There’s an easier way, Kumar says. “If you do your due diligence before you design a feature, then maybe there's a way to envision [it] without feeling like you may have already crossed the 'creepy' line.”

If they'd really done that, they'd never have introduced "Pilgrim" in the first place!
posted by Quackles at 2:35 PM on May 7, 2019 [3 favorites]

So does anyone have a list of what apps track in this fashion, so we can delete them? I mean, I already disallow location tracking when asked about it, but I know some companies just don't ask, and find ways to get the info anyways.

Yet another reason to turn off data, on my phone, anytime I am not actively using it.
posted by elizilla at 3:21 PM on May 7, 2019 [4 favorites]

Note that “passively track[ing] where your phone goes” can involve doing so via other people's phones and stationary network equipment like WiFi hotspots (even ones you aren't connected to the internet through), and so in that case no modification to your own phone besides shutting it off will prevent the tracking. Though the above-the-fold OP link does appear to be referring to Foursquare code running on your own phone, assuming the journalist knew to make the distinction in the first place.

A ‘coup des gens’ is underway – and we’re increasingly living under the regime of the algorithm
It’s almost impossible for users to detect which information is being collected, who’s collecting it and what they do with it.
posted by XMLicious at 3:38 PM on May 7, 2019 [9 favorites]

here's a list of URLs from one of the python pilgrim libraries:
AUTH_ENDPOINT = 'https://foursquare.com/oauth2/authenticate'
TOKEN_ENDPOINT = 'https://foursquare.com/oauth2/access_token'
API_ENDPOINT = 'https://api.foursquare.com/v2'

If that's current, blocking foursquare.com at the DNS level may work.
posted by benzenedream at 3:38 PM on May 7, 2019 [1 favorite]

If there is one thing we know about this type of data, is that it is super-easy to disaggregate it back to individual data.

And the game he demoed . . . yeah, they anonymized the person's name, yeah. That's going to work.

Maybe the best thing to happened is if they went for a national well publicized release of a game like that a actually inspired everyone to just remove all location-tracking capabilities.
posted by flug at 3:39 PM on May 7, 2019 [5 favorites]

Maybe the best thing to happened is if they went for a national well publicized release of a game like that a actually inspired everyone to just remove all location-tracking capabilities.

Pokehuman Go
posted by benzenedream at 3:41 PM on May 7, 2019 [7 favorites]

Note that “passively track[ing] where your phone goes” can involve doing so via other people's phones and stationary network equipment like WiFi hotspots (even ones you aren't connected to the internet through), and so in that case no modification to your own phone besides shutting it off will prevent the tracking.

Can you elaborate on this? Because this seems super-duper extremely creepy and gross, and it doesn't seem like the Wired journalist either fully understands this or is fully describing the situation.

Is it like, "Hey, I'm Pilgrim, I'm a piece of code running on Person A's phone. They have location services enabled and here's exactly where they are. Oh, by the way, Foursquare, another device owned by Person B is nearby, and its Bluetooth device address is 123XYZ." And then Person B (who has disabled location services) still gets a location-specific ad within an app, because the app knows their Bluetooth device address and the app provider is sharing that info with advertisers who have access to data from Foursquare?
posted by compartment at 3:52 PM on May 7, 2019 [2 favorites]

shutting it off will prevent the tracking

I doubt that even turning the phone off actually works. As far as I know my phone is never really "off". I mean the alarm will still ring for days after the battery has died.

Now pardon my while I go adjust my tin foil hat.
posted by Literaryhero at 4:12 PM on May 7, 2019 [5 favorites]

Turning off your phone won't work because who remembers to turn their phone off all the time. The only solution that (may) work is a legislative one, and that can only happen someplace where there is not complete capture of legislative activity by business. So, maybe Vatican City?
posted by Gilgamesh's Chauffeur at 4:16 PM on May 7, 2019

I don't think being under Catholic rule would be a substantial improvement.
posted by Greg_Ace at 4:36 PM on May 7, 2019 [3 favorites]

No one expects the Foursquare Inquisition.
posted by clawsoon at 4:58 PM on May 7, 2019 [13 favorites]

As per usual, the article seems to conveniently leave out the "only applies to non-iOS devices" disclaimer for many/most of the claims. Turning off location services in general, or for specific apps, isn't too terribly hard in iOS.

Can you elaborate on this? Because this seems super-duper extremely creepy and gross, and it doesn't seem like the Wired journalist either fully understands this or is fully describing the situation.

Your phone hasn't used actual "orbiting around the Earth GPS satellites" solely for location services in a very long time. It's much easier (and cheaper) for the phone to just sniff around and see what WIFI SSIDs and cellphone towers are around, because a few companies have driven around to practically every spot on earth and have recorded what WIFI SSIDs and cellphone towers are "visible" in those spots.

So turning off "GPS" doesn't actually do much.

Also, if you do something like upload a photo of you with your pal to Instagram, and your pal has his location stuff turned on for Facebook, and your pal checked into a restaurant on FB around the same time, it would be relatively trivial to figure out you are at the restaurant as well.
posted by sideshow at 5:08 PM on May 7, 2019 [2 favorites]

> >Note that “passively track[ing] where your phone goes” can involve doing so via other people's phones and stationary network equipment like WiFi hotspots (even ones you aren't connected to the internet through), and so in that case no modification to your own phone besides shutting it off will prevent the tracking.

> Can you elaborate on this? Because this seems super-duper extremely creepy and gross, and it doesn't seem like the Wired journalist either fully understands this or is fully describing the situation.

I'm guessing beyond the 'scan the area and see if the wifi networks visible identify your location' bit there's also bluetooth. Pretty much all packet networks use some kind of hardware identifier, whether they be ethernet, or something fancier like Wifi or Bluetooth. That's the bit you can track, and would be difficult to obscure and still have a working service.
posted by pwnguin at 5:25 PM on May 7, 2019 [1 favorite]

Which is why modern Android and not-ancient iOS devices all use randomized MAC addresses for WiFi and Bluetooth scanning, only revealing your actual MAC when you are connected to a WiFi AP or a Bluetooth device. But yes, without such measures, other users' devices could be used to infer your location. I don't know if anyone has actually done it, but some retailers and others who run public WiFi networks are known to have used Bluetooth and WiFi MAC sniffing for location tracking.

Retailers typically don't give a shit about identity, though. They're mainly interested in data about traffic flows through their store. At least one has sold on such data in near real time to third parties, who can of course deanonymize it easily enough.
posted by wierdo at 5:40 PM on May 7, 2019 [6 favorites]

the article seems to conveniently leave out the "only applies to non-iOS devices" disclaimer for many/most of the claims. Turning off location services in general, or for specific apps, isn't too terribly hard in iOS.

You can delete or disable Android location permission/access on a per-app basis or globally. On my Samsung it's four clicks to get to a "Location" permissions screen with a column of apps and a toggle opposite each one to turn it on/off. It is alarming how many apps initially had it set - I assume that's for ads.

Settings>Apps>App Permissions>Locations
posted by meehawl at 6:19 PM on May 7, 2019

It's probably worth formulating objections to this technology and at least putting them into FourSquare's form.

The act of just writing them out logically is powerful; having that structure to an argument, and that phrasing, means that when people shrug or defend problematic stuff, you can calmly present the counterargument, instead of feeling (as) helplessly overwhelmed by others' enthusiasms.
posted by amtho at 7:05 PM on May 7, 2019 [3 favorites]

I might have to see if there are any old flip phones that work with modern cell networks and forget this whole "smartphone" thing except for specific "turn it on, do it, turn it off" instances. My phone is not my friend anyway, and I keep its use fairly minimal nearly all the time.

Will putting it in Airplane mode work to stop tracking?
posted by hippybear at 9:20 PM on May 7, 2019

Will putting it in Airplane mode work

Yes, but then it develops a drinking problem.
posted by Greg_Ace at 9:57 PM on May 7, 2019 [6 favorites]

So turning off "GPS" doesn't actually do much.

The location switch doesn't just turn off GPS, it also limits the app's access to the other OS level location services. Apps don't (or at least, shouldn't) have access to cell phone tower IDs and Wi-Fi identifiers, so they're pretty limited in what they can do to infer location. I'm sure they still try though.

(one loophole on iOS is that apps that can access the photo library can read the photo location tagging to know where you've been, even if you've disabled location access for that app)
posted by grahamparks at 1:36 AM on May 8, 2019

There do exist 3G dumbphones, as well as Symbian devices with that form factor. Normally I'd not suggest putting an old device like that on any network, but Symbian is really weird about the Internet and won't (by default) connect without your explicit permission. It treats it like the somewhat fancy dial up connection that UMTS really is, I guess.
posted by wierdo at 5:17 AM on May 8, 2019

hippybear: I might have to see if there are any old flip phones that work with modern cell networks and forget this whole "smartphone" thing

I use a refurbished Sony Ericsson Cedar (main advantage over older flip phones: texts grouped by person) along with a Speakout Wireless SIM card (only available in Canada, sorry), and it mostly works fine. I don't have data turned on, so multimedia and group text messages don't work.

I mostly do it this way because I'm too addicted to the Internet as it is. I don't need it following me around everywhere I go.
posted by clawsoon at 5:26 AM on May 8, 2019

(I'll add that the camera on my phone isn't very good, either. If you want a great camera on a not-as-smart-ish phone, there's always the old Nokia Lumia 1020.)
posted by clawsoon at 5:31 AM on May 8, 2019

Oh, and Nokia/HMD sells several current feature phones that work on LTE networks. I think at least one of them is sold in the US. IIRC, they use a derivative of Nokia's Series 40 software.
posted by wierdo at 6:18 AM on May 8, 2019

Which is why modern Android and not-ancient iOS devices all use randomized MAC addresses for WiFi and Bluetooth scanning, only revealing your actual MAC when you are connected to a WiFi AP or a Bluetooth device.

My impression is that this is an extremely half-assed effort, on the level of 90s web browser vendors saying “Welp, we gave you the ability to block cookies, so you've got privacy now!” Wikipedia currently notes,

...various flaws and shortcomings in these implementations may allow an attacker to track a device even if its MAC address is changed, for instance its probe requests' other elements,⁽²⁰⁾⁽²¹⁾ or their timing.⁽²²⁾⁽¹⁹⁾

Given that vulnerabilities like the following also exist, I'll need to see some really solid proof before I'll ever believe the tech industry isn't complicitly not-so-accidentally enabling mass tracking of devices and individuals: due to a completely stupid or malicious design flaw in Wi-Fi not only can your current location be tracked in the above ways but someone with a database of Wi-Fi network SSIDs and their locations can gather a list of all the places you've ever connected to Wi-Fi if they're still in your “preferred networks” list.

There's a 2014 TEDx talk by a Belgian PhD candidate researching this in which he dramatically reveals a world map showing where everyone attending the event has been (anonymized) to a chorus of gasps; a paper (PDF) he wrote with others on the problem (summary version (PDF)); and his dissertation (PDF) submitted in 2017 has a section “What the smartphone user can do” to limit their exposure.

There's an Android smartphone app called WiFi Privacy Police he created (also on F-Droid) which tries to mitigate the amount of private information leaked this way but the measures for iOS don't seem like something non-technical people can do easily. (Maybe there are new ways for iOS as the dissertation is from a couple of years ago.)

Even the industry were to claim it's come up with approaches to privacy that remedy these flaws in the last 18 to 24 months, the fact that they existed and will persist in legacy form for nearly the first quarter-century that WiFi has existed and longer leaves me unable to trust that there's any effectual and well-intentioned effort to protect privacy. Given the casual disregard for the average person's online privacy, it would also be quite uncharacteristic, anyways, for there to be genuine concern for protecting people against physical tracking and monitoring.
posted by XMLicious at 1:19 PM on May 10, 2019 [1 favorite]