site banner

Small-Scale Question Sunday for July 23, 2023

Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?

This is your opportunity to ask questions. No question too simple or too silly.

Culture war topics are accepted, and proposals for a better intro post are appreciated.

3
Jump in the discussion.

No email address required.

Can anyone recommend a write up or presentation on the various kinds of cellular phone location information that gets collected and who collects it? For example a cellular company clearly collects some information about your location (since they know which towers you can connect to) but I have no idea how accurate this (does your phone share it’s gos location with your carrier or are they just inferring location based on the cells you are attached to) is and it isn’t clear to me what if they are allowed to sell this to marketers. Also wondering where private companies (such as those referred to but not actually named here https://www.wired.com/story/fbi-purchase-location-data-wray-senate/ ) even collect this kind of data. Is this a case of some game that someone installs on their phone hoovering this information up or are there some other bigger harder to opt out of sources (such as your cellular phone company).

It's... complicated. There are several different categories of information, available through different means and at different levels of anonymization.

  • Cell tower location data, which identifies where your specific SIM card (or eSIM) and cell phone IMEI was, based on the cell signal returns to a specific tower or towers. This information is not especially precise in general -- there are certain situations where the triangulation works just perfectly or a specific tower covers only a tiny area (especially common for subway or convention center towers) that can be a couple hundred meters, but it's usually only good for five hundred meters, sometimes not even that. This is stored by your cellular provider. Historically, it could be provided to police in the United States on a mere request, but Carpenter v. United States in 2018 largely blew that apart, and now requires a warrant (or... uh, parallel construction). Standards in other countries vary. As a matter of law, cell phone providers are supposed to have enough information to connect the SIM data to a specific person who purchased the account (IMEIs are less controlled by law, though in practice they also are usually tied to a seller).

  • Cell signal interceptors (aka StingRays), which operate by spoofing a conventional cell tower for smaller areas, again tying to the SIM (or eSIM) and IMEI. Law enforcement have testified these can be accurate down to six feet, but law enforcement will testify to a lot, and the antenna and location matters a bunch. There's probably at least academic versions that can get within that range consistently, and might be commercial ones, based on more complicated antenna technologies, but it's not clear whether they've been commercially deployed. In this case, whoever operated the StingRay has the data immediately. It's... very far from clear what the legal environment for these things are.

  • Cell phone GPS location data. On iPhone, "find my iphone", on Android, "find my device". This takes the GPS (or, on newer phones, GPS data fused with magnetic, imu, and mapped wifi) on your phone and uploads it to centralized servers at Apple or Google. This is more accurate outdoors and in horizontal space (theoretically within a few feet) than indoors or in vertical space, but it's very precise. Update rate is usually tied to movement. Carpenter /probably/ requires a warrant for police to ask for it, but I don't think the specific question has risen yet. It's also (supposed to be) possible to turn this off on the phone itself, depending on how much you trust Apple or Google. This ties directly to your Apple or Google account, which will have your name and phone number and usually address as a matter of practice.

  • "Advertising Information". The same location services that provide cell phone GPS location data can be accessed by other software on the phone, including user-installed software and sometimes even web browser ads, who can then store the data wherever they want. Anyone selling ads can do it, and they can store the data in any location they want. Location quality varies; apps that are running in the background can send updates with similar levels of fidelity to the official location services, but stuff that gets backgrounded can end up only updating during someone's leisure or workplace time, and some people won't have anything going up at all. In theory, this stuff is supposed to be anonymized -- each user is converted into an "Advertising ID" that's not supposed to be individually identifiable, and should be mixed into groups before buyers can use it to tie an advertising ID to an individual -- but practice varies. You, personally, can buy city-wide scales of this data today; it's usually a couple thousand dollars. It's not clear what the legal status post-Carpenter is, especially since the sellers can probably individually identify a large portion of their database.

  • Wifi data. If you go near a ground Wifi site, you'll expose your MAC Address to it. It's possible (and sometimes easy) to spoof the MAC address, and probably no one has a database of who owns what MAC address, but it's at least theoretically possible. Not very accurate, only tied to the specific access point you're connecting to (or for corporate-run access points, their auth gateway), most devices won't save this at all.

Regarding wifi, another thing your phone leaks wherever it encounters an access point is "do you happen to serve such and such network" in plaintext, all the time Wifi is enabled, on the off chance the access point is part of a campus network where many access points provide the same network. The phone cannot know what bssid to look for so it has to ask. This is all plaintext and can be captured with the aircrack-ng suite and can fingerprint and possibly identify who the phone belongs to. You can probably learn the school, workplace, gym, cafe, etc, that the phone's owner goes to.

That said the last time I tried this was years ago, I'd be happy to learn this was fixed in more recent years.

Wifi data. If you go near a ground Wifi site, you'll expose your MAC Address to it. It's possible (and sometimes easy) to spoof the MAC address, and probably no one has a database of who owns what MAC address, but it's at least theoretically possible. Not very accurate, only tied to the specific access point you're connecting to (or for corporate-run access points, their auth gateway), most devices won't save this at all.

At least on Android your phone randomizes its MAC when communicating with a hotspot.

Yeah, Android 10+ made that a default on behavior, and iOS 14 did the same. I think both defaults to persisting the same MAC address per-network SSID, though, so there's still some potential for tracking depending on your level of paranoia.