on where you live, and what quality of veggies and meat you're talking about.

What's cheap is cereals.


They mention that in the article but they state that the data from Google is much more precise, which makes sense.

>"But despite the drawbacks, detectives noted how precise the data was and how it was collected even when people weren’t making calls or using apps — both improvements over tracking that relies on cell towers."


But a Google or Apple smartphone can potentially contain the contact information about third parties who don't own Apple or Google smartphones themselves.

Take a young person with an iPhone. Their 95 year old grandparents might not have a single piece of technology from 1990 onwards but because their grandson has their phone number, address, and birthday in his iPhone those people could potentially be vulnerable to tracking/snooping/violations of privacy.


You'd be surprised how cheap a mask, crowbar, and a rental van is.

Never underestimate this https://xkcd.com/538/ attack.


Sometimes you don't even need the wrench.

OK, so the feds were closing in on DPR. They knew that he had everything on his laptop, and that it was full-disk encrypted. One faction wanted to catch him in his room at home, by somehow doing a SWAT from a helicopter.

But cooler heads prevailed. They just tailed him for a few days. So he sits down in the public library, and starts working. Two agents pretend to be a couple having a screaming match. While he's distracted, another agent grabs his laptop.

Game over, and life in prison.


Next level analysis could take into account which/whose phones are (untypically) switched off when the bombs went off. Next next level would take into account phones that are "left at home" - where the phone is not in use and not moving around according to usual movement patterns.

I would guess that there is already substantial research done on exactly this, and that it is possible to detect many deviations of normal behaviour.


What are the typical movement patterns for a phone at home? Mine is usually sitting on a particular spot on my desk.

In that case you should be safe to go out and do some mischief! Or... image recognition in CCTV's might recognize your face and couple it with the fact that you're not carrying your mobile.

Face recognition (even by humans), particularly with CCTV data, has a very high rate of false positives. You might be able to make the case that the fact that your phone wasn't there is evidence that the image isn't really you.

Except that footage of someone recognized as you walking out of your own apartment might be hard to refute.

Plus I only see face recognition (and CCTV quality) getting better over time. Unfortunately.


I don't usually carry it when I go out, actually. I may be unusual.

Absence of a signal is a signal in itself.

They used to do that in the TV series 24.

Since you work at Google, do you have any knowledge about Sensorvault? Where does the data come from?

I have zero knowledge about this thing, I know as much as you do. I can talk all day about the payments ecosystem though. :)

Google does publish a bit how they handle data requests.

https://support.google.com/transparencyreport/answer/7381738...

There was an article a couple months ago about reverse location search warrants.

https://www.google.com/amp/s/slate.com/technology/2019/02/re...


Thank you! That was helpful.

The article describes a case where an innocent man had to spend a week in jail. Eventually, he was released and the presumed actual perpetrator was caught. The lead seemed to come from the location data, so it wasn’t useless at least.

But the so called justice system says that it got it right here. The innocent man lost his job when he couldn’t work for a week. Depending on his situation he could miss rent and be evicted too.

Why do we have a system that says justice was served? It’s cruel and unfair.

This dragnet police tactic will scoop up more bystanders and probably convict more than a few innocents as well. I like the timeline feature- it has been genuinely helpful for remembering when I did things months ago. The tie in with photos is also a fun way to remember trips. It’s sad that the cost of these features is to roll the dice on getting arrested because a crime was committed nearby.


This also showcases how innocent until proven guilty is not honored at all. Don't throw me in jail just because you're investigating me, throw me in jail if I run off out of town or do something sketchy to interfere with the investigation. If I am not guilty I wont be running out of town, but I sure wont be talking to you without a lawyer no matter what[0].

[0]: https://www.youtube.com/watch?v=d-7o9xYp7eE


I think this problem is best solved by requiring that the state make amends for arrests which turn out to be incorrect. You lose your job? State funds two months of severance (more if there’s an economic downturn and it’s harder to find a job). Evicted? State provides relocation assistance. Etc. this would also probably be a great disincentive for false arrests. Of course there could be unintended consequences, including the state putting more effort to make square pegs fit in round holes.

I think this problem is best solved by

1. Honoring the plain text, and original intent of the Constitution

2. Holding law enforcement personally liable for their mistakes (i.e ending immunity)

3. Ending the rubber stamp warrant process where law enforcement routinely lies to obtain warrents

4. Ending the moronic 3rd party doctrine exemption to the 4th amendment

What I do not think it s a resolution is putting the tax payers on the hook for monetary compensation for the bad actions of law enforcement, that provides zero incentive for law enforcement to change their aggressive, unconstitutional, and authoritarian methods, policies and procedures


> Why do we have a system that says justice was served?

Suggest specific improvements and call them into your representatives. The closer you can make your proposals to a bill, the more likely it is that the problem becomes an issue.

In this case, I’d argue we need publicly-subsidised attorneys for wrongful arrest. It should also be unlawful to dismiss an employee because they were arrested and never indicted. Giving people the right to notify employers, upon arrest, barring a specific request by the police (approved by a court), would also be prudent.


> It should also be unlawful to dismiss an employee because they were arrested and never indicted.

This would be huge. It's illegal to fire someone because they got called up on jury duty, and if someone is arrested but later found innocent the same rules should apply: in both cases you're involuntarily assisting the criminal justice system :)


> It should also be unlawful to dismiss an employee because they were arrested and never indicted.

Replace "indicted" with "convicted" and I agree. Further, it should by unlawful to refuse you housing because you were arrested even if you weren't convicted (this is common practice right now).


My representatives do not listen to me.

They probably do, but they also have to listen to hundreds of thousands of others just like you, and pick which opportunities to act on. Can you understand why they may both listen to you and not take action on your concern?

Multiple studies have been done to show they in fact do not listen to the average person

The most famous in recent memory is the 2014 Study "Testing Theories of American Politics: Elites, Interest Groups, and Average Citizens" (https://doi.org/10.1017/S1537592714001595)

Which Concludes

"In the United States, indicate, the majority does not rule at least not in the causal sense of actually determining policy outcomes. When a majority of citizens disagrees with economic elites or with organized interests, they generally lose ... majorities of the American public actually have little influence over the policies our government adopts."


OP is probably not a bundler for 6 figures in campaign donations, just saying.

Their responses are often unrelated, or antithetical to my stated position. I think they have an inaccurate classifier.

You should know how these things work. When you contact your representative with an opinion, they just add one to their tally of how many voters expressed the same opinion.

The totals for how many voters expressed which opinions are what carries the most sway with them. Whether or not those tallies are in alignment with the general public is not relevant.

So, when you contact them, you'll get a canned response telling you what their current stance is, regardless of whether that's the same as yours. But make no mistake, your opinion was added to the count.

This sort of thing is why phone banks and contact-your-representative campaigns are so common. In bulk, they're effective and can change policy even in ways that most of their constituents don't agree with. They're only looking at the numbers of contacts they've received.


You have just described my experience to me.

> Whether or not those tallies are in alignment with the general public is not relevant.

Is this not grossly pathological?


I am not claiming this is the way it should work, only that this is the way it does work.

The silver lining in that cloud is that it means that expressing your opinion to your representative is something that really does make a difference. On a practical level, if you don't tell them, they won't know.


Become a member of a charity fighting for your freedoms such as Electronic Frontier Foundation or Amnesty International.

I don't have disposable income.

You can also volunteer for them.

I don't have disposable time.

Then you do not really want to make a change. Things will not change themselves (except to the worse).

> Giving people the right to notify employers

Why not ask your lawyer to do it for you? You already have the right to make a call to a lawyer.


I would be willing to be that 90% of the population getting locked up do not have a lawyer on retainer and use public defenders. Which you must wait for one to be provided to you then wait for said representation to reach out to you. That’s days if not longer in jail just waiting. Unless you have money then you won’t spend a moment in jail. Yet again the wealthy have a different set of rules because they can pay their way out of anything.

Beyond this in some areas due to lack of funding & supply there aren't even enough public defenders. It can take people weeks to get one at all and the one they get will barely have enough time to represent them.

That's a good point, thank you. So I guess such a right would indeed be useful.

> It should also be unlawful to dismiss an employee because they were arrested and never indicted.

I disagree. The cost of bad policing shouldn't be paid for by businesses. The police should bear the consequences, not have yet another victim (some business) to burden with more punishment.


> bad policing

But arresting someone reasonably suspected of some crime isn't bad policing, even if they are later found to be innocent. That is why arrest and trial are separate.


I think part of the problem is that there's a lot of actors in law enforcement for which "reasonably suspected" isn't important; "can we make it stick" is. Past that, they don't even bother to consider if it might be the wrong person.

There's a LOT of good cops, lawyers, judges, etc. However, the bad ones can have such devastating effects on their victims, that all of them need to be watched (controlled? not sure what the right word is here) more than would be necessary for other areas.


Let's agree to disagree. I think that detaining an innocent person against their will is bad policing.

But how could it be avoided? The police don't operate on 'guilty' and 'innocent', but on 'suspect' - even if they do everything right, they'll occasionally arrest someone that will later turn out to be innocent. If they're responding to an emergency, they simply don't have time to determine guilt with much accuracy, and are just focusing on protecting possible victims. And if they're arresting someone being prosecuted for some crime, well it's unavoidable that occasionally someone won't be found guilty for what they stood trial for - that's the whole point of a trial.

However, I agree that if that should happen, the detained should be compensated for the harm they suffered, even if the police (and prosecutors!) acted reasonably.

I should clarify that I don't mean to imply the US police and public prosecutors meet these reasonablenes criteria - from what I hear, the deck is stacked heavily against anyone being prosecuted for a felony, guilty or not.


What about if the police had a dedicated fund for arrests. For the employer - they aren't allowed to sack the employee, but administrative costs of finding temp staff can be claimed from the fund. For the arrested, all cost of living expenses are covered until trial, but should they be found guilty, this becomes a CPI indexed, interest free debt. Any pre-conviction incarceration costs where accused is found innocent are also paid by the fund. This seems to grab most of the data in one account. But does also seem to add a big incentive to find people guilty...

That's not always bad policing. The police aren't in the business of determining guild or innocence. The courts are. There will be innocent people who are arrested.

But I don't see how preventing companies from being able to fire people solely because of an arrest actually costs them anything.


>The police should bear the consequences...

When, in the history of ever (in America), have the police borne the consequences for anything? It's always been either the taxpayer (in pay-outs) or no one (when the officer simply moves to another jurisdiction to keep on keeping on). Although, the premise is idyllic, it would never happen.


An arrest of the sort we are talking about is a form of extra-judicial punishment that should be forbidden by any just system of law. In fact, I am constantly surprised at the things that are allowed, and even encouraged, in our judicial system, and how many individuals apparently believe the system is fine the way it is. Saying that we should continue to allow people to be fired for an arrest is to further support this extra-judicial punishment. It gives individual police officers the power to destroy any individuals life with which they come into contact, without even firing a shot. This power is far too great for anyone to wield, and our system was designed to prevent this kind of power, and yet here we are, with people like you arguing in it's favor.

It is entirely against the premise of "innocent until proven guilty" we treat suspects like criminals, I get it, you want them to "crack" but what in the world! If someone has no criminal record, please treat them as if they may not have one after you question them, don't ruin their lives.

This a misunderstanding of what I am saying. I don't think the existing system is fine.

Fix the judicial system itself, don't offload that responsibility onto businesses. If arresting a person is so easy as to be able to ruin their life (and I agree that it is), there should be a higher bar to arresting people than < says here his phone was near the scene of the crime >.

If a system is conceived in which a business is able to fire and quickly rehire someone who was wronged by the police, I am supportive of that. But some general idea of, "Well let's just make it illegal for businesses to do that!" is beyond absurd. It's papering over a problem caused by another problem. Businesses are not responsible for fixing a problem caused by the police. This would be as absurd as a business suing the government for failing to prevent a valuable employee from being murdered.


Yes, I agree that the justice system itself is the root cause. However, I think it's also okay to "paper over the problem", and to support that I would directly appeal to the jury-trial system. The government is taking people away from work to perform a government service, and they (rightly) forbid business from firing someone during that time. In the same way, arresting someone also conscripts a person, against their will, to do government service. The service, in this case, is very similar to jury service in that the arrestee's role is to help justice be done by the government. The only difference is that a juror is picked by a computer (and then a lawyer) but an arrestee is picked by a cop.

> The cost of bad policing shouldn't be paid for by businesses.

How does that count as "businesses paying for bad policing"?


It's illegal for an employer to fire someone if they're selected for jury duty.

It's insane that it's legal for an employer to fire someone for being arrested, before being convicted.

The same protection should apply in any case where the government is the one forcibly removing you from being present at your workplace through no wrongdoing of your own.


In a case like this where he ended up getting released a week later and experienced extreme hardship, you'd think he could've gotten out on bail (even if there was an ankle tracker or something). Instead in most regions, bail and trackers are both revenue-generators for the people involved, so people rot in jail for no reason.

Imagine if the person wrongly imprisoned in jail has a kid or parent to care for, not only is that dependent abandoned for a week but afterward there's no money to feed them with. It's truly inhumane.


> so people rot in jail for the love of money.

ftfy


> Why do we have a system that says justice was served?

Because it was. There was a criminal investigation, it was processed judiciously, and as a result the man was cleared and released. None of this was based upon a _single_ piece of evidence, but multiple facts that supported each other.

The only "injustice" I can detect is that he wasn't bailed out while waiting for a trial.. but the article suspiciously doesn't touch on that subject, so I have nothing to go on there.

> It’s cruel and unfair.

If he has a civil issue with his employer or with the state or it's officers, then that's a separate question and he absolutely has the right to pursue it for remedy if he chooses.

> This dragnet police tactic will scoop up more bystanders and probably convict more than a few innocents as well.

You make it sound as if the police _only_ used location data to make this case and the arrest. The article shows that they didn't and further shows that the actual murderer had used Mr Molina's car to commit the murder. It's nothing like what you describe.


> he absolutely has the right to pursue it for remedy if he chooses.

How do these cases usually work out? If he was held on a reasonable suspicion, is there any possibility of legal remedy?


The thing I find sad about this is that Blackstone's Formulation[0] has been part of American common law for a long time (innocent until proven guilty). It was influential to founders like Franklin and Adams. It is clearly something we need to defend. Law isn't perfect, and we need to decide when it breaks down which mode of failure it has. Blackstone would say that it should fail that guilty people go free as opposed to failing and having innocent people have that freedom stripped from them (on the principle that freedom is such a valuable thing).

[0] "it is better 100 guilty Persons should escape than that one innocent Person should suffer" (Franklin's rephrasing)


Could this have been avoided if the suspect himself had the same access to his own sensor data? Like an alibi? I read this whole thing as the technology is there to prevent innocent people to jail, and the processes haven't caught up.

You do have access to your location history from Google. https://www.google.com/maps/timeline

only if you have that feature turned on. Google also records data outside of maps and timeline, IIRC. I imagine you can always access your complete location history by exporting it from Google's take out feature.

From the article, it sounds like the history you have access to is the same that was used for the dragnet searches.

right, I'm saying that turning off Google timeline doesn't stop Google from tracking your location.

correct. turning off “location history” only turns off the visualization, not tracking. your location is still associated with each piece of google activity—searches etc. there is no way to totally turn off location tracking other than tuning off “web and app activity”—which then locks you out of several google services entirely.

Thats a cool site I didn't know about, however I assumed the innocent suspect wasn't logged into google maps, and that the reporting was done by the device separately.

Afaik you don’t have to be using Maps for Google to track your location. If you have location tracking turned on in your Google account and are for example logged into android Google will get your GPS even if you’ve never used Maps.

wow if it really was only that and a similar car that had him locked up for a week... makes you wonder if he contacted a lawyer immediately or what, that’s crazy

It sounds like the easy solution is to increase surveillance further. I hope that better solutions are sought after than this however

too bad the 4th amendment, which is suppose to bar these very type of generalized warrants and searches, is not respected by the courts at all, and has soo many "exceptions" that it might as well not even be present anymore.

This isn't the best case to use as an example of police overreach and information dragnets. Yes, they arrested the wrong guy and held him for a week, but the right guy was using the wrong guy's car. I realize they initially identified him--at least in part--via the Google-provided information, but the reason they held him for a week is because it was his car that was used to commit the crime. At that point, it was absolutely reasonable and correct to assume that he was the perpetrator. If that hadn't been the case, they probably would have questioned him and never even arrested him.

I'm not defending Google's information collection or the use of dragnets in general, but this is absolutely the wrong case to use as an example of how things can go wrong. Things did not go wrong here. This was good police work, and ultimately the arrest was not off-base, and led directly to the real perpetrator.

Find a better example if you want to drum up fear about information abuse.


It says in the story in the surveillance they can't make out the plates, so they don't know for sure it was his car.

>Though Google’s data cache is enormous, it doesn’t sweep up every phone, said Mr. Edens, the California intelligence analyst. And even if a location is recorded every few minutes, that may not coincide with a shooting or an assault.

>But despite the drawbacks, detectives noted how precise the data was and how it was collected even when people weren’t making calls or using apps — both improvements over tracking that relies on cell towers.

So if you use Android, there's absolutely no way to turn this type of tracking off? What exactly are they using? Anyone know? This doesn't seem like the IEMI cell tower tracking that carriers do.

And according to this sentence:

>Apple said it did not have the ability to perform those searches.

It appears that if you use iPhone and don't use Google's apps (Google Maps is the main culprit here?), Apple doesn't have a way of identifying your data and your data won't appear in Google's Sensorvault.. which appears to be massive:

>Sensorvault, according to Google employees, includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.


You can turn off the collection of location data for Google. [1] You can also delete old location data. Google is saying that they won’t collect location data unless you opt-in but I’d assume most people just click on “Okay” once when asked to. Of course nobody really knows if Google honors your settings.

[1] - https://support.google.com/accounts/answer/3118687?hl=en


>You can turn off the collection of location data for Google.

If you have an android phone, please try turning off the location service and see what happens. The sheer number of dark patterns google uses to get you to turn it back on is illuminating.

I remember in the early versions of android, you could turn on/off the gps from the lock screen. Then one day it went away and was only available once the phone was unlocked. Now it's hidden inside the settings app. The cynic in me guesses that a future update will turn that option off as well.


I don't think that's really the case.

I can unlock my phone (probably already unlocked anyways), swipe down the status bar and tap an icon to disable location services.

The first time I get a pop up that apps won't be able to use my location and that's it. It won't ask again, and it's a matter of 2 seconds.


That's the icon I was talking about. It was present on my Nexus 5 with Android 6 (marshmallow), but disappeared when I upgraded to android 7 (nougat) and there's no way I can see to bring it back. It's possible that other carriers have it enabled, but google's flagship phones have it disabled.

Fortunately I do not use android. I’m using iOS with no iCloud and Location Services are turned off as well.

It sounds like all of this is basically "location history". Turn it off, and never accidentally click agree on one of the hundreds of "turn on location history for better XXX" prompts (usually assistant-related), and if understand the article right, you should be out of the dragnet.

>This doesn't seem like the IEMI cell tower tracking that carriers do.

It would have much richer granularity than cell tower tracking. Cell towers can be miles apart. Google location services use GPS, cell towers, and the wireless access points around you to pinpoint.

(For example when I worked in an urban office it could tell which side of the building I was at when looking at directions)


That can't be right. Fork your own build and edit out the tracking code if you have to.

I’m pretty sure it would be somewhere within the Google Play Services blob. You should be good if you build your own AOSP, although binary hardware drivers might have the ability to do shady things.

One thing I haven't seen anyone comment on yet was the article's illustration of the technology...

I think it did a good job of hypothetically showing how phone data could be collected in a geofence and explaining the process of narrowing it down and picking a potential subject. Regardless of the merit of this approach, I think NYT did a great job here of illustrating the process in a way that non-technical people could understand.


Location data can also be used to help prove your innocence.

It sucks that this innocent person ended up suffering. Hopefully law enforcement will become better at figuring out false positives before arresting someone.

I do like that the gov. doesn't have direct access. Seems to me like the more independent parties required to access the data, the lower the chances of abuse.


> Location data can also be used to help prove your innocence.

Well not really. If that were the case and if someone was going to commit a crime they could simply place their phone in someone else's auto (let's say without them even knowing) and then have that data be the data that is 'them'. This would quickly unravel. Besides I don't think it's so much that the data is useful other than it gives clues and points in a particular direction whereby the police can then narrow down or look further into a particular suspect.


> Location data can also be used to help prove your innocence.

I can retain receipts from gas stations, getting a soda at the corner store, etc without needing to beam my realtime location data to the cloud.


I've never seen a gas station receipt with a timestamp. Is that common in other places?

I scan all my receipts, and every gas station receipt has a date and time stamp. How accurate they are is anyone's guess.

I also always use a credit card for any transaction which gives another 'I was there' proof point.


The actual receipt usually has a timestamp, but IIRC credit card statements just list the date (not time).

To be honest I don't recall either but some places do have a timestamp. (Restaurants being a big one)

I'm a little confused here. It turned out that it was his mother's ex-boyfriend, who had taken his car without permission. That explains the car, but how does it explain the location? Did he just happen to also leave close to there and was moving in a similar pattern? Was the phone inside the car?

Really, the issue here was the car, without which they wouldn't have had enough evidence to get the person's information in the first place. Are you not partly responsible to whom you give your car to?


From the article: "...Mr. Molina had sometimes signed in to other people’s phones to check his Google account. That could lead someone to appear in two places at once, though it was not clear whether that happened in this case."

If this is how it really happened then the investigators didn't even bother to crosscheck the data with the cell tower information (assuming the telco logs this info). Sending false location data to google shouldn't be that hard, but it should be a lot harder to fake the cell tower connections.


If someone steals my car and uses it when committing a crime, I can accept that may well lead to questioning me. But I don't think it justifies keeping me in jail for a week.

That's fair, though I'm still unsure how his phone happened to also correlate with the crime.

Orwell never guessed that the government could outsource our dystopian nightmare to corporations.

He also never guessed that we would eagerly stand in line to spend $1000 to buy our own tracking devices.

(Explaining my downvote: you know full well that the devices are not merely that. It's a useless comment.)

Given that TVs were one of the tracking devices in his 1984 I'm not sure he would be entirely surprised.

He never mentioned capitalism or communism in the two childhood classics you know well. Yet I am fairly sure he knew of these systems. We could draw parallels so the details were best left out.

I am not sure if the details of the zero hours contract of the person hired by the mega-corp the government outsourced the provisioning of room 101 rats to would have helped with the story.

During WW2 the government in the UK did a fair bit of outsourcing. In fact, it was only with the post WW2 Labour government that major parts of the UK economy were nationalised. He did write about the duties of children to report thoughtcrime, I am sure that if he had over-added details about corporations instead of keeping it simple then the subtle details of how it is would not have been beyond Orwell.


Great to see a big follow up on the story which was first reported by a local news outlet in North Carolina: https://www.wral.com/Raleigh-police-search-google-location-h...

I remember it being reported the same time as the Cambridge Analytica scandal broke out (literally the same week IIRC) and getting almost no notice, despite being, in my mind, a story with far greater implications about our privacy.


The interesting thing is that from the article, it seems to me like the only data these searches are using is location history, so if that one is off, you should be unaffected.

I bet you anything that the "turn location history off" switch is just a placebo switch.

All it does is send the data with additional flag saying that the data shouldn't be displayed to the end user.


> so if that one is off, you should be unaffected.

Problem is that you can't turn it off.


> Months after his release, Mr. Molina was having trouble getting back on his feet. After being arrested at work, a Macy’s warehouse, he lost his job. His car was impounded for investigation and then repossessed.

/Facepalm

But before I go further on the social commentary, can we confirm that the arrest at work was the reason he lost his job, the week of being in jail being the reason he lost his job, performance due to the arrest being the reason?


I find it interesting in the bombing warrant they describe Google as "an email provider". Then follow it with, "The information to be searched...consists of Google location data...". It's not like they looked at the suspects emails. The fact that the police must have thought, "what is Google? Well, I have a gmail account, they're an email provider!".

Something I never managed to fully confirm or deny:

I manually disabled all the data collection on my Google account (search and location history). Is Google still tracking my location? Would I still appear in that database? I'm pretty much Google-free at this point except for some spam emails and the need for a google account for Android Play.


This is for Google Android phone only? Or Apple too? What if the real perp has an iPhone but Apple doesn't provide that info. Meanwhile an innocent who has an Android phone happens to fit the profile 'enough' for the cops to collar him. Sounds pretty much like a lawsuit in waiting...

From the article:

>Investigators who spoke with The New York Times said they had not sent geofence warrants to companies other than Google, and Apple said it did not have the ability to perform those searches.


My guess is if you're signed into Google services and have Google Maps installed, you would be in the dataset.

(I tried using a custom search operator but can't find any mentions of "sensorvault" prior to the NYT article).

I'm curious if you're included if you search in private browsing mode, or use the Goole Maps iOS application but haven't signed into it.


So if someone steals your phone, they can "place" you at a crime scene. Or even if they get physical access long enough to clone the SIM. People already do that to clone phones, to get free calls.

Wow, we're edging closer: this + AI Crime Prediction[1] + Profiling[2], and we're basically at Minority Report.

[1] https://link.springer.com/chapter/10.1007/978-3-642-29047-3_...

[2] https://www.sciencedirect.com/science/article/abs/pii/S09507...



I'm about to go commit a crime. How do I turn off this feature?

Leave it at home. Don't think that Google is the only culprit here. As long as you're connected to public infrastructure there's a company that will be legally obligated to narc on you.

Google might be just the latest addition. Or maybe the traditional media has declared outright war on internet companies in retaliation for taking their ad and subscriber revenue.


If you're going to commit a crime, leave your phone at home so that (1) you can't be linked to the crime scene and (2) there's evidence you may have been somewhere else (at home) at the time.

Also make sure your home activities continue as normal such as electricity, water, gas, and internet usage.

And don’t use any vehicle with a license plate that can be tracked to you, or the area around your house.

All that effort is better focused on committing legal white collar crimes, via plausible deniability and in person conversations that aren’t recorded.


> All that effort is better focused on committing legal white collar crimes, via plausible deniability and in person conversations that aren’t recorded.

We've got about 5 minutes before "in person conversations that aren't recorded" are a historical artifact.


> And don’t use any vehicle with a license plate that can be tracked to you, or the area around your house.

And don't use any vehicle which has navigation system or live traffic info screen.


I’m assuming you’re just joking but think about location tracking the next time you want to attend some demonstration for example.

Should be perfectly legal to demonstrate but if you’ve got you’re phone on you someone will know you were there and protesting for X.

That’s very valuable information not just for law enforcement but also for marketing/advertising and also for more scummy stuff like influencing your political choices (eg Cambride Analytica style).

I don’t have my phone on my when I attend events that could “leak” my political or ethical choices.


Activists are already well aware of the need for proper opsec.

Leave your phone at home, use a burner phone (and don't reuse it!), don't call any personal phone numbers,, don't use your normal accounts, don't blab on social media, and so on and so forth.

Basic stuff, but sometimes people do get careless.


There should be a service where you can buy the aggregated information that advertising exchanges have on you, as well as any other shared details.

Can someone else aside fom the data subject file a GDPR request to companies?

If so it would be easy to just request reports from companies and compile them to some friendlier format.


If you really must bring it, get or make a Faraday cage pouch and test it by calling your phone from another device.

Why would google keep this data indefinitely? It should be routinely deleted after a month or so.

Big difference between what should be and what is in the real world.

Ensnaring the innocent is a feature. Cops are happy to have opportunities to prosecute people for other stuff later on, or have someone take a guilty plea even if they didn't do it. It looks good for them. Not to mention fines for missing court dates (to keep your job, or because you don't have transportation).



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: