Simply being connected to mobile (or wifi) network is enough to get your location - sometimes with pretty good precision.
So if you're worried about NSA or the like - you better not have a mobile phone/device (or a car - because new cars sold in EU all have eSIM for builtin emergency calls) at all.
And for particular first hand example - Xplora smart watch/phone got super confused when my kids school physically moved.
New building has indoor sports/gym (I think it's basketball court size) on the top floor - and all the reinforced concrete means mobile reception can be hit and miss (even on 3/4G).
Despite phone/watch never connecting to school (staff only) wifi. After move to new building - watch and parent app would regularly think/bounce location between old and new school buildings.
When even 3rd party companies have a mapping between wifi/ssid and approximate geo location, you can imagine state sponsored actors have at least next order of magnitude.
If your wifi client device can't find an access point, it goes around emitting every saved wifi network you've got. You can learn an awful lot from that.
Probably the school moved all of their Wi-Fi access points with it? These are often used for indoor positioning, even without any device connecting to them.
We had the same experience with the Xplora watches: we moved 6km away and took the internet contract with us. Whenever the watch was inside the house, it would show it as being at the old address. Outside of he house and away from wifi, it showed the location correctly. I imagine this is an edge case
I imagine this isn't the case if you're running GrapheneOS on it? I think it would be safe to assume that the factory defaults on any Android would be phoning home whether it's Google, Samsung, or what have you.
> "Because the testing took place with a new, default account, the team did not test to see the effect that user changes to privacy and security settings might have."
And bizarrely the article claims:
> "You can’t say no to Google’s surveillance..."
Well sure, you can't say no if you refuse to even look at the privacy and security settings.
The "Even With GPS Disabled" part of the headline is particularly misleading, since location data often (even mostly?) comes from WiFi too. The idea that turning off GPS would disable location data isn't how location data works.
The real question would be: what tracking happens when you opt out of location sharing?
Side note: I’ve opted out of giving Google my location on the web but when I search they still use my “approximate location” based on my IP and past searches. Trackers gonna track I guess.
I installed duck duck goes application tracking protection utility and was mind boggled at how many apps were tracking my location, battery level, etc on a regular and ongoing basis without notification because it is all through 3rd party ad networks.
Even more concerning where the apps, like AT&t's and Fidelity, that do it just to make the money by reselling the data, not to show ads.
Trying to be private ironically just going to make it worse and make you stand out. Using a non-default OS, non-default browser, custom settings/blocklists will just make your fingerprint more unique.
I use an android phone but just don't use any other google services - no search, no gmail, no default apps. I do most browsing in tor-browser, so google ads won't correlate with me.
Where is the investment into a real smart phone that protects your privacy. I'd pay a premium for this, especially if the manufacturing and resources used fair labor.
I'm very confident this just isn't possible. If you want something with 4G/5G, you just cannot get open hardware. Without open hardware this is a moot point. There are a number of projects where you can use RISC-V hardware with 2G and even 3G open source hardware, but calling them equivalent in any way to an Android or iPhone is a... stretch.
I think the issue is the patents with the hardware needs to run out, but by then 6G or 7G will be out and you'll have the same problem. Anything with DMA that isn't closed source cannot be trusted. I'll die on that hill.
Even with projects like PinePhone, the best they can do is a privacy switch that turns off the modem. It's just not good enough to take it seriously.
I don't think it's a question of open hardware: To send a phone call to your phone, the mobile network must know the BTS/eNodeB/GnodeB associated with your phone.
While this is a large surface in rural areas and older technologies, it's not the same in urban/newer technologies. It could easily be associated with a given building.
To protect our location, it would need something akin to a mobile proxy that would relay the communication but to my knowledge, there are no such things for mobile communications. And this is not really secure, it's just outsourcing security to another entity which may be be compromised.
Readit News
So if you're worried about NSA or the like - you better not have a mobile phone/device (or a car - because new cars sold in EU all have eSIM for builtin emergency calls) at all.
And for particular first hand example - Xplora smart watch/phone got super confused when my kids school physically moved.
New building has indoor sports/gym (I think it's basketball court size) on the top floor - and all the reinforced concrete means mobile reception can be hit and miss (even on 3/4G).
Despite phone/watch never connecting to school (staff only) wifi. After move to new building - watch and parent app would regularly think/bounce location between old and new school buildings.
When even 3rd party companies have a mapping between wifi/ssid and approximate geo location, you can imagine state sponsored actors have at least next order of magnitude.
https://support.google.com/accounts/answer/3118687
> "Because the testing took place with a new, default account, the team did not test to see the effect that user changes to privacy and security settings might have."
And bizarrely the article claims:
> "You can’t say no to Google’s surveillance..."
Well sure, you can't say no if you refuse to even look at the privacy and security settings.
The "Even With GPS Disabled" part of the headline is particularly misleading, since location data often (even mostly?) comes from WiFi too. The idea that turning off GPS would disable location data isn't how location data works.
Side note: I’ve opted out of giving Google my location on the web but when I search they still use my “approximate location” based on my IP and past searches. Trackers gonna track I guess.
Even more concerning where the apps, like AT&t's and Fidelity, that do it just to make the money by reselling the data, not to show ads.
I use an android phone but just don't use any other google services - no search, no gmail, no default apps. I do most browsing in tor-browser, so google ads won't correlate with me.
I think the issue is the patents with the hardware needs to run out, but by then 6G or 7G will be out and you'll have the same problem. Anything with DMA that isn't closed source cannot be trusted. I'll die on that hill.
Even with projects like PinePhone, the best they can do is a privacy switch that turns off the modem. It's just not good enough to take it seriously.
While this is a large surface in rural areas and older technologies, it's not the same in urban/newer technologies. It could easily be associated with a given building.
To protect our location, it would need something akin to a mobile proxy that would relay the communication but to my knowledge, there are no such things for mobile communications. And this is not really secure, it's just outsourcing security to another entity which may be be compromised.
(I am quite rusty, but I was a telecom engineer)
Dead Comment
I’d probably get one as well, but who else would?
I'm just guessing it just doesn't make financial sense to develop one.
Deleted Comment