Simply being connected to mobile (or wifi) network is enough to get your location - sometimes with pretty good precision.
So if you're worried about NSA or the like - you better not have a mobile phone/device (or a car - because new cars sold in EU all have eSIM for builtin emergency calls) at all.
And for particular first hand example - Xplora smart watch/phone got super confused when my kids school physically moved.
New building has indoor sports/gym (I think it's basketball court size) on the top floor - and all the reinforced concrete means mobile reception can be hit and miss (even on 3/4G).
Despite phone/watch never connecting to school (staff only) wifi. After move to new building - watch and parent app would regularly think/bounce location between old and new school buildings.
When even 3rd party companies have a mapping between wifi/ssid and approximate geo location, you can imagine state sponsored actors have at least next order of magnitude.
There's public databases of SSID geolocation, e.g. https://wigle.net/
We had the same experience with the Xplora watches: we moved 6km away and took the internet contract with us. Whenever the watch was inside the house, it would show it as being at the old address. Outside of he house and away from wifi, it showed the location correctly. I imagine this is an edge case
If your wifi client device can't find an access point, it goes around emitting every saved wifi network you've got. You can learn an awful lot from that.
Probably the school moved all of their Wi-Fi access points with it? These are often used for indoor positioning, even without any device connecting to them.
I imagine this isn't the case if you're running GrapheneOS on it? I think it would be safe to assume that the factory defaults on any Android would be phoning home whether it's Google, Samsung, or what have you.
The Pixels' only redeeming quality is that they run GrapheneOS. Why you would run anything else on them eludes me.
Disingenuous article. The headline should be "Google Location Tracking is on by default in a brand new Google account and I don't like that".
Yup, the article admits:
> "Because the testing took place with a new, default account, the team did not test to see the effect that user changes to privacy and security settings might have."
And bizarrely the article claims:
> "You can’t say no to Google’s surveillance..."
Well sure, you can't say no if you refuse to even look at the privacy and security settings.
The "Even With GPS Disabled" part of the headline is particularly misleading, since location data often (even mostly?) comes from WiFi too. The idea that turning off GPS would disable location data isn't how location data works.
The real question would be: what tracking happens when you opt out of location sharing?
Side note: I’ve opted out of giving Google my location on the web but when I search they still use my “approximate location” based on my IP and past searches. Trackers gonna track I guess.
> Trackers gonna track I guess.
I mean, it's a search engine. If you type in the name of a restaurant, you want to get the one in your area, not the one halfway around the globe. If you type the name of a store, you want to get their website for your country, not another continent.
You don't want Google to know your location down to a resolution of meters, that makes sense. But it makes a lot of sense for a search engine to try to figure out your city and country from your IP address, at least.
It's not pure search, though. I frequently want results specific to my queries, not based on context or details they assume about me. Searches are also effectively censored by common internal policy to return "local" same-language results to the historical profile they've assigned to your session. It's very hard to escape.
If I try to search in another language for news or information local to another part of the world from an associated device or while logged into Google services, I also get mostly US or English results. I can't just explore the Chinese web, or the non-commercial web, or whatever it is I'm actually looking for, just whatever they want their idea of what they want me to see.
A related peeve, but if I'm planning a trip and want to know where certain stops, like Costcos, are in a state, in Maps, I can't zoom to the level of the state and then "search this area" without it returning a very incomplete list mixed with pins for related results, often unlabeled until clicked on. I have to know or guess where a business might have a location, zoom in, and search repeatedly to be sure. Generic queries like "south indian restaurants" are even more limited.
This is especially frustrating when I know there's a location that isn't showing so I can't set a detour, or if I'm physically nearby something that's not being shown in relevant results, for whatever reason. Our locations aren't always especially useful to us, but having that data is apparently creating some value for them.
If I want location specific results, I add the city I'm in to the search (or "near me").
Otherwise, I want results to be location agnostic.
Don't Pixel phones ask the user if the want to enable location tracking on setup?
Trying to be private ironically just going to make it worse and make you stand out. Using a non-default OS, non-default browser, custom settings/blocklists will just make your fingerprint more unique.
I use an android phone but just don't use any other google services - no search, no gmail, no default apps. I do most browsing in tor-browser, so google ads won't correlate with me.
Where is the investment into a real smart phone that protects your privacy. I'd pay a premium for this, especially if the manufacturing and resources used fair labor.
I'm very confident this just isn't possible. If you want something with 4G/5G, you just cannot get open hardware. Without open hardware this is a moot point. There are a number of projects where you can use RISC-V hardware with 2G and even 3G open source hardware, but calling them equivalent in any way to an Android or iPhone is a... stretch.
I think the issue is the patents with the hardware needs to run out, but by then 6G or 7G will be out and you'll have the same problem. Anything with DMA that isn't closed source cannot be trusted. I'll die on that hill.
Even with projects like PinePhone, the best they can do is a privacy switch that turns off the modem. It's just not good enough to take it seriously.
I don't think it's a question of open hardware: To send a phone call to your phone, the mobile network must know the BTS/eNodeB/GnodeB associated with your phone.
While this is a large surface in rural areas and older technologies, it's not the same in urban/newer technologies. It could easily be associated with a given building.
To protect our location, it would need something akin to a mobile proxy that would relay the communication but to my knowledge, there are no such things for mobile communications. And this is not really secure, it's just outsourcing security to another entity which may be be compromised.
(I am quite rusty, but I was a telecom engineer)
Apple is the closest you get today. You can even pay a premium for it!
Given apple was part of PRISM and, you only pay premium for the pr.
I'm apple hater but you got to recognize they do better at privacy than Google.
If you care about the NSA, then you better not have any phone. Whatever it's a android, iphone, grapheneos, anything. Israel blowing up pagers is a proof that nothing is impossible to them.
But if you want to say fuck off to the big data harvester like Google, Microsoft, Facebook, and so on.. then apple isn't bad at all.
You just got to deal with the usual apple bullshit, no side loading, repairability, thunderbolt charger, no headphone jack, etc.
Shin Bet and friends don't have a magic wand making pagers explode. NSA can't circumvent math. Etc.
This 'but X will get you anyway if they want' or '5$ wrench' is used by alot of people I know to rationalize selling themself out privacy wize.
>do better at privacy than Google
so instead of an actual improvement just settle for second least worst? ironically google pixels are 100 times more private than any apple device will ever be because you can securely run your own 100% controlled open source OS such as grapheneos.org which is an actual private as in feature not marketing OS.
A phone has several levels of software and hardware, the OS that the user knows is not in charge of communications, its main role is to interface the user to the computer inside the phone. The phone OS sees the phone communication hardware akin to the way it sees an Ethernet card. The phone communication hardware (named baseband modem) is also under control of the SIM and every time the mobile operator wants to change the behavior of the baseband modem it can through the Sim toolkit.
sadly firmware is a bitch on almost any modern device. good thing it can more or less be isolated from the OS
Believing the software can somehow be separated from the hardware is a lie. They can mitigate at best the the amount of information one can extract but at the end whoever control the hardware can have access to extremely private information.
A gyroscope sensor is able to accurately record what one say close to his phone. It doesn’t even need Android to run he has access to private information.
> But if you want to say fuck off to the big data harvester like Google
They literally sell your traffic to Google.
I am sure there is a name for this fallacy, but being better yet not enough at something where bar for reaching privacy is so high isn't cutting it. The result is the same, sans warm fuzzy feeling not anchored in sad reality of 2024.
We always use "Perfect being enemy of good"
OK, but still:
https://en.wikipedia.org/wiki/Apple–FBI_encryption_dispute
Apple's reaction to a number of such things has been to further enhance encryption.
They go to a good deal of trouble to make things they can't break. Look at the new cloud compute model they're introducing:
https://security.apple.com/blog/private-cloud-compute/
And if you've missed it, note the prior "verified contact" key exchange added to iMessages, as well as the "sorry we can't read your backups to help you recover your data" security added to iCloud (provided you only use devices up-to-date and opted in). This one is a customer service nightmare, they added it anyway.
All that said, this article is less interesting since (a) if your cell phone uses a telco, "they" know where you are, and where you've been, no Apple needed; and (b) unlike Apple segmenting your Maps directions to prevent themselves from knowing where you are going, Google's always been about your location.
Counterpoint:
https://news.ycombinator.com/item?id=41184153
Apple was caught issuing issuing OCSP queries (hello, XKEYSCORE) every time an app was launched, promised to stop logging and build an opt-out, then reneged and memory-holed the promise.
You act like Google or Apple had a real choice in the matter. AFAICT, that was all court-ordered.
[flagged]
Why? Apart from state sponsored violation of privacy, I think Apple does in fact provide the best privacy protections. I’m also happy they don’t do bizarre things like Android sometimes does, for example preventing you from taking screenshots on your own device because an app can do that on Android.
However, I dislike Apple for their extortionist approach to defending the App Store duopoly, browser access, moderation/censorship on apps, etc.
They are a for-profit company. They are closed-sourced both in hardware and software. Their ecosystem is known to be a walled garden. They aren't open in their processes. They sell your data, they just don't tell you. Following all of their ToS you have to agree to use their devices - you don't even own anything, you are just paying for a subscription (that can be revoked any time for any reason) to use the device.
I agree with most of what you said. But how do they sell their customers’ data?
You can't know, it's kept in a secret. But given the input data - you just have to assume they do (even if they don't).
You can pay apple premium for a lot of things doesn't mean you actually get it tho. people really forgot PRISM that quickly...
How big is the market for that?
I’d probably get one as well, but who else would?
> Where is the investment into a real smart phone that protects your privacy.
I'm just guessing it just doesn't make financial sense to develop one.
A degoogled phone with off-switches for wifi and GPS go a long way.
Is the location they're referring to supposed to be just the country code field in that screenshot?
Gps coordinates
That's what they're claiming, but unless I'm blind, none of the fields in their screenshot are the GPS coordinates.
So will the EU fine them for violation of GDPR?
I reckon they don't track you if you're in the EU.
They do if you have the wrong settings. The location of my SSID is know publicly and I guess it was shitty Android or Apple devices phoning home. Guess I need to switch wifi name and mac to something more common...
But you have no defense against that if casual users regularly visit your location or just come near it.
I installed duck duck goes application tracking protection utility and was mind boggled at how many apps were tracking my location, battery level, etc on a regular and ongoing basis without notification because it is all through 3rd party ad networks.
Even more concerning where the apps, like AT&t's and Fidelity, that do it just to make the money by reselling the data, not to show ads.