36 comments

[ 2.5 ms ] story [ 52.4 ms ] thread
IMO we should ban gathering this data without a warrant or specific contractual agreement between the device owner and entity aggregating the data. As much as congress loves to claim the interstate commerce theory of everything, this seems like a slam dunk.
companies don't buy anymore, they just take it. think about Claude, every time you use it, you are literally give away your code, your data, and even your personal information.
Just ban the sale of any kind of adtracking. That way we can get rid of the cookiewalls too.

Missed opportunity by the EU when they wrote GDPR.

A lot of geolocation data on the market is anonymized, following medium-lived unique IDs that aren't able to be mapped to other identifiers. The problem with that is that if you have precise locations, or enough samples that you can apply statistics to find precise locations, in many cases you can de-anonymize the IDs. You can purchase address and resident listings from a number of different data vendors, and by checking where the device returns to at night you can figure its home address. Then if you find information on the residents (work locations, schools, etc.), you see if said device goes where each resident of the home address is likely to go, and you now have a pretty good idea of exactly who the device belongs to.
Smartphones, mobile apps, mobile networks, and WiFi stopped being your friends around 2015-2016. Now it's just a matter of how much data can be harvested from device sensors in real time until reaching a pain point which doesn't exist.
Does anyone know of any groups that are organizing and lobbying to get things like this into law? I know about the EFF but they seem to be more focused on documenting and reporting instead of lobbying and getting things passed.
How about we just ban the collection of precise geolocation? Wouldn't that be a better solution?
The problem with all these discussions about banning stuff is that privacy is always on the back foot. It's by design. People who want to surveil and manipulate us are actively investigating new ways of doing it, they get paid for it and they risk nothing in the long run. All of these discussions about specifics are just reactions. They aren't even reactions to the surveillance itself, but rather to a discovery by someone that a new surveillance machine has been constructed and launched.

So the current feedback process involves: construction → exploitation → reporting → public awareness → legislation. This is too slow. Moreover, operating in this environment is exhausting.

We need a different feedback loop altogether. I'm not sure which one would work best, but something different needs to be considered.

A culture that values privacy, out of respect, necessity and/or fear, has potential to sabotage each step of the process even if it were not to change.

There was a point, at least in my bubble, where there was a general sense that government surveillance is bad (expect against those people). I think coming out of the Cold War, then 9/11, and followed by propaganda obfuscating the increase, purpose and prevalence of private surveillance took us from "no, we aren't Stalinist Russia" to "I don't care, I have nothing to hide" to just "I don't care" when it comes to the topic of surveillance at all.

Unfortunately, it will take great shocks to instill it so the next generation can learn from the suffering of the previous, and then forget it when privacy is taken for granted again.

Let’s just stretch copyright to cover movement/location as a protected creative expression. It’s somewhat ridiculous but we’ve already established case law and technology for handling/mishandling protected assets.
Cory Doctorow argued against using copyright law as a substitute for privacy law or labor law [1], and I argue the same for location privacy. Copyright law already gets abused enough in contexts that indisputably involve copying of creative work. I do not want to stretch copyright law into location/movement privacy, where nonconsensual recording of location/movement does not necessarily copy something created by the person whose location was tracked. At least in the US, copyright comes into existence when creative expression is recorded in a tangible medium (such as your device's RAM, because outside of my beloved meme world you cannot download more RAM), and the copyright belongs to whoever did the recording. If an app on your phone records your location, was it you who recorded it? Was it the phone maker who recorded it? Was it the app maker who recorded it? Keep in mind, maybe you didn't install the app, or maybe you weren't aware that the app would track your location when you first installed it.

[1] https://pluralistic.net/2023/10/21/the-internets-original-si...

These people really have no idea at the level of data collection from Google's rootkit on Android known as "Google Play Services".
There needs to be a believeable legal framework behind this.

Imagine a option on your iPhone that says “Enable this to allow geo-location tracking for organisations registered under the NOADSJUSTPUBLICGOOD Act” - then any wifi endpoint could locate you as long based on signal strength etc and that data could only be made available to people registered under the act.

Would we see new understanding of how people move around in cities, would we see better traffic information, Inthink so - as long as people believe that there are real teeth to the laws and they enforced loudly and publically.

We should embrace the benefits of a society wide epidemiology experiment - the benefits for public health are incredible. (Add to that supply chain logistics on open ledgers and many of the new things that just were not possible before and the future of open transparent but well regulated democracies is bright.

Let me know if you spot one.

Haven't read the article yet but having more NTRIP public endpoint could help a lot to this precise location
Soon Geolocation will be tied to Age! Then you can meet locals and congratulate them on their birthday. The movie Minority Report was way too timid in its prediction here. Age up everything! \o/
Alternatively, opt out of services that sell it
I'm of the opinion now that posting videos online without the explicit permission of EVERYONE in the video should be illegal. It's one thing to take a video and keep it on your phone but if you share it outside of your family and only your family, then it needs to have the expressed consent of everyone whose face is on it otherwise it should be a crime.

The previous views on privacy didn't take into account the fact that everyone now has video cameras and people are incentivized to violate privacy to make money as influencers. I think people's privacies need to be protected and I think that means making laws around it much, much stricter. This includes things like location data, it shouldn't be sold or exposed at all.

I had a theory that the way to solve this was a location intelligence data union which sold safely anonymised aggregates and shared the profits, while also litigating on behalf of members under available legislation to stop other people using their data.

Alas, I was stymied by not having any cash to work on it, and the unit economics were not very VC friendly (at least I assume that’s one of the reasons why I didn’t get any traction from VCs).

Most people don't realize how bad geolocated data is for a free society. I can buy data from a broker, geo-fence your house address, and then I'm able to see all the places where you went, who you associate with, and identify all you associate with by tracking them to addresses. All of this happens with anonymized device identifiers. It is the wet dream of a company such as Palantir and all governments who desire absolute control over their populations.
The examples show Android devices. How does Webloc track iOS devices given Apple doesn't allow unique IDs and allows the user to disable the ad ID? I wish these articles would go into a bit more detail for the technical reader.
Once wealthy and powerful people realize how this can be used to track them they will start cracking down. One of many examples for how underrated access to location data is for unauthorized people, it is a primary way that the military locates and kills targets in foreign countries. It is surprising all of the data is so freely available with data brokers. Or in some cases from the app companies themselves, if you're willing to make it worth the trouble for them.
They realize it. But they can exercise enough power to target removal of information that they don't want public.
I think it's fair for law enforcement to compensate the people collecting this data instead of forcing them to give it away for free.
When I had the opportunity to peer into public records, I found some extremely intriguing stuff.

There was one person with a feminine name who showed up with a “home address” that would correspond to being my “neighbor” at home, at my clinic, at church, when I went to college, etc. All the years corresponded correctly, and the addresses were some residential place about a block or less away from the places where I went.

For all I know, this person was either fictional or an innocent bystander. She did appear to have a Facebook account or two. I was never able to directly contact her. But I found it very strange and I wondered what would be gained by doxxxing me in this manner?

Of course this has nothing directly to do with GPS coordinates, but imagine if the GPS began to be part of your public record as well, or on your credit report. Imagine if it was entered into the public record what coffee house you visited every morning, or if there were errors in this record.

> GPS coordinates

* coordinates

There are many ways of establishing ones latitude and longitude without recourse to one particular GNSS system.

"Get consent first" hasn't worked because the average consumer can't give informed consent to the kind of stuff going on behind the scenes.

What about: "If something bad happens because of the data your company shared or lost, it is criminally and financially liable?"

I want geolocation to not be sold. Yet, I do not believe we have been successful in banning the sale of cocaine and elephant tusks. What makes us think this will be an easier problem to solve?
What a facile point. By your logic, literally nothing should be banned. Murder, rape, etc.
The problem the USA has is that it has no concept of "private data" outside of some part of HIPAA.

Until that changes you're going to be stuck.

Something as simple as the data protections act 1998 (https://en.wikipedia.org/wiki/Data_Protection_Act_1998) would kneecap a lot of the shady shit that goes on in the USA.