this post was submitted on 17 Jan 2025

128 points (99.2% liked)

Cybersecurity

5972 readers

279 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

128

NSA Warns iPhone And Android Users—Disable Location Tracking (www.forbes.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

50 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] rumba@lemmy.zip 84 points 1 day ago (3 children)

The problem is, I want location tracking. I want a piece of software to tell me where I left my headphones or my wallet. I want it to let me know that I left the house without my bag. I want to have a piece of software Tell me where I was 3 Thursdays ago at 7pm for what the date was The last time I went to a certain park. I want my navigation software to tell me that I need to make a left turn up ahead.

I just don't want Apple or Google to have that information.

My carrier and my ISP know where I am, that is unavoidable. They don't even need GPS to tell that they know where their assets are and they know which of their assets I'm connecting to. I am quite certain the NSA has access to that data as well.

[–] MonkderVierte@lemmy.ml 1 points 7 hours ago

There's the option of removing the main tracking framework, at least on Android (Play Services) or flashing a privacy respecting custom ROM. And Android has the "allow only during usage" option.

[–] sunzu2@thebrainbin.org 30 points 1 day ago (2 children)

I am quite certain the NSA has access to that data as well.

Yes and they don't want foreign actors to have it... You would think they would see this security vulnerability a decade ago but I guess they thought they were so far ahead on the gestapo game. Now everyone realized that telling corpos trade this data is a bad idea. But instead of lobbying for proper frameworks to protect the citizens we limo dick advice from your "friendly" glowie.

Clown approach to public police and national security. Sometimes it feels like they aren't even trying to do their stated jobs, they are ein the business of pleb control if we go by their behaviour but they surely don't provide "national security"

[–] ace_of_based@sh.itjust.works 13 points 1 day ago* (last edited 1 day ago) (1 children)

Sometimes it feels like they aren’t even trying to do their stated jobs, they are ein the business of pleb control

I'm with ya. It's like they have given up governance and desperately want us to forget that's kinda what they're for

[–] stringere@sh.itjust.works 5 points 1 day ago (1 children)

That's exactly what they've done because their goal is to run the country like their own company.
Which is why going forward I am open palm slapping anyone who tells me they want the country run like a business.

[–] ace_of_based@sh.itjust.works 4 points 1 day ago (1 children)

I think ross perot started it. Can i ask you to go back in time and get ta slappin'? Save the timeline!

[–] Count042@lemmy.ml 1 points 1 day ago (1 children)

You think the time line would be better if George Bush won?

[–] stringere@sh.itjust.works 2 points 22 hours ago (1 children)

You mean GHW Bush, grandson of Prescott Bush who was too busy helping Hitler get into power to take part in the Business Plot? That one?

[–] Count042@lemmy.ml 2 points 17 hours ago

You forgot the likely involvement with the assassination of JFK, too.

He would have won a second term if Ross Perot hadn't split the vote.

[–] Buelldozer@lemmy.today 7 points 1 day ago (1 children)

Yes and they don’t want foreign actors to have it…

They really don't mind the westernized countries having it. Hell they share it with other 5 Eyes countries. What they very much mind is adversary nations having it.

You would think they would see this security vulnerability a decade ago

The NSA was publicly warning about this in 2020 as part of the original "Ban TikTok" push. The DoD was working to limit location data on smartphones at least as far back as 2014 and they got the warning to do that from the NSA.

[–] sunzu2@thebrainbin.org 5 points 1 day ago

And yet this data is freely being traded as we speak...

Good job spooks 🤡

[–] homesweethomeMrL@lemmy.world 14 points 1 day ago (1 children)

IT'S JUST THE ADVERTISING ID. NOT THE LOCATE PHONE PART.

Brought to you buy jerks who haven't had their coffee yet and read TFA.

[–] rumba@lemmy.zip 6 points 1 day ago (1 children)

FTA, that TA linked to as it's source

The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.

They claim to have precise loc data, unless that's not what you meant

[–] homesweethomeMrL@lemmy.world 7 points 1 day ago (1 children)

This data is harvested from apps rather than the phones themselves, as EFF explains, “each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called real-time bidding’ (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of.”

[–] rumba@lemmy.zip 5 points 1 day ago (1 children)

apps rather than the phones themselves,

In this case, they took it from a marketing agency, who collected it from apps, who got it from the phones.

The "app" adds location services as a permission requirement. Then they add the API for the advertiser. When they app runs, it calls the API which gathers location data.

So you'd think you can just disable location services for the app.

But what happens when they end up stealing it from Waze, or Tile, or Apple. What happens when google just sells it to people?

The only reasonable option is to turn it off at the phone level. But even then, aGPS knows. Your Carrier knows.

To stop this from being a thing, it needs to be done from the ground up with a privacy respecting OS run by a privacy respecting company, serviced by a privacy respecting server.

so basically never.

[–] homesweethomeMrL@lemmy.world 3 points 1 day ago (1 children)

But what happens when they end up stealing it from Waze, or Tile, or Apple. What happens when google just sells it to people?

Indeed.

To stop this from being a thing, it needs to be done from the ground up with a privacy respecting OS run by a privacy respecting company, serviced by a privacy respecting server.

Same as it ever was.

[–] boonhet@lemm.ee 1 points 4 hours ago

Google, Apple, etc selling the data is actually unlikely. They don't want other advertisers data to be as competitive as their own.

The smaller players though, get more profit selling data because they'll never compete with the giants on the targeted ads front.