...Their Apps Tracked Them.
February 5, 2021 1:06 PM   Subscribe

Unlike the data we reviewed in 2019, this new data included a remarkable piece of information: a unique ID for each user that is tied to a smartphone. This made it even easier to find people, since the supposedly anonymous ID could be matched with other databases containing the same ID, allowing us to add real names, addresses, phone numbers, email addresses and other information about smartphone owners in seconds.

They Stormed the Capitol. Their Apps Tracked Them.
posted by y2karl (42 comments total) 22 users marked this as a favorite
 
When users click on the "Allow this app to have access to my location data blah blah" when you load up FB/Instagram/Messenger/Whatsapp/etc, users are causing this to happen. The problem is that users don't always think through what sharing location data actually means, mostly because many of the app companies don't exactly want them to do so, since selling that data is very lucrative. That is a huge why Apple is starting to require app to come with a "privacy nutrition label", so users are informed how their private into is getting used and sold.

And you'll never guess FB's reaction for being forced to tell their users what is going on.
posted by sideshow at 1:23 PM on February 5, 2021 [10 favorites]


Apple has been locking down on a lot of this data, providing unique IDs for each app and Facebook is not happy at all.
posted by Your Childhood Pet Rock at 1:25 PM on February 5, 2021 [10 favorites]


And more generally, the data collected on Jan. 6 is a demonstration of the looming threat to our liberties posed by a surveillance economy that monetizes the movements of the righteous and the wicked alike.

It's fascinating how surveillance is now suddenly a problem, when right-wing criminals get caught. A deeply buried lede tells no tales.

If US privacy rights are going to remain in a profitable legal vacuum, I like Apple's view; at least one company will fight the Facebooks and other surveillance companies.
posted by They sucked his brains out! at 1:26 PM on February 5, 2021 [21 favorites]


It's fascinating how surveillance is now suddenly a problem, when right-wing criminals get caught. A deeply buried lede tells no tales.

This is true, when it comes to the media. But let me tell you the tech circles where people go out of their way to reclaim their privacy? They're vastly more right-wing than left wing. It has been that way since the Bush administration, if not longer.

I only wish people on the left cared about OpSec as much.

Although, regarding the insurrection on the 6th, it's painfully obvious that none of those people had any OpSec at all. I suppose they thought they wouldn't need it?
posted by deadaluspark at 1:35 PM on February 5, 2021 [6 favorites]


If you're going to storm the Capitol maybe bring a clean burner phone and leave your regular one at the hotel?
posted by any portmanteau in a storm at 1:36 PM on February 5, 2021 [23 favorites]


It's fascinating how surveillance is now suddenly a problem, when right-wing criminals get caught.

There's nothing new in this article (including the Dire Forebodings) that hasn't been kicked around for years on both the left and the right. They Are Collecting Your Data To Use Against You has been a perennial for many years now.
posted by Tell Me No Lies at 1:38 PM on February 5, 2021 [6 favorites]



If you're going to storm the Capitol maybe bring a clean burner phone and leave your regular one at the hotel?


Better yet, don't bring a personal tracking tag at all.
posted by Tell Me No Lies at 1:39 PM on February 5, 2021 [4 favorites]


Better yet, don't bring a personal tracking tag at all.

But they didn't get vaccinated, isn't that enough to avoid Bill Gates' magic tracking chips?? /s
posted by deadaluspark at 1:41 PM on February 5, 2021 [16 favorites]


It's fascinating how surveillance is now suddenly a problem, when right-wing criminals get caught.

A source stole data from their employer and handed it to the NYTimes (and perhaps others) with the intention of fucking up some right-wing dick holes.

Without right-wing criminals doing some crazy shit, the source (with presumably more leftist politics) would not have stolen the data, the NYTimes would not written an article, this post would not have been made to MeFI, we would not be having the discussion.
posted by sideshow at 1:44 PM on February 5, 2021 [8 favorites]


If you're going to storm the Capitol maybe bring a clean burner phone and leave your regular one at the hotel?

Between this, the people livestreaming and posting photos, the interviews they gave afterwards --- what an amazing example of the kind of priviledge these people had. They genuinely didn't think there would be consequences for terrorism.
posted by thefoxgod at 1:45 PM on February 5, 2021 [49 favorites]


I have been saying all along, the government is at least somewhat bound by privacy laws, (maybe,) but private data miners have no boundaries, and their data is for sale to any bidder, from any country, including our own, any interest group. The smartphone bargain, the internet bargain, is a bidirectional deal, we know what we can discern, what we can buy; and they can discern much more and for little or nothing can buy our entire data set, entire, history, medical, social, secret, location, tendencies, inclinations, impulses, income, associations, loopholes, holes in our buckets, beliefs, where we cross the line on our stated beliefs, what we do 24/7 365-366. That is the deal we make. There is more in store, as communication satellites view the ground, as "communication satellites transmit in ranges that might become more and more personally invasive in the realm of existential physics. When you add in robotic dogs, sentinel defenses, private armies, energy right of ways, test areas, travelling the wild west becomes a less secure amble. Like, any more, any vigilante, militia jerkwad with a setup, can share attitude with you, after all you have rolled out the red carpet.
posted by Oyéah at 1:46 PM on February 5, 2021 [6 favorites]


By the by while the data dump mentioned in this article talks about marketing level tracking (i.e. the stuff Apple is trying to corral), none of that is necessary to track people's phones. The phone company does that automatically; it's an intrinsic part of how cell phones work. Controlling what happens to that data has been at the source of numerous legal proceedings, but in general it can be subpoenaed. Sooo... don't rely on your privacy settings while sacking your state Capitol.
posted by Tell Me No Lies at 1:51 PM on February 5, 2021 [15 favorites]


I remember weird stuff happening with people's phones during Occupy Wall Street like people getting followed home by LEOs, suddenly rapidly depleting batteries and other weirdness and possible signifiers, and then it came out that many metro PDs were using Stingrays and false cell tower tech at protests.

It's hard to quantify this stuff but more than once I had some things happen where I'd left a rally or meeting and then did not go directly home and went about my business or went to dinner and drinks with a friend, and then many hours later suddenly getting tailed by marked and unmarked police vehicles right to my block or apartment building, and it heavily pinged my intuition that something more complicated than "We recognize this person from that large protest several hours later." was going on.

I also would not be at all surprised to learn that LEOs were using Stingrays and other tower spoofing telecoms tools in some way to intentionally drain batteries. I could think of a number of mechanisms that could accomplish this, like spamming infrastructure or back end RF functionality like frequency/mode shifting or handshakes, spurious data requests or otherwise rapidly increasing the rate of these normally benign protocols and communications to slow down data connections and drain batteries just to harass people or interfere with live streamers or citizen reporting.

Looking back at dystopian fiction like 1984, Brave New World and We - or even John Brunner, or cyberpunk fiction - I have yet to find an example in the wild that really predicted smart phones.

Telescreens and surveillance panopticons with video cameras everywhere? Wireless tracking bugs? Miniaturized audio and video surveillance? Sure. Lots of examples of this kind of totalitarian/authoritarian skullduggery.

But in particular I have yet to see a treatment in fiction that ever would have guessed that not only would the telescreens would be portable, but that people would covet them and willingly buy them, pay for their service and data connection. And then become distraught when they didn't have one. Or broke it. Or lost it, or left it at home.

This has been bothering me for some time as an unsettling blind spot in our collective imagination and paranoia, because it asks the question: Well, what else have we missed and not thought of that could be in our future?
posted by loquacious at 1:52 PM on February 5, 2021 [32 favorites]


the source (with presumably more leftist politics) would not have stolen the data

Respectfully, the motivations of the source don't seem to be really discussed in much —or any?— detail. My thoughts are focused specifically on how mainstream media, or even the "newspaper of record", appears to discuss this subject.

The NYTimes, itself, uses a fair number of tracking methods, which further complicates discussion of this, in my opinion.

Not to further pick on this paper, but here's a recent, notable example of how changes in phrasing can emphasize one viewpoint to the exclusion of another. It can matter a great deal, how language is used.
posted by They sucked his brains out! at 1:59 PM on February 5, 2021 [5 favorites]


I'm a little surprised I can't find a previously for the same authors' 2019 package, "Twelve Million Phones, One Dataset, Zero Privacy," linked in the first paragraph of the new article in the FPP. It goes into more detail about how the advertising industry does this with no effective limits.
IN MOST CASES, ascertaining a home location and an office location was enough to identify a person. Consider your daily commute: Would any other smartphone travel directly between your house and your office every day?

Describing location data as anonymous is “a completely false claim” that has been debunked in multiple studies, Paul Ohm, a law professor and privacy researcher at the Georgetown University Law Center, told us. “Really precise, longitudinal geolocation information is absolutely impossible to anonymize.”
There's a lot. I would recommend reading at least that article, if not the whole privacy project package, to understand that people (including these specific reporters) have been talking about this problem for a while now. Anybody going to a protest now, regardless of politics, is well advised to leave their phone at home.

(My feelings about this lens being turned on violent racists are pretty mixed. I'd prefer the tools not exist, I'm uncomfortable with how easy it is to correlate and deanonymize the data, and I don't like the idea of this sort of data being a political weapon in either direction, but people who stormed the Capitol deserve to have the book thrown at them. But I don't think for a second the same tools wouldn't be turned on, say, Black Lives Matter protestors, and in fact probably have been by unscrupulous police departments with a budget to purchase "advertising" data).
posted by fedward at 2:09 PM on February 5, 2021 [6 favorites]


I work with healthcare data. If I somehow released any potentially identifiable patient information, even accidentally, it could cost my company millions of dollars. If I did it on purpose, I could go to prison. I have to do multiple annual trainings to make sure I know what qualifies as sensitive data, and what the penalties are if I fuck up. That's because there's a law protecting people.

Most people aren't going to care about their data privacy if they don't know how much it's getting abused. Private companies aren't going to care about personal privacy unless it gets very expensive for them not to.
posted by theodolite at 2:12 PM on February 5, 2021 [13 favorites]


Between this, the people livestreaming and posting photos, the interviews they gave afterwards --- what an amazing example of the kind of priviledge these people had. They genuinely didn't think there would be consequences for terrorism.

They expected to win, and be hailed as heroes.

But in particular I have yet to see a treatment in fiction that ever would have guessed that not only would the telescreens would be portable, but that people would covet them and willingly buy them, pay for their service and data connection. And then become distraught when they didn't have one. Or broke it. Or lost it, or left it at home.

Iain M Banks talked about pervasive, benevolent surveillance in his Culture novels. I think The Player of Games has a bit where a character feels unsafe because they don’t have their pocket-sized terminal with them. Published 1988, so mobile phones and information networks technically existed, but weren’t integrated or at all common.
posted by rodlymight at 2:14 PM on February 5, 2021 [11 favorites]


any portmanteau in a storm: "If you're going to storm the Capitol maybe bring a clean burner phone and leave your regular one at the hotel?"

When you strike at a king, you must kill him, as Ralph Waldo Emerson said. Or as Omar updates it: "you come at the King, you best not miss."

And then there's Trump.

In short, the Capitol Hill rioters never thought they'd be caught, much less arrested. They thought they'd be feted.
posted by chavenet at 2:17 PM on February 5, 2021 [4 favorites]


(The bit in Cryptonomicon about how you could plot a map of London just from tracking the height of someone's head seems weirdly relevant now. We're leaking data all the time, but our phones have definitely amplified the leak).
posted by fedward at 2:20 PM on February 5, 2021 [3 favorites]


I only wish people on the left cared about OpSec as much.

I dunno. There was definitely opsec guidance in circulation from the summer around Portland protests of "don't bring your phone or any phone that you've had turned on in your house" that seems a lot less paranoid to a lot of people i bet
posted by supercres at 2:43 PM on February 5, 2021 [14 favorites]


I dunno. There was definitely opsec guidance in circulation from the summer around Portland protests of "don't bring your phone or any phone that you've had turned on in your house" that seems a lot less paranoid to a lot of people i bet

The fact that it took people until this summer to start figuring that out and telling each other is kind of exactly the problem I'm describing. I've been using Signal for at least four years, Element.IO for at least three. I saw almost nobody giving a shit about using this kind of software until this last summer. (and most are foolish enough to sign up for Telegram instead of Element)

Also the whole "not turning it on in your house" bit misses that most of these devices don't actually functionally turn "off" in the way we think of "off." (Seriously, go check your shit on your Windows laptop, it defaults to a Fast Boot state that isn't actually, really off)

We've known since the Snowden leaks that the device being "off" basically means fuck-all when it comes to tracking.

Unless the battery is removed (or completely dead), it isn't ever actually "off."
posted by deadaluspark at 2:50 PM on February 5, 2021 [2 favorites]


Just -- keep in mind, when it comes to privacy and non-privacy -- the election could easily have gone another way, and things could go other ways in the future; and what one side can do, the other side can do.
posted by amtho at 3:02 PM on February 5, 2021 [3 favorites]


the election could easily have gone another way, and things could go other ways in the future; and what one side can do, the other side can do.

People really need to be thinking hard about how Trump would have used this kind of information against his political enemies, had he won.
posted by deadaluspark at 3:08 PM on February 5, 2021 [2 favorites]


"People take pictures of each other,
Just to prove that they really existed"

-- ray davies
posted by pyramid termite at 3:31 PM on February 5, 2021 [3 favorites]


Not to hammer the point home too hard, but in 2020, WhatsApp was still in the top 10 most downloaded Android apps, and everyone with a functioning fucking brain knows they've been compromised since they were purchased by Facebook. (2014)

Actually secure messaging options are not widely used by the general public. WhatsApp and Telegram (both horribly insecure) are way more popular than anything else because most people lack the technical knowledge to understand that they're not actually trustworthy. They are advertised as being secure, and that's "enough" for most people.

Until every leftist in the country defaults to an actually secure fully open-source messenger, the entire left movement is compromised. I've seen way too much organizing on Discord and Reddit, as if those private companies give one good god damn about your politics and won't shut you down the second you're inconvenient to their profitability.

And once again, figuring it out last summer was too late. If Trump had been re-elected or had succeeded in his putsch, you tell me what you think was gonna happen to all the BLM protestors who didn't secure themselves? Because I'm pretty fucksure they would have been rounded up by more thugs in military gear wearing no identification.

I mean, they found one girl from the summer protests by using an Etsy shirt she was wearing and tracing it back to her.

I'm just saying figuring it out this summer was way too fucking late with Trump of all god damned people in the White House.
posted by deadaluspark at 3:38 PM on February 5, 2021 [14 favorites]


things could go other ways in the future; and what one side can do, the other side can do

It seems like the other side is already doing it, is the point, maybe. Walk down the streets of most any major US city, look up, and you'll see CCTV cameras, everywhere. There's a short piece in a recent 2600 about how some of these cameras were shut down around the areas where police were intersecting with BLM protestors in Minnesota (if I am not misremembering the details).
posted by They sucked his brains out! at 4:00 PM on February 5, 2021 [2 favorites]


But in particular I have yet to see a treatment in fiction that ever would have guessed that not only would the telescreens would be portable, but that people would covet them and willingly buy them, pay for their service and data connection.

Isn't it cool? The feared surveillance technology came along but it turned out to be a double edged sword. It turns out that the police fear video cameras just as much as the rest of us do.
posted by Tell Me No Lies at 5:19 PM on February 5, 2021 [2 favorites]


There's nothing new in this article (including the Dire Forebodings) that hasn't been kicked around for years on both the left and the right. They Are Collecting Your Data To Use Against You has been a perennial for many years now.

Yup. I dated a software engineer in the early 90s, who kept just going On and On and On about the Clipper Chip, and how evil it was, how the government knowing what was on your computer was evil, even if you were a bad criminal. He made me encrypt all my emails with PGP. When he met my family, he said he would give each one of them a floppy disk with PGP on it, so that we could all begin the process of effectively resisting the government. Then he moved away.
posted by Melismata at 8:09 PM on February 5, 2021 [8 favorites]


go check your shit on your Windows laptop, it defaults to a Fast Boot state that isn't actually, really off

In fact laptops (and desktops) don't turn off completely when you shut them down, but this has nothing to do with Fast Boot; it's inherent in the design of the chips the systems are built around. The only way to ensure that a modern desktop or laptop machine is consuming zero power is to deprive it of same by unplugging the AC cord or switching it off at the wall, for a desktop, or doing all of that plus removing the battery for a laptop.

However, unlike mobile phones, desktop and laptop computers typically don't have an always-on secondary processor component capable of doing stuff like talking to cell phone towers even when the main processor is powered down. Closest they typically get to that is leaving the wired networking hardware just active enough to respond to Wake On LAN packets.

Fast Boot does not, in and of itself, change any of this. All Fast Boot does is save part of the laptop's working memory onto disk right before shutting down, so that when it's next started up, Windows can restore that working memory and pick up where it left off (fast) rather than having to build its working state up from scratch (a little slower).

Some rigs do support Wake On LAN over wifi as well, though. This necessarily involves maintaining an association with a nearby wireless access point, even when the machine is shut down. It's not clear to me whether a wireless card configured to be able to do this would, on its own, be capable of roaming from AP to AP without help from the CPU but if it were, that would certainly have privacy implications.

If your laptop has an inbuilt cellular data connection, it essentially counts as a large and fancy mobile phone and should be treated as such from a privacy standpoint.
posted by flabdablet at 8:19 PM on February 5, 2021 [8 favorites]


When he met my family, he said he would give each one of them a floppy disk with PGP on it, so that we could all begin the process of effectively resisting the government.

I am frequently both astonished and dismayed by the huge blind spot that right-leaning folks have when it comes to identifying powerful bad actors. It's always the Evil Tyrannical Government with these people.

Any attempt to point out that in a democracy the Government is at least in principle accountable to the citizenry while no such constraints apply to the abuses of power routinely perpetrated by huge private concerns is generally met with derisive snorts. Years of propaganda devoted to conflating the idea of a Free Market with that of Private Enterprise, and establishing Government Regulation as inimical to both, has been quite devastatingly effective.
posted by flabdablet at 8:26 PM on February 5, 2021 [22 favorites]


Fast Boot is also not the same thing as Modern Standby, which involves not actually powering down the central processor in any way that the user retains control over.
posted by flabdablet at 8:34 PM on February 5, 2021 [2 favorites]


Also, as far as computers go, there is a lot of space on recent Intel CPUs. A few years ago, it was revealed that each Intel chip has a secondary 486-class CPU taking up something like 0.5% of its space, running a Minix-derived operating system used for remote system management (which officially could not be turned off, at least for consumer systems). Which (assuming that this chip wasn't put there partly for Five Eyes' convenience) makes one wonder what else is there. If the spooks wanted something low profile that would scan memory buffers containing internet packets for hidden signatures and, if found, execute encoded instructions, there's a lot of space something like that could hide in.
posted by acb at 4:28 AM on February 6, 2021 [6 favorites]


Although, regarding the insurrection on the 6th, it's painfully obvious that none of those people had any OpSec at all. I suppose they thought they wouldn't need it?

This is probably not true. There were probably people with very good opsec in that crowd who kept their faces covered and did not carry phones or selfie themselves. We just don't and won't know about them because they won't be caught. This is the reverse survivor bias of criminality. We only know about the ones who commit crimes that get detected and get caught. The ones who commit undetected crimes and who don't get caught are completely invisible to us.
posted by srboisvert at 4:34 AM on February 6, 2021 [19 favorites]


Intel chip has a secondary 486-class CPU taking up something like 0.5% of its space, running a Minix-derived operating system used for remote system management (which officially could not be turned off, at least for consumer systems).

Good thing only the good guys will figure out how to use it. Argh.
posted by amtho at 7:48 AM on February 6, 2021 [3 favorites]


Google Maps. Zoom in, zoom out. It's almost like being there. It's a metaphor, but I can see what your backyard looked like the last time the satellite took an interest, see what your front yard looked like the last time the Google car drove by.

We like the magic. Hit the button, punch in the address, and the map program draws a line from here to there, shows you where the construction zones are, notices the speed limit for you. All this with good accuracy most of the time, and you whine when Google doesn't know about the side road you took. Hell, your phone can even tell you where you parked your car. What did you think this meant?

This technology is not evil. It's useful, that's all. Useful. We have traded privacy for the anonymity of the herd. You may have suspicions, but the herd is big. The implications hovering around this technology are so mind-numbing that I can't break out of metaphors, so: It's the nail that sticks up that gets hammered, right? The grazing is so good, and the herd is so large that you don't really have to worry about those lions circling the perimeter; the odds are on your side. If you aren't speeding, you don't have to worry about the cop with the radar gun. Okay, one last thing: when the good king rules, all's well.

Now. Let's discuss that algorithm used by the Chinese that tells the authorities when you are bored at work. I mean, what could be wrong with that?
posted by mule98J at 7:54 AM on February 6, 2021 [1 favorite]


but I can see what your backyard looked like the last time the satellite took an interest,

The closest zooms aren't satellites, but aircraft. You can usually tell who by looking at the copyright at the very bottom. The USDA Farm Service Agency is one, and in Pennsylvania the Department of Conservation and Natural Resources.
posted by 922257033c4a0f3cecdbd819a46d626999d1af4a at 8:34 AM on February 6, 2021 [4 favorites]


Turns out "Airplane Mode" is what you use if you ever want to get on an airplane again.
posted by Brachinus at 10:37 AM on February 6, 2021 [3 favorites]


but I can see what your backyard looked like the last time the satellite took an interest,

The closest zooms aren't satellites, but aircraft. You can usually tell who by looking at the copyright at the very bottom. The USDA Farm Service Agency is one

The Farm Service Agency stuff is publicly available data. They've been taking pictures from the sky for decades. Turns out you can learn a lot about many different things by looking at photos.
posted by cult_url_bias at 2:15 PM on February 6, 2021 [2 favorites]


"people with very good opsec in that crowd who kept their faces covered and did not carry phones or selfie themselves. We just don't and won't know about them because they won't be caught."
These people, if they are "big fish", can be caught by putting pressure on the "little fish" that had no OpSec. right? That's impression I get from people that seem to know how the people from the 6th are being hunted down. [Beau of the Fifth Column]
posted by RuvaBlue at 6:08 PM on February 6, 2021 [1 favorite]


Ah no, we're no trading privacy for anonymity. The article makes clear, which is already well proven anyway, that it's usually trivially easy to deanonymize data. Seriously, that idea has been dead almost since the internet started.
posted by blue shadows at 10:20 PM on February 6, 2021 [1 favorite]


Between this, the people livestreaming and posting photos, the interviews they gave afterwards --- what an amazing example of the kind of priviledge these people had. They genuinely didn't think there would be consequences for terrorism.

Not to derail, but they literally believed they were going to successfully overthrow the government, with mass executions. They believed there would be no consequences because they thought they would win. I don't want to diminish the gravity of the notion of terrorism but this was a step beyond even that.
posted by treepour at 11:11 AM on February 8, 2021 [1 favorite]


re: putting pressure on the "little fish"

Everyone had their eyes on the infamous "shaman" fellow with the ethnonationalist tattoos and the fur hat. And we all followed the narrative of his special treatment in jail, being served special organic meals. But then his arraignment hearing came up, and we saw a shrunken young man in an orange jumpsuit drawn with pastels on the image of a screen in a courtroom. And the accompanying article said that when he heard the charges the judge read out, he said "Oh, god..."

I suspect that this tale, which at first we saw as "neo-nazi gets kid-glove treatment in jail" was actually just the first chapter in a clumsy path to a plea-bargain deal. I suspect he may have traded in some intel already to get the better food, and that courtroom sketch showed the moment when he realised he was going to have to sing in three-part harmony to get anything but the entire book thrown his way.

And if there's one thing that we've learned from the mafia trials and the hacker crackdown, it's this:
Young white criminals love to brag, even to the courts.
posted by rum-soaked space hobo at 4:05 AM on February 9, 2021 [1 favorite]


« Older Is your dog a genius?   |   New reptile dropped Newer »


This thread has been archived and is closed to new comments