Cybersecurity

5972 readers

266 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

129

NSA Warns iPhone And Android Users—Disable Location Tracking (www.forbes.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

50 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] rumba@lemmy.zip 6 points 1 day ago (1 children)

FTA, that TA linked to as it's source

The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.

They claim to have precise loc data, unless that's not what you meant

[–] homesweethomeMrL@lemmy.world 7 points 1 day ago (1 children)

This data is harvested from apps rather than the phones themselves, as EFF explains, “each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called real-time bidding’ (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of.”

[–] rumba@lemmy.zip 5 points 1 day ago (1 children)

apps rather than the phones themselves,

In this case, they took it from a marketing agency, who collected it from apps, who got it from the phones.

The "app" adds location services as a permission requirement. Then they add the API for the advertiser. When they app runs, it calls the API which gathers location data.

So you'd think you can just disable location services for the app.

But what happens when they end up stealing it from Waze, or Tile, or Apple. What happens when google just sells it to people?

The only reasonable option is to turn it off at the phone level. But even then, aGPS knows. Your Carrier knows.

To stop this from being a thing, it needs to be done from the ground up with a privacy respecting OS run by a privacy respecting company, serviced by a privacy respecting server.

so basically never.

[–] homesweethomeMrL@lemmy.world 3 points 1 day ago (1 children)

But what happens when they end up stealing it from Waze, or Tile, or Apple. What happens when google just sells it to people?

Indeed.

To stop this from being a thing, it needs to be done from the ground up with a privacy respecting OS run by a privacy respecting company, serviced by a privacy respecting server.

Same as it ever was.

[–] boonhet@lemm.ee 1 points 4 hours ago

Google, Apple, etc selling the data is actually unlikely. They don't want other advertisers data to be as competitive as their own.

The smaller players though, get more profit selling data because they'll never compete with the giants on the targeted ads front.