Discussion

The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do.

everdrive: It's never popular when I post this, but I'm just going to do it again:"No matter the risk, I must carry my smartphone everywhere and install every app. It would be unimaginable to have the urge to look something up, but then wait to do it later until I'm using a real computer. No negative outcome will EVER shake my deep, permanent need to carry a smartphone all the time and use it for as much as possible."We've done this to ourselves, and we're terrified at even the most minor inconvenience. It's something I can't wrap my head around, but people cannot bear to just wait until they get home to query something on the internet. They MUST have access ALL THE TIME, no matter the downside. It's baffling.

MengerSponge: I don't think this is right. Most people are just not that curious, so there's no drive to be able to look things up.People don't want to be bored, so a phone with all the apps provides a reliable source of distraction/entertainment.

shevy-java: I think many people don't know about the issue at hand; and many also don't care.The more tragic thing is that those who care about it, can not do much about it.

shevy-java: We can not trust many "governments". The financial incentives are just too powerful. There are cases of people becoming millionaires after they left politics. Post-retirement payback and kickbacks.

gerikson: There's also the possibility that we, as consumers, demand that the political system solves this issue with robust privacy legilsation that prohibits any entity from tracking our phones.

philipallstar: We could also demand that the government doesn't use the location data from private companies without a warrant, but elections aren't often granular enough to satisfy individual requirements. Better to figure out a way to create and use a competitor that doesn't do this to you.

pocksuppet: Not all political systems respond to consumer demand.

giantg2: So they say to turn of location permissions and stuff, but what about the network carrier? Any privacy focused cell services that are reasonably priced?

pocksuppet: Don't think so - they're all very expensive because cell networks are expensive. You can get a burner phone, only use it as a tethered internet connection for your laptop which runs VPN software.

JohnMakin: > It would be unimaginable to have the urge to look something up,It's not popular because this is very reductive and dismissive of the problem almost to the point of dishonesty. Many modern functions need an application and there is little or no alternative.Some examples:QR codes - lots of restaurants don't have a physical menu and need a QR code scan. This behavior extends well beyond restaurants as well.Keys - Lots of cars support lock/unlock and put a ton of features behind an app. While not strictly necessary, it's incredibly convenient if you're in the inevitable (and sometimes very expensive/difficult to remediate) situation everyone eventually faces when you lose your keys, or lock them in the car. Some garages and apartment complexes only support getting in by app, and I've seen this in hotels as well.Banking - doing many things at banks nowadays requires confirming you are you via push notification to your phone. Lots of MFA is app-based as well. I could not do my job without a phone.Navigation - I don't always carry a garmin or thomas guide around with me when I'm walking around an unfamiliar city, and it would be pretty ridiculous of me to do so.Probably could come up with a lot of other things. Without a phone it's not really possible to function in much of the modern world. There is more to the app ecosystem than tiktok, maybe that's the miss here.

jsbisviewtiful: > It's never popular when I post thisThat's because you're coming off holier than thou and condescending. Anyone who understands gadgets will say phones are highly trackable and will have told anyone that well over 10+ years ago. It's a trade off of value. Corporations/gov can track me while I have my phone, but turn by turn directions, maps and a camera while wandering around are useful. We could legislate that traceability away in the US to an extent, but that would require our gov be working and right now it is not.

iamnothere: Phreeli seems to be the privacy promoting MVNO with the cheapest options. Not sure if it’s been audited or what its guarantees are, but anything is probably better than the big carriers.

everdrive: I'm probably going to delete my HN account soon. I'm so disenfranchised with the direction technology is going that I'm finding it really heard to be civil and constructive here. I'm not trying to be sanctimonious, but I am quite angry and perplexed at why people have have backed themselves into this corner.

everdrive: >There's also the possibility that we, as consumers, demand that the political system solves this issueThis will never happen, but good luck.

everdrive: >QR codesThose restaurants are worthless>KeysCarrying your car key does not count as inconvenient>BankingAgreed, and this is a problem, but you can just do your banking at home without carrying around your smart phone. This is a case where the industry is forcing a choice on consumers. I'm considering joining a local credit union for this reason.> NavigationHow did people manage this prior to 2007?

iamnothere: I can’t respond directly to octoclaw’s dead comment, but I will just say I agree, it is ridiculous both how cheap this data is and how many people aren’t aware of it. It’s not just governments who can get access, either.This is another reason why you should not be carrying a phone everywhere except for times where you absolutely need one.

Luc: It is dead because it is an LLM.

gniv: > > Navigation> How did people manage this prior to 2007?We had a map for each county. My wife would switch them when we crossed county boundaries and would give directions. We still got lost. It was romantic.

JohnMakin: This is goalpost shifting and ignored much of the point of my post. this same thinking can be applied recursively to “well, if you cant do that, it’s just dumb anyway.”And you’re flat out wrong about banking, there are things and situations that require you physically entering one. And yes it is a situation where society is forcing the decision, that’s my entire point - I as an individual cannot apply the non remedy of “just do everything on your computer, ldo” because society has stripped that choice from me. unless the prescription you’re giving is to withdraw from society - which is only proving my point.I’d also hardly describe my job as a minor inconvenience.I see these types of arguments a lot on this site and I am very confused where they are coming from. It’s almost like the implication is you have no right to complain about the privacy nightmare if you participate in using things that are necessary to participate in society. You can have reasonable privacy and these tools at the same time, it’s not an impossibility.

everdrive: I appreciate the response, and I would argue that in at least some cases “well, if you cant do that, it’s just dumb anyway.” is totally valid.With regard to the job, and the banking, I agree. I need to have OTP on my phone and I haven't tried to bank in person for a while. We have two young kids, and once things calm down I'm going to see if we can swap to a local credit union. The decision will be predicated on whether I can do everything in person.With regard to the phone, I think the softer version of my argument would be that you can install the bare minimum number of apps, and otherwise just set the phone on a table and not carry it around with you. If you're worried about government tracking, power your phone off when you drive to work. Your work itself (and all your logins) will reveal your location, so it's not really as if powering your phone back on once you get to work is much of a detriment. The same is true for banking. Even if you must use the smartphone, just leave the phone off / or in airplane mode and then just do the banking at your desk at home.In fairness to you, I'm pretty sure I failed a job interview once because I asked if I needed a smartphone for the job. I think my point would be that with the way things are going, it's becoming more and more important to figure out how to avoid as much of the smartphone as possible.

legitster: I work with Ad Data a lot in my job, and there's a lot of misconceptions about what this data that journalists love to propogate:The location data in these networks is very inaccurate. Your OS and browser actually do a pretty good job of locking down your location data unless you give explicit permission. It's in the ad network's interests to lie about the quality of their data - so a lot of the "location" data is going to be a vaguely accurate guess based on your IP address.But also, location data is really important to ads right now because, contrary to common perception, per user tracking is very, very hard. Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is unique. Which is why you are often served advertisements based on what other people on your network is searching - it's much easier to just blast everyone at that IP address than it is to find that specific user or device again in the data stream.Bidstream data in particular is very fraught. You're only getting the active data at the point the add is served, but it's not easy to aggregate in any way. You'll be counting the same person separately dozens or hundreds of times with different identifiers for each. The data you get from something like Mobilewalla is not useful for tracking individuals so much as it's useful for finding patterns.I think it's pretty telling from the few examples shared about how agencies actually use the data:>"CBP uses the information to “look for cellphone activity in unusual places,” including unpopulated portions of the US-Mexico border.">According to the Wall Street Journal, the IRS tried to use Venntel’s data to track individual suspects, but gave up when it couldn’t locate its targets in the company’s dataset.>In March 2021, SOCOM told Vice that the purpose of the contract was to “evaluate” the feasibility of using A6 services in an “overseas operating environment,” and that the government was no longer executing the contractSomething is going to have to be figured out about this data - realistically the only way is a sunset on customized advertisements. However, I would personally not be worried (yet) that the government is going to be able to identify an individual and track them down using these public sources as they currently are.

SoftTalker: Turn off the phone entirely.

kirth_gersen: Most have internal batteries and are still "on" to a certain extent unless the battery is completely discharged.

FpUser: People could've done a lot of things to make their lives better. Unfortunately they prefer to get "managed" with all the consequences. No matter what you cancel and where you would go you will find all the same. The fact that one know how how to write b-tree from the scratch means zilch in this department

butlike: So print off map quest and carry a disposable like in the 90s. If you don't use social media, the value proposition of a smart phone is incredibly low. I feel we peaked at mobile phones which could call and text.

ducttape12: Neither the government nor an ad agency needs to know where I am, no matter how "rough" the data is. It's none of their business.

js8: It's a false dichotomy. Citizens can have useful smartphones while not being tracked by unwanted actors.

Lammy: Not with modern cellular and Wi-Fi tech we can't. Base stations literally “steer the beam” to follow you. Precise location spying is essential to the way they achieve such high throughput.

iamnothere: Use one of the few phones with hardware kill switches or removable batteries.

stronglikedan: Also the fact that most people (the vast majority even) will never be affected by having their location data shared so they just don't care, myself included.

giantg2: Thanks! This looks like what I want

GuinansEyebrows: do you think that's any less likely than a mass boycott of all smartphone usage by the public?

ramoz: From my experience this data is not cheap from an average consumer perspective.

blurbleblurble: I can't help but wonder how much is being spent.

legitster: At this point, your device is not giving anyone your location without explicit permission. So it really just comes down to your IP Address, which services do need.

throawayonthe: we can't have privacy for mail contents. the post network literally "routes the package" via the address on the box. digging through your mail is essential to the way they achieve such delivery rates

Lammy: Unfortunately also correct: https://www.nytimes.com/2013/07/04/us/monitoring-of-snail-ma...“Mail Isolation Control and Tracking program, in which Postal Service computers photograph the exterior of every piece of paper mail that is processed in the United States”We Await Silent Tristero's Empire

ramoz: I worked closely to some of this. There were strict policies in place to never monitor US Citizens. That said i was focused in more kinetic warfare domains and not sure what would've extended past the borders by local law enforcements (DHS typically dictated no-us-soil policies). But, this is a money-hungry data pipeline of resellers and aggregators and they were always eager to sell more.

zoklet-enjoyer: How do they determine if the person is a US citizen? I've sometimes wondered if my Google account is caught up in mass surveillance of non-Americans because I created my main email address while living in Australia, though I am a US citizen and only a US citizen. I haven't checked in a while, but I know that even in the US, checking my email on the web it would show that it was connecting to an Australian domain.

johnnyanmac: [delayed]

Sparkyte: Why we need to use pihole more aggressively.

HerbManic: Im probably to last person to defend the entire stack that is the smart phone but this feels a little reductionist.I use mine as a phone, messaging, podcast player, camera, a banking device, a little email and occastionally the web. Thats it. Some convience is good, too much is very bad. No social media or whatever millions of apps they constantly try to push in your store of (enforced) choice.In someways we have done this ourselves but also there is a deeper societal issue. As Ellule and Kacsynski both pointed out, technology is voluntary to a point. But when it becomes a tool that you are practially forced to use to merely keep up with others, it is no longer a choice unless you can figure a way without it at your own peril.For instance my bank has become entirely dependent of their app as the glue between all their functions and authorisation. I can try to avoid this but it becomes very difficult, it goes beyond just convenience at that point. I do not like that at all, I think it is very short term thinking, but here we are.I try to avoid a lot of various technologies were I can make it work, I do not have a car for that reason, but smartphones have unfortunately become very ingrained in societies expectations at a blinding pace. Try to limit their use were you can, maybe others will follow.

WolfeReader: Encrypted messaging like Signal and Briar is so much more accessible thanks to smartphones. People who would've never touched GPG can get a lot of its benefits thanks to smartphone apps.(Which doesn't mean we have to give in to big corporations. Gotta love GrapheneOS!)

lo_zamoyski: This confuses a technology used for the purpose of optimizing the performance of a technology with tracking for the purposes of selling you crap or keeping tabs on your location for unwarranted reasons. Huge difference. The former does not entail the latter.

ux266478: Actually it is physically impossible to have any wireless comms at all without giving away a unique identity that can be tracked. Not unless you're going to replace your phone's radio every time you send some data. Every single transmitter has a unique fingerprint to it that can be identified relatively easily. It's called Specific Emitter Identification. If at any point a fingerprint is associated with your identity, it's trivial for a state actor to know exactly who and where you are every time your phone transmits something. They don't have to know what you're sending to know who you are or where you're sending it from. The electromagnetic spectrum is not a private medium.

daft_pink: There’s literally a flock camera at basically every street location that one suburb borders another where I live.There’s really not any legal practical way to avoid ALPRs.I’m pretty sure the government knows where I am 24/7. I’m not going to worry about targeted advertising by the government anymore and just worry about it the people reselling it to non-governments for use.

golem14: I think your is statement is inaccurate to the point of being intentionally misleading:Many devices, when running, and in some cases even if turned off but connected to their battery, will ping cell towers (maybe even BLE/Wifi) and get triangulated by the network infrastructure (such as cell towers) without actively broadcasting the GPS location.That's why I don't quite understand why the gubernment needs to have finer grained data (esp around the US/Mexican border). Precision location info would only be needed if you need to track people in densely populated areas.

PyWoody: > How did people manage this prior to 2007?MapQuest? It sucked.Google Maps does allow you to download areas to your device that can be used offline, too.

SoftTalker: Paper maps before that. If you were in AAA you could get a "trip map" that was a complete route with turn by turn directions and a spiral bound, printed map that you paged through as you traveled, but paper maps worked well. Not as convenient as a phone but not terrible either.

kelnos: [delayed]

iamnothere: Wow, they are improving. None of the usual tells, fairly accurate. That’s a little concerning.

SoftTalker: Still has the "it's not A, but B" rhyme, if not literally the pattern. But yes they are getting better.And it's a pretty new account.

kelnos: You're confusing a technical limitation with a policy decision. Just because the cell tower (as currently designed) needs to know your fairly-precise location at all times, it doesn't mean that location needs to be stored indefinitely or used against you.We could live in a world where we have strictly-enforced privacy laws. We don't, and that sucks, and if anything, we're moving further away from that state of affairs very day. But we could.

tencentshill: Then you are obligated to obscure that with a trusted no-log VPN too.

surround: > What You Can Do To Protect Yourself> 1. Disable your mobile advertising ID> 2. Review apps you’ve granted location permissions to.I'm surprised they missed the most important step, which is blocking the advertisers from collecting your data in the first place. This is easily done in the browser with uBlock Origin and system-wide with DNS filtering.

kelnos: [delayed]

shimman: Of course we can, these are all non physical properties of the universe. We can design things to not enable tracking or advertising, we just don't because the public isn't allowed to provide public solutions so we're forced to use malware by corporations that profit off of the malware.Do people seriously forget that humans design with an explicit purpose? That purpose can change you know...edit: needs to be stated that the last data privacy law the US passed was regarding video rentals in the 80s.

JKCalhoun: I have access ALL THE TIME……to a Field Notes book in my wallet (and a pen).

curt15: >For instance my bank has become entirely dependent of their app as the glue between all their functions and authorisationThat sounds horrible. What are users to do if their smartphone breaks?

notnullorvoid: IP Address is all you need to get fairly accurate (town or neighborhood) location for most of North America.But it is necessary to send it somewhere, otherwise the internet wouldn't work.Unfortunately it seems to have become accepted for our devices to communicate constantly and often with services we never explicitly started communication with (like Ad networks used in Apps).Permission systems on devices should care about Network connections just as much as Location. Ideally when installing an app you'd get the list of domains it requests to communicate with, and you could toggle them. Bonus points if the app store made it a requirement to identify which Domains are third parties and the category like an Ad service.

libraryatnight: This is funny because one of my major gripes with everyone having phones is they don't really use them for meaningful information seeking. They'll sit in conversation and speculate and invent nonsense, accept the smartest/most convenient sounding nonsense at the table, and move on as if they did not have the ability to look it up on the spot. Then later they quote the nonsense to someone else as if it were something they learned as opposed to made up with one of their social circles.

trinsic2: Yeah this is a good point. It would probably be a good idea to have an elective in high school/collage class on the recommended using of mobile tech and why its a concern to to using it to doomscroll because the algorithms are gaming your attention and trying to steer your perception.

cdrnsf: I have 26 apps on my phone. Of those, four are Safari extensions, one is a PWA and another I wrote myself. I use a restrictive nextDNS profile that also blocks Apple's native tracking (as best they can) and don't use social media. I feel like that's the best I can realistically do.

azalemeth: ...and the phone itself broadcasts your position to the cell towers with remarkable accuracy, 24 hours a day.

juris: > QR codes: haha those QR codes coincide with mandatory post covid tip rate and inflated prices; whenever I tip it's 15-18% cash, and direct to waiter.> keys + mfa: this one is a tricky one for me. thinking to go to web-only mfa fwiw and go RMS with just a laptop and a hotspot. does he even use a hotspot? haha> nav: lol yeah when smartphones first came out i just hated every design aspect about them (stupidly fragile screens at the time), but the most compelling reason to switch at the time was navigation. i don't mind printing mapquest again or just using a dedicated gps.it's the value prop of having "all the world's knowledge at your fingertips" versus:stupid obsoletion practices + lithium mining, corpogovernment surveillance + tracking, eroding mental health, porn, gacha games, cellphone thumb, doom scrolling + time wasted, enshittified content, and people having near constant access to you at all times (remember when it was rude to call past 8p?)that i think it's time to just leave your phone at home (you should at least pretend that you're a normie) and i'm an app developeranyone in construction really like their ruggedized SIP phone and can recommend a good voip system (ie they trust their voip provider) with e2e encryption that I can connect a wifi 6 mobile router to? someone a few months ago mentioned the mudi v2 and sim swapping with https://github.com/srlabs/blue-merle

PyWoody: The AAA maps are pretty great. I keep one of their spiral bound maps of my region in my trunk just in case.

h4kunamata: >For years, the internet advertising industry has been sucking up our data, including our location dataFor years, people have been sharing everything they do, what they do, people they spent time with, where they live.Advertisement industry just adds more info to complete your profile, what you buy, what you watch, what you speak online, etc.

qsera: You are worried about THAT?How about we carry a device with multiple cameras, multiple microphones, and 24x7 connection to the internet that is running an operating system made by an Ad Company, to the most private of places?

drnick1: It does not have to be that way however. There are plenty of phones out there running free/libre operating systems, including GrapheneOS, LineageOS, and various Linux options. I use GrapheneOS and wouldn't carry a phone running a proprietary OS.

cdrnsf: Hence the "realistically" qualifier.

keybored: People here complain that programmers aren’t engineers because real engineers can accidentally kill people and get sued if they mess an equation up. Instead of just breaking a build or something.I think it’s more concerning that programmers seem to have no care or shame about designing systems that works against the users’ interests. Did you share something intimate in our chat? Well it’s not E2E, moron, we have that now. How could you be this stupid?I can’t think of another profession (except pure value extraction types) which revels in exploiting people for not having the time or care to arrange their digital lives around the booby traps that nerds set for them.

vasco: A thief thinks everyone steals.

SoftTalker: It's "on" enough to detect the activity needed to wake it back up. But will a powered-off phone still be pinging cell towers or making WiFi requests?

tomhow: Comments moved to https://news.ycombinator.com/item?id=47249387.

Retric: How things are aren’t the only way things could be.A receiver could use a new random ID to call “collect” to a secure third party network which agrees to pay for the base stations bandwidth for every connection. The station then responds to the base station yep ID X’s bandwidth will be paid by vert tel.Obviously, this doesn’t eliminate the possibility of tracking as you’d want the cell to have multiple connections created and abandoned randomly, but it does remove that ID you’re concerned with.

wizzwizz4: GP is referring to manufacturing variance in the radio equipment, not the deliberately-inserted tracking identifiers. See, for example, doi:10.1016/j.dsp.2025.105201 and doi:10.3390/rs17152659 for relatively cheap approaches.The solution to this is just to make it illegal to store and process the results of such analysis applied to radio signals, without consent of the data subject (GDPR jurisdictions have that already), and to enforce that law.

Retric: Intentional noise can obstruct that signal. Which should be obvious from a pure information theory perspective, if you can extract more information from a transmission to identify the radio a transmitter could modulate that to carry information.

ux266478: Even going to the extreme of a friendly jammer producing a countersignal is only enough to fool the bottom end of hobbyists. The only thing you can do to stop SEI is to trash a radio after you've used it once. It's an unsolvable problem outside of that, and known as such for decades.

HerbManic: In my case a few weeks back when my phone failed, it meant no access over the weekend until I could get a very lengthy phone call to reinstate app access on a new phone.