102 comments

[ 2.8 ms ] story [ 155 ms ] thread
One of the many reasons to not carry a cellular device, or at least leave it off or in airplane mode.
Apple devices still operate when "off", FYI
When the device is powered down or when location services are turned off?
Find my network still operates in a powered off state (I assume not forever)
Is this true if you disable Find My when you turn off the phone (it's a prompt at shutdown)?
Yes. I just purchased an iPhone and they tell you as part of the setup that if you activate Find My iPhone or sign up for their emergency services, your phone will continue to send and receive signals even when it is “off”, at least while the battery is not fully drained.

I’m fairly certain that Find My iPhone works by other phones or devices scanning for Bluetooth MAC addresses. Before I turned the feature off my phone knew exactly where my Mac was without either being connected to Wi-Fi.

The technology is seriously impressive but also deeply disturbing. I felt that Apple did a pretty good job of explaining the privacy concerns during setup, though.

True. That said, I do not know why anyone concerned with security, privacy, or digital sovereignty would own an Apple device.
That's one approach, but perhaps more realistically applicable advice would be to stop granting location services permissions to every app that asks for it.
The cell towers have your location at all times and will give it to anyone with money or a court order.
Ok, so how do I get the location data of my Senator? Do I just need his cell phone number?
Sadly, yes. I honestly encourage you to do it too. It is the only thing that will make them care.

You will need to have access to the privately sold cell carrier lookup services. Ask your local bounty hunter, private investigator, cell carrier employee, or dirty cop. You can also anonymously buy lookups with bitcoin on darknet markets.

Joseph Cox from Motherboard proved the above at Defcon 27 to raise awareness.

https://invidious.snopyta.org/watch?v=3e6n7jDDmj0

Thanks for the link. I'm surprised I haven't seen this - will be watching it later. Any idea if it's still applicable five years later?
Tracking tech has only gotten better, and more profitable. There is no incentive for carriers to stop selling a product that is legal for them to sell.
You start a marketing or data aggregation company, do enough business so you have enough income to be a credible source of revenue for Verizon, and then contact Verizon with a lucrative contract for access to the data.

All of these companies regularly sell the data, including to law enforcement agencies without a warrant, but that doesn't mean ANYONE can buy it. It's identical to "The law prohibits both politicians and beggars from sleeping under a bridge" and "All citizens have the ability to defray their taxes with complex legal fictions and businesses"

I've kept a shielded bag in the car and house for a while now for that purpose. Rather than futz with settings, just drop it in the bag when I want some "off-grid" time. Apple's latest update clearly states that even when off, they can still location discover the phone.
Doesn't that mean one'd miss emergency calls or urgent texts from family and friends?
> Doesn't that mean one'd miss emergency calls or urgent texts from family and friends?

In case of emergency dial 911, not me:

- If it's not worth calling 911, it's not an emergency.

- If it's worth calling 911, I can't help with the actual emergency.

I think you're missing the case where the hospital is trying to let you know about the state of your loved one.
How often is that happening out of the blue? Sure, if a loved one has a serious health condition try to be reachable. But it's not something most people have to be concerned about.
> How often is that happening out of the blue?

Very rarely, but I'd rather know that not. That's pretty much the idea of an emergency. I know I've had a handful of them in my life and I think they were worth it. If you don't want to be available for those, fair enough.

If that is really the only reason to carry a device, and not because of any addiction to surveillance capitalism services, then a pager is likely a reasonable middle ground.
Of course the only reasons I own a cell phone aren't just emergency calls and "surveillance capitalism services", but they could also effectively geofence with a pager, could they not? It's still a phone number that's being connected to cell towers.
Most pagers are one-way receive-only devices with no transmit ability. Messages are spammed to -every- tower and your device will pick it up if in range.

You can not track a pager any more than you can track an FM radio.

Huh, I didn't know that. So, wait, they send the pager message across the entire service area? How big is this range? Can it be nationwide? And that carries some privacy implications too, doesn't it? I can't imagine these message are encrypted. Also, are we now asking that emergency services start sending out paging messages to the next of kin?
Nationwide coverage is more expensive, but is an option in most plans, yes.

Some pagers support encryption for even higher fees but consider it to be no stronger than SMS.

My older brother habitually turns his phone off when he goes to bed. Not even legitimate calls from family could make it through. So when I tried to contact him urgently about our younger brother, I got nothing but voicemail. I left a voicemail, and he got back to me in the morning. My younger brother had since died.

He'd have died anyway. Sure. But still, I have to tell you that my older brother was really upset knowing he had missed that call by his own choice.

From the parent poster:

> > "I think you're missing the case where the hospital is trying to let you know about the state of your loved one."

But how is any information about the state of someone will impact the course of actions for that person?

> He'd have died anyway

Exactly this.

Maybe it's stoicism, but personally I don't know how I would be upset about actions I couldn't change.

If anything, the voicemail saved your brother a good night of sleep, that would have been otherwise wasted doing... what exactly? Pre mourning? Creating some familial unity by suffering together? Scaring him emotionally by having to hold the hand of a dying person?

I just don't understand all this.

Awesome, you just outsmarted your spouse that tried telling you that your kid is having a medical emergency.
(comment deleted)
[flagged]
Sure, “hot chicks” and celebrities.

...and political dissidents.

So, Hot chicks, celebrities, and political dissidents.

Are you seeing how this becomes the Spanish Inquisition sketch?

Retailers and other consumers of business intelligence care a great deal, it's just not personal. It's easy to imagine numerous other categories of people for whom it is personal, from bounty hunters to political actors.

Anyway, even if your argument were true, why should the 'hot chicks' (who comprise a measurable fraction of the population, and haven't especially sought out public attention, unlike politicians and celebrities) have to put up with being considered acceptable targets for stalking?

- Hot chicks have 1000x threats from Neighbors snooping, security guards watching cameras and plain old leering on the streets / real world.

Their threat from Large Cos collecting data is neglible or near zero.

Then why did you bring it up? Please don't waste everyone's time with such empty talk. I regret thinking you were trying to make some sort of serious point.
Well, yes, but that's part of being "off-grid" as parent described.
Until about two decades ago, not being reachable 24/7 was the norm. And somehow we survived.
Yes, provided one acknowledges that we survived not having 24/7 communications almost everywhere, but others did not.

Same as saying that before the nanny state passed laws requiring children to wear bicycle helmets, we not only rode bikes without helmets, we tried to emulate Evil Knievel by jumping our bikes off ramps leaning against rickety wooden produce crates.

Yes, we survived. But I knew a boy who did not.

I am not telling anyone that they have a moral imperative to carry a cell phone everywhere. But I am saying that just because we (I am sixty) grew up without such technology and turned out all right, does not mean there is no risk.

> Yes, we survived. But I knew a boy who did not.

I'm sorry. What happened to him that a cell phone would have prevented? Medical emergency far from land lines, took too long to reach 911?

>"But I am saying that just because we (I am sixty) grew up without such technology and turned out all right, does not mean there is no risk."

I am 61 and I understand that yes there is a risk. But maybe this is the risk worth taking. As a kid I walked to school and back every day and generally much of my life at that point and later on was spent outside. I am now looking at my 8 year old grandson, all the gizmos he has, access to information and being constantly accompanied by adult for security. I love him and sort of feel very sorry. I think no fucking way I would trade the type of childhood freedom I had to the one most of modern kids are having.

Survival here is being taken too literally. We were able to conduct our affairs (business and personal) without 24/7 access to communications because the world didn't assume its availability. Now the world assumes its availability. So now there are tangible risks to your business and personal affairs by not being aware of evolving circumstances in real time, but if you manage expectations appropriately and set up your life "correctly" the risks of being six hours behind the curve are rarely too important unless you're meeting other people for lunch/dinner (risk of venue changes). Despite our social training, the "news" is mostly unimportant.

I think what you're getting at with the helmet business is survivorship bias - the fact that I did meth recreationally in the 90's and came out with no bad side effects doesn't mean meth is okay for everyone, that sort of thing. But with 24/7 comms it's kind of a different dynamic of changing expectations en masse rather than a question of beating the odds.

Hmm, I wonder how long we’ll have to wait for some dead people to come along and make the obvious counter argument.

Mortality rates among teens and children have generally been going down as far as I know (putting aside any pandemic related skews).

One-way pagers are a thing if this is really a concern, but humans survived without phones for most of our existence.

I do not carry a phone but my family generally knows where I am if they need to call an office or a business to summon me in an emergency.

I am offline, unreachable, and focused while driving, but I consider this a good thing.

You're either off-grid or you're on-grid. If you want to be reached you have to be on.
IIRC this is a feature that is on by default but can be disabled when you turn off the phone. I believe it has to be disabled every time you turn off the phone — it doesn't remember your preference.

I don't know if when you disable this feature it actually makes the phone unfindable, or if it just transmits its normal beacon, but with a message attached that says 'ignore me' (which would obviously make you still findable by Apple, if they were compelled).

[flagged]
(comment deleted)
Whatever your politics I think we can (mostly) all agree that widespread availability of location data from mobile devices is a population scale security threat. Today it may be someone you don’t care for. Tomorrow it might be you. It is always in someone’s interest to demonize whichever groups / tribe(s) we belong to.
Sometimes I feel like we're trying to stop the bulldozer by all this privacy regulations and rules. It can be slowed down, but cannot be stopped.

Would a complete openness be an alternative? Everybody knows everything about everyone? You wanna know what did I watch on pornhub yesterday? Be my guest, but I know that you were looking at this information. And you know that I know it. Perfect society, innit?

I don't know :/ Two pieces of content come to mind, tho:

> We were born on this [slippery slope], and we will die on this slope. It spreads infinitely in all directions, and where we choose to scramble to on its face is the task of our lives

SFP on "Slippery Slope" - https://strongfemaleprotagonist.com/issue-6/page-125-2/

https://en.wikipedia.org/wiki/Gnomon_(novel)

The setting is one like you describe. It's... well, it's such an absolutely incredible story that it's almost impossible to describe succinctly and accurately. I'd say one of the themes of the story is "what would it be like to live in a place like this, if it actually worked and worked well?". That isn't to say it's utopian, or that the problems and issues of the system don't exist or aren't talked about, but neither would I say it's about those issues.

Everyone opted into tracking, and we can opt out again too. I buy things with cash, and cash purchased prepaid debit gift cards. I do not own a cell phone.

Anyone who wants to track me will have to pay someone to actually follow me around which would cost more than anyone stands to make from the data they would obtain.

> Everyone opted into tracking

No, everyone opted in to using services. Tracking was buried in legalese in an unenforceable unilateral "contract".

> and we can opt out again too

Too little, too late, and unenforceable. You might opt-out of the ways you know are being tracked but there's hundreds of ways that you can be tracked without even knowing about it.

> Anyone who wants to track me will have to pay someone to actually follow me around which would cost more than anyone stands to make from the data they would obtain.

I'm not sure you understand just how much profit there is in controlling entire populations by monitoring and predicting what they do.

I am well aware of the profit incentives for my data, and selling manipulation as a service. It is why I opt out in every instance I have a choice.

I use Whonix for most personal browsing, I use 0 GAFAM services or products by surveillance capitalism companies, I do not own a smartphone, I randomize my wifi MAC addresses, and the majority of my transactions are in cash or anonymized bitcoin.

License plate plate cameras, facial/gait recognition systems, and airline tickets are about the only automated ways left to track me that I am aware of.

Except that the data they can review against everyone using prepaid cards can be consolidated into a database and reviewed. If 90% of these cards are used the same way, it's fair enough to assume you're using it in one of those ways. If they're wrong, meh, who cares?
I only use prepaid cards on rare occasion when I encounter a bar or a parking meter that does not take cash. Regardless my name is not associated with any of those transactions.

In general cash raises the least eyebrows and is reasonably anonymous.

Unless you live in a rural area, it's increasingly practical to track you and/or your vehicle by means of networked surveillance camera and automated analysis. It might even be that not having a device would make you stand out somewhat as potential malcontent. I don't disagree with your ethos or methods, but I'm not at all convinced of their sufficiency or scaleability, and think they place too much burden on individuals while settling for none at all upon those doing the surveillance.
Public transit, bikes, electric skateboards, and taxis allow you to move mostly invisibly in cities when required.

Also not having a cellular connection is not a burden once you learn how to navigate for yourself again, and know how to quickly find wifi when you need it. If anything it frees you from compulsive notification checking.

If people flag me as a potential malcontent and discriminate against me I am happy to turn it into an expensive media circus to raise more awareness. I am exercising my legal right to opt out of surveillance systems.

The more people that do this, the less we stand out and the more protected we all are. I do not even -need- to do any of this but I help provide cover for the people that rally do. People like me also make it harder for businesses to do away with cash, table pagers, paper menus, etc.

Do you have the right in your jurisdiction to request the data that data brokers have collected on you? If yes, and you haven't already, you may be surprised to the extent they have been able to track you in spite of your counter-measures.

I used CCPA to get this data from brokers. I am far more careful than most in my attempts to keep from being tracked, but perhaps not as careful as you. The dossiers contained data that went back to when I was 7 years old. The most surprising item was data that could only have come from a print shop (from fake joke business cards printed there, but never handed out).

I am in California and am currently shopping for deep-dive CCPA enforcement services as that is a lot more work than not creating the data in the first place.

Friends have used https://privacyduck.com with success.

I've just been working my way through various lists. It frustrates me greatly that the public is expected to do go through this effort to "opt out" rather than the sleazy stalker companies being required to get opt in.

https://oag.ca.gov/data-brokers

https://web.archive.org/web/20201022024035/https://www.stopd...

list of credit reporting agencies to freeze reports with:

https://www.consumerlawfirm.com/credit-reporting-agencies.ht...

There are 100+ agencies you need to file with, and you need to follow up several times as your data can be re-syndicated between them during grace periods. It is -lot- of work which is why efficient services who've optimized this are likely worth the money.
There's an old sci-fi story that touched on that.

People could buy short video segments of public areas displayed at random and the game was to randomly find pictures of themselves.

Of course, information is power, so that's why the police turn off their body cams....

What threats do you imagine this poses? I'm not particularly concerned with immigration legal or otherwise, but a census of who lives in the US and whereabouts they are is pretty fundamental to having a functioning government. The creators of the US seemed to think so as it's one of the functions they outlined in the constitution.

What's interesting is that the article doesn't know how the government obtained the data in question. I don't know either, but I wonder, did they buy it from a private broker like anyone else could?

A census "By whom?", "By what means?", and "For what?", all seem relevant concerns in a general sense. No specific accusation necessary.
the article doesn't know how the government obtained the data in question

The Heritage Foundation is not an arm of the government, and I'm not sure why you though the government was involved in the collection of this data. The original report (linked within TFA) doesn't specify its methodology in any meaningful way, but it's well known that data brokers resell anonymized device location data and it seems rational to presume that it was purchased commercially.

Indeed, I got them confused with the US government for some reason.
Generally I agree that the issue here is apolitical, that, whomever might want to abuse the ability to buy up/acquire data, whatever tbe villains of the day- there should be checks against this creeping authoritarianism/survelliance-by-the-very-wealthy. Selling consumer data is too alluring & unimpeded.

But it is the least shocking thing I've heard that the Heritage Foundation is behind this effort, & astoundingly unsurprising this very-longstanding forefront-of-conservatism would be confused with the U.S.G.

The article does mention the government is involved in location tracking.

Under ATD, the federal government assigns “SMARTLink” devices to track the location of migrants after they are released from federal custody.

It may even be possible to request this data with a FOIA request.

> The Washington D.C.-based conservative think-tank then continued tracking the movement of the devices across the country over the course of at least a month in January 2022.

How is that even remotely legal?

Plenty of stuff in this country is de facto legal if you have an (R) next to your name (and to a lesser extent D as well), simply because no one is going to prosecute them.
I'm not sure why the reaction to the news that a citizen organization that is non-law enforcement is tracking user data should be "well, it's legal if you have an (R) next to your name." The better question is, why is this data available in the first place?

If senators were actually interested in fighting "big tech" beyond making a show of "banning TikTok" and "investigating Twitter," they would spend the time to craft privacy legislation making it illegal to collect, store or transmit this location data in the first place.

Perhaps someone should start a non-profit to buy and publish the location data of anyone who spends time in the Capitol building. Maybe then we would see some movement on reasonable legislation to curtail this practice.

Part of the reason for the impasse is that there is no explicit Constitutional right to privacy in the US (other than that provided by the 4th amendment, which has arguably been hollowed out in its own right). But the first amendment does confer protection for publication of information, notwithstanding that it may be published for sale to other businesses and abused for everything from irritating robocalls to complete surveillance.

So that makes legislation a steep hill to climb, as interested parties are likely to immediately challenge the constitutionality of anything that makes it through the (often dysfunctional) legislative process. There's also the less formal reality that business is culturally privileged in the US, and the trope of busybody lawmakers interfering with honest business people who are creating jobs and prosperity is easy to market.

Most likely the users of the devices granted location services permission to at least one app they installed, and that app includes a terms of service that allows its owner to sell location data to third parties.
Reminds me of a news piece that covered how a popular Muslim app, think it was a simple direction of Mecca, was selling data to brokers who resold it to govts who tracked the people.

Kinda spooky how data is being abused these days, pretty sure religious people aren't the only ones being targeted.

That is one issue, but the bigger issue is that even dumb phones leak their current location via cell tower triangulation at all times.
Yeah, and can I just buy that from the cell phone company without being a law enforcement agency in possession of a legally valid search warrant? If I give you my phone number, how will you find my current location?

It also seems a bit dubious to call this a "leak," since it seems unavoidable - how would the tower send data to my phone if it didn't know where I was?

The radio station sends signals to my car without knowing it's location. It's only when my phone responds or pings a tower that they will know my accurate position.

The hospital needs to know my details like cholesterol to provide me health services, but they are broadly not allowed to sell those details and if that data ended up somewhere it shouldn't be, you could adequately call it a "leak". Cell phone data should be the same way. Verizon will always know my location, because that's how physics works, but they should not be able to give that info to anyone or anything without my express permission or a warrant.

And all cell phone providers sell this data regularly, cheaply, and to law enforcement without a warrant.
Prove it. Give me your email address, and I'll send you my phone number. Then you can tell me my current location.
So you are saying just because Verizon doesn't sell location data a la carte to an individual that they cannot possibly sell it to anyone?
I read your comment of "and law enforcement" as implying non-law enforcement can also purchase location data "regularly" and "cheaply."

What's an "individual?" Does it really make a difference if it's you or your LLC requesting my data?

I have no - ok, maybe some - doubt that mobile internet service providers are selling "anonymized" and "aggregate" location data - but I seriously doubt they are selling individualized location data of a specific phone number to anyone who pays the right amount of money.

I'm not trying to be daft; if I'm wrong I would really like to know the details of how/where this is possible, and also how I can opt out of it.

Watch the video I linked in our other thread. The only way to opt out is leaving your phone in airplane mode or off except in emergencies. Or switch to a one-way pager which cannot be pinged.
It tends to cost around $200 for a pings that are sold on dark markets as people selling risk getting their bulk access accounts banned. You can buy one for yourself if you are curious.
There is close to zero privacy regulation in the US, so commercial surveillance is de facto legal. It is pervasive and widespread but not well advertised, because when people find out how many records are being kept on them they tend to feel violated.

This dataset was likely obtained from a combination of cell companies and app companies. The only way to change this state of affairs for society is through privacy legislation. And it needs to be competently written so that it doesn't just end up amounting to another paragraph in the legalese that nobody reads.

The Heritage Foundations means and methods used here is abhorrent and should be seen as un-American. This is the kind of precursor action to Kristallnacht.

To you and @TechBro8615, it feels like there is some other law being broken here.

> The Heritage Foundation locked on to the locations of at least 30,000 cell phones at non-government (NGO) migrant aid shelters and Customs and Border Protection (CBP) facilities.

This sounds like they are getting device/tower information directly. Again, this sounds like an illegal interception/wiretapping.

https://themarkup.org/privacy/2021/09/30/theres-a-multibilli...

https://www.eff.org/deeplinks/2022/06/how-federal-government...

https://themarkup.org/privacy/2021/09/30/theres-a-multibilli...

I take "locked on to the locations of at least 30,000 cell phones" as sensationalist embellishment, rather than any sort of technical description. The articles you linked are exactly what I'm talking about. It's abhorrent, but not illegal as there is currently no general privacy regulation. It's not wiretapping because it's not audio. It's not illegal interception or any other kind of tort because the subjects "agreed" to their telcos and app providers doing this when they signed up for their cell plans and installed apps.

It should be illegal. The US needs comprehensive privacy legislation akin to the GDPR, which crucially defines 'consent' in such a way that it cannot just be nullified by unilateral terms of service. Until then, surveillance companies will keep building totalitarian surveillance systems ripe for abuse by the government, politicians, and plain old commercial interests.

How did 30k cell phones install an app that surreptitiously asks for location data? I don't think that happened.

I think the Heritage Foundation used illegal means and methods to track the locations of those people's phones.

Is that not exactly what the article you linked above is describing? It's various toolkits used across the entire app industry, combined with carrier data (which affects everyone with a cell phone).
You give your cell phone carrier your location at all times, and you consent for them to sell it to anyone they want.

Cell phones providers are private companies, not utilities. You can just choose not to have one.

Hoo boy wait until you hear about what the tech companies have been up to.
Obviously this sort of data collection should be banned. Not sure why it's particularly relevant that it's happening to illegal immigrants as opposed to everyone in general, because obviously that same data is available on anyone.

Also weird that there is so much secrecy around the government activity here. Seem like something that should be completely public

Wait until I tell you how anyone can buy cell phone data... I really dislike the "conservative group" in the title there. Particularly, as everyone's buying / collecting the data.

For years, there are companies that sell your GPS coordinates. Search "2000 mules" they (group interested in proving the 2020 election was "stolen") used GPS coordinates combined with video to find who were "mules" collecting ballots and dropping them off ballots in multiple drop boxes (legal in many states btw).

Those same "mules" likely work for NGOs who buy GPS coordinates, web history / social media data / voter records to see areas who haven't visited a drop box, so they know tho to visit.

Everyone's buying the data. Everything is tracking you if it can.

Everyone is buying the data sure. But not everyone is buying the data about a specific vulnerable and demonized group and that does make it a different thing. The fact that a right wing organization is doing it is relevant in this specific case.

The wider case you can make about the dangers of data collection and selling is certainly valid. But there are specifics here that should not be ignored.

I don't think this comment should have been flagged, and would encourage others who can do so to vouch for it: https://news.ycombinator.com/item?id=34316709

I don't agree with the comment, insofar as I've submitted and commented on many stories about the collection and sale of cellphone location data over the years, and submitted this one because it was about the issue rather than the Heritage foundation (although it does happen that their politics are anathema to me). I can't speak for the consistency of objectivity of the source website on this topic, though public radio outlets stereotypically skew liberal.

I also disagree with the notion that this is the best possible application of the data, since it was gathered non-consensually and used to disparage the subjects in the Heritage Foundation report (eg assumptively labeling detected phone users as 'illegal aliens' although the statutory term is 'nonimmigrant person/alien' and has been for ~25 years). In my view it fails to meet any recognizable standard of academic research and is pseudoscientific at best.

Nevertheless, I think that the poster's arguments would have been better discussed than disappeared.

And in other news the FBI has been doing the same tracking on Conservative Groups, without warrant, for the better part of a verifiable 6 years.

What really blows my mind is Democrats/Far Left Progressives siding with neocons, deep staters and warmongers. Is that what is meant by "side switch"?

I just want to be left alone.

     > What really blows my mind is Democrats/Far Left Progressives siding with neocons, deep staters and warmongers. Is that what is meant by "side switch"?
If you look into the origin of the Neocons you may be surprised to find they were Marxists[1][2][3]. More specifically, Trotskyists, who simply found a different path to achieve the goal the COMINTERN once sought - globalist revolution using "democracy" as their weapon/tool. Understood in that context, a lot of seemingly incongruous things start to make sense.

[1] https://www.theatlantic.com/daily-dish/archive/2010/06/neoco...

[2] https://theweek.com/articles/528827/rise-neocons

[3] https://www.wsws.org/en/articles/2003/05/shac-m23.html

A long time ago I was outraged to find that prison inmates were given TVs better, much better, than the one I owned (because I couldn't afford better, much less much better).

I'm not as outraged that we're giving illegal aliens cell phones because the whole immigration policy fiasco is a tool of the political parties to keep us outraged...