In a day and age where everyone is walking around carrying a portable GPS/supercomputer in their pockets, it should be of no surprise that location data can help track you at almost any given point in the day.
But while this may be semi-expected, one way in which people may not know they’re offering up information is through photographs.
Such was the topic of a new BBC report, which delved into exactly how much information people are offering up with their photo metadata – the digital “fingerprint” that’s attached to every digital photo you take.
Metadata became a national issue when comparisons of two photographs of former President Trump at Walter Reed Medical Center were scrutinized closely to try and determine whether they were staged or not, BBC notes. Metadata also led to authorities being able to detain John McAfee in 2012, after a photograph’s location data revealed he was in Guatemala at the time.
This data “automatically and parasitically burrows itself into every photo you take,” BBC notes. And while it’s not impossible to get rid of, most people don’t even realize that it’s there before widely sharing their photographs on social media. And while some platforms remove sensitive information, like where a photo was taken, others don’t.
The tool has become useful for police investigations, who often use it to place criminals at a scene. But the data can clearly be a slippery slope and be used for nefarious purposes, as well.
Android handsets and iPhones share data with their respective companies on average every 4½ minutes, with data being sent back even when idle in a pocket or handbag, according to a new academic study.
The Trinity College Dublin research has raised fresh privacy concerns about smartphones, with the research claiming there was little difference between Apple and Google when it came to collecting certain data.
The study, which was published by Prof Doug Leith at Trinity’s Connect Centre, claimed iPhones offered no greater privacy than Google devices.
However, the study noted that Google handsets collected “a notably larger volume of handset data than Apple” with 1MB of data being sent from idle Google Pixel handsets every 12 hours, compared with 52KB sent from the iPhone.
Among the data potentially sent back by the handsets were the insertion of a SIM and handset details such as the hardware serial number, IMEI, Wifi MAC address and the phone number.
Cell phones are convenient devices, handily connecting us with loved ones, paying bills, accessing information—and treacherously reporting on our every move. Worse, even after the Supreme Court weighed in, many government agencies still insist that they have the right to pull up that tracking data to see our whereabouts. It’s increasingly apparent that, if you have your phone in your pocket, you may as well have a GPS beacon strapped to your ankle. If you want anonymity from the government, leave the gadget at home.
That point was illustrated in the wake of the Capitol riot, when the authorities pulled cell phone records to see who was present.
“In the hours and days after the Capitol riot, the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people who were identified at the crime scene,” The Intercept reported this week. “Investigators have also relied on data ‘dumps’ from cellphone towers in the area to provide a map of who was there, allowing them to trace call records — but not content — from the phones.”
The data collected by people’s phones and the apps they use, often compiled by marketing firms, is amazingly detailed. An individual “outraged by the events of Jan. 6” supplied data on participants in the day’s events to The New York Times, whose writers were thoroughly creeped out by the information.
“While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance,” Charlie Warzel and Stuart A. Thompson wrote.
Marketing databases have become a favorite resource for government agencies, which purchase the information as an attempted end-run around Fourth Amendment protections. The theory has been that, since the data is “voluntarily” provided to a third party there’s no privacy from the government required.
A damning new WSJ report says a small U.S. government contractor embedded software in over 500 apps, tracking millions of people worldwide.
A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents reviewed by The Wall Street Journal.
Anomaly Six LLC is the company in question, apparently boasting in marketing material that it was “able to draw location data from more than 500 mobile applications” from its own software development kit, embedded directly in some apps:
Anomaly Six says it embeds its own SDK in some apps, and in other cases gets location data from other partners.
The report says Anomaly Six is a federal contractor that provides global location data “to branches of the U.S. government and private-sector clients”. It told WSJ that it restricts the sale of U.S. mobile phone movement data only to the private sector, however.
If you’re using an Android device—or in some cases an iPhone—the Telegram messenger app makes it easy for hackers to find your precise location when you enable a feature that allows users who are geographically close to you to connect. The researcher who discovered the disclosure vulnerability and privately reported it to Telegram developers said they have no plans to fix it.
The problem stems from a feature called People Nearby. By default, it’s turned off. When users enable it, their geographic distance is shown to other people who have it turned on and are in (or are spoofing) the same geographic region. When People Nearby is used as designed, it’s a useful feature with few if any privacy concerns. After all, a notification that someone is 1 kilometer or 600 meters away still leaves stalkers guessing where, precisely, you are.
Stalking made simple
Independent researcher Ahmed Hassan, however, has shown how the feature can be abused to divulge exactly where you are. Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location.