NYT Investigation Reveals How Easily Smartphone Location Data Can Be Used to Identify and Track Individuals

[jeffkoontz]

Anytime I see everyone lamenting how bad it is that the Chinese government is setting up a massive surveillance network, I chuckle...because here we are buying the Ring doorbells, nest cameras, sharing location data, and we are basically providing the infrastructure, free of charge, to anyone who wants to tap in and see what we are up to.

 

[LizKat]

Look I get it no one should be tracked and all their data location or otherwise should be private unless you give it up yourself. That's a given. But, the balls on news sites and sites like this that write stories and call out privacy and tracking issues. They are the some of the biggest culprits of them all. Tracking location, clicks on pages, how long you're on the page. It's all BS and when you do this comparison they are always like oh well we don't use it in a bad way...

Yeah they all seem to have a couple dozen tracking scripts trying to run on their pages... I suppose any theoretical "firewall" between editorial and business sides dissolves instantly if a reporter wants to tack on a "Full disclosure: [this media outlet name] runs 17 trackers on our site in order to improve our sense of how to keep you here, what we can sell you, and how we can market what we learn about your preferences to our partners like Facebook and Google, for instance."

 

[justperry]

No it shouldn't. It should be very plainly stated that it happens and an opt out by default.

The problem is that in most cases you don't opt in you can't use the App and/or it's services.
This includes paid services.
So, it should be forbidden for commercial usage.
[automerge]1576791203[/automerge]

No it shouldn't. It should be very plainly stated that it happens and an opt out by default.

Do we ask for it, I bought a Nest Thermostat about 1 ½ year ago, I didn't realise it was bought by Google, luckily my Nest account is still active, did I ask for Google to take over Nest, did we want Google to shut down API's, did we ask to be tracked, I do not trust Google at all, for all I know they know where my nest is.
I do have Ubiquiti network stuff, I can monitor traffic, the Nest connects to services few people are aware of. (See screenshot)

 

[Princejb134]

Tracking individuals should be forbidden, actually, all data collected by any company should be anonymised.
Better yet*, don't collect any data on individuals.

*For commercial reasons.

tell that to china

 

[szw-mapple fan]

As long as all these spying SDKs are allowed by Apple, they can suck it with their „we value your privacy“ PR talk

So what would you suggest? if these apps can access location data in any way, they would be able to store it on their servers. Apple's only other choice if they want to stop this would be to stop 3rd party apps from getting location data altogether.

 

[Abazigal]

So what would you suggest? if these apps can access location data in any way, they would be able to store it on their servers. Apple's only other choice if they want to stop this would be to stop 3rd party apps from getting location data altogether.

If nothing else, this makes a strong case for Apple to come out with more of their own first party apps so these can serve as an alternative to privacy-minded users.

There may be a limit to how much Apple can stop third party apps from accessing your data, but at least users always have the option of stock apps to fall back on.

 

[szw-mapple fan]

That might not work out so great.

From Apple’s Website:

From the NYT today:

What else did they do with it?

That's a different process than using the weather channel app directly. The default weather app sends our location to Apple, not the weather channel. Apple then returns the weather data from the data they purchase from the weather channel.

 

[Doctor Q]

So what would you suggest? if these apps can access location data in any way, they would be able to store it on their servers. Apple's only other choice if they want to stop this would be to stop 3rd party apps from getting location data altogether.

There's an in-between choice that could be practical in some cases. Suppose iOS included a feature that could search a vendor's database of locations, assuming the search interface followed a standard specified by Apple. Then you could get the Best Buy app or the Subway restaurant app or the local bus system's app, deny it location access, but find out your nearest store/restaurant/bus stop location by having iOS query their database from an iCloud server and return the information to you, with an address and a map, without the company getting your location information. Perhaps iOS could include other common services that shield your privacy and would be practical for vendors to use.

The main problem is that consumers have to be aware of their privacy choices. Otherwise, vendors would have little incentive to use these iOS features rather than gather your data themselves.

 

[szw-mapple fan]

There's an in-between choice that could be practical in some cases. Suppose iOS included a feature that could search a vendor's database of locations, assuming the search interface followed a standard specified by Apple. Then you could get the Best Buy app or the Subway restaurant app or the local bus system's app, deny it location access, but find out your nearest store/restaurant/bus stop location by having iOS query their database from an iCloud server and return the information to you, with an address and a map, without the company getting your location information. Perhaps iOS could include other common services that shield your privacy and would be practical for vendors to use.

The main problem is that consumers have to be aware of their privacy choices. Otherwise, vendors would have little incentive to use these iOS features rather than gather your data themselves.

It might work for some applications, but for many more that depends on more precise location with less latency (often in areas with limited internet connectivity) this would fall apart pretty quickly.

 

[subjonas]

Does "while using the app" include when the app is in the background? Most people don't close their apps.

As I understand, people don’t need to close (kill) their apps because iOS automatically kills apps after a few minutes of exiting the app?

 

[Doctor Q]

It might work for some applications, but for many more that depends on more precise location with less latency (often in areas with limited internet connectivity) this would fall apart pretty quickly.

My suggestion could be the fall-back when you disable location services for that app. Otherwise, the app would do what it does now.

 

[Tech198]

This is easy to publish, but no one likes to blame themselves either

Apple maps does the same..

I think the problem we have is you *need* precise location, not an approximation, which is only what you get with Wi-fi based assistant. GPS devices also fall into this category

And with that, we also want privacy... which you can't have both all the time.

 

[Doctor Q]

I think the problem we have is you *need* precise location, not an approximation, which is only what you get with Wi-fi based assistant. GPS devices also fall into this category

And with that, we also want privacy... which you can't have both all the time.

Depending on the type of app, what if the app knows everything about you within that app (location, user name, preferences, etc.) but can't link it to any other identifying information? It knows that User 12345 is at location X, but your privacy is maintained if it doesn't know who User 12345 is.

 

[Puppuccino]

I saw a video interview with Phil and Craig from Apple at some event where they were talking about Siri. I forget the details, but the host asked why Siri was limited and only in a few areas (like weather, traffic etc).

Phil went on a tangent to say that collecting anonymous data is kind of a red herring because even anonymous data like significant locations can provide enough of a profile about where someone goes to build a picture and link back to that person, even if they technically don’t know who you are.

Any data, even ‘anonymous’ data can and will be tracked back to you. The only way to not get tracked is to not have any modern technology at all.

 

[alecgold]

I don't mind having certain apps lay down my tracks wherever I go. Google Maps Timeline for example. Nice little supplement to my journal of where I was at a specific time.

And what if your employer gets into this data, your health insurance calculates its premium on your data (or excludes you from it) or the government starts demanding “socializing classes” based on this info?
And don’t say that it doesn’t happen, all three examples are already reality.

 

[Tech198]

Depending on the type of app, what if the app knows everything about you within that app (location, user name, preferences, etc.) but can't link it to any other identifying information? It knows that User 12345 is at location X, but your privacy is maintained if it doesn't know who User 12345 is.

Well, that is where 'trust' still comes to play.

 

[urtules]

Does "while using the app" include when the app is in the background? Most people don't close their apps.

When using the app doesn't include background. Moreover, the apps which are not displayed on the screen are not running. Some people force quite all of apps, but there's no good reason to do it.
[automerge]1576836496[/automerge]

As I understand, people don’t need to close (kill) their apps because iOS automatically kills apps after a few minutes of exiting the app?

iOS would instantly hibernate the app when it's closed. It will remove app from memory completely when memory is needed for some other app.

For some rare ocasions in can run on backround up to 90 seconds, when Low Power mode is off, Background App Refresh permission is enabled and it also needs to be requested by the app to do specific job.

 

[Marekul]

Problem 1. You chose to download an app from Google -or- an app that uses Google services.
Problem 2. You willingly gave Google your personal information.
Problem 3. You willingly agreed to Google TOS and allowed Google full access to all of your device data.

Solution.
Step 1. Delete anything by Google. Delete all Google accounts, Delete all Google apps.
Step 2 . No step 2 needed, Step 1 solves the above problems every time.

Note this Solution also works for anything by Facebook, Twitter or any other social media.

You forgot Problem 4., using iOS as it comes from Apple
(routing all searches to Google, Google-Save-Browsing pinging Google every few minutes)

Solution: Don't trust anyone, not even apple.

 

[itsmilo]

So what would you suggest? if these apps can access location data in any way, they would be able to store it on their servers. Apple's only other choice if they want to stop this would be to stop 3rd party apps from getting location data altogether.

Don’t allow Apps to be infested with SDKs such as CleverTap, OpenGraph etc.

 

[I7guy]

You forgot Problem 4., using iOS as it comes from Apple
(routing all searches to Google, Google-Save-Browsing pinging Google every few minutes)

Solution: Don't trust anyone, not even apple.

That’s plain false. Might as well disconnect from the grid.

 

[ipponrg]

I saw a video interview with Phil and Craig from Apple at some event where they were talking about Siri. I forget the details, but the host asked why Siri was limited and only in a few areas (like weather, traffic etc).

Phil went on a tangent to say that collecting anonymous data is kind of a red herring because even anonymous data like significant locations can provide enough of a profile about where someone goes to build a picture and link back to that person, even if they technically don’t know who you are.

Any data, even ‘anonymous’ data can and will be tracked back to you. The only way to not get tracked is to not have any modern technology at all.

Yep, that is how data inferencing works. Many people on this forum simply don’t understand that nothing is truly anonymous. It’s why I think the privacy thing from Apple has good intentions but often misunderstood by many on this forum

Much of this data can be correlated back to you “anonymously” in that they don’t know who you are exactly but enough to lump you into a list of profiles. Google does the same thing too even when you are signed out.

 

[jakebrosy]

@MadDawg2020 The problem is not isolated to apps BY the companies you mention. You many not even know the app uses Google or Facebook services.

Those companies spent years creating tools and SDKs that other companies rely on (because they are "free") to build their apps.

Take the Turo App (car rental) for example. There are DOZENS of bits of software listed in the Acknowledgements Section. And nowhere does it say what information is shared with which SDK. Here are a few:

CRASHLYTICS, Fabric: Copyright 2018 Google, Inc.
FBSDCOREKIT: Copyright (c) 2014-present, Facebook, Inc.
FBSDKLOGINKIT: Copyright (c) 2014-present, Facebook, Inc.
FBSDKSHAREKIT: Copyright (c) 2014-present, Facebook, Inc.
FIREBASE: Copyright 2018 Google, Inc.
FIREBASEABTESTING: Copyright 2018 Google, Inc.
FIREBASEANALYTICS: Copyright 2019 Google
FIREBASEPERFORMANCE: Copyright 2019 Google
GOOGLEAPICLIENTFORREST: Apache License
GOOGLEAPPMEASUREMENT: Copyright 2019 Google
GOOGLEDATATRANSPORT: Apache License
GOOGLEDATATRANSPORTCCTSUPPORT: Apache License
GOOGLEIDFASUPPORT: Copyright 2015 Google
GOOGLEMAPS: Copyright 2019 Google
GOOGLEPLACES: Copyright 2019 Google
.
.
.
It just keeps going!

Those are the ones I have time to go through. So, it's not just the apps built BY the companies you mentions. It's the apps built ON their software. And they have spent the better part of decade building indispensable software that most app makers rely on.

Want to learn more? Go to Settings and scroll down to the 3rd party apps. Click one and look for Acknowledgements.

Keep in mind that nothing is really free. Gas, grass or...so the saying goes.

Problem 1. You chose to download an app from Google -or- an app that uses Google services.
Problem 2. You willingly gave Google your personal information.
Problem 3. You willingly agreed to Google TOS and allowed Google full access to all of your device data.

Solution.
Step 1. Delete anything by Google. Delete all Google accounts, Delete all Google apps.
Step 2 . No step 2 needed, Step 1 solves the above problems every time.

Note this Solution also works for anything by Facebook, Twitter or any other social media.

 

[justperry]

tell that to china

I ... am not living there/don't care.

 

[Marekul]

That’s plain false. Might as well disconnect from the grid.

What in specific is false about the claims I made?

Google pays $9 billion to stay the default iPhone search engine

Google is the default iPhone search engine in the Safari web browser, but not because Apple thinks it's the best option. No, Google will pay $9 billion

www.cultofmac.com

How safe is Apple’s Safe Browsing?

This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tence…

blog.cryptographyengineering.com

 

[I7guy]

What in specific is false about the claims I made?

Google pays $9 billion to stay the default iPhone search engine

Google is the default iPhone search engine in the Safari web browser, but not because Apple thinks it's the best option. No, Google will pay $9 billion

www.cultofmac.com

How safe is Apple’s Safe Browsing?

This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tence…

blog.cryptographyengineering.com

Original post said “all searches”. That is patently false. Take me, my default search is bing.

Secondly, the advertising fee is a red-herring and has nothing to do with the internet.

Thirdly, the information flowing to/from Tenecent has been discussed and is another red-herring.