this post was submitted on 24 Oct 2024
487 points (99.4% liked)

Technology

58893 readers
4827 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
487
Location tracking of phones is out of control. Here’s how to fight back. (arstechnica.com)
submitted 2 days ago by misk@sopuli.xyz to c/technology@lemmy.world
95 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Scolding7300@lemmy.world 33 points 1 day ago (2 children)

I think generally speaking these privacy articles fail to convince the majority of people that there's a problem, which is crucial to be able to sell the solution.

I think the abortion part is the most relatable, but you'll hear them say they've got nothing to hide. I believe getting access to that data and show people what data they have on them would be the most effective. It's like saying to someone that has nothing to hide "oh yeah? Give me your phone and your documents, let me browse what's on them"

[–] ArcaneSlime@lemmy.dbzer0.com 4 points 20 hours ago

"Don't worry I'm just gonna do the same thing your spying apps do. Let's see here, oh these are some interesting texts, hey pictures, ooohhh a nude well let me just "anonymize" this by removing the metadata (close enough) and I'll just send that to my "server" (it's my phone).. Why? Well so I can more effectively sell you things of course! It looks like you need clothes, check out these pants from Target and this shirt from H&M, don't you wanna buy them? No? Well ok, here check out those exact same fucking things but this time from Walmart and Macy's!"

[–] Tire@lemmy.ml 6 points 1 day ago* (last edited 1 day ago) (1 children)

People can be irrational like that. But I bet if there’s a really successful horror movie where the killer finds the victim’s location then people will care.

[–] Scolding7300@lemmy.world 9 points 1 day ago (1 children)

I feel like this needs to be real, not a movie. Not someone who gets killed, just someone who sees their own data

[–] sugar_in_your_tea@sh.itjust.works 4 points 1 day ago

You can take it a step further. If you live in an area with a lot of theft, put some tracking tags on things that tend to get stolen, then see how easily you can track them down. An attacker can track your phone in much the same way as you tracking down that tag, so if you have a particularly motivated stalker, they could figure out exactly where you are.

[–] xylogx@lemmy.world 28 points 2 days ago (4 children)

A lot of great comments here. I just wanted to add that even just your ip address is enough to roughly track your location. When your phone checks gmail you are leaving digital breadcrumbs in Google’s logs of your ip address which roughly tracks your location. App permissions will not solve this. We need strong privacy regulations with teeth.

[–] ArcaneSlime@lemmy.dbzer0.com 4 points 20 hours ago

Yes, I am in Sweden, totally, believe it ipaddr checkers!

[–] PriorityMotif@lemmy.world 4 points 23 hours ago

Yes and no, when I check my actual IP address it shows that it's somewhere pretty far away, I guess that's where my carrier has their trunk connected.

[–] pineapplelover@lemm.ee 8 points 1 day ago (1 children)

And then there's wifi triangulation and Bluetooth which narrows it down further

[–] sugar_in_your_tea@sh.itjust.works 6 points 1 day ago (1 children)

And this is why my GPS and Bluetooth are disabled 99% of the time unless I'm actually using them. It cuts down on a lot of potential data leakage.

[–] Poem_for_your_sprog@lemmy.world 1 points 23 hours ago (2 children)

Can't they just triangulate you from cell towers?

Take the battery out I guess?

[–] sugar_in_your_tea@sh.itjust.works 2 points 23 hours ago

Yup, but that would require more effort (I.e. interacting w/ network operator). Tracking someone by Bluetooth can be done passively, as evidenced by services like "Find my Droid" or "Find my iPhone" or whatever.

Blocking my cell radios eliminates the entire point of the phone for me, so the tradeoff is too steep. That said, airplane mode is right over there if you need it temporarily.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 20 hours ago

What phone do you have, one of these?

[–] WolfLink@sh.itjust.works 5 points 1 day ago (1 children)

A VPN helps

[–] sugar_in_your_tea@sh.itjust.works 4 points 1 day ago

There are still attacks that can get around the VPN. It certainly helps, but it's not a complete solution on its own like VPN providers would like you to believe.

[–] Evil_Shrubbery@lemm.ee 49 points 2 days ago* (last edited 2 days ago) (4 children)

Use FOSS as much as possible, pressure your gov to implement laws against tracking (against what Snowden showed us).

There is no need to know the location and history, and the communication of everyone everywhere.

load more comments (4 replies)
[–] Drunemeton@lemmy.world 82 points 2 days ago (7 children)

One thing I am always aware of are apps that want permission to access Bluetooth and/or Wi-Fi and/or Networks.

Even though Bluetooth is very short ranged it can still be used to tie you into a location within a database based on other database records that are more detailed.

Yeah, I love playing you “My Great Dog-sitting Simulator” (not a real app) but you do not need access to my BT. The OS handles sending your audio to my headphones!

[–] asbestos@lemmy.world 38 points 2 days ago (2 children)

Teams is the worst, you can’t join any call if you don’t allow it to scan your local network. I wish the executives a very nice and agonizing death.

[–] 01189998819991197253@infosec.pub 4 points 1 day ago (1 children)

On what device? I have Nearby Devices and Location disallowed on Android, and it still works fine.

Side note. Teams is the worst. Just, period.

[–] asbestos@lemmy.world 2 points 1 day ago (1 children)

iOS, it’s been that way for a long time…

[–] 01189998819991197253@infosec.pub 2 points 1 day ago (1 children)

Interesting. I wonder if that's an iOS requirement that Teams is forced into. Somehow, I doubt it.

[–] asbestos@lemmy.world 2 points 22 hours ago* (last edited 22 hours ago) (1 children)

Oh no, it absolutely isn’t. It’s actually a feature apple implemented to stop apps from scanning and interfacing with the devices on your local network without your approval and Teams has zero explanation on why it needs that permission nor why the calls can’t be made without it while every single other app is able to do so without that permission.
The only other apps that require it are device specific apps (printer, local smart home stuff, FTP, DLNA, etc) and network scanners.
Is it possible that Android doesn’t have that permission and therefore Teams is able to scan the network regardless? You could test it out with an SSH or network scanner app for example

[–] 01189998819991197253@infosec.pub 1 points 15 hours ago

That's a good question. I'm not sure. Well, guess I'm firing up the Wireshark.

[–] toynbee@lemmy.world 19 points 2 days ago (2 children)

I haven't done an extensive survey or anything, but every modern router I've interacted with supports setting up a secondary WiFi network with guest isolation (so anything on that SSID can't see any network device besides the router and itself). This is useful for apps or hardware that is untrusted and/or demands unjustified permissions.

load more comments (2 replies)
load more comments (6 replies)
[–] VintageTech@sh.itjust.works 17 points 2 days ago (3 children)

I don't think enough people have mentioned that Auto manufacturers have been able to locate vehicles since the 90's.

[–] sugar_in_your_tea@sh.itjust.works 2 points 1 day ago (1 children)

I'm pretty sure my car doesn't have tracking, and it's from the mid 2000s. Phoning home wasn't standard until relatively recent car models. I could absolutely be wrong though, but my understanding is that any wireless capabilities it has are limited to close proximity (i.e. tire pressure sensors and the like).

[–] VintageTech@sh.itjust.works 0 points 23 hours ago (2 children)

Standard in 2008 If the auto manufacturer offered OnStar or Sirius, earlier.

I wish it wasn't true, and I definitely feel like a nut job when I bring it up.

[–] Woht24@lemmy.world 1 points 23 hours ago

In America, not the rest of the world.

[–] sugar_in_your_tea@sh.itjust.works 1 points 23 hours ago

Huh, both my cars are just before 2008 (2007 and 2006), and base models so they don't have any fancy features like satellite radio.

Replacing those two is going to suck...

[–] Scolding7300@lemmy.world 6 points 1 day ago (2 children)

How did they do it tech wise?

[–] VintageTech@sh.itjust.works 12 points 1 day ago (1 children)

Originally the D.A.I.R. project (Driver Aid, Information and Routing) was conceptualized in the 60's. It wasn't until Hughes assisted EDS in the 90's that they were able to create a beacon that could communicate via Satellite and Cellular.

I myself didn't realize this was a thing until about a decade ago when I was trying to create an automation for my lights to turn on when I pulled into my driveway. I kept getting a ping about 5min after my phone connected to my WiFi. The MAC matched nothing I had in the house, I just blew it off.

When an associate stopped by to work on a HoneyPot project we started seeing a bunch of random MACs attempt to connect to the open wifi, we wrote that noise off as people walking by my house and their cell phones were just trying to connect. It wasn't until the garbage man showed up and stopped to talk to me that I was able to find his truck listed with an address connected to the open wifi, sent a few packets, then left. We made the correlation that the MAC's could be from cars so we started researching the manufacturer of those device MAC's

That pretty much opened a weird rabbit hole leading us to find out that almost every car has been tracked since the mid-90's.

Joking aside, I would move to Amish country if it weren't for the whiskey and bitches. But in all honesty; my family lives a much more comfortable life than I ever imagined I would with working in the IT field.

[–] AbsoluteChicagoDog@lemm.ee 3 points 1 day ago (2 children)

There's a got to be a way to create an sudo Amish community where technology is hyper regulated but still allowed

[–] yonder@sh.itjust.works 4 points 1 day ago (2 children)

A linux-only society. Those using non-free systems (google android, windows, macOS) are expelled.

[–] AbsoluteChicagoDog@lemm.ee 2 points 23 hours ago

We'll give them a chance to repent first at least

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 20 hours ago

Just as soon as linux phones are better than Graphene, I can join. For now Graphene will suffice.

[–] crank0271@lemmy.world 3 points 23 hours ago (1 children)

Not even "pseudo-"... well done

[–] AbsoluteChicagoDog@lemm.ee 1 points 23 hours ago

Sudo Amish. That's the name of the religion.

[–] AA5B@lemmy.world 6 points 1 day ago (1 children)

Same as today, but slower.

GM’s OnStar was notorious for this. I think the first version had a 2G cell modem

load more comments (1 replies)
load more comments (1 replies)
[–] magic_smoke@links.hackliberty.org 43 points 2 days ago* (last edited 2 days ago) (8 children)

If you have a device that's actively connected to a cellular network, and has been while in your home or work, then your only option is to leave it behind or turn it off. That includes your car if it was made in the past decade, if nothing else, so it can catch OTA firmware updates, and send telemetry data.

GPS and location services don't mean shit when your carrier keeps logs of where you've been based on cell-tower triangulation.

load more comments (8 replies)
[–] FlashMobOfOne@lemmy.world 21 points 2 days ago* (last edited 2 days ago) (6 children)

I have my location turned off for everything and keep mine in a Faraday bag. That said, there was one tip in this article I wasn't aware of: deleting my advertising ID, so everyone should read it and see if you can't improve your own privacy.

It feels good when I have to use it and, for a moment it says "no service", like kicking the tech assholes in the dick.

load more comments (6 replies)
[–] cmnybo@discuss.tchncs.de 41 points 2 days ago (3 children)

Don't just give location access to any app that requests it, especially background location access.

load more comments (3 replies)
[–] astrsk@fedia.io 37 points 2 days ago (4 children)

Pretty easy steps; get app you are interested in. Deny it access to things it doesn’t need when asked. If the app proceeds to not work until you enable, delete. Otherwise, enjoy app without the unnecessary permissions.

load more comments (4 replies)
[–] BaroqueInMind@lemmy.one 17 points 2 days ago (1 children)

Why does Microsoft Remote Desktop app need my GPS location from my phone?

load more comments (1 replies)
[–] Imhotep@lemmy.world 17 points 2 days ago* (last edited 2 days ago) (1 children)

I loved xprivacy_lua

You could hide almost everything.
No app knew the other apps I used.
No app had clipboard access. when I needed to paste something I used Xposed Edge.
You could spoof a lot of info, GPS coordinates, IMEI ... The list goes on.

support stopped. I should check if there's a fork.

edit: AOSP permissions have improved and I now use almost exclusively FOSS apps, so I'm not worried, but I still miss the app.

edit2: there's a fork: https://xdaforums.com/t/xpl-ex-xprivacylua-ex-android-privacy-manager-hooking-manager-extended.4652573/

load more comments (1 replies)
load more comments
view more: next ›