My friend was going through a pretty massive depression after his mom passed. He'd been with my wife and I at our house for a number of hours talking through it, and apparently not texting his sisters back. They called in a welfare check.
We live in a reasonably dense suburb. Police showed up at our front door and asked to speak with him. They just wanted to make sure he was doing OK. He asked them "how did you find me?" and their response was just "we pinged your phone".
Watching my security camera, they did not stop at any of my neighbors houses first. It was very direct to my front door. This leads me to believe whatever sort of coordinates they had were pretty spot on. His car was parked well down the block and not in front of our house so that was no give away.
This was five years ago and always struck me as a "Huh"
Oh! So IIRC it used to be that the modem could only get a rough estimate of your location and typically Apple/Google's location infra(which combined wifi/blue and lately satellite position based shadow mapping) to determine a precise location. And law enforcement got precise info from _that_ infra(E911 requirements for every device).
Clearly they don't need that now because 5g cell towers have gotten precise enough? Also, if that's true then 5g being that precise might still not apply to urban dense areas, where more postprocessing is required to get better location accuracy...
5G isn’t inherently any more precise, but because of the higher frequency used in 5G, the radio signals are blocked by obstructions much more easily, so there must be many more 5G radios per unit area to provide coverage. And one feature of having many more base stations around is that triangulation of specific phone is much more accurate and precise because of how close the 5G base stations are to all 5G phones.
5G infrastructure isn’t limited to tall easily visible radio towers like 4G and before; 5G transmitters are small and relatively inexpensive, making them very common. My employer has a private 5G infrastructure, and we are not related to telecommunications in any way.
For the most part they use the same or lower frequencies. N71 (600mhz) is lower than any of the 2G/3G bands and requires less cell density than 3G (UMTS/WCDMA) did.
> 5G infrastructure isn’t limited to tall easily visible radio towers like 4G and before;
Nor were earlier technologies. DAS systems get used in large buildings/cities and were done with 4G as well. Small cells and femtocells have been a thing since at least 3G era.
> 5G transmitters are small and relatively inexpensive, making them very common.
Transmitter cost wasn't the primary limitation before, the options for unlicensed/lightly-licensed spectrum were low before and the standards weren't really designed to use them as primary carrier until NR. Also you had to run way more components to run earlier technologies, the stack is just smaller for a NR deploy.
This is not true, 5G has multiple positioning improvements that are not related to higher frequencies. 5G has something called LMF (Location Management Function) that handles positioning of user clients through multiple means, like round trip time, angle of arrival, and dedicated 5G positioning reference signals.
In 2009 I worked with a triangulation system in a dense populated area. The precision of location was comparable in average to GPS (meaning sometimes better) when indoors, it was orders of magnitude better as GPS. That was 3G, some yeras ago… I assume today is much better, as the density of cells increased
I’m not super sure about the specifics but having taken a 5G class, the professor made it quite clear that due to the latency and bandwidth requirements of 5G, precise tracking is required to allow towers to correctly do beam forming.
When talking about the 5G system, cell towers can request a users estimated velocity which when combined with the towers own location combined with the physical radio (that is communicating with the phone (UE)) you can get a pretty good position estimation.
What is new is that network providers are trying to sell this tower/5G data to other companies.
I could be wrong but from my understanding 5G has always required precise tracking of every device connected.
So when 5G was being deployed to the city I was working for and I could see permits, it struck me as really peculiar just in terms of economics because the density of towers needed is extremely high compared to the previous generation. As a user, I really can’t tell a difference in quality of service. So it seemed like an extremely large capital investment for no gain, which makes me think that the purpose of 5G is some dual use that is not public knowledge. That the intent was to create a high accuracy tracking system for us seems plausible to me given how much money is funded into other surveillance activity.
My knowledge on this is the tower should be able to optimise beams without location information. Channel information can be relayed back to the tower for beam optimisation. The tower needs to know the signal path characteristics but not explicitly the location.
Not disputing that location data is used for beam optimisation just that I dont believe it is required.
Exactly, the channel information is all that’s required but you can quite easily get the location information from that, which makes it easier to add additional features from a system point of view.
If I recall correctly, the tower will report channel information to the higher up controller system which will then decide which next tower should be notified of a phone that’s entering its range.
So while explicit positioning isn’t required when dealing with one tower, the system overall does need to determine a users position and velocity to handle tower to tower transfers.
In other words my opinion is that the difference between a towers channel information and a users position is almost one and the same. It’s a handful of math equations away.
This would not be a problem if you phone did not have IMEI and IMSI, and if the telco only provided an anonymous Internet channel. The problem is that you must have a phone number, often linked to your ID and pay with a bank card, linked to your ID, instead of cryptocurrency. Towers and beamforming are not a problem at all.
Information about received power and SNR is relayed over the 5G data link to and from the tower, and beamforming happens that way. As a result, the tower doesn't need to know where you are at all. In fact, with higher frequencies, you often get weird bouncy paths for 5G radio signals so the "beam" that gets formed can be a rather odd shape while being optimal.
"and notify the user when such attempts are made to their device."
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
I turned off all cell carrier tracking 5 years ago. 100% of it.
By canceling my cell phone subscription.
I know I know, I must be amish, I have heard it all. But I run two tech companies, travel, have a family, and do most of the things most around here probably do other than doom scrolling.
Before mobile phones, there were public phone booths. Along motorways there were often call boxes. There’s little to none of that anymore.
Also before mobile phones, if you had an accident in a remote area you were at the mercy of someone passing by and noticing you. Today, modern cars can call 911 on your behalf along with your location without you even being conscious. Or if you don’t have a car that does this, then your cell can be used. Let’s not also forget iPhones calling for help when they detect you had a fall at home.
Yes emergencies existed before mobile phones. I contend that the use of mobile phones has led to better outcomes when an emergency happens. I also admit mobile phones will have caused some of those emergencies (distracted driver etc).
You can also just use google family link, make someone else your parent, and lock down the phone. I have a "dumb phone" that is just a refurbished Samsung s22 I bought. Only supports phone calls, messaging, and some credit cards basically.
How is being able to make phone calls prevent you from being tracked? You're still going to be constantly pinging those cell towers with a unique identifier.
I have a hybrid approach with GrapheneOS. 99% of the time I only use WiFi on my phone via a Tor router. I have an anonymous KeepGo ESIM with global data that does not expire and use it when I have to when Im away from home.
Please explain what this means, I can turn my cell phone off. How are they able to ping my phone if it has no power? Or are you saying even when you turn it off there's still some part of it that's energized or something?
You are correct and as others have said, the phone can run functions while it looks like its off. This was one of the main reasons manufacturers killed removable batteries. You can put your phone onto standby, but you cannot power it off completely.
There are also conspiracy theories that claim the last 10% of battery is reserved for tracking, so that when your phone says its out of battery and wont turn on, it still has plenty of power left to ping tracking data say once per hour or something. I dont push those theories, but judging by what Snowden released all those years ago I wouldnt be surprised.
ok, that makes more sense. If the battery is dead then the phone can't track me (or if you had a phone with a removable battery - i have an old one I kept that is like that).
How do you work on the go? I use personal hotspot quite often. Not only when on the go, but if there is unstable WiFi. It’s saved me on multiple occasions - both for live-site incidents and for random meetings.
It really depends on who you work as and what your working conditions are. For example, if I had some non-management position at a company that insists on working from the office, I would make sure that I'm NOT available outside my designated work place.
Pardon my skepticism but I find it hard to believe you can actually participate in western society without choosing to have a government mandated tracking device?
Maybe you live somewhere this is possible but it's definitely not in the developed world
Runs 2 tech companies - the basic promise of the US is when you're rich you can do whatever the hell you want because you can pay people to handle stuff for you.
But also, one doesn't always need a phone - phones can die, signal is not gauranteed. What are your "must have" things that require one to have a smart phone to participate? Assume the poster has a home phone, laptop, and credit card.
Small companies that are 100% FOSS with no VC investment, where everyone has to pull their own weight. I do not have a personal assistant or anything like that and navigate the real world, travel, etc, very often alone.
The failure mode isn't as a tech company CEO. As you point out, if you're the CEO, you have the luxury of defining yourself unavailable as CEO whenever the hell you please. If the website is down out if business hours and you haven't made it someone else's problem that you're paying for it to stay up, it can just be down. No, the issue is as a father/mother/husband/wife/son/daughter to someone's you love dearly enough to consider them family, biological or otherwise.
It's rather dramatic, but the phone call/conversation I could never forgive myself for missing, is the last words of a loved one before they die, whether due to car crash or some other calamity (9/11). Or missing the opportunity to take the very next flight out to see them before they pass. You are free to treat your family, biological or chosen, as you see fit, I just know there are some phone calls I'd rather be woken up in the middle of the night for than miss. Reaching me via cellphone is more direct than trying to find whatever hotel I'm at since I'm on the road as CEO and talking to customers and vendors in person on the road as CEO, so calling my house phone doesn't help.
Phones are required, insering a SIM isn't. Your work and home probably have wifi, and services meant to be used on the go are commonly built with offline use in mind. Especially those you actually need in society
A burner phone left at home just for the ability to receive SMS would be helpful for account registrations though
> services meant to be used on the go are commonly built with offline use in mind.
I'm not sure about this. With everyone moving to the cloud and web applications, this seems to not have been the case for a while to me. There surely are what are now called "local-first" alternatives to the main services (in the past those would just be called desktop applications), but if someone is using Office 365, does it have an offline mode? (Sincerely asking since I never tried this, plus, you should still get to load the web application before losing connection, right?)
Though I do have a phone, I do not use WhatsApp. I get the same responses you are getting - people absolutely can not believe that we function in society.
You pay a price (we miss many party invitations, only one friend consistently emails us and FB everyone else), but it's worth it.
Recently spoke to a colleague in Italy that told me he hates WhatsApp, but is forced to use it because the school of his kids in Rome use it as sole means to communicate, despite this being a legal violation (public organizations in Europe must use GDRR-compliant tools).
I bought into something like this, removed all social media for 2-3 years.
I lost so many connections to people and it seemed to set me back multiple years on my goals. I thought it would make me more productive, instead my userbase got cut in half.
I’m old enough to remember when nobody had a cell phone and we all worked and had social lives. I love it when people think you cant possibly live without something that didn’t exist a short time ago.
That said I’d be lost in five minutes if I tried to drive somewhere without gps
I can understand that in some social contexts it is possible. For me personally it would be very hard. E.g. most school-related stuff of our daughter is coordinated through WhatsApp, same with birthday parties, playdates, etc.
Traveling internationally or domestically, booking flights, hotels, going to concerts, theme parks, the movies, organizing hangouts with friends, exploring new locations... all of these things I do just fine by using a web browser on a desktop computer before I leave home, and sometimes printing a couple things. I live a typical middle class lifestyle just without the doom scrolling.
All the ways of living an active life engaged in the modern world that worked before the 2009 smartphone explosion still work just fine today. Just without tiktok and instagram. I think I am okay without those.
>booking flights, hotels, going to concerts, theme parks, the movies, organizing hangouts with friends, exploring new locations... all of these things I do just fine by using a web browser on a desktop computer before
This won't be possible soon, last couple of venues I went to were digital tickets only. Will call is basically dead now, and that used to be my preferred way of getting into events.
So what - printed maps? No ‘where are you?’ texts or the like? No looking up nearby anything you’re curious about but didn’t know about before hand?
Certainly possible, I guess, if everyone in your circle does the same, and has a ton of patience, and you spend a ton of extra time doing all the prep in advance. And don’t need to deal with things like traffic jams right now, or the like.
When you agree to meet someone somewhere at some time, all further communication is redundant (I expect you to be reasonably punctual and I don't need your SMS updates "Hi, leaving the house now." followed by "hi, I'm running 5 min late", I will wait, and if you are not coming, you can call me to apologize if you care one bit).
For people who don't know their way, you can use in-car navigation systems rather than smartphone map apps.
99.9%? I am old enough to remember time before mobile phones, and being at a place at a prearranged time is possible. Also, if you are late, you can actually do a phone call to inform the other party - all you need is a feature phone, not smart phone.
I personally respect other peoples time and I expect the same for me. That is, I have cut out people from my life in the past that repeatedly would text "hey I'm 20mins late" 2mins before the agreed time. That is still disrespectful with my time, because now I know you are late, but still lost those 20mins. Some people don't consider that rude and for some reason do not see that this would not work if everybody does it. Needless to say, my friends know that I value reliability, and most of them do. People that don't respect that don't need to be in my social group, or at least I don't make plans with them.
Norms describe averages, I do not necessarily have to follow them as an individual. Eating meat is a social norm, yet in my social group there is far-than average vegetarians and vegans. This is fine, and I don't see a need to change. I as an individual can decide with what other individuals I want to surround myself. And I chose not to surround myself with people that are always late and unreliable.
Let us use Constructivism. Countries do not drop nukes on each other. However, if one starts, everyone will follow. Or you may have an arms race situation, one country gets colonies and unless you want to be dominated by other countries, they also get colonies.
No phone number? Spend more time getting services. Unable to get services from some companies. Miscommunication/frustration. Less connections/acquaintances.
Maybe this ends up working for you, but it lowers your 'power', the ability to get what you want. I do have concerns that it works in the short term, not long term.
"Getting what you want" is not an attainable life goal for me. People who do that above all else, are willing to throw away with their values whenever it benefits them. So you end up not having or at least living by your values. Unless your value is you above everyone else - Exactly the people I avoid. And why would you want to surround yourself with people that only do what benefits THEM?
I can tell you with almost 100% certainty: no banks in the UK use any 2FA other than SMS-based.
I spent December last year looking for a new bank to move to. One of my criteria (not the most important but it was on the list) was better-than-SMS 2FA.
No one offers it. There may be some niche, loosely-based finance org that does but none of the banks or Building Societies do.
Barclays, with standard current accounts, provides several methods none of which are SMS. There's a separate pin-code device (called Pinsentry) that does TOTP and challenge-response, or passcodes for both telephone and Internet banking.
(not op). I use a dumb feature phones that can receive SMS for far less than 40€ (even cheaper, but I like the music player and some other things like bluetooh for headphones). I have a "twin SIM", i.e. my mobile carier gives me a SIM with the same phone number and if somebody calls me, both phones (smartphone and feature phone) ring. SMS can only be received at one number, but you can switch the SIM for SMS reception using the carrier website. Since I only take the feature phone when I leave home (to enjoy outside time without distractions) I usually don't turn it on.
Most 2FA can be done without a phone, and you can also use offline 2FA keys, not necessarily a text message.
You can also set up a phone number to accept texts from a laptop.
I can do whatever on my bank by just calling. It would be a bit weird to never be able to pitch in on meals with a $ transfer app, but I suppose when you run 2 tech companies you're probably paying most of the time, or you just take a note and transfer it later.
We definitely won't get rid of it if we accept failure. I get that it seems extremely unlikely, but there's no use in trying to just mitigate the risk short term. One way or another that power will be abused eventually (if it isn't already).
Idealist views like this get us nowhere either tho.
The reality is somewhat more murky. On a long enough time horizon your point makes sense, we might be able to get rid of the security state by slowly chipping away at ig over hundreds or thousands of years.
Most of us are going to be dead in about 40 years tho. Security state isn't going anywhere in that timeframe.
Why not? Change like that happens slowly, then all at once. I can't say I'm optimistic that it will be gotten rid of, but if its worth fighting for then it doesn't matter if it seems likely.
Out of all places on the Web, this one should be where solutions to (get rid of/limit the surveillance state) are devised. If the HN community doesn't have the will or skill, who else has?
Well that's very interesting. Why do you expect HN is the most likely place on the internet for people with the will or skill to take down the security state?
I would have guessed it was more likely this is where you'd find the people who built the security state, not want to destroy it.
Your bio says you are an AI professor. As far as I can tell the AI industry seems to be the mass surveillance machine's magnum opus. How do you square that circle?
Maybe the dead in forty years comment. Though considering accelerating climate collapse and the possibility of nuclear conflict it’s not completely unreasonable in my view.
People love idealism. It never works, but it sounds amazing.
Reddit, HN, and every democracy has the same problem... at least for a few years.
I think after this bout of Trumpism, the republicans will not be able to elect another populist demagogue for a generation. I think democrats need to do a round as well.
For consequences, we need to do away with the notion of qualified immunity. Why should police officers, politicians, agents of the government have any immunity for their actions? They should carry personal liability for breaking the law and violating others’ rights. Otherwise, there is no reason they’ll change. Right now, at best you’ll sue the government and get some money, but all you’re doing is punishing other tax payers.
In the United States, qualified immunity is a legal principle of federal law that grants government officials performing discretionary (optional) functions immunity from lawsuits for damages unless the plaintiff shows that the official violated "clearly established statutory or constitutional rights of which a reasonable person would have known".
Under 42 USC § 1983, a plaintiff can sue for damages when state officials violate their constitutional rights or other federal rights.
This is interesting. In my country (Poland) parliament members have legal, immunity from criminal prosecution and arrest to the point of police not being able to stop them if they drunk drive. There have been some abuses like that.
The law is such that a prosecutor that wants to prosecute them has to ask the parliament. Then there is a vote and the parliament decides if the immunity is taken off.
In a healthy democracy, where there are more than same two parties switching the rule to one or the other it is very likely the current opposition will be the majority next time and they will vote to strip immunity from those that try to use it as a shield for criminals.
I think the price we pay for this (delay in getting justice) is well worth paying so the justice system can't be used as a weapon against political opponents easily.
The rules and laws allowing the federal government to take over a state case against a federal agent seem much more damaging.
The cops involved in the most recent Minneapolis shooting will almost certainly face no repercussions because of this. The state can bring a case but the feds are clearly uninterested, they would simply take the case into federal court and spike it.
That's not how it works. When a state prosecution of a federal officer is removed to federal court, it's still the state prosecutor who's in charge. The problem is that as long as they were performing their duties they get a lot of leeway. A recent case was a cyclist killed by a DEA agent that ran a stop sign. Case dismissed: federal agents tailing someone don't have to respect state traffic laws.
The state can't bring charges against a federal agent enforcing federal law, otherwise southern states could have sued the federal agents enforcing integration.
Individuals can have standing, but they have to be directly harmed first. You don't have standing just because the law "SilverElfin loses all his constitutional rights and can be arrested for nothing" gets passed. You do have standing once you've been arrested.
It's more like when the federal government passed a law giving people a recourse for when state officials violate their rights they did not write the law to (or purposefully wrote it to not) include the federal government.
It's the norm in most western countries. Prosecution of administration official is still rare, but nothing like the obvious free permit to misbehave we see in the US.
Get rid of qualified immunity and enjoy no more fruit of the poisonous tree. I assume you are not familiar with the laws of evidence by your emotional position. One of the biggest problems the country faces is citizen literacy in all domains. If you improve citizen literacy across all domains you will solve all problems, until they take away our ability to vote. The "system" exploits those who cannot defend themselves.
What security state? They aren't doing this for anyone's safety. This is the surveillance and parallel construction state.
> What needs to happen is accountability.
No agency can have this power and remain accountable. Warrants are not an effective tool for managing this. Courts cannot effectively perform oversight after the fact.
> The only way to stop the rampant abuse is to treat data like fire.
You've missed the obvious. You should really go the other direction. Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
Strictly speaking, this is not completely true. When you call an emergency number, it’s very good that they can see exactly where you are. That was how this was sold 15+ years ago. But of course, that’s basically the only use case when this should be available.
Yet when I call emergency I must provide my location verbally, and then am usually contacted for a follow-up, because the guys cannot find the place. Don't get me wrong, I'm sure that this location technology works perfectly well: just not for the "only use case when this should be available".
Except apparently they can't. I'm in L.A., a city where resources presumably represent what's available in modern cities, and the first thing I've been asked in any 911 call is "what's your location?"
This is particularly offensive considering that everyone was forced to replace his phone in the early 2000s to comply with "E-911." Verizon refused to let me activate a StarTAC I bought to replace my original, months before this mandate actually took effect.
Looking back on it, it was a perfect scam: Congress got paid off to throw a huge bone to everyone except the consumers. We were all forced to buy new phones, and for millions of people that meant renewing service contracts. Telcos win. Phone manufacturers win. Consumers lose.
Why? What is the rationale? Unless of course you subscribe to the idea that anything goes as long as a court decrees it, in which case there’s nothing to debate really.
Court approved warrants are pretty fundamental to how our legal system works and how some level of accountability is maintained. That system isn't perfect by any stretch, but removing it unlocks Pandoras box and I'm not sure we'd be better off without it.
As it stands, a cop has to get a warrant to enter and search your home, for example. If we remove that hurdle because we also don't trust the courts then we just have more searches.
I get the reaction to turn on the whole system, I have very little faith in it myself. But I don't think many people are really aware of or ready for what would come without it.
Have you been paying attention to the news lately where Trump is weaponizing the court system to a point where ethical AGs are resigning instead of complying?
Thats not an argument to get rid of the courts. Quite the opposite. Trump is trying to sideline them, but ultimately it will fail becausethe population wont accept it. The US isnt China or Russia, and Trump may have to learn that.
The population is accepting it right now. 40% of the people still approve of everything Trump is doing.
If you have 10 friends and you ask them what they want to eat for dinner and 6 say let’s go to a Mexican restaurant and 4 say let’s kill Bob and eat him, you still need to worry about your friend group.
Right this second ICE agents are killing people with impunity and police for the longest have had qualified immunity to kill people unjustly.
The country voted for this knowing exactly what they were going to get. Don’t believe the Michelle Obama “this is not who we are” this is who this country has always been
The country voted for it but it wasn't a rational choice. Half the country lives in insane false world, pushed by Fox news. But it's a near-majority every election.
There are so many rulings, just in the last 25 years even, where SCOTUS has reaffirmed that warrantless search is not okay. This one is very much in line with the topic, in fact.
Carpenter v. United States (2018)
This country has never been what you're saying. We have some over policing happening. That seems to come and go in every country and doesn't say anything by itself about what a county is about, especially where it's trending over a 25 year timeline in the opposite direction from what you're describing.
Let it go to court, at least, before you flip your lid and turn on your countrymen.
Democrats (the South) always said that this country was always about slavery. They used that rhetoric to argue FOR slavery for decades after it was abolished. This is all documented in supreme court cases from the 18th century on up through the civil war. Some of the founding fathers argued as attorneys in some of those cases in fact, stating firmly that slavery was always illegal in the United States. Republicans (Lincoln included) pointed to the Constitution as evidence that slavery was always illegal and that the southern states had a limited time to abolish it (that's factually written in the Constitution, a concession made in order to earn their support in the revolution). The disagreement on that is exactly what led to the civil war. The South refused to live up to the Constitution's terms and end slavery, counter to the law.
The Republicans won that war. We live in that country that won. Not the one you're describing. Jim Crow was a Southern state thing. The North never allowed it. We live in the North. The South is gone and it was never part of this country because it violated the laws that would have made it so. They rebelled against anti slavery laws from the beginning and they finally got what they deserved, to be conquered by the United States that we live in today. And then they still argued to keep slavery and the Supreme Court kept slapping it down. Over and over and over.
If you believe that the United States was ever about slavery, then you carry the rhetoric of the very party that created Jim Crow and that supported slavery, and you make them the good guy in the story. You support their version, where it was always legal and they got screwed by the lying North.
The irony... Don't ignore the writings of Washington, Franklin, Hancock, etc. All wrote to say that slavery has no place in this country. And it never did! Their letters are preserved for you to read. They are available online or in one of the museums in DC. Probably the National Archive? Someone can correct me if they know.
Anyway, that some people refuse to follow the law, isn't a reflection of the country as a whole. Similarly, when someone is killed in Norway, I don't jump to conclude that Norwegians are murderers. That wouldn't make any sense.
Did you go to high school in the South somewhere? The revisionist's history of the US seems to stem from that part of the country. I'm just curious if it tracks.
The constitution literally said that slaves were counted as 3/5th of a person - the actual founding documents. How can you say this country wasn’t about slavery from the beginning?
What poll have you seen that asks people to approve of everything any president does?
I live in a very red part of the country, and in a very red, rural area that voted ~90% for Trump. I don't know anyone that is okay with everything he has done. Some take issue with Venezuela, some with the handling of the Epstein files or the federal budget. Some don't like sabre rattling over Greenland.
Most people I know that do vote Republican are one issue voters. At least here people voted because they always vote republican, support the second amendment, think the republicans actually want a balanced budget, or just hated Clinton/Biden. It isn't about supporting whatever Trump does, though I'm sure some small percentage does.
People regardless of party or region don't think critically often enough and can't set aside their own personal beliefs. We've made our country bipolar and we're seeing the repercussions. It isn't a problem with any one party or person, and the answer isn't to tear down the fundamentals of our system. We need to actually get back to the fundamentals because of late both parties have been going the way of socialism and authoritarianism.
Isn’t that agreeing with him? HN loves to make excuses for the voters. If killing someone isn’t too aggressive what is? Killing and eating his kids? They think that is fine
A court order is just a hurdle that legislation (or a constitutional provision) dicatates, in the investigation of crime (or prevention of future crime...). The distinction is the rights of the individual vs the rights of other individuals in the dilute sense we call society.
The problem is that individuals no longer have confidence in their institutions, for both good reasons (official corruption, motivated prosecutors, the dissolution of norms of executive behaviour) and bad ones (propaganda on Fox News, and the long tail of disinformation online).
The question becomes: how can citizens have confidence their rights will be protected? What structure would protect the right to privacy?
The only reliable way to protect rights is to limit power, and the only reliable way to protect fundamental rights is to limit power with absolute prohibitions.
This was well understood in the decades following WW2, and many countries implemented protections of this kind, only to roll them back again later when people had forgotten why they existed, and believed once more that everything will be fine as long as the “right” actors were in power.
They aren't that hard to get, yet Trump's warriors ice never seem to have warrants signed by a judge. Going back to being able to ignore fake warrants not signed by a judge without them killing you would be a big step forward.
With fundamental rules, applicable to all situations, limiting what information courts can demand. There are things so private that they should be out of reach of the state regardless of what justification someone can come up with.
> Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
I like the idea on principle, but I'll like it far less when I'm getting charged with computer fraud or some other over-reaching bullshit law.
This line of argument is common. We use the term 'wiretap' because that is what it was, a physical tap on a physical wire and it took a real person there to do it. Even then it took a warrant to approve it. Wiretap laws were written when the technology made abuse extremely hard and were likely appropriate for the time. Now we live in an age where abuse of millions can be done in a single key-stroke and often doesn't require a warrant or oversight of any kind because the technology has changed and evolved to provide loopholes around the laws. The intent was emergency services but the mass use has been anything but. That is the key point and those that have abused this, weather on behalf of the government or for corporate profit, should be held responsible. We should have laws that criminalize breaking the intent of use in ways that harm individuals. You found a technical system rife for abuse and you use it that way? Go to jail. Pay a fine. It is that simple.
Made for, and used for, are two different things. The article gives an example of Israel slurping down that data constantly to track everyone, and you can bet they aren't the only ones doing that.
Does it apply to the government like it applies to people? Is it enforced against governments like it is enforced against people and corporations? A core issue here is that laws, and the application and enforcement of laws, generally do not. Having said that I applaud the attempt and encourage pushing forward on the anti-surveillance aspects of GDPR while recognizing all laws are flawed.
The telco would be the one collecting it first, I assume. It would be interesting for someone in the EU to request their data from their telco, and if it contains these precise locations, question the usage.
Tescos in the EU are required to track location for emergency call purposes and provide it to the government in such occasions. That means they need the ability to collect it all the time.
Yeah it applies to government like local municipalities have to adhere to GDPR, they cannot just have your name on the register, they have to have a legal reason.
Way you could argue it doesn’t apply to government is that the government makes the law so they can make the law that makes data processing and having your name on some kind of registry required.
But still they have to show you the reason and you can escalate to EU bodies to fine your own country if they don’t follow the rules.
If I send it to the company A, company B doesn't execute it unless they're a subsidiary of A (or A is their data controller) and my request was carefully crafted.
In the scenario you painted, that would mean that my _former_ friend has issued their request to me.
Carriers knowing your approximate location from tower attachment is expected. What’s surprising (to a lot of people) is the separate, control-plane “positioning” path where the network can ask the handset for its own GNSS fix (meter-level), and the phone can respond without this being part of the normal OS location permission model.
That’s the uncomfortable bit: it’s not “GPS broadcasts your location” (GNSS is passive), it’s the baseband/network stack can be prompted to send a precise fix. And because it lives in the modem/control plane, it’s basically invisible to users and hard to audit.
If this capability exists for emergency location, fine—but then it should be locked to emergency sessions, logged, and auditable. A user-visible “limit precise location to carrier” toggle that still allows emergency sharing is exactly the shape of the right fix: restrict default sharing + make non-emergency use provable and accountable.
This community should be talking about meshcore more imho.
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
Reticulum gets around a lot of these problems, as the (better) encryption is app-level (or even more fine-grained.) Its also not tied to lora, so you can interop easily with other transports. I made a websocket transport for it, and there is already TCP and UDP, and a couple non-lora radio transports. I also made a (works on web) js and Arduino client lib, and it has a few native client libs, so it can sort of be used on anything, even over traditional networks, or web clients. Meshcore and meshtastic are way more popular, but reticulum seems so much better, to me, for most things. It can still have overload problems, like any radio network, but no client is required to forward, so you can build a different kind of network ("only forward messages that are for my peeps" and marked correctly.) It also has "it costs compute PoW to send to me" which can greatly cut down on spam.
I only recently discovered Reticulum, only to then learn that the developer has retired from working on it. Do you know if there's still any community members carrying the torch?
The discord is still very active, and there are still commits from original developer, so I am not sure. Its a simple enough protocol, though, and it's been reimplemented a few times. I made my own no-class python version, js, C, etc. Someone made a rust version.
I really want to get into these Lora based mesh tools but the range in my experience is terrible. Maybe I'm doing something wrong, maybe it's a lack of nodes in my area.
I just tested the other day. I'm in the midwest US so it's winter, no leaves. I managed to get about a quarter mile before my two portable nodes couldn't talk to each other. T-Echo with muziworks whip antenna.
Without a bunch of solidly placed, high elevation, high gain antenna nodes, this just isn't really that usable.
Plus, all the other issues others have highlighted.
Honestly: MC and MT are classical bloated Arduino projects with a giant single big-loop and an interrupt coming from the LoRa modem.
Both projects are hitting their limits because of this. Every new feature and every bug fix causes endless amount of pain and breakage.
I was involved in both - and gave up because of this.
IMHO both projects need some kind of thin-client which delegates most of the functionality into the client. Only keep some basic LoRa/Message Buffer/Routing/Battery Saving functionality in the hardware itself.
This isn't great advice if it's supposed to be an alternative to text messaging with a carrier (especially if you're using encrypted RCS).
For one, meshcore doesn't do a fantastic job of protecting metadata. Advertisements include your public key, and if I'm reading this[0] right, your GPS coordinates.
Second, the default public channel uses effectively no encryption at all.
Moreover, the network doesn't exhaustively prevent someone who intercepts a packet from identifying who sent it. It's no Signal.
All telemetry is off by default, you have to explicitly tune it on and then optionally permit specific contacts to poll it.
The PKI is basic because these networks are tiny and merging. And running on tiny computers ($5 boards with no display)
Public channel is public and it uses the default encryption key because it's a default channel, so by definition everyone is invited to participate. Not sure what your critique is.
And no, it's not trying to be signal. It's also currently less reliable.
1. Telling someone to use one of these devices because their phone carrier might look up their location is silly in the first place, because meshcore doesn't even eliminate the possibility of being tracked geographically.
2. It protects your messages better than SMS but if you care about the privacy of your messages, it's infinitely worse advice than suggesting someone use Signal or another app that actually replaces SMS securely.
Still falls flat when it comes to metadata privacy. Just having multiple nodes distributed geographically that listen for packets would give you the ability to narrow down the location of a specific identity dramatically, even if you're not in range of their device.
What does this have to do with mobile carriers tracking GPS data? If you're implying we should use it instead of mobile phones that's not practical at all.
How trivial is it, really? These are spread spectrum devices that could have very sparse duty cycles. If you sending only millisecond bursts a couple of times an hour, for telemetry and whatnot, it would seem pretty hard to get a good fix, especially when moving. I haven't analyzed lora traffic, so just talking out of my ass.
LoRa uses chirping which are much longer than milliseconds. You can clearly see them in a spectrum display. It's a very slow protocol. Not as slow as WISPR or JT8 but still slow. The flip side is that it's robust (the chirping provides a lot of interference protection against fixed-frequency interference for example)
You could get a rough location for free. Every time you send a message, “observer” nodes connected to the internet publish the packet, and in the packet is the repeater path taken, repeaters have known locations and the first repeater is going to be near you.
Meshcore isn't, the firmwares are proprietary. Meshtastic is, but they whine about trademark stuff all the time and cry when anyone mentions Meshcore in their channels. LoRa radios themselves are all proprietary Semtech turf. I guess it's possible to run over 2.4ghz but the range predictably sucks compared to 900mhz.
> This community should be talking about meshcore more imho.
The fundamental problem of distributed networks is that you can either have centralized control of the endpoints, or your network becomes vulnerable to denial-of-service attacks. So meshcore/meshtastic are great because they are used only by well-meaning people. If they become more popular, we'll start getting tons of spam :(
Meshtastic has terrible defaults (every node rebroadcasts everything, every node sends telemetry), which makes sense in the backwoods but not anywhere close to civilisation.
This, combined with the 10% duty cycle limitation on the used frequencies is the main issue, I believe. Once the 10% are used up, a node basically has to go dead until it falls below 10% again. And with lots of messages about battery levels and other telemetry being sent and relayed, those 10% get used up fast.
euhm, well. 112 programmer here. There are multiple levels. Cell tower triangulation come in automatically from providers. But they are only in tower numbers. They might be wrongly entered by engineers, hence the confirming question about where you are. Second is subscription information, as in registered address. Chances are if called from nearby your address, you are at your address. Next is a text to your phone number, which is intercepted by firmware and sends gps coords back. This can be turned off, since implementation.
American carriers have a different protocol than the EU. The EU (and probably EU derived networks) uses a """secret""" SMS format that's opt-in, but the 911 system works differently.
The 911 feature can be activated fully remotely, the 112 feature is supposed to only activate when dialing an emergency number.
GP likely means any 911 call automatically has geo tracing.
>The dispatcher's computer receives information from the telephone company about the physical address (for landlines) or geographic coordinates (for wireless) of the caller.
I say """secret""" because the spec says that the format should not be published so people can't try to mess with the format, but the first link on Google shows the exact format.
The spec says:
> The AML SMS should not be seen by the caller and therefore should not appear in the SMS "sentbox" of the smartphone. This is to avoid any customer confusion and to avoid making the format of the message widely known. In addition, there is also a potential privacy concern in storing the location of an emergency call from the handset, which could be seen by others.
The AML SMS gets triggered by software on your smartphone when you dial an emergency number. You cannot use it to obtain someone else's location.
Not by users. The new thing is that Apple allows users to disable this feature. Hopefully they still detect emergency calls on the phone and enable it unconditionally for those.
Note sure:
In my country exactly this feature is used by police & state enforcement to find locatin, because this "ping" message is not forwarded from the modem to the OS, so the OS is not aware of any of these messages
yeah, there always was. It's a service code, like getting your imei. But it was a weird long one, and manufacturer dependent. Now UI switches are created for it apparantly. Can't find it anywhere on the internet though. I don't work there anymore, so can't look it up.
Did you read the article or are you merely responding to the title? The article begins by acknowledging triangulation and then moving on to the point of the article. The article is about commands built into the UMTS and LTE specs for requesting GPS from the device. Your comment seems to be about everything but the main point of the article.
Yes I saw that and also took it to mean the person didn't read the article. A text to your phone number? The article never mentions SMS. Heck I think the 2g/3g "feature" does not even require the phone to even have a SIM installed. This next sentence also seems to have been written without reading the article: "This can be turned off, since implementation."
I don't think it indicates their article reading either way and wouldn't personally wager a guess. They are just adding their own personal experience to the conversation.
I have read the article. It's speculative and not a reveal of anything new. All is ITU spec and came down from there. So there is quite some overlap in emergency service short code regions.
Another poster mentions 'ping', which is called pinprick for 112, which does work always, but requires authorization to be used. That I can confirm from experience.
I mean we kinda did when we decided that emergency services calls would be special and give first responders the ability to find you. Wireless carriers are required to provide GPS quality (actually better than GPS) location data to EMS and this is how they built it.
The only way to actually do this was develop a way to ask the phone because the tower isn't accurate enough. In the US it could have been more privacy preserving by being push but I imagine carriers don't want to maintain and update a list of current emergency numbers. "Sorry person in a car crash, we can't find you because cellular modem firmware is out of date and your emergency number isn't on list" is a PR disaster waiting to happen. Easier to coordinate with police and fire and let them do the asking.
911 is the only actual emergency number with regulations around it in the US. police and fire have _non_ emergency numbers that differ, my local hospitals will tell you to call 911; and gas, water, power, and other immediate risks to life safety are all 911 anyway (at least as the first call).
Sometimes it seems dumb, but as long as its an honest report I've never heard of anything more than an annoyed patrol officer. Felt stupid calling in an interstate sized sign hanging by a literal bolt-thread but the patrol shut down that lane.
In general the emergency services would rather come out for something that sounds on the face of it stupid ("This sign is hanging down above the road and flapping in the breeze, can you come out to it?") and deal with it with plenty of time.
Far better than getting the call "This sign has come down and chopped a bus in half, and then four cars have run into the back of the wreckage".
Build the fence at the top of the cliff, not the hospital at the bottom.
The other one you get is "remove object from person", which is usually not as rude as it sounds. Mostly, it's cutting a ring that's too tight off someone.
What, you want me to call 999? To get a ring that's too tight off? I mean it's hurting my finger but is it really an emergency?
Yes, dumbass, it's an emergency. Get the ring off your finger right now before the blood supply gets compromised and you end up with a big slug of stale dead blood washing round you when you finally do get it off. You could lose your hand if you piss about with it too long.
I know it seems like overkill to have a 18-tonne Scania rock up with five guys in it just to cut through that little ring, but they have the right tools to do it quickly and easily, and no-one wants to have to cut your hand off.
Ring 999 while you still have two working hands.
Smoke alarm going off? No apparent reason? At least ring them up for advice. There might be something you haven't seen. Just phone them.
It's far easier dealing with you not being on fire in the first place, than dealing with you being on fire later. Not being on fire is good.
Boost Mobile (under Dish Network), until a few months ago, ran their own custom-built 5G network that covered about 30% of the US population. They built it after the acquisition of Sprint by T-Mobile, in an effort to maintain a fourth nationwide wireless carrier.
Unfortunately Boost/Dish struggled significantly with finances and customer attraction post COVID, largely due to two problems (seamless roaming between their own network and partners’, and more importantly, getting manufacturers like Apple to build compatible phones). When the current president came into the picture, the FCC essentially forced the sale of Dish’s primary spectrum licenses to administration-friendly SpaceX, for future Starlink use.
As of now, they are in the process of moving their customers to AT&T (and possibly a secondary agreement with T-Mobile), but they seem to be maintaining their own network core - that’s likely why they’re able to implement support for this, while AT&T does not.
It isn’t restricted to Boost Mobile. It is only available on devices with the C1 or C1X modem, though. I assume this is because of specifics with the third party modems that most models in the wild have vs what Apple is doing in-house with their C1(X). If you call emergency services it will still provide precise location.
It could be a flag in the per-network CarrierConfig bundle. I imagine that would help with jurisdictions that might require this protocol for legislative reasons
Serious question: will this limit the ability of 911 emergency services to help you?
I can imagine a scenario where emergency servies are authorized to send the ping to get your precise location and if you disable this, you may regret it. And a major feature of some phones/watches is the ability to automatically call 911 under certain fall/crash movement detection, where you might not have the ability to re-enable your GPS location.
But they still can track the cellular connection and do triangulation from that, no?
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
From the comments, it appears many are not aware that even the US government buys location data of users from data brokers - How the Federal Government Buys Our Cell Phone Location Data - https://www.eff.org/deeplinks/2022/06/how-federal-government... ... Apparently, US cell phone companies are one of the providers of this data - US cell carriers are selling access to your real-time phone location data - https://news.ycombinator.com/item?id=17081684 ...
We really have a societal problem in that we allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
> We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
Thats basically the foundational idealogy of the united states. Thats not the issue.
The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.
I'm aware it's intentional on the government's end. My point is it is not intentional by the original intentions, and should be a priority for people to advocate to fix.
The only private companies with this power are monopolies. Effective competition would destroy this behavior. So the real problem is the government _intentionally_ and _illegally_ allows monopolies to form so they can get access to this workaround.
>
allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
<
Somehow this reminds me about Blackwater / Xe Technologies? :-/
(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)
>We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.
>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.
Your cell phone provider does not constitute "drinking buddy". The fact that, in essence, everyone is being surveilled location wise all the time by these providers is reason enough to restrict the activity.
> The poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move. DRINKING BUDDY IS WATCHING YOU.
> 'Does Drinking Buddy exist?'
'Of course he exists. The Party exists. Drinking Buddy is the embodiment of the Party.'
'Does he exist like you or me?'
'You do not exist', said O'Brien.
> Oceanic society rests ultimately on the belief that Drinking Buddy is omnipotent and that the Party is infallible. But since in reality Drinking Buddy is not omnipotent and the party is not infallible, there is need for an unwearying, moment-to-moment flexibility in the treatment of facts.
>Your cell phone provider does not constitute "drinking buddy".
You're right, it should be even more scandalous for the government to get information out of my drinking buddy, because the information I told him was in confidence, and he promised he wouldn't tell anyone. My cell phone provider, on the other hand, clearly says in their ToS who they'll share data with and in what circumstances.
A non-exhaustive list that has, time and time and time and time and time and time and time and time again, to downplay the grossly cavalier approach they take to the "privacy" of your location data.
They value it alright. At several dollars per person.
And what many are saying is that the phone provider should not be allowed to be so free with your data in the ToS. In the same way that your landlord can’t add a slavery clause to your lease.
This is why I advocate for making selling location/identifying data illegal. If nobody is allowed to sell it then the government cannot legally buy it.
Government is supposed to follow the law as much as everybody else. Whatever they do has to hold up as legal in court when contested. If they acquire information illegally they will be losing trials.
I agree completely with your first paragraph, but I'm not sure what privatization has to do with it. Also, I agree that more regulation of private parties is needed. Or even better, break up the private companies that are like multi-state governments in terms of power.
Why not vote for some law limiting the government’s buying of this data? After all, I expect a say in how the government is run, so that seems like the appropriate path. I don’t see why I should expect a say in how AT&T is run. AT&T can’t raise an army, or enter my house, or shoot me.
How exactly do I vote for such a law? We do not have a direct democracy, and I'm not aware of any viable political candidates that have this sort of thing as a part of their platform.
This shows the importance of having open-source software and firmware - commercial companies will betray you every day - remember HDCP, unskippable DVD sections, TPM, updates you cannot disable, "security enclaves", content protection areas on SSDs and all the similar stuff where interests if the owner are not considered.
Of course. I was just calling the police on my drive home to report some junk on the road and the operator asked me quite directly “is it on the junction you just passed?”. I didn’t mind actually, saved me some explaining. And if I ever call emergency, I can be pretty sure they will find me.
- Kröger, Jacob Leon; Raschke, Philip (2019). "Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping". Data and Applications Security and Privacy XXXIII. Lecture Notes in Computer Science. Vol. 11559. pp. 102–120. doi:10.1007/978-3-030-22479-0_6. ISBN 978-3-030-22478-3. ISSN 0302-9743.
- Schneier, Bruce (5 December 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Archived from the original on 12 January 2014. Retrieved 13 December 2009.
- McCullagh, Declan; Anne Broache (1 December 2006). "FBI taps cell phone mic as eavesdropping tool". CNet News. Archived from the original on 10 November 2013. Retrieved 14 March 2009.
- Odell, Mark (1 August 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 14 March 2009.
- "Telephones". Western Regional Security Office (NOAA official site). 2001. Archived from the original on 6 November 2013. Retrieved 22 March 2009.
- "Can You Hear Me Now?". ABC News: The Blotter. Archived from the original on 25 August 2011. Retrieved 13 December 2009.
- Lewis Page (26 June 2007). "Cell hack geek stalks pretty blonde shocker". The Register. Archived from the original on 3 November 2013. Retrieved 1 May 2010.
So specific models from before secure operating systems like Android and iOS. Now those operating systems even show an indicator whenever they are recording.
How that works is simple: there are regulations that force that the microphone used for calling is directly connected to the "baseband", which is under control of the carrier. It has to be, because of AT&T's argument: ONE misbehaving baseband can make cell phones inoperable in an area that's up to a kilometer in diameter. So AT&T's cell towers "need" to be able to send out a signal that permanently disables a phone's transmitter.
Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)
By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.
And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.
Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...
Here is an article about baseband and baseband processors.
>Regulations say the baseband MUST control: [...] all microphones and speakers
I'm going to need a specific citation for this, given that it seems trivially falsifiable by the existence of bluetooth headphones (which the baseband obviously can't control), not to mention other sorts of call forwarding features like the one iPhones have.
> Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
This is simply not true.
Source: I own a phone where this is not the case. Many Linux phones internally attach their wireless devices via USB, so there is good separation.
Also many upscale phones have decoupled the baseband from things that were once connected to it, as an attempt to improve security. (On iOS for instance the main CPU controls wifi.)
Connecting a cellular radio via USB provides far less isolation than the approach of a tiny kernel driver connected to an IOMMU isolated cellular radio on mainstream devices. USB has immense complexity and attack surface, especially with a standard Linux kernel configuration. Forensic data extraction companies mostly haven't bothered using attack vectors other than USB due to it being such a weak point. Many of the things people claim about cellular radios in mainstream smartphones are largely not true and they're missing that other radios are implemented in a very comparable way.
Cellular, Wi-Fi, Bluetooth, GNSS NFC, UWB, etc. do get implemented on secondary processors running their own OS but on mainstream smartphones those are typically well isolated and don't have privileged access to other components. The cellular radio in an iPhone or Pixel is on a separate chip but that's a separate thing from it being isolated. Snapdragon devices with cellular implemented by the main SoC still have an isolated radio. Snapdragon implements multiple radios via isolated processes in a microkernel-based RTOS where the overall baseband is also isolated from the rest of the device. There are a lot of lower quality implementations than iPhones, Pixels and Snapdragon devices but the intention is still generally to have the radios isolated even if they don't do it as well as those.
The Linux USB stack improves over time, and besides, implementing it with USB makes it easier to implement hardware toggle switches. (Cutting power pins to the USB modem is like unplugging it.)
Edit: I’ll add that I think smartphone “security” is almost impossible to achieve, given the complexity of everything and the opacity of modem vendor stacks, which is why I just assume endpoint compromise. I use my phone rarely and with toggle switches normally “off”, and I don’t consider it a secure device or use it very often. If you believe that a secure phone is possible, however, then Graphene is definitely a better fit than a Linux phone.
Yes, realized that after I replied which is why I added the comment about Graphene. I think they do a stellar job, but I also think they are fighting an impossible battle. If there were a GrapheneOS phone that had kill switches, I would use it in a heartbeat.
The regulation would likely come from an industry body like the GSM alliance or some other thing that gates certification without which carriers won't allow the phone model onto their network, not governments.
> A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone).
> It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips).
I don't know whether it's true or not that they use the same RAM chips. But either way it doesn't change the fact that they can still be properly segregated via the IOMMU.
One of the reasons I use iPhones is that Apple controls an integrated hardware/software experience, which makes it less likely that private information is being leaked despite the presence of privacy controls.
I wouldn’t be so confident. The article even references this. Apple has used third-party baseband devices in the iPhone since the beginning, which was from other manufacturers. All bets are off regarding security when this is the case. This does included microphone access.
The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.
Apple found out the hard way with the iPhone 4. Their secrecy didn't help. People doing real world testing had a case that made it look like an iPhone 3s and that also happened to mitigate the death grip problem. We know this because one was stolen and given to gizmodo.
And that was even only antenna design, they still used a standard RF stack then.
Apple is not as lazy as anyone else, don't believe the hype.
That assertion is a bit overblown. And people can easily find out it's overblown with a bit of research.
But at the same time, my whole philosophy is never let it touch any network connected device at all if it is critical. I don't care if it's an Apple device.
Here's reality, mobile carriers have been able to get your location from nearly the inception of mass market mobile phone use. I'm not sure anyone really believed their location was somehow secret and not discoverable. If you're using the phone or internet networks, you're not anonymous. Full stop.
Forget whatever anyone told you about your VPN, or whatever other anonymization/privacy machine that Mr McBean is selling Sneetches these days. Assume everyone is tracked, and some are even watched. Therefore everything you do or say with your devices should be considered content that is posted publicly with an uncertain release date.
There is a pretty large chasm between "When you explicit (or accidentally) use the siri functionality, it can record the interaction for quality purposes and per the agreement you made share that will Apple or its agents" and "random third parties can engage hardware functionality without your knowledge and spy on you".
I am entirely, 100% certain that my telco can't just enable the microphone on my iPhone and record me, short of some 0-day exploit. I simply cannot make that bet on many other devices.
My provider knows who I call, who I text, which websites I browse, my bank account number, my home address, my rough location, which countries I visited for holiday and through DTMF they can even sense which buttons I press on my handset.
Eh, no? How does your provider know all your bank accounts? If at all, then the one you are using for billing - but the 2FA apps do not expose such data to the provider? The Apps communicate via HTTPS calls in the background?
I think they're implying they can glean all that information based on the 2fa codes you receive. eg. "your security code for First Bank Of HN is: xxxxxx"
The radios on the supported devices can't access the microphone, GNSS, etc.
GrapheneOS has never supported a device without an isolated cellular radio since that isolation was in place even with the initial Nexus 5 and Galaxy S4. However, some of the devices prior to Pixels did have Broadcom Wi-Fi/Bluetooth without proper isolation similar to laptops/desktops. Nexus 5X was the initial device with proper isolation for Wi-Fi/Bluetooth due to having SoC provided Wi-Fi from Qualcomm. Pixels have avoided this issue for integrating Broadcom Wi-Fi/Bluetooth. Nexus devices left this up to companies like LG, Huawei, etc. and anything not done for them by Qualcomm tended to have security neglected. Qualcomm has taken security a lot more seriously than other SoC vendors and typical Android OEMs for a long time and provides good isolation for most of the SoC components.
Don't believe everything you read about smartphone security and especially cellular radios. There are many products with far less secure cellular radios which are far less isolated but rather connected via extremely high attack surface approaches including USB which are claiming those are better. A lot of the misconceptions about cellular come from how companies market supposedly more secure products which are in reality far worse than an iPhone.
I cannot imagine a way to connect a cellular modem that provides a smaller surface area than USB ACM. There is no direct memory access and no way for the modem to directly access other devices.
Could you perhaps elaborate on what the more-secure alternative to USB ACM would be?
I'll ask people, because I'm in the right circles. I want to know where it works. I've been VERY clear in my messaging to HN (on the RCS issue and having ear blown out by iPhone last week) that I am not going to glaze Apple even if the new modems they built interest me. They are usually sort of a neutral to me that has me more pissed off in the recent months than usual. Maybe send me one of your new devices if you don't want me pissed off anymore.
As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?
At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)
None of this should be happening without the user's knowledge and consent. Swap out your phone carrier for Facebook and it should be plainly obvious why the current state of affairs is undesirable.
I think this feature is required for emergency calls if your specific carrier is not available/in reach - in emergency mode after the phone is restarted, it does connect to any carrier when calling 911, not only yours?
It does indeed. When making emergency calls a phone can switch carrier though generally it will only do so when the main carrier is unavailable or overloaded.
“A mentally ill person called 911 and said they were going to kill themselves” is a much better justification for pulling GPS data off a phone than any of the rationales I’ve heard from US companies or the government.
I spent ~5 years volunteering for a search and rescue team in New Mexico.
We definitely got the cellphone tower triangulation data. I never once saw GNSS data provided by a carrier. We used FindMeSAR https://findmesar.com/, the subject would usually text back the coordinates from the phone.
Just one data point.
The revolution that's occurred since my SAR volunteer days is the wide availability of satellite messenging on consumer phones. I'm guessing that's really changed the situation quite a bit.
The cell network routinely does TDoA triangulation in order to help choose which tower should serve the client mobile device. Accuracy is about 20m, and may be better at 5G frequencies. 911 gets the location from the mobile network provider, but the network provider could provide it to anyone, and they do.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
Using LTE Timing Advance feature, especially on 5G, accuracy can be much higher.
https://5g-tools.com/5g-nr-timing-advance-ta-distance-calcul... shows an example of the parameters necessary. I don't think you can get your smartphone to dump those stats for you, but the granularity of the individual distance measurement is in the tens of centimeters.
Of course this strongly depends on cell infrastructure being placed precisely, continuously updating correction factors, and a bunch of antennae being around the target to get measurements for, but in most cities that isn't much of a challenge if the operator is working together with whoever wants to spy on citizens.
Phone detects that you call emergency service and enables gps.
Last time I called 911 (well, it's 112 in my country) my android phone asked if I want to provide gps coordinates. I did, but they still asked for address, so probably this is not integrated/used everywhere.
The phone could literally pop up a consent alert asking whether to respond to a GPS ping request from the carrier. Or just not honor the pings at all unless you dialed 911 within the last hour.
This is a specific service inside the phone that looks for messages from the carrier requesting a GPS position, it could just refuse, or lie. It's not the same as cell tower triangulation.
I can imagine situations where the emergency is noticed by other people that might not be near the location itself, and the person whose location would need to be determined is not able to use the mobile phone, such as could be the case in many accidents.
I think it would be sufficient to just have a log of this information being queried, and cases where the information has been pinged without a legitimate use case would the be investigated.
The article does not explain in detail how all this works. But educated guess is that if a baseband SoC provides this information, that's it. The phone operating system (iOS, Android) does not get a chance to decide what to do, since baseband soc is a sort of autonomous computer, it has its own firmware, cpu and ram.
You might not be able to fix this in the OS alone, but phone manufacturers are responsible for the whole phone. The baseband doesn't need to behave that way.
Carrier* Android and iOS both integrate with RapidSOS UNITE. RapidSOS then processes the rich emergency information from the user's device (enhanced location, videos and photos, etc), and is available to the 911 dispatcher in their dispatch software. 99.99% of Americans are covered by RapidSOS integrations in their municipalities.
In the UK, it happens when you call 999 or 112. I don't think 911 is supported, although it probably should be (it'd be a mess to get everyone to agree to add it to their routing tables, but I bet there's a nonzero proportion of people who watch American TV programmes and think the emergency number is 911 - or, for that matter, American tourists).
When you dial 999 it forwards your phone's GPS location if it has a lock to the provider, who then forwards it on to one of the 999 call handling centres in the UK, who then in turn forward that on to the appropriate emergency service control room. All the various services use various different products for telephony and dispatch but they will show the incoming location, and often will prepopulate an incident with the location.
The system that does this is called "EISEC" - Enhanced Information Service for Emergency Calls - and has a lot of cool stuff defined in the spec (which is publically available! You can just go and read it! BT offer a "Supplier's Information Note" with the protocol and details of how the information is encoded) that also handles calls from landlines. These are easy - your telephone provider knows where you live. OMG! The phone company know where I live? Yes, dumbass, they pulled a wire right into your house, of course they know where it is. For VoIP the situation is a little different but you can notify your VoIP provider of the location that the number is being used at, and it'll inject that into the EISEC request.
You can do other cool stuff like if you've got fixed mobile telephone in a vehicle, you can assign the make, model, registration number, colour, and so on in the EISEC database, so given a call from a phone number they know what car they're looking for. No-one uses this.
The very great majority of calls coming in to 999 are from mobiles. It's extremely rare to get one from a landline.
None of the providers use triangulation for determining where a phone is, it's all GPS.
Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone and cooperating with advertising or mobile tracking compainies to aggregate that data in useful ways. If you have a phone, people that want your location have it and there is nothing you can do.
So people can give you a call even if you're not home? I mean, this has been the main selling point of mobile phones for over 30 years, and especially before smartphones became a thing. If you don't take your phone with you, you might as well wire in a landline and just use that.
You making a lot of calls in 2026? Messaging services seem to be more popular with people I know.
I have a phone so I have options if I need to be reachable or reach someone immediately while out (rare), or for travel. And because some services, mostly banks, refuse to accept VOIP numbers but require a verified phone number.
> So people can give you a call even if you're not home? I mean, this has been the main selling point of mobile phones for over 30 years, and especially before smartphones became a thing.
It was the selling point of mobile phones before smartphones became a thing. It obviously hasn't been the main selling point of mobile phones since then.
>> Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone
> False. You can:
> 1) Leave the phone at home
If you're going to be pedantic, at least be pedantically correct. The tower (and carrier) would still know the location of your phone in that case. (It just wouldn't be with you.)
I still use an old fashioned external GPS model for this exact reason. The kind you had in the 2000s and 2010s made by Garmin. It's significantly more private, and however imperfect the UI, a UX team has never ruined the UI every 6 months to justify their existence. Since it's not on the internet, it doesn't matter if if it's insecure.
I know a guy who delivers for Amazon. They can track him with his phone to within 50 feet of any address he goes to. He says it's more accurate than that in most cases because, when he stands at their front door, the dot on his phone is right there.
Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).
This is only provided to 911 (police & fire) by carriers alongside your 911 call.
Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.
Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.
But it seems this article is arguing is that there is another (non SMS based) way of accessing the precise location data which is not so difficult to access.
I thought one of the selling points of 3g was gps like precision in dense urban areas where gps signals would bounce too much for precise location and therefore mobile carriers didn’t need to ask for gps.
With that being said, my 10th floor apartment has a 5g radio installed by one of the major carriers and I am still placed one block wrong when looking on Google Maps.
I worked in telecoms back then, and I don’t recall 3G having any precise location mechanism. Most handsets back then did not have GPS receivers, and as such they could only tell you a pretty rough estimate of your position, based on multiteration from nearby cell towers. The best I could get was within a couple of hundred meters in an urban area.
4G (LTE) networks had more cell sites so could give better precision multilateration, but by then smartphones were taking over the market and they usually had GPS receivers.
I don't believe there is a way to intentionally break this system, nor to detect with 100% certainty that it's happening.
You'd need to run an open source baseband modem with settings and logs in all the right places. I don't think those exist.
Someone might be able to exploit the Linux kernel running on Qualcomm modems and build a tool for rooted Android phones after reverse engineering the baseband, but I imagine a lot of copyright lawyers and probably law enforcement people will send you very scary letters if you document remote location tracking features like these.
Also, if you have any 4G or 5G modem, your carrier already has a pretty good idea where you are. They probably log your location too. The advanced precision and timing information necessary for high speed cellular broadband is enough to get a decent location log. That also includes other connected devices such as cars, of course.
I've noticed that when I travel, I get spam calls from the area code I am visiting. I have asked my cell provider if they monetize my location data, and they swear they aren't. But I don't trust them, given that no one else (other than Apple) would know where I am in real time. Recently switched providers and haven't experienced it since then. Wouldn't be surprised if there was a class action lawsuit someday.
Of course, this doesn't require having GPS location, just cell tower info is enough.
> But I don't trust them, given that no one else (other than Apple) would know where I am in real time.
Literally every website and app you use with any kind of shared analytics/ads gets your general location just from your IP address alone, and can update your profile on that analytics/ads provider.
It is far more likely this, than your cell phone provider.
I use a virtual number for almost all such signups (only doctors or other safety-related providers), so I'm not sure that would be a possible avenue for these calls, which come to my direct cell phone number. It is not quite a secret, but it is not something I give out to many companies.
They do pattern matching against lots of pieces of information. It could be as simple as a local utility company selling their customer list with phone number and address attached, then a retail website has your address from when you bought something, now your phone number gets linked.
It doesn't matter if you don't give your phone number to many companies, it only takes one.
Yeah it's a possibility if they matched up ad stuff with my home location and guessed at my phone number based on that.
But if they're trying to get me to answer the phone, calling from a local number actually makes me less likely to answer. Nobody would be calling my cell phone from the city I'm visiting. I'm more likely to pick up a call if the area code is from back home.
Pure Talk. Much cheaper than AT&T, and good customer service. But I found something that was cheaper on an unlimited basis. Between that and the sketchy calls I was getting, I decided to move.
The Google Pixel 10 can give you notifications when your location is tracked in this manner as well. I turned it on and have been notified a few times.
It is interesting that we let this happen. Modern phones are very useful devices, but they're not really mandatory for the vast majority of people to actually carry around everywhere they go, in many cases they merely add some convenience or entertainment, and act to consolidate various other kinds of personal devices into just one. If you wanted, you could more often than not avoid needing one. Yet, we pretty much all carry one around anyways, intentionally, and this fact is somewhat abused because it's convenient.
Having watched a fair bit of police interrogations videos recently (don't knock it, it can be addicting) I realized that police have come to rely on cell phone signals pretty heavily to place people near the scene of a crime. This is doubly interesting. For one, because criminals should really know better: phones have been doing this for a long time, and privacy issues with mobile phones are pretty well trodden by this point. But for another, it's just interesting because it works. It's very effective at screwing up the alibi of a criminal.
I've realized that serious privacy violations which actually do work to prevent crime are probably the most dangerous of all, because it's easy to say that because these features can help put criminals behind bars, we should disregard the insane surveillance state we've already built. It's easy to justify the risks this poses to a free society. It's easy to downplay the importance of personal freedoms and privacy.
Once these things become sufficiently normal, it will become very hard to go back, even after the system starts to be abused, and that's what I think about any time I see measures like chat control. We're building our own future hell to help catch a few more scumbags. Whoever thinks it's still worth it... I'd love to check back in in another decade.
So what irked that since my brand-new iPhone uses a Qualcomm “modem chip” (god, the slide of terminology makes my skin crawl) I won’t have access to this feature.
GPS on my old Android takes a minute or two to get a fix every time I turn it on, and I very rarely have GPS on at the same time as the cell radio, so I doubt they're getting more than triangulation from me.
My guess is that this data is actually used for network analytics by the carriers and to determine if the device connecting to the tower should switch to another one.
This data is vital for a mobile carrier to make sure to have a good signal coverage under all the possible conditions.
It's just a guess since I've seen similar data being analyzed in a previous telco I worked at, but I don't know their exact source. The goal there was to improve the network quality. I guess you can do the same w/o GPS, but triangulation with cell towers is very coarse.
I’d imagine that the carrier will agree not to use any data they do receive for anything but a handful of purposes, but I suppose that depends on the extent of the technical solution.
I wouldn’t bet on it. If the baseband modem has access to location data then it could send it without the OS being able to intervene. I don’t know about Pixels, but many devices are highly integrated now that I would want some real thorough and specific research before I trusted that an OS could block the modem from sending location data.
Nope, any modern modem have gnss builtin, even if you buy say quectel modem now you will have that included and how you can access the location through AT commands. Bottom line: anything that connects to operators tower should be assumed it is tracked.
They don't need to get your GPS location. With 4G and 5G the timing and clock precision at the basestations is enough to multi-laterate you down to about 50m (prior 3G/2G stuff was more like 100-200 meters). They are required by US law to store this multi-laterated position data track (updated every time your phone announces itself to basestations) for 2 years. But most telcos store it for more like 5+ years because it's valueable and they sell it.
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
I've been repeating this ("a law") since the Snowden leaks days. I was so sure. But I tried to look up my reference for it (it was Wired) and I'm just not finding it and indeed I'm finding government memos (https://web.archive.org/web/20160112232215if_/http://www.wir...) that show it isn't true.
I'm sorry. It is not a law. I am wrong. Thank you for the correction and preventing me from continuing to repeat this embarrassing falsehood.
That said, they do still collect and use this data and turning off GPS doesn't do anything.
There actually should be a push for an EU-wide legislation banning this kind of silent, precise location data collection. If anything, Germany is obsessed with Datenschutz but in many cases it's just laughable security theater.
This has been the case since the e911 project in the 1990's and is mandatory. Prior to this I would reset the message waiting indicator on their phone continuously to see what cells and cell sectors they were moving through but that would basically just show what road or roads they may be on and what direction they are going very roughly. Assisting the FBI with tracking kidnappers or at least that is what they told me.
There are loads of other tags that can be set on someones phone. My favorites were priority override and caller-id blocking override. This was before SS7 spoofing was so prevalent.
Pro tip to the author: it’s not necessary to write “It’s worth noting”, this just weakens the prose. If it is worth noting, just note it. No need to add additional commentary.
Anyone happen to know what the arguments were from those who supported that bill?
Here's a summary. In late 2016 the FCC passed a rule that:
(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services,
(2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information,
(3) adopts data security and breach notification requirements,
(4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and
(5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
The bill, introduced early in 2017, nullifies that rule.
It passed the Senate 50-48, then the House of Representatives 215-205, and was signed by Trump.
The 52 Republicans in the Senate voted 50 yes, 0 no, 2 not voting. The 47 Democrats, along with the 1 independent, voted no.
In the House the 236 Republicans voted 215 yes, 15 no, 6 not voting. The 190 Democrats all voted no.
pro tip, you are using a phone, the carriers know where you are. In a call or not. Admittedly sending the GPS location (or other) adds to the footprint they have of you, but get real, 30 sec for the intelligence services to locate you is only this slow for movies.
There is one more part that can also be done, mobile operator's can also request your wifi information like rrsi and bssid using LPP WLAN positioning, using this as well the location context can be gathered, it will be nice if apple can crib this as well.
I would like to think that I am pretty well informed about tech when compared with general public but I am clueless about all the ways user data can be obtained by someone else.
I bet that even the most well versed security researchers don't know it all.
The trivial examples like where users assume safety because they use HDD encryption and TLS but they run firmware they don't know about (like a whole parallel OS being ran by some CPUs) are just what is very visible.
In practice, we should assume that everything that is connected and everything we do online is unsafe.
Someone should start selling hardware (phones, laptops) for which it can be proved it doesn't spy on users, doesn't have backdoors and can't be exploited to leak information.
Until then, we must assume that using anything connected implies risks.
> The limit precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.
it should be my choice to decide if I want my privacy to be infringed upon in the name of safety. It should not be up to the carrier, or the manufacturer, or first responders or any level of government to make that decision for me.
Which emergency can happen that I really want this? And now don't say suicide attempt.
Nearby all emergencies that could happen where someone needs my exact position are things that would additionally lead to a loss of the base connection or a switched off smart phone.
How might people suggest that this would work, do you suppose?
"We've narrowed the victim's location down to one city block, boys! Assemble a posse and start knocking on doors: If they don't answer, kick it in!" ?
(And before anyone says "Well, it can work however it used to work!" please remember: Previously, we had landline phones in our homes. When we called 0118 999 881 999 119 725 3 for emergency services, there was a database that linked the landline to a street address and [if applicable] unit.
That doesn't work anymore because, broadly-speaking, we now have pocket supercomputers instead of landlines.)
Sure. But we usually didn't need it: We kept the phone numbers for our friends, family, and our favorite pizza place memorized.
And if the phone rang, it was answered. It was almost certainly a real person calling; spam calls were infrequent to the point of almost never happening.
It was a different time, and it is lost to us now.
(We do still have public name-to-address databases, though. For instance: In my state of Ohio, that part of a person's voter registration is public information that anybody can access. Everyone is still effectively doxxed and it's still not a security issue.)
While it's a legit metadata privacy vulnerability, it doesn't close a much bigger hole that already exists. (Close it, if you can, of course.)
Almost every carrier can triangulate a handset in an area with multiple towers without help of the handset using relative signal strength to each seen towers and data processing. This is how most police in most jurisdictions are able to find an active handset within ~100m given only a phone number. Don't think carriers in some countries aren't constantly logging that approximate and precise queried location metadata and selling it to data brokers.
The only method to prevent continuously location tracking is to disconnect a handset from the cellular network by attenuating the signal with a blocking bag, antenna disconnection, or real power off. The lack cellular network connectivity may be extremely inconvenient by defeating the purpose of a phone. There are situations where someone doesn't want to power down their phone but does want to be RF clean where a Faraday bag would be a good idea(tm).
I've wondered if they can also find you by what wifi or Bluetooth devices are around. Odds are one or more humans nearby has their GPS on. Your device can snitch on what's around or those other devices snitch on you.
Of course they can. Locations can be trilaterated using wifi and bluetooth.
Back when my OG iPod Touch was minty and new (2008, IIRC), it was in many ways a stripped-down iPhone.
One of the features that was stripped out was GPS: It didn't have that at all. It also lacked Bluetooth.
But it did have a Maps app, and it also had location services. This used visible wifi access points and a database back home on the mothership to determine location.
It was pretty neat at that time to take this responsive, color-screened pocket computer with me on a walk, connect it to a then-ubiquitous open SSID, and have it figure out my location and provide a map (with aerial photos!) of where I was. It wasn't ever dead-nuts, but it was consistently spooky-good.
It's pretty old tech at this point, and devices still use it today.
(Related tech: Those plastic table tents that you take with you at McDonald's after ordering at the kiosk? They're BLE beacons. Sensors in the ceiling track them so that the person bringing the tray with food on it knows about where you're sitting before they even walk out of the kitchen. And modern pocket supercomputers use the locations of these and other beacons, as well, to help trilaterate their position. Urban environments are replete with very chatty things that don't move around very much.)
Google recorded wifi names and locations as a "bycatch" when taking streetview pictures from 2007 upto 2010. They still collect such data on Android devices if the user consents or ignores the option to say "no" … :-0
Certain devices (especially tablets) don't have GPS or various sensors integrated and still can tell you your approximate location, if WiFi is enabled.
I've thought that too... especially Bluetooth. I know it's possible with
Wi-Fi signal strength.
Is it a coincidence most smartphone manufacturers were suddenly all on board with removing the 3.5mm jack and forced Bluetooth?
A mesh network of sorts like Amazon is doing with Ring.
I even sometimes forget to save my battery and turn Bluetooth off when I'm not using my earbuds. It's probably a false sense of security having it disabled because I'm sure it's doing something in the background anyways. I can't say for sure though.
Kind of like years ago with Google getting caught with the whole location data thing.
I'm sure the average Joe doesn't care if Bluetooth is enabled 24/7.
I try and not be on the tin foil bandwagon, but every once and a while I come across things that make you go hmmm...
I doubt BT is the right way to locate a device, it's far better for being located (FindMy-style).
Wi-Fi is better for positioning since BSSIDs are (mostly) static and APs don't move around.
On top of that, BLE usually uses random addresses - so it won't be of much help knowing that you were around CC:B9:AF:E8:AE at 10:05 AM - since that address is likely random.
No. There's no conspiracy relating location services to the removal of the headphone jack: The latter is just a dumb design decision from a famous fruit company that ultimately wants their products to be completely featureless rounded rectangles.
This kind of trilateration relies on beacons that don't move around (much). (And phones move. That's kind of their whole point.)
Fortunately for location data, there's a ton of Bluetooth beacons that are in reasonably fixed locations: Google used to give them away for businesses to use, but things like smart TVs, speakers, and game consoles are all pretty chatty about broadcasting their presence over Bluetooth to anyone in earshot. (And it's easy enough to observe with any app that displays nearby Bluetooth beacons. I see over a dozen right now where I sit in my suburban home.)
And at the end of the day if the location is a hundred meters off... it might still not matter because it's how you frame it with other evidence beyond a reasonable doubt.
Even the article mentions this.
> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.
I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.
> And at the end of the day if the location is a hundred meters off... it might still not matter because it's how you frame it with other evidence beyond a reasonable doubt.
For example, if you drop a pin a hundred metres off from the incident, then when you're maybe several hundred metres off the column of smoke is probably a better indicator of locus than the wee dot on your screen.
I did not read the article. Reason: My response is "No shit, Sherlock."
Mobile carriers have so much information about you. They know exactly where you are, what you are doing (location combined with mapping tools) combined with who you are talking to.
They know when you are at home depot, when you are the grocery store, when you are at home, when you are awake, when you are asleep, etc.
In the U.S. there are very few laws stopping them from using all your data. In the E.U. you should definitely read up, as you aren't as protected as you think you are.
Forget Nation/State nonsense. You have an active relationship with a company who, by it's very existence and your business relationship, knows what you do all day long.
Don't even get me started about the rabbit hole surrounding 'incognito'/anonymous browsing.
EDIT: You've probably heard of Man-in-the-Middle attacks, right? They are the man in the middle. They will exploit this as best they legally can (and in certain cases, without regard to legality)
The best way to protect yourself is not to play the game at all. The same goes for your ISP, FWIW.
I don’t think this is news to any one, even none technical people are aware of this. And it goes beyond that, gov also buy location data used by other apps like dating apps or religion apps, among others.
Phones haven't always had GPS information and they could still be tracked, if you connect to enough towers they can triangulate your location. Cell towers have been able to do this based on your signal strength for a very long time and you cant turn it off. You don't even have to have a SIM card, if the cell radio is on it pings towers period, this is why a phone even without service can dial 911 and it will work. The IMEI of your phone is unique and cell towers can track it, the government has used this and there is no way to disable it. Its not as accurate as GPS but it can be good enough to figure out a route you take and general location
> But this is not the whole truth, because cellular standards have built-in protocols that make your device silently send GNSS (i.e. GPS, GLONASS, Galileo, BeiDou) location to the carrier.
No, please read the article. No one is saying carriers cant triangulate but carriers shouldn't be able to query the gps on my device and get precise GNSS data.
> Apple made a good step in iOS 26.3 to limit at least one vector of mass surveillance, enabled by having full control of the modem silicon and firmware. They must now allow users to disable GNSS location responses to mobile carriers, and notify the user when such attempts are made to their device.
They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.
And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.
Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.
Yes but phone carriers are required by the FCC to achieve specific deployment goals. Also it isn't just about GPS data, it also include barometric data.
Why would they? It's basic privacy no? Just because I want to pay money to carrier to provide me with data and phone service, I shouldn't have to give up my location from my device. I expect them to know my approximate location from cell tower data.
Generally I'd not expect them actively triangulate my exact location, but I'd realise that's at least possible - but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
> but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
Where does the article claim this turns on the GPS if off?
Not exactly. Phones compute GPS locally. Carriers infer approximate location from cell towers, not raw GPS, and usually only at city/neighborhood precision.
We live in a reasonably dense suburb. Police showed up at our front door and asked to speak with him. They just wanted to make sure he was doing OK. He asked them "how did you find me?" and their response was just "we pinged your phone".
Watching my security camera, they did not stop at any of my neighbors houses first. It was very direct to my front door. This leads me to believe whatever sort of coordinates they had were pretty spot on. His car was parked well down the block and not in front of our house so that was no give away.
This was five years ago and always struck me as a "Huh"
Clearly they don't need that now because 5g cell towers have gotten precise enough? Also, if that's true then 5g being that precise might still not apply to urban dense areas, where more postprocessing is required to get better location accuracy...
5G infrastructure isn’t limited to tall easily visible radio towers like 4G and before; 5G transmitters are small and relatively inexpensive, making them very common. My employer has a private 5G infrastructure, and we are not related to telecommunications in any way.
For the most part they use the same or lower frequencies. N71 (600mhz) is lower than any of the 2G/3G bands and requires less cell density than 3G (UMTS/WCDMA) did.
> 5G infrastructure isn’t limited to tall easily visible radio towers like 4G and before;
Nor were earlier technologies. DAS systems get used in large buildings/cities and were done with 4G as well. Small cells and femtocells have been a thing since at least 3G era.
> 5G transmitters are small and relatively inexpensive, making them very common.
Transmitter cost wasn't the primary limitation before, the options for unlicensed/lightly-licensed spectrum were low before and the standards weren't really designed to use them as primary carrier until NR. Also you had to run way more components to run earlier technologies, the stack is just smaller for a NR deploy.
You can read more about 5G positioning here:
https://www.ericsson.com/en/blog/2020/12/5g-positioning--wha...
https://www.ericsson.com/en/blog/2024/11/5g-advanced-positio...
https://arxiv.org/abs/2102.03361
https://research.chalmers.se/publication/542739/file/542739_...
If anyone wants to look at the future of 5G (well ORAN) here it is: https://gitlab.eurecom.fr/oai/openairinterface5g
When talking about the 5G system, cell towers can request a users estimated velocity which when combined with the towers own location combined with the physical radio (that is communicating with the phone (UE)) you can get a pretty good position estimation.
What is new is that network providers are trying to sell this tower/5G data to other companies.
I could be wrong but from my understanding 5G has always required precise tracking of every device connected.
Not disputing that location data is used for beam optimisation just that I dont believe it is required.
If I recall correctly, the tower will report channel information to the higher up controller system which will then decide which next tower should be notified of a phone that’s entering its range.
So while explicit positioning isn’t required when dealing with one tower, the system overall does need to determine a users position and velocity to handle tower to tower transfers.
In other words my opinion is that the difference between a towers channel information and a users position is almost one and the same. It’s a handful of math equations away.
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
By canceling my cell phone subscription.
I know I know, I must be amish, I have heard it all. But I run two tech companies, travel, have a family, and do most of the things most around here probably do other than doom scrolling.
So much more time in my own head to think.
A rather elegant solution to the problem how not every person likes smartphones, no?
Your question is silly
Before mobile phones, there were public phone booths. Along motorways there were often call boxes. There’s little to none of that anymore.
Also before mobile phones, if you had an accident in a remote area you were at the mercy of someone passing by and noticing you. Today, modern cars can call 911 on your behalf along with your location without you even being conscious. Or if you don’t have a car that does this, then your cell can be used. Let’s not also forget iPhones calling for help when they detect you had a fall at home.
Yes emergencies existed before mobile phones. I contend that the use of mobile phones has led to better outcomes when an emergency happens. I also admit mobile phones will have caused some of those emergencies (distracted driver etc).
What you could do is put them in a faraday cage if you wanted.
There are also conspiracy theories that claim the last 10% of battery is reserved for tracking, so that when your phone says its out of battery and wont turn on, it still has plenty of power left to ping tracking data say once per hour or something. I dont push those theories, but judging by what Snowden released all those years ago I wouldnt be surprised.
It’s less clear what is the “art of the possible” vs. practical for people who aren’t actively under surveillance.
Maybe you live somewhere this is possible but it's definitely not in the developed world
But also, one doesn't always need a phone - phones can die, signal is not gauranteed. What are your "must have" things that require one to have a smart phone to participate? Assume the poster has a home phone, laptop, and credit card.
It's rather dramatic, but the phone call/conversation I could never forgive myself for missing, is the last words of a loved one before they die, whether due to car crash or some other calamity (9/11). Or missing the opportunity to take the very next flight out to see them before they pass. You are free to treat your family, biological or chosen, as you see fit, I just know there are some phone calls I'd rather be woken up in the middle of the night for than miss. Reaching me via cellphone is more direct than trying to find whatever hotel I'm at since I'm on the road as CEO and talking to customers and vendors in person on the road as CEO, so calling my house phone doesn't help.
A burner phone left at home just for the ability to receive SMS would be helpful for account registrations though
I'm not sure about this. With everyone moving to the cloud and web applications, this seems to not have been the case for a while to me. There surely are what are now called "local-first" alternatives to the main services (in the past those would just be called desktop applications), but if someone is using Office 365, does it have an offline mode? (Sincerely asking since I never tried this, plus, you should still get to load the web application before losing connection, right?)
You pay a price (we miss many party invitations, only one friend consistently emails us and FB everyone else), but it's worth it.
Recently spoke to a colleague in Italy that told me he hates WhatsApp, but is forced to use it because the school of his kids in Rome use it as sole means to communicate, despite this being a legal violation (public organizations in Europe must use GDRR-compliant tools).
I lost so many connections to people and it seemed to set me back multiple years on my goals. I thought it would make me more productive, instead my userbase got cut in half.
I'm never doing that again. Huge mistake.
That said I’d be lost in five minutes if I tried to drive somewhere without gps
Since the whole world is covered by satellites, living in the undeveloped doesn't guarantee privacy.
That’s the reason most other people are (fundamentally) going to struggle.
All the ways of living an active life engaged in the modern world that worked before the 2009 smartphone explosion still work just fine today. Just without tiktok and instagram. I think I am okay without those.
This won't be possible soon, last couple of venues I went to were digital tickets only. Will call is basically dead now, and that used to be my preferred way of getting into events.
Certainly possible, I guess, if everyone in your circle does the same, and has a ton of patience, and you spend a ton of extra time doing all the prep in advance. And don’t need to deal with things like traffic jams right now, or the like.
For people who don't know their way, you can use in-car navigation systems rather than smartphone map apps.
While I agree, that isn’t something 99.9% of the population is going to do successfully.
I personally respect other peoples time and I expect the same for me. That is, I have cut out people from my life in the past that repeatedly would text "hey I'm 20mins late" 2mins before the agreed time. That is still disrespectful with my time, because now I know you are late, but still lost those 20mins. Some people don't consider that rude and for some reason do not see that this would not work if everybody does it. Needless to say, my friends know that I value reliability, and most of them do. People that don't respect that don't need to be in my social group, or at least I don't make plans with them.
At the international relations level, this idea falls under Constructivism.
Maybe these are a bit obvious, but knowing the word that describes this may help further research.
Let us use Constructivism. Countries do not drop nukes on each other. However, if one starts, everyone will follow. Or you may have an arms race situation, one country gets colonies and unless you want to be dominated by other countries, they also get colonies.
No phone number? Spend more time getting services. Unable to get services from some companies. Miscommunication/frustration. Less connections/acquaintances.
Maybe this ends up working for you, but it lowers your 'power', the ability to get what you want. I do have concerns that it works in the short term, not long term.
Sounds like you'd like Stoicism/Asceticism if you want further reading on your status quo idealism.
I have several business and personal bank accounts with two major banks. No Android or iOS needed.
Sure they push you hard to use them, but just say it is against your unspecified religion. They cannot make you use Android or iOS.
I spent December last year looking for a new bank to move to. One of my criteria (not the most important but it was on the list) was better-than-SMS 2FA.
No one offers it. There may be some niche, loosely-based finance org that does but none of the banks or Building Societies do.
So, unfortunately, you need it in the UK.
You can also set up a phone number to accept texts from a laptop.
I can do whatever on my bank by just calling. It would be a bit weird to never be able to pitch in on meals with a $ transfer app, but I suppose when you run 2 tech companies you're probably paying most of the time, or you just take a note and transfer it later.
We definitely won't get rid of it if we accept failure. I get that it seems extremely unlikely, but there's no use in trying to just mitigate the risk short term. One way or another that power will be abused eventually (if it isn't already).
The reality is somewhat more murky. On a long enough time horizon your point makes sense, we might be able to get rid of the security state by slowly chipping away at ig over hundreds or thousands of years.
Most of us are going to be dead in about 40 years tho. Security state isn't going anywhere in that timeframe.
How would you know? Think about the collapse of the Soviet Union, or communism in other countries. 2-3 years before it was unthinkable.
“Just give up, it’s a hard problem.”
I would have guessed it was more likely this is where you'd find the people who built the security state, not want to destroy it.
People love idealism. It never works, but it sounds amazing.
Reddit, HN, and every democracy has the same problem... at least for a few years.
I think after this bout of Trumpism, the republicans will not be able to elect another populist demagogue for a generation. I think democrats need to do a round as well.
Qualified immunity is the only legal doctrine I can think of where piling on extra crimes reduces your liability.
Under 42 USC § 1983, a plaintiff can sue for damages when state officials violate their constitutional rights or other federal rights.
https://en.wikipedia.org/wiki/Qualified_immunity
Qualified Immunity only sets the bar or threshold that you have to meet in order to sue.
The law is such that a prosecutor that wants to prosecute them has to ask the parliament. Then there is a vote and the parliament decides if the immunity is taken off.
In a healthy democracy, where there are more than same two parties switching the rule to one or the other it is very likely the current opposition will be the majority next time and they will vote to strip immunity from those that try to use it as a shield for criminals.
I think the price we pay for this (delay in getting justice) is well worth paying so the justice system can't be used as a weapon against political opponents easily.
The cops involved in the most recent Minneapolis shooting will almost certainly face no repercussions because of this. The state can bring a case but the feds are clearly uninterested, they would simply take the case into federal court and spike it.
https://youtu.be/LuRFcYAO8lI?si=3n5XRqABhotw8Qrw
What security state? They aren't doing this for anyone's safety. This is the surveillance and parallel construction state.
> What needs to happen is accountability.
No agency can have this power and remain accountable. Warrants are not an effective tool for managing this. Courts cannot effectively perform oversight after the fact.
> The only way to stop the rampant abuse is to treat data like fire.
You've missed the obvious. You should really go the other direction. Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
Strictly speaking, this is not completely true. When you call an emergency number, it’s very good that they can see exactly where you are. That was how this was sold 15+ years ago. But of course, that’s basically the only use case when this should be available.
This is particularly offensive considering that everyone was forced to replace his phone in the early 2000s to comply with "E-911." Verizon refused to let me activate a StarTAC I bought to replace my original, months before this mandate actually took effect.
Looking back on it, it was a perfect scam: Congress got paid off to throw a huge bone to everyone except the consumers. We were all forced to buy new phones, and for millions of people that meant renewing service contracts. Telcos win. Phone manufacturers win. Consumers lose.
As it stands, a cop has to get a warrant to enter and search your home, for example. If we remove that hurdle because we also don't trust the courts then we just have more searches.
I get the reaction to turn on the whole system, I have very little faith in it myself. But I don't think many people are really aware of or ready for what would come without it.
If you have 10 friends and you ask them what they want to eat for dinner and 6 say let’s go to a Mexican restaurant and 4 say let’s kill Bob and eat him, you still need to worry about your friend group.
Right this second ICE agents are killing people with impunity and police for the longest have had qualified immunity to kill people unjustly.
The country voted for this knowing exactly what they were going to get. Don’t believe the Michelle Obama “this is not who we are” this is who this country has always been
Carpenter v. United States (2018)
This country has never been what you're saying. We have some over policing happening. That seems to come and go in every country and doesn't say anything by itself about what a county is about, especially where it's trending over a 25 year timeline in the opposite direction from what you're describing.
Let it go to court, at least, before you flip your lid and turn on your countrymen.
Please.
Today on HN on the front page there was an article about someone being forced to use their biometric security to unlock their phone.
And then to say this country has never been what I’m saying is to ignore Jim Crow, sundown towns that were prevalent into the mid 80s, etc.
The Republicans won that war. We live in that country that won. Not the one you're describing. Jim Crow was a Southern state thing. The North never allowed it. We live in the North. The South is gone and it was never part of this country because it violated the laws that would have made it so. They rebelled against anti slavery laws from the beginning and they finally got what they deserved, to be conquered by the United States that we live in today. And then they still argued to keep slavery and the Supreme Court kept slapping it down. Over and over and over.
If you believe that the United States was ever about slavery, then you carry the rhetoric of the very party that created Jim Crow and that supported slavery, and you make them the good guy in the story. You support their version, where it was always legal and they got screwed by the lying North.
The irony... Don't ignore the writings of Washington, Franklin, Hancock, etc. All wrote to say that slavery has no place in this country. And it never did! Their letters are preserved for you to read. They are available online or in one of the museums in DC. Probably the National Archive? Someone can correct me if they know.
Anyway, that some people refuse to follow the law, isn't a reflection of the country as a whole. Similarly, when someone is killed in Norway, I don't jump to conclude that Norwegians are murderers. That wouldn't make any sense.
Did you go to high school in the South somewhere? The revisionist's history of the US seems to stem from that part of the country. I'm just curious if it tracks.
Let me ask you this: what party did Strom Thurman swap to and why?
I live in a very red part of the country, and in a very red, rural area that voted ~90% for Trump. I don't know anyone that is okay with everything he has done. Some take issue with Venezuela, some with the handling of the Epstein files or the federal budget. Some don't like sabre rattling over Greenland.
Most people I know that do vote Republican are one issue voters. At least here people voted because they always vote republican, support the second amendment, think the republicans actually want a balanced budget, or just hated Clinton/Biden. It isn't about supporting whatever Trump does, though I'm sure some small percentage does.
People regardless of party or region don't think critically often enough and can't set aside their own personal beliefs. We've made our country bipolar and we're seeing the repercussions. It isn't a problem with any one party or person, and the answer isn't to tear down the fundamentals of our system. We need to actually get back to the fundamentals because of late both parties have been going the way of socialism and authoritarianism.
https://www.economist.com/interactive/trump-approval-tracker
Someone saying to a pollster that they approve of Trump is very different from them saying they approve of everything he is doing.
https://www.foxnews.com/politics/fox-news-poll-59-voters-say...
The problem is that individuals no longer have confidence in their institutions, for both good reasons (official corruption, motivated prosecutors, the dissolution of norms of executive behaviour) and bad ones (propaganda on Fox News, and the long tail of disinformation online).
The question becomes: how can citizens have confidence their rights will be protected? What structure would protect the right to privacy?
This was well understood in the decades following WW2, and many countries implemented protections of this kind, only to roll them back again later when people had forgotten why they existed, and believed once more that everything will be fine as long as the “right” actors were in power.
Warrants are so easy to obtain and so abused it is required that we all do something differently.
I like the idea on principle, but I'll like it far less when I'm getting charged with computer fraud or some other over-reaching bullshit law.
Its simply made for 911 calls.
In the 2G era there was no compute space to just put in extra evil shit for fun
https://en.wikipedia.org/wiki/Radio_resource_location_servic...
...you could just listen to calls in the clear. Pager traffic was completely unencrypted as well.
In the same way that a Yale lock on your door means it's locked and secure, until someone comes along with two thin flattish bits of springy metal.
We should make it impossible for the data to be obtained without express user agreement.
They're raising the possibility of asking _why_ the data was collected if there was no emergency?
Of course if the telco doesn't store the rewuests/responses, there will be no records to show.
Way you could argue it doesn’t apply to government is that the government makes the law so they can make the law that makes data processing and having your name on some kind of registry required.
But still they have to show you the reason and you can escalate to EU bodies to fine your own country if they don’t follow the rules.
Imagine you get Neuralink and your best friend files for the right to be forgotten. Then poof. All your memories together gone.
If I send it to the company A, company B doesn't execute it unless they're a subsidiary of A (or A is their data controller) and my request was carefully crafted.
In the scenario you painted, that would mean that my _former_ friend has issued their request to me.
In that case? Fair. Poof if that's their wish.
Otherwise? How do you imagine it work?
That’s the uncomfortable bit: it’s not “GPS broadcasts your location” (GNSS is passive), it’s the baseband/network stack can be prompted to send a precise fix. And because it lives in the modem/control plane, it’s basically invisible to users and hard to audit.
If this capability exists for emergency location, fine—but then it should be locked to emergency sessions, logged, and auditable. A user-visible “limit precise location to carrier” toggle that still allows emergency sharing is exactly the shape of the right fix: restrict default sharing + make non-emergency use provable and accountable.
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
I just tested the other day. I'm in the midwest US so it's winter, no leaves. I managed to get about a quarter mile before my two portable nodes couldn't talk to each other. T-Echo with muziworks whip antenna.
Without a bunch of solidly placed, high elevation, high gain antenna nodes, this just isn't really that usable.
Plus, all the other issues others have highlighted.
I couldn't get ANYTHING on my first/test ESP32 (Heltec v2).
Anything. I didn't see any packets. Then I finally heard one station later when I held it high on the upper floor.
The I hanged it at the top of my roof and I currently have almost 130 repeaters and room servers.
In your scenario a couple of 5W handhelds woukd work better.
But I agree the usabity is very limited. This is why I think of hanging a couple of guerilla solar repeaters in my neighborhood :)
Exactly, in nearly every “off-grid”/no cell service scenario where I’ve needed comms, the GMRS radios > Lora.
Its an interesting idea but I can’t go site prep 100s of miles of snowmobile trail before I go just to be able to send a text to someone a mile away.
:)
Both projects are hitting their limits because of this. Every new feature and every bug fix causes endless amount of pain and breakage.
I was involved in both - and gave up because of this.
IMHO both projects need some kind of thin-client which delegates most of the functionality into the client. Only keep some basic LoRa/Message Buffer/Routing/Battery Saving functionality in the hardware itself.
For one, meshcore doesn't do a fantastic job of protecting metadata. Advertisements include your public key, and if I'm reading this[0] right, your GPS coordinates.
Second, the default public channel uses effectively no encryption at all.
Moreover, the network doesn't exhaustively prevent someone who intercepts a packet from identifying who sent it. It's no Signal.
[0] https://deepwiki.com/meshcore-dev/MeshCore/7.1-packet-struct...
The PKI is basic because these networks are tiny and merging. And running on tiny computers ($5 boards with no display)
Public channel is public and it uses the default encryption key because it's a default channel, so by definition everyone is invited to participate. Not sure what your critique is.
And no, it's not trying to be signal. It's also currently less reliable.
But it's still safer than Sms, by a country mile.
1. Telling someone to use one of these devices because their phone carrier might look up their location is silly in the first place, because meshcore doesn't even eliminate the possibility of being tracked geographically.
2. It protects your messages better than SMS but if you care about the privacy of your messages, it's infinitely worse advice than suggesting someone use Signal or another app that actually replaces SMS securely.
I’ve deployed lots of nodes, and the technology reminds me of ipfs: people who don’t use it much vastly oversell its capabilities.
Based on the very “bursty” nature of LoRA, how much does an adversary need to spend to radiolocate it? What’s the threat model there?
Note: did things in .mil
https://github.com/meshcore-dev/MeshCore
The fundamental problem of distributed networks is that you can either have centralized control of the endpoints, or your network becomes vulnerable to denial-of-service attacks. So meshcore/meshtastic are great because they are used only by well-meaning people. If they become more popular, we'll start getting tons of spam :(
Handheld radios, meshtatic (not meshcore), and in 5 minutes you're set up and good to depart. Or ideally inreach indeed.
The 911 feature can be activated fully remotely, the 112 feature is supposed to only activate when dialing an emergency number.
Source? Even if the phone isn't actively doing a 911 call?
Unfortunately, definitive capabilities and constraints of this kind of cellular technology is hard to come by.
>The dispatcher's computer receives information from the telephone company about the physical address (for landlines) or geographic coordinates (for wireless) of the caller.
The spec says:
> The AML SMS should not be seen by the caller and therefore should not appear in the SMS "sentbox" of the smartphone. This is to avoid any customer confusion and to avoid making the format of the message widely known. In addition, there is also a potential privacy concern in storing the location of an emergency call from the handset, which could be seen by others.
The AML SMS gets triggered by software on your smartphone when you dial an emergency number. You cannot use it to obtain someone else's location.
The format is not secret either, it's just binary encoded.
Not by users. The new thing is that Apple allows users to disable this feature. Hopefully they still detect emergency calls on the phone and enable it unconditionally for those.
This is a system you can disable as a user, but it's not the on-modem feature discussed in the article.
It doesn't need to ask the OS, it can just get the coordinates and send them off.
> Next is a text to your phone number, which is intercepted by firmware and sends gps coords back.
I don't think it indicates their article reading either way and wouldn't personally wager a guess. They are just adding their own personal experience to the conversation.
It is tiring. I am doing something about it by making technical contributions. If you are able to do the same, please do.
The only way to actually do this was develop a way to ask the phone because the tower isn't accurate enough. In the US it could have been more privacy preserving by being push but I imagine carriers don't want to maintain and update a list of current emergency numbers. "Sorry person in a car crash, we can't find you because cellular modem firmware is out of date and your emergency number isn't on list" is a PR disaster waiting to happen. Easier to coordinate with police and fire and let them do the asking.
Sometimes it seems dumb, but as long as its an honest report I've never heard of anything more than an annoyed patrol officer. Felt stupid calling in an interstate sized sign hanging by a literal bolt-thread but the patrol shut down that lane.
Far better than getting the call "This sign has come down and chopped a bus in half, and then four cars have run into the back of the wreckage".
Build the fence at the top of the cliff, not the hospital at the bottom.
What, you want me to call 999? To get a ring that's too tight off? I mean it's hurting my finger but is it really an emergency?
Yes, dumbass, it's an emergency. Get the ring off your finger right now before the blood supply gets compromised and you end up with a big slug of stale dead blood washing round you when you finally do get it off. You could lose your hand if you piss about with it too long.
I know it seems like overkill to have a 18-tonne Scania rock up with five guys in it just to cut through that little ring, but they have the right tools to do it quickly and easily, and no-one wants to have to cut your hand off.
Ring 999 while you still have two working hands.
Smoke alarm going off? No apparent reason? At least ring them up for advice. There might be something you haven't seen. Just phone them.
It's far easier dealing with you not being on fire in the first place, than dealing with you being on fire later. Not being on fire is good.
A supported carrier: Germany: Telekom United Kingdom: EE, BT United States: Boost Mobile Thailand: AIS, True
Turn limit precise location on or off
Open Settings, then tap Cellular.
Tap Cellular Data Options.
If you have more than one phone number under SIMs, tap one of your lines.
Scroll down to Limit Precise Location.
Turn the setting on or off. You might be prompted to restart your device.
Only Boost Mobile in the U.S. Weird. About 7.5M subscribers. Maybe it requires 5G? Wonder if it works when roaming?
https://en.wikipedia.org/wiki/Boost_Mobile
https://en.wikipedia.org/wiki/List_of_mobile_network_operato...
https://en.wikipedia.org/wiki/5G_NR
Unfortunately Boost/Dish struggled significantly with finances and customer attraction post COVID, largely due to two problems (seamless roaming between their own network and partners’, and more importantly, getting manufacturers like Apple to build compatible phones). When the current president came into the picture, the FCC essentially forced the sale of Dish’s primary spectrum licenses to administration-friendly SpaceX, for future Starlink use.
As of now, they are in the process of moving their customers to AT&T (and possibly a secondary agreement with T-Mobile), but they seem to be maintaining their own network core - that’s likely why they’re able to implement support for this, while AT&T does not.
Why does it list specific carriers, then?
I can imagine a scenario where emergency servies are authorized to send the ping to get your precise location and if you disable this, you may regret it. And a major feature of some phones/watches is the ability to automatically call 911 under certain fall/crash movement detection, where you might not have the ability to re-enable your GPS location.
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
Thats basically the foundational idealogy of the united states. Thats not the issue.
The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.
It's so much worse than even those of us who are moderately interested in mass surveillance know.
Somehow this reminds me about Blackwater / Xe Technologies? :-/
(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)
>Somehow this reminds me about Blackwater / Xe Technologies? :-/
Is there some context I'm missing? Skimming https://en.wikipedia.org/wiki/Blackwater_(company) it shows they might have perpetrated some war crimes, but that alone doesn't really make them worse than the US military. For instance, consider https://en.wikipedia.org/wiki/July_12,_2007,_Baghdad_airstri....
It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.
>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.
> 'Does Drinking Buddy exist?' 'Of course he exists. The Party exists. Drinking Buddy is the embodiment of the Party.' 'Does he exist like you or me?' 'You do not exist', said O'Brien.
> Oceanic society rests ultimately on the belief that Drinking Buddy is omnipotent and that the Party is infallible. But since in reality Drinking Buddy is not omnipotent and the party is not infallible, there is need for an unwearying, moment-to-moment flexibility in the treatment of facts.
You're right, it should be even more scandalous for the government to get information out of my drinking buddy, because the information I told him was in confidence, and he promised he wouldn't tell anyone. My cell phone provider, on the other hand, clearly says in their ToS who they'll share data with and in what circumstances.
They value it alright. At several dollars per person.
Anyone who offers them money?
https://ballotpedia.org/States_with_initiative_or_referendum
This is why they get their laws passed.
https://en.wikipedia.org/wiki/Covert_listening_device#Remote...
And the linked sources are:
- Kröger, Jacob Leon; Raschke, Philip (2019). "Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping". Data and Applications Security and Privacy XXXIII. Lecture Notes in Computer Science. Vol. 11559. pp. 102–120. doi:10.1007/978-3-030-22479-0_6. ISBN 978-3-030-22478-3. ISSN 0302-9743.
- Schneier, Bruce (5 December 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Archived from the original on 12 January 2014. Retrieved 13 December 2009.
- McCullagh, Declan; Anne Broache (1 December 2006). "FBI taps cell phone mic as eavesdropping tool". CNet News. Archived from the original on 10 November 2013. Retrieved 14 March 2009.
- Odell, Mark (1 August 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 14 March 2009.
- "Telephones". Western Regional Security Office (NOAA official site). 2001. Archived from the original on 6 November 2013. Retrieved 22 March 2009.
- "Can You Hear Me Now?". ABC News: The Blotter. Archived from the original on 25 August 2011. Retrieved 13 December 2009.
- Lewis Page (26 June 2007). "Cell hack geek stalks pretty blonde shocker". The Register. Archived from the original on 3 November 2013. Retrieved 1 May 2010.
Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)
By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.
And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.
Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...
Here is an article about baseband and baseband processors.
https://www.extremetech.com/computing/170874-the-secret-seco...
I'm going to need a specific citation for this, given that it seems trivially falsifiable by the existence of bluetooth headphones (which the baseband obviously can't control), not to mention other sorts of call forwarding features like the one iPhones have.
This is simply not true.
Source: I own a phone where this is not the case. Many Linux phones internally attach their wireless devices via USB, so there is good separation.
Also many upscale phones have decoupled the baseband from things that were once connected to it, as an attempt to improve security. (On iOS for instance the main CPU controls wifi.)
Cellular, Wi-Fi, Bluetooth, GNSS NFC, UWB, etc. do get implemented on secondary processors running their own OS but on mainstream smartphones those are typically well isolated and don't have privileged access to other components. The cellular radio in an iPhone or Pixel is on a separate chip but that's a separate thing from it being isolated. Snapdragon devices with cellular implemented by the main SoC still have an isolated radio. Snapdragon implements multiple radios via isolated processes in a microkernel-based RTOS where the overall baseband is also isolated from the rest of the device. There are a lot of lower quality implementations than iPhones, Pixels and Snapdragon devices but the intention is still generally to have the radios isolated even if they don't do it as well as those.
Edit: I’ll add that I think smartphone “security” is almost impossible to achieve, given the complexity of everything and the opacity of modem vendor stacks, which is why I just assume endpoint compromise. I use my phone rarely and with toggle switches normally “off”, and I don’t consider it a secure device or use it very often. If you believe that a secure phone is possible, however, then Graphene is definitely a better fit than a Linux phone.
(Founder/lead dev/ex lead dev, can't recall exactly)
Really? Does the radio somehow become the USB Host in this equation and magically start driving the conversation? How?
This can be mitigated e.g. via an IOMMU: https://grapheneos.org/faq#baseband-isolation
> It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips).
I don't know whether it's true or not that they use the same RAM chips. But either way it doesn't change the fact that they can still be properly segregated via the IOMMU.
What is the tamper resistant number that is kind of the IMEI?
The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.
Apple found out the hard way with the iPhone 4. Their secrecy didn't help. People doing real world testing had a case that made it look like an iPhone 3s and that also happened to mitigate the death grip problem. We know this because one was stolen and given to gizmodo.
And that was even only antenna design, they still used a standard RF stack then.
That assertion is a bit overblown. And people can easily find out it's overblown with a bit of research.
But at the same time, my whole philosophy is never let it touch any network connected device at all if it is critical. I don't care if it's an Apple device.
Here's reality, mobile carriers have been able to get your location from nearly the inception of mass market mobile phone use. I'm not sure anyone really believed their location was somehow secret and not discoverable. If you're using the phone or internet networks, you're not anonymous. Full stop.
Forget whatever anyone told you about your VPN, or whatever other anonymization/privacy machine that Mr McBean is selling Sneetches these days. Assume everyone is tracked, and some are even watched. Therefore everything you do or say with your devices should be considered content that is posted publicly with an uncertain release date.
"You're holding it wrong" might be the laziest thing anyone has ever said about a tech product.
Where? Apple's whitepapers aren't audited by anyone other than themselves.
> Assume everyone is tracked, and some are even watched.
Fatalist non-sequitur.
I am entirely, 100% certain that my telco can't just enable the microphone on my iPhone and record me, short of some 0-day exploit. I simply cannot make that bet on many other devices.
https://grapheneos.org/faq#future-devices
The radios on the supported devices can't access the microphone, GNSS, etc.
GrapheneOS has never supported a device without an isolated cellular radio since that isolation was in place even with the initial Nexus 5 and Galaxy S4. However, some of the devices prior to Pixels did have Broadcom Wi-Fi/Bluetooth without proper isolation similar to laptops/desktops. Nexus 5X was the initial device with proper isolation for Wi-Fi/Bluetooth due to having SoC provided Wi-Fi from Qualcomm. Pixels have avoided this issue for integrating Broadcom Wi-Fi/Bluetooth. Nexus devices left this up to companies like LG, Huawei, etc. and anything not done for them by Qualcomm tended to have security neglected. Qualcomm has taken security a lot more seriously than other SoC vendors and typical Android OEMs for a long time and provides good isolation for most of the SoC components.
Don't believe everything you read about smartphone security and especially cellular radios. There are many products with far less secure cellular radios which are far less isolated but rather connected via extremely high attack surface approaches including USB which are claiming those are better. A lot of the misconceptions about cellular come from how companies market supposedly more secure products which are in reality far worse than an iPhone.
Could you perhaps elaborate on what the more-secure alternative to USB ACM would be?
As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?
At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)
Trilaterate :)
This isn’t a new capability and shouldn’t be surprising.
That’s the majority of uses for the system in the UK. People love to run away and waste police time.
Between buying a phone and reading the OS EULA to providing an E911 address to my carrier, I can count at least three disclosures of this feature.
Nothing is secret or magic here.
We definitely got the cellphone tower triangulation data. I never once saw GNSS data provided by a carrier. We used FindMeSAR https://findmesar.com/, the subject would usually text back the coordinates from the phone.
Just one data point.
The revolution that's occurred since my SAR volunteer days is the wide availability of satellite messenging on consumer phones. I'm guessing that's really changed the situation quite a bit.
The article seems to describe another system which can be involved externally.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
https://www.wired.com/story/jeffrey-epstein-island-visitors-...
https://5g-tools.com/5g-nr-timing-advance-ta-distance-calcul... shows an example of the parameters necessary. I don't think you can get your smartphone to dump those stats for you, but the granularity of the individual distance measurement is in the tens of centimeters.
Of course this strongly depends on cell infrastructure being placed precisely, continuously updating correction factors, and a bunch of antennae being around the target to get measurements for, but in most cities that isn't much of a challenge if the operator is working together with whoever wants to spy on citizens.
The last time I checked, that included Google Play Services, and some of their iOS apps.
That's true, but you can always be triangulated down a couple hundred meters by figuring out which towers you're connected to.
Last time I called 911 (well, it's 112 in my country) my android phone asked if I want to provide gps coordinates. I did, but they still asked for address, so probably this is not integrated/used everywhere.
This is a specific service inside the phone that looks for messages from the carrier requesting a GPS position, it could just refuse, or lie. It's not the same as cell tower triangulation.
I think it would be sufficient to just have a log of this information being queried, and cases where the information has been pinged without a legitimate use case would the be investigated.
https://rapidsos.com/public-safety/unite/
When the call comes in they can click a button and query RapidSOS for current 911 calls for that number and pull the information inwards.
https://www.baycominc.com/hubfs/2025%20Website%20Update/Prod...
When you dial 999 it forwards your phone's GPS location if it has a lock to the provider, who then forwards it on to one of the 999 call handling centres in the UK, who then in turn forward that on to the appropriate emergency service control room. All the various services use various different products for telephony and dispatch but they will show the incoming location, and often will prepopulate an incident with the location.
The system that does this is called "EISEC" - Enhanced Information Service for Emergency Calls - and has a lot of cool stuff defined in the spec (which is publically available! You can just go and read it! BT offer a "Supplier's Information Note" with the protocol and details of how the information is encoded) that also handles calls from landlines. These are easy - your telephone provider knows where you live. OMG! The phone company know where I live? Yes, dumbass, they pulled a wire right into your house, of course they know where it is. For VoIP the situation is a little different but you can notify your VoIP provider of the location that the number is being used at, and it'll inject that into the EISEC request.
You can do other cool stuff like if you've got fixed mobile telephone in a vehicle, you can assign the make, model, registration number, colour, and so on in the EISEC database, so given a call from a phone number they know what car they're looking for. No-one uses this.
The very great majority of calls coming in to 999 are from mobiles. It's extremely rare to get one from a landline.
None of the providers use triangulation for determining where a phone is, it's all GPS.
1) Leave the phone at home
2) Use a phone with a hardware toggle switch that physically kills power to the cell modem, or turn off the phone and put it in a tested Faraday bag
3) Conspire with other citizens to make such location tracking illegal and to enforce that law
I’m tired of privacy doomerism. You have options, use them.
> False. You can: 1) Leave the phone at home
Then you dont have a phone, do you? Come on you are being pedantic for no reason.
I have a phone so I have options if I need to be reachable or reach someone immediately while out (rare), or for travel. And because some services, mostly banks, refuse to accept VOIP numbers but require a verified phone number.
It was the selling point of mobile phones before smartphones became a thing. It obviously hasn't been the main selling point of mobile phones since then.
> False. You can: > 1) Leave the phone at home
If you're going to be pedantic, at least be pedantically correct. The tower (and carrier) would still know the location of your phone in that case. (It just wouldn't be with you.)
NB: same applies for NB-IOT. NBB: this has actually SAVED lives source: I use to work as a core network archictect for tier1 carriers
TL;DR, this is nothing new.
Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).
This is only provided to 911 (police & fire) by carriers alongside your 911 call.
Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.
Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.
https://en.wikipedia.org/wiki/Enhanced_911
With that being said, my 10th floor apartment has a 5g radio installed by one of the major carriers and I am still placed one block wrong when looking on Google Maps.
4G (LTE) networks had more cell sites so could give better precision multilateration, but by then smartphones were taking over the market and they usually had GPS receivers.
You'd need to run an open source baseband modem with settings and logs in all the right places. I don't think those exist.
Someone might be able to exploit the Linux kernel running on Qualcomm modems and build a tool for rooted Android phones after reverse engineering the baseband, but I imagine a lot of copyright lawyers and probably law enforcement people will send you very scary letters if you document remote location tracking features like these.
Also, if you have any 4G or 5G modem, your carrier already has a pretty good idea where you are. They probably log your location too. The advanced precision and timing information necessary for high speed cellular broadband is enough to get a decent location log. That also includes other connected devices such as cars, of course.
So I don't think a single foil sticker would make much difference.
Of course, this doesn't require having GPS location, just cell tower info is enough.
Literally every website and app you use with any kind of shared analytics/ads gets your general location just from your IP address alone, and can update your profile on that analytics/ads provider.
It is far more likely this, than your cell phone provider.
And I don't know about you, but I've put my phone number into a lot of apps and sites. Sometimes it's required, sometimes it's for 2FA, etc.
It doesn't matter if you don't give your phone number to many companies, it only takes one.
It's also not clear why I would have an uptick in spam calls when I'm traveling. I get 2x/week at home and 2x/day when traveling.
But if they're trying to get me to answer the phone, calling from a local number actually makes me less likely to answer. Nobody would be calling my cell phone from the city I'm visiting. I'm more likely to pick up a call if the area code is from back home.
Does it still happen?
It is interesting that we let this happen. Modern phones are very useful devices, but they're not really mandatory for the vast majority of people to actually carry around everywhere they go, in many cases they merely add some convenience or entertainment, and act to consolidate various other kinds of personal devices into just one. If you wanted, you could more often than not avoid needing one. Yet, we pretty much all carry one around anyways, intentionally, and this fact is somewhat abused because it's convenient.
Having watched a fair bit of police interrogations videos recently (don't knock it, it can be addicting) I realized that police have come to rely on cell phone signals pretty heavily to place people near the scene of a crime. This is doubly interesting. For one, because criminals should really know better: phones have been doing this for a long time, and privacy issues with mobile phones are pretty well trodden by this point. But for another, it's just interesting because it works. It's very effective at screwing up the alibi of a criminal.
I've realized that serious privacy violations which actually do work to prevent crime are probably the most dangerous of all, because it's easy to say that because these features can help put criminals behind bars, we should disregard the insane surveillance state we've already built. It's easy to justify the risks this poses to a free society. It's easy to downplay the importance of personal freedoms and privacy.
Once these things become sufficiently normal, it will become very hard to go back, even after the system starts to be abused, and that's what I think about any time I see measures like chat control. We're building our own future hell to help catch a few more scumbags. Whoever thinks it's still worth it... I'd love to check back in in another decade.
How anyone could think this isn't a 4th Amendment violation is a mystery to me.
https://support.apple.com/en-us/126101
This data is vital for a mobile carrier to make sure to have a good signal coverage under all the possible conditions.
It's just a guess since I've seen similar data being analyzed in a previous telco I worked at, but I don't know their exact source. The goal there was to improve the network quality. I guess you can do the same w/o GPS, but triangulation with cell towers is very coarse.
Most of those features are not user visible and are compatibility hacks - ie. "use lower profile in video calls if country = FR".
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
I'm sorry. It is not a law. I am wrong. Thank you for the correction and preventing me from continuing to repeat this embarrassing falsehood.
That said, they do still collect and use this data and turning off GPS doesn't do anything.
This has been the case since the e911 project in the 1990's and is mandatory. Prior to this I would reset the message waiting indicator on their phone continuously to see what cells and cell sectors they were moving through but that would basically just show what road or roads they may be on and what direction they are going very roughly. Assisting the FBI with tracking kidnappers or at least that is what they told me.
There are loads of other tags that can be set on someones phone. My favorites were priority override and caller-id blocking override. This was before SS7 spoofing was so prevalent.
2017 Broadband Consumer Privacy Proposal
https://www.congress.gov/bill/115th-congress/senate-joint-re...
Here's a summary. In late 2016 the FCC passed a rule that:
(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services,
(2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information,
(3) adopts data security and breach notification requirements,
(4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and
(5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
The bill, introduced early in 2017, nullifies that rule.
It passed the Senate 50-48, then the House of Representatives 215-205, and was signed by Trump.
The 52 Republicans in the Senate voted 50 yes, 0 no, 2 not voting. The 47 Democrats, along with the 1 independent, voted no.
In the House the 236 Republicans voted 215 yes, 15 no, 6 not voting. The 190 Democrats all voted no.
I bet that even the most well versed security researchers don't know it all.
The trivial examples like where users assume safety because they use HDD encryption and TLS but they run firmware they don't know about (like a whole parallel OS being ran by some CPUs) are just what is very visible.
In practice, we should assume that everything that is connected and everything we do online is unsafe.
Until then, we must assume that using anything connected implies risks.
> The limit precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.
https://support.apple.com/en-us/126101
The fact that something has some good side effects does not make it good or even reasonable.
You want EMS looking for a needle in a haystack while you are suffering a heart attack?
How might people suggest that this would work, do you suppose?
"We've narrowed the victim's location down to one city block, boys! Assemble a posse and start knocking on doors: If they don't answer, kick it in!" ?
(And before anyone says "Well, it can work however it used to work!" please remember: Previously, we had landline phones in our homes. When we called 0118 999 881 999 119 725 3 for emergency services, there was a database that linked the landline to a street address and [if applicable] unit.
That doesn't work anymore because, broadly-speaking, we now have pocket supercomputers instead of landlines.)
Everyone was effectively doxxed yet it was never a security issue.
And if the phone rang, it was answered. It was almost certainly a real person calling; spam calls were infrequent to the point of almost never happening.
It was a different time, and it is lost to us now.
(We do still have public name-to-address databases, though. For instance: In my state of Ohio, that part of a person's voter registration is public information that anybody can access. Everyone is still effectively doxxed and it's still not a security issue.)
Almost every carrier can triangulate a handset in an area with multiple towers without help of the handset using relative signal strength to each seen towers and data processing. This is how most police in most jurisdictions are able to find an active handset within ~100m given only a phone number. Don't think carriers in some countries aren't constantly logging that approximate and precise queried location metadata and selling it to data brokers.
The only method to prevent continuously location tracking is to disconnect a handset from the cellular network by attenuating the signal with a blocking bag, antenna disconnection, or real power off. The lack cellular network connectivity may be extremely inconvenient by defeating the purpose of a phone. There are situations where someone doesn't want to power down their phone but does want to be RF clean where a Faraday bag would be a good idea(tm).
Back when my OG iPod Touch was minty and new (2008, IIRC), it was in many ways a stripped-down iPhone.
One of the features that was stripped out was GPS: It didn't have that at all. It also lacked Bluetooth.
But it did have a Maps app, and it also had location services. This used visible wifi access points and a database back home on the mothership to determine location.
It was pretty neat at that time to take this responsive, color-screened pocket computer with me on a walk, connect it to a then-ubiquitous open SSID, and have it figure out my location and provide a map (with aerial photos!) of where I was. It wasn't ever dead-nuts, but it was consistently spooky-good.
It's pretty old tech at this point, and devices still use it today.
(Related tech: Those plastic table tents that you take with you at McDonald's after ordering at the kiosk? They're BLE beacons. Sensors in the ceiling track them so that the person bringing the tray with food on it knows about where you're sitting before they even walk out of the kitchen. And modern pocket supercomputers use the locations of these and other beacons, as well, to help trilaterate their position. Urban environments are replete with very chatty things that don't move around very much.)
Certain devices (especially tablets) don't have GPS or various sensors integrated and still can tell you your approximate location, if WiFi is enabled.
If you want to play around a bit, you can try my tool that queries Apple's location services for your nearby networks. The precision is remarkable.
https://github.com/denysvitali/where-am-i
Is it a coincidence most smartphone manufacturers were suddenly all on board with removing the 3.5mm jack and forced Bluetooth? A mesh network of sorts like Amazon is doing with Ring. I even sometimes forget to save my battery and turn Bluetooth off when I'm not using my earbuds. It's probably a false sense of security having it disabled because I'm sure it's doing something in the background anyways. I can't say for sure though. Kind of like years ago with Google getting caught with the whole location data thing. I'm sure the average Joe doesn't care if Bluetooth is enabled 24/7.
I try and not be on the tin foil bandwagon, but every once and a while I come across things that make you go hmmm...
Wi-Fi is better for positioning since BSSIDs are (mostly) static and APs don't move around.
On top of that, BLE usually uses random addresses - so it won't be of much help knowing that you were around CC:B9:AF:E8:AE at 10:05 AM - since that address is likely random.
This kind of trilateration relies on beacons that don't move around (much). (And phones move. That's kind of their whole point.)
Fortunately for location data, there's a ton of Bluetooth beacons that are in reasonably fixed locations: Google used to give them away for businesses to use, but things like smart TVs, speakers, and game consoles are all pretty chatty about broadcasting their presence over Bluetooth to anyone in earshot. (And it's easy enough to observe with any app that displays nearby Bluetooth beacons. I see over a dozen right now where I sit in my suburban home.)
Even the article mentions this.
> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.
I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.
For example, if you drop a pin a hundred metres off from the incident, then when you're maybe several hundred metres off the column of smoke is probably a better indicator of locus than the wee dot on your screen.
Mobile carriers have so much information about you. They know exactly where you are, what you are doing (location combined with mapping tools) combined with who you are talking to.
They know when you are at home depot, when you are the grocery store, when you are at home, when you are awake, when you are asleep, etc.
In the U.S. there are very few laws stopping them from using all your data. In the E.U. you should definitely read up, as you aren't as protected as you think you are.
Forget Nation/State nonsense. You have an active relationship with a company who, by it's very existence and your business relationship, knows what you do all day long.
Don't even get me started about the rabbit hole surrounding 'incognito'/anonymous browsing.
EDIT: You've probably heard of Man-in-the-Middle attacks, right? They are the man in the middle. They will exploit this as best they legally can (and in certain cases, without regard to legality)
The best way to protect yourself is not to play the game at all. The same goes for your ISP, FWIW.
https://en.wikipedia.org/wiki/Radio_resource_location_servic...
It was 5 meters back in 2006 in urban areas.
> Germany: Telekom > United Kingdom: EE, BT > United States: Boost Mobile > Thailand: AIS, True
So turning this "off" on other carriers results in GPS data still shipped off?
It’s also illegal to sell new cars without a cell modem in them.
The phones are the least of our worries.
https://www.rfwireless-world.com/terminology/cellular-tower-...
FTA:
> But this is not the whole truth, because cellular standards have built-in protocols that make your device silently send GNSS (i.e. GPS, GLONASS, Galileo, BeiDou) location to the carrier.
Why wouldn't carriers be able to ask your phone about what it thinks its location is?
> Apple made a good step in iOS 26.3 to limit at least one vector of mass surveillance, enabled by having full control of the modem silicon and firmware. They must now allow users to disable GNSS location responses to mobile carriers, and notify the user when such attempts are made to their device.
The crux of the argument seems to come from this
> It’s worth noting that GNSS location is never meant to leave your device. GNSS coordinates are calculated entirely passively.
OK so? The fact that GPS is calculated passively means nothing about the phone being asked what its position is after the fact.
The article admits this capability is no secret
> These capabilities are not secrets but somehow they have mostly slid under the radar of the public consciousness.
If the article just wants to say phones should block that ability, fine. But don't pretend this is some shady BS.
It is shady BS, and it’s why this phrase appeared in the article. Just because industry insiders are aware doesn’t mean it’s not shady.
The same applies to modern cars reporting their information back to manufacturers.
They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.
And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.
Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.
https://www.theindustrycouncil.org/post/911-location-accurac...
Generally I'd not expect them actively triangulate my exact location, but I'd realise that's at least possible - but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
Where does the article claim this turns on the GPS if off?
While this is an important question, I don't see the sources mentioning it, what the standards mandate, and how the phones behave.
For example the wiki article https://en.wikipedia.org/wiki/Radio_resource_location_servic... describes the protocol as using the GPS and not as getting the location info from Android.
The cell network does not need to know where you are down to the meter and phones have no business giving this information up.