The Care19 Contact Tracing App Gives Your Location Data to Foursquare

· Andrew Orr · Link

Image of person holding phone

Care19, a contact tracing app used by North and South Dakota, violates its own privacy policy. Notably, the creator of the app, ProudCrowd, made sure that location data from the app is shared with Foursquare, although it claims it’s not used for commercial purposes. It’s a violation of its privacy policy because users are told their location data is private:

This location data is private to you and is stored securely on ProudCrowd, LLC servers. It will not be shared with anyone including government entities or third parties, unless you consent or ProudCrowd is compelled under federal regulations.

Tile: Apple’s Anticompetitive Behavior Has Gotten Worse

· Andrew Orr · Link

Logo of tile

On Wednesday, Tile told a congressional panel that Apple didn’t live up to its promises to resolve a dispute between the two companies.

Tile had objected to Apple requiring its users to repeatedly agree to allow Tile to operate in the background, which is crucial to Tile’s service…Tile also said that there were indications that Apple planned to update its Find My product, adding hardware, so it would be a competitor to Tile.

Those are Tile’s two arguments. One – They’re mad that Apple cracked down on apps collecting location data in the background. No sympathy there from me. Two – Apple allegedly plans to compete with Tile with its own hardware Bluetooth device, rumored “AirTag.” Tile is acting as if Apple specifically aimed its location crackdown at them, to set itself up for AirTag, but I’m not sure if that’s right. Tile certainly wasn’t the only one doing that.

U.S. Government Wants to Track Coronavirus Spread With Location Data

· Andrew Orr · Link

Image of person holding phone

The U.S. government is in talks with Facebook, Google, and others to use location data to track the spread of the coronavirus.

Public-health experts are interested in the possibility that private-sector companies could compile the data in anonymous, aggregated form, which they could then use to map the spread of the infection, according to three people familiar with the effort, who requested anonymity because the project is in its early stages.

On the surface, it’s for good intentions (They always seem good on the surface). But we know that in certain situations, data can be de-anonymized. Some questions: How will they use this data? How effective would this be? Will the government keep the database afterward? My initial thought is that I have no problem with medical experts and scientists doing this. But I have no faith in this current administration, or faith in companies like Facebook and Google. What if they created an app to collect this data? That way it’s optional. And please passwordprotect the server.

FCC Unsure Whether to Punish Carriers for Selling Location Data

· Andrew Orr · Link

Two years ago we found out that US carriers were selling real-time location data of its customers. The FCC has wrapped up its investigation, and maybe it will punish the carriers…or maybe not. Who knows? Chairman Ajit Pai doesn’t.

Pai’s statement went on: “Accordingly, in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s). We are unable to provide additional information about any pending enforcement action(s) beyond what is stated in the letter.”

If that seems unusual vague: that “one or more” mobile operators “apparently violated” the law by selling location data, you’re not the only one.

Location is One of The Big Factors in Advertising

· Andrew Orr · Link

Location symbol on a map.

Jennifer Jolly wrote an article wondering if Siri was spying on her because she began to see ads in Spanish after her husband began speaking Spanish at home, within “earshot” of her iPad. The answer is, of course, no. In her buried lede she tells us that she had just moved to a predominantly Spanish-speaking part of Oakland California. It seems reasonable to me that you would see Spanish ads in a Spanish area. Although I’m sure the device’s language is a factor. We did have news last year that contractors listened to some snippets of Siri recordings, but that was to improve the service and not sell ads. Meanwhile, if you turn on Limit Ad Tracking in Settings, your advertising identifier is zeroed. After that, location becomes one of the big factors in advertising.

And Apple says it engineers its devices to protect user privacy. When it comes to Siri, which is integrated in nearly every Apple device, the assistant is designed to activate only after the wake word (“Hey, Siri”) or a waking action is completed, Apple says.

NYT Reporters Used a Leaked Location Database to Track the President

· Andrew Orr · Link

Image of person holding phone

I don’t think it’s hyperbole to call this piece “explosive”, “stunning” et cetera. Reporters at the New York Times found a database of location data containing “50 billion location pings from the phones of more than 12 million Americans.” These Americans included two Secret Service agents (and by extension the President), a Department of Defense official, CIA agents leaving for home, and much more. The article is a nightmare to browse because it’s one of their interactive ones, but it’s still worth the read.

The data reviewed by Times Opinion didn’t come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps.

Apple, Amazon, and the Quest for Device Location

· Andrew Orr · Link

Location symbol on a map.

This article is a great example of false equivalence. By including both Apple and Amazon and writing about each company’s efforts with location technology, the reader is led to believe that we have to worry about both companies. But of course, that isn’t true. Apple has much better privacy practices, while Amazon barely knows the word.

It could be that with the privacy-focused techlash of recent years, both are treading carefully in the launch stages. Just look at how Amazon’s acquisition of mesh networking company eero was received earlier this year or the widespread interest in Huawei’s level of involvement with 5G networks. Location tracking in particular is currently the focus of much more granular controls in iOS 13 and Android 10 than ever before.

Review: Take Breadcrumb Next Time You Camp or Hike

· Andrew Orr · Quick Look Review

Breadcrumb is a tracking device that you can carry with you when you go camping or hiking, or place it with an item you won’t want to lose.

Spotify Wants to Track Your Location so Friends Don't Use a Family Plan

· Andrew Orr · Link

Spotify logo

In more location tracking news today, Spotify wants to track yours because non-family members sometimes use Family Plans *gasp!*.

“The changes to the policy allow Spotify to arbitrarily use the location of an individual to ascertain if they continue to reside at the same address when using a family account, and it’s unclear how often Spotify will query users’ devices for this information,” said Christopher Weatherhead, technology lead for UK watchdog group Privacy International, adding that there are “worrying privacy implications.”

iOS 13 Forced Facebook to Admit it Collects Your Location Data

· Andrew Orr · Link

Facebook logo

Yes, I know how shocked you are folks. As it turns out, Facebook lied about yet another thing: It totally collects your location data, and admitted that fact itself in a blog post.

For years the antisocial media giant has claimed it doesn’t track your location, insisting to suspicious reporters and privacy advocates that its addicts “have full control over their data,” and that it does not gather or sell that data unless those users agree to it.

Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”

You may have missed the critical part amid the glowing testimony so we’ll repeat it: “… use precise location even when you’re not using the app…”

Quote from a TMO reader: “Hoping that FB will somehow become secure is as much magical thinking as expecting a wild pig to perform the role Juliet for Bolshoi.”

Some Companies Don't Like iOS 13 Location Privacy Feature

· Andrew Orr · Link

App developers wrote a letter to Apple saying how much they don’t like iOS 13 location privacy rules, accusing the company of anti-competitive behavior.

We understand that there were certain developers, specifically messaging apps, that were using this as a backdoor to collect user data. While we agree loopholes like this should be closed, the current Apple plan to remove [access to the internet voice feature] will have unintended consequences: it will effectively shut down apps that have a valid need for real-time location.

The letter was signed by Tile CEO CJ Prober; Arity (Allstate) president Gary Hallgren; CEO of Life360, Chris Hullsan; CEO of dating app Happn, Didier Rappaport; CEO of Zenly (Snap), Antoine Martin; CEO of Zendrive, Jonathan Matus; and chief strategy officer of social networking app Twenty, Jared Allgood.

A helpful list of all the apps I’ll never download. I hope Apple does more when it comes to privacy.

iOS 13 Has an Important Bluetooth Privacy Feature

· Andrew Orr · Link

Bluetooth icon

Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).

Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.

iOS 13 Will Prevent Location Tracking via SSID, BSSID

· Andrew Orr · Link

Location symbol on a map.

During Apple’s WWDC 2019 developer session 713 titled, “Advances in Networking” revealed that iOS 13 will stop location tracking using your device’s SSID/BSSID using the CNCopyCurrentNetworkInfo API. Developers have reported getting an email from Apple that says:

Starting with iOS 13, the CNCopyCurrentNetworkInfo API will no longer return valid Wi-Fi SSID and BSSID information. Instead, the information returned by default will be:

SSID: “Wi-Fi” or “WLAN” (“WLAN” will be returned for the China SKU) BSSID: “00:00:00:00:00:00”

This vpnMentor Tool Tells You What Data Companies Collect From You

· Andrew Orr · Cool Stuff Found

A recent study by online security experts vpnMentor has delved through the various privacy policies of some of the most popular applications, to discover how they’re really tracking our every move. The company also created a tool that tells you all of the data different companies collect from you. For example, apps like Tinder continue to track your location even when you’re not using the app; Facebook and Instagram track your location and save your home address and your most frequently visited locations. Both Facebook, LinkedIn & Instagram use the information you share on their messaging services, while Twitter and Spotify openly state they have access to any messages sent on their platforms. Device Information – Google and Amazon keep hold of voice recordings from searches and Alexa, while Apple Music tracks phone calls and emails sent and received on the devices the service is used on.

This vpnMentor Tool Tells You What Data Companies Collect From You

iPhones Aren’t Safe From Google’s Sensorvault Database

· Andrew Orr · Link

Google has a database called Sensorvault. It contains location data of users and shares it with law enforcement—if they have a warrant, of course. Apple honors lawful requests as well. But Jennifer Valentino-DeVries wonders whether the database is too broad.

Google would not provide details on Sensorvault, but Aaron Edens, an intelligence analyst with the sheriff’s office in San Mateo County, Calif., who has examined data from hundreds of phones, said most Android devices and some iPhones he had seen had this data available from Google…

“It shows the whole pattern of life,” said Mark Bruley, the deputy police chief in Brooklyn Park, Minn., where investigators have been using the technique since this fall. “That’s the game changer for law enforcement.”

More T-Mobile Location Data Abuses

· Andrew Orr · News

In response to a letter from Senator Ron Wyden, T-Mobile has come forth with more location data abuses by third parties.

No, Apple Doesn't Keep a Location List to Track You

· Andrew Orr · Link

Paige Leskin’s article about location tracking is a bit misleading. She mentions that Apple keeps a detailed location list of every place you’ve visited. Which is false, because Apple doesn’t know anything about your location. Your iPhone does though, but that data doesn’t get sent to Apple unless you specifically opt in to send analytics to Apple. This is more than semantics, because your data staying on your iPhone is the foundation of Apple’s privacy stance. If you go to Settings > General > Privacy > Location Services, you can tap on the blue text at the top that says “About Location Services & Privacy.” This section clearly states “This data is encrypted and stored only on your device and will not be shared without your consent.” And if you did consent to share it with Apple, you’re probably not worried.

Apple tracks and stores where you’ve been and how often (and when) you visit. But it gets even more detailed than that: Your iPhone compiles locations specific to a single address and tracks when you leave there and even how long it took to get there and by which mode of transportation.