New Post: How Librem 5 Solves NSA’s Warning About Cellphone Location Data

So are you saying I should start making my hats out of gold foil?

1 Like

Just out of curiosity, there is a lot of talk about “on/off” solutions to this… challenge… to live with any networked devices and connected systems, but would it be technically possible to alter the location data given by the sensors? I mean, it’s good to have the option to be absolutely sure, but it would also be nice to have risk-mitigating options when you eventually do have to use networked services.

Adding noise or randomizing it a selected amount or some such - depending on user preference, if they want it to appear that they are always at home, in the same general area, same country, next continent or 4th planet or constantly moving. As it was discussed in the NSA paper, as well as here in other threads, there are several methods to get location data, at varying accuracies. Single data points can give a rough location but combining several sources can be used to pinpoint (which is often forgotten). But, forgetting that device and it’s displayed info can be compromised, could it be possible to manage the accuracy and related aspects of location info and what would that need?

Could this be a first for PureOS, as other mobile OSs haven had the possibitity or incentive to do anything like this before, or is there enough reasons not to do this?

The main hardware that would be important here is the cellular modem and the way that it associates with towers naturally ends up meaning that cellular providers know where you are. This is by design because the cellular provider needs to know which tower to use to direct an incoming call to you, and if you are moving (like when driving in a car) it needs to know when to change the primary tower you are associated with, with a new one.

3 Likes

Rememember whatever metal hat you decide to wear, it has to be GROUNDED to block RF.

3 Likes

yes and this also raises concerns about signal-strenght … there is a point at the middle of the distance between the two-towers that the RF radiation is at it’s maximum or it could happen if the signal is degraded due to some obstacles … this is probably controlled automatically by the proprietary firmware in the modem … but since we don’t see the code we don’t know what rules are set in order for it to keep the signal at a “preset-level” …

on another note the L5 battery is not that large … just 3600 mah

in comparison if i can use a TASER that has a similar if not lower batter capacity to INCAPACITATE a living target … makes me highly suspicious about the power of a short burst of concentrated RF pulse … they say it’s not the size but how you use it that counts :sweat_smile:

That is true. The basic rule is, the network you are connected to is connected to you and knows something. What @reC suggested - altering signal strength of the modem - sounds like it could be used to cause some ambiguity there. But cellphone system (and location info based on it) is probably too much of a challenge because its design requires known connection.

But cell connection is only one culprit, so why should it be used as a reason not to also take into account the others: GPS/GNSS, wi-fi, BT and even gyroscope (movement)? Since we can kill cell modem in L5, we’d be in a unique and good position, where the location could be more controlled (since we have to use connections and services, at least occasionally, to actually use the device and some services). IP and network based location could be taken care of with VPNs. Metadata (language settings, used units etc.) and info given to services are given by the user. Which pretty much only leaves what the sensors tell - and the systems use to assign location - and that is the location data I was referring to.

Can those sensor outputs be made more user controlled, could location data actually be managed (as in: only give out my homecountry, show me at the gym when I’m out, jump my location around randomly in a 75km radius, increase error margin by 30%, add ghost signals from random hotspots, always show me moving etc.)? And there is a difference in not giving any location info (which seems impossible and sometimes blocks services) and giving false or less accurate info (which is for protection but also possibly enough for the service to work).

Possibly with an external directional antenna and helpful topography. I think this general question has been discussed in this forum before but don’t take it too seriously.

Once you associate with a tower, you are basically saying “here I am” (to within a margin of error).

If you don’t like that, use the HKS or leave your phone at home.

WiFi hotspots will make no difference to the location as determined by the mobile network provider and thereby reported to the government. WiFi hotspots could make a difference to the location as determined by the phone itself - and potentially then reported to another party by the phone - but then if you control the location reported, that location could be an outright fabrication. For an open source phone, reporting by the phone is less of an issue. You should be able to control it.

Exactly. As I said, the cell tower positioning can be taken out of the equation with the HW kill switch and is (probably) too difficult to alter. The others are my question: can their data be altered by user in any of the suggested ways and can that happen in L5 - could it be a feature provided by OS. To me, L5 is the first one where this could be possible and technically feasible. If possible, I’d like control over the location data content sent, as sometimes it needs to be sent for systems to work and often it’s not known can those fully be trusted (can any ever, is a philosophical question for another time). Control is not just an on/off solution - which is also good and needed (but the HW kill switches are not direct substitutes for what I’m asking). How possible is it, can such a control be created and what are the challenges (HW, SW, other)?

My understanding of WiFi location is that it relies on the phone receiving the BSSID (MAC address) / SSID of one or more nearby WiFi access points. What it does with that information is entirely up to it - including transmitting it to a server on the internet that will then map that to a physical location. You have options to

  • say that no WAPs were detected
  • alter the identity of any WAP that was detected (including swapping the identity with another WAP whose location you know - so if there’s a WAP at the gym, that’s straightforward for you)
  • disable use of that location service by one or more applications

I think it would be difficult to simulate a long journey via WiFi.

It’s probably too early to say what could be done with GNSS. I would assume that you can’t directly alter the output of the GNSS chip - but what happens after that is up to you. It remains to be seen how easy or difficult the supplied software makes that.

Bear in mind that all falsification could be tested against your IP address. If your IP address says you are in one country and location services determines that you are in a different country then either you are proxying through that former country or, where a proxy is not an option, you are probably detected as falsifying the information.

I’ve seen geoIP information be out by hundreds or even thousands of kilometres but I’ve never seen it give the wrong country (except where the underlying geoIP database simply hasn’t been updated).

In a mobile context, your IP address may be being NATted.

IPv6 is an added wildcard in the IP address mix.

2 Likes

no but it’s final :triumph: :upside_down_face:
you do make a good point that everybody needs safe and private in-between temporary solutions though …

2 Likes

Wifi is probably generally less reliable to use for general tracking, as hotspots may not be stable, but that cant be taken fro granted. For targeted tracking though falsified static location(s), falsified randomized info, and blocking all or selected hotspotinfo seem to be the ways. Depending on what the desired effect is supposed to be.

In GNSS there is the option of removing the all but the first digits few of the coordinates, which makes the area more general. It’s pretty much country level if there are only two digits given for coordinates. Or the last digits could be randomized (user could specify how many digits, how big of an area).

I’d guess IP, language setting, time setting (“Which city’s timezone do you want to use?”) etc. can be used to verify location. The IP6 is a good reminder.

These are the idea and possible methods, but the question remains: How does the data acquisition and transfer from these sensors to the apps to their systems happen - can a user defined management filter/layer/app be added there securely? Can or should it be deep in the kernel/OS or would it need a separate chip to control to be safe? And, of course user would need a convenient way to remove the obfuscation if own location info is needed.

It’s possible on Android using a piece of software called XPrivacy (and its slightly less featured, but still functional successor XPrivacyLua) - see https://f-droid.org/en/packages/eu.faircode.xlua/

It functions by intercepting messages sent between applications, so it can’t do anything about stuff which happens purely inside the modem (eg. responding to an RRLP message), but it can prevent things like Facebook eating your entire contacts list on startup (assuming that the FB victim is diligent enough to block it out) and to get around software crashing when the OS denies them permission to access some piece of data (it returns either a valid empty dataset or a customisable fake).

2 Likes

if not you get zucked … :sweat_smile:

You may have to wait until you have a phone to really get to the bottom of that. There may or may not be API documentation. I did a quick search but didn’t find any. You can presumably download the sources as they are today even if you don’t have a phone.

To take your example of making the GNSS chip output fuzzy … I would think “no”, it should not. You don’t want it really deep because if, for example, you are using your phone for navigation with a “maps” application, particularly an offline maps application, then you want fully accurate output from the GNSS chip to the application.

Likewise if you make an emergency call and are relying on AML then you want fully accurate output from the GNSS (as well as all other applicable information sources).

On the other hand, for general social media, if you allow location information at all, you probably do want it “vague”.

So I think you want it in a layer between the OS and the application. You would get to set the “permissions” in this layer as to what level of detail, if any, a specified application can have. You would of course be able to change permissions over time. I have no idea whether anyone is creating such a layer.

I expect that Librem 5 users will take more of an interest in this kind of control than the average phone user.

1 Like

Back from lock-down:
I have to ask why this kind of logic has become the acceptable norm; that is spend more for privacy, security, anti-virus, anti-malware, anti-anti…

For most, we rent a device (leash), and pay dearly for it. In exchange we get to tell any government and/or corporation peeps and pervs at large where we are, where we have been and for how long, what we typed, received, saw, and even what we ignore - oh, and mustn’t forget, we get to read advertising after advertising surrounding some texts, emails, and maybe a tune or 2. I say "rent because we need to upgrade our devices, but new 'wares be it app, software, program, script or whatever the kiddie=koders are calling them this month, and when the proverbial ‘they’ finally fix their bugs and holes, it requires a new device.

That is not a “drop in the bucket” for most people who don’t really have anything to hide, they just don’t have anything they want to share. So why should we pay way too much for a semblance of ,mediocre privacy or rights to it? The answer is, because advertisers stole the web. And where do advertisers get their money? From device renters.

And, if the corporations are making money by pimping our privacy and rights to it, then isn’t it time they started paying us our royalties?

Lastly, Librem products seemed designed around shutting out the U.S. perps and peeves. Can’t wait for a Canadian/European version (I travel lots) because the U.S. doesn’t stop *SMRCing at it’s border edge.

Remember, the U.S. doesn’t own the Internet and even though the Internet is still WORLD Wide Web - remember, Google owns it now and Google owns the U.S. government. Think GLOBAL!

just say’in s’all.

~s~
BTW - I would love to buy the Librem 15 - but it’s for people with higher disposable income(EX: NSA employees using tax payers money) and seems built for U.S. protection from the U.S. itself. In short, I’ve no THAT size of a “drop in the bucket” anyway. Once the 15 is working better, I may take out a mortgage on the farm and buy drapes and a Librem 15 - - forecasted for my purchase (maybe) in December or January - I hope.

  • SMRC = Stalk, Monitor, Record and Control.
1 Like

I don’t see why you are saying that.

Librem products incorporate a range of technologies that seem like they should be effective against a range of perves, corporate and government.

None of the technology is any good if you voluntarily hand over a heap of personal information to a corporate perve like Google. Purism does its part but you have to do your part by not using problematic online services.

?

1 Like

if it’s online it’s partly problematic already …

1 Like

you’re right. it shares the world with China … :shushing_face:

1 Like

It seems @kieran, your thoughts go close to the example that @TungstenFilament found. That would be great to have. I’m only concerned, if it’s on app layer level, that it can’t be bypassed (obviously a matter of how it’s done and may not be much of a problem), or more to the point, I would like to also have some way to verify what location info is been sent / given to app(s). From a user perspective, it would be nice to have all the methods in one GUI with risk and accuracy assessments (best guess, based on what how accurately the end system may have pinned you after combining several data sources - sensors, metadata etc.). Wish-list material…

2 Likes

pls, expand. Or share an article. I’m super curious to hear more :slight_smile:

1 Like