this post was submitted on 24 Oct 2024
401 points (99.3% liked)

Technology

58852 readers
4611 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
401
Location tracking of phones is out of control. Here’s how to fight back. (arstechnica.com)
submitted 1 day ago by [email protected] to c/[email protected]
65 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 11 hours ago

I think generally speaking these privacy articles fail to convince the majority of people that there's a problem, which is crucial to be able to sell the solution.

I think the abortion part is the most relatable, but you'll hear them say they've got nothing to hide. I believe getting access to that data and show people what data they have on them would be the most effective. It's like saying to someone that has nothing to hide "oh yeah? Give me your phone and your documents, let me browse what's on them"

[–] [email protected] 20 points 15 hours ago (2 children)

A lot of great comments here. I just wanted to add that even just your ip address is enough to roughly track your location. When your phone checks gmail you are leaving digital breadcrumbs in Google’s logs of your ip address which roughly tracks your location. App permissions will not solve this. We need strong privacy regulations with teeth.

[–] WolfLink 3 points 9 hours ago

A VPN helps

[–] [email protected] 4 points 11 hours ago

And then there's wifi triangulation and Bluetooth which narrows it down further

[–] VintageTech 13 points 15 hours ago (2 children)

I don't think enough people have mentioned that Auto manufacturers have been able to locate vehicles since the 90's.

[–] [email protected] 2 points 11 hours ago (2 children)

How did they do it tech wise?

[–] VintageTech 5 points 8 hours ago

Originally the D.A.I.R. project (Driver Aid, Information and Routing) was conceptualized in the 60's. It wasn't until Hughes assisted EDS in the 90's that they were able to create a beacon that could communicate via Satellite and Cellular.

I myself didn't realize this was a thing until about a decade ago when I was trying to create an automation for my lights to turn on when I pulled into my driveway. I kept getting a ping about 5min after my phone connected to my WiFi. The MAC matched nothing I had in the house, I just blew it off.

When an associate stopped by to work on a HoneyPot project we started seeing a bunch of random MACs attempt to connect to the open wifi, we wrote that noise off as people walking by my house and their cell phones were just trying to connect. It wasn't until the garbage man showed up and stopped to talk to me that I was able to find his truck listed with an address connected to the open wifi, sent a few packets, then left. We made the correlation that the MAC's could be from cars so we started researching the manufacturer of those device MAC's

That pretty much opened a weird rabbit hole leading us to find out that almost every car has been tracked since the mid-90's.

Joking aside, I would move to Amish country if it weren't for the whiskey and bitches. But in all honesty; my family lives a much more comfortable life than I ever imagined I would with working in the IT field.

[–] [email protected] 2 points 9 hours ago (1 children)

Same as today, but slower.

GM’s OnStar was notorious for this. I think the first version had a 2G cell modem

[–] VintageTech 2 points 8 hours ago

GM's OnStar, I believe, was just EDS's tech at the time of their rollout in '96ish

[–] [email protected] 2 points 11 hours ago

I sure hope so. Pretty hard to sell cars if you don’t even know where they are

[–] [email protected] 19 points 18 hours ago* (last edited 18 hours ago) (2 children)

I have my location turned off for everything and keep mine in a Faraday bag. That said, there was one tip in this article I wasn't aware of: deleting my advertising ID, so everyone should read it and see if you can't improve your own privacy.

It feels good when I have to use it and, for a moment it says "no service", like kicking the tech assholes in the dick.

[–] [email protected] 3 points 15 hours ago (1 children)

Damn I had advertising id disabled ever since I had been using any online account

[–] [email protected] 1 points 14 hours ago

That's good. I wasn't even aware such a thing existed, but thankfully I know now.

[–] electronVolt 2 points 15 hours ago (2 children)

Do you have a recommendation for a Faraday bag? I am looking to get a few.

[–] [email protected] 2 points 9 hours ago (1 children)

If your phone is in a Faraday bag how would you get phone calls?

[–] [email protected] 1 points 2 hours ago

You won't, it's a conscious trade off. Some people never put a sim or esim in their phone and have a separate dumb phone for calls, or separate hotspot

This vide explains the trade offs, reason, and approach of havjng a separate device for data: https://www.youtube.com/watch?v=RyirQOCUUK8

And this guy shares his approach of not having a sim: https://www.youtube.com/watch?v=4Dei2buz1X0

[–] [email protected] 2 points 14 hours ago

Just that the cheap ones suck. I got a two-pack from Walmart and the first one I used started falling apart in weeks.

I'd get one handmade off Etsy. They're a little pricier, but the less expensive ones are garbage.

[–] [email protected] 40 points 21 hours ago* (last edited 20 hours ago) (1 children)

Use FOSS as much as possible, pressure your gov to implement laws against tracking (against what Snowden showed us).

There is no need to know the location and history, and the communication of everyone everywhere.

[–] [email protected] 2 points 11 hours ago (1 children)

I hope Google gets split up, that'll probably be the beginning of the end for targeted ads (I would hope)

[–] [email protected] 1 points 6 hours ago

I wouldn't think thats how they are splitting it up ... Basically just affecting market shares of some markets (targeted ads being one of them + the ecosystem pushing you into it).

[–] [email protected] 42 points 22 hours ago* (last edited 22 hours ago) (7 children)

If you have a device that's actively connected to a cellular network, and has been while in your home or work, then your only option is to leave it behind or turn it off. That includes your car if it was made in the past decade, if nothing else, so it can catch OTA firmware updates, and send telemetry data.

GPS and location services don't mean shit when your carrier keeps logs of where you've been based on cell-tower triangulation.

[–] VintageTech 1 points 15 hours ago (1 children)

GPS had been implemented in vehicles in the 90's. Most people are now finding out about the modems.

[–] [email protected] 1 points 14 hours ago* (last edited 14 hours ago)

Yeah but it was a luxury, and most likely an RX-only unit that only had a GPS radio. Even if you had a 2g cell radio in the 90's in your car it'd be incredibly limited, and horrendously expensive for something you could carry in your pocket.

These days even the cheapest model of Honda Civic will have a modern internet connected network of microcontrollers and computers which all receive OTA updates, many of which handle telemetry.

load more comments (6 replies)
[–] [email protected] 16 points 19 hours ago (1 children)

Why does Microsoft Remote Desktop app need my GPS location from my phone?

[–] ayyy 5 points 15 hours ago* (last edited 15 hours ago)

Reverse justification answer: to more securely verify your identity when signing into your Microsoft account

Real answer: selling ads and building a free database for Microsoft that accurately maps IP address->physical location

While the first statement really is true, it still doesn’t justify the other things.

[–] [email protected] 77 points 1 day ago (2 children)

One thing I am always aware of are apps that want permission to access Bluetooth and/or Wi-Fi and/or Networks.

Even though Bluetooth is very short ranged it can still be used to tie you into a location within a database based on other database records that are more detailed.

Yeah, I love playing you “My Great Dog-sitting Simulator” (not a real app) but you do not need access to my BT. The OS handles sending your audio to my headphones!

[–] [email protected] 32 points 1 day ago (1 children)

Teams is the worst, you can’t join any call if you don’t allow it to scan your local network. I wish the executives a very nice and agonizing death.

[–] [email protected] 16 points 23 hours ago (1 children)

I haven't done an extensive survey or anything, but every modern router I've interacted with supports setting up a secondary WiFi network with guest isolation (so anything on that SSID can't see any network device besides the router and itself). This is useful for apps or hardware that is untrusted and/or demands unjustified permissions.

[–] [email protected] 5 points 19 hours ago* (last edited 19 hours ago) (1 children)

Correct, using the guest network is better but I think turning off WiFi and just using mobile data is sufficient. I wonder if the permission applies to cellular connectivity as well.

[–] [email protected] 3 points 19 hours ago

Sure, removing your network from the equation is definitely a more secure option; just make sure the app isn't using those granted permissions in the background when you're done using it and log back into your network.

[–] [email protected] 12 points 23 hours ago (3 children)

I remember when Bluetooth started demanding location permissions. You'll never convince me that it's functionally required or provides any benefit other than furthering efforts to spy on the user.

When it started being rolled out, I avoided any app or hardware that made that demand. Sadly, that's no longer an option if I want any Bluetooth at all.

[–] [email protected] 18 points 22 hours ago* (last edited 22 hours ago) (2 children)

It's not like Bluetooth started demanding location permissions, the conceptual model of the permission was revised: having access Bluetooth means an app could determine your location via a form of lateration.

In earlier versions of smartphone operating systems, this was not transparent to users lacking the technical background, so Bluetooth also requiring location access is actually an attempt at making users aware of that. I'm not an iOS developer, so I can't comment on iPhones, but on Android versions prior to 11, having access to Bluetooth meant an app would be able to determine your location.

Today, you can require the permission ACCESS_FINE_LOCATION, which expresses that your app might use Bluetooth to obtain location information on Android. Also, if you're just scanning for nearby devices to connect your app to, but don't want users to be confused why your smart fridge app needs to know your precise location, you can declare a permission flag (neverForLocation) and Android will strip beacon information from the scan results, better asserting your intentions.

So, overall: no, there is nothing nefarious going on, it was always possible to determine your location via Bluetooth, and the update to the permission model was an honest improvement that actually benefits you as user.

Now, there are still plenty of shady apps around, and apps that are poorly written - don't use those.

load more comments (2 replies)
load more comments (2 replies)
[–] [email protected] 16 points 20 hours ago* (last edited 20 hours ago) (1 children)

I loved xprivacy_lua

You could hide almost everything.
No app knew the other apps I used.
No app had clipboard access. when I needed to paste something I used Xposed Edge.
You could spoof a lot of info, GPS coordinates, IMEI ... The list goes on.

support stopped. I should check if there's a fork.

edit: AOSP permissions have improved and I now use almost exclusively FOSS apps, so I'm not worried, but I still miss the app.

edit2: there's a fork: https://xdaforums.com/t/xpl-ex-xprivacylua-ex-android-privacy-manager-hooking-manager-extended.4652573/

[–] [email protected] 3 points 16 hours ago* (last edited 16 hours ago)

https://f-droid.org/de/packages/io.github.muntashirakon.AppManager/

Select app, tap "# trackers" top left, tap "Block trackers".

Needs root.

[–] [email protected] 37 points 1 day ago (4 children)

Pretty easy steps; get app you are interested in. Deny it access to things it doesn’t need when asked. If the app proceeds to not work until you enable, delete. Otherwise, enjoy app without the unnecessary permissions.

[–] [email protected] 4 points 19 hours ago

NetGuard just outright blocks network access. Apps can't send tracking data if they are not able to access the servers. I'm using it in whitelist mode where I only allow access to apps that need it.

[–] lemmeBe 8 points 23 hours ago

That's my approach with Rethink DNS. I get FOSS alternatives whenever acceptable for my use case, but isolate even them to only bare working minimum of outside connections.

load more comments (2 replies)
[–] [email protected] 39 points 1 day ago (2 children)

Don't just give location access to any app that requests it, especially background location access.

[–] lemmeBe 8 points 23 hours ago

Even my taxi apps receive/lose location access automatically on open/close.

load more comments (1 replies)
[–] [email protected] 2 points 17 hours ago

Laughs in no phone

load more comments
view more: next ›