This community should be talking about meshcore more imho.
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
Meshtastic has terrible defaults (every node rebroadcasts everything, every node sends telemetry), which makes sense in the backwoods but not anywhere close to civilisation.
"and notify the user when such attempts are made to their device."
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
euhm, well. 112 programmer here. There are multiple levels. Cell tower triangulation come in automatically from providers. But they are only in tower numbers. They might be wrongly entered by engineers, hence the confirming question about where you are. Second is subscription information, as in registered address. Chances are if called from nearby your address, you are at your address. Next is a text to your phone number, which is intercepted by firmware and sends gps coords back. This can be turned off, since implementation.
American carriers have a different protocol than the EU. The EU (and probably EU derived networks) uses a """secret""" SMS format that's opt-in, but the 911 system works differently.
The 911 feature can be activated fully remotely, the 112 feature is supposed to only activate when dialing an emergency number.
Not by users. The new thing is that Apple allows users to disable this feature. Hopefully they still detect emergency calls on the phone and enable it unconditionally for those.
Note sure:
In my country exactly this feature is used by police & state enforcement to find locatin, because this "ping" message is not forwarded from the modem to the OS, so the OS is not aware of any of these messages
yeah, there always was. It's a service code, like getting your imei. But it was a weird long one, and manufacturer dependent. Now UI switches are created for it apparantly. Can't find it anywhere on the internet though. I don't work there anymore, so can't look it up.
From the comments, it appears many are not aware that even the US government buys location data of users from data brokers - How the Federal Government Buys Our Cell Phone Location Data - https://www.eff.org/deeplinks/2022/06/how-federal-government... ... Apparently, US cell phone companies are one of the providers of this data - US cell carriers are selling access to your real-time phone location data - https://news.ycombinator.com/item?id=17081684 ...
We really have a societal problem in that we allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
>
allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
<
Somehow this reminds me about Blackwater / Xe Technologies? :-/
(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)
> We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
Thats basically the foundational idealogy of the united states. Thats not the issue.
The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.
I'm aware it's intentional on the government's end. My point is it is not intentional by the original intentions, and should be a priority for people to advocate to fix.
>We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.
>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.
Your cell phone provider does not constitute "drinking buddy". The fact that, in essence, everyone is being surveilled location wise all the time by these providers is reason enough to restrict the activity.
> The poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move. DRINKING BUDDY IS WATCHING YOU.
> 'Does Drinking Buddy exist?'
'Of course he exists. The Party exists. Drinking Buddy is the embodiment of the Party.'
'Does he exist like you or me?'
'You do not exist', said O'Brien.
> Oceanic society rests ultimately on the belief that Drinking Buddy is omnipotent and that the Party is infallible. But since in reality Drinking Buddy is not omnipotent and the party is not infallible, there is need for an unwearying, moment-to-moment flexibility in the treatment of facts.
>Your cell phone provider does not constitute "drinking buddy".
You're right, it should be even more scandalous for the government to get information out of my drinking buddy, because the information I told him was in confidence, and he promised he wouldn't tell anyone. My cell phone provider, on the other hand, clearly says in their ToS who they'll share data with and in what circumstances.
A non-exhaustive list that has, time and time and time and time and time and time and time and time again, to downplay the grossly cavalier approach they take to the "privacy" of your location data.
They value it alright. At several dollars per person.
And what many are saying is that the phone provider should not be allowed to be so free with your data in the ToS. In the same way that your landlord can’t add a slavery clause to your lease.
Why not vote for some law limiting the government’s buying of this data? After all, I expect a say in how the government is run, so that seems like the appropriate path. I don’t see why I should expect a say in how AT&T is run. AT&T can’t raise an army, or enter my house, or shoot me.
How exactly do I vote for such a law? We do not have a direct democracy, and I'm not aware of any viable political candidates that have this sort of thing as a part of their platform.
It isn’t restricted to Boost Mobile. It is only available on devices with the C1 or C1X modem, though. I assume this is because of specifics with the third party modems that most models in the wild have vs what Apple is doing in-house with their C1(X). If you call emergency services it will still provide precise location.
But they still can track the cellular connection and do triangulation from that, no?
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
None of this should be happening without the user's knowledge and consent. Swap out your phone carrier for Facebook and it should be plainly obvious why the current state of affairs is undesirable.
I think this feature is required for emergency calls if your specific carrier is not available/in reach - in emergency mode after the phone is restarted, it does connect to any carrier when calling 911, not only yours?
The cell network routinely does TDoA triangulation in order to help choose which tower should serve the client mobile device. Accuracy is about 20m, and may be better at 5G frequencies. 911 gets the location from the mobile network provider, but the network provider could provide it to anyone, and they do.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
Using LTE Timing Advance feature, especially on 5G, accuracy can be much higher.
https://5g-tools.com/5g-nr-timing-advance-ta-distance-calcul... shows an example of the parameters necessary. I don't think you can get your smartphone to dump those stats for you, but the granularity of the individual distance measurement is in the tens of centimeters.
Of course this strongly depends on cell infrastructure being placed precisely, continuously updating correction factors, and a bunch of antennae being around the target to get measurements for, but in most cities that isn't much of a challenge if the operator is working together with whoever wants to spy on citizens.
The phone could literally pop up a consent alert asking whether to respond to a GPS ping request from the carrier. Or just not honor the pings at all unless you dialed 911 within the last hour.
This is a specific service inside the phone that looks for messages from the carrier requesting a GPS position, it could just refuse, or lie. It's not the same as cell tower triangulation.
The article does not explain in detail how all this works. But educated guess is that if a baseband SoC provides this information, that's it. The phone operating system (iOS, Android) does not get a chance to decide what to do, since baseband soc is a sort of autonomous computer, it has its own firmware, cpu and ram.
You might not be able to fix this in the OS alone, but phone manufacturers are responsible for the whole phone. The baseband doesn't need to behave that way.
Phone detects that you call emergency service and enables gps.
Last time I called 911 (well, it's 112 in my country) my android phone asked if I want to provide gps coordinates. I did, but they still asked for address, so probably this is not integrated/used everywhere.
Carrier* Android and iOS both integrate with RapidSOS UNITE. RapidSOS then processes the rich emergency information from the user's device (enhanced location, videos and photos, etc), and is available to the 911 dispatcher in their dispatch software. 99.99% of Americans are covered by RapidSOS integrations in their municipalities.
How that works is simple: there are regulations that force that the microphone used for calling is directly connected to the "baseband", which is under control of the carrier. It has to be, because of AT&T's argument: ONE misbehaving baseband can make cell phones inoperable in an area that's up to a kilometer in diameter. So AT&T's cell towers "need" to be able to send out a signal that permanently disables a phone's transmitter.
Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)
By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.
And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.
Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...
Here is an article about baseband and baseband processors.
> Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
This is simply not true.
Source: I own a phone where this is not the case. Many Linux phones internally attach their wireless devices via USB, so there is good separation.
Also many upscale phones have decoupled the baseband from things that were once connected to it, as an attempt to improve security. (On iOS for instance the main CPU controls wifi.)
My provider knows who I call, who I text, which websites I browse, my bank account number, my home address, my rough location, which countries I visited for holiday and through DTMF they can even sense which buttons I press on my handset.
One of the reasons I use iPhones is that Apple controls an integrated hardware/software experience, which makes it less likely that private information is being leaked despite the presence of privacy controls.
I wouldn’t be so confident. The article even references this. Apple has used third-party baseband devices in the iPhone since the beginning, which was from other manufacturers. All bets are off regarding security when this is the case. This does included microphone access.
The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.
There is a pretty large chasm between "When you explicit (or accidentally) use the siri functionality, it can record the interaction for quality purposes and per the agreement you made share that will Apple or its agents" and "random third parties can engage hardware functionality without your knowledge and spy on you".
I am entirely, 100% certain that my telco can't just enable the microphone on my iPhone and record me, short of some 0-day exploit. I simply cannot make that bet on many other devices.
Apple is not as lazy as anyone else, don't believe the hype.
That assertion is a bit overblown. And people can easily find out it's overblown with a bit of research.
But at the same time, my whole philosophy is never let it touch any network connected device at all if it is critical. I don't care if it's an Apple device.
Here's reality, mobile carriers have been able to get your location from nearly the inception of mass market mobile phone use. I'm not sure anyone really believed their location was somehow secret and not discoverable. If you're using the phone or internet networks, you're not anonymous. Full stop.
Forget whatever anyone told you about your VPN, or whatever other anonymization/privacy machine that Mr McBean is selling Sneetches these days. Assume everyone is tracked, and some are even watched. Therefore everything you do or say with your devices should be considered content that is posted publicly with an uncertain release date.
So what irked that since my brand-new iPhone uses a Qualcomm “modem chip” (god, the slide of terminology makes my skin crawl) I won’t have access to this feature.
I’d imagine that the carrier will agree not to use any data they do receive for anything but a handful of purposes, but I suppose that depends on the extent of the technical solution.
I don't believe there is a way to intentionally break this system, nor to detect with 100% certainty that it's happening.
You'd need to run an open source baseband modem with settings and logs in all the right places. I don't think those exist.
Someone might be able to exploit the Linux kernel running on Qualcomm modems and build a tool for rooted Android phones after reverse engineering the baseband, but I imagine a lot of copyright lawyers and probably law enforcement people will send you very scary letters if you document remote location tracking features like these.
Also, if you have any 4G or 5G modem, your carrier already has a pretty good idea where you are. They probably log your location too. The advanced precision and timing information necessary for high speed cellular broadband is enough to get a decent location log. That also includes other connected devices such as cars, of course.
They don't need to get your GPS location. With 4G and 5G the timing and clock precision at the basestations is enough to multi-laterate you down to about 50m (prior 3G/2G stuff was more like 100-200 meters). They are required by US law to store this multi-laterated position data track (updated every time your phone announces itself to basestations) for 2 years. But most telcos store it for more like 5+ years because it's valueable and they sell it.
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
> The limit precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.
it should be my choice to decide if I want my privacy to be infringed upon in the name of safety. It should not be up to the carrier, or the manufacturer, or first responders or any level of government to make that decision for me.
Which emergency can happen that I really want this? And now don't say suicide attempt.
Nearby all emergencies that could happen where someone needs my exact position are things that would additionally lead to a loss of the base connection or a switched off smart phone.
I've wondered if they can also find you by what wifi or Bluetooth devices are around. Odds are one or more humans nearby has their GPS on. Your device can snitch on what's around or those other devices snitch on you.
Google recorded wifi names and locations as a "bycatch" when taking streetview pictures from 2007 upto 2010. They still collect such data on Android devices if the user consents or ignores the option to say "no" … :-0
Certain devices (especially tablets) don't have GPS or various sensors integrated and still can tell you your approximate location, if WiFi is enabled.
I've thought that too... especially Bluetooth. I know it's possible with
Wi-Fi signal strength.
Is it a coincidence most smartphone manufacturers were suddenly all on board with removing the 3.5mm jack and forced Bluetooth?
A mesh network of sorts like Amazon is doing with Ring.
I even sometimes forget to save my battery and turn Bluetooth off when I'm not using my earbuds. It's probably a false sense of security having it disabled because I'm sure it's doing something in the background anyways. I can't say for sure though.
Kind of like years ago with Google getting caught with the whole location data thing.
I'm sure the average Joe doesn't care if Bluetooth is enabled 24/7.
I try and not be on the tin foil bandwagon, but every once and a while I come across things that make you go hmmm...
And at the end of the day if the location is a hundred meters off... it might still not matter because it's how you frame it with other evidence beyond a reasonable doubt.
Even the article mentions this.
> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.
I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.
There actually should be a push for an EU-wide legislation banning this kind of silent, precise location data collection. If anything, Germany is obsessed with Datenschutz but in many cases it's just laughable security theater.
Anyone happen to know what the arguments were from those who supported that bill?
Here's a summary. In late 2016 the FCC passed a rule that:
(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services,
(2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information,
(3) adopts data security and breach notification requirements,
(4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and
(5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
The bill, introduced early in 2017, nullifies that rule.
It passed the Senate 50-48, then the House of Representatives 215-205, and was signed by Trump.
The 52 Republicans in the Senate voted 50 yes, 0 no, 2 not voting. The 47 Democrats, along with the 1 independent, voted no.
In the House the 236 Republicans voted 215 yes, 15 no, 6 not voting. The 190 Democrats all voted no.
Phones haven't always had GPS information and they could still be tracked, if you connect to enough towers they can triangulate your location. Cell towers have been able to do this based on your signal strength for a very long time and you cant turn it off. You don't even have to have a SIM card, if the cell radio is on it pings towers period, this is why a phone even without service can dial 911 and it will work. The IMEI of your phone is unique and cell towers can track it, the government has used this and there is no way to disable it. Its not as accurate as GPS but it can be good enough to figure out a route you take and general location
> But this is not the whole truth, because cellular standards have built-in protocols that make your device silently send GNSS (i.e. GPS, GLONASS, Galileo, BeiDou) location to the carrier.
No, please read the article. No one is saying carriers cant triangulate but carriers shouldn't be able to query the gps on my device and get precise GNSS data.
> Apple made a good step in iOS 26.3 to limit at least one vector of mass surveillance, enabled by having full control of the modem silicon and firmware. They must now allow users to disable GNSS location responses to mobile carriers, and notify the user when such attempts are made to their device.
They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.
And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.
Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.
Why would they? It's basic privacy no? Just because I want to pay money to carrier to provide me with data and phone service, I shouldn't have to give up my location from my device. I expect them to know my approximate location from cell tower data.
Generally I'd not expect them actively triangulate my exact location, but I'd realise that's at least possible - but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
> but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
Where does the article claim this turns on the GPS if off?
This community should be talking about meshcore more imho.
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
Great for small networks. Once bad actors find it, it will be attacked. See gnutella as the case study on unsupervised peer to peer networks
I just read gnutella page on Wikipedia, no mention of bad actors
It is surprising that these networks aren't more popular. There are still many places and situation where connectivity isn't available
Because they're terrible and fall apart if more than a few score people are on the same freqency at the same time.
I’ve been wondering this for a while and maybe someone has a clue.
Based on the very “bursty” nature of LoRA, how much does an adversary need to spend to radiolocate it? What’s the threat model there?
$20? These networks do not try to hide your location and triangulating known frequencies is trivial.
Meshcore and -tastic have the huge problem that the encryption keys are bound to the device and not the app.
I've been using the T-Deck Pro and T-Lora Pager, so the device is the app.
Is it open source?
What, protocol? Basic apps? Yes.
Why Meshcore over Meshtastic?
There’s lots of YouTube videos about this but basically: you can specify routing.
Meshtastic has terrible defaults (every node rebroadcasts everything, every node sends telemetry), which makes sense in the backwoods but not anywhere close to civilisation.
"and notify the user when such attempts are made to their device."
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
euhm, well. 112 programmer here. There are multiple levels. Cell tower triangulation come in automatically from providers. But they are only in tower numbers. They might be wrongly entered by engineers, hence the confirming question about where you are. Second is subscription information, as in registered address. Chances are if called from nearby your address, you are at your address. Next is a text to your phone number, which is intercepted by firmware and sends gps coords back. This can be turned off, since implementation.
American carriers have a different protocol than the EU. The EU (and probably EU derived networks) uses a """secret""" SMS format that's opt-in, but the 911 system works differently.
The 911 feature can be activated fully remotely, the 112 feature is supposed to only activate when dialing an emergency number.
> This can be turned off, since implementation.
Not by users. The new thing is that Apple allows users to disable this feature. Hopefully they still detect emergency calls on the phone and enable it unconditionally for those.
Note sure: In my country exactly this feature is used by police & state enforcement to find locatin, because this "ping" message is not forwarded from the modem to the OS, so the OS is not aware of any of these messages
I believe they're talking about this feature (https://support.google.com/android/answer/9319337?sjid=18079...).
This is a system you can disable as a user, but it's not the on-modem feature discussed in the article.
yeah, there always was. It's a service code, like getting your imei. But it was a weird long one, and manufacturer dependent. Now UI switches are created for it apparantly. Can't find it anywhere on the internet though. I don't work there anymore, so can't look it up.
From the comments, it appears many are not aware that even the US government buys location data of users from data brokers - How the Federal Government Buys Our Cell Phone Location Data - https://www.eff.org/deeplinks/2022/06/how-federal-government... ... Apparently, US cell phone companies are one of the providers of this data - US cell carriers are selling access to your real-time phone location data - https://news.ycombinator.com/item?id=17081684 ...
We really have a societal problem in that we allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
> allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes. <
Somehow this reminds me about Blackwater / Xe Technologies? :-/
(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)
> We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
Thats basically the foundational idealogy of the united states. Thats not the issue.
The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.
It's a loophole, but it's willful by design on the government's part. The book "Means of Control" by Byron Tau covers this in great depth.
It's so much worse than even those of us who are moderately interested in mass surveillance know.
I'm aware it's intentional on the government's end. My point is it is not intentional by the original intentions, and should be a priority for people to advocate to fix.
>We really have a societal problem in that we allow private entities to do things we don’t allow government to do.
It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.
>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.
Your cell phone provider does not constitute "drinking buddy". The fact that, in essence, everyone is being surveilled location wise all the time by these providers is reason enough to restrict the activity.
> The poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move. DRINKING BUDDY IS WATCHING YOU.
> 'Does Drinking Buddy exist?' 'Of course he exists. The Party exists. Drinking Buddy is the embodiment of the Party.' 'Does he exist like you or me?' 'You do not exist', said O'Brien.
> Oceanic society rests ultimately on the belief that Drinking Buddy is omnipotent and that the Party is infallible. But since in reality Drinking Buddy is not omnipotent and the party is not infallible, there is need for an unwearying, moment-to-moment flexibility in the treatment of facts.
>Your cell phone provider does not constitute "drinking buddy".
You're right, it should be even more scandalous for the government to get information out of my drinking buddy, because the information I told him was in confidence, and he promised he wouldn't tell anyone. My cell phone provider, on the other hand, clearly says in their ToS who they'll share data with and in what circumstances.
A non-exhaustive list that has, time and time and time and time and time and time and time and time again, to downplay the grossly cavalier approach they take to the "privacy" of your location data.
They value it alright. At several dollars per person.
And the ToS probably has a clause that says "we can alter the deal any time we want and you should pray we don't alter it further".
"who they'll share data with and in what circumstances"
Anyone who offers them money?
And what many are saying is that the phone provider should not be allowed to be so free with your data in the ToS. In the same way that your landlord can’t add a slavery clause to your lease.
Why not vote for some law limiting the government’s buying of this data? After all, I expect a say in how the government is run, so that seems like the appropriate path. I don’t see why I should expect a say in how AT&T is run. AT&T can’t raise an army, or enter my house, or shoot me.
How exactly do I vote for such a law? We do not have a direct democracy, and I'm not aware of any viable political candidates that have this sort of thing as a part of their platform.
In some states you do.
https://ballotpedia.org/States_with_initiative_or_referendum
You didn't purchase your lawmakers, the companies profiting from the bad laws did.
This is why they get their laws passed.
What you need iPhone Air, iPhone 16e, or iPad Pro (M5) Wi-Fi + Cellular iOS 26.3 or later
A supported carrier: Germany: Telekom United Kingdom: EE, BT United States: Boost Mobile Thailand: AIS, True
Turn limit precise location on or off
Open Settings, then tap Cellular.
Tap Cellular Data Options.
If you have more than one phone number under SIMs, tap one of your lines.
Scroll down to Limit Precise Location.
Turn the setting on or off. You might be prompted to restart your device.
Kinda funny that the most secure phone setup in the US is an iPhone Air on Boost Mobile. Who could have predicted that!
It isn’t restricted to Boost Mobile. It is only available on devices with the C1 or C1X modem, though. I assume this is because of specifics with the third party modems that most models in the wild have vs what Apple is doing in-house with their C1(X). If you call emergency services it will still provide precise location.
>It isn’t restricted to Boost Mobile.
Why does it list specific carriers, then?
Apple doc: https://support.apple.com/en-us/126101
Only Boost Mobile in the U.S. Weird. About 7.5M subscribers. Maybe it requires 5G? Wonder if it works when roaming?
https://en.wikipedia.org/wiki/Boost_Mobile
https://en.wikipedia.org/wiki/List_of_mobile_network_operato...
https://en.wikipedia.org/wiki/5G_NR
AFAIK, other than maybe some 5G, Boost Mobile just resells service from AT&T.
But they still can track the cellular connection and do triangulation from that, no?
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
Emergency services (with the proper software) have been able to get your precise location from your phone for a while now.
This isn’t a new capability and shouldn’t be surprising.
None of this should be happening without the user's knowledge and consent. Swap out your phone carrier for Facebook and it should be plainly obvious why the current state of affairs is undesirable.
I think this feature is required for emergency calls if your specific carrier is not available/in reach - in emergency mode after the phone is restarted, it does connect to any carrier when calling 911, not only yours?
What is it’s a mentally ill person who is about to kill themself?
That’s the majority of uses for the system in the UK. People love to run away and waste police time.
That’s not a good excuse for mass privacy violation.
You know about it because your regulatory body requires the system exist.
And it’s typically disclosed in one way or another.
Between buying a phone and reading the OS EULA to providing an E911 address to my carrier, I can count at least three disclosures of this feature.
Nothing is secret or magic here.
Surely that only happens when the phone user dials 911 ?
The cell network routinely does TDoA triangulation in order to help choose which tower should serve the client mobile device. Accuracy is about 20m, and may be better at 5G frequencies. 911 gets the location from the mobile network provider, but the network provider could provide it to anyone, and they do.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
https://www.wired.com/story/jeffrey-epstein-island-visitors-...
Using LTE Timing Advance feature, especially on 5G, accuracy can be much higher.
https://5g-tools.com/5g-nr-timing-advance-ta-distance-calcul... shows an example of the parameters necessary. I don't think you can get your smartphone to dump those stats for you, but the granularity of the individual distance measurement is in the tens of centimeters.
Of course this strongly depends on cell infrastructure being placed precisely, continuously updating correction factors, and a bunch of antennae being around the target to get measurements for, but in most cities that isn't much of a challenge if the operator is working together with whoever wants to spy on citizens.
How would that work?
The phone could literally pop up a consent alert asking whether to respond to a GPS ping request from the carrier. Or just not honor the pings at all unless you dialed 911 within the last hour.
This is a specific service inside the phone that looks for messages from the carrier requesting a GPS position, it could just refuse, or lie. It's not the same as cell tower triangulation.
The article does not explain in detail how all this works. But educated guess is that if a baseband SoC provides this information, that's it. The phone operating system (iOS, Android) does not get a chance to decide what to do, since baseband soc is a sort of autonomous computer, it has its own firmware, cpu and ram.
You might not be able to fix this in the OS alone, but phone manufacturers are responsible for the whole phone. The baseband doesn't need to behave that way.
Well, yes. But autonomous is acting in accordance with one's duty (a law) rather than one's desires.
That’s not happening today. I meant how is it happening today, such that it can only ever happen when you dial 911?
Phone detects that you call emergency service and enables gps.
Last time I called 911 (well, it's 112 in my country) my android phone asked if I want to provide gps coordinates. I did, but they still asked for address, so probably this is not integrated/used everywhere.
They may also ask simply to confirm the location is correct and to help responders more quickly locate you in the vicinity.
Send the GPS location only when dialling a 3-digit number? Phones probably know which numbers are emergency numbers
A phone knows if it’s dialing 911. It can activate features on this criteria
It already exists. Emergency call is spec-defined.
Carrier* Android and iOS both integrate with RapidSOS UNITE. RapidSOS then processes the rich emergency information from the user's device (enhanced location, videos and photos, etc), and is available to the 911 dispatcher in their dispatch software. 99.99% of Americans are covered by RapidSOS integrations in their municipalities.
https://rapidsos.com/public-safety/unite/
When the call comes in they can click a button and query RapidSOS for current 911 calls for that number and pull the information inwards.
https://www.baycominc.com/hubfs/2025%20Website%20Update/Prod...
What if I told you that carriers can also activate your phone's microphone without your knowledge and listen in on your surroundings?
What if I told you there are phones out there with hardware kill switches to physically cut power to microphones, cameras, and GPS?
I would ask for your source
How that works is simple: there are regulations that force that the microphone used for calling is directly connected to the "baseband", which is under control of the carrier. It has to be, because of AT&T's argument: ONE misbehaving baseband can make cell phones inoperable in an area that's up to a kilometer in diameter. So AT&T's cell towers "need" to be able to send out a signal that permanently disables a phone's transmitter.
Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)
By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.
And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.
Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...
Here is an article about baseband and baseband processors.
https://www.extremetech.com/computing/170874-the-secret-seco...
> Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).
This is simply not true.
Source: I own a phone where this is not the case. Many Linux phones internally attach their wireless devices via USB, so there is good separation.
Also many upscale phones have decoupled the baseband from things that were once connected to it, as an attempt to improve security. (On iOS for instance the main CPU controls wifi.)
Please provide links to the relevant regulations from an actual government website such as eCFR in the US (https://www.ecfr.gov/)
That's a homework assignment, not a citation.
My provider knows who I call, who I text, which websites I browse, my bank account number, my home address, my rough location, which countries I visited for holiday and through DTMF they can even sense which buttons I press on my handset.
One of the reasons I use iPhones is that Apple controls an integrated hardware/software experience, which makes it less likely that private information is being leaked despite the presence of privacy controls.
I wouldn’t be so confident. The article even references this. Apple has used third-party baseband devices in the iPhone since the beginning, which was from other manufacturers. All bets are off regarding security when this is the case. This does included microphone access.
The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.
Patents is why it took them so long.
I empathize with the sentiment, but in reality Apple is as lazy as anyone else: https://www.technologyreview.com/2019/07/29/134008/apple-con...
There is a pretty large chasm between "When you explicit (or accidentally) use the siri functionality, it can record the interaction for quality purposes and per the agreement you made share that will Apple or its agents" and "random third parties can engage hardware functionality without your knowledge and spy on you".
I am entirely, 100% certain that my telco can't just enable the microphone on my iPhone and record me, short of some 0-day exploit. I simply cannot make that bet on many other devices.
Apple is not as lazy as anyone else, don't believe the hype.
That assertion is a bit overblown. And people can easily find out it's overblown with a bit of research.
But at the same time, my whole philosophy is never let it touch any network connected device at all if it is critical. I don't care if it's an Apple device.
Here's reality, mobile carriers have been able to get your location from nearly the inception of mass market mobile phone use. I'm not sure anyone really believed their location was somehow secret and not discoverable. If you're using the phone or internet networks, you're not anonymous. Full stop.
Forget whatever anyone told you about your VPN, or whatever other anonymization/privacy machine that Mr McBean is selling Sneetches these days. Assume everyone is tracked, and some are even watched. Therefore everything you do or say with your devices should be considered content that is posted publicly with an uncertain release date.
what about Graphene?
At this point I would be mildly surprised.
I would not believe you until you provided actual evidence.
Why, do you think it's the sort of thing you're likely to say?
So what irked that since my brand-new iPhone uses a Qualcomm “modem chip” (god, the slide of terminology makes my skin crawl) I won’t have access to this feature.
I'd be curious about alternatives like lte/5g hotspots, maybe even a DIY versions using hats or modules.
Anyone know why apple specifies this feature requires a supported carrier? Why would the carrier matter?
I’d imagine that the carrier will agree not to use any data they do receive for anything but a handful of purposes, but I suppose that depends on the extent of the technical solution.
What are the alternative steps that we can take in Android? How to check if it is happening?
I don't believe there is a way to intentionally break this system, nor to detect with 100% certainty that it's happening.
You'd need to run an open source baseband modem with settings and logs in all the right places. I don't think those exist.
Someone might be able to exploit the Linux kernel running on Qualcomm modems and build a tool for rooted Android phones after reverse engineering the baseband, but I imagine a lot of copyright lawyers and probably law enforcement people will send you very scary letters if you document remote location tracking features like these.
Also, if you have any 4G or 5G modem, your carrier already has a pretty good idea where you are. They probably log your location too. The advanced precision and timing information necessary for high speed cellular broadband is enough to get a decent location log. That also includes other connected devices such as cars, of course.
You can probably trivially shield the GPS with an aluminium foil sticker once you know where the antenna is. The GPS sgnal is very weak.
I think the GPS antenna is either omnidirectional or very nearly so., since my phone can get location in many orientations.
So I don't think a single foil sticker would make much difference.
They can also just use math on their connection logs.
That would almost certainly not get anywhere near the accuracy of a GPS location.
They don't need to get your GPS location. With 4G and 5G the timing and clock precision at the basestations is enough to multi-laterate you down to about 50m (prior 3G/2G stuff was more like 100-200 meters). They are required by US law to store this multi-laterated position data track (updated every time your phone announces itself to basestations) for 2 years. But most telcos store it for more like 5+ years because it's valueable and they sell it.
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
Removing this ability also prevents emergency services from determining device location in case its owner goes missing.
No
> The limit precise location setting doesn't impact the precision of the location data that is shared with emergency responders during an emergency call.
https://support.apple.com/en-us/126101
it should be my choice to decide if I want my privacy to be infringed upon in the name of safety. It should not be up to the carrier, or the manufacturer, or first responders or any level of government to make that decision for me.
Can't this can be done in a less invasive way by whitelisting the emergency numbers and putting an extra button somewhere that sends the location?
Well yes. People have gone missing since there were people on Earth.
The fact that something has some good side effects does not make it good or even reasonable.
No? If the device is connected to a cell, they can still triangulate it just like normal.
In an emergency you might really want GPS precision.
Which emergency can happen that I really want this? And now don't say suicide attempt. Nearby all emergencies that could happen where someone needs my exact position are things that would additionally lead to a loss of the base connection or a switched off smart phone.
Cell tower triangulation does not provide the same precision as GPS.
And this is how they’re able to track all of us, they’re triggering our fear response to give up our civil liberties.
Do they really need it? They can likely triangulate you without GPS regardless.
Cell tower triangulation does not provide the same precision as GPS.
What makes you think cell tower triangulation is the only data point being exploited to minimize position error?
I've wondered if they can also find you by what wifi or Bluetooth devices are around. Odds are one or more humans nearby has their GPS on. Your device can snitch on what's around or those other devices snitch on you.
Google recorded wifi names and locations as a "bycatch" when taking streetview pictures from 2007 upto 2010. They still collect such data on Android devices if the user consents or ignores the option to say "no" … :-0
Certain devices (especially tablets) don't have GPS or various sensors integrated and still can tell you your approximate location, if WiFi is enabled.
I've thought that too... especially Bluetooth. I know it's possible with Wi-Fi signal strength.
Is it a coincidence most smartphone manufacturers were suddenly all on board with removing the 3.5mm jack and forced Bluetooth? A mesh network of sorts like Amazon is doing with Ring. I even sometimes forget to save my battery and turn Bluetooth off when I'm not using my earbuds. It's probably a false sense of security having it disabled because I'm sure it's doing something in the background anyways. I can't say for sure though. Kind of like years ago with Google getting caught with the whole location data thing. I'm sure the average Joe doesn't care if Bluetooth is enabled 24/7.
I try and not be on the tin foil bandwagon, but every once and a while I come across things that make you go hmmm...
What magical technology do you think would beat GPS?
Who said anything about beating GPS or other functionally equivalent GNSS?
I am not sure that we are in the same conversation. I misinterpreted your reply to my comment as having something to do with it.
And at the end of the day if the location is a hundred meters off... it might still not matter because it's how you frame it with other evidence beyond a reasonable doubt.
Even the article mentions this.
> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.
I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.
I did not argue for or against collection of GPS data.
There actually should be a push for an EU-wide legislation banning this kind of silent, precise location data collection. If anything, Germany is obsessed with Datenschutz but in many cases it's just laughable security theater.
None of this matters. Your rights were taken away buy the corrupt ghouls supposedly "representing" you.
2017 Broadband Consumer Privacy Proposal
https://www.congress.gov/bill/115th-congress/senate-joint-re...
Anyone happen to know what the arguments were from those who supported that bill?
Here's a summary. In late 2016 the FCC passed a rule that:
(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services,
(2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information,
(3) adopts data security and breach notification requirements,
(4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and
(5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
The bill, introduced early in 2017, nullifies that rule.
It passed the Senate 50-48, then the House of Representatives 215-205, and was signed by Trump.
The 52 Republicans in the Senate voted 50 yes, 0 no, 2 not voting. The 47 Democrats, along with the 1 independent, voted no.
In the House the 236 Republicans voted 215 yes, 15 no, 6 not voting. The 190 Democrats all voted no.
Phones haven't always had GPS information and they could still be tracked, if you connect to enough towers they can triangulate your location. Cell towers have been able to do this based on your signal strength for a very long time and you cant turn it off. You don't even have to have a SIM card, if the cell radio is on it pings towers period, this is why a phone even without service can dial 911 and it will work. The IMEI of your phone is unique and cell towers can track it, the government has used this and there is no way to disable it. Its not as accurate as GPS but it can be good enough to figure out a route you take and general location
https://www.rfwireless-world.com/terminology/cellular-tower-...
The article is not about cell tower triangulation
FTA:
> But this is not the whole truth, because cellular standards have built-in protocols that make your device silently send GNSS (i.e. GPS, GLONASS, Galileo, BeiDou) location to the carrier.
In other news, the sky is up
How is this news?
Why wouldn't carriers be able to ask your phone about what it thinks its location is?
No, please read the article. No one is saying carriers cant triangulate but carriers shouldn't be able to query the gps on my device and get precise GNSS data.
> Apple made a good step in iOS 26.3 to limit at least one vector of mass surveillance, enabled by having full control of the modem silicon and firmware. They must now allow users to disable GNSS location responses to mobile carriers, and notify the user when such attempts are made to their device.
I did read the article fine, thanks for asking.
The crux of the argument seems to come from this
> It’s worth noting that GNSS location is never meant to leave your device. GNSS coordinates are calculated entirely passively.
OK so? The fact that GPS is calculated passively means nothing about the phone being asked what its position is after the fact.
The article admits this capability is no secret
> These capabilities are not secrets but somehow they have mostly slid under the radar of the public consciousness.
If the article just wants to say phones should block that ability, fine. But don't pretend this is some shady BS.
> slid under the radar of the public consciousness.
It is shady BS, and it’s why this phrase appeared in the article. Just because industry insiders are aware doesn’t mean it’s not shady.
The same applies to modern cars reporting their information back to manufacturers.
Please reread OPs comment
They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.
And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.
Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.
The can ask but your phone maybe doesn’t have to tell them by default / you can opt out
Why would they? It's basic privacy no? Just because I want to pay money to carrier to provide me with data and phone service, I shouldn't have to give up my location from my device. I expect them to know my approximate location from cell tower data.
Generally I'd not expect them actively triangulate my exact location, but I'd realise that's at least possible - but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
It's all in the small print or acquired by deception.
> but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.
Where does the article claim this turns on the GPS if off?
It .. probably does turn the GPS on?
While this is an important question, I don't see the sources mentioning it, what the standards mandate, and how the phones behave.
For example the wiki article https://en.wikipedia.org/wiki/Radio_resource_location_servic... describes the protocol as using the GPS and not as getting the location info from Android.
There's a difference in precision between cell tower triangulation and GPS. From 10-100 meters down to 1.
The cell network does not need to know where you are down to the meter and phones have no business giving this information up.