How commercially-available phone location data is used by ICE (and other law enforcement agencies)
from cypherpunks@lemmy.ml to privacy@lemmy.ml on 08 Jan 19:51
https://lemmy.ml/post/41421285

screenshot of text: The material does not say how Penlink obtains the smartphone location data in the first place. But surveillance companies and data brokers broadly gather it in two different ways. The first is from small bundles of code included in ordinary apps called software development kits, or SDKs. SDK owners then pay the app developers, who might make things like weather or prayer apps, for their users’ location data. The second is through real-time bidding, or RTB. This is where companies in the online advertising industry place near instantaneous bids to get their advert in front of a certain demographic. A side effect is that companies can obtain data about peoples’ individual devices, including their GPS coordinates. Spy firms have sourced this sort of RTB information from hugely popular smartphone apps.

via this 404 media article: www.404media.co/inside-ices-tool-to-monitor-phone…

paywall bypass: web.archive.org/…/inside-ices-tool-to-monitor-pho…

screenshot of text: The material shows Webloc users can search its databases of mobile phone data in various ways. Users can perform a single perimeter analysis to search a specific area for mobile phones across a certain time period. They can draw the target area with a rectangle, circle, or polygon. They then select the maximum number of results the system should display, and the maximum number of devices to return. Once a Webloc user has identified a device of interest, they can get more details about that particular phone, and, by extension, its owner, by seeing where else it has travelled both locally and across the country. Users can click a route feature which shows the path the device took. The material suggests that if users look at where the device was located at night, they might find the person’s possible home, and during the day, the person’s possible employer. The software can also do a multi-permiter analysis, which monitors multiple locations at once to see which devices have been present at two or more specific places.

#privacy

threaded - newest

Goodlucksil@lemmy.dbzer0.com on 08 Jan 20:51 next collapse

I blame Bush. He created ICE. But I also blame Trump for allocating 9 billions to ICE

captainlezbian@lemmy.world on 08 Jan 21:08 next collapse

I also blame Bush but largely for his firm commitment to ignore the spirit of the bill of rights

Goretantath@lemmy.world on 08 Jan 21:39 collapse

Bush was Reagan 2.0, Trump is 3.0, all put in by the Heritage Foundation.

umbrella@lemmy.ml on 08 Jan 21:29 next collapse

reminder the modem firmware we use on our phones is exploitable and most likely backdoored, and in some cases it has memory access to the rest of the device. israeli espionage companies can do it and sell their capabilities to law enforcement. (this somewhat applies to pcs with ME and PSP too, btw)

meaning they can target you regardless of what software you use. maybe not as easily or automated i guess, but always keep it in mind with their tech.

chillpanzee@lemmy.ml on 09 Jan 07:58 next collapse

True, but they don’t even need 0days or software exploits to breach the systems. The data is harvested legally and sold to whoever wants to pay for it. Insane amounts of data about everything you do is made commercially available by phone platforms, tech companies, apps, banks, email providers, retail establishments, cell phone carriers, governments, and of course their continual data breaches.

Anybody can target you too, it doesn’t have to be espionage outfits or state sponsored threat actors. It’s just for sale.

umbrella@lemmy.ml on 09 Jan 16:58 collapse

my key point is that they can rely on these exploits/backdoors if you are resistant in using the commercial data harvesting software, and they need to find you for some reason.

magic_smoke@lemmy.blahaj.zone on 09 Jan 18:57 collapse

True, its just more work and not going to be used for dragnet surveillance.

OpFARv30@lemmy.ml on 09 Jan 18:31 collapse

Reminder that GrapheneOS.

umbrella@lemmy.ml on 09 Jan 18:50 collapse

graphene doesn’t replace the modem firmware. i don’t think modem firmware can be replaced on most phones.

OpFARv30@lemmy.ml on 09 Jan 21:08 collapse

Is the baseband isolated?

Yes, the baseband is isolated on all of the officially supported devices.

And

The mobile Atheros Wi-Fi driver/firmware is primarily a SoftMAC implementation with the vast majority of the complexity in the driver rather than the firmware. The fully functional driver is massive and the firmware is quite small.

umbrella@lemmy.ml on 09 Jan 21:41 collapse

that’s actually pretty nice. i didn’t know pixels did that.

BeardededSquidward@lemmy.blahaj.zone on 09 Jan 19:16 collapse

Part of what to take away from this, do not go to organized events with your phone, leave it at home. They can easily and readily track you with it on or off.

Imaginary_Stand4909@lemmy.blahaj.zone on 09 Jan 22:03 next collapse

Just curious, what about a secondary (burner I guess) smartphone? I have an old phone I stopped using years ago that I flashed LineageOS onto, it has no SIM card, I keep it fully shut down until I leave my house, and it only has Signal on it for messaging purposes and ProtonVPN. Is that also a big enough threat? I used it while at a No Kings protest.

Are dummy phones the only way to go?

BeardededSquidward@lemmy.blahaj.zone on 09 Jan 22:23 collapse

No phones, period. The phone will still send out signals, just that it won’t be allowed service onto networks without the SIM card. They can still trace the phone to the point it turned on and since you used it previously as a personal phone there’s probably records they can pull on it from your carrier at the time. They can probably trace it to you via the various numbers tied specifically to that phone. As much of a PITA it is, getting a small digital camera is the way to go as long as it doesn’t do any connectivity. Just be sure to scrub the meta data on all pictures if you share them or post them online.

NewOldGuard@lemmy.ml on 09 Jan 22:59 collapse

Bring it but powered off in a faraday bag. If an emergency strikes you’ll be glad to have the option.