Track locationanchored
The biggest threat to privacy from cell phones – even though they are often completely invisible – is the way they reveal your whereabouts all day (and all night) through the signals they emit. There are at least four ways an individual phone's location can be tracked by others.
- Towers mobile signal tracking
- Mobile signal tracking from cell site simulators
- Wi-Fi- en Bluetooth-tracking
- Location information leaks from apps and internet browsing
Cellular Signal Tracking — Towersanchored
In all modern mobile networks, the operator can calculate the location of a particular subscriber's phone every time the phone is turned on and registered on the network. The ability to do this is due to the way the mobile network is constructed and is commonly referred to as triangulation.
One way the operator can do this is by observing the signal strength that different cell towers sense from a particular subscriber's cell phone, and then calculating where that cell phone needs to be located to take these observations into account. This is done with Angle of Arrival measurements or AoA. The accuracy with which the operator can determine a subscriber's location varies depending on many factors, including the technology the operator uses and the number of cell towers in an area. Typically, the operator can reach a distance of ¾ mile or 1 km with at least 3 cell towers. For modern mobile phones and networkstrilaterationis also used. It is mainly used where the "locationInfo-r10" function is supported. This function returns a report with the exact GPS coordinates of the phone.
There is no way to hide from this type of tracking as long as your cell phone is turned on, has a registered SIM card, and is sending signals to a carrier's network. While typically only the wireless carrier itself can perform this type of tracking, a government can force the carrier to release location data about a user (in real time or as historical data). In 2010, a German privacy lawyer named Malte Spitz used privacy laws to get his mobile operator to release his data; he chose to publish them as an educational tool so that other people could understand how mobile operators can monitor users in this way. (You can visitherto see what the operator knew about him.) The possibility of government access to this kind of data is not theoretical: it is already widely used by law enforcement agencies in countries like the United States.
Another related form of government request is called a tower dump; In this case, a government asks a mobile operator for a list of all mobile devices that were present in a given area at a given time. This can be used to investigate a crime or find out who was present at a particular protest.
- The Ukrainian government reportedly used a tower dump for this purpose in 2014 to compile a list of all the people whose cellphones were present at an anti-government protest.
- In Carpenter v. United States, the Supreme Court ruled that obtaining Historical Cell Site Location Information (CSLI), which includes the physical location of cell phones without a search warrant, violates the Fourth Amendment.
Carriers also exchange data with each other about the location from which a device is currently connecting. This data is often slightly less accurate than tracking data that aggregates observations from multiple towers, but can still be used as the basis for services that track an individual device - including commercial services that query these records to find out where an individual phone is currently connecting. to the mobile network and make the results available to public or private customers. (ThatWashingtonpost reported(on how easily available this tracking information has become.) Unlike previous tracking methods, this tracking does not involve forcing carriers to hand over user data; instead, this technique uses location data that has been made available on a commercial basis.
Cellular Signal Tracking - Cell Site Simulatoranchored
A government or other technically advanced organization can also collect location data directly, for example with a mobile location simulator (a portable fake phone tower that pretends to be a real one, to 'capture' the mobile phones of certain users and detect their mobile phones) . spying on their physical presence and/or their communications, also known as aIMSI-catcheror stingray). IMSI refers to the International Mobile Subscriber Identity number that identifies a particular subscriber's SIM card, although an IMSI catcher can also target a device using other characteristics of the device.
The IMSI catcher must be taken to a specific location to locate or monitor devices at that location. It should be noted that interception of IMSI traffic by law enforcement would meet the parameters of a warrant. However, a “rogue” CSS (not created by law enforcement) would operate outside these legal parameters.
Currently, there is no reliable defense against all IMSI catchers. (Some apps claim to detect their presence, but this detection is not perfect.) On devices that allow this,it may be useful to disable 2G support(so the device can only connect to 3G and 4G networks) and to disable roaming if you don't expect to travel outside your home carrier's service area. In addition, it can be useful to use encrypted messages such as Signal, WhatsApp or iMessage to ensure that the content of your communication cannot be intercepted. These measures can provide protection against certain types of IMSI catchers.
Wi-Fi- en Bluetooth-trackinganchored
Modern smartphones have other radio transmitters in addition to the mobile network interface. They also usually have Wi-Fi and Bluetooth support. These signals are transmitted with less power than a cellular signal and can usually only be received within a short range (such as in the same room or building), although a person using an advanced antenna could detect these signals from unexpectedly long distances; during a 2007 demonstration, an expert in Venezuela received a Wi-Fi signal at a distance of 382 km or 237 miles in rural conditions with little radio interference. But this scenario with such a wide reach is unlikely. Both types of wireless signals contain a unique serial number for the device, called a MAC address, which can be seen by anyone who can receive the signal.
When Wi-Fi is enabled, a typical smartphone occasionally sends out "probe requests" that include the MAC address and allow others nearby to recognize the presence of that specific device. Bluetooth devices do something similar. These identifiers have traditionally been valuable tools for passive trackers in stores and coffee shops to collect data on how devices and people move around the world. In recent updates to iOS and Android, the MAC address in test requests is programmatically random by default, making this type of tracking much more difficult. Because MAC randomization is software-based,it is fallible and the default MAC address can be leaked. Also some Android devicesMAC randomization may not be implemented correctly(PDF-download).
Although modern phones tend to randomize the addresses they share in research requests, many phones still share a stable MAC address with networks they actually connect to, such as sharing a connection with wireless headphones. This means that network operators can recognize certain devices over time and see if you are the same person who previously joined the network (even if you don't type your name or email address anywhere or log into services).
A number of operating systems are moving towards randomized MAC addresses on WiFi. This is a complex problem because many systems have a legitimate need for a stable MAC address. For example, if you log into a hotel network, your authorization is tracked via your MAC address; when you get a new MAC address, the network sees your device as a new device. iOS 14 has per-network settings,”Private MAC-address."
Location information leaks from apps and internet browsinganchored
Modern smartphones allow the phone to determine its own location, often using GPS and sometimes using other services provided by location companies (which usually ask the company to guess the phone's location based on a list of cell towers and/or Wi-Fi). Fi networks that the phone uses). phone can see where it came from). This is wrapped in a feature that both Apple and Google call “Location Services.” Apps can ask your phone for this location data and use it to provide location-based services, such as maps that show your location on the map. The newer consent model has been updated so that applications request to use location. However, some applications can be more aggressive than others and require the use of GPS or the combination of location services.
Some of these apps then transmit your location over the network to a service provider, which in turn provides a way for the application and third parties they may share with to track you. (The app developers may not be motivated by a desire to track users, but they may still be given the opportunity to do so, and they could ultimately release location information about their users to governments or avoid a data breach cause.) Some smartphones give you some form of control over whether apps can track your physical location; a good privacy practice is to try to limit which apps can see this information and at the very least ensure that your location is only shared with apps that you trust and that have a good reason to know where you are.
In both cases, location tracking isn't just about finding where someone is at that moment, like in a thrilling chase scene in a movie where cops chase someone through the streets. It can also involve answering questions about people's historical activities, as well as their beliefs, participation in events and personal relationships. For example, location tracking can be used to find out whether certain people are in a romantic relationship, to find out who attended a certain meeting or who was at a certain protest, or to try to identify a journalist's confidential source.
OfWashingtonpostreported in December 2013 on NSA location tracking tools that collect vast amounts of information "about where cell phones are located around the world," primarily by tapping into phone company infrastructure to observe which towers specific phones connect to, and when they phones connect to this. towers. A tool called CO-TRAVELER uses this data to find relationships between the movements of different people (to find out which people's devices appear to be traveling together, and whether one person appears to be following the other).
Behavioral data collection and mobile advertising identificationanchored
In addition to the location data collected by some apps and websites, many apps share information about more basic interactions, such as app installs, openings, usage, and other activities. This information is often shared with dozens of third-party companies in the advertising ecosystem, powered by real-time bidding (RTB). Despite the mundane nature of the individual data points, together these behavioral data can still be very revealing.
Ad tech companies convince app developers to install snippets of code in the Software Development Kit documentation (SDK) to serve ads in their apps. These pieces of code collect data about how each user interacts with the app and then share that data with the third-party tracking company. The tracker can then share this information with dozens of other advertisers, ad service providers and data brokers in a millisecond RTB auction.
This data becomes meaningful thanks to the Mobile Ad ID, or MAID, a unique random number that identifies a single device. Each packet of information shared during an RTB auction is usually associated with a MAID. Advertisers and data brokers can use MAID to aggregate data collected from many different apps to build a profile of how each MAID-identified user behaves. MAIDs themselves do not encode any information about a user's real identity. However, it is often trivial for data brokers or advertisers to link a MAID to a real identity, for example by collecting a name or email address from an app.
Mobile advertising IDs are built into both Android and iOS, as well as a number of other devices such as gaming consoles, tablets and TV set-top boxes. On Android, every app and any third parties installed within those apps have access to MAID by default. Furthermore, there is absolutely no way to disable MAID on an Android device: the best a user can do is "reset" the ID and replace it with a new random number. In the latest version of iOS, apps will finally have to ask for permission before collecting and using the phone's mobile advertising ID. However, it remains unclear whether users are aware of how many third parties may be involved if they agree to give a seemingly innocent app access to their information.
Behavioral data collected through mobile apps is primarily used by advertising companies and data brokers, usually to conduct behavioral targeting for commercial or political advertising. But governments have been known to reduce surveillance by private companies.
More information about browser tracking:What are fingerprints?
