Californians: Here your shared data go from your smartphone


The "forensics" manual:


The story in the news:
 
This is not only California, but world wide. Matter-of-fact, in many jurisdictions it's much worse, as there nation-state organizations (such as the Chinese intelligence apparatus) have much better access to cell phone carriers.

Underlying this is a very difficult and troubling question: what is public and what is private? The radio waves emitted by a cell phone are pretty much by definition public. Anyone can relatively simply build a radio receiver which detects a cell phone's transmissions (without decoding the encrypted traffic, like voice or data). But there is enough information there to (a) know that a cell phone is present, (b) it's location with reasonable accuracy, and (c) being able distinguish different ones. That is exactly equivalent to me sitting at my front window, looking out at the public road, and seeing people walk by on the sidewalk: I can tell that there is a human walking by, I can tell where they are, and I can distinguish Alfred E. Neuman from Don Martin, just by their looks. And there is nothing preventing me from sharing that data: I can post of Facebook everytime I see Alfred or Don.

Where it gets troubling is this: Now imagine a town where every person sits at their front window, and continuously posts updates of where Alfred and Don are seen. Or say that the police department installs cameras at every street corner, tracking who is walking around where, and storing that (the faces of Alfred and Don are quite easily recognized, so it doesn't take much effort). Given that any private citizen can see Alfred and Don in public, and given that they have a free speech right to talk about that and remember it, why do we think that the police need to be prohibited from doing something that normal people can do? And if that logic seems to apply to optically recognizing faces (with cameras), why does it not extend to doing the same with cell phones and radio receivers?

In the US, a lot of this circles around the 4th amendment, prohibiting "unreasonable search and seizure". Is it a search if a cell phone app or radio receiver sees something that is in the public sphere anyway? Is it unreasonable that various law enforcement agencies (whether local police or intelligence) band together, to get efficiency of scale by bulk purchasing data from efficient commercial vendors?

But even if my hypothetical arguments above sound reasonable: This inexorably leads to a surveillance state. How do we prevent this? Should we poke out the eyes of any person who looks out of their front window? No. Do we need to hamstring the ability of law enforcement to fight crime? That's insane.

Let me tell you a little story. About 4 weeks ago, an ambulance and fire truck came to our neighborhood. All they knew was that a medical monitoring device (one of those high-tech wrist watches) had reported a person falling. The location was inaccurate by about 1/2 km, so they looked at the wrong place, and didn't find any fall victim. The phone number of the person who had fallen was unknown, for reasons of privacy protection. They left again, having been unable to locate the accident victim. About 3 hours later, the wife (looking for her husband when he was late for dinner) found him dead, near their house. In this particular case, it isn't clear that knowing location and identity accurately and quickly would have helped save his life; his injuries may have been too severe anyway. But this (extremely sad) story demonstrates that privacy has a real-world cost. Emergency response and law enforcement exist for a good reason, and they save lives and prevent crime. Finding a compromise between making them efficient and effective, and preventing a 1984-style totalitarian state is difficult. Undifferentiated anger doesn't make it any easier.
 
This is why I use Flip-phones. No tracking because they have no apps to download.

Enjoy your SMART Phones. Paying extra to be tracked. Who would have thought...

I wonder how much tower data my flipphone leaks.

If I remove my battery will the 'pattern of life' collection still persist?
 
My boss drives 45 miles to work and was bragging about having a Apple Phone and Google Phone and how close they are in time due to traffic backups.

I told him I hate everything he said.

Waze tracks you.
Google Maps tracks you.
Apple Maps probably tracks you.

He has no problem with any of it.
 
Even my local paper got in on this one:

Success lies in the secrecy​

My post above illustrates this is a false narrative. People don't care.
They have 'nothing to hide'. So they give away their data.
 
What do ya think the US Navy thinks of maps like these:
You can watch the military do training off VACapes in realtime.
Yes they can turn their transponders off.

Same with some military aircraft. Many flights are on flightaware.
Also for towing targets and countermeasures it's all farmed out, FlightInternational or similar.
So you can watch realtime military maneuvers from your couch.
Patterns of military activity. For free.

Drug copter out with the infrared doing circling search patterns. No problem. Path is online.
Free Intelligence.
 
Smart? Phones killed the nudist beaches too!


But the proliferation of smartphones has made photography harder to police and easier to distribute, effectively dissolving “private public space,”
 
I wonder how much tower data my flipphone leaks.
The location of the phone is known to the cell service provider by triangulation, to within about 1/2km or so. That estimate is very rough, and depends on geography. In a dense urban area, just triangulation (without GPS) can be good to less than 100m. In very rural areas, where cell phone transmitters are very sparse (and the phone typically only communicates with one), the inaccuracy can be many km. In areas with very dense transmitters (for example inside buildings, if they have WiFi and cell phone repeaters) the accuracy can be several meters, good enough to guide people to conference rooms. Yes, there have been prototypes of navigation systems that rely solely on triangulation and work inside buildings, where GPS fails. One use I've seen demonstrated was so people in buildings can find the nearest restroom or fire escape.

In the US, every cell phone HAS TO (by law!) contain a GPS receiver, and HAS TO report the GPS location to the phone system when doing an emergency call (the 911 number). It does not have to report that accurate location otherwise, although the phone is free to do so. Interestingly, GPS location is not always all that accurate, in particular in densely populated areas, or inside buildings.

If I remove my battery will the 'pattern of life' collection still persist?
Obviously not. Duh.
 
He has no problem with any of it.
And if he drives near my house, I will also track him. At least as far away as I can see him. And if he drives the same roads that I take, I will see and track him.

If he has a problem with that, he'll have to kill me, and last I checked, killing people was illegal.

By the way, anyone know who the silver-colored Tesla model S is that has a California license plate "SYSTEMD"? I see it regularly on the way to work. It is not Lennart, because (a) Lennart doesn't live anywhere near me, and (b) I know what Lennart looks like, and the gentleman in this car doesn't look at all like Lennart. No, I have not made the effort to follow that car on public roads (which would be legal!) to see where he works. I know it is a male (from their looks only), but I won't tell anyone what gender the passenger is. Privacy is important, after all. And I might get that person in big trouble with their spouse if I disclose that the passenger wasn't the spouse.
 
In Los Angeles, a rap artist was murdered yesterday. He was eating lunch in a "bad part of town", and his girlfriend posted a picture of them on Instagram. The picture showed the rap star wearing a lot of expensive jewelry. The picture had a geotag in it, or the background or her description gave the location away, and a robber quickly decoded where the rap star was, drove over there, shot and killed the victim, and stole his jewelry. Search the web for "PnB Rock" to find details.
 

Crivens

Administrator
Staff member
Administrator
Moderator
... we need to make "fieldcraft" a part of normal school lessons. This was just plain dumb.
 
The robber could been eating at the restaurant or may have been alerted by someone else at the restaurant who noticed the rapper flash his jewellery, or could’ve been there coincidentally to hold up the restaurant or just eat and noticed the jewelry. Or it could’ve been a targeted killing. etc. Until the killer is caught we can only speculate. Many of these seem more plausible than the robber noticing the rapper’s girlfriend’s social media post and extracting any geo tag from it.
 
I know my posts about military ops has little to do with smartphones.

I think the unintended tracking issue is very similar.

Especially coming from DOD. The true birthplace of the internet.
Its like their baby grew up and is now biting at their ankles.

The information adversaries can derive from unsecured aviation data is far too revealing
 

Crivens

Administrator
Staff member
Administrator
Moderator
Phishfry OpSec is hard these days. Did you know Ukraine is running some honeypots on dating apps? Chances are the pics you send hot ivanka contain exif data with gps. Or landmarks to triangulate your whereabouts with. And then the weather changes to a hard rain.
 
My nav app works entirely offline. Full map of the planet fits in 64GB (and most people don't need the whole planet).
 
Loran C never tracked me....

I wonder what navigation system goes into missles attacked by active GPS denial systems..
Read ahead buffer system? Take last good coords and extrapolate?

I know the SR-71 had a celestial system.
 
Top