In more location tracking news today, Spotify wants to track yours because non-family members sometimes use Family Plans *gasp!*.
“The changes to the policy allow Spotify to arbitrarily use the location of an individual to ascertain if they continue to reside at the same address when using a family account, and it’s unclear how often Spotify will query users’ devices for this information,” said Christopher Weatherhead, technology lead for UK watchdog group Privacy International, adding that there are “worrying privacy implications.”
Yes, I know how shocked you are folks. As it turns out, Facebook lied about yet another thing: It totally collects your location data, and admitted that fact itself in a blog post.
For years the antisocial media giant has claimed it doesn’t track your location, insisting to suspicious reporters and privacy advocates that its addicts “have full control over their data,” and that it does not gather or sell that data unless those users agree to it.
Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”
You may have missed the critical part amid the glowing testimony so we’ll repeat it: “… use precise location even when you’re not using the app…”
Quote from a TMO reader: “Hoping that FB will somehow become secure is as much magical thinking as expecting a wild pig to perform the role Juliet for Bolshoi.”
App developers wrote a letter to Apple saying how much they don’t like iOS 13 location privacy rules, accusing the company of anti-competitive behavior.
We understand that there were certain developers, specifically messaging apps, that were using this as a backdoor to collect user data. While we agree loopholes like this should be closed, the current Apple plan to remove [access to the internet voice feature] will have unintended consequences: it will effectively shut down apps that have a valid need for real-time location.
The letter was signed by Tile CEO CJ Prober; Arity (Allstate) president Gary Hallgren; CEO of Life360, Chris Hullsan; CEO of dating app Happn, Didier Rappaport; CEO of Zenly (Snap), Antoine Martin; CEO of Zendrive, Jonathan Matus; and chief strategy officer of social networking app Twenty, Jared Allgood.
A helpful list of all the apps I’ll never download. I hope Apple does more when it comes to privacy.
Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).
Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.
During Apple’s WWDC 2019 developer session 713 titled, “Advances in Networking” revealed that iOS 13 will stop location tracking using your device’s SSID/BSSID using the CNCopyCurrentNetworkInfo API. Developers have reported getting an email from Apple that says:
Starting with iOS 13, the CNCopyCurrentNetworkInfo API will no longer return valid Wi-Fi SSID and BSSID information. Instead, the information returned by default will be:
SSID: “Wi-Fi” or “WLAN” (“WLAN” will be returned for the China SKU) BSSID: “00:00:00:00:00:00”
A new app called Who’s in Town gives your Instagram followers an interactive map of every place you’ve ever been.
A recent study by online security experts vpnMentor has delved through the various privacy policies of some of the most popular applications, to discover how they’re really tracking our every move. The company also created a tool that tells you all of the data different companies collect from you. For example, apps like Tinder continue to track your location even when you’re not using the app; Facebook and Instagram track your location and save your home address and your most frequently visited locations. Both Facebook, LinkedIn & Instagram use the information you share on their messaging services, while Twitter and Spotify openly state they have access to any messages sent on their platforms. Device Information – Google and Amazon keep hold of voice recordings from searches and Alexa, while Apple Music tracks phone calls and emails sent and received on the devices the service is used on.
Google has a database called Sensorvault. It contains location data of users and shares it with law enforcement—if they have a warrant, of course. Apple honors lawful requests as well. But Jennifer Valentino-DeVries wonders whether the database is too broad.
Google would not provide details on Sensorvault, but Aaron Edens, an intelligence analyst with the sheriff’s office in San Mateo County, Calif., who has examined data from hundreds of phones, said most Android devices and some iPhones he had seen had this data available from Google…
“It shows the whole pattern of life,” said Mark Bruley, the deputy police chief in Brooklyn Park, Minn., where investigators have been using the technique since this fall. “That’s the game changer for law enforcement.”
In response to a letter from Senator Ron Wyden, T-Mobile has come forth with more location data abuses by third parties.
Paige Leskin’s article about location tracking is a bit misleading. She mentions that Apple keeps a detailed location list of every place you’ve visited. Which is false, because Apple doesn’t know anything about your location. Your iPhone does though, but that data doesn’t get sent to Apple unless you specifically opt in to send analytics to Apple. This is more than semantics, because your data staying on your iPhone is the foundation of Apple’s privacy stance. If you go to Settings > General > Privacy > Location Services, you can tap on the blue text at the top that says “About Location Services & Privacy.” This section clearly states “This data is encrypted and stored only on your device and will not be shared without your consent.” And if you did consent to share it with Apple, you’re probably not worried.
Apple tracks and stores where you’ve been and how often (and when) you visit. But it gets even more detailed than that: Your iPhone compiles locations specific to a single address and tracks when you leave there and even how long it took to get there and by which mode of transportation.
5G will be a major upgrade to cellular networks. But since this technology requires more cell towers than 4G, it will make location tracking more precise (paywall).
5G signals in the U.S. will have a very short range and won’t easily go through buildings. This means there need to be many more cell towers. The main way that a cellphone tells where you are—as opposed to a website or an app—is, which tower are you talking to. Today’s towers have a radius of about a mile. If the new towers cover a much smaller area, it means that they know much more precisely where you are.
There’s more to the bounty hunter location data story that Motherboard reported on earlier this month. One of the data brokers involved was Zumigo.
The carriers had already promised to stop selling customer location data back in June 2018. But a recent investigation showed they kept going.
AT&T, Sprint, and T-Mobile sell access to customers’ location data. As an experiment, Joseph Cox paid a bounty hunter to locate a phone, and it worked.
The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.
The technology apparently works on all mobile networks, but there was some issue with Verizon. Shady practices like this are why we need an American GDPR, as well as a better FCC.
Thasos Group recently captured user location data around a Tesla factory, created a map of it, and sold it to its hedge fund clients.
Andrew Orr and Dave Hamilton join Jeff Gamet to discuss Apple’s released—and now pulled—iOS 12 developer beta 7, plus they look at how Google tracks you even when you think they aren’t.
In the wrong hands, many technologies can be dangerous. But some technology makes it easy to be dangerous.
To whom and for what purpose? Everything from preventing credit card fraud to providing roadside assistance…or surveillance.
Guess what? Your iPhone isn’t the only device you have that monitors where you go in order to make suggestions in Maps and Calendar—your Mac does it too. If that doesn’t give you a warm and fuzzy feeling, come read this Quick Tip! We’ll tell you how to disable it or remove old saved locations.