Year was mid 2008. Targeted via geo, gender, and then finally interests. It got down to like "less than 100" which I think was more like 1. She lived in a rural area which probably made it easier.
Excellent article and the methods described are accurate. I was speaking extensively about this from 2017-2020 and the usual reaction when I talked about this was disbelief. I was not surprised when In-Q-Tel came calling. I pitched them a military grade privacy protocol but my suspicion was that they were more interested in spying on our users (a non-starter).
>Working with Grindr data, Yeagley began drawing geofences—creating virtual boundaries in geographical data sets—around buildings belonging to government agencies that do national security work.
Are you seriously telling me that government phones of national security employees allow for the installation of apps that track your location and/or these employees are allowed to bring personal cell phones into these buildings?
Employees are generally allowed to bring phones into federal buildings. There are areas within the buildings they may not be able to take them to, and there are some buildings with a total ban. In that case, though, the phones would still be left somewhere nearby, like the parking lot.
Even if not allowed in the building people will still want to carry a personal phone so it likely just stays in their car right outside the building in the parking lot.
When we had to go into SCIFs, generally phones went into lockers. At some locations, phones stayed in cars. But that doesn't make it any harder to figure out.
Russia has the same problem, VKontakte has given away plenty of secret Russian military bases and troop positions over the past few decades. I've never read of this on Weibo or WeChat, but my guess is they have the same problem, just English language open source accounts are keeping it more discrete for now.
The WashPost about a week ago had an article about how at a recent NTC rotation out at Fort Irwin the OPFOR was trying to figure out how an Apache had gotten past their air defenses, so they looked up commercial cell phone tracking data and were able to spot how a phone had gone across the desert at 120 mph and plug the hole in their air defenses.[1]
Adtech on the cell phone we all carry in our pocket is better at surveillance than the best tools a military has. And it's one of those things where not being part of the surveillance can make you stand out too. Think about a spy operating under a real cover, how long is their Facebook (or Weibo or VK or TikTok or whatever is appropriate for the person they are trying to be) account history? If you found someone claiming to be a 45 year old woman living in an American suburb and she had a Facebook account that was three months old, wouldn't you investigate further?
Strava actually has extensive privacy controls that work well. Users can keep activities private by default and hide their tracks near sensitive locations. But of course if you don't use the privacy control and make everything public then obviously everyone can see exactly where you were.
This is a scary thought. Not because I think I'm worthy of being targeted, but because I think in the future there'll be enough compute and incentives to automatically scan everyone for out-of-the-ordinary behavior via neural models.
When I was in the military cell phones were extremely new, but I honestly don't see why most commands don't say "leave phones and other electronics at home when coming to base" and then you just tell anyone who needs to contact you to call the command quarterdeck or whatever. Examples you just gave are good reasons to do this, much like how in the 90's during Desert Storm several people figured out (post-hoc, but still) that there were a buttload more pizza orders from government offices relating to the invasion of Iraq. I'm a former shithead officer, though, so it's easy for me to just say "ban the phones!" instead of trying to figure out a smarter solution. Maybe beepers will make a comeback, since you can't track a multicast, receive-only client?
> When I was in the military cell phones were extremely new, but I honestly don't see why most commands don't say "leave phones and other electronics at home when coming to base" and then you just tell anyone who needs to contact you to call the command quarterdeck or whatever.
Because soldiers will just go and take their phones anyway - they will want to keep in touch with their families.
The solution to this problem is to kill off the targeted ads market in its entirety. Maybe national security is the only way to actually make that go through.
If I were the shot caller I’d have it tunnel to an NSA data center via a proprietary protocol. Then the data center makes the request with IP/HTTP, then serves the data back to the client again in the proprietary protocol.
"Because soldiers will just go and take their phones anyway"
When there is a military order - refusing is not an option. And you can check if people have smartphones with them without searching them - quite easy, how they do it in airplanes, emf meters. They are quite cheap.
Also you don't have to ban them everywhere. But everywhere critial, yes. A ordinary mobile phone is basically a spying device in terms of security. I would not ask who maybe has access, but who has not.
"The solution to this problem is to kill off the targeted ads market in its entirety. Maybe national security is the only way to actually make that go through."
So I am sorry, but national security won't help get us rid of targeted ads, you probably also missed the part, where national security of course happily uses that data for themself. So for them it is way easier to just ban smartphones in more areas, than disrupt the internet ad market.
Because the 18 year old who really misses his girlfriend needs to have his phone on him? The operator's wife back at Bragg (excuse me, Fort Liberty now) wants to know that he's safe, to use the example from the original article about watching phones go from North Carolina to Syria and back.
The article I linked to in WP talked about how difficult the Ukrainian army is finding cellphone discipline, at the beginning of their third year of high intensity war (and a decade of low-intensity combat operations). Because even in a real shooting war zone this sort of stuff is hard to police.
The Ukrainian situation is especially interesting because to my mind it is the first cellphone war. We've gone from cellphones being used as passive electronic switches (as in, detonation systems for roadside bombs) to it being the control interface for innovative weaponry and tactics such as drones against infantry. I dont know that irregular or inexperienced troops will ever give up this level of capability, and I'm not sure that wealthier militaries have figured out how to mutate consumer cellphones into equally powerful portable tools without essentially dumbing them down back to tetra radios.
I think your instinct is well founded but at odds with the massive tech industry pushing the other way. This is the classic imbalance between offense and defense: for something like a building’s location, the defender has to do the right thing every time. You put out that order and most people follow it but over time someone’s going to make a mistake - they’ll forget their LTE AppleWatch counts as a phone, their spouse or kid will leave their phone in the car and Facebook will helpfully share that location belongs to people who like military pages, their cell provider helpfully links their vehicle’s integrated cellular device with the other devices on the account when selling data, etc. It feels like the solution might need to start with a significant data protection law making some of that data collection impossible and all of it requiring notification so someone could at least have the chance to know where they’d be breaking policy.
Whether they take it into the building or not is irrelevant.
If they drive nearby and leave it in the car, you can find them.
If they drive nearby and turn it off then, you can find them (improve it by bracketing by the average 9-5 workday, add correlation of world events to late-night anomalies - i.e. the Washington pizza index[1]).
If they leave their phone at home and switch it off, then you can still find them by that data.
If they leave their phone at home, switched on, then this also applies - you filter by public holidays.
The key is that the "phone policy" is effectively public information - so you don't have to guess, you can just go find out what it is to set your search parameters.
- Prohibit all Federal employees from bringing a personal cellular radio to work.
- Build many parking structures for DC Federal employees across the region.
- Assign each employee a particular parking structure, ideally selected at random.
- Ensure each parking structure is served by public transportation infrastructure, dedicated shuttles, and a USGOV-run black car service to bring people to their workplace, potentially via an extra obfuscating hop to a different parking structure.
In an ideal world, all Federal employees would behave indistinguishably. That's impractical, but we can do a lot better than the status quo.
These would be the only people with movement patterns like that. They wouldn't blend at all: they'd stick out like a sore thumb on any type of large scale statistical analysis as anomalies.
"being really secret" doesn't work because the attempt to do so means you're doing a whole lot of stuff that no ordinary person does. That's a statistical anomaly - that's easy to find.
And again: all this information is public. It would be widely and well known that this is what is done, so what to look for would be well advertised. The locations of these buildings would then be well known. And since you've now added multiple intervening steps, nailing down who's going where is also easier - i.e. if someone drives into a known parking structure at time X, then you can draw a circle around that which is the mean transport time to get to any interesting federal buildings in the area before the work day starts. Map this across a few months and you'll pin down exactly which one they work at (I mean, you wouldn't bother if you were a foreign government though - a couple days worth of casual surveillance work would also grab every number plate and face you can see).
This is quite aside from the why of doing this: it would be a huge pain in the ass for the employees, who are not paid nearly enough to bother with it and become a hiring problem, for...what gain?
This is why you don't let the weather app access your location. In fact, weather apps are one of the main offenders here.
ICE in the US has been known to use this same data to track down and harm undocumented migrants.
Personally, I have a de-googled Pixel running GrapheneOS. It has a sandboxed version of Google Play, but without the elevated system privileges. I am not signed in to Google at any kind of global device level. I can still install and run most apps, but without the tracking.
Apple doesn't need to buy a weather app on the iPhone (when it offers its own pre-installed weather app anyway) in order to get your location. Apple can get your location directly from the iPhone itself.
I think either visas should be renamed documents, or undocumented migrants should be renamed unvisa’d migrants. Because between tax-id-numbers, drivers licenses, bank accounts, cell phones, I am sure big brother has some data on them, weather you call that data: documents or visas.
I haven't read it yet, but I have "Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State" by Byron Tau in my cart and that feels related so.. maybe look it up.
One thing I've always been curious about, and have never been able to find a solid answer too, is what data is available to the various companies whose software I have on my phone?
What can AT&T/TMobile/etc... learn from my device as my carrier?
What can the apps I have installed decern from my device if I allow no access to anything settings?
How does this change if I use a vpn?
I have an idea of whats possible based on my career in tech, but I'd love a more solid answer. Happy to read any content answering the aforementioned.
I don't know of any carrier hypervisory capability, but there has been a lot of discussion about OnePlus phones and the data they exfiltrate. There's a bunch of vendor bloatware even on my factory-reset phones so it's not out of the question that a carrier-locked phone might have snuck something else in there.
Intelligence can be inferred at the carrier level even with paranoid privacy settings and all apps using HTTPS. CDNs in particular frequently serve content over regular HTTP, and there aren't too many reasons why you'd be communicating with Grindr's CDN. All of this is visible over the wire.
DNS requests betray a lot about you. VPNs are notoriously leaky when it comes to DNS as well. I'd expect that even with a VPN running you're not stopping anything, just changing the exfiltration route for some of your traffic.
Chances are yes. On Android, you can control 'some' of the permissions - the basic ones (contacts, calendar, location, etc.)
There are some though "view Wi-Fi connections", "have full network access", "view network connections", "query all packages", "advertising ID permission", and so on, that give the app (and it's creator) a good view of what's going on in your phone. I tend to (by trial & error) block everything with NoRoot Firewall. Those who want to be naughty though cannot be stopped, as they send both useful and telemetry through the same connection/target IP.
Unfortunately that isn't a question you'll get an answer to. Anyone who actually knows and has access to sensitive sources and methods is under an obligation not to disclose them. Further nobody in the know wants to burn these sources - because it makes their job harder.
The general advice I can give is use an iPhone (turn on Lock Down mode if you believe you might be the target of well resourced attackers), use Google suite for your personal data (and turn on Advanced Protection), don't use commercially available VPNs (set up your own or just don't connect to wifi in untrusted places), and periodically delete third party apps you don't use (especially any that use location services).
Because most of the "common knowledge" around Google and privacy is hyperbole. Ask any ex-Google engineer how easy it is to get past a Security & Privacy launch review or how easily they can access personal customer data in prod.
You are more than welcome to try and secure your own stuff against nation state attackers. Or you can outsource that work to a company that has some of the best security minds in the world watching over your account 24/7.
I am not sure if this is exactly what you are asking. Are you looking for aggregated data on yourself or methods to discover what is being transferred?
For the latter:
One thing you can do is install a man in the middle and "sniff" what is being transferred by your phone (at least on wifi).
I use a tool called Proxyman, it allows me to install a self signed certificate on my phone and this allows the decryption of SSL traffic by Proxyman. From there its kinda like Wireshark (If you have used that).
It basically shows you all the data going in and out of the device.
So with the pieces set up you then start a new sniffing session and then open up an app on your phone and use it. This will show you all the data that is being transferred.
A lot of apps are transferring all sorts of data. For myself its become so burdensome that I am trying to find a way to automate this analysis for all my apps so I can build a personal "web" of what data has left what app and keep a record of it.
Not all data is horrendous, for example every app I have tested transfers some sort of data on analytics for QA and app quality improvements. Things like app crash reports or other things of that nature. Thats not so bad compared to other data.
You can also try decompiling an app and seeing what libraries are used. Using these two things for example I learned about the 7-Eleven app and its usage of Bluetooth beacons so they can track were you are going when you are in their store.
"learn a dozen technologies to the point of being an expert on all fields and then waste 2 months of work on each app, which will update every three days"
Android lets you delete the advertising id that's mentioned in the article, as well as reset it. Does anybody who is in Adtech know what that does in terms of identifiability on brokers? Am I now "anon at location x,y", or am I "anon4321 at location x,y”?
One can be in process of making the most unfortunate or catastrophic decision or action, and their phone with adtech will only worry how to display them ad for a rope.
I don't work in the ad industry but am quite curious to learn the high level software components. For instance, I have heard of Audience Intelligence Platforms from the likes of Google and Adobe. Curious if anyone has come across a book, blog or lecture that lays out the landscape.
Ad serves up an image hosted by the advertiser. Phone makes an http get for the image and gives out its IP.
You can also target ads by geography and do a lat/long box over your target area and show a specific ad so you know how many unique users are in that area.
Baryshnikov & Ghrist, Target Enumeration Via Euler Characteristic Integrals (2009)
> We solve the problem of counting the total number of observable targets (e.g., persons, vehicles, landmarks) in a region using local counts performed by a network of sensors, each of which measures the number of targets nearby but neither their identities nor any positional information. We formulate and solve several such problems based on the types of sensors and mobility of the targets.
SnapChat does the same thing, we (not me technically, I am just a developer that worked with our ad team) set up Geofences around events to serve ads and we could continue to target those users for continuous remarketing as soon as they stepped foot into and out of a location of our choosing. In our case it was mostly a concert and car race. We knew -a lot- more than we probably should have. You could push filters, and all kinds of stuff within those custom geofences. Facebook & Google have similar, but it's not near as granular as what I saw with Snap. They might have changed it by now, this is when they first were getting into advertising. It honestly wasn't very effective, probably because of the demographic that uses SnapChat.
Tiktok was used to find and track/monitor Chinese dissident whereabouts a few years ago by the CCP in Hong Kong.
every ad network does this. right before the pandemic the new feature released on all big five was digital-out-of-home, which is the literal plot of dystopian movies... outdoors targeted to people passing by.
after that they all added targeting by weather (latest fine grained targeting under gdpr) and BT beacon tracking.
fun fact, google uses BT on your phone to mark of you entered a store after seeing an ad for it to get paid for the "conversion".
More convenient, more location-accurate, can integrate with the OS like widgets.
What a terrible take. People like apps, we should make apps private I stead of telling people not to use apps. FWIW, websites can gain access to your location too, so plenty of people will still be tracked.
Apple bought a weather company for this purpose. So probably Apple’s honestly. Everything else needs to make money somehow while freely giving you data.
Apple bought Dark Sky, ostensibly in order to incorporate it into their Weather app. But, that app is the same or worse than it was before, so I can't recommend it. Dark Sky was excellent.
Just don't give it access to your location. Not like I've widely sampled all of them, but Apple's weather app I do currently use does not require location services. I can simply tell it the zip code I care about knowing the weather for, which may or may not be where I am physically located at the time.
+1 for Windy! Note that there are two apps named Windy, one with a red icon and one with a blue icon. The one you linked to has a red icon and lists its developer as Windyty, SE.
The one with the blue icon has a site at Windy.app. Their privacy policy is much more hand-wavy, with lines about how they “don’t sell” but “share” your personal information:
One of the techniques they list explicitly is to use the Meta pixel for targeted advertising. I’m not aware of any way to remove geo data from, for example, the Meta pixel and the auctions it sells into. It suggests to me that perhaps they’re thinking of your geo data as incidental to placing targeted advertising.
heh. this reminds me that google just last week updated all their system apps (maps, calendar, clock) to include mandatory, no way to disable, weather. now they can phone home every time you look at the time or set up an alarm even under GDPR.
I found that OnePlus android allows you to toggle mobile data and WiFi data per app, by the way. Pixel and Samsung only allow that for mobile. Semi related.
Life360, like other apps that track location data, makes a significant portion of its annual revenue from selling this data -- about 20 percent in 2020.
A friend of mine had a girl he was dating drop him because she couldn't understand why he didn't text her all the time- never mind that he worked at a Navy facility that didn't allow cell phones.
Reminds me of the guy who pranked his roommate with Facebook ads targeted to an audience of one: https://ghostinfluence.com/the-ultimate-retaliation-pranking...
I did this once too and it worked. The targeting is much less specific than it was years ago though.
Useful to gives dates. Swichkow's prank ad mentioned above was back in 2014.
I think you're referring to Facebook/Meta removing many detailed PII-specific targeting options, 1/2022.
That said, the prank still works if you can get your targeted ad in front of the victim even if it also goes to unconnected recipients as well.
Year was mid 2008. Targeted via geo, gender, and then finally interests. It got down to like "less than 100" which I think was more like 1. She lived in a rural area which probably made it easier.
Indeed I remember back then one could target somebody by his email. I would guess the agencies still get extended targeting access.
You still can via custom audiences. Also used for creating lookalikes.
I believe it's not direct targeting and there are limits to stop targeting like we're discussing.
I did this to land some larger B2B clients, sadly facebook doesn't support this detailed targeting anymore.
Excellent article and the methods described are accurate. I was speaking extensively about this from 2017-2020 and the usual reaction when I talked about this was disbelief. I was not surprised when In-Q-Tel came calling. I pitched them a military grade privacy protocol but my suspicion was that they were more interested in spying on our users (a non-starter).
Any additional info on the subject you recommend?
>Working with Grindr data, Yeagley began drawing geofences—creating virtual boundaries in geographical data sets—around buildings belonging to government agencies that do national security work.
Are you seriously telling me that government phones of national security employees allow for the installation of apps that track your location and/or these employees are allowed to bring personal cell phones into these buildings?
Employees are generally allowed to bring phones into federal buildings. There are areas within the buildings they may not be able to take them to, and there are some buildings with a total ban. In that case, though, the phones would still be left somewhere nearby, like the parking lot.
There are buildings that do not allow cell phones. For these buildings, it's common to leave your phone in your car.
So... still close enough?
Yes, close enough.
Even if not allowed in the building people will still want to carry a personal phone so it likely just stays in their car right outside the building in the parking lot.
When we had to go into SCIFs, generally phones went into lockers. At some locations, phones stayed in cars. But that doesn't make it any harder to figure out.
But this isn't the first time people are encountering this problem. Strava has given away plenty of US military bases: https://www.theguardian.com/world/2018/jan/28/fitness-tracki...
Russia has the same problem, VKontakte has given away plenty of secret Russian military bases and troop positions over the past few decades. I've never read of this on Weibo or WeChat, but my guess is they have the same problem, just English language open source accounts are keeping it more discrete for now.
The WashPost about a week ago had an article about how at a recent NTC rotation out at Fort Irwin the OPFOR was trying to figure out how an Apache had gotten past their air defenses, so they looked up commercial cell phone tracking data and were able to spot how a phone had gone across the desert at 120 mph and plug the hole in their air defenses.[1]
Adtech on the cell phone we all carry in our pocket is better at surveillance than the best tools a military has. And it's one of those things where not being part of the surveillance can make you stand out too. Think about a spy operating under a real cover, how long is their Facebook (or Weibo or VK or TikTok or whatever is appropriate for the person they are trying to be) account history? If you found someone claiming to be a 45 year old woman living in an American suburb and she had a Facebook account that was three months old, wouldn't you investigate further?
1: https://www.washingtonpost.com/national-security/2024/02/22/...
Supposedly a Ukrainian agent was able to assassinate a Russian military officer by tracking his regular running route on Strava.
https://www.bbc.com/news/world-europe-66162502
Strava actually has extensive privacy controls that work well. Users can keep activities private by default and hide their tracks near sensitive locations. But of course if you don't use the privacy control and make everything public then obviously everyone can see exactly where you were.
It brought this to mind: Fitness tracking app Strava gives away location of secret US army bases
https://www.theguardian.com/world/2018/jan/28/fitness-tracki...
This was linked in the GP comment.
This is a scary thought. Not because I think I'm worthy of being targeted, but because I think in the future there'll be enough compute and incentives to automatically scan everyone for out-of-the-ordinary behavior via neural models.
The killer drones will remind you of what ordinary behavior is so you aren't tempted to deviate.
When I was in the military cell phones were extremely new, but I honestly don't see why most commands don't say "leave phones and other electronics at home when coming to base" and then you just tell anyone who needs to contact you to call the command quarterdeck or whatever. Examples you just gave are good reasons to do this, much like how in the 90's during Desert Storm several people figured out (post-hoc, but still) that there were a buttload more pizza orders from government offices relating to the invasion of Iraq. I'm a former shithead officer, though, so it's easy for me to just say "ban the phones!" instead of trying to figure out a smarter solution. Maybe beepers will make a comeback, since you can't track a multicast, receive-only client?
> When I was in the military cell phones were extremely new, but I honestly don't see why most commands don't say "leave phones and other electronics at home when coming to base" and then you just tell anyone who needs to contact you to call the command quarterdeck or whatever.
Because soldiers will just go and take their phones anyway - they will want to keep in touch with their families.
The solution to this problem is to kill off the targeted ads market in its entirety. Maybe national security is the only way to actually make that go through.
Seems like something the NSA should be in charge of, maintaining a custom Android ROM or even a fully custom built OS/device.
Just browsing the web is enough to deliver enough metadata to RTBs to make correlations possible.
If I were the shot caller I’d have it tunnel to an NSA data center via a proprietary protocol. Then the data center makes the request with IP/HTTP, then serves the data back to the client again in the proprietary protocol.
"Because soldiers will just go and take their phones anyway"
When there is a military order - refusing is not an option. And you can check if people have smartphones with them without searching them - quite easy, how they do it in airplanes, emf meters. They are quite cheap.
Also you don't have to ban them everywhere. But everywhere critial, yes. A ordinary mobile phone is basically a spying device in terms of security. I would not ask who maybe has access, but who has not.
"The solution to this problem is to kill off the targeted ads market in its entirety. Maybe national security is the only way to actually make that go through."
So I am sorry, but national security won't help get us rid of targeted ads, you probably also missed the part, where national security of course happily uses that data for themself. So for them it is way easier to just ban smartphones in more areas, than disrupt the internet ad market.
Because the 18 year old who really misses his girlfriend needs to have his phone on him? The operator's wife back at Bragg (excuse me, Fort Liberty now) wants to know that he's safe, to use the example from the original article about watching phones go from North Carolina to Syria and back.
The article I linked to in WP talked about how difficult the Ukrainian army is finding cellphone discipline, at the beginning of their third year of high intensity war (and a decade of low-intensity combat operations). Because even in a real shooting war zone this sort of stuff is hard to police.
The Ukrainian situation is especially interesting because to my mind it is the first cellphone war. We've gone from cellphones being used as passive electronic switches (as in, detonation systems for roadside bombs) to it being the control interface for innovative weaponry and tactics such as drones against infantry. I dont know that irregular or inexperienced troops will ever give up this level of capability, and I'm not sure that wealthier militaries have figured out how to mutate consumer cellphones into equally powerful portable tools without essentially dumbing them down back to tetra radios.
I think your instinct is well founded but at odds with the massive tech industry pushing the other way. This is the classic imbalance between offense and defense: for something like a building’s location, the defender has to do the right thing every time. You put out that order and most people follow it but over time someone’s going to make a mistake - they’ll forget their LTE AppleWatch counts as a phone, their spouse or kid will leave their phone in the car and Facebook will helpfully share that location belongs to people who like military pages, their cell provider helpfully links their vehicle’s integrated cellular device with the other devices on the account when selling data, etc. It feels like the solution might need to start with a significant data protection law making some of that data collection impossible and all of it requiring notification so someone could at least have the chance to know where they’d be breaking policy.
Personal phones, not government phones. Bringing your personal phone to Langley and leaving it in your car doesn't do much.
Whether they take it into the building or not is irrelevant.
If they drive nearby and leave it in the car, you can find them.
If they drive nearby and turn it off then, you can find them (improve it by bracketing by the average 9-5 workday, add correlation of world events to late-night anomalies - i.e. the Washington pizza index[1]).
If they leave their phone at home and switch it off, then you can still find them by that data.
If they leave their phone at home, switched on, then this also applies - you filter by public holidays.
The key is that the "phone policy" is effectively public information - so you don't have to guess, you can just go find out what it is to set your search parameters.
[1] https://www.washingtonpost.com/wp-srv/politics/special/clint...
Absolutely.
Here's my proposal:
- Prohibit all Federal employees from bringing a personal cellular radio to work.
- Build many parking structures for DC Federal employees across the region.
- Assign each employee a particular parking structure, ideally selected at random.
- Ensure each parking structure is served by public transportation infrastructure, dedicated shuttles, and a USGOV-run black car service to bring people to their workplace, potentially via an extra obfuscating hop to a different parking structure.
In an ideal world, all Federal employees would behave indistinguishably. That's impractical, but we can do a lot better than the status quo.
These would be the only people with movement patterns like that. They wouldn't blend at all: they'd stick out like a sore thumb on any type of large scale statistical analysis as anomalies.
"being really secret" doesn't work because the attempt to do so means you're doing a whole lot of stuff that no ordinary person does. That's a statistical anomaly - that's easy to find.
And again: all this information is public. It would be widely and well known that this is what is done, so what to look for would be well advertised. The locations of these buildings would then be well known. And since you've now added multiple intervening steps, nailing down who's going where is also easier - i.e. if someone drives into a known parking structure at time X, then you can draw a circle around that which is the mean transport time to get to any interesting federal buildings in the area before the work day starts. Map this across a few months and you'll pin down exactly which one they work at (I mean, you wouldn't bother if you were a foreign government though - a couple days worth of casual surveillance work would also grab every number plate and face you can see).
This is quite aside from the why of doing this: it would be a huge pain in the ass for the employees, who are not paid nearly enough to bother with it and become a hiring problem, for...what gain?
This is why you don't let the weather app access your location. In fact, weather apps are one of the main offenders here.
ICE in the US has been known to use this same data to track down and harm undocumented migrants.
Personally, I have a de-googled Pixel running GrapheneOS. It has a sandboxed version of Google Play, but without the elevated system privileges. I am not signed in to Google at any kind of global device level. I can still install and run most apps, but without the tracking.
This (location data collection) is why Apple bought Dark Sky imo https://i.imgur.com/M7ywdfo.jpg
Apple doesn't need to buy a weather app on the iPhone (when it offers its own pre-installed weather app anyway) in order to get your location. Apple can get your location directly from the iPhone itself.
"track down and harm"? Just speak without weird political euphemisms please.
How would you characterize it instead?
Do you have an example of it actually happening?
Locate and arrest individuals who have broken the laws that ICE is charged with enforcing?
I think either visas should be renamed documents, or undocumented migrants should be renamed unvisa’d migrants. Because between tax-id-numbers, drivers licenses, bank accounts, cell phones, I am sure big brother has some data on them, weather you call that data: documents or visas.
I haven't read it yet, but I have "Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State" by Byron Tau in my cart and that feels related so.. maybe look it up.
https://www.penguinrandomhouse.com/books/706321/means-of-con...
This article is taken from that book.
One thing I've always been curious about, and have never been able to find a solid answer too, is what data is available to the various companies whose software I have on my phone?
What can AT&T/TMobile/etc... learn from my device as my carrier?
What can the apps I have installed decern from my device if I allow no access to anything settings?
How does this change if I use a vpn?
I have an idea of whats possible based on my career in tech, but I'd love a more solid answer. Happy to read any content answering the aforementioned.
I don't know of any carrier hypervisory capability, but there has been a lot of discussion about OnePlus phones and the data they exfiltrate. There's a bunch of vendor bloatware even on my factory-reset phones so it's not out of the question that a carrier-locked phone might have snuck something else in there.
Intelligence can be inferred at the carrier level even with paranoid privacy settings and all apps using HTTPS. CDNs in particular frequently serve content over regular HTTP, and there aren't too many reasons why you'd be communicating with Grindr's CDN. All of this is visible over the wire.
DNS requests betray a lot about you. VPNs are notoriously leaky when it comes to DNS as well. I'd expect that even with a VPN running you're not stopping anything, just changing the exfiltration route for some of your traffic.
Chances are yes. On Android, you can control 'some' of the permissions - the basic ones (contacts, calendar, location, etc.)
There are some though "view Wi-Fi connections", "have full network access", "view network connections", "query all packages", "advertising ID permission", and so on, that give the app (and it's creator) a good view of what's going on in your phone. I tend to (by trial & error) block everything with NoRoot Firewall. Those who want to be naughty though cannot be stopped, as they send both useful and telemetry through the same connection/target IP.
> but I'd love a more solid answer
Unfortunately that isn't a question you'll get an answer to. Anyone who actually knows and has access to sensitive sources and methods is under an obligation not to disclose them. Further nobody in the know wants to burn these sources - because it makes their job harder.
The general advice I can give is use an iPhone (turn on Lock Down mode if you believe you might be the target of well resourced attackers), use Google suite for your personal data (and turn on Advanced Protection), don't use commercially available VPNs (set up your own or just don't connect to wifi in untrusted places), and periodically delete third party apps you don't use (especially any that use location services).
You can do your own analysis on what various players can see based on the OS, the OS vendor, the apps, etc. Basically they get a ton of information.
How does it make sense to recommend Google Suite to someone unusually concerned with privacy?
Because most of the "common knowledge" around Google and privacy is hyperbole. Ask any ex-Google engineer how easy it is to get past a Security & Privacy launch review or how easily they can access personal customer data in prod.
You are more than welcome to try and secure your own stuff against nation state attackers. Or you can outsource that work to a company that has some of the best security minds in the world watching over your account 24/7.
I am not sure if this is exactly what you are asking. Are you looking for aggregated data on yourself or methods to discover what is being transferred?
For the latter:
One thing you can do is install a man in the middle and "sniff" what is being transferred by your phone (at least on wifi).
I use a tool called Proxyman, it allows me to install a self signed certificate on my phone and this allows the decryption of SSL traffic by Proxyman. From there its kinda like Wireshark (If you have used that).
It basically shows you all the data going in and out of the device.
So with the pieces set up you then start a new sniffing session and then open up an app on your phone and use it. This will show you all the data that is being transferred.
A lot of apps are transferring all sorts of data. For myself its become so burdensome that I am trying to find a way to automate this analysis for all my apps so I can build a personal "web" of what data has left what app and keep a record of it.
Not all data is horrendous, for example every app I have tested transfers some sort of data on analytics for QA and app quality improvements. Things like app crash reports or other things of that nature. Thats not so bad compared to other data.
You can also try decompiling an app and seeing what libraries are used. Using these two things for example I learned about the 7-Eleven app and its usage of Bluetooth beacons so they can track were you are going when you are in their store.
"learn a dozen technologies to the point of being an expert on all fields and then waste 2 months of work on each app, which will update every three days"
you're not wrong, but not going anywhere either.
What are you talking about? What dozen technologies? Wasting 2 months on what?
These are good questions. Would also be great to rank the data as a list, as to what's the most in demand.
https://archive.is/wNxjS
Android lets you delete the advertising id that's mentioned in the article, as well as reset it. Does anybody who is in Adtech know what that does in terms of identifiability on brokers? Am I now "anon at location x,y", or am I "anon4321 at location x,y”?
Never underestimate the power of metadata. An expired ID that patterns quite similar to a new ID is quite easy to identify.
it looks like you stay with "no id". There is just an option "get a new advertising id"
Here how to delete it in Android and Apple: https://www.eff.org/pt-br/deeplinks/2022/05/how-disable-ad-i...
If you have Android 12+, well that's another reason for me to replace my fairly old phone.
Turns out I do have the option on LineageOS Android 10 and my ID is already "deleted". Perhaps I clicked the option myself at some point.
here how to delete it: https://www.eff.org/pt-br/deeplinks/2022/05/how-disable-ad-i...
One can be in process of making the most unfortunate or catastrophic decision or action, and their phone with adtech will only worry how to display them ad for a rope.
I don't work in the ad industry but am quite curious to learn the high level software components. For instance, I have heard of Audience Intelligence Platforms from the likes of Google and Adobe. Curious if anyone has come across a book, blog or lecture that lays out the landscape.
I don't understand how targeted ads on Grindr can be used to get peoples locations.
Does the ad auction tell the users current location? Does grindr let you run your own auction bidder on your own machine?
Ad serves up an image hosted by the advertiser. Phone makes an http get for the image and gives out its IP.
You can also target ads by geography and do a lat/long box over your target area and show a specific ad so you know how many unique users are in that area.
> so you know how many unique users are in that area
would you like to know more?
see also: https://www.jstor.org/stable/27862533
Baryshnikov & Ghrist, Target Enumeration Via Euler Characteristic Integrals (2009)
> We solve the problem of counting the total number of observable targets (e.g., persons, vehicles, landmarks) in a region using local counts performed by a network of sensors, each of which measures the number of targets nearby but neither their identities nor any positional information. We formulate and solve several such problems based on the types of sensors and mobility of the targets.
Giving up the IP is against the GDPR.
this about US not EU
That hasn’t stopped RTB (real time bidding) mechanisms from leaking personal data to hundred/thousands of third parties yet.
Sad but true. And many of those third parties, even security-oriented ones, care more about profits than privacy.
All network requests give out your IP.
FYI, the Pentagon is a metonym for the Department of Defense of the United States, and GDPR is EU legislation.
GDPR just politely requests that companies don't use this data. Do you think the alphabet agencies are actually going to comply?
How would the server return the data to the client without an IP address?
SnapChat does the same thing, we (not me technically, I am just a developer that worked with our ad team) set up Geofences around events to serve ads and we could continue to target those users for continuous remarketing as soon as they stepped foot into and out of a location of our choosing. In our case it was mostly a concert and car race. We knew -a lot- more than we probably should have. You could push filters, and all kinds of stuff within those custom geofences. Facebook & Google have similar, but it's not near as granular as what I saw with Snap. They might have changed it by now, this is when they first were getting into advertising. It honestly wasn't very effective, probably because of the demographic that uses SnapChat.
Tiktok was used to find and track/monitor Chinese dissident whereabouts a few years ago by the CCP in Hong Kong.
It feels so creepy, thanks for the insight.
every ad network does this. right before the pandemic the new feature released on all big five was digital-out-of-home, which is the literal plot of dystopian movies... outdoors targeted to people passing by.
after that they all added targeting by weather (latest fine grained targeting under gdpr) and BT beacon tracking.
fun fact, google uses BT on your phone to mark of you entered a store after seeing an ad for it to get paid for the "conversion".
Are any of these Real Time Bidding markets open to small companies or individuals? I'm curious to see what days exists for bidders.
So, what's the best weather app to use that's not going to sell my location?
Why you need an app for the weather, what's wrong with websites?
More convenient, more location-accurate, can integrate with the OS like widgets.
What a terrible take. People like apps, we should make apps private I stead of telling people not to use apps. FWIW, websites can gain access to your location too, so plenty of people will still be tracked.
Mine gives me notifications before unpleasant weather events. A website can’t send me an alert saying that it’s about to start raining in 20 minutes.
iOS/Apple Watch has a built in weather app.
Apple bought a weather company for this purpose. So probably Apple’s honestly. Everything else needs to make money somehow while freely giving you data.
Apple bought Dark Sky, ostensibly in order to incorporate it into their Weather app. But, that app is the same or worse than it was before, so I can't recommend it. Dark Sky was excellent.
A browser, where it can't get that data expect by ip. At least it would be approx only and totally unrelated with a vpn.
Buy an iPhone?
Just don't give it access to your location. Not like I've widely sampled all of them, but Apple's weather app I do currently use does not require location services. I can simply tell it the zip code I care about knowing the weather for, which may or may not be where I am physically located at the time.
Your IP address may still be giving a fairly good idea of your location, especially if you're on wifi.
The Windy privacy policy seems decent.
https://account.windy.com/agreements/windy-privacy-policy
+1 for Windy! Note that there are two apps named Windy, one with a red icon and one with a blue icon. The one you linked to has a red icon and lists its developer as Windyty, SE.
The one with the blue icon has a site at Windy.app. Their privacy policy is much more hand-wavy, with lines about how they “don’t sell” but “share” your personal information:
https://windyapp.co/CustomMenuItems/26/en
One of the techniques they list explicitly is to use the Meta pixel for targeted advertising. I’m not aware of any way to remove geo data from, for example, the Meta pixel and the auctions it sells into. It suggests to me that perhaps they’re thinking of your geo data as incidental to placing targeted advertising.
yr.no
A thermometer, a barometer and a radio.
The default iOS weather app is safe to use.
My experience within the last year is that it's not accurate.
The default one in the OS.
heh. this reminds me that google just last week updated all their system apps (maps, calendar, clock) to include mandatory, no way to disable, weather. now they can phone home every time you look at the time or set up an alarm even under GDPR.
Wow. Never a better time to de-google a phone.
forecast.weather.gov in the US
Apropos to nothing...
Choose which apps use your Android phone's location
https://support.google.com/android/answer/6179507?hl=en
Control app tracking permissions on iPhone
https://support.apple.com/guide/iphone/control-app-tracking-...
I found that OnePlus android allows you to toggle mobile data and WiFi data per app, by the way. Pixel and Samsung only allow that for mobile. Semi related.
Same on iOS. You can only disable mobile data per app.
I was very pleased to discover that option in LineageOS a few years ago.
https://www.cnet.com/home/security/life360-app-is-selling-da...
Life360, like other apps that track location data, makes a significant portion of its annual revenue from selling this data -- about 20 percent in 2020.
At least I'm old enough that I can still go places without a phone.
A friend of mine had a girl he was dating drop him because she couldn't understand why he didn't text her all the time- never mind that he worked at a Navy facility that didn't allow cell phones.
Paywalled (after getting sufficient traffic from the share)
https://web.archive.org/web/20240228004529/https://www.wired...
Easily solved.
Dupe of my earlier post: https://news.ycombinator.com/item?id=39534662