Catholic Publication Used Location Data Against a Priest

Catholic media publication The Pillar used location data from gay dating app Grindr to track the movements of a priest, then publicly outed him for “improper behavior.”

It wasn’t clear who had collected the information about Burrill. USCCB spokespeople declined to answer questions Tuesday about what it knew about the information-gathering and what its leadership feels about it, except to say the USCCB wasn’t involved. They also declined to comment on whether they knew if Burrill’s alleged actions were tracked on a private or church-owned phone.

This is a good example of how our data can be used against us, and not just by advertisers.

Secret Service Purchased ‘Location X’ Product to Track Phones

A Secret Service document reveals the purchase of “Location X” a product that uses location data harvested from apps. The product is from a company called Babel Street. If that name sounds familiar it’s because two employees left the company to form “Anomaly Six” another location tracking company.

“The purpose of this modification is to add 1 licenses [sic] to CLIN 0003 and incorporate the Master Subscription Agreement and Locate X Addendum as attached,” the contract document reads. Motherboard obtained the document through a Freedom of Information Act (FOIA) request.

How the ‘Untappd’ Beer App Was Used to Track Military, CIA Movements

Researchers were able to use beer rating app Untappd to track the location history of military and CIA personnel.

Examples of users that can be tracked this way include a U.S. drone pilot, along with a list of both domestic and overseas military bases he has visited, a naval officer, who checked in at the beach next to Guantanamo’s bay detention center as well as several times at the Pentagon, and a senior intelligence officer with over seven thousand check-ins, domestic and abroad. Senior officials at the U.S. Department of Defense and the U.S. Air Force are included as well.

Not even the CIA is safe against the data industrial complex.

The Care19 Contact Tracing App Gives Your Location Data to Foursquare

Care19, a contact tracing app used by North and South Dakota, violates its own privacy policy. Notably, the creator of the app, ProudCrowd, made sure that location data from the app is shared with Foursquare, although it claims it’s not used for commercial purposes. It’s a violation of its privacy policy because users are told their location data is private:

This location data is private to you and is stored securely on ProudCrowd, LLC servers. It will not be shared with anyone including government entities or third parties, unless you consent or ProudCrowd is compelled under federal regulations.

Tile: Apple’s Anticompetitive Behavior Has Gotten Worse

On Wednesday, Tile told a congressional panel that Apple didn’t live up to its promises to resolve a dispute between the two companies.

Tile had objected to Apple requiring its users to repeatedly agree to allow Tile to operate in the background, which is crucial to Tile’s service…Tile also said that there were indications that Apple planned to update its Find My product, adding hardware, so it would be a competitor to Tile.

Those are Tile’s two arguments. One – They’re mad that Apple cracked down on apps collecting location data in the background. No sympathy there from me. Two – Apple allegedly plans to compete with Tile with its own hardware Bluetooth device, rumored “AirTag.” Tile is acting as if Apple specifically aimed its location crackdown at them, to set itself up for AirTag, but I’m not sure if that’s right. Tile certainly wasn’t the only one doing that.

U.S. Government Wants to Track Coronavirus Spread With Location Data

The U.S. government is in talks with Facebook, Google, and others to use location data to track the spread of the coronavirus.

Public-health experts are interested in the possibility that private-sector companies could compile the data in anonymous, aggregated form, which they could then use to map the spread of the infection, according to three people familiar with the effort, who requested anonymity because the project is in its early stages.

On the surface, it’s for good intentions (They always seem good on the surface). But we know that in certain situations, data can be de-anonymized. Some questions: How will they use this data? How effective would this be? Will the government keep the database afterward? My initial thought is that I have no problem with medical experts and scientists doing this. But I have no faith in this current administration, or faith in companies like Facebook and Google. What if they created an app to collect this data? That way it’s optional. And please passwordprotect the server.

FCC Unsure Whether to Punish Carriers for Selling Location Data

Two years ago we found out that US carriers were selling real-time location data of its customers. The FCC has wrapped up its investigation, and maybe it will punish the carriers…or maybe not. Who knows? Chairman Ajit Pai doesn’t.

Pai’s statement went on: “Accordingly, in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s). We are unable to provide additional information about any pending enforcement action(s) beyond what is stated in the letter.”

If that seems unusual vague: that “one or more” mobile operators “apparently violated” the law by selling location data, you’re not the only one.

Location is One of The Big Factors in Advertising

Jennifer Jolly wrote an article wondering if Siri was spying on her because she began to see ads in Spanish after her husband began speaking Spanish at home, within “earshot” of her iPad. The answer is, of course, no. In her buried lede she tells us that she had just moved to a predominantly Spanish-speaking part of Oakland California. It seems reasonable to me that you would see Spanish ads in a Spanish area. Although I’m sure the device’s language is a factor. We did have news last year that contractors listened to some snippets of Siri recordings, but that was to improve the service and not sell ads. Meanwhile, if you turn on Limit Ad Tracking in Settings, your advertising identifier is zeroed. After that, location becomes one of the big factors in advertising.

And Apple says it engineers its devices to protect user privacy. When it comes to Siri, which is integrated in nearly every Apple device, the assistant is designed to activate only after the wake word (“Hey, Siri”) or a waking action is completed, Apple says.

NYT Reporters Used a Leaked Location Database to Track the President

I don’t think it’s hyperbole to call this piece “explosive”, “stunning” et cetera. Reporters at the New York Times found a database of location data containing “50 billion location pings from the phones of more than 12 million Americans.” These Americans included two Secret Service agents (and by extension the President), a Department of Defense official, CIA agents leaving for home, and much more. The article is a nightmare to browse because it’s one of their interactive ones, but it’s still worth the read.

The data reviewed by Times Opinion didn’t come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps.

Apple, Amazon, and the Quest for Device Location

This article is a great example of false equivalence. By including both Apple and Amazon and writing about each company’s efforts with location technology, the reader is led to believe that we have to worry about both companies. But of course, that isn’t true. Apple has much better privacy practices, while Amazon barely knows the word.

It could be that with the privacy-focused techlash of recent years, both are treading carefully in the launch stages. Just look at how Amazon’s acquisition of mesh networking company eero was received earlier this year or the widespread interest in Huawei’s level of involvement with 5G networks. Location tracking in particular is currently the focus of much more granular controls in iOS 13 and Android 10 than ever before.

Spotify Wants to Track Your Location so Friends Don't Use a Family Plan

In more location tracking news today, Spotify wants to track yours because non-family members sometimes use Family Plans *gasp!*.

“The changes to the policy allow Spotify to arbitrarily use the location of an individual to ascertain if they continue to reside at the same address when using a family account, and it’s unclear how often Spotify will query users’ devices for this information,” said Christopher Weatherhead, technology lead for UK watchdog group Privacy International, adding that there are “worrying privacy implications.”

iOS 13 Forced Facebook to Admit it Collects Your Location Data

Yes, I know how shocked you are folks. As it turns out, Facebook lied about yet another thing: It totally collects your location data, and admitted that fact itself in a blog post.

For years the antisocial media giant has claimed it doesn’t track your location, insisting to suspicious reporters and privacy advocates that its addicts “have full control over their data,” and that it does not gather or sell that data unless those users agree to it.

Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”

You may have missed the critical part amid the glowing testimony so we’ll repeat it: “… use precise location even when you’re not using the app…”

Quote from a TMO reader: “Hoping that FB will somehow become secure is as much magical thinking as expecting a wild pig to perform the role Juliet for Bolshoi.”

Some Companies Don't Like iOS 13 Location Privacy Feature

App developers wrote a letter to Apple saying how much they don’t like iOS 13 location privacy rules, accusing the company of anti-competitive behavior.

We understand that there were certain developers, specifically messaging apps, that were using this as a backdoor to collect user data. While we agree loopholes like this should be closed, the current Apple plan to remove [access to the internet voice feature] will have unintended consequences: it will effectively shut down apps that have a valid need for real-time location.

The letter was signed by Tile CEO CJ Prober; Arity (Allstate) president Gary Hallgren; CEO of Life360, Chris Hullsan; CEO of dating app Happn, Didier Rappaport; CEO of Zenly (Snap), Antoine Martin; CEO of Zendrive, Jonathan Matus; and chief strategy officer of social networking app Twenty, Jared Allgood.

A helpful list of all the apps I’ll never download. I hope Apple does more when it comes to privacy.

iOS 13 Has an Important Bluetooth Privacy Feature

Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).

Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.

iOS 13 Will Prevent Location Tracking via SSID, BSSID

During Apple’s WWDC 2019 developer session 713 titled, “Advances in Networking” revealed that iOS 13 will stop location tracking using your device’s SSID/BSSID using the CNCopyCurrentNetworkInfo API. Developers have reported getting an email from Apple that says:

Starting with iOS 13, the CNCopyCurrentNetworkInfo API will no longer return valid Wi-Fi SSID and BSSID information. Instead, the information returned by default will be:

SSID: “Wi-Fi” or “WLAN” (“WLAN” will be returned for the China SKU) BSSID: “00:00:00:00:00:00”