This stuff makes me so mad. It's to the point I don't want to carry a phone anymore. Why is it that people aren't allowed to record my conversations but they can record my real time location?
It's a problem at every level of the stack. I have a phone device that I have very little control over (thanks Apple and Google!) that talks to service providers who know who I am. Those service providers are shady and sell my real time location and I have literally no choices for a cell provider who doesn't do this. Then there is obviously a huge market for buying this collected data.
Where in the stack do we fix this? Do we need a data custody law first so I can track who the problem players are? Do we need devices that we have some control over so we can manage when they beacon out? Can we simply say that we (US citizens) have some right to privacy over our electronic data?
I've been really getting into growth and marketing lately as I want my ideas to take off. If I'm building a new company I want to be able to get users quickly.
This stuff is REALLY screwing us over.
Users are insanely skeptical now. This data is insanely valuable for growth but if the industry creates an entire generation of people who REFUSE to be monitored we're going to be in a horrible situation.
If someone is legitimately just interested in the cities you're visiting I don't think this is much of a problem.
For example, say their product is only available in San Francisco. It doesn't make sense to try to recruit users in New York.
This makes it much easier so get initial users as you can just buy ads for users in San Francisco, potentially saving a massive amount of money on your ad campaign.
With Polar (https://getpolarized.io/) I need to have analytics about what users do in the editor. What they click on, etc.
Polar is a research tool for reading and annotating PDFs and caching web content for later reading.
I get regular complains from users to disable all analytics.
I might ship it as an advanced feature for users to opt-out but I don't have any nefarious use case here. My only goal is ti figure out if you're using feature X or not.
I actually don't carry a phone with me. My wife has a flip phone that she uses to contact our kids' schools, and that's it. We also don't have home internet anymore. And when I do use the internet, I make sure to use Safari or Firefox with strict privacy settings enabled. Living without home internet in 2019[1] isn't that hard, it's actually easier and more rewarding and enjoyable than having home internet.
The easiest method is fixing the phone OS. There is no need to depend on Google or Apple services for anything. A decent Debian-like free software project could be organized to build a solid phone OS distribution; they could start with the Android OS as a base. There have been a few half hearted attempts at this but none have really taken root. This should definitely be a major goal for anyone interested in recovering our economic, social and political autonomy.
With sufficient energy other portions of the stack could be attacked - we don't need Google or Apple to provide us with map solutions, or email, or whatever.
Solving the problem of cell providers just selling your location just seems impossible, on the other hand.
When I was in the wireless industry, we did many shady things and had all the lawyers and lobbyists to back us up. We could change any laws that got in our way. My employer was never remotely interested in ethical issues. They were only interested in paying subscribers. I could go on all day with examples if HN were interested.
As a funny side note, we would joke that our best customers were drug dealers. They always paid on time and always in cash. They could not afford to miss any calls.
If Apple really wanted to put its cash to use, it could build its own cellular network. Privacy focused, no surprise fees, integrated billing for desktop/laptop/iOS/watch devices.
There's enough bad will against the existing ISPs/mobile carriers that Apple could swoop in and gain a lot of market share very quickly. And customers could save money by combining their home internet with their mobile plans. The future is a singular wireless data subscription without any routers or modems.
Really love this idea. $237BB in their piggy bank according to their most recent 10K. Since the era of carrier subsidies is more or less over in North America, this might accelerate their transition into services company in a major way.
They would never be able to replace existing providers unless they could quickly provide service to significant portions of the country (and eventually, world). However, they might be able to make some serious waves in the market if they focus on a small, highly populated part of California. It’s better than the Google Fi route except for the service coverage.
Unlikely, they would be blocked at the first step: they couldn't get any radio frequencies to build on. Not only are all frequencies assigned, but all attempts to get them would be blocked by anti-monopoly laws.
I thought carriers required user consent to get the E911 location data? It does have some legitimate uses. This location data is used by financial companies and one of the reasons you don't need to do travel notices at some of the major banks. They'll actually ping the E911 location when they see a credit card auth in new geographic location. Check your TOS at your bank, there's probably something buried in it about consenting to pulling mobile phone location to prevent fraud.
That's not a legitimate use. 911 is for emergencies. Emergency, security, terrorism are always the excuse used to strip us of our rights and our privacy.
A lot of people willingly install their bank's app. I don't see why this couldn't just be a case where people who have the app installed get this nice convenience and people who don't (willingly or because they don't have a smart phone) just have to notify their bank, as people have done for many years.
I've heard from multiple sources (including a former Seattle police officer who taught the first aid class I took last fall) that 911 operators here do not get any location data from cell phone calls.
Maybe that's the intent or justification behind collecting the data, but it isn't getting to those people.
This is why "promises" and "industry self regulation" are meaningless. People need government to protect them from companies' greed, which here means: regulatory agencies with teeth.
"Self regulation" only works when there is a monetary incentive for companies to keep their word, for example in ecological agriculture.
As for mitigation, does anyone know if MVNO users are also subjected to their data being sold?
Self regulation works in industries in which there aren't significant barriers to entry.
Unfortunately, Telecommunications is notoriously asset heavy and complex and the historical lack of competition creates behemoths with outsized influence in politics. The FCC then is effectively powerless barring the election of a president who personally cares about the matter.
In sum, self regulation works in free markets. You would switch to a better carrier if there were one, I'm certain.
Are today's government officials more starstruck with or paid off by big corporations than they were back in the Microsoft antitrust era? Big business gets away with so much bad behavior today but, in the US at least, it seems like years go by and nobody cares enough to pass regulation to preserve the basic right to privacy.
Then you have the issue of regulatory capture. Often those in charge of the regulations are just as corrupt: selective enforcement is the name of the game.
c'mon lets get real, 'Self Regulating' means someone actually has to be honest of something but as long as there is profit to be made, honesty takes a back seat.
It's pointless to think the industry will regulate itself, they can't help it. If there's a shred of profit to be made in anything give it time and it will be done as long as it's not illegal and often even if it is.
This is key. This is how citizens will lose their expectation to privacy. I fear that in the near future there will be no 'safe' option and you will be forced to forfeit your privacy rights to participate in the digital world.
Of course they are. They have to show growth quarter after quarter. Until investors stop punishing companies for not increasing growth every quarter, this will continue. Everything is money driven. There's no thought to the consumer any more. There doesn't have to be as there isn't any accountability to the consumer; they have nowhere else to go.
Are there any known ways to obfuscate cell location data? There are sim addons that can change IMSI to circumvent carrier lock[0], would IMSI obfuscation be a viable option to defend against cell tracking?
[0] https://en.m.wikipedia.org/wiki/Turbo_SIM
The carrier needs to know which cell you're talking to do route calls to your phone, and after that it's just a matter of triangulation to narrow it down. But even without triangulation the company knows what neighborhood you're in, by design.
US needs (something like) GDPR. 2% to 4% of revenue is a good starting point for a penalty. In the absence of a penalty why would anyone running a Telco company not take the extra cash from selling data.
[+] [-] driverdan|7 years ago|reply
HN discussion here (still on the front page as of my reply): https://news.ycombinator.com/item?id=18857220
It's frustrating that TechCrunch seems to get a pass on their worthless blogspam when other blogspam posts are removed.
[+] [-] floatingatoll|7 years ago|reply
[+] [-] dang|7 years ago|reply
[+] [-] danso|7 years ago|reply
(The TC summary is lengthy enough that it’s not necessarily blogspam)
[+] [-] TACIXAT|7 years ago|reply
It's a problem at every level of the stack. I have a phone device that I have very little control over (thanks Apple and Google!) that talks to service providers who know who I am. Those service providers are shady and sell my real time location and I have literally no choices for a cell provider who doesn't do this. Then there is obviously a huge market for buying this collected data.
Where in the stack do we fix this? Do we need a data custody law first so I can track who the problem players are? Do we need devices that we have some control over so we can manage when they beacon out? Can we simply say that we (US citizens) have some right to privacy over our electronic data?
Seriously, these practices are abhorrent.
[+] [-] pjc50|7 years ago|reply
The way to get a cellphone privacy law is to get the locations of congresspeople (especially Republicans), and use this against them.
[+] [-] burtonator|7 years ago|reply
This stuff is REALLY screwing us over.
Users are insanely skeptical now. This data is insanely valuable for growth but if the industry creates an entire generation of people who REFUSE to be monitored we're going to be in a horrible situation.
If someone is legitimately just interested in the cities you're visiting I don't think this is much of a problem.
For example, say their product is only available in San Francisco. It doesn't make sense to try to recruit users in New York.
This makes it much easier so get initial users as you can just buy ads for users in San Francisco, potentially saving a massive amount of money on your ad campaign.
With Polar (https://getpolarized.io/) I need to have analytics about what users do in the editor. What they click on, etc.
Polar is a research tool for reading and annotating PDFs and caching web content for later reading.
I get regular complains from users to disable all analytics.
I might ship it as an advanced feature for users to opt-out but I don't have any nefarious use case here. My only goal is ti figure out if you're using feature X or not.
[+] [-] sephoric|7 years ago|reply
[1]: https://sephware.com/blog/2019-01-04-being-a-software-develo...
[+] [-] astazangasta|7 years ago|reply
With sufficient energy other portions of the stack could be attacked - we don't need Google or Apple to provide us with map solutions, or email, or whatever.
Solving the problem of cell providers just selling your location just seems impossible, on the other hand.
[+] [-] LinuxBender|7 years ago|reply
As a funny side note, we would joke that our best customers were drug dealers. They always paid on time and always in cash. They could not afford to miss any calls.
[+] [-] astazangasta|7 years ago|reply
[+] [-] wallace_f|7 years ago|reply
Most days I learn something new about how people somewhere are being evil.
[+] [-] whitepoplar|7 years ago|reply
There's enough bad will against the existing ISPs/mobile carriers that Apple could swoop in and gain a lot of market share very quickly. And customers could save money by combining their home internet with their mobile plans. The future is a singular wireless data subscription without any routers or modems.
[+] [-] localhost|7 years ago|reply
[+] [-] snazz|7 years ago|reply
[+] [-] bluGill|7 years ago|reply
[+] [-] ruffyen|7 years ago|reply
[+] [-] adrr|7 years ago|reply
[+] [-] guelo|7 years ago|reply
[+] [-] oldmanhorton|7 years ago|reply
[+] [-] ken|7 years ago|reply
Maybe that's the intent or justification behind collecting the data, but it isn't getting to those people.
[+] [-] mschuster91|7 years ago|reply
"Self regulation" only works when there is a monetary incentive for companies to keep their word, for example in ecological agriculture.
As for mitigation, does anyone know if MVNO users are also subjected to their data being sold?
[+] [-] airstrike|7 years ago|reply
Unfortunately, Telecommunications is notoriously asset heavy and complex and the historical lack of competition creates behemoths with outsized influence in politics. The FCC then is effectively powerless barring the election of a president who personally cares about the matter.
In sum, self regulation works in free markets. You would switch to a better carrier if there were one, I'm certain.
[+] [-] ravenstine|7 years ago|reply
[+] [-] Yhippa|7 years ago|reply
As a Google Fi user I am very interested in this.
[+] [-] dd36|7 years ago|reply
[+] [-] jimmy1|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] SonnyWortzik|7 years ago|reply
[+] [-] BurningFrog|7 years ago|reply
Promises in the form of legally binding contracts.
[+] [-] _jal|7 years ago|reply
If you're concerned with privacy from government, don't be - you already lost that war.
If you're concerned with a drop in innovation, don't be - we're already far behind most of the rest of the developed world.
If you're concerned about prices going up, don't be - we already pay insanely high rates compared to peer-countries.
Welcome to the "free" "market".
[+] [-] m-p-3|7 years ago|reply
[+] [-] general8bitso|7 years ago|reply
It could be queuing positional and temporal data, and awaiting a connection to later send.
[+] [-] luckydata|7 years ago|reply
[+] [-] kakarot|7 years ago|reply
To be fair, what are our options, exactly? If we want anything near acceptable coverage and price, that is.
[+] [-] x2f10|7 years ago|reply
This is key. This is how citizens will lose their expectation to privacy. I fear that in the near future there will be no 'safe' option and you will be forced to forfeit your privacy rights to participate in the digital world.
[+] [-] CarriersSuck|7 years ago|reply
[+] [-] kekebo|7 years ago|reply
[+] [-] roywiggins|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] wpdev_63|7 years ago|reply
[+] [-] h0mEDw|7 years ago|reply