27 comments

[ 2.9 ms ] story [ 74.9 ms ] thread
This actually seems like useful data that actually can be used to make the lives of the consumer (as opposed to the advertiser) better. It would be great if Google would open this up and make it available publicly, so we could have good data on what carrier has coverage where.

Having it available publicly, I think, would also spur carriers to increase their data coverage.

I don't buy the "privacy concern" excuse for this one at all. It almost feels like something one would do purely to spite or trick the regulators and/or consumers for caring about privacy.
This effectively provided carriers with aggregated, deidentified information about people's locations. It's easy to see from the problems with things like Strava's heatmaps just how much of a privacy headache this could be and how hard it would be to ensure that nothing sensitive leaked out. Also, even if they did people are sensitive enough about privacy that with the right spin it could be turned into a muck-raking story and readers would believe it.
Strava heatmaps? I seem to recall the problem that came up there was exposure of military bases?

Google could totally do this properly if it really wanted to.

I was about to suggest this, because anonymised data is often not-so-anonymous in aggregate. AT&T's recent disclosure of selling this information to bounty hunters[0] shows that sharing across companies isn't always done with the end goal of user privacy. Examples of over sharing can set precedents in court cases showing that such sensitive data can be treated as a liability rather than an appreciating asset in the wrong hands.

[0] https://www.eff.org/press/releases/eff-sues-att-data-aggrega...

If you're a carrier then you can do coarse-grained detection of everyone's location by timing-based triangulation - modern cell phone standards require knowing your distance from the cell tower (see https://en.wikipedia.org/wiki/Timing_advance for example) so it's measured (and thus can be recorded if the carrier wants) as part of every keepalive connection and if you're in range for more than one tower, which is almost always, you can do triangulation.

Of course, getting GPS data will be more accurate, but you should assume that it's unavoidable that the carrier can know roughly where all the phones are right now.

I wager that coarse-grain location data is not so coarse these days. My carrier seems to know the instant I crossed a border for instance, sending me a text message about it within seconds. Years ago people used to get nailed with roaming charges simply because they were near a border and happened to accidentally get connected to a tower across the border, but that's not happening anymore. Their system knows enough about your location to know if you are across the border or just near it.
Coarse-grain location data becomes very revealing when you have enough timestamped data points. The NSA's CO-TRAVELER[1] program only needs to watch which towers cell phones use to build a very accurate map of each phone's pattern-of-life (where does a phone regularly travel/idle) and social interaction network (e.g. which phones travel/idle together).

[1] https://www.washingtonpost.com/apps/g/page/world/how-the-nsa...

By course-grained I mean 0.5-1 km; which is very inaccurate compared to GPS accuracy (and isn't sufficient to tell which shop you're visiting, which has commercial value in sale of location data) but is accurate enough to tell which side of the border you're on, or which mall you're visiting, or when you're home or at work and when somewhere else.
> Distance

Don’t modern cell towers use beamforming? In which case they get direction as well as RTT, so triangulation is not even needed (although it makes location more precise)

I may be wrong, but I think that at least the vast majority current widely depoyed systems don't use beamforming, it seems more of a "here's a tech demo that we're going to roll out soon with 5G" thing.

However, it's a bit the opposite way around - it's not that they can use beamforming to get direction, but it's that they need to know the location before they can use beamforming - so the protocol (5g?) needs to require the device to know or obtain its location, and send it to the cell tower so that it can apply beamforming; similar to how in 3g the protocol includes measurements and adjustments of the timing advance so that the distance can be used when actually transmitting data. So it would be essentially like "the phone can't turn off GPS or transmitting it to everyone, because it needs it for the radio to work".

One could also argue that it also provided law enforcement with another potential target for blanket, large scale search warrants.
If they're so concerned about peoples' privacy, perhaps they could disable their own non-aggregated, individually recorded, indefinitely-retained, fine-grained, timestamped GPS data collection?

Of course, their definition of 'privacy' is 'making sure nobody but Google gets your data' so they wouldn't see any need to do so.

Between the Nest cam recording light becoming "always on" and this, it's like they've been brainstorming ways to be "pro-privacy" with the caveat that it can't affect the data they collect.

We'll probably see another one next week.

Ever notice they do something very shortly after there is a stir about their internal anti privacy memos from the leaker?
Not sure if intentional but both moves also seem rather passive-aggressive - i.e., they both affect relatively uncontroversial data uses that might cause noticeable problems for end-users when affected.

E.g., they make a camera designed for surveillance helpfully indicate to any burglars whether or not the owner might be watching them - but they don't change the actual capabilities of Google to watch.

They turning of location sharing for one feature that people would probably agree to share statistics with but keep the personal location history every android user gets by default untouched.

In the first place google shouldnt even have those data. And I would place my bet they have removed this access so they can easyer say that they dont have location tracking data. Those are a bit problematic as from your movement you can be personally identified even without any additional identifiers. Which puts them under PII category.

https://www.nature.com/articles/srep01376

Could this not be about privacy, but have anything to do with Google preparing to launch its own wireless service (no not Google Fi, but maybe Dish Network)?
Seems like one of the decisions a consumer should make, and not phone OS provider in this case.

My overall sentiment is that any actively enforced regulation, is often used as a weapon against competitors, or as a weapon to racketeer money from a business.

(whether it is privacy, patent enforcement, copy right enforcement, nondiscrimination and so on).

Therefore, what's missing, generally, is the complimentary framework to to make sure that actively enforced policies are not abused.

I do not know how exactly those complimentary no-abuse laws would work, but I think they have to be part-and-parcel of every legislation, and should be voted for at the same time.

Without it, we do not have a truly 'fair competition and instead business compete on whose team of lawyers is more creative and more aggressive.

We don't have truly fair competition anyway.

Giving this right to consumers is equal to taking it away. Carriers will simply make you sign a waiver on signup that lets them take whatever they want anyway.

You may think that market competition will weed those carriers out by my dollars voting elsewhere but I'm pretty sure it won't, at least not in my lifetime, if ever, given how many people gladly sign over not only their data but my data as well to places like Facebook every day.

At least people choose to give FB/Google their data. Carriers have no right to it.
Google is near monopoly on <500usd mobiles and maps. So it is difficult for users to exercise the right to not use them.
Maybe Google is realizing that the carriers' monetization of your personal data is turning the carriers, even more than before, into Google's competitors.

Google wants to keep your data for themselves.

In this light, the wording of the headline is a nice PR win for Google. Makes me wonder if they perhaps wrote that headline themselves and fed it to the news services.

(comment deleted)
Well at at least Google seems to be trying to improve when it comes to privacy. Android Q seems like a good update for privacy.
real reason for this is that the current advertising trend is "POI targeting".

google and other advertising companies (sometimes owned by telco, such as verizon-aol) allow clients to target users if they are near a starbucks or whatever.

this data now has a price in the market. my bet is that it had zero concern for users as the real motive.