My friend was going through a pretty massive depression after his mom passed. He'd been with my wife and I at our house for a number of hours talking through it, and apparently not texting his sisters back. They called in a welfare check.
We live in a reasonably dense suburb. Police showed up at our front door and asked to speak with him. They just wanted to make sure he was doing OK. He asked them "how did you find me?" and their response was just "we pinged your phone".
Watching my security camera, they did not stop at any of my neighbors houses first. It was very direct to my front door. This leads me to believe whatever sort of coordinates they had were pretty spot on. His car was parked well down the block and not in front of our house so that was no give away.
This was five years ago and always struck me as a "Huh"
Oh! So IIRC it used to be that the modem could only get a rough estimate of your location and typically Apple/Google's location infra(which combined wifi/blue and lately satellite position based shadow mapping) to determine a precise location. And law enforcement got precise info from _that_ infra(E911 requirements for every device).
Clearly they don't need that now because 5g cell towers have gotten precise enough? Also, if that's true then 5g being that precise might still not apply to urban dense areas, where more postprocessing is required to get better location accuracy...
In 2009 I worked with a triangulation system in a dense populated area. The precision of location was comparable in average to GPS (meaning sometimes better) when indoors, it was orders of magnitude better as GPS. That was 3G, some yeras ago… I assume today is much better, as the density of cells increased
"and notify the user when such attempts are made to their device."
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
I turned off all cell carrier tracking 5 years ago. 100% of it.
By canceling my cell phone subscription.
I know I know, I must be amish, I have heard it all. But I run two tech companies, travel, have a family, and do most of the things most around here probably do other than doom scrolling.
What security state? They aren't doing this for anyone's safety. This is the surveillance and parallel construction state.
> What needs to happen is accountability.
No agency can have this power and remain accountable. Warrants are not an effective tool for managing this. Courts cannot effectively perform oversight after the fact.
> The only way to stop the rampant abuse is to treat data like fire.
You've missed the obvious. You should really go the other direction. Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
For consequences, we need to do away with the notion of qualified immunity. Why should police officers, politicians, agents of the government have any immunity for their actions? They should carry personal liability for breaking the law and violating others’ rights. Otherwise, there is no reason they’ll change. Right now, at best you’ll sue the government and get some money, but all you’re doing is punishing other tax payers.
We definitely won't get rid of it if we accept failure. I get that it seems extremely unlikely, but there's no use in trying to just mitigate the risk short term. One way or another that power will be abused eventually (if it isn't already).
I’m not super sure about the specifics but having taken a 5G class, the professor made it quite clear that due to the latency and bandwidth requirements of 5G, precise tracking is required to allow towers to correctly do beam forming.
When talking about the 5G system, cell towers can request a users estimated velocity which when combined with the towers own location combined with the physical radio (that is communicating with the phone (UE)) you can get a pretty good position estimation.
What is new is that network providers are trying to sell this tower/5G data to other companies.
I could be wrong but from my understanding 5G has always required precise tracking of every device connected.
My knowledge on this is the tower should be able to optimise beams without location information. Channel information can be relayed back to the tower for beam optimisation. The tower needs to know the signal path characteristics but not explicitly the location.
Not disputing that location data is used for beam optimisation just that I dont believe it is required.
This would not be a problem if you phone did not have IMEI and IMSI, and if the telco only provided an anonymous Internet channel. The problem is that you must have a phone number, often linked to your ID and pay with a bank card, linked to your ID, instead of cryptocurrency. Towers and beamforming are not a problem at all.
Information about received power and SNR is relayed over the 5G data link to and from the tower, and beamforming happens that way. As a result, the tower doesn't need to know where you are at all. In fact, with higher frequencies, you often get weird bouncy paths for 5G radio signals so the "beam" that gets formed can be a rather odd shape while being optimal.
So when 5G was being deployed to the city I was working for and I could see permits, it struck me as really peculiar just in terms of economics because the density of towers needed is extremely high compared to the previous generation. As a user, I really can’t tell a difference in quality of service. So it seemed like an extremely large capital investment for no gain, which makes me think that the purpose of 5G is some dual use that is not public knowledge. That the intent was to create a high accuracy tracking system for us seems plausible to me given how much money is funded into other surveillance activity.
This community should be talking about meshcore more imho.
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
euhm, well. 112 programmer here. There are multiple levels. Cell tower triangulation come in automatically from providers. But they are only in tower numbers. They might be wrongly entered by engineers, hence the confirming question about where you are. Second is subscription information, as in registered address. Chances are if called from nearby your address, you are at your address. Next is a text to your phone number, which is intercepted by firmware and sends gps coords back. This can be turned off, since implementation.
Serious question: will this limit the ability of 911 emergency services to help you?
I can imagine a scenario where emergency servies are authorized to send the ping to get your precise location and if you disable this, you may regret it. And a major feature of some phones/watches is the ability to automatically call 911 under certain fall/crash movement detection, where you might not have the ability to re-enable your GPS location.
But they still can track the cellular connection and do triangulation from that, no?
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
I mean we kinda did when we decided that emergency services calls would be special and give first responders the ability to find you. Wireless carriers are required to provide GPS quality (actually better than GPS) location data to EMS and this is how they built it.
The only way to actually do this was develop a way to ask the phone because the tower isn't accurate enough. In the US it could have been more privacy preserving by being push but I imagine carriers don't want to maintain and update a list of current emergency numbers. "Sorry person in a car crash, we can't find you because cellular modem firmware is out of date and your emergency number isn't on list" is a PR disaster waiting to happen. Easier to coordinate with police and fire and let them do the asking.
From the comments, it appears many are not aware that even the US government buys location data of users from data brokers - How the Federal Government Buys Our Cell Phone Location Data - https://www.eff.org/deeplinks/2022/06/how-federal-government... ... Apparently, US cell phone companies are one of the providers of this data - US cell carriers are selling access to your real-time phone location data - https://news.ycombinator.com/item?id=17081684 ...
We really have a societal problem in that we allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
They don't need to get your GPS location. With 4G and 5G the timing and clock precision at the basestations is enough to multi-laterate you down to about 50m (prior 3G/2G stuff was more like 100-200 meters). They are required by US law to store this multi-laterated position data track (updated every time your phone announces itself to basestations) for 2 years. But most telcos store it for more like 5+ years because it's valueable and they sell it.
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
I'll ask people, because I'm in the right circles. I want to know where it works. I've been VERY clear in my messaging to HN (on the RCS issue and having ear blown out by iPhone last week) that I am not going to glaze Apple even if the new modems they built interest me. They are usually sort of a neutral to me that has me more pissed off in the recent months than usual. Maybe send me one of your new devices if you don't want me pissed off anymore.
As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?
At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)
Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone and cooperating with advertising or mobile tracking compainies to aggregate that data in useful ways. If you have a phone, people that want your location have it and there is nothing you can do.
One day, I was waiting to pick up someone at the bus station and a crazy driver came roaring through the parking lot, jumped the curb and took out a stop sign, then backed up to free it from his car and careened off.
I got on the phone with 911.
I got put on hold, and while waiting on speaker I took a picture of the stop sign from the crash. later the call ended.
The next day I noticed that the photo I took had an embedded location.
location services was globally enabled on the phone during the call.
I wouldn't be surprised if all apps on your phone during 911 get your precise location.
I've noticed that when I travel, I get spam calls from the area code I am visiting. I have asked my cell provider if they monetize my location data, and they swear they aren't. But I don't trust them, given that no one else (other than Apple) would know where I am in real time. Recently switched providers and haven't experienced it since then. Wouldn't be surprised if there was a class action lawsuit someday.
Of course, this doesn't require having GPS location, just cell tower info is enough.
> But I don't trust them, given that no one else (other than Apple) would know where I am in real time.
Literally every website and app you use with any kind of shared analytics/ads gets your general location just from your IP address alone, and can update your profile on that analytics/ads provider.
It is far more likely this, than your cell phone provider.
While it's a legit metadata privacy vulnerability, it doesn't close a much bigger hole that already exists. (Close it, if you can, of course.)
Almost every carrier can triangulate a handset in an area with multiple towers without help of the handset using relative signal strength to each seen towers and data processing. This is how most police in most jurisdictions are able to find an active handset within ~100m given only a phone number. Don't think carriers in some countries aren't constantly logging that approximate and precise queried location metadata and selling it to data brokers.
The only method to prevent continuously location tracking is to disconnect a handset from the cellular network by attenuating the signal with a blocking bag, antenna disconnection, or real power off. The lack cellular network connectivity may be extremely inconvenient by defeating the purpose of a phone. There are situations where someone doesn't want to power down their phone but does want to be RF clean where a Faraday bag would be a good idea(tm).
Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).
This is only provided to 911 (police & fire) by carriers alongside your 911 call.
Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.
Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.
This shows the importance of having open-source software and firmware - commercial companies will betray you every day - remember HDCP, unskippable DVD sections, TPM, updates you cannot disable, "security enclaves", content protection areas on SSDs and all the similar stuff where interests if the owner are not considered.
Phones haven't always had GPS information and they could still be tracked, if you connect to enough towers they can triangulate your location. Cell towers have been able to do this based on your signal strength for a very long time and you cant turn it off. You don't even have to have a SIM card, if the cell radio is on it pings towers period, this is why a phone even without service can dial 911 and it will work. The IMEI of your phone is unique and cell towers can track it, the government has used this and there is no way to disable it. Its not as accurate as GPS but it can be good enough to figure out a route you take and general location
[+] [-] donatj|1 month ago|reply
We live in a reasonably dense suburb. Police showed up at our front door and asked to speak with him. They just wanted to make sure he was doing OK. He asked them "how did you find me?" and their response was just "we pinged your phone".
Watching my security camera, they did not stop at any of my neighbors houses first. It was very direct to my front door. This leads me to believe whatever sort of coordinates they had were pretty spot on. His car was parked well down the block and not in front of our house so that was no give away.
This was five years ago and always struck me as a "Huh"
[+] [-] itissid|1 month ago|reply
Clearly they don't need that now because 5g cell towers have gotten precise enough? Also, if that's true then 5g being that precise might still not apply to urban dense areas, where more postprocessing is required to get better location accuracy...
[+] [-] f1shy|1 month ago|reply
[+] [-] kgwxd|1 month ago|reply
[+] [-] stanmancan|1 month ago|reply
[+] [-] rr808|1 month ago|reply
[+] [-] NedF|1 month ago|reply
[deleted]
[+] [-] churchill|1 month ago|reply
[deleted]
[+] [-] Lapsa|1 month ago|reply
[deleted]
[+] [-] jmward01|1 month ago|reply
We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.
[+] [-] lrvick|1 month ago|reply
By canceling my cell phone subscription.
I know I know, I must be amish, I have heard it all. But I run two tech companies, travel, have a family, and do most of the things most around here probably do other than doom scrolling.
So much more time in my own head to think.
[+] [-] themafia|1 month ago|reply
What security state? They aren't doing this for anyone's safety. This is the surveillance and parallel construction state.
> What needs to happen is accountability.
No agency can have this power and remain accountable. Warrants are not an effective tool for managing this. Courts cannot effectively perform oversight after the fact.
> The only way to stop the rampant abuse is to treat data like fire.
You've missed the obvious. You should really go the other direction. Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.
[+] [-] SilverElfin|1 month ago|reply
[+] [-] _heimdall|1 month ago|reply
We definitely won't get rid of it if we accept failure. I get that it seems extremely unlikely, but there's no use in trying to just mitigate the risk short term. One way or another that power will be abused eventually (if it isn't already).
[+] [-] DeathArrow|1 month ago|reply
We should make it impossible for the data to be obtained without express user agreement.
[+] [-] fsflover|1 month ago|reply
[+] [-] jart|1 month ago|reply
Imagine you get Neuralink and your best friend files for the right to be forgotten. Then poof. All your memories together gone.
[+] [-] gregoryw3|1 month ago|reply
If anyone wants to look at the future of 5G (well ORAN) here it is: https://gitlab.eurecom.fr/oai/openairinterface5g
When talking about the 5G system, cell towers can request a users estimated velocity which when combined with the towers own location combined with the physical radio (that is communicating with the phone (UE)) you can get a pretty good position estimation.
What is new is that network providers are trying to sell this tower/5G data to other companies.
I could be wrong but from my understanding 5G has always required precise tracking of every device connected.
[+] [-] wisplike|1 month ago|reply
Not disputing that location data is used for beam optimisation just that I dont believe it is required.
[+] [-] codedokode|1 month ago|reply
[+] [-] pclmulqdq|1 month ago|reply
[+] [-] GorbachevyChase|1 month ago|reply
[+] [-] m463|1 month ago|reply
[+] [-] unknown|1 month ago|reply
[deleted]
[+] [-] AnotherGoodName|1 month ago|reply
It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).
See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.
[+] [-] AlexanderYamanu|1 month ago|reply
[+] [-] instagib|1 month ago|reply
A supported carrier: Germany: Telekom United Kingdom: EE, BT United States: Boost Mobile Thailand: AIS, True
Turn limit precise location on or off
Open Settings, then tap Cellular.
Tap Cellular Data Options.
If you have more than one phone number under SIMs, tap one of your lines.
Scroll down to Limit Precise Location.
Turn the setting on or off. You might be prompted to restart your device.
[+] [-] js2|1 month ago|reply
Only Boost Mobile in the U.S. Weird. About 7.5M subscribers. Maybe it requires 5G? Wonder if it works when roaming?
https://en.wikipedia.org/wiki/Boost_Mobile
https://en.wikipedia.org/wiki/List_of_mobile_network_operato...
https://en.wikipedia.org/wiki/5G_NR
[+] [-] OGEnthusiast|1 month ago|reply
[+] [-] crazygringo|1 month ago|reply
I can imagine a scenario where emergency servies are authorized to send the ping to get your precise location and if you disable this, you may regret it. And a major feature of some phones/watches is the ability to automatically call 911 under certain fall/crash movement detection, where you might not have the ability to re-enable your GPS location.
[+] [-] pstuart|1 month ago|reply
Basically, if you have any cell phone the government can track you. Buying a burner phone with cash (via strawman proxy) seems like the only way to temporarily obscure your location.
I imagine with the ubiquity of cameras in the commons and facial recognition and gait analysis they can knit that up even more.
[+] [-] Ms-J|1 month ago|reply
It is tiring. I am doing something about it by making technical contributions. If you are able to do the same, please do.
[+] [-] Spivak|1 month ago|reply
The only way to actually do this was develop a way to ask the phone because the tower isn't accurate enough. In the US it could have been more privacy preserving by being push but I imagine carriers don't want to maintain and update a list of current emergency numbers. "Sorry person in a car crash, we can't find you because cellular modem firmware is out of date and your emergency number isn't on list" is a PR disaster waiting to happen. Easier to coordinate with police and fire and let them do the asking.
[+] [-] thisislife2|1 month ago|reply
[+] [-] Frost1x|1 month ago|reply
But we want to support privatization at all cost, even when privatization these days has significant influence on our daily lives, akin to the concerns we had when we placed restrictions on government. Seems like we need to start regulating private actions a bit more, especially when private entities accumulate enough wealth they can act like multi state governments in levels of influence. That’s my opinion, at least.
[+] [-] superkuh|1 month ago|reply
This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.
[+] [-] meindnoch|1 month ago|reply
[+] [-] kayodelycaon|1 month ago|reply
This isn’t a new capability and shouldn’t be surprising.
[+] [-] joecool1029|1 month ago|reply
As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?
At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)
[+] [-] citizenpaul|1 month ago|reply
2017 Broadband Consumer Privacy Proposal
https://www.congress.gov/bill/115th-congress/senate-joint-re...
[+] [-] Gobd|1 month ago|reply
[+] [-] m463|1 month ago|reply
One day, I was waiting to pick up someone at the bus station and a crazy driver came roaring through the parking lot, jumped the curb and took out a stop sign, then backed up to free it from his car and careened off.
I got on the phone with 911.
I got put on hold, and while waiting on speaker I took a picture of the stop sign from the crash. later the call ended.
The next day I noticed that the photo I took had an embedded location.
location services was globally enabled on the phone during the call.
I wouldn't be surprised if all apps on your phone during 911 get your precise location.
[+] [-] apparent|1 month ago|reply
Of course, this doesn't require having GPS location, just cell tower info is enough.
[+] [-] crazygringo|1 month ago|reply
Literally every website and app you use with any kind of shared analytics/ads gets your general location just from your IP address alone, and can update your profile on that analytics/ads provider.
It is far more likely this, than your cell phone provider.
[+] [-] spzb|1 month ago|reply
[+] [-] themafia|1 month ago|reply
Does it still happen?
[+] [-] burnt-resistor|1 month ago|reply
Almost every carrier can triangulate a handset in an area with multiple towers without help of the handset using relative signal strength to each seen towers and data processing. This is how most police in most jurisdictions are able to find an active handset within ~100m given only a phone number. Don't think carriers in some countries aren't constantly logging that approximate and precise queried location metadata and selling it to data brokers.
The only method to prevent continuously location tracking is to disconnect a handset from the cellular network by attenuating the signal with a blocking bag, antenna disconnection, or real power off. The lack cellular network connectivity may be extremely inconvenient by defeating the purpose of a phone. There are situations where someone doesn't want to power down their phone but does want to be RF clean where a Faraday bag would be a good idea(tm).
[+] [-] josephrrusso|1 month ago|reply
TL;DR, this is nothing new.
Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).
This is only provided to 911 (police & fire) by carriers alongside your 911 call.
Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.
Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.
https://en.wikipedia.org/wiki/Enhanced_911
[+] [-] codedokode|1 month ago|reply
[+] [-] ZebusJesus|1 month ago|reply
https://www.rfwireless-world.com/terminology/cellular-tower-...