Hacker News new | past | comments | ask | show | jobs | submit login
Fearing data privacy issues, Google cuts some Android phone data for carriers (reuters.com)
83 points by jmsflknr 60 days ago | hide | past | web | favorite | 24 comments

This actually seems like useful data that actually can be used to make the lives of the consumer (as opposed to the advertiser) better. It would be great if Google would open this up and make it available publicly, so we could have good data on what carrier has coverage where.

Having it available publicly, I think, would also spur carriers to increase their data coverage.

I don't buy the "privacy concern" excuse for this one at all. It almost feels like something one would do purely to spite or trick the regulators and/or consumers for caring about privacy.

This effectively provided carriers with aggregated, deidentified information about people's locations. It's easy to see from the problems with things like Strava's heatmaps just how much of a privacy headache this could be and how hard it would be to ensure that nothing sensitive leaked out. Also, even if they did people are sensitive enough about privacy that with the right spin it could be turned into a muck-raking story and readers would believe it.

I was about to suggest this, because anonymised data is often not-so-anonymous in aggregate. AT&T's recent disclosure of selling this information to bounty hunters[0] shows that sharing across companies isn't always done with the end goal of user privacy. Examples of over sharing can set precedents in court cases showing that such sensitive data can be treated as a liability rather than an appreciating asset in the wrong hands.

[0] https://www.eff.org/press/releases/eff-sues-att-data-aggrega...

If you're a carrier then you can do coarse-grained detection of everyone's location by timing-based triangulation - modern cell phone standards require knowing your distance from the cell tower (see https://en.wikipedia.org/wiki/Timing_advance for example) so it's measured (and thus can be recorded if the carrier wants) as part of every keepalive connection and if you're in range for more than one tower, which is almost always, you can do triangulation.

Of course, getting GPS data will be more accurate, but you should assume that it's unavoidable that the carrier can know roughly where all the phones are right now.

I wager that coarse-grain location data is not so coarse these days. My carrier seems to know the instant I crossed a border for instance, sending me a text message about it within seconds. Years ago people used to get nailed with roaming charges simply because they were near a border and happened to accidentally get connected to a tower across the border, but that's not happening anymore. Their system knows enough about your location to know if you are across the border or just near it.

Coarse-grain location data becomes very revealing when you have enough timestamped data points. The NSA's CO-TRAVELER[1] program only needs to watch which towers cell phones use to build a very accurate map of each phone's pattern-of-life (where does a phone regularly travel/idle) and social interaction network (e.g. which phones travel/idle together).

[1] https://www.washingtonpost.com/apps/g/page/world/how-the-nsa...

By course-grained I mean 0.5-1 km; which is very inaccurate compared to GPS accuracy (and isn't sufficient to tell which shop you're visiting, which has commercial value in sale of location data) but is accurate enough to tell which side of the border you're on, or which mall you're visiting, or when you're home or at work and when somewhere else.

> Distance

Don’t modern cell towers use beamforming? In which case they get direction as well as RTT, so triangulation is not even needed (although it makes location more precise)

I may be wrong, but I think that at least the vast majority current widely depoyed systems don't use beamforming, it seems more of a "here's a tech demo that we're going to roll out soon with 5G" thing.

However, it's a bit the opposite way around - it's not that they can use beamforming to get direction, but it's that they need to know the location before they can use beamforming - so the protocol (5g?) needs to require the device to know or obtain its location, and send it to the cell tower so that it can apply beamforming; similar to how in 3g the protocol includes measurements and adjustments of the timing advance so that the distance can be used when actually transmitting data. So it would be essentially like "the phone can't turn off GPS or transmitting it to everyone, because it needs it for the radio to work".

If they're so concerned about peoples' privacy, perhaps they could disable their own non-aggregated, individually recorded, indefinitely-retained, fine-grained, timestamped GPS data collection?

Of course, their definition of 'privacy' is 'making sure nobody but Google gets your data' so they wouldn't see any need to do so.

One could also argue that it also provided law enforcement with another potential target for blanket, large scale search warrants.

Strava heatmaps? I seem to recall the problem that came up there was exposure of military bases?

Google could totally do this properly if it really wanted to.

Between the Nest cam recording light becoming "always on" and this, it's like they've been brainstorming ways to be "pro-privacy" with the caveat that it can't affect the data they collect.

We'll probably see another one next week.

Not sure if intentional but both moves also seem rather passive-aggressive - i.e., they both affect relatively uncontroversial data uses that might cause noticeable problems for end-users when affected.

E.g., they make a camera designed for surveillance helpfully indicate to any burglars whether or not the owner might be watching them - but they don't change the actual capabilities of Google to watch.

They turning of location sharing for one feature that people would probably agree to share statistics with but keep the personal location history every android user gets by default untouched.

Ever notice they do something very shortly after there is a stir about their internal anti privacy memos from the leaker?

In the first place google shouldnt even have those data. And I would place my bet they have removed this access so they can easyer say that they dont have location tracking data. Those are a bit problematic as from your movement you can be personally identified even without any additional identifiers. Which puts them under PII category.


Seems like one of the decisions a consumer should make, and not phone OS provider in this case.

My overall sentiment is that any actively enforced regulation, is often used as a weapon against competitors, or as a weapon to racketeer money from a business.

(whether it is privacy, patent enforcement, copy right enforcement, nondiscrimination and so on).

Therefore, what's missing, generally, is the complimentary framework to to make sure that actively enforced policies are not abused.

I do not know how exactly those complimentary no-abuse laws would work, but I think they have to be part-and-parcel of every legislation, and should be voted for at the same time.

Without it, we do not have a truly 'fair competition and instead business compete on whose team of lawyers is more creative and more aggressive.

We don't have truly fair competition anyway.

Giving this right to consumers is equal to taking it away. Carriers will simply make you sign a waiver on signup that lets them take whatever they want anyway.

You may think that market competition will weed those carriers out by my dollars voting elsewhere but I'm pretty sure it won't, at least not in my lifetime, if ever, given how many people gladly sign over not only their data but my data as well to places like Facebook every day.

At least people choose to give FB/Google their data. Carriers have no right to it.

Google is near monopoly on <500usd mobiles and maps. So it is difficult for users to exercise the right to not use them.

Could this not be about privacy, but have anything to do with Google preparing to launch its own wireless service (no not Google Fi, but maybe Dish Network)?

Maybe Google is realizing that the carriers' monetization of your personal data is turning the carriers, even more than before, into Google's competitors.

Google wants to keep your data for themselves.

In this light, the wording of the headline is a nice PR win for Google. Makes me wonder if they perhaps wrote that headline themselves and fed it to the news services.

Google should protect consumer privacy data. Because every consumer certainly does not want his privacy data to be misused by any party. Therefore, the steps taken by Google in my opinion are very appropriate. That way, we as customers can feel safe.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact