Freaked Out about Location Tracking? You should be.
December 19, 2019 11:06 AM   Subscribe

An investigation into the cellphone location tracking industry by the NY Times. The NY Times got a hold of a data set including "more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles. Each piece of information in this file represents the precise location of a single smartphone over a period of several months in 2016 and 2017. "

Using this data, they were able to identify late-night visits to the homes of individual celebrities; participation in the 2017 Women's March by a senior DoD staffer; and the hiring of a senior manager from Microsoft to Amazon.

It doesn’t take much imagination to conjure the powers such always-on surveillance can provide an authoritarian regime like China’s. Within America’s own representative democracy, citizens would surely rise up in outrage if the government attempted to mandate that every person above the age of 12 carry a tracking device that revealed their location 24 hours a day. Yet, in the decade since Apple’s App Store was created, Americans have, app by app, consented to just such a system run by private companies. Now, as the decade ends, tens of millions of Americans, including many children, find themselves carrying spies in their pockets during the day and leaving them beside their beds at night — even though the corporations that control their data are far less accountable than the government would be.

This link provides some tips to protect yourself from the tracking, if not from the sale or hacking of your data.

Note: I am not sure if this link is paywalled: I do not have a subscription and was able to access it. I think it's worth reading but the interactive graphics may be a problem on cellphones.
posted by suelac (63 comments total) 39 users marked this as a favorite
 
This link provides some tips to protect yourself from the tracking, if not from the sale or hacking of your data.

Best protection is to not have a mobile phone, or if you must have one turn it off when you're not using it or expecting a call. The only winning move here is not to play.
posted by jmauro at 11:13 AM on December 19, 2019 [4 favorites]


Best protection is to not have a mobile phone, or if you must have one turn it off when you're not using it or expecting a call. The only winning move here is not to play.

This is the sort of victim blaming nonsense that has made actually addressing privacy issues difficult, because it reframes the problem as a personal one (silly person, that's what you get for using a device that tracks you) instead of a social and cultural one (Silicon Valley believes that tracking everything it can is good, positive behavior.)

The only real winning move is to actually acknowledge the problem.
posted by NoxAeternum at 11:25 AM on December 19, 2019 [143 favorites]


I'm just now reading about this, and heard that Replica is a vendor of data, which is exciting for me, as a transportation planner. They claim to provide "complete trip information," beyond just car travel!

This data is huge for us. We want to spend public funds in the best way possible, and knowing how many people are moving to and from various places is a very significant part of that. Historically, we've relied on paying people a little money to report their travel patterns in travel diaries, but that's user-reporting, and it's expensive, and getting a representative sample that can then be expanded out to the broader population is really hard.

Location data is like taxes, in a way: it can be used for a myriad of things, some which you might support, and some that you don't, but you can't pick and choose how your data or taxes are used.
posted by filthy light thief at 11:29 AM on December 19, 2019 [10 favorites]


The only real winning move is to actually acknowledge the problem.

Well put. Google and Apple make managing your information-sharing settings easier, as outlined in the NY Times interactive guide to minimizing your location data distribution.

I'll note that companies that sell (well, "license," to use their term) anonymized data focus on location-reliant apps, so they have the best data on who's traveling where, in broad terms. In other words, some apps only work if you turn on location sharing for most of the time. Good news for me as an end-user of anonymized personal location data, bad news if you want to don't want to leave a digital trail.

An interesting point I heard: new cars with built-in technology that pairs with your phone AND provides location-based information in-car might force you to opt in to giving away your data (either we use your data, or you can't pair your phone with your car). So if you're concerned about data sharing, it's not just your smart devices, but also newer vehicles.
posted by filthy light thief at 11:35 AM on December 19, 2019 [1 favorite]


The article quotes people who know the risk and still choose to use cellphones. Ubiquitous cellphones are a huge net benefit for both individuals and for society as a whole. Geo-tracking individual devices, and archiving and re-selling that data with no regulatory oversight, is not a necessary or inevitable compromise. "Not using a cellphone" should not be the only alternative.
posted by smokysunday at 11:39 AM on December 19, 2019 [25 favorites]


*sets down cell phone*

*slowly backs away*
posted by slogger at 11:42 AM on December 19, 2019 [1 favorite]


the unaccountable overlords of a technological dystopia are calling from inside the house
posted by entropone at 11:50 AM on December 19, 2019 [6 favorites]


It's 11pm. Do you know where your children are?
...we do.
posted by fairmettle at 12:03 PM on December 19, 2019 [3 favorites]


Food for thought. This is a feature that's built in at the network level. That is, while individual data comes from a phone, it has to be collected from multiple antennas in a network to be useful.

At one time, someone had to create this feature for cell phone networks. It wasn't part of the original network design, but a customer thought this was something they might want. It's the kind of project given to a software developer to implement. They're in a position to influence whether this kind of functionality comes about sooner, or later, depending on how well they do.
posted by ZeusHumms at 12:03 PM on December 19, 2019 [2 favorites]


16 new gems in iOS13

Offline Finding

In the beginning, there was Find My iPhone: a feature that let you locate a lost phone from iCloud.com.

In iOS 13, incredibly, that works even if the phone has no internet connection — if, for example, you left it in some Montana bus stop that has no signal.

Apple has turned the world’s 1.4 billion other iPhones, iPads, and Macs into remote detectors for your phone. Any passing iOS 13 iPhone will, unbeknown to its owner, pick up your phone’s silent Bluetooth beacon signal and relay its location back to you.

To make all of this happen so securely that neither Apple nor anybody else can locate your phone, Apple designed a solution that requires you to own a second Apple device; it’s the only machine capable of decrypting your phone’s location.

(You can turn the feature off in Settings >[your name] > Find My > ​Find My iPhone.)
posted by lalochezia at 12:05 PM on December 19, 2019 [12 favorites]


At one time, someone had to create this feature for cell phone networks. It wasn't part of the original network design, but a customer thought this was something they might want.

Augmented GPS location - the heart of what makes tracking work - was mandated by the government in order to improve the effectiveness of 911 calls made by cell phones. Which illustrates where the problem lies - there is legitimate need for this capability, but the tech industry has gone overboard with it.
posted by NoxAeternum at 12:11 PM on December 19, 2019 [17 favorites]


Best protection is to not have a mobile phone, or if you must have one turn it off when you're not using it or expecting a call. The only winning move here is not to play.

This is the sort of victim blaming nonsense that has made actually addressing privacy issues difficult,


- Your phone is tracking you, right now.
- Acknowledging the problem and writing thinkpieces is not going to stop it from tracking you.
- If you don't want to be tracked - right now, this very second - your most effective option is to turn off your phone or otherwise not have it on your person.
- It is unlikely that things are going to change tomorrow, or the day after that.

So, no, that is not "victim blaming nonsense," it is actionable advice on how to, in the present, avoid being tracked. FFS.
posted by grumpybear69 at 12:15 PM on December 19, 2019 [21 favorites]


NY Times interactive guide to minimizing your location data distribution

One of the suggestions there is "Disable your mobile ad ID" - this doesn't appear to be possible on Android.

I have all history disabled (location, web & app activity, etc.), and I've opted out of personalized ads - I do all that automatically whenever I set up a new phone.

I do have an option to "reset advertising ID", but I'd love to have a way to automate that - say, to reset it every calendar day without my manual intervention. Does anyone know if such a thing exists?
posted by Greg_Ace at 12:15 PM on December 19, 2019 [3 favorites]


This is the sort of victim blaming nonsense that has made actually addressing privacy issues difficult

Especially since I have no doubt they will begin tracking people without phones by voice recognition and other methods. Much like how Facebook tracks users without accounts by way of their friends that do have facebook.

I have an ongoing suspicion that every conversation that's occurred near a microphone hooked into Google/Amazon/Facebook over the past several years is stored somewhere. My full belief is that it's all, at the very least, translated to text. But I believe the audio is retained as well. Someone owns it. I don't know if it's useful as of yet, but I believe it will be used. Additionally, phones have the technology to use your voice to unlock them. So the phone likely knows who's phone is its owner, even if you don't use your voice to unlock it, and given that google has >50% market share of the mobile phone market, it's likely they can use process of elimination to identify - if not everybody - enough of everybody. So now, based on particular geomapping data (certain individuals in proximity, someone who goes a particular place), one can drill down further and sift through conversational data to whatever end.

If someone can help shut down this belief of mine, I would sleep better.
posted by avalonian at 12:20 PM on December 19, 2019 [9 favorites]


So, no, that is not "victim blaming nonsense," it is actionable advice on how to, in the present, avoid being tracked. FFS.

Victim blaming nonsense is routinely framed as "actionable advice". Stuff like "don't walk through the park at night" or "watch how you are dressed". It's part of why it's so insidious - it's designed to reframe the problem in a personal context, so that you don't look at the larger social issues.
posted by NoxAeternum at 12:21 PM on December 19, 2019 [39 favorites]


Also, a lot of this "actionable advice" presents safety as necessitating self-diminishment and personal regulation, which is another reason why the framing is toxic.
posted by NoxAeternum at 12:26 PM on December 19, 2019 [21 favorites]


No, I'm sorry, but "turn off your phone to disable tracking" is not even in the same universe as "watch how you are dressed." That is, wow, no.
posted by grumpybear69 at 12:28 PM on December 19, 2019 [13 favorites]


could all internet and phone billing be per bit like a utility instead of packaged all you can eat style??

bundled/unlimited/all you can eat creates perverse incentives:
1. i don't track my data(cause i'm not billed for it) and
2. companies want to get extra money by selling shit on the side cause i'm not really their customer. (like ads on old school tv)

doesn't solve the 911 issue but a lot of the apps/google/facebook issue is directly related to us all being addicted to "free" stuff. it's never free. we should be paying by the bit for everything, way better incentives.
posted by danjo at 12:31 PM on December 19, 2019


could all internet and phone billing be per bit like a utility instead of packaged all you can eat style??

Short answer: No.

Longer answer: We have been moving away from metered data for a number of reasons revolving around how important regular access to the internet is, and how metered data is hostile to that. Furthermore, this is yet another attempt to reframe social issues as personal ones.

No, I'm sorry, but "turn off your phone to disable tracking" is not even in the same universe as "watch how you are dressed." That is, wow, no.

Care to actually explain how they're so dissimilar? Because from my viewpoint - considering that widescale tracking of cell phone users tends to have the greatest impact on women, minorities, LGBTQ individuals, and other dispossessed groups - advice that reframes tracking as a personal issue, to be managed by individuals by going over and altering their own behavior comes across as just a modern incarnation of the way we push off social responsibility for abusive behaviors under the guise of reframing the issue as one of "personal responsibility".

Or to simplify the point - why is "if you don't want to be tracked, you need to turn off your phone" (which, mind you, many people can't because of how essential phones are these days) any different than "you shouldn't be in that neighborhood after dark"?
posted by NoxAeternum at 12:54 PM on December 19, 2019 [17 favorites]


Longer answer: We have been moving away from metered data for a number of reasons revolving around how important regular access to the internet is, and how metered data is hostile to that. Furthermore, this is yet another attempt to reframe social issues as personal ones.

water and electricity and heating oil are a lot more fundamental than internet access and they are all metered billing. you will definitely die sooner without water or heat than internet access. and without electricity you wont have any internet.

i happen to believe it's a major social issue as well but in the other direction.
posted by danjo at 1:07 PM on December 19, 2019 [1 favorite]


Mod note: I'm gonna suggest we move away from the whole victim-blaming exchange entirely at this point. Lecturing folks to just not use a commonly necessary tool isn't really gonna work for a conversation vs. an actual security consultation sort of relationship, so please find a way to keep this more conversational on that front. On another front, it's also not great to analogize phone data to sexual assault and I'd like that to drop as well.
posted by cortex (staff) at 1:12 PM on December 19, 2019 [20 favorites]


I was actually surprised by how non-shocking I found this article. I didn't learn anything I didn't already know. I was shocked by the one a few months ago detailing how helpful Google and other such companies are when approached by police to find people who were near where a crime was committed. It wasn't that I was surprised the capability existed - just surprised that these companies seemed so happy to share that capability with law enforcement. But the idea that many companies track our locations and that we're trivially personally identifiable from location data wasn't anything like a new one for me.

Perhaps it's just that I play Niantic games so I long ago made my peace with the idea that there's a company that knows everywhere I go, have thought carefully about what that means they could discover about me if they wanted to, and consider myself to be willing to pay that price because I enjoy what I get in return? Once you've ripped off that particular band-aid the rest of the piece feels like a bit of a nothingburger.
posted by potrzebie at 1:29 PM on December 19, 2019 [6 favorites]


I don't think that the conclusions of this article are helpful. The suggestions to turn off location services doesn't prevent your carrier from tracking you and doesn't help at all if you use apps that require location. Calling out Apple/Google is strange because those are among the few that don't resell your location.

I don't think that the author is particular knowledgeable in this problem domain.
posted by pdoege at 1:37 PM on December 19, 2019 [6 favorites]


The only recourse is some kind of Zeroth Amendment that is not just world wide but solar system wide. Deep protections for individuals. Do not know how to phrase it but "data can not be used to hurt people".

Science and Technology does not revert, and tearing up the infrastructure will not work, there are databases pre-internet almost as invasive. Data will not go away. It's getting vastly cheaper to store, 1TB at volume is probably under a buck. Petabytes are a bit pricey, Exabytes are easily available. No going back. Your data will always be available.

(I know "solar system wide" sounds scifi but satellites have storage and very soon will be dark and in deep space un-findable, what laws are applicable then?)
posted by sammyo at 1:46 PM on December 19, 2019


In re audio recording and mic use - the failure to distinguish between "smartphone" and "apps" in this broader conversation obfuscates the real problems and solutions. There are articles being published all the time with headlines asking"Is my cellphone listening to me?" - the current common answer is "yes", but the real culprit pretty reliably is the Facebook app or voice assistants like Siri and Alexa. A smartphone on its own is not actively listening to you, without an app telling it to.

Also, a key distinction is between "listening" and "recording". Apps and assistants do 100% "listen" for trigger words, which then cause a certain length of audio to be recorded. Alarmingly, these triggers are unknown - besides the obvious "Hey Google" there is evidence of listening being triggered by certain phrases that may be interesting to marketers, "I need a new jacket" or similar. Furthermore, listening can be activated by mistake [with no trigger], and there's nothing to prevent remote triggering by the parent company through either a hack or explicit permission. However, in my understanding, it is vanishingly unlikely that all your conversations are being recorded and saved, because the amount of data required to trasmit those recordings would surely be noticed by any user inclined to monitor their network traffic.
posted by smokysunday at 1:51 PM on December 19, 2019 [9 favorites]


This data is huge for us. We want to spend public funds in the best way possible, and knowing how many people are moving to and from various places is a very significant part of that. Historically, we've relied on paying people a little money to report their travel patterns in travel diaries, but that's user-reporting, and it's expensive, and getting a representative sample that can then be expanded out to the broader population is really hard.

I entirely get the need for good data for governments to make transportation decisions, and a lot of the existing data is pretty poor quality, but recent efforts by local governments to obtain transportation data have involved an outright reckless disregard for privacy and civil liberties that makes me frankly enraged.

LADOT's Mobility Data Specification is a framework for cities to require mobility providers to provide enormously detailed trip-level data, even in realtime. California's state Legislative Counsel raised significant concerns about the legality of mandating this data, which LADOT proceeded to blow off (the EFF's comments go into more detail). While it's clear that cities need data to understand the usage of and enforce regulations pertaining to ride-hail and bike/scooter programs, "the government gets to collect detailed location data from everyone" is not an acceptable option.

If anything, cities should be using their leverage as permit issuers to secure more privacy for their residents, restricting mobility companies from retaining and using individual data. Instead, they just want it all for themselves too.

There are similar concerns about the retention of trip data from public transit farecards and automatic license plate reader data. Transportation departments are gobbling up location data, sharing it with third-party companies because they lack the in-house capabilities to analyze it, and give the middle finger to anyone who thinks this might be a problem.
posted by zachlipton at 1:55 PM on December 19, 2019 [10 favorites]


While this is all very frightening, I will admit that I use the google timeline to help me complete my timesheet each week. I hope when we resolve how to handle this information, we don;t eliminate the benefits available to the users or to the public at large.
posted by hypnogogue at 2:09 PM on December 19, 2019 [4 favorites]


Location and movement data is absolutely critical for optimisation of cities and optimisation of infrastructure spend in cities. Not every city problem is an optimisation problem, but a lot of them are. The built environment can no longer grow out - it must grow up. If you think things are tightly-packed now you are in for a shock in a decade's time.

Of course, these datasets are being collected by capitalist enterprises in a secretive way, for undisclosed purposes, managed by processes and rules that are not transparent. So...swings and roundabouts?
posted by turbid dahlia at 2:30 PM on December 19, 2019


pdoege: Calling out Apple/Google is strange because those are among the few that don't resell your location

About that ... I've heard that Amazon and Google are looking into this, and at least for Google, their stumbling block was figuring the privacy issue. Replica apparently coordinates with Google, and while they don't use Google data, Replica sends their data for validation by Google.

Google isn't out of this business because it's not interested, but because it hasn't figured out all the necessary mechanisms to do it according to rules that they are comfortable using.

Which is another way of saying that it's still up to private companies to figure out how they handle the privacy issues, instead of the government (in the U.S., likely the FCC, who are Servants to Industry under Ajit Pai*).

* Example: After court loss, Ajit Pai complains about states regulating broadband -- Pai is mad, but FCC repeal of net neutrality pushed states to fill regulatory gap. (Jon Brodkin for Ars Technica, Oct. 22, 2019)
posted by filthy light thief at 2:39 PM on December 19, 2019 [3 favorites]


So there's three pieces of this article that are shocking and actionable.

The first is that your cell phone carrier (like Verizon or AT&T) is injecting a unique tracking cookie into every web request your phone makes. They do this at the carrier level, in the cell network, and it allows way easier personalized tracking than the usual web mechanisms.

The second is that your cell phone carrier is also selliing your location data, often in a way that is easily associated with your requests. This is separate from the "opt in to let this app track your location"; again, the carriers are doing it.

The third is there's a bunch of third party companies buying all this data, aggregating it, and then reselling it to anyone who asks.

Every single one of these is an outrageous abuse of individual privacy. All three should be illegal, or at the least have a required opt-in for it. But this is America, so we don't.
posted by Nelson at 3:22 PM on December 19, 2019 [27 favorites]


This data is huge for us. We want to spend public funds in the best way possible, and knowing how many people are moving to and from various places is a very significant part of that. Historically, we've relied on paying people a little money to report their travel patterns in travel diaries, but that's user-reporting, and it's expensive, and getting a representative sample that can then be expanded out to the broader population is really hard.

I'm a transportation engineer who wants to spend public funds in the best way possible, too. Travel diaries do have the problems you mention. It's indeed user reported; user-reporting could also be called consent. Travel diaries are expensive; I don't think there are dozens of startups buying this data because they want to provide it for free from the goodness of their hearts, so there's expense here, too. And while getting a representative sample that can be expanded to the broader population is hard with travel surveys -- I know, I've done it -- it's literally impossible with this data.

This data tracks smartphones. Some people carry multiple devices, especially professionals in certain industries like real estate. Some people don't have smart phones, like 1 in 3 people with less than a high school education. Given smartphone ownership rates, four rich people literally count for more than five poor ones in this data, and we don't know which is which, so it can't be corrected for.

The vast majority of actual wholesale solutions to transportation problems are broad and fundamental; stopping low-density single-detached zoning, ending mandatory parking minimums, charging the users of road and parking space, providing frequent public transit with dedicated right-of-way, building basic infrastructure for active transportation. We don't need to give up all privacy to do any of this; we need political will. Our existing tools are good enough to determine within reasonable margins whether a transportation infrastructure project will be useful or not and to whom.

Is this type of data useful? I'm sure it can be. (I've in fact worked with similar data from the trucking industry; I don't feel there's nearly the privacy issues around what truckers do while at work.) I just think we could do 98% as good a job without a privacy-destroying dystopia, and I'd be thrilled if this corporate surveillance state were to be smashed, even if it meant we had to keep doing things the old-fashioned way.
posted by Homeboy Trouble at 4:46 PM on December 19, 2019 [17 favorites]


If you care to root your Android phone, there are modules like XPrivacy that will spoof your device ID as well as other device info including, I think, advertising ID.
posted by blue shadows at 5:42 PM on December 19, 2019 [1 favorite]


The only recourse is some kind of Zeroth Amendment that is not just world wide but solar system wide. Deep protections for individuals. Do not know how to phrase it but "data can not be used to hurt people".

I believe the term is primum, non nocere, but... good luck.
posted by Sterros at 5:58 PM on December 19, 2019


If the data being gathered is as inaccurate as what shows up in my Google Maps timeline, I can only pity whoever is doing all this monitoring.
posted by Weftage at 6:07 PM on December 19, 2019 [2 favorites]


To those saying phones are less essential than heating oil / food / whatever: a nontrivial number of people work jobs that only tell them their hours by SMS, and quite a few who are otherwise on call. The way people get heating oil / food / whatever is with money. And the way they get money is a job. And the way they keep that job is with a phone that is on their person every waking hour and in many cases the sleeping ones too.

So yes, "just turn it off" is victim blaming. Sorry you have a problem with finding out that's what you're doing.
posted by PMdixon at 8:01 PM on December 19, 2019 [17 favorites]


However, in my understanding, it is vanishingly unlikely that all your conversations are being recorded and saved, because the amount of data required to trasmit those recordings would surely be noticed by any user inclined to monitor their network traffic.

At least one person says they did that and did notice patterns consistent with constant streaming from a mic.
posted by PMdixon at 8:04 PM on December 19, 2019 [6 favorites]


The data in that article is useful and interesting, but the conclusions are suspect. The traffic between the Google Home and Chrome is the Chromecast stuff doing its usual thing. The multicast packets are how the devices discover each other.

There are reasons to not want a recording device in your home, false hotword detection and security breaches being the largest. Intentional surreptitious listening by the makers/service providers of the devices remains hypothetical so far. Sadly, that kind of risk is only increased by using niche devices, since the companies offering them are likely to change ownership if they reach a significant user base.
posted by wierdo at 10:32 PM on December 19, 2019 [3 favorites]


So when I have a conversation with a dog trainer on my back yard about training my idiot dog to come with my phone in my pocket, and an hour later FB wants me to click on "how to train your dog to come" links, is it bc I'm being recorded? Or are they tracking dog trainer searches and connecting with me? Or just coincidence bc I've posted about my cute new pup? Because that is scary.
posted by Cocodrillo at 4:42 AM on December 20, 2019 [2 favorites]


This is why
- I'm running Android through LineageOS
- I've removed or disabled all possible Google apps and services (this takes a while, there is a LOT)
- I've never logged into a Google account on this phone (or any phone)
- I do not use any Google-based web services, with one exception: YouTube.
- Location is permitted for navigation apps only
- Location, wifi, bluetooth are switched off when not in use (which is almost all the time)
- I use very few apps. Most things can be done in a browser anyway
- I use ad blocking in browsers + some tracking prevention add ons
- I don't use Facebook, Whatsapp, Twitter, Instagram, Tinder, Snapchat...
- I don't use my phone for banking or email.
- There is no 'smart assistent' in my home. No smart TV either. Nothing that needs an app to operate.

I don't have the illusion that all of this fully prevents data leakage; it doesn't. But it does decrease the amount of data that I'm leaking.
Does it also limit me in some ways? Sure. But for me, it's worth it.
posted by Too-Ticky at 5:11 AM on December 20, 2019 [4 favorites]


That's nice that you reasonably have that option. Not everyone does, and in the future you might not either. Do you think a meaningful amount of the data leaked is going to be through a radio you control the switch for indefinitely?
posted by PMdixon at 5:55 AM on December 20, 2019 [7 favorites]


Location data is like taxes, in a way: it can be used for a myriad of things, some which you might support, and some that you don't, but you can't pick and choose how your data or taxes are used.

In old-fashioned monarchies, people had no say over how their taxes were spent. Then thousands of people worked and fought and died to change that, and we now have representative democracies and other representative forms of government that give people oversight, even if indirect and imperfect, in how their taxes are spent and how the resulting power is used.
posted by amtho at 6:56 AM on December 20, 2019 [6 favorites]


PMdixon: That's nice that you reasonably have that option.
Thanks! I'm happy about it, too. I figured I might be able to inspire some others into checking out their own options. I'm not sure why you seem to be salty about that though...

PMdixon: Do you think a meaningful amount of the data leaked is going to be through a radio you control the switch for indefinitely?
I'm not entirely sure what you mean (radio?) but I will just do what I can personally do, for as long as I can. Don't we all? Well, except for those of us who don't care.
posted by Too-Ticky at 8:03 AM on December 20, 2019


I'm not entirely sure what you mean (radio?) but I will just do what I can personally do, for as long as I can. Don't we all? Well, except for those of us who don't care.

Radio here encompasses all of wifi, Bluetooth, and whichever cell protocol. Right now, it is within your power to turn all of those radios off without sticking the phone in a Faraday cage. It seems extremely plausible to me that at some point in the near future, an always-on beacon of some kind will be mandated, that will continue broadcasting even if the phone is turned off, justified in the language of safety. If that happens, would you be comfortable with the state of the world achievable through what you personally can do? I know that I wouldn't be, so where I can I try to advocate for privacy protections that are backed up by more than just my physical control over the device, among other means through donating to advocacy groups and telling politicians I think might care that I would like such privacy regulations to exist.
posted by PMdixon at 8:20 AM on December 20, 2019 [4 favorites]


Right now, it is within your power to turn all of those radios off

I don't think that's true any more with iPhones. WiFi and Bluetooth no longer really turn off in iOS 11. Also there's no way to turn off Apple's NFC, is there? I don't think there is a way on Android either? Sure by design NFC is very short range, but there's lots of reasons that's a concern for someone of a paranoid bent.

I take the tack that privacy-erosion of technology is inevitable. Information wants to be free. That's why it's doubly important to have laws to protect people; the natural progression of technology is actively intrusive.
posted by Nelson at 8:31 AM on December 20, 2019 [5 favorites]


I don't think that's true any more with iPhones. WiFi and Bluetooth no longer really turn off in iOS 11. Also there's no way to turn off Apple's NFC, is there? I don't think there is a way on Android either? Sure by design NFC is very short range, but there's lots of reasons that's a concern for someone of a paranoid bent.

I believe it is still the case that the power button for the device as a whole works as expected on all models - I agree that while the phone is on, the status quo is that you cannot reasonably expect to keep it from transmitting.
posted by PMdixon at 9:03 AM on December 20, 2019


I don't think that's true any more with iPhones. WiFi and Bluetooth no longer really turn off in iOS 11.

It’s still possible, just not quite as easy. While the buttons in the control center don’t disable those radios (just some of their functionality), the switches in the control center do, as described in the article you linked.

“To do that, you now must go directly into each respective settings menu and switch the button off.”

You could argue that Apple is trying to trick people with these two similar seeming options that work differently, or trying to make things Just Work™ when users don’t understand the details of how things are implemented (“I don’t want to connect to this spotty Wi-Fi/I want to disconnect from these Bluetooth speakers to let somebody else control them, But why is airdrop not working anymore?”), but it is still possible to disable these radios without going into airplane mode or switching off the device.
posted by JiBB at 10:00 AM on December 20, 2019 [1 favorite]


Oh I don't think Apple is doing anything dastardly here with their radio settings, they're just building a product that works. It is remarkable though that even Apple, which acts like it cares about consumer privacy, has built a product where it's really not obvious how to turn the radios off.

I'm absolutely fine with that, btw! I think Apple made the right product tradeoff. But it's just more evidence that technology evolves to erode privacy. The solution to protect people is not technology, it's legislation and regulation.

(I'm not so certain turning the phone off turns everything off, either. Sure didn't in old cell phones; that's why Stringer Bell's crew always took the batteries out. Only you can't do that any more.)
posted by Nelson at 10:12 AM on December 20, 2019 [4 favorites]


What if you put the phone in the microwave?
posted by elizilla at 10:56 AM on December 20, 2019 [1 favorite]


Information wants to be free available to the highest bidder.
posted by grumpybear69 at 11:06 AM on December 20, 2019


The graphics vividly illustrate how much you know about someone when you detail their whereabouts. Anonymized data is like healthy cigarettes. The goggles do nothing. Instead the intrinsic harmfulness of the product needs to be widely publicized & the product itself stringently regulated. I mean heads need to roll. A company like Facebook should to be burned at the stake, I think, then dismembered & the remains put on trial, pour encourager les autres. But who knows if that will ever happen? It certainly seems unlikely as long as Silicon Valley and its flatly discounted vision of human needs & abilities retains an aura of cool -- as long as it retains enthusiastic hosts for its mostly parasitic models. In any case, regulation doesn't remove the intrinsic harm, while enforcement is yet another matter entirely.

I think it's to be encouraged to help people reduce their exposure by not installing apps unless absolutely necessary, not sharing location unless absolutely necessary, locking / paring down social media, & by promoting vendors that prioritize privacy & ethical data procesbe funsing in general. I don't think that victimizes or diminishes people, just like I don't think giving up smoking or cutting down on meat victimizes people. Some behaviors just have externalized costs so prohibitive that it justifies a cultural aspiration to reduce engagement & dependency. Of course it can provide relief & sometimes it's necessary -- but who aspires to smoke more? There's no such thing as a healthy cigarette.
posted by dmh at 11:38 AM on December 20, 2019 [3 favorites]


If information wants to be free, why do they have tons of information about me but I have none about them?
posted by hypnogogue at 11:40 AM on December 20, 2019 [8 favorites]


Information wants to be free, but corporations are free to keep their information for themselves.
posted by Greg_Ace at 12:16 PM on December 20, 2019 [1 favorite]


Yes at this point there is no personal action that is going to save you sadly. We're waaaay past that point already. Nobody listened back when it mattered and now it's too late.
posted by some loser at 12:16 PM on December 20, 2019


Nobody listened back when it mattered and now it's too late.

I think a lot of people listened, but not the ones who write the laws. They listen to capital.
posted by avalonian at 12:22 PM on December 20, 2019 [4 favorites]


I think also the privacy advocates (myself included) had the wrong threat model. In the 90s and early 00s we were talking about government surveillance. The 9/11 attacks took a lot of the wind out of the sails of resisting that in the US. But I think almost everyone failed to anticipate the power of corporate, for-profit surveillance. Particularly of advertising networks. That's my big concern now, the bullshit that Facebook and Google and Sift and Kustomer and Equifax and Verizon and the Trump Campaign and the DNC and ... all these organizations are collecting on me.

But "the government shouldn't spy on you" was never a very strong argument to convince individuals of the value of privacy. Too often the response was "I've done nothing wrong", and post-9/11 "we gotta catch the terrorists". I'm not sure "ad companies shouldn't spy on you" is much more compelling to normal people. There's even an argument for it: well targeted ads are actually sometimes welcome, unlike crappy random ads. People get coupons for things they want to buy! Occasionally the surveillance capitalism tips over into creepy, like when Amazon knows your wife is pregnant before you do, but mostly people just don't seem that upset by it.

Back to the original topic: unregulated location tracking is a whole different matter. This NYT article is in the context of location brokers inappropriately selling your location data to bad people, like debt collectors and dangerous ex-boyfriends. Or the NYT's own followup article: How to Track President Trump (complete with demonstration). You'd think those stories would compel people to understand the value of individual data privacy.
posted by Nelson at 2:06 PM on December 20, 2019 [6 favorites]


I think one problem with the discourse on this is a focus on intentionality. It's very hard to make people care about indirect damage, it's very hard to make people care about negligence, it's basically impossible to make people care about even the certainty of indirect damage due to the negligence of others.

Proof: Equifax still exists.
posted by PMdixon at 3:22 PM on December 20, 2019 [1 favorite]


But I think almost everyone failed to anticipate the power of corporate, for-profit surveillance.

Bullshit.

HIPAA and the GINAs - which, at their heart, are about controlling how your medical data is used against you - were passed prior to the explosion in online data gathering, so there was very much precedent of consideration and limitation of how corporations could gather data on you.

This was not a failure, this was willful blindness - it is not coincidence that the EFF (which, remember, receives a significant amount of its operational funding from Silicon Valley firms) turned a blind eye to corporate data hoovering at the same time they decried government intrusion.
posted by NoxAeternum at 1:10 PM on December 21, 2019 [4 favorites]


So yes, "just turn it off" is victim blaming. Sorry you have a problem with finding out that's what you're doing.

Literally nobody is saying or implying that people who don't turn their phones off are at fault for being tracked or otherwise responsible for it. There is no blame. It fucking sucks that having your phone on means that you are being tracked and, as you and others have pointed out repeatedly, many people do not have the option to turn it off or leave it at home, currently the only two 100% effective methods of not being tracked by your phone. It is likewise imperative that corporations be held accountable for their violations of the public trust and gross abuse of their powers.

I'd bet lots of money that Rule #1 in The Criming Guide For Criminal Crimers is "Don't bring your personal phone on a crime" because tracking.
posted by grumpybear69 at 11:58 AM on December 22, 2019 [1 favorite]


Literally nobody is saying or implying that people who don't turn their phones off are at fault for being tracked or otherwise responsible for it. There is no blame.

Except that when you respond to the point that corporations are abusing their power to engage in wide-ranging surveillance with "if you don't want to be tracked, you should be turning your phone off", you are doing exactly that. The argument being made is not value-neutral - it's specifically stating that it is the responsibility of the individual to prevent their being spied upon, and not that of corporations to not engage in these practices. If you want to hold corporations accountable for these behaviors, the first step is to stop normalizing them - and that means stop pushing individual action as a solution to a societal problem.
posted by NoxAeternum at 1:11 PM on December 22, 2019 [3 favorites]


stop pushing individual action as a solution to a societal problem

You think that I am advocating for turning phones off as a long-term solution to the tracking problem? It is at best a tactic to mitigate the intrusion of the surveillance state with plenty of downsides. The only redeeming quality of the tactic is effectiveness. It is most definitely not a solution nor is it an either/or re: making such surveillance illegal.

Do you think that the mere act of leaving ones phone at home helps normalize tracking? Is the moral high ground to keep getting tracked until the problem is solved at the government and corporate levels?
posted by grumpybear69 at 2:23 PM on December 22, 2019 [1 favorite]


Do you think that the mere act of leaving ones phone at home helps normalize tracking?

No, the issue is that when personal action is repeatedly pushed as a solution, it normalizes the issue as being one of personal action and choice rather than one of societal change. Look at this very thread - the first response was to push the personal solution as an answer.

Again, many people don't have the luxury (and this is another point that gets ignored - often, taking these sorts of steps is very much a luxury afforded to those who have both the wherewithal and knowledge to go through with them) to do something as simple as turn off their phone - how do you think they feel when they are repeatedly told that the answer to being tracked is doing things they're not able to do?
posted by NoxAeternum at 7:59 AM on December 23, 2019 [1 favorite]


grumpybear69: Information wants to be free available to the highest bidder.

Actually, it's pretty cheap. Because data licenses (you're not purchasing it, you're gaining access to the data, which may be for a limited time, or in perpetuity) are generally of the highest value when they're the most current, and the idea is that you might keep licensing newer data sets to keep up with patterns and trends.

Data brokers for public planners strip personal data, and aggregate information up to anonymize information. But this isn't how data is collected, as detailed in the NY Times article on tracking individuals in Pasadena based on their smart phone data, including children, a police officer, and someone who works at NASA’s Jet Propulsion Laboratory.
The Times Privacy Project was given access to a data set with more than 50 billion location “pings” from the phones of more than 12 million Americans across several major cities. Each piece of information came down to a set of coordinates in time. The result is a tapestry of movement laid across a city grid — like the computer game SimCity, only real.

This granular location data — the kind that is collected by hundreds of mobile apps and then shared with dozens of location data brokers — may seem like a catalog of the mundane. But the aggregate is closer to total surveillance — an exact record of the rhythms of a living, breathing community.

Modern data surveillance relies on the ease of gathering but also the capacity to analyze giant sets of numbers. Run a set of numbers through a computer and the data becomes far more personal and invasive. Data points become a diary. A cluster of pings inside a secure facility reveals clues to the secretive role of an aerospace engineer. Visits to places of worship, trips to Planned Parenthood, a late-night visit to a bail bondsman — all collected in perpetuity and logged forever to be analyzed, traded and monetized. Each mark of latitude and longitude tells the story of the triumphs and tribulations of a life.

Americans would never consent to a government directive that all citizens carry a device that broadcast, in real time, their physical location and archived that information in repositories that could be shared among powerful, faceless institutions. Instead, Americans have been lulled into doing it voluntarily by misleading companies.

If a mobile phone is turned on, chances are its location is collected in a spreadsheet somewhere. What does it feel like to see that archive? We went to Pasadena to find out.
But it's not just apps tracking locations. As seen in the 2018 phone tracking website debacle, triangulation from cell towers can also provide fairly accurate location information, especially in urbanized areas.
posted by filthy light thief at 8:04 PM on December 27, 2019


Related: Colleges are turning students’ phones into surveillance machines, tracking the locations of hundreds of thousands (Washington Post, Dec. 24, 2019)
When Syracuse University freshmen walk into professor Jeff Rubin’s Introduction to Information Technologies class, seven small Bluetooth beacons hidden around the Grant Auditorium lecture hall connect with an app on their smartphones and boost their “attendance points.”

And when they skip class? The SpotterEDU app sees that, too, logging their absence into a campus database that tracks them over time and can sink their grade. It also alerts Rubin, who later contacts students to ask where they’ve been. His 340-person lecture has never been so full.

“They want those points,” he said. “They know I’m watching and acting on it. So, behaviorally, they change.”

Short-range phone sensors and campuswide WiFi networks are empowering colleges across the United States to track hundreds of thousands of students more precisely than ever before. Dozens of schools now use such technology to monitor students’ academic performance, analyze their conduct or assess their mental health.

But some professors and education advocates argue that the systems represent a new low in intrusive technology, breaching students’ privacy on a massive scale. The tracking systems, they worry, will infantilize students in the very place where they’re expected to grow into adults, further training them to see surveillance as a normal part of living, whether they like it or not.
...
A UNC spokeswoman declined to make anyone available for an interview, saying only in a statement that the university was evaluating “streamlined attendance tracking” for a “small group of student-athletes.”

But campuswide monitoring appears to be on its way, the emails show. The school is planning to shift to a check-in system designed by a UNC professor, and an IT director said in an email that the school could install beacons across all general-purpose classrooms in time for the spring semester. “Since students have to download the app, that is considered notification and opting-in,” one UNC official wrote.
What happens if you don't download the app?
posted by filthy light thief at 9:02 PM on December 31, 2019 [2 favorites]


« Older 136 Internet Videos That Blew My Mind (at some...   |   "I am the Joneses. You cannot ever keep up with me... Newer »


This thread has been archived and is closed to new comments