Hacker News new | past | comments | ask | show | jobs | submit login
The new warrant: how US police mine Google for your location and search history (theguardian.com)
650 points by DamnInteresting 36 days ago | hide | past | favorite | 310 comments



I remember that story about Zachary McCoy. This whole thing continues to get worse quick and will continue to get worse. I know people say we need legislation and regulation on data privacy and tech companies which we do. But before that gets taken seriously (at least in the US) it's going to take something real scandalous done by tech companies and actually affect the common folk where they actually start to care.

Right now the average user does not care at all about security and privacy except the small niche groups of us on HN, Reddit and other tech/Geek forums. The regular average user will continue to still use Facebook, Twitter, Google, Apple etc. As long as the average user keeps using their services and vote with their data and wallets I doubt much will change anytime soon.

Until we get some real data privacy laws and regulation we just have to matters into our own hands. I don't use Google search unless I need to, and always have my VPN on (Mullvad).

Edit: Then again, once we did get data privacy laws and regulation could we actually trust the companies and politicians and LE. Probably not. That's why I also feel the laws and regulation needed for tech is more of like a "The public thinks we did something" type of situation. There will still and always will be under the table deals.

If the regular user can realize eventually how they feed these companies with their data and what happens with their data it could also hinder or start to hinder data collection at the government level (NSA, GCHQ, Project Raven and so on).


HN is pretty out of touch I think.

When I talk to non HN crowd.

* Apple's efforts around blocking CASM are applauded

* Folks are GLAD that cops are using tech to catch criminals

* Folks don't have a ton of trust that the regulations will help their lives, or block govt from doing things, but do imagine they will be annoying (more permission banners / cookies popups etc).

It would be interesting to look at other countries where the govt has gotten more hands on with regulations in this area (data retention etc). I know in some spaces I've seen the regulations actually end up REQUIRING retention of records, or the liability risks require retention of video for a long time (ie, railroads have REALLY dialed up use of video given the claims they were facing in terms of running into people - once they started tracking a retaining a lot more - claims went way down - not saying folks were lying before but they are going to push back on getting rid of their data collection at this point unless laws change).


I dunno, I mostly agree with you, but I think lately, at least with my family and friends, the coronavirus political response has made many more people much more skeptical about centralized authority figures.

The narrative that is commonly recounted is that it's obvious that the people in authority are either incredibly incompetent or crazily power-hungry, and both are leading many of my family and friends to question everything. I mean total normies who are otherwise just typical taxpayers.

It's funny in a Kafka kinda way to witness the slow erosion of trust in institutions.

Don't get me wrong, I love institutions. Just seems to me and basically everyone I know that the people who should know the most about how trust is built, do everything possible to kill off that trust.


It's interesting how the pandemic has changed people's political views in various directions. Personally I've become more anti-authoritarian, on the political compass I've moved a few points further down and slightly to the left (based on the UK Overton window) while also adopting stronger views on constitutionalism and the seperation of powers. I've also become a lot more pessimistic about the power of institutions to act for the common good rather than for the benefit of the socio-economic elite. I'm very much now "I'm more than happy to pay taxes for better social services, but please keep the clumsy, oafish hands of the state out of my personal life before it does any more damage".

I've heard of people going in completely the opposite direction, taking on overtly authoritarian and "might-makes-right" kind of views too. I think the pandemic really gave the moral authoritarians and curtain-twitchers of this world a great big stick to hit everyone else with, which to be honest scares me more than the pandemic itself did.


>I'm very much now "I'm more than happy to pay taxes for better social services, but please keep the clumsy, oafish hands of the state out of my personal life before it does any more damage".

This is very much a stance of "oafish hands for thee, but none for me." The same institutional mass of "oafish hands" that interferes in your personal life does the same to everyone engaging with social services. And while , in many cases, you can opt out of those social services at some expense to yourself, the market equivalents/alternatives will, over time, be weakened or killed the same way as you would see with any other deep-pocketed firm selling a product for below-market prices, at a loss, to smoke out smaller competitors.

I can't speak for the UK, but in the US this has brought us such dire consequences as bulldozing of poor neighborhoods for de-humanizing, car-dependent housing projects; the near-dissolution of the institution of marriage for lower classes; and a healthcare system where buyer and seller have become so thoroughly de-coupled as to disarm the pricing mechanism completely and make it impossible to pay real prices for services outside of collective bargaining arrangements.


>the market equivalents/alternatives will, over time, be weakened or killed the same way as you would see with any other deep-pocketed firm selling a product for below-market prices, at a loss, to smoke out smaller competitors.

What market equivalents are you talking about exactly? The examples you mentioned are hardly the results of "oafish hands".

Marriage? The free market has run amok with building an entire industry and "chic" around large elaborate marriage ceremonies, replete with gratuitous mark ups on relatively everyday services. As far as the institution goes, marriage in the colloquial sense is fine. Couples form and union all the time. Legally speaking, you may have a point, but I've always held the State being involved with marriage in anything more than a record keeping capacity, and acting as a neutral arbiter of inheritance, dissolution, or adoption/parental status quo setting is a terrible idea. As an example, the practice of not getting on paper married for the benefit of welfare or food stamp eligibility is one such example.

>Bulldozing of poor neighborhoods for car dependent housing projects

Welcome to real estate as investment, and the tendency of all idle capital to seek forms that facilitate rent extraction. The lack of "public transit" has more to do with the fact that nobody wants to be burdened with actually giving up a piece of their pie for it, but expects everyone else to. The only "oafish hands" there are the councils who are continually courted by moneyed interests in the free market.

>Healthcare

Welcome to insurance in a nutshell. It completely destroys any semblance of coupling between producer and consumer of service; but is also the inevitable out one of a "captive" consumer population. The combination of service provider cartelry, consolidation of insurers, and perverse incentives created by the free market in terms of businesses becoming targets for Investment funds; it's really the market you should be blaming there.


I'm just curious: What exactly is seen as being new or remarkable about the failure of some leaders during this pandemic? I share the frustration about these failures, but are your friends/family too young to know about other spectacular failures like Watergate, or Iran-Contra, or the Iraq War, etc? (I could go on)

Edit: I just realized my second question is somewhat US-centric so if you aren't from the US then I apologize, please disregard that comment.


In my circles, this is often the first time legislation (often not even that - often executive action, sometimes by unelected folks!) has had such an immediate, clear impact on people’s lives.

Many of my friends and family have had their closest interaction with the government be taxes & vehicle registration at the DMV - inconveniences, but not much more.

What you list are indeed spectacular failures, but they happened “over there” or “to other people”.

Suddenly, the government is telling _them_ they can’t buy something, they they have to wear a mask, they have to inject something in their body, they can’t go to a concert. Many in my circle have never felt the hand of government so directly.

That’s what’s new and remarkable for a lot of people.


That's really interesting, I feel like I've experienced the opposite, most people I know have had some kind of interaction with the "hand of government" in some way, if not themselves then second hand. At least in the US with our incarceration rates, statistically it's still more likely that any given person knows someone who is in prison than knowing someone who has died from COVID-19. And COVID-19 has killed a lot of people.

Also maybe you might want to help by explaining to them: it's not the government that was doing those things, it's the virus that was making it so they can’t buy something, they they have to wear a mask, they have to inject something in their body, they can’t go to a concert, etc. The government can only enforce the will of the people, which in this case happens to be fear of an unprecedented attack by a deadly virus. It's totally understandable that this type of global pandemic would be new and remarkable for a lot of people.


>it's not the government that was doing those things, it's the virus that was making it so they can’t buy something, they they have to wear a mask, they have to inject something in their body, they can’t go to a concert, etc.

The difference between my government's response to the virus and the Swedish government's response was not determined by covid's preferences. Humans made these policies.

>The government can only enforce the will of the people...

The government is enforcing the will of the medical establishment. We didn't get polled on "6' vs 8' social distancing" or "should cloth masks be required or is a bandana acceptable?".


>Humans made these policies.

Yes, but my point is that those policies were only made in response to the virus. They were not made for no reason, and of course different groups of people will respond to the virus in different ways.

>The government is enforcing the will of the medical establishment.

I don't understand what the difference here is supposed to be, anyone who seeks medical care in that country could be considered part of the medical establishment, or at least considered as having some kind of investment in the will of that medical establishment.

>We didn't get polled on "6' vs 8' social distancing" or "should cloth masks be required or is a bandana acceptable?".

I'm also confused by this complaint, how often do questions like these show up on a ballot? Usually ballot measures are not this specific.


>the will of the people

There is no unified 'will of the people.' I would agree that, in many cases, governments were criminalizing behavior which communities had already curtailed, so to that extent they were following wills of many people. In this case, why not let those same people who chose the actions take the blame or appreciation for their actions, rather than saying it was government?

I've moved about a decent amount in Covid times (after community spread was a fact of life in all those places). While moving throughout places within particular Covid-rule jurisdictions and looking across spans of time, the people I encounter are far stronger predictors of e.g. mask-wearing behavior than recent executive orders. Communities that want to wear masks continued to do so when civil authorities said they weren't necessary and cases were low, and communities that wanted to never wear masks stuck to their plans even when civil authorities ordered masks (with barely enough begrudging, targeted compliance to continue about their days) and cases were spiking.


>There is no unified 'will of the people.'

I don't think this is a useful thing to say, it seems to suggest that a given group of people can't reach consensus, when this is not really the case.

>Communities that want to wear masks continued to do so [...] and communities that wanted to never wear masks stuck to their plans

In my opinion that illustrates why I think any kind of reactions to this are a bit odd. It's very hard to enforce a mask mandate in every possible area in a jurisdiction. So the strategy has to be done by tackling big targets (enforcing the mandates only in densely populated areas, empowering private businesses/organizations to kick people out who endanger other people's safety, stopping people from mass spreading misinformation on social media, etc).

What I've seen is that people who were discreetly throwing parties and were being cautious about the virus didn't have any problems. But it's still risky and they still face penalties if they get get caught, because of course once someone causes a super-spreader event and people end up in the hospital, then it can easily be traced back there, and that's where I'd expect those people to be held liable. So in that sense, yeah you could say they could take blame for their actions after the fact, but that doesn't really help much either if it caused a large number of other people to get sick. We could very directly trace that back to deliberate actions taken by someone knowing full well that it could harm others.


That doesn't make any sense. There are so many government laws and regulations that affect our day-to-day lives, it would be impossible to list them all. You have to get a driver's license to drive a car and wear a seat belt while you're driving it, you can't drive if you've been drinking alcohol, you can't buy alcohol unless you're 21 and you can't do it between the hours of 12am and 8am or on Sundays, you must vaccinate your children before they reach school age, you must put your children in a car seat until age 7, you can't download that song you found for free on the internet, you can't run your own poker table at your house, you have to get a permit before you can make alterations to your house...

This is even ignoring the massive set of additional laws and regulations you have to comply with you if you own a business.


Yes, but these are all regulations already established. Most people were born into the world where they were already in place, and over their lifes to date, there were only altered in a minor way - a speed limit change here, a new mandatory vaccine there. Some classes of people, like business owners, may have experienced more pronounced regulatory churn - but it still feels mostly like tweaking stuff here and there.

COVID was the first in most people's experience when their government just went and upended their lives. Starting next week schools are closed. Two weeks from now, you can't go do anything other than work and shop. Stay away from other people or else. That includes babysitters. Oh, and your workplace is ordered to close indefinitely for now.

Whether justified or not, this is an entirely different category from the usual mucking around regulations at the edges, or playing cat and mouse game with white-collar fraudsters (which causes many, if not most, of the business-related law changes).

And sure, this is an emergency. But the point is, most people alive - at least in the West - never experienced a national-level emergency before.


Are most people born since 2005 or something? All of the new government regulations I can think of that have impacted me personally that didn't exist when I was born (1980):

* Seat belt laws

* Can't smoke in bars and restaurants

* Can't smoke within 50 feet of a door

* Unaccompanied children at a park being considered neglect

* Illegal to use a mobile phone while driving

* Mandatory emissions checks to register a car

* Legal mandates for chicken pox vaccine

* Taking your shoes off and going through a body scanner to get on an airplane

* Time of day/time of week restrictions on alcohol sale (existed when I was born, but not where I lived, so new to me when I moved to Texas)

* Restrictions on how much sudafed you can buy

* Restrictions on filling out of state prescriptions forcing me to pick up and mail medication to my wife when she was traveling

* Real ID laws forcing me to make an appointment 9 months in advance and show up with what felt like 18 different types of proof I lived where I said I did in order to be able to vote

* The State of Texas apparently just passed a law saying my block of 6 townhomes now needs to keep minutes and retain paper records and send all communications to each other via registered mail even though we live 20 feet from each other

* I guess it's now illegal to get an abortion here?

Granted, none of these ever happened all at once in response to an emergency. I guess your friends are just lucky to have never lived in a place that experienced an emergency before this? Living through the LA riots wasn't all that pleasant, either. Anyone who has ever lived through a hurricane has not only been told they have to close their business, but they have to abandon their homes completely and leave the city without any guarantee they'll ever be able to return.

Sure, a national level emergency hasn't happened since the 1940s, and almost nobody alive today experienced that, but it is weird to see the divergence in response. As far as I know, shared sacrifice and repurposing of private goods to public purposes in the 1940s had the exact opposite effect. Especially since the measures were far more drastic. We didn't confiscate property and force Chinese Americans into internment camps this time around.


Maybe it depends on age? For a lot of these activities it feels like it's always been that way (maybe not true if you're older?), so even if excessive you've had your whole life to get used to it. All of this covid stuff is new. I agree with mwint, don't have a home, not remodeling, no kids, and no business.


Public school has its influence. The asymmetrical power to focus large resources on ideological targets is a part of modern warfare that most high-school graduates are not going to grasp intuitively.


Oh sure, not relevant because government doesn't literally raise most of the children and there aren't really any government regulations in schools. /s


Watergate and Iran-Contra are about malicious intent but what I see is a rise of institutional incompetence and ineffectiveness which is rather different.

Consider the mistakes of the WHO. Failure to recommend and even decrying early border closures, failure to declare a pandemic until months after evident global spread, and saying masks positively do not work and then dragging their feet for months on the question.

Contrast that to how the WHO reacted to the first SARS, and we can observe a significant deterioration in competence. I could be mistaken, but it doesn't seem that it's just that we are hearing more about incompetence or have short memories.

I can only speculate on the reasons for this. Political polarization leading to affiliation over competence in hiring decisions, more corruption due to cronyism, diversity over competence in hiring decisions, or overly risk-averse decision making due to fear of social media mobs, are candidate explanations.


Honestly Watergate was a joke compared to stuff more recent administrations did.


Kafka's hallucinations make a lot of sense in today's world!!


Right - but how does this generate support for more GOVT regulation ie, Trump and Biden appointees running things vs confidence in companies (like Apple).

My concern, the HN crowd is yelling for more govt regulation, but the average person actually thinks Apple, not the govt, makes reasonable tradeoffs (security, privacy, CASM etc) and might actually trust folks like apple or google MORE than if for example the govt set up an email service.


There's a huge difference between government regulation of email services and a government email service. I doubt many people calling for the former would use the later.


I think post-Trump it's tougher for anyone in the US to believe totally in the institutions that got us here, despite the different reasons on each side of the aisle.


> * Folks don't have a ton of trust that the regulations will help their lives, or block govt from doing things, but do imagine they will be annoying (more permission banners / cookies popups etc).

This is because those laws rarely have teeth at all. I don't want "ACCEPT BUTTON FOR MARKETING PERMISSION", I want all remarketing and persistent cross site tracking to be illegal. Period.


Cookie banners are an indication that the EU botched part of GDPR. We really just need an outright ban on tracking cookies, agreed. That’s the type of legislation people are suggesting.


They are working on a fix at least.


The problem is plenty of people don't care and click accept all and are tired of folks like you who make every site put a big pop-up in their face.


What fundamental problem do you have with cops using tech to catch criminals?

Not talking about the abuse of innocents here, or warrantless intrusions into your data, just the core of what you're saying.


I'll bite. The problem is asymmetry of information, and that the protections haven't advanced alongside the ease of collecting information.

For example, imaging you have a suspect and want to trail them. The courts have established that you have no expectation of privacy when in a public area, so an officer can trail your car and watch where you go. You only have so many officers, and so there are implicit limits on how many people you can trail in person. But if instead of sending an officer to trail a suspect, you attach a GPS tracker to the suspect's car, suddenly that restriction is removed. Instead of spending weeks trailing a single suspect, you could attach dozens of trackers to dozens of cars, or you could request location data from a third party. The lower cost of breaking somebody's privacy allows it to be done more frequently, even if the explicit legal protections haven't changed.

The problem isn't the technology itself, but that protections of privacy and protections against unreasonable searches haven't advanced alongside the technology.


I am pretty sure thr police cannot put a GPS tracker on your car without a warrant.


Whether or not there is a warrant is tangential to my argument. There used to be hard physical limits to the amount of surveillance that could be done. Now, the only limits are legal limits. Those legal limits were never designed to be the only limit, and are insufficient in their current form.


Cops were doing that without a warrant in the past. In 2012 it was ruled illegal by the courts. Here's a wired article. https://www.wired.com/story/man-charged-with-theft-for-remov...


And now they don’t have to because you carry your own gps tracker with you and Google will sing easily.


Your telco is way more eager to sell your information.


You'd be wrong in the USA. Anybody who parks in any public space or outdoors can have a unit placed on their vehicle by anybody.


It's still illegal. I could go around keying people's car for potentially a lifetime without getting caught but it's still illegal and that's what we were talking about in the thread.


Legally?


It doesn't matter. If they do it illegally, you won't find out unless you find it on your car.


Get the cops to high crime areas.

There is no need for the amount of law enforcement I have in my county of Marin.

They would then have more time to put GPS's on vechicles, and less time for Revenue Collection.


How is there asymmetry of information? AFAIK there have been just as many tech advances in police accountability as well, such as the prevalence of body cams, or the ability to see these warrants as they are issued in real time on a police web site, etc. Of course there are other issues at play but I think you may have missed some things that are on the other side, it's very feasible for one person to track many police officers much in the same way that you describe. What would be questionable is if the police were trying to stop the public from doing so.


The use of technology is irrelevant. The question is one of unreasonable search and seizure, unsupported by probable cause.

"Law enforcement" is always used as a reason to invade privacy. Searching smartphones wasn't envisioned by the founding fathers but is exactly what they were talking about when it was written into the constitution.


I personally don't.

I suspect plenty of folks agree with me.

My point is, the HN outrage at things like tech to solve crimes (because of privacy etc issues) is in many cases not shared more broadly.


I agree with your claim. I still think the Apple security boondoggle got the right treatment, and I hope they've backed off forever, but I have my doubts.


I agree. You're not wrong. Us niche groups care, see how the tech works or learn how it works, see what happens with our data and see the possible use cases with some of these systems. That's why I think the whole data collection and privacy war is already over. Until the common user gets affected personally they think data collection is good, have nothing to hide and like it's being used to catch criminals.


Highly depends on your environment actually. Most people care about privacy a lot and don't want 24h surveillance for their safety. They have no idea about CSAM of course.

Furthermore many are indeed critical of big tech and how they censor and modify information for political convenience. They are also aware about oversharing on social media.


On some days I believe the molten veins of liberty in the US have cooled and solidified—structurally succumb to the great machine—bound by economic needs and principles. It’s not about we the people anymore. We won’t see any real change; corruption has seeped in and taken hold. Right now, if there’s money to be made, it’s legal. (Except if it involves giving women power, so sex work remains taboo and OnlyFans is under attack.) Liberty was never about doing whatever the fuck you wanted, it was about collective ownership of structures of control. Does the average citizen participate in the economy with any shred of liberty? Who tells the reserve bank and payment processors how to wield their power over currency? Are you free to wander cyberspace and loot more than 500GB or 1TB of its treasures? Who innately owns your data? Is encryption speech? etc…

The only possible way to fix these problems is to code solutions into the fabric of society. And to do that you need a young molten society of people that fundamentally communicate using a common implementation language working toward a shared vision. This society understands the principles supporting the solutions and is willing to sacrifice in order to maintain a system which innately resists deprivation of liberty. You need birth and.. eventually.. death. We won’t see meaningful data privacy without a revolution.

On some days I feel this way.


Revolution sucks for all involved. Unfortunately, at this point, the alternatives are looking even worse.


What about raising money to buy a bunch of data from, say, the Washington, D.C. area and then de-anonymizing it. I wonder what we'd learn...


I wonder how a different tactic would fare:

1. Buy some legit(ish) dataset for marketing purposes. I hear DMVs in the US like to sell people's data.

2. Do a direct marketing job: send every single person in the dataset a snail mail letter with a printout of all the data you have on them, and a reference to where you got it from. I hear USPS offers good rates for bulk spam campaigns; they apparently live off it.

That sounds like something that is in range of crowdfunding money, could possibly be fully legal, and sidesteps the issue of news outlets killing the message, with (as I recently heard) their policy of not reporting data from leaked datasets.


This would cause so much chaos and probably result in thousands of divorces. Maybe we could get a lawyers group to front the money lol.


Man, that would be great. I'll bet it'd be doable for anyone whose name is tied to public records via home ownership too

Scale up what they did to Trump for this NY Times piece: https://www.nytimes.com/interactive/2019/12/20/opinion/locat...

See if people keep clicking "Allow" on their phone games after that goes out..

Of course, what'd actually happen is everyone would just attack the messenger. Maybe there'd be some super half-assed knee-jerk law thrown into place

If I ever get terminal cancer I'll see if I can throw something together before I kick the bucket, haha.


I think carefully designing the campaign from the start to avoid a PR backlash would be really important. Doable, too.


I actually looked into it. They are smart on this and won’t sell to you.


Thanks for looking in to this! I wonder if we could put together a swarm of small transactions that would allow us to reconstruct a bigger data set of interest.


How do they determine who to sell to?


They have a sales person to talk to, and a whole process on who you are and how you will use it.

https://twitter.com/sroussey/status/1220790758749270016?s=21


I really doubt legislation would come into effect. Instead, the people organizing the effort will be hunted down, prosecuted, and turned into examples of what happens when you try to fuck with people in high level government positions.


That's a coordinated response. We don't want to invoke a coordinated response. Pick some prominent people to make examples of--people who will make many others happy by their embarassment.


The whole matter would likely come to a head very quickly if said data were sent to politicians. Seeing their own data exposed would not only be embarrassing but a wakeup call to everyone.

Not only would the laws quickly change but also we'd soon learn about some of the nefarious antics and unsavory deals made by our governors.


That's the hope


Has happened with grindr a few times that I know of. https://accesswdun.com/article/2021/7/1024075

And the Strava on military bases thing. https://www.wired.com/story/strava-heat-map-military-bases-f...


Privacy and security regulation, nor antitrust regulation, are viable means to stop tech companies from creating problems. The way to stop them is to regulate online advertising. Tech companies have no other way to make money. Ignoring this is like trying to fight a war without ever trying to interfere with the enemy's supply chains.

The constant focus on the majority of web users, i.e., "the average user", is misplaced and suffers from an incorrect assumption. Namely, that a majority of the public needs to support some law before it can be passed by a legislature.

Most legislation does not come from mass outpouring of support by the public, like the kind "HN/Reddit/other tech/Geek forum" comments call for. It comes from lobbying, usually professional, and sometimes community activism. The same "niche" groups that people in the these forums like to downplay are not necessarily much smaller and may even be larger than groups who have successfully gotten laws passed at state and federal levels. What is necessary is some number of people who do understand the issues to initiate the lobbying and campaigning; the awareness and support of the "average constituent" is never a prerequisite. Nor is it true that every law passed serves an enormous number of constituents, i.e., "the average constituent". Sometimes laws only serve small groups of people who have special needs (or wants).

The notion of the "average user" really has no bearing on whether legislation is passed or not. What matters is the small group of people who are driving the campaign to have legislation passed. That group is unlikely to comprise the "average user", its going to be people who understand the issues to which the proposed law is targeted and can articulate them to people who know how to work the system to get laws passed.

The more middlemen people accept when using the internet, the more parties that can be subpoenaed. Those are the consequences of "cloud computing" and "SaaS". But to think that no law can be passed to address the harms that "tech" companies present, because the "average user" does not understand these problems, makes no sense. Stop focusing on "the average user". Thats for the "tech" companies to do. For the non-average users, its a waste of time.


When both the government and the advertising companies have an aligned incentive to spy on us all, Why would the government pass either privacy or advertising laws?


That's the problem with democracy at the moment, vested interests have taken control of the forum because (a) they're able to and (b) the majority of citizens are just not interested in or engaged with the issues.

You see this everywhere not only with security etc. but also in many other areas. A classic case is copyright law where a small number of powerful people have hijacked the debate and managed to impement grosely unfair laws in their favor. They're so organized and powerful that they've not only been successful domestically but also internationally with treaties etc. It's almost impossible to break these nexes when the populace at large is so complacent.

In short, our current democratic structures favor the powerful, money-rich and organized at the expense of the disinterested who are disinterested because they're not yet aware of the issues involved and thus don't yet know that they stand to lose or be disadvantaged. There is no effective advocacy system to support them and conterbbalance the push at the early stages of law formation and thus we end up with laws that overcompensate the initial lobby and which are extremely hard to unwind later, especially so when international treaties are involved.

Outside a revolution I cannot see change happening and revolutions are the very last thing we need, they end up disastrously for everyone.

It's all rather depressing really.


> That's the problem with democracy at the moment

I disagree. The problem with (multi-party) based democracy is that it is way more important to be popular with the party seniority, than with the constituents.

If fact, if you want to be a member of a parliament, its essential to first be popular with the party, before you get a shot at being popular with your voters.


Not disagreeing, I should have said 'one of the problems'.

Nevertheless, same goes here, there's insufficient interest from the citizenry to break that nexus too. Breaking party loyalty etc. to obtain a fairer system has been the bane of modern democracy for hundreds of years - back to Hobbes, Locke etc. As I said it's depressing that there's no easy solution.

Edit: Same goes for any lobby who wields effective power over the elected, remember Edmund Burke got the shift from the electors of Bristol when he dared move off their agenda to put broader (national) interest first. Whilst this broader approach seems fairer/better for all it's nevertheless a double-edge sword though, as it allows politicalians an excuse to pursue another agenda - one that may not be in either the electors' or national interest but rather that of a third party or even him or herself. The problem remains, we've no effective way of fixing it/balancing all interests fairly.


"Tech companies have no other way to make money"

Microsoft is pretty major, and makes money not from ads


I hope more people get thrown in jail for not caring about privacy, so they and we learn to care more.


Related past threads. Others?

Google says geofence warrants make up one-quarter of all US demands - https://news.ycombinator.com/item?id=28266650 - Aug 2021 (259 comments)

New Federal Court Rulings Find Geofence Warrants Unconstitutional - https://news.ycombinator.com/item?id=24342049 - Sept 2020 (29 comments)

Google Gives Feds 1,500 Phone Locations in Unprecedented ‘Geofence’ Search - https://news.ycombinator.com/item?id=21773543 - Dec 2019 (269 comments)


Is there a self hosted app to track your location? I use Google maps to keep granular history so I can use it later for whatever. But if I could self host that’d be better.


I use a trained neural network I keep between my ears...

Recall is sometimes fuzzy with age, but it works well enough, and I don't have to worry about external queries violating my various rights nearly as much as with tech companies.

At this point, I think every piece of modern consumer electronics ought to be considered hostile until proven benign. I've worked with enough of them over the years, on different ends, to no longer trust any of them.

I'm also old enough to remember the before-times - when there wasn't the technology to track us everywhere, or, when we did have something breadcrumbing, it wasn't being automatically uploaded to whoever, wherever, etc.

My first question, though, would be "Why?" What value do you get out of tracking your location with any great detail that self hosting it would be of much value? However, various cheap GPS loggers and Google Earth import probably would do a lot of what you're looking for.


> I use a trained neural network I keep between my ears... Recall is sometimes fuzzy with age, but it works well enough, and I don't have to worry about external queries violating my various rights nearly as much as with tech companies.

I don't understand the point you're making (unless you're being snarky.) You recognize that most other users of Google Location History can do the same?

> My first question, though, would be "Why?" What value do you get out of tracking your location with any great detail that self hosting it would be of much value?

Another way of framing is what utility Location History can provide to users. Some use cases are casual ("Where did I go exactly on this trip two years ago?", "Where did I eat when I was in X city 9 months ago?", etc) while other people have personal uses for it: https://towardsdatascience.com/analyzing-my-google-location-...

> However, various cheap GPS loggers and Google Earth import probably would do a lot of what you're looking for.

That would probably work, as well perhaps another OSM-based mapping application. I don't know the value of all that extra metadata which is computed though (as highlighted in the above article).


> I don't understand the point you're making (unless you're being snarky.)

I am. I'm referring to my brain in a "tech industry buzzword" way. It is, technically speaking, a trained neural network. Just a biological one, not a silicon/code based one. I happen to like it, and it can also do things like tell the difference between a low moon in the sky through a smoke haze and a traffic light.

> Another way of framing is what utility Location History can provide to users.

"If there are any positives, then the technology is worth using!" style thinking misses, entirely, the concept of opportunity cost, and the various downsides.

I won't argue that it's not pretty cool to see everywhere you've been - but it's also an exceedingly detailed record of who you are, and anyone who claims it can be suitably anonymized is full of crap (see the Grindr Bishop for a solid case study here).

Where I really start to get upset, though, is that there's no opt-in for this, other than some vague, generic, "nobody reads this and it doesn't say anything anyone would understand anyway" clickthroughs.

Android doesn't have a, "Would you like us to keep a record of your location and everywhere you've been? You can review it later and see what cool places you've been!" sort of opt-in. It just does it.

Google clearly is getting some value from that data, and it's not at all clear what it is.


Right, and I think OP (or at least myself) agrees with the points you've made, which is why they seem to be trying strike a balance between gaining the advantages of Location History, but keeping that data to themselves and outside the Google umbrella, and thus want to understand how to do it.

I view it similarly as others looking at methods to self-host their photo backup with timeline indexing and searching, etc.


Ten years ago, in 2011, Pete Warden discovered that the iPhone was tracking peoples' locations. It was considered to be a bug at the time, because it was only intended to be stored for up to a week, for knowing which phone transmitter to use.

https://petewarden.github.io/iPhoneTracker/

"the advantages of Location History"

I thought that this data would be useful to help geotag the photos in my iPhoto library. So I wrote a little script to parse the iPhone data, and cross-match the timestamps with photos. Never became really popular though, probably because people now use phones to take photos and they already include the location in the EXIF data.

iPhone Geotag

https://peterburk.github.io/programs/#iPhoneGeotag

"keeping that data to themselves"

Once the bug was fixed, and Apple stopped storing location data indefinitely, I thought it would be kind of handy as a feature. So I wrote a little PHP script that ran on my jailbroken iPhone and saved a log of my location every 30 minutes.

It recorded data from Monday, May 12, 2014 3:44:52 PM to Wednesday, April 8, 2015 9:00:06 AM

My battery life got worse, because the GPS kept turning on. During that whole year, I never wanted to check the data, not even once. So I turned off the script. Not tracking myself made me less self-conscious about where I was walking and what I was doing, and it was a relief.

I do use an iPhone, but it's an old 4S with iOS 6.1.3, and I only switch on 3G rarely in case of emergencies. I don't use iCloud for backup, only USB sync. The phone companies will know my location, but Apple probably don't. With the security features all compromised through jailbreaking, I can see everything on my phone so I know what data they could possibly get. And that's good enough for me.


Just wondering what type of thing were you doing that would make you self conscious about your location? Please don't read anything much into this, just interested in what type of things people feel uncomfortable about having recoded.

For me the most uncomfortable thing I ever did was itemise how much money I had spent at different outlets. I discovered that I'd spent an incredible amount of money scuba diving over a 12 month period. Not something that I wanted to share with my partner.


While going for a walk or biking back from work, if I have time and it's not raining, then I like to clean as I go [1]. Picking up and throwing away litter that I see on the street. Sometimes that might involve trespassing, but it's for the greater good.

Like you, I started logging my expenses too! And I still do that. I'm using some scripts on my phone, with one icon on the homescreen for each kind of expense, logging to a TSV.

It has made me more self-conscious about spending money, but that's probably a good thing! Pressuring me to give more money to beggars and spend less on bubble tea.

[1] UncleBob applied "clean as you go" to code, too https://www.youtube.com/watch?v=BSaAMQVq01E&t=2021s


It's more the psychological aspect of knowing that something is always watching and knowing where you are. There's a creepy-feeling mental overhead to it all.


Exactly, remember at school when the teacher stood behind your desk and looked over your shoulder whist you were writing something, doing sums etc. The teacher standing there watching evey move you made was a surefire way of you making a mistake.

Even my partner's cat will stop eating its meal if I stare at it whilst it's eating (yes, it's a bit neurotic). (But unlike Google, Facebook, the Government etc. I'm immediately in trouble for teasing the cat.)


I recently set my google location history to auto-delete. At first I wanted to keep it recording my location history forever because "just in case" I needed to know where I was for something that was extremely unimportant. Overall, I've looked at it only handful of times over the many years it has been running so in the end it really helps Google more than it helps me. I might even just turn it off completely. I'm slowly shirking this data-hoarding, "I might need it one day", mentality.


I love Google Location History.

If you're trying to make a point to someone about how much of a problem data collection, use, abuse, etc, is - link them to the place they can view their own history. It's even more fun if you're with them and can watch the expression of utter horror form as they realize just what, exactly, literally everywhere they've been can tell someone else about them. "Hey, isn't that the kink club out there?"


I check this from time to time and mine has always been completely blank.

Even on my phone when I search for "tires in <city>" it assumes I mean a city in the east coast of the US. Maps/Waze are only marginally better, showing me results 170+ miles from my current location, generally.

I use trackmenot and ad nauseam plugins on my main computer, so my ads are always 100% irrelevant - if I see them at all. Ad nauseam clicks every ad it sees, and stores the banner. It tries to track how many dollars of ad spend its wasted on your behalf, too. I'm somewhere north of $17k at this point lifetime clicks.

I know I'm not winning this fight but I can make it more hilarious for me in the meantime.


That $17k would've either been rejected as ad fraud in the best case, and just ended up funding the companies you hate at worst.


That's assuming they can dis-aggregate my traffic at the F5 gateway well enough[0], otherwise they're just saying all traffic out of that rack in Dallas, TX is invalid. A personal web browser clicking ads on pages i visit doesn't feel very fraudulent.

[0] google routinely can't, and i stopped using search because it made me do photo captchas every time. If google can't, i'm guessing other people are going to have less luck.


Being Captcha'd likey means that those systems know not to trust your clicks. I seriously doubt you're doing any damage here, and at worst you're helping the companies you dislike.


Would they be horrified of going to a kink club? I feel like the type of person that would go to one, especially these days, would not care.


I've not seen that reaction at all. Everyone gets really excited when I show them.


Do we have reason to believe that auto-delete means anything other than "hide it from me, please?"


At least in the EU, they run the (qualified) risk of a collosal statutory fine. It wouldn't be easy to get them audited (particularly in Ireland where the Data Protection Commission favours discretion over valour), and they'd have to actually get caught. Assuming that they didn't hide the evidence, and the auditors found it, and the necessary hoops were jumped, it could be financially and reputationally painful, even for big G.


If so, why believe "don't save location history" would mean anything either?


Difference being "don't save" would mean not being ingested at all; if it is sent to google, a stink could be made (perhaps by sniffing netreqs, looking at GPS requests, etc). Once it's in Google, us peons would have no way to verify any claim.


No. "don't save" does not mean "don't send to google".

All geolocation based on GSM cells and wifi sends your location continuously.


How can it be not ingested at all? If Google is giving me turn by turn directions it needs to know where I am.


Google maps vs tracking location at all times, though.


I believe according to their privacy policy and from past press statements deleting the data does trigger a real wipe of the data but I think there is a up to 30 day delay (not sure exactly) (wiping data from thousands of servers is actually kind of difficult).

If your threat level is NSA/nation state then this isn't good enough since they probably could get a copy before Google deletes it but it is probably enough to be useless for low level LE.


At the risk of sounding paranoid but how do we know if they actually pause/delete it?


But, but this is the only way to deliver consumer products. This is profitable for corporations and shareholders and users have "nothing to hide" and love it.

Did you realize that the world is a step away from total Panopticon (https://shorturl.at/mCJK2).

The "digital natives" don't care at all. The "millenials" are just ignorant. The "X-ers" are fighting to stay relevant and "young". The "boomers" are screaming from the trenches, but the echo is responding with the usual "OK. Boomer".

It is over. This is the Great Reset, created by Davos Elites and embraced by Corporations, Governments and "modern" people of the world.

This is the direct result of corrupted societies which abandoned classical education and liberal arts long time ago.


There's https://owntracks.org/, which has iOS and Android apps and instructions on setting up your own server. If you run NextCloud self-hosted already, there's PhoneTrack (https://apps.nextcloud.com/apps/phonetrack), which has a list of supported/suggested apps that send data back to it in a compatible format.


I've been using OwnTracks (plus ot-recorder) for a few years now, in parallel with Google's location tracking/timeline, and I find that OwnTracks tends not to update all that well or frequently.

If I switch OwnTracks to "move mode", it's great, but then it drains battery like crazy. "Significant changes mode" doesn't really cut it to map out my track as I move around during the day. And it's especially annoying because I do have it set up to trigger some lights to turn on in my house when I get within 500 feet of home. Sometimes it'll finally trigger an hour or two after I get home, which isn't particularly useful. I've exempted the app from Android's "battery optimization" thing, and I'm using a Pixel 4, which shouldn't have any shenanigans like killing background apps frequently like some other manufacturers do.


Ah, that's good to know. I've been meaning to set up OwnTracks with iOS, so I'll report back with how that goes, see if the accuracy/battery tradeoff is any different from what you're seeing on Android.


> I'll report back with how that goes

Out of self-interest, where would one check to (eventually) find this write-up? Sounds like OP hadn't known just how long OT takes to update on Android, which makes me assume other information out there may be out of date, or someone else's best case scenario (as opposed to real-world usage).


This also has integrations for home assistant to use owntracks for logging and automations for smart home stuff too.


I use Google location sharing with my partner so we know where the other person is. Is owntracks a replacement for that by any chance?


Yes. I use it with my whole family. You can create a tracking session and have everyone join in. From the app and the website you can see everyone on the map.

The only trouble Iǘe had is that the Android app sometimes crashes and I have to manually launch it again. There are other compatible apps that I haven tried, though.


If you connect OwnTracks to an mqtt broker, there is a feature to track friends. But I haven't played with that part so ymmv.


I'd hope not. We should normalize less surveillance, not more.


How is it surveillance when two consenting adults share their location with each other using a self hosted service?


Yeah, knowing my SO's location is super important for multiple reasons imo... Primarily safety and knowing how long it will take to get back from someplace (or how long I can keep messing around with stuff at home). I'm sure there's other valid reasons but kinda just provides me peace of mind.


Consent is not a simple binary thing.

Creating expectations around accepting surveillance is not healthy.


There are standalone GPS loggers that lack transmitters and log location to SD cards in CSV / GPX formats (e.g., [0]). It's one more thing to carry, but it's small and you can be reasonably confident that it won't transmit your location to anyone. But the particular one I've posted doesn't have the ability to encrypt the data as its being saved, so if someone physically steals the device, they'll have easy access to your past location history.

[0] https://canadagps.ca/collections/gps-data-logger/products/co...


I just had to provide records of my past travel history for immigration purposes and I couldn't find any of my i-94 records. I could sort through emails to find past flight tickets but the data from my Google location tracking history proved to be much more reliable and easy to parse. I was able to get all my flight dates from past 5 years easily with it.

I also like to look for places I've been in the past and Google maps can tell me the dates I've been to a specific place in the past.

So it does provide quite a lot of value at least for me. I completely understand the sentiment that seems to be a majority on hacker news how that's quite a bad idea, how I'm giving away my privacy for convenience and yada yada. But I made the personal decision that Yes it's worth exposing this data to Google and possibly law enforcement that require Google to disclose this information for the convenience I get in return.


You couldn’t use CBP’s travel history page?

https://i94.cbp.dhs.gov/I94/#/history-search


I've used this in the past but currently it's showing no records for all my 3 passports.


Weird, but my experience is mostly with the land border so maybe it’s different


That is fine as long as it never becomes an expectation. Not a good idea to lie on visa applications, but I don't really disclose travel within the EU for example (I am from the EU).

I don't leave obvious digital traces and I think people wanting to know this info can find different hobbies and better jobs.


See UnifiedNLP (https://github.com/microg/UnifiedNlp/blob/master/README.md) <ctrl-f> down to "List of backends for geolocation".


There have been a variety of such apps, going at least as far back as "Backitude" (now gone) on Android that could log to a local KML file that could then be uploaded to storage of your choice on a schedule.

It could also connect to a URL of your specification to upload real-time updates.

Keep in mind that if you're not concerned about immediate tracking you can log locally then use any of many options (e.g. FolderSync) to do scheduled uploads of a log file.


You can self-host nextcloud and try phonetrack app. https://apps.nextcloud.com/apps/phonetrack


Not _exactly_ what you were asking for, but I use this:

https://gpslogger.app/

I can export my data and then use that how I want.


https://gpslogger.app/ open source has plenty of settings can make a GET call every x minutes to url of your choice, you can either collect data by logging GET calls on your nginx or build an API for that specifically.

Or you save to Gpx files and see history with any Gpx File Viewer


There is an open source iOS app called Overland[0] that can continuously track your location history in the background and upload the data to an arbitrary endpoint as GeoJSON.

The "protocol" consists of a single HTTP request and response, so you can easily write your own server software to store the data however you want, which is what I did.

If you don't want to write your own backend, you can also just use the server software[1] the author of the app uses, which is also open source.

[0]: https://github.com/aaronpk/Overland-iOS [1]: https://github.com/aaronpk/Compass


I have played with storing location history using Home Assistant. Works, data never lands anywhere other than my home server.

EDIT: I use it to do home automation actions depending on where I am. I.e. when I leave, it automatically arms the alarm and turns off the lights.


I never thought about using HA to log location. I already use HA so this might make the most sense.


OsmAnd allows you to record your movement and leverages OpenStreetMap.


I use OwnTracks, it's opensource and available for both iOS and Android.

You can configure a custom https endpoint and then your devices will ping the endpoint when there's significant movement.


There's Trackbook for Android. It records locally to a GPX file and also has the option to use GPS only.

https://f-droid.org/en/packages/org.y20k.trackbook/

https://github.com/y20k/trackbook


Anything on Android is totally moot. You can "turn off locations" but you don't know if it has. It also has a dozen other ways to track you when correlated with others, such as inertial, wifi, cell cgi, audio, magnetic, bluetooth, optical, pressure, etc; some of which are in the baseband and inaccessible to the OS. You can keep it in a faraday bag but it can still record and upload later.

Same thing could be said about IOS with the additional constraint that the vendor can do whatever it wants and we don't know what it's actually doing.

If you care about privacy just don't carry a phone.


> If you care about privacy just don't carry a phone.

I feel like this position is unrealistic. Privacy is possible with a modern smartphone. Using an alternative OS on Android devices can help facilitate this. I've been using GrapheneOS as a daily driver for nearly six months now. Any issues I've run into have largely been due to my own configuration of the device.

You can also get a lot of useful information from Michael Bazzell's books or podcasts. It may involve jumping through hoops but it is possible to go "off grid" in many regards.

If your threat model includes your cell provider, then yes, a faraday bag may be worth looking into. There are also open alternatives like the Librem 5 or PinePhone that offer hardware kill switches. These types of cases are rare, but one doesn't need to become a complete technophobe.

As it stands, true privacy is relegated to the technologically elite, the truly paranoid, or those that can pay to play. I would love for that to change, but unfortunately that's the current state of affairs.


> As it stands, true privacy is relegated to the technologically elite, the truly paranoid, or those that can pay to play. I would love for that to change, but unfortunately that's the current state of affairs.

Or the broke who can't afford the devices now more and more used against us.

Or those who are willing to forgo the conveniences of such devices in exchange for privacy. Or, simply for the sanity of not having to deal with them.

I'm firmly in the boat of "Could do any or all of those things" - I considered a PinePhone, have a PineBook Pro, could easily do GrapheneOS, and... I'm currently using none of them. I'm using an AT&T Flip IV that I leave at home regularly. If I have some fancy requirement, I can tether a laptop to it.

You start from the assumption that a smartphone of some variety or another is a requirement - and I'll counter that, while it's certainly the default option of modern life, the smartphone is really only a decade old, and there are ways of doing things without it we can go back to - and those things do generally still work.

I'm at a point in my life where both I can be a bit annoying about things like reachability, and, interestingly, I'm hostile enough to tech that people expect me to be a bit weird about things. Nobody was surprised when I showed up with a flip phone - but they were surprised that I still had things like email and Google Maps capability on it (KaiOS). At which point, the gears started turning.

Trying to find a way to de-evil what is looking more and more like a corrupted, user-hostile system through and through doesn't seem worth the time, when one can work towards not requiring people to be in that system in the first place.


I know someone from school who is a fairly senior manager at one of the FAANGs. He only got a cell phone in the first place because he and his wife adopted and the nanny insisted. I know he has a company-issued smartphone now. Don't know if his personal phone is a smartphone by now or if he's still using a flip phone of some sort.


This is another thing rarely talked about that's quite common - people really high up in the tech companies don't use the stuff.

Remember, when Steve Jobs' biographer asked him what his kids thought about the iPad, his response was, "They haven't used it." You're more likely to find the "cellphone free" group among high level tech execs and such.

Why is that? It's worth pondering.

I know more and more people, deeply in tech professionally, who are opting out of it in their personal life, across the board. They know what it can do, they've seen it, may have worked on older versions of it, and simply want no part of it anymore.


The main answer is probably that they don't need to. They have personal assistants and admins who deal with their appointments, their email, etc. And, believe it or not, some of them really do unplug when they go on vacation.

In a former life when internal company email was becoming a thing, there were execs at my computer company that made one of these minicomputer-based office productivity systems who had their admins print out their email, they'd write responses by hand, and have the admin send the response.


> This is another thing rarely talked about that's quite common - people really high up in the tech companies don't use the stuff.

This is true, kind of like how most drug dealers don't do drugs themselves.


I know I'm personally burnt out on tech by the end of the day from working on it all day, and I'm not "really high up in tech". But also at the end of the day, if I'm not making dinner, then it's DoorDash. If I need a ride somewhere, I use Uber/Lyft. It would be nice to be rich enough to afford a live-in chef and a driver instead of those two apps. I'm not (yet), but it becomes far easier to eschew technology if you aren't forced (no matter how gently) to have any of it.


I find smartphones mostly useful when traveling. I've never used DoorDash and maybe use Uber/Lyft a half dozen times a year and essentially never locally. Being able to receive texts is increasingly difficult to opt out of for various purposes but you don't need a smartphone specifically for that.


It's not unrealistic to not carry a phone everywhere. Do you really need to be reachable while you're at the grocery store? Unless you're on call or a firefighter, there are very few cases where you must be reachable 24/7. Try it sometime, you'd be surprised.

Carrying a phone at all times is more a matter of social pressure than anything else. If you get into a real emergency situation, you can just ask someone if you can make a call from their phone -- after all, the world is full of people walking around with phones in their pocket.

Leaving your phone at home most of the time is a little inconvenient, but it's certainly not unrealistic. It's just that most of people are happy to trade privacy for convenience.


>I feel like this position is unrealistic.

I'm not sure it's unrealistic but the tradeoffs for ditching a phone entirely day-in day-out wouldn't work for most people.

As you say there are alternatives for smartphones and one could presumably alternatively carry a feature phone that can't be easily tied to their identity. (Although there's an increasing assumption that you have a smartphone to accomplish various tasks.)


> Although there's an increasing assumption that you have a smartphone to accomplish various tasks

Indeed, because... basically everyone carries one.

So, in order to counter that, more people need to not carry one. Not just object to using smartphones, but, "Look, I literally don't own one, I know you want me to install thus and such app to complete some survey before entering the building, but I can't. What's the alternative?"


I don't carry a phone. Partly for security, and partly because for 26 years (fed) I was required to carry one. Of course early in my career I had a pager. Every fucking day for 26 years.

The phone I do use I bricked for all activity save voice and text: it sits on my kitchen table and there it stays. The upshot is that my phones are inexpensive, <$100. In fact, I just purchased a new one and am pleasantly surprised at the voice quality of 4G LTE.

Certainly most people with jobs cannot afford to be out of touch and I understand it is a luxury to be un-tethered. However, my position in fed security and CI drove home the point: If you are connected with a cell phone, you're going to get pwned. The level of pwnage is directly proportional to your status and employer.


Don't carry a phone is obviously not option for people in many positions.

IMO it's a bit nihilistic compared to pushing for privacy guards for infrastructure.


Do you want a self-hosted location tracker because you don't want someone else tracking you? Because it's not going to help. Your cell company knows where you are at all times, and even with location turned off, your OS is reporting enough information to either Google or Apple at all times to know where you are to within a few feet.


I know I cant avoid cell companies, but I can at least limit how much Google knows (or any other company that requires always on location). The problem is though, the data I can get from my location history from Google is really useful for me so it's been a privacy trade off I've taken.


I keep Google location history on so I can have evidence of where I was.


From the article, which talks about the police being able to get a warrant on you based on nothing more than you being in the wrong place at the wrong time, and from the fact that the police convict innocent people based on flimsy evidence all the time, I'd say at this point you're much more likely to get falsely convicted based on your location than exonerated.

Has anyone ever been exonerated based on their Google location history?


As if that was admissible. Easily faked by leaving your device at home.


Paired with other metadata (which can also be faked) I’d bet a jury would find the data quite convincing


That's not true: when location is turned off, location is turned off. Apple still has a loophole where turning off Bluetooth doesn't turn off Bluetooth, but location should be "fixed"


Your cell phone company knows the tower you are talking to and probably which (directional) antenna you are talking to. Antennas are in the process of getting a lot more directional with 5G, so they'll soon go from trivially being able to track you within a block or two to within a meter or two.

It's not great.


The core records of a cell phone company are at a cell level, which often are configured in a 120-degree sectors from a tower.

If they really want, they can see the distance from the tower because that's a requirement for the communications protocol to work (LTE at least expects to account for lightspeed delay in allocating transmission slots) and gets measured during the communications, so the operator should be able to see that distance to the granularity of something like 100m (or is it less nowadays?); but AFAIK that's usually not stored unless you're in a 911 call or perhaps with some tracing warrant.


These newfangled beamforming systems can alter the direction of transmission to optimize signal quality for your phone. How can they do that if the system cannot locate a handset with great accuracy?


I have no idea about what information the (5G?) beamforming protocols use; perhaps they have figured out a way for some "angle discovery" as part of the protocol handshake or perhaps they just require the device send GPS data for that adjustment (and in the absence of that data would just skip beamforming, getting worse rates); but the distance information for the 4G/LTE timing system would be an inherent part of the protocol even if the device does not have GPS enabled and is based on literally measuring the round-trip timing.


From Wikipedia/MIMO:

”To correctly form a beam, the transmitter needs to understand the characteristics of the channel. This process is called channel sounding or channel estimation. A known signal is sent to the mobile device that enables it to build a picture of the channel environment. The mobile device sends back the channel characteristics to the transmitter. The transmitter can then apply the correct phase and amplitude adjustments to form a beam directed at the mobile device. This is called a closed-loop MIMO system.”


Beams don't have to be that accurate to boost signal quality.

This is also speculation on my part but I'd suspect they're targeting specific clusters of devices in an area and using multiplexing than having dozens of radios on one tower.


As far as we know, though, the police haven't (yet) been able to demand Verizon turn over the records of everyone who sent near a crime scene at 2pm, though, have they?

I feel like Google's location history is basically built for that kind of thing.


I thought the Bluetooth thing only applied from the quick menu. I've been told if you disable it in Settings that it will actually turn it off.


This is true. And when you turn it off from control center, it says 'disconnecting bluetooth devices until tomorrow', so it's clear that disabling it means "stop all BT connections except for my Watch".


Cell phone towers can still track you, unless you don't have a SIM card.


Until mmWave 5G becomes the norm, LTE towers aren't as accurate as the GPS data obtained by Google. The difference between 30 meters of accuracy[0] and a few meters with Galileo/GPS[1] could be the difference of a search yielding everyone in one building and finding everyone in the neighboring buildings on the same block.

0: https://www.marketingdive.com/ex/mobilemarketer/cms/news/res...

1: https://www.deingenieur.nl/artikel/after-13-years-galileo-sa...


They can still track the device by IMEI, because the radio connects to the base station. SIM is only necessary to register on a network. You can still call emergency services even without a SIM.


Owntracks [1] is likely what you're looking for.

1. https://owntracks.org/


I use home assistant with their android app. It can/does use google location services, however I believe you can also set it to use gps.


Look at Automatic Packet Reporting System (APRS) you will find lots of tools related to telemetry.


Remember, the US Government only needs a warrant if you are a "US Person" (which is a US citizen anywhere in the world or a person of any nationality physically located within America).

We learned from the Snowden leaks that the US government constitutionally doesn't need a warrant to request any of this information if you are outside of the US if Google is holding the data domestically on servers in the US. And it makes so many of these requests Google has self-service systems for the US government to access accounts of non-US-persons directly.

This is probably happening all the time for non-Americans.


we also learned that it sidesteps this by collecting data on UK persons and exchanging it with GCHQ, who does likewise


Someone (Eric Schmidt? not sure) once said, "If you really want something to be private, don't put it on a computer."

Still the best advice. Rather than storing it and then worrying about where it goes, just don't store it.


Don't put it on a computer, don't say it within earshot of a computer, and don't have it visible to any computer's camera: getting pretty impossible to follow this advice.


I'm not minimizing the dangers of someone else recording you. I don't think Schmidt was even thinking about that, probably because smartphones weren't so ubiquitous then.

However, you CAN control what you do yourself. Your to-do list can quite easily be on a paper notebook, as can your journal. Another thread here talks about self-hosting your location history -- why TF would you even want that? You can leave your phone at home when you go places where you don't need it. You can talk to people instead of texting them. All these things might be inconvenient, and amusing for some of your friends. But you'll survive it.

Maybe you can't shut off the flow of data about you, but you can at least refrain from adding to it.


> All these things might be inconvenient, and amusing for some of your friends. But you'll survive it.

The entire point of such self-hosting is to achieve a similar level of convenience provided by the megacorps' products without them being able to profit off of your usage of them. People who will consider 'not tracking location' and 'only talking to people face to face' aren't the ones considering self-hosting their location data (unless their only reason for doing so was the megacorps' profit model).


I'm more talking about your own devices recording and spying on you, without your consent.


> Don't put it on a computer, don't say it within earshot of a computer, and don't have it visible to any computer's camera: getting pretty impossible to follow this advice.

I predict an increase in the number of golfers and boat enthusiasts in my lifetime.


>boat enthusiasts

Boat enthusiast here, I'm afraid even that'll be a struggle! I'm planning to move onto a sailing yacht fairly soon and carry on my job as a backend web developer, mobile internet is good enough to make this viable and things like Starlink will make it even easier in the coming years.

I suppose you can still turn off the telescreen if you want to though, if you sail out of range of mobile towers and turn everything off you can hide from the world pretty effectively.


I hate to break it to you all, but there are computers in the sky now, too.


I'm fairly sure you'd have to piss off an intelligence service for them to bother spying on you personally with a satellite though, which isn't exactly part of the threat model for people who simply want to avoid "casual" privacy invasions from things like mobile networks.


Yeah sure, that was some great intel from computers in the sky during our last drone strike in Kabul that killed a humanitarian NGO and his family. [1]

[1] https://www.nytimes.com/2021/09/13/us/politics/pentagon-dron...


Cheers! And when you come to port for a round of 18 it's perfectly normal to just leave your phone in the car or on the cart. Easy to have a great one on one conversation away from everything while standing around on the putting green.

Makes sense why so many business and political deals are made on the golf course when you start thinking about the meta aspects of having no paper trail or being vulnerable to eavesdropping secretarial eyes & ears or some all-listening tech-panoptican.


> I predict an increase in the number of golfers

You mean people who think they're safe because they don't realize they're in the earshot of another player's/random jogger's smartphone?

(I'm totally thinking of a scene from Person of Interest, 4x12, when a character hides in a park and makes a call over satellite phone, to talk out of earshot of a malicious AI surveilling everyone, only to be spotted by it through a smartphone of a passing cyclist. Can't find any video clip of to link here, though.)


Boats are increasingly tracked by satellites.


How do I turn off my existence?


Psychedelics?


You just suggested what could be an interesting idea: what if we could give "the google database/engine" the equivalent of a psychedelic? What would that even look like? What could the results be?


telepathic critterdrug?


Eric Schmidt also said in a interview back when Google was starting up that they wanted to get Google right up to the "creepy line" but not cross it. This interview was also put in a documentary called "The Creepy Line." I'll see if I can find the interview though and link it to this comment.

Edit: https://invidious.snopyta.org/watch?v=mpmOL-MT5lQ



Nice, yt-dlp is able to download that video.


It must be someone else because Eric Schmidt’s quote was more akin to victim blaming: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

https://www.eff.org/deeplinks/2009/12/google-ceo-eric-schmid...


This really handicaps your ability to use it as the powerful tool that it is though. I wish this was a real option.


Sadly this reads like 'Yet you choose to live in a panopticon.'


Where’s a startup selling Kaczynski shacks when you need one?


So there's a record of everyone they sell a shack to? Come on. You gotta build your own Kaczynski shack. Amateur hour over here.


Your non-proffesional bulk purchases of wood and/or logging equipment, as well as subsequent reduction of general consumer goods consumption has registered you as a 'potential kaczynski shack owner'.


If you pay cash and get it from out of town I don't see how they'd track you, unless the lumber store is doing facial recognition and uploading that data somewhere.

Maybe we need straw buyers for lumber?


You think LEO only asks Google for location data, and not, for example, On-Star or auto OEMs?


Serious question: are there links about the data your car keeps on you (if any)? I'm not talking about if you use Google or other web location services.

I've done some cursory asking around and found nothing. I would think the real problem is that every car manufacturer and every model year is different.


Try starting with these people.

https://cccis.com/

Follow the insurers.


What is really surprising is law enforcement actually investigated a burglary and went as far as requesting data from Google.


I’m guessing the victim was in law enforcement.


At some point it's going to click that the issue isn't the technical confidentiality of data, it's the people who leverage it against you (and those who enable them) who are the real problem.


Well, yes, but if you go after the people in the news, all the random data brokerage companies in the shadows get off scot-free and continue doing their own data harvesting. You also can't punish people for leveraging data against you if there's no law for either holding such data or using it for societally-bad purposes.


1. Turn off Google location history.

2. Disable all Google apps' access to your location.

3. Disable Android's "high accuracy location" if possible in your Android version. This little snitch collects terrifyingly precise "anonymized" location information fused with device sensors.

Do not accept surveillance in the name of convenience. And don't let Google normalize even more intrusion into our lives. Don't use their services.


And, I might add, consider GrapheneOS and CalyxOS as alternative operating systems for your Pixel phone.

https://grapheneos.org/ https://calyxos.org/

GrapheneOS is more security-focused, CalyxOS is more privacy-focused, and they're both a step in the right direction.


GrapheneOS isn't less focused on privacy than security or than the other one. They recently made a thread addressing this:

https://twitter.com/GrapheneOS/status/1424412990074494979


You're probably right. They have different philosophies and threat models.


4. Replace your Android device with an iPhone.


And whenever you sign into any Google app or service, delete all Google cookies afterwards, to prevent the automatic shared sign-in into Google Search.

Fuck that scummy pattern really.


I actually prefer auto-sign in. I don’t want to do the whole 2-factor rigmarole in a dozen different apps. Perhaps they can make it an option though.


I've always had the habit of keeping Location services turned off while not in use, to conserve my phone's battery. Guess it's a privacy requisite now.

I also remember having a habit of keeping mobile data off during the 3G days. Guess it's not feasible anymore.


That does practically nothing for your privacy, because you're still connected to the base station tower which keeps logs of your phone roaming between base stations. And in more populated areas, the base stations are dense enough to be pretty accurate about where you were. Requests for cell tower log dumps are very common these days.

The solution here is for governments to ban this kind of bulk data requests without warrant and not for you to fight a losing battle against your own police force.


Disclaimer: I'm a Googler, but thankfully not dealing with any of this.

Well, it won't stop the police. But the accuracy is lower, increasing the number of people that match the geofence. That changes the cost-benefit of asking for such a warrant.


It might be just my eastern european paranoia, but this just makes it easier for the authorities to put you into a place they want you to be, not harder.


Which is better depends on if your threat model is them targeting you specifically and then looking for pretexts or them deciding they want to target you specifically when looking through the contents of the dragnet.


I'm sure they can think up an excuse to not let you use your own location data.


>The solution here is for governments to ban this kind of bulk data requests without warrant and not for you to fight a losing battle against your own police force.

That and a faraday bag.


> I also remember having a habit of keeping mobile data off during the 3G days. Guess it's not feasible anymore.

The biggest problem I've found lately with cell data off is that group texting breaks in weird ways. Most group texting is apparently MMS based, which is "Here's a text telling the phone to go download something from somewhere." If you've got data off, those end up queued weirdly, and can make group messages appear radically out of order when you get a data connection again.

Group texting is hard when you get into the weeds of it.


Its only a matter of time before the wrong people get their hands on all the data that big tech has been unscrupulously mining for years now. An authoritarian's wet dream.

Im typically a minimal regulation kind of guy but these orgs have consistently demonstrated that without some sort of effective privacy regulation, modern tech companies simply do not have enough incentive to self-regulate with respect to data collection. Laymen are too ignorant to demand better from the modern data cartel.


That's what you have in Russia, operators are obliged to collect and store vast amounts of data under the SORM laws, and then bellingcat were able to access all this data in their investigations, that's how they got the location trail of the agents that shaddowed and poisened Navalny (and others). Bellingcat got all that data from a black market on data, where low profile employees are selling access to all this gathered data for a couple of dimes, see [3]. I wonder if a similar black data market is already in place in other countries...

https://en.wikipedia.org/wiki/SORM

https://en.wikipedia.org/wiki/Bellingcat#Poisoning_of_Alexei...

[3] https://www.bellingcat.com/resources/2020/12/14/navalny-fsb-...


Data brokers have been building detailed personal profiles of everyone for fifty years. The Googles are just the new kids at the party. A major reason we don't have strong data privacy law is to protect this business model and maintain the surveillance apparatus it enables.


I think there are generic non-surveillance reasons as well. Whenever an industry gets big enough (tobacco, oil, advertising) it can have enough momentum and capital to have its interests protected by the state to a degree that anything short of an energized mass movement will fail to see these industries regulated (a good example of such a movement having some success is tobacco.)


Most people don't know the names of the worst offenders.


This has already happened. A catholic newspaper bought commercial location and app data and used it to out a gay priest who was forced to resign. They broke the joke "privacy protections" by knowing his home, office, and a conference he went to. https://arstechnica.com/tech-policy/2021/07/catholic-priest-...


> Its only a matter of time before the wrong people get their hands on all the data that big tech has been unscrupulously mining for years now. An authoritarian's wet dream.

This is typically my go to for any discussion regarding privacy apathy. Citing things like the NSA's "Total Information Awareness" and "Nobody But Us" attitudes also does well to tie into this.


some sort of effective privacy regulation

Anyone who tries to do effective privacy regulation at the political level will be condemned as enabling crime, by the very same people that say they're very angry about their liberties being eroded and willing to shoot people over it.


does it work both ways? can i present this data as an alibi when i need one? if its not deemed accurate for that why would it be considered for evidence? and if it is that seems like free alibis for everyone guilty or not ;)


Which do you think is more important? Needing to present an alibi in the case of you being wrongly accused? Or needing to conceal your actions in a world where something new has been made illegal?


Which do you think is more important? An innocent person being able to prove their innocence, or a criminal being able to conceal their crimes?

The entire millenium-old body of law surrounding what rights you have when dealing with the police exists in order to protect the innocent, not the guilty.

Things like warrants don't exist to make it impossible for the police to do their work. They exist to make it so that they spend less[1] time harassing people who have done nothing wrong. It's difficult to frame the police scooping up data that a third party has on you as harassment.

[1] But not no.


>or a criminal being able to conceal their crimes?

What if I made something that you like to do illegal? Now you are a criminal concealing their crimes. Now your tech works against you and you must comply.

I absolutely agree with erring on the side of letting criminals get away with more if it means preserving privacy. No alibi safety net is worth trading away your privacy.


> What if I made something that you like to do illegal?

Pointless red herring. For any law, we can find someone that doesn't like it. Building an argument about police powers from that is building on quicksand.

Unless you mean to do away with law, and the concept of crime in general.


You missed the point of me saying that which was a response to your flippant "protecting criminals is bad" suggestion. Many crimes are only crimes not because the oppose some fundamental morality, but because some legislators felt like making them crimes.

I noticed you didn't address my point around erring on the side of not infringing on privacy however. Does this mean that you agree?


No, I get your point. Your point is a red herring. You're arguing that "Because law is arbitrary, police powers should be restricted."

That's not a valid argument. You don't get to pick and choose law. You either get the whole package, or nothing.

Police powers are completely orthogonal to this question.

The reason they are restricted by law is not so that law is more difficult to enforce. The barristers that have drafted all this precedent over the centuries did not do so with the goal of 'Man, wouldn't it be great if we made a copper's job difficult!"

The reason police powers are restricted by law is, as said earlier, to reduce the impact on how much police work should harass the innocent. The law doesn't recognize that there are parts of it that are arbitrary and optional. It either applies in its entirely, or doesn't.

As long as you focus on the harm to the criminal, you're framing your argument in an odd way. You're much better off building your argument in a way that focuses on harm to the innocent.

> I noticed you didn't address my point around erring on the side of not infringing on privacy however. Does this mean that you agree?

I didn't address it, because your argument lacks qualification, which makes it possible to take it to absurd conclusions.

If you believe privacy is an absolute good that cannot be infringed in any situation, then you get absurdity, like the police being unable to search an apartment that the neighbors have reported hearing gunshots from. (Because, heaven forbid, the occupants thereof may not be actually guilty of any crimes.)

If you don't believe that, then you're going to have to quantify your argument, with a basis for when you believe it is appropriate for the police to infringe on someone's privacy. You're then going to have to explain how its consistent with actual pre-digital legal precedent. You're then going to have to explain how your scaffolding leads to an outcome inconsistent with how policing is currently done in the digital world.

You've got a lot more work to do to make a coherent argument then simply saying "I believe privacy trumps solving crime," before I can respond to it.


>You're arguing that "Because law is arbitrary, police powers should be restricted."

No. I'm arguing that because laws can be arbitrary, we should err on the side of protecting criminals when difficult decisions around privacy are at play. I don't know why you insist on strawmanning absurd forms of what I am saying.


> No. I'm arguing that because laws can be arbitrary, we should err on the side of protecting criminals when difficult decisions around privacy are at play.

I'm probably 'strawmanning' it because your argument is utterly incomprehensible, given that it is entirely inconsistent with the purpose of the law.

The purpose of the law is not to protect the guilty from the legal consequences of things that they have done. You seem to think that it should be. This is utterly baffling. If you don't want people held accountable for crime, then strike those crimes from the criminal codex.


i just tried to point out this data should be useless for prosecution. this could easily be faked to make up an alibi when you are correctly accused of something.


In the US you are innocent until accused. Police organizations and the FBI love to come in and question the people around you with very pointed questionnaires that can make it seem like you are a very bad person.

The number of guilty people that get off by it would be irrelevant compared to the number of innocents that become stigmatized by their peers.


The former is more important. At least in the U.S., ex post facto laws are unconstitutional, so you don't have to worry about concealing past actions when something new is made illegal.


Strong disagree and I think you're looking at it at too small of a scale. Your phone monitoring your location is a placeholder for tech knowing what you do in your private life. The tech is just going to get better than your phone.

Put it this way, if you had cameras watching you every moment of your life, you could have the perfect alibi for anything. But you would never be able to do anything considered illegal again, for whatever definition of "illegal."


But ex post facto shifts in what is publicly acceptable are common, opening up possibilities for blackmail or negative life consequences (like being denied jobs, housing, ...).


Rant:

Ugh. People still don't grok the privacy situation wrt law enforcement. Here's me trying yet again trying to convey my understanding.

Our prior legal notions are moot when the "dragnet" is the entire planet, encompassing all people for all space and time.

Folk understanding of legal notions like probable cause, reasonable doubt, burden of proof, innocent until proven guilty, alibis, etc. no longer apply.

Identifying suspects and checking their alibis is obsolete. Law enforcement will use big data to rule out non-suspects. Then whoever is left must be the perp.

In the case of Zachary McCoy in this article, LE found a match. What I'm saying is in the near future, LE will rule out non-matches. So if LE can't establish an alibi for you, globally, you're a potential suspect.

Reverse strategy, same end result. But bigger scope.

In the mid-aughts, law enforcement was already using warehoused demographic data to solve cold cases. Imagine how much better they can do their job today. (And yet so many crimes go unsolved. All the downside of forfeiting our privacy, none of the benefits. Infuriating.)

ACLU's objection to Apple's CSAM effort hit HN's front page last week. Perfect example of preparing to fight the last war.

The ACLU, like most everyone else, still hasn't internalized what's happening/happened.

Forgive me, I still can't articulate my notions about privacy very well. Despite 20+ years of effort. Even when I try talk to other privacy advocates. When I try to simply example the technical capabilities of various players, and what that might mean, I'm dismissed as "paranoid, sweaty kook". (Actual quote from a local newspaper.)

When I write that I don't know what privacy even means any more, I'm dead serious. My only kindred spirit, matching my pessimism, has been Shoshana Zuboff (author of Surveillance Capitalism).

I remain open the possibility that I am in fact insane.


You are not insane.

The part you have trouble articulating I think revolves around 3rd Party Doctrine, and the complete seeming death of professional discretion. When I was growing up, you wanted to keep records? Paper, or get out. So people only tracked the important things. Queries happened at the speed of a human being able to synthesize information, etc. Further, if you wanted to cross-reference different sources, you were doing footwork, which meant you were doing that one thing at a time.

Nowadays, we've massively parallelized the data collection, classification, cleaning, organizing, and cross-referencing to the degree that about the only thing standing in your way is learning the names of providers with the juiciest datasets.

The Internet did it's original job maybe a bit too well. Information is propagated without any sense of discretion in the name of financial viability.

Walking things back... Well... The only option is to destroy the data itself. By it's very existence, by collecting it, it destroys any semblance of privacy.

Cellular technology in particular is a glaring example of a set of data that never should have been made queryable, but here we are.


Phones are a liability.


>> Phones are a liability

them: I'd like you to carry this tracking device with you everywhere you go. It tracks your location down to a few meters. It tracks who you talk to and records your conversations. It tracks what you spend your money on. It sends us all this information, we save it, and provide it to the government when they ask. How about that?

us: That's Orwellian. It's a complete violation of privacy and likely illegal. I would never consent to that.

them: You can take selfies with it and play Cow Clicker on it.

us: I'll give you $500 for it.

them: There's a more expensive version where when people message you you can see if they are using the cheap version or the expensive version.

us: I'll give you $1000 for the expensive version.

them: The "pro" version takes better selfies.

us: I'll give you $1500 for the "pro" version.

them: You can only store 75,000 selfies on the "pro" version but you can upgrade to storage for 300,000 selfies.

us: I'll give you $2000 for the upgraded version.

them, 6 months later: There's a new tracking device out, it's the same as the one you have but it comes in Sierra Blue.

us: I'll give you another $2000.

them: But wait! There's more!


Especially for criminals.


Like homosexuals, insulters of the King, and apostates.


…or anyone who opposes the politics of the current regime.


Is this only unique to Google?

Serious question - I switched from google to iPhone exactly for the tracking reasons, but I would think that apple does have similar data - if you have weather widget it must ping something, same thing with Maps and that’s not even accounting if you allow gps to set your time zone or collect traffic data.

Are the cops not searching apple data? Is it just not public enough? Or is the data pretty poor even if they wanted to search but can’t.


According to this from 2018, no, Apple isn't storing that data. At least if this release is comprehensive, and it seems to be.

https://www.zdnet.com/article/apple-data-collection-stored-r...


In theory this data is also available from carriers. But Google can keep record of your gps if you enable that. I think switching to apple is a bit of overreaction over this. You are able to disable location tracking on Google.


Yes, you can, but then you can’t use google assistant, not even to dial your favorite contacts and you constantly get harassed by google to enable it, this was also on a pixel phone.

Google assistant couldn’t even make a call with the allo app, there were many reasons I switched. Actually I was always and iPhone user and tried pixel 2 for a few month and that was it.


You can restrict retention to three months as a compromise.


as far as GPS, you can just turn off location tracking on iPhone when you don't need it. they make it more work than it should be, but it's not hard, and it is amazing for battery life.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: