recentpopularlog in

charlesarthur : location   25

Amazon and Apple are quietly building rival networks that know where everything is • WIRED UK
Sophie Charara:
<p>it's clear that both Amazon and Apple have embarked on similar missions to extend their control of their customers' connectivity in and around the home. Amazon's Sidewalk, which operates on the 900MHz band typically used for amateur radio and emergency services, and Apple's close-range, ultra-wideband positioning with the U1 are designed to get Amazon out of the home and Apple inside it. Or at least give each company more power in their respective weak areas.

Amazon dominates Google and Apple's smart-home ecosystems with a base of controllers, sensors and routers, but it abandoned designs on Fire phones years ago; now its Echo Buds and experimental smartglasses are breaking out of the home.

Apple, meanwhile, still doesn't have the third-party hardware compatibility of its rivals inside the home with HomeKit, but, despite slowing sales, can't be matched for tight control over software and services on its iPhones, not to mention its existing initiatives around spatial positioning and location like Bluetooth iBeacons.

Many a promising Internet of Things protocol has vowed to fill the gaps between Wi-Fi, Bluetooth and cellular but failed to get off the ground, most recently Thread, which is backed by a consortium including Google, Qualcomm and Samsung. Both Amazon and Apple have the hardware scale, though, to build up the base of access points needed to create a useful network before reaching out to, most likely, iOS developers in Apple's case, and hardware makers already on board with Alexa in Amazon's case…

…Why so muted then from the two tech giants? Amazon's Dave Limp described Sidewalk, which has launched for developers, as in the "very early" stages, and Apple, too, hasn't announced any partners for its indoor positioning yet. In fact, even its own long-rumoured Tag tracker, similar to Tile's devices, which was said to use the same network of UWB devices as the AirDrop feature instead of Bluetooth and GPS, didn't make an appearance at the Cupertino launch in September.

It could be that with the privacy-focused techlash of recent years, both are treading carefully in the launch stages. Just look at how Amazon's acquisition of mesh networking company eero was received earlier this year or the widespread interest in Huawei's level of involvement with 5G networks. Location tracking in particular is currently the focus of much more granular controls in iOS 13 and Android 10 than ever before.</p>
apple  amazon  location 
14 days ago by charlesarthur
Ten years on, Foursquare is now checking in to you • NY Mag
James D. Walsh on the "I'm the mayor of..." company's pivot to a business-to-business model, which it made in 2014:
<p>It projected iPhone sales in 2015 based on traffic to Apple stores and, in 2016, the huge drop in Chipotle’s sales figures (thanks to E. coli) two weeks before the burrito-maker announced its quarterly earnings. (It also used its data to show that foot traffic to Trump properties began declining after he announced his presidential campaign, and that traffic to Nike stores increased after the Colin Kaepernick ad.)

Co-founder and executive chairman Dennis Crowley says the human check-ins gave Foursquare engineers and data scientists the ability to verify and adjust location readings from other sources, like GPS, Wi-Fi, and Bluetooth. As it turns out, the goofy badges for Uncle Tony that made Foursquare easy to dismiss as a late-2000s fad were an incredibly powerful tool. “Everyone was laughing at us, ‘Oh, what are you, just people checking in at coffee shops?’” Crowley says. “Yeah, and they checked in billions of times. So we had this corpus of data, an army of people, who every day were like, ‘I’m at Think Coffee.’ ‘I’m at Think Coffee.’ ‘I’m at Think Coffee.’” Because of the “corpus” of data generated by people like Uncle Tony, Foursquare knows when the dimensions of storefronts change and can tell the difference between an office on the eighth floor and one of the ninth floor.

In addition to all of those active check-ins, at some point Foursquare began collecting passive data using a “check-in button you never had to press.” It doesn’t track people 24/7 (in addition to creeping people out, doing so would burn through phones’ batteries), but instead, if users opt-in to allow the company to “always” track their locations, the app will register when someone stops and determine whether that person is at a red light or inside an Urban Outfitters. The Foursquare database now includes 105 million places and 14 billion check-ins. The result, experts say, is a map that is often more reliable and detailed than the ones generated by Google and Facebook.</p>
advertising  privacy  foursquare  location 
6 weeks ago by charlesarthur
New York City to consider banning sale of cellphone location data • The New York Times
Jeffery Mays:
<p>Telecommunications firms and mobile-based apps make billions of dollars per year by selling customer location data to marketers and other businesses, offering a vast window into the whereabouts of cellphone and app users, often without their knowledge.

That practice, which has come under increasing scrutiny and criticism in recent years, is now the subject of proposed legislation in New York. If passed, it is believed that the city would become the first to ban the sale of geolocation data to third parties.

The bill, which will be introduced on Tuesday, would make it illegal for cellphone companies and mobile app developers to share location data gathered while a customer’s mobile device is within the five boroughs.

Cellphone companies and mobile apps collect detailed geolocation data of their users and then sell that information to legitimate companies such as digital marketers, roadside emergency assistance services, retail advertisers, hedge funds or — in the case of a class-action lawsuit filed against AT&T — bounty hunters.

“The average person has no idea they are vulnerable to this,” said Councilman Justin L. Brannan, a Brooklyn Democrat who is introducing the bill. “We are concerned by the fact that someone can sign up for cell service and their data can wind up in the hands of five different companies.”</p>

Just me, or is it madness that NYC is only the first, and that this is only "proposed" legislation which, the story says, will be strongly opposed by the ad tech industry "which has a strong presence in the city". Make their execs' location data public, let's see how they feel about it then.
security  location  mobile  nyc 
12 weeks ago by charlesarthur
On TikTok, teens meme Life360, the safety app ruining their summer • WIRED
Louise Matsakis:
<p>Apps like Life360 can give kids and parents a sense of security, but they also raise questions about privacy and children’s autonomy. And on TikTok, teenagers are discussing and debating them. Videos with the hashtag #Life360 have been viewed there over 13 million times. In some of the most popular clips, teens share with each other strategies for circumventing the app, usually by turning off various phone settings. Other videos are less practical and serve more as a form of venting. In one recording with more than 30,000 likes, a photo of Life360’s founder and CEO Chris Hulls appears onscreen, while a rap song with the lyrics “Snitch, snitch, the snitch, the snitch, snitch” plays.

“I think it’s completely unfair and detrimental to teenagers if their parents use this app on them regularly,” said a 16-year-old boy from Texas who, like all the young people in this story, was contacted via social media and requested anonymity to talk freely about his family. “I spend most of my time texting my parents about what’s going on rather than spending time with my friends.”

Other teens are more understanding of their parents’ use of the app but think Life360 is too invasive. “If I am going a little over the speed limit on the freeway just to keep up with traffic, my parents freak out,” said a 16-year-old girl from California. “I understand where my parents are coming from, but I believe that the app has too many features that make it over the top.”</p>

Gives a new meaning to helicopter parenting.
location  life360  parents  children  socialwarming 
july 2019 by charlesarthur
Why bother with What Three Words? • Terence Eden’s Blog
The aforesaid Eden has some problems with the system that's meant to make your life easier:
<p>W3W splits the world into a grid, and gives every square a unique three-word phrase. So the location 51.50799,-0.12803 becomes ///mile.crazy.shade

Brilliant, right?

No. Here's all the problems I have with W3W.

1) It isn't open<br />The algorithm used to generate the words is proprietary. You are not allowed to see it. You cannot find out your location without asking W3W for permission. If you want permission, you have to agree to some pretty long terms and conditions. And understand their privacy policy. Oh, and an API agreement. And then make sure you don't infringe their patents. You cannot store locations. You have to let them analyse the locations you look up. Want to use more than 10,000 addresses? Contact them for prices! It is the antithesis of open.

2) Cost<br />W3W refuses to publish their prices. You have to contact their sales team if you want to know what it will cost your organisation. Open standards are free to use.

3) Earthquakes<br />When an earthquake struck Japan, street addresses didn't change but that their physical location did.

That is, a street address is still 42 Acacia Avenue - but the Longitude and Latitude has changed.
Perhaps you think this is an edge case? It isn't. Australia is drifting so fast that GPS can't keep up.
How does W3W deal with this? Their grid is static, so any tectonic activity means your W3W changes.</p>

There's also a few others - the internationalisation one is pretty big. I still don't see it getting traction; we just send each other location blobs these days, and Google Maps is pretty much universal.
location  geolocation  geography  what3words 
march 2019 by charlesarthur
Home Office uses debit cards to spy on asylum seekers • The Times
Marc Horne:
<p>Individuals seeking asylum in Britain are issued with prepaid Aspen debit cards, allowing them to spend £35 a week on food, clothes and toiletries.

It has been discovered that the microchipped cards are being used to monitor people’s movements and are revoked if they leave their “authorised city”, the place where they are being given temporary housing. More than 27,000 cards have been issued but fewer than 200 people have been penalised for breaching the condition.

The Home Office confirmed that the cards were being used to track users and a spokesman said: “We are able to access and examine data from the cards on transaction value, point of sale location, date of transaction, retail outlet and ATM location.”

They confirmed that 186 people had their support stopped last year “as a result of a referral regarding the Aspen card usage”…

Stuart McDonald, the SNP [Scottish National Party] spokesman on asylum and immigration, said that the policy was a grossly invasive failure. “The limited information the Home Office has finally been prepared to make public shows that this mass surveillance has found a ‘breach in conditions’ in less than 1 per cent of cases,” he said. “Tens of thousands of people have been monitored in a grossly invasive way to achieve virtually nothing.</p>

It's only "grossly invasive" if they watch precisely what people are doing all the time, yes? This seems to pick up exceptions. Unless there are people looking at the locations of the transactions. But that seems like overkill, especially given the tiny number of breaches.
asylum  cards  location 
march 2019 by charlesarthur
You may have forgotten Foursquare, but it didn’t forget you • WIRED
Paris Martineau:
<p>Ask someone about Foursquare and they’ll probably think of the once-hyped social media company, known for gamifying mobile check-ins and giving recommendations. But the Foursquare of today is a location-data giant. During an interview with NBC in November, the company’s CEO, Jeff Glueck, said that only Facebook and Google rival Foursquare in terms of location-data precision.

You might think you don’t use Foursquare, but chances are you do. Foursquare’s technology powers the geofilters in Snapchat, tagged tweets on Twitter; it’s in Uber, Apple Maps, Airbnb, WeChat, and Samsung phones, to name a few. (Condé Nast Traveler, owned by the same parent company as WIRED, relies on Foursquare data.)

In 2014, Foursquare launched Pilgrim, a piece of code that passively tracks where your phone goes using Bluetooth, Wi-Fi, GPS, and GSM to identify the coffee shop or park or Thai restaurant you’re visiting, then feeds that data to its partner apps to send you, say, an offer for a 10 percent off coupon if you leave a review for the restaurant. Today, Pilgrim and the company’s Places API are an integral part of tens of thousands of apps, sites, and interfaces. As Foursquare’s website says, “If it tells you where, it's probably built on Foursquare.”</p>

Not only not gone away; it has big ambitions.
foursquare  location 
march 2019 by charlesarthur
DuckDuckGo taps Apple Maps to power private search results • Spread Privacy
<p>We're excited to announce that map and address-related searches on DuckDuckGo for mobile and desktop are now powered by Apple's MapKit JS framework, giving you a valuable combination of mapping and privacy. As one of the first global companies using Apple MapKit JS, we can now offer users improved address searches, additional visual features, enhanced satellite imagery, and continually updated maps already in use on billions of Apple devices worldwide.

With this updated integration, Apple Maps are now available both embedded within our private search results for relevant queries, as well as available from the "Maps" tab on any search result page.</p>

DDG is still miniscule compared to Google, but it's profitable and not going away any time soon. This is a clever way to enhance its "privacy" story.
apple  duckduckgo  location  maps 
january 2019 by charlesarthur
Your apps know where you were last night, and they’re not keeping it secret • The New York Times
Jennifer Valentino-Devries, Natasha Singer, Michael Keller and Aaron Krolik:
<p>More than 1,000 popular apps contain location-sharing code from such companies, according to 2018 data from MightySignal, a mobile analysis firm. Google’s Android system was found to have about 1,200 apps with such code, compared with about 200 on Apple’s iOS.

The most prolific company was Reveal Mobile, based in North Carolina, which had location-gathering code in more than 500 apps, including many that provide local news. A Reveal spokesman said that the popularity of its code showed that it helped app developers make ad money and consumers get free services.

To evaluate location-sharing practices, The Times tested 20 apps, most of which had been flagged by researchers and industry insiders as potentially sharing the data. Together, 17 of the apps sent exact latitude and longitude to about 70 businesses. Precise location data from one app, WeatherBug on iOS, was received by 40 companies. When contacted by The Times, some of the companies that received that data described it as “unsolicited” or “inappropriate.”

WeatherBug, owned by GroundTruth, asks users’ permission to collect their location and tells them the information will be used to personalize ads. GroundTruth said that it typically sent the data to ad companies it worked with, but that if they didn’t want the information they could ask to stop receiving it.</p>

Is it just me, or does it feel like <a href="">this story comes around every couple of years</a>? (That's 2011 in case you don't want to follow the link, and the first time this was big.)
apps  location 
december 2018 by charlesarthur
Your smartphone’s location data is worth big money to Wall Street • WSJ
Ryan Dezember:
<p>Thasos gets data from about 1,000 apps, many of which need to know a phone’s location to be effective, like those providing weather forecasts, driving directions or the whereabouts of the nearest ATM. Smartphone users, wittingly or not, share their location when they use such apps.

Before Thasos gets the data, suppliers scrub it of personally identifiable information, Mr. Skibiski said. It is just time-stamped strings of longitude and latitude. But with more than 100 million phones providing such coordinates, Thasos says it can paint detailed pictures of the ebb and flow of people, and thus their money.

Alex “Sandy” Pentland, a Massachusetts Institute of Technology computer scientist who helped launch Thasos, likens it to a circulatory system: “You can look at this blood flow of people moving around.”

…Thasos won’t name its clients, but Mr. Skibiski says it sells data to dozens of hedge funds, some of which pay more than $1m a year. Thasos’s largest investor is Ken Nickerson, who helped build PDT Partners into a quantitative-investing mint inside Morgan Stanley .

This month, Thasos is set to start offering data through Bloomberg terminals. A measure of mall foot traffic will be widely available; detailed daily feeds about malls owned or operated by 30 large real-estate investments trusts cost extra.</p>
smartphone  location  data 
november 2018 by charlesarthur
Report: only 1% of exchange location data useful for offline attribution • MarTech Today
<p>The debate about the relative accuracy and value of location data derived from the exchange bid-stream and that derived from first-party apps has been raging for about three years, with partisans on each side. First-party data is more accurate but less plentiful; third-party location data is much more available but often very polluted or inaccurate.

The latest missive in this debate comes from Placed, a location analytics company recently acquired by Snap. The company just issued a <a href="">report</a> (registration required) on location accuracy.

Exchange-derived location data usable for in-store attribution<br />
<img src="" width="100%" /><br />Source: Placed (2017)

The often-technical report asserts that “the average accuracy of exchange-derived locations is over 4 New York City blocks.” It also finds that “only 1 percent of locations from bid requests are useful for in-store measurement (based on a location accuracy < 50 meters)." Bid-stream location data comes from multiple sources including GPS, cell towers, WiFi and IP addresses, but it rarely comes from the device itself. The report goes on to critique location data coming from exchanges on multiple fronts. Among the criticisms, which all go to the accuracy and utility of the bid-stream data, are the following:

• 80% of bid requests are made while people are between visits — and most of the rest are made at home (so of limited value for attribution).<br />• Bid stream data overindexes on location data from certain categories (e.g., Lodging, and Gyms & Fitness Centers), likely due to readily available WiFi combined with extended time spent at a given business.<br />• Key retail categories such as Fashion, Sporting Goods and Computers & Electronics are under-represented in bid data.</p>

That's for offline, but of course for online it's going to be a lot bigger.
google  location  marketing 
october 2018 by charlesarthur
There’s a simple fix, but Grindr is still exposing the location of its users • Buzzfeed
Nicole Nguyen:
<p>In a post published Thursday, the website Queer Europe detailed how easy it is to find any Grindr user’s location using an app called Fuckr, which employs a technique called “trilateration” to find users. Fuckr, which can be downloaded for free and is not affiliated with Grindr, is built on top of unauthorized access to Grindr’s private API, or “application programming interface,” which provides Fuckr with information in Grindr's database.

Grindr is not deliberately revealing the locations of its users. But the “incredibl[y] high level of precision” of the distance data Grindr collects and shares allows apps like Fuckr to pinpoint users’ whereabouts, according to security researcher Patrick Wardle.

GitHub, which has hosted the Fuckr repository since it was released in 2015, disabled public access to the app shortly after the Queer Europe post published, citing Fuckr’s unauthorized access to the Grindr API. However, dozens of “forks” (modified versions) of the app are still available on GitHub. Queer Europe also confirmed to BuzzFeed News that the Fuckr application remains operational and can still make requests for up to 600 Grindr users’ locations at a time. Neither Grindr nor Github responded to request for comment about Fuckr’s takedown.</p>

Leaky apps are so 2010.
grindr  location  apps 
september 2018 by charlesarthur
Google’s location privacy practices are under investigation in Arizona • Washington Post
Tony Romm:
<p>Google's alleged practice of recording location data about Android device owners even when they believe they have opted out of such tracking has sparked an investigation in Arizona, where the state's attorney general could potentially levy a hefty fine against the search giant.

The probe, initiated by Republican Attorney General Mark Brnovich and confirmed by a person familiar with his thinking but not authorized to speak on the record, could put pressure on other states and the federal government to follow suit, consumer advocates say — although Google previously insisted it did not deceive consumers about the way it collects and taps data on their whereabouts.

The attorney general signaled his interest in the matter in a public filing that indicated the office had retained an outside law firm to assist in an investigation. The document, dated Aug. 21, said the hired lawyers would help probe an unnamed tech company and its “storage of consumer location data, tracking of consumer location, and other consumer tracking through . . . smartphone operating systems, even when consumers turn off 'location services' and take other steps to stop such tracking,” according to the heavily redacted public notice.</p>

Ooh, a fine. That'll so hurt.
Google  location  arizona 
september 2018 by charlesarthur
Exclusive: Google tracks your movements, like it or not • Associated Press
Ryan Nakashima:
<p>For the most part, Google is upfront about asking permission to use your location information. An app like Google Maps will remind you to allow access to location if you use it for navigating. If you agree to let it record your location over time, Google Maps will display that history for you in a “timeline” that maps out your daily movements.

Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location of suspects — such as a warrant that police in Raleigh, North Carolina, served on Google last year to find devices near a murder scene. So the company will let you “pause” a setting called Location History.

Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude — accurate to the square foot — and save it to your Google account.

The privacy issue affects some two billion users of devices that run Google’s Android operating software and hundreds of millions of worldwide iPhone users who rely on Google for maps or search.

Storing location data in violation of a user’s preferences is wrong, said Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission’s enforcement bureau. A researcher from Mayer’s lab confirmed the AP’s findings on multiple Android devices; the AP conducted its own tests on several iPhones that found the same behavior.</p>

It's amazing. Location tracking comes up as a topic every two years or so, and it's always Google (and sometimes Facebook); Apple has managed to stay out of it since 2010. And then it fizzles away. Jonathan Mayer's involvement is repetitive too: he noted Google hacking Safari's cookies for ad tracking a few years back.
google  location  security  privacy 
august 2018 by charlesarthur
This fitness app lets anyone find names and addresses for thousands of soldiers and secret agents • De Correspondent and Bellingcat
Maurits Martijn, Dimitri Tokmetzis, Riffy Bol and Foeke Postma:
<p>On Saturday, May 9, 2018, a man takes his regular morning run past the Erbil International Airport in northern Iraq. His pace is leisurely; he covers 2.9 miles in 29 minutes and 34 seconds.

On his wrist is a digital activity tracker, the Polar V800.
This is what the Polar V800 looks like. It records his speed, distance traveled, and calories burned over the course of his run.

The man – let’s call him Tom – is a Dutch soldier, part of the Netherlands’ Capacity Building Mission in Iraq. The CBM is encamped near the Erbil airport. Since 2015, this base has been one of the key locations from which the war against the terrorist group Islamic State is being waged.

We are absolutely not supposed to know who Tom is and where he’s stationed. And we most definitely shouldn’t know where Tom lives.

Yet the activity tracking map in Polar’s fitness app lets us see that many of Tom’s runs start and end near a cluster of homes in a small town in the northern Netherlands. A little Googling gives us his exact address. We also find the names of his wife and children, and photos.

Last Friday, Polar took its user activity map offline and published a short statement on its website. The company emphasizes that users have consciously chosen to share their activities on the map: the default setting is to keep all workouts private. We asked if this feature has always been opt-in rather than opt-out; the company hasn’t yet answered us. According to Polar, only 2% of its users share workouts on the activity map.</p>

Just like Strava, basically.
fitness  location  doxing  polar 
july 2018 by charlesarthur
Google to fix location data leak in Google Home, Chromecast • Krebs on Security
Brian Krebs:
<p>Craig Young, a researcher with security firm Tripwire, said he discovered an authentication weakness that leaks incredibly accurate location information about users of both the smart speaker and home assistant Google Home, and Chromecast, a small electronic device that makes it simple to stream TV shows, movies and games to a digital television or monitor.

Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services.

“An attacker can be completely remote as long as they can get the victim to open a link while connected to the same Wi-Fi or wired network as a Google Chromecast or Home device,” Young told KrebsOnSecurity. “The only real limitation is that the link needs to remain open for about a minute before the attacker has a location. The attack content could be contained within malicious advertisements or even a tweet.”

…When Young first reached out to Google in May about <a href="">his findings</a>, the company replied by closing his bug report with a “Status: Won’t Fix (Intended Behavior)” message. But after being contacted by KrebsOnSecurity, Google changed its tune, saying it planned to ship an update to address the privacy leak in both devices. Currently, that update is slated to be released in mid-July 2018.</p>

The accuracy by this method is to within 10 metres - rather than the 2-3 miles that a typical IP address alone offers. If they get your location, plus an IP, plus some cookies, they've got your identity forever. "They" being advertisers who will want to pursue you on and off the net. Though how does Google Home "go" to a page, exactly?

Krebs suggests putting your IoT devices on a separate intranet from everything else. Quite a struggle.
google  smarthome  location  bug 
june 2018 by charlesarthur
The LocationSmart scandal is bigger than Cambridge Analytica. Here’s why no one is talking about it • Slate
Will Oremus:
<p>Motherboard reported last week that <a href="">Securus had been hacked</a>, with the credentials of 2,800 authorized users stolen, most or all of them presumably working in law enforcement or at prisons. (Securus’ main business involves helping prisons crack down on inmates’ cellphone use.) It’s a safe bet that some of those users had access to the same location-tracking tools that the Missouri sheriff abused.

So how was Securus getting all that data on the locations of mobile-phone users across the country? We learned more last week, when ZDNet confirmed that one key intermediary was a firm called LocationSmart. The big U.S. wireless carriers—AT&T, Verizon, Sprint, and T-Mobile—were all working with LocationSmart, sending their users’ location data to the firm so that it could triangulate their whereabouts more precisely using multiple providers’ cell towers. It seems no one can opt out of this form of tracking, because the carriers rely on it to provide their service.

It gets worse. A Carnegie Mellon researcher poking around on LocationSmart’s website found that he could use a free trial service to instantly pinpoint the location of, well, <a href="">just about anyone with a mobile phone</a> and wireless service from one of those major carriers. He did this without any permission or credentials, let alone a warrant.</p>

And why is it not a big story? Oremus thinks because it's not about Trump getting elected, unlike the Cambridge Analytica story. I disagree: I think it's because we're so used to tracking each other that it has become ordinary. What isn't ordinary - with the Cambridge Analytica story - is foreign interference and dark media aimed at changing peoples' minds.
location  privacy  us 
may 2018 by charlesarthur
Google collects Android users' locations even when location services are disabled • Quartz
Keith Collins:
<p>Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.
The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” the Google spokesperson said in an email. “However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”

It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery. But the privacy implications of the covert location-sharing practice are plain.</p>

Happens even if you use an Android device without a SIM card. Very reminiscent of the collection of Wi-Fi network data by Google Street View in 2010. That was blamed on a rogue engineer, even though the system had to be approved by a manager.
google  privacy  location  data  celltower 
november 2017 by charlesarthur
Even this data guru is creeped out by what anonymous location data reveals about us • Fast Company
DJ Pangburn:
<p>Last fall [Buzzfeed vp of data science, Gilad] Lotan taught a class at New York University on surveillance that kicked off with an assignment like the one I’d given him: link anonymous location data with other data sets–from LinkedIn, Facebook, home registration and mortgage records, and other online data.

“It’s not hard to figure out who this [unnamed] person is,” says Lotan. In class, students found that tracking location data around holidays proved to be the easiest way to determine who, exactly, the data belonged to. “Basically,” he says, “visits to private homes that are owned and publicly registered.”

In 2013, researchers at MIT and the Université Catholique de Louvain in Belgium published a paper reporting on 15 months of study of human mobility data for over 1.5 million individuals. What they found is that only four spatio-temporal points are required to “uniquely identify 95% of the individuals.” The researchers concluded that there was very little privacy even in raw location data. Four years later, their calls for policies rectifying concerns about location tracking have fallen largely on deaf ears.

Lotan worries about the availability of the data. “I think something that is important to tell in this story is how many services have access to this information.”

“There are so many apps on an iPhone that run in the background and persistently track your location. They tell you that, but most people don’t know.”

Some apps do it even when you’ve specifically denied them access (see Accuweather); some have stopped tracking you when you’re not using them but only after user protest (see, recently, Uber). And see the bottom of the story for tips on how to protect yourself.</p>

The tips are basically "turn off location tracking". (Lotan has previously figured here on the topics of <a href="">fake news</a>, <a href="">fake claims over Twitter bots</a>, and the <a href="">strange case of the imaginary Isis attack in Louisiana</a>.)
location  tracking  surveillance 
september 2017 by charlesarthur
London Underground Wifi tracking: here's everything we learned from TfL's official report • Gizmodo UK
James O'Malley on the <a href="">findings from TfL's Wi-Fi pilot tracking scheme</a>:
<p>TfL was also able to see how disruptions impacted stations too: Apparently when mega-congested, the walk times increased from 3 minutes to more than ten minutes. Which creates a whole array of second-order problems for the poor staff on the ground trying to squeeze everyone in.

<img src="" width="100%" />

The wifi data also enables TfL to generate more accurate data on crowding in stations. The above graph compares the number of Oyster touch-ins with wireless device detections over the course of the day.

Previously, how busy a station was could only be measured using Oyster touch in data but there’s a fairly big flaw in using this: There’s a fairly hard limit on how many people can use a set of ticket barriers at any one time. So measuring it by touch-ins doesn’t account for hundreds or thousands of grumpy commuters in the queue.</p>

This is going to be enormously useful for planning. You can see how it might also be helpful for buses; offering free Wi-Fi on buses would serve some of the same purposes. (If you offered it at bus stops, though, you'd get people who didn't intend to get on the bus..)
tracking  data  tfl  london  location 
september 2017 by charlesarthur
How I discovered the first big mobile privacy scandal • Motherboard
Alasdair Allan:
<p>But as Pete [Warden] put it at the time, "The main reason we went public with this was exactly because it already seemed to be an open secret among people who make their living doing forensic phone analysis, but not among the general public."

Apple's immediate response to the story was also perhaps somewhat disingenuous. "The iPhone is not logging your location," it said. "Rather, it's maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested." This ignored that fact that if the phone is storing a list of access points and cell towers around your location then the center of those separate points will be a good approximation of your location. After all, that was the whole point of storing them in the first place. Contrary to Apple's claims in its initial response, the phones continued to store location data even when location services were disabled…

…By 2013, Apple was still collecting location data. But this time they were exposing it in the user interface and allowing users to manage it. These days, locationgate wouldn't even be a story.

Since then, people have become a lot more comfortable with the idea of sharing location data, while at the same time becoming a lot more nuanced about how that data is shared. Recent privacy scandals, such as when Uber updated its app asking users to share their location all the time, even when the app wasn't running—is illustrative. People are OK with their phone tracking their location, but want control over how it's shared.</p>

I had the "newspaper" exclusive on this: Alasdair and Pete had an O'Reilly blogpost, and <a href="">I had a Guardian article</a>, and they went live at the same time. It was a huge, huge story at the time.
apple  location  privacy 
july 2017 by charlesarthur
Baidu uses millions of users' location data to make predictions • New Scientist
Hal Hodson:
<p>Baidu, China’s internet search giant, has shown just what you can learn when you have access to enough location data.

The firm’s Big Data Lab in Beijing has announced that it has used billions of location records from its 600 million users as a lens on the Chinese economy, tracking the flux of people around offices and shops as a proxy measurement for employment and consumption activity. The lab even used the data to predict Apple’s second quarter revenue in China.

We already know that location data is useful,<a href=""> tracking population movements</a> and <a href="">the spread of disease</a>, for example, but this is the first time that a company on the scale of Google, Facebook or <a href="">Baidu</a> has shown its hand. The data generated by their huge user bases gives these companies enormous power and insight that they don’t typically talk about. Academic researchers have great difficulty accessing databases like this. But Baidu can just peer into its own servers. The search giant is saying exactly what it can do with the data, and how much data it has.

First, the researchers hand-labelled thousands of areas of interest &#8211; offices, shopping centres and industrial zones &#8211; across the country. Then they studied the location data &#8211; which runs from the end of 2014 to the middle of 2016 &#8211; to see how many people were at those places at each time, and how that changed through the year…

…Baidu has collated all the data to build an employment index for China, a number that reflects the overall state of the labour market by tracking how many people are visiting industrial, manufacturing and technology zones in the country. The index shows that employment in manufacturing has dipped by roughly 10 per cent in China since 2014, while high tech employment has grown slightly.</p>

Quoted at length because this is quite stunning. Google likely has similar data for the US at least; it knows about footfall traffic via Android phones. The <a href="">full version of the paper is at arXiv</a>.

For Apple, it forecasts the past quarter's revenue as being down by 20% year-on-year. (Apple reports next Tuesday.)
baidu  apple  china  location 
july 2016 by charlesarthur
If you use Waze, hackers can stalk you » Fusion
Kashmir Hill:
<p>Last week, I tested the Waze vulnerability myself, to see how successfully the UC-Santa Barbara team could track me over a three-day period. I told them I’d be in Las Vegas and San Francisco, and where I was staying—the kind of information a snoopy stalker might know about someone he or she wanted to track. Then, their ghost army tried to keep tabs on where I went.

The researchers caught my movements on three occasions, including when I took a taxi to downtown Las Vegas for dinner:

<img src="" width="100%" />

And they caught me commuting to work on the bus in San Francisco. (Though they lost me when I went underground to take the subway.)

<img src="" width="100%" />

The security researchers were only able to track me while I was in a vehicle with Waze running in the foreground of my smartphone. Previously, they could track someone even if Waze was just running in the background of the phone. Waze, an Israeli start-up, was purchased by Google in 2013 for $1.1 billion. Zhao informed the security team at Google about the problem and made a version of the paper about their findings public last year. An update to the app in January of this year prevents it from broadcasting your location when the app is running in the background, an update that Waze described as an energy-saving feature. (So update your Waze app if you haven’t done so recently!)</p>

The only way not to be trackable is to choose to be "invisible". Or not to use Waze, of course. Once more, it's a theoretical risk - you'd need clever, determined hackers to use it against you - but it also shows how much data these apps leak intentionally.
google  waze  tracking  gps  location 
may 2016 by charlesarthur
Why do people keep coming to this couple’s home looking for lost phones? » Fusion
Kashmir Hill:
<p>It started the first month that Christina Lee and Michael Saba started living together. An angry family came knocking at their door demanding the return of a stolen phone. Two months later, a group of friends came with the same request. One month, it happened four times. The visitors, who show up in the morning, afternoon, and in the middle of the night, sometimes accompanied by police officers, always say the same thing: their phone-tracking apps are telling them that their smartphones are in this house in a suburb of Atlanta.

But the phones aren’t there, Lee and Saba always protest, mystified at being fingered by these apps more than a dozen times since February 2015. “I’m sorry you came all this way. This happens a lot,” they’d explain. Most of the people believe them, but about a quarter of them remain suspicious, convinced that the technology is reliable and that Lee and Saba are lying.

“My biggest fear is that someone dangerous or violent is going to visit our house because of this,” said Saba by email. (<a href="">Like this guy</a>.) “If or when that happens, I doubt our polite explanations are gonna go very far.”</p>

It's billed as "a tech mystery", and it really is.
location  mystery 
january 2016 by charlesarthur
Thieves use Strava and other sites to find homes with expensive bikes - Sticky Bottle
<p>Police forces are warning cyclists who use ride-sharing sites and apps – such as Strava – that thieves are now searching them to identify houses with expensive bikes to rob.

Ireland is in the middle of <a href="">what can only be described as a bike-theft epidemic</a>; with the rate of bikes being stolen now higher than ever and increasing faster than any other crime type.

Most of the bikes being stolen are taken from the streets; after their owners have ridden into urban areas and locked them up.

The Garda has reacted by conducting a number of specialist policing operations, but they have only just begun and their success or otherwise is still unclear.

Aside from on-street thefts, there have been countless cases of cyclists with expensive racing and training bikes being targeted in their homes.</p>

Location-awareness considered harmful.
strava  theft  location 
october 2015 by charlesarthur

Copy this bookmark:

to read