New Post: How Librem 5 Solves NSA’s Warning About Cellphone Location Data

Possibly with an external directional antenna and helpful topography. I think this general question has been discussed in this forum before but don’t take it too seriously.

Once you associate with a tower, you are basically saying “here I am” (to within a margin of error).

If you don’t like that, use the HKS or leave your phone at home.

WiFi hotspots will make no difference to the location as determined by the mobile network provider and thereby reported to the government. WiFi hotspots could make a difference to the location as determined by the phone itself - and potentially then reported to another party by the phone - but then if you control the location reported, that location could be an outright fabrication. For an open source phone, reporting by the phone is less of an issue. You should be able to control it.

Exactly. As I said, the cell tower positioning can be taken out of the equation with the HW kill switch and is (probably) too difficult to alter. The others are my question: can their data be altered by user in any of the suggested ways and can that happen in L5 - could it be a feature provided by OS. To me, L5 is the first one where this could be possible and technically feasible. If possible, I’d like control over the location data content sent, as sometimes it needs to be sent for systems to work and often it’s not known can those fully be trusted (can any ever, is a philosophical question for another time). Control is not just an on/off solution - which is also good and needed (but the HW kill switches are not direct substitutes for what I’m asking). How possible is it, can such a control be created and what are the challenges (HW, SW, other)?

My understanding of WiFi location is that it relies on the phone receiving the BSSID (MAC address) / SSID of one or more nearby WiFi access points. What it does with that information is entirely up to it - including transmitting it to a server on the internet that will then map that to a physical location. You have options to

• say that no WAPs were detected
• alter the identity of any WAP that was detected (including swapping the identity with another WAP whose location you know - so if there’s a WAP at the gym, that’s straightforward for you)
• disable use of that location service by one or more applications

I think it would be difficult to simulate a long journey via WiFi.

It’s probably too early to say what could be done with GNSS. I would assume that you can’t directly alter the output of the GNSS chip - but what happens after that is up to you. It remains to be seen how easy or difficult the supplied software makes that.

Bear in mind that all falsification could be tested against your IP address. If your IP address says you are in one country and location services determines that you are in a different country then either you are proxying through that former country or, where a proxy is not an option, you are probably detected as falsifying the information.

I’ve seen geoIP information be out by hundreds or even thousands of kilometres but I’ve never seen it give the wrong country (except where the underlying geoIP database simply hasn’t been updated).

In a mobile context, your IP address may be being NATted.

IPv6 is an added wildcard in the IP address mix.

no but it’s final
you do make a good point that everybody needs safe and private in-between temporary solutions though …

Wifi is probably generally less reliable to use for general tracking, as hotspots may not be stable, but that cant be taken fro granted. For targeted tracking though falsified static location(s), falsified randomized info, and blocking all or selected hotspotinfo seem to be the ways. Depending on what the desired effect is supposed to be.

In GNSS there is the option of removing the all but the first digits few of the coordinates, which makes the area more general. It’s pretty much country level if there are only two digits given for coordinates. Or the last digits could be randomized (user could specify how many digits, how big of an area).

I’d guess IP, language setting, time setting (“Which city’s timezone do you want to use?”) etc. can be used to verify location. The IP6 is a good reminder.

These are the idea and possible methods, but the question remains: How does the data acquisition and transfer from these sensors to the apps to their systems happen - can a user defined management filter/layer/app be added there securely? Can or should it be deep in the kernel/OS or would it need a separate chip to control to be safe? And, of course user would need a convenient way to remove the obfuscation if own location info is needed.

It’s possible on Android using a piece of software called XPrivacy (and its slightly less featured, but still functional successor XPrivacyLua) - see https://f-droid.org/en/packages/eu.faircode.xlua/

It functions by intercepting messages sent between applications, so it can’t do anything about stuff which happens purely inside the modem (eg. responding to an RRLP message), but it can prevent things like Facebook eating your entire contacts list on startup (assuming that the FB victim is diligent enough to block it out) and to get around software crashing when the OS denies them permission to access some piece of data (it returns either a valid empty dataset or a customisable fake).

if not you get zucked …

You may have to wait until you have a phone to really get to the bottom of that. There may or may not be API documentation. I did a quick search but didn’t find any. You can presumably download the sources as they are today even if you don’t have a phone.

To take your example of making the GNSS chip output fuzzy … I would think “no”, it should not. You don’t want it really deep because if, for example, you are using your phone for navigation with a “maps” application, particularly an offline maps application, then you want fully accurate output from the GNSS chip to the application.

Likewise if you make an emergency call and are relying on AML then you want fully accurate output from the GNSS (as well as all other applicable information sources).

On the other hand, for general social media, if you allow location information at all, you probably do want it “vague”.

So I think you want it in a layer between the OS and the application. You would get to set the “permissions” in this layer as to what level of detail, if any, a specified application can have. You would of course be able to change permissions over time. I have no idea whether anyone is creating such a layer.

I expect that Librem 5 users will take more of an interest in this kind of control than the average phone user.

Back from lock-down:
I have to ask why this kind of logic has become the acceptable norm; that is spend more for privacy, security, anti-virus, anti-malware, anti-anti…

For most, we rent a device (leash), and pay dearly for it. In exchange we get to tell any government and/or corporation peeps and pervs at large where we are, where we have been and for how long, what we typed, received, saw, and even what we ignore - oh, and mustn’t forget, we get to read advertising after advertising surrounding some texts, emails, and maybe a tune or 2. I say "rent because we need to upgrade our devices, but new 'wares be it app, software, program, script or whatever the kiddie=koders are calling them this month, and when the proverbial ‘they’ finally fix their bugs and holes, it requires a new device.

That is not a “drop in the bucket” for most people who don’t really have anything to hide, they just don’t have anything they want to share. So why should we pay way too much for a semblance of ,mediocre privacy or rights to it? The answer is, because advertisers stole the web. And where do advertisers get their money? From device renters.

And, if the corporations are making money by pimping our privacy and rights to it, then isn’t it time they started paying us our royalties?

Lastly, Librem products seemed designed around shutting out the U.S. perps and peeves. Can’t wait for a Canadian/European version (I travel lots) because the U.S. doesn’t stop *SMRCing at it’s border edge.

Remember, the U.S. doesn’t own the Internet and even though the Internet is still WORLD Wide Web - remember, Google owns it now and Google owns the U.S. government. Think GLOBAL!

just say’in s’all.

~s~
BTW - I would love to buy the Librem 15 - but it’s for people with higher disposable income(EX: NSA employees using tax payers money) and seems built for U.S. protection from the U.S. itself. In short, I’ve no THAT size of a “drop in the bucket” anyway. Once the 15 is working better, I may take out a mortgage on the farm and buy drapes and a Librem 15 - - forecasted for my purchase (maybe) in December or January - I hope.

• SMRC = Stalk, Monitor, Record and Control.

I don’t see why you are saying that.

Librem products incorporate a range of technologies that seem like they should be effective against a range of perves, corporate and government.

None of the technology is any good if you voluntarily hand over a heap of personal information to a corporate perve like Google. Purism does its part but you have to do your part by not using problematic online services.

?

if it’s online it’s partly problematic already …

you’re right. it shares the world with China …

It seems @kieran, your thoughts go close to the example that @TungstenFilament found. That would be great to have. I’m only concerned, if it’s on app layer level, that it can’t be bypassed (obviously a matter of how it’s done and may not be much of a problem), or more to the point, I would like to also have some way to verify what location info is been sent / given to app(s). From a user perspective, it would be nice to have all the methods in one GUI with risk and accuracy assessments (best guess, based on what how accurately the end system may have pinned you after combining several data sources - sensors, metadata etc.). Wish-list material…

pls, expand. Or share an article. I’m super curious to hear more

@reC So says the U.S. But even if both shared the Internet with us plebes, it’s still not anyone’s Internet to dictate the sharing of. IMHO, government and corporations should ask us to Opt IN, not out of fake Opt-Outs and let the users police the 'net. It worked in the beginning - until corporate 'merica took over.

We need a new 'net. Theirs, and users. Theirs can fill it with government propaganda, and corporations can advertise their Snake Oil. Here I come - Deep Web! But that more garbage than political speeches. Let’s make the Deep Web Great Again. (smirk)

Unfortunately, the World Wide Web is now Country-Wide Web due to borders by countries. It was a great plan while it lasted.

The Internet, R.I.P. 1991 - 1995
~s~

you could say that this was ALWAYS the plan … get them hooked and then you can milk them for every penny

hi all!

yea u must b right!

@Sharon, my dear friend:
the dns is rooted in the us, and i think theres more that cant b really/easily worked around… btw too much trust is involved in the game, but thats not limited to the us otherwise ive seen something like blockchain based dns, but yet to dig deeper into that direction… also, i just found recently a decentralized search engine, magnetico i still didnt try it out, but it can be a thing, an just saying it, cuz i would never imagine before that i can leave out corps from searching… even more when *pple may buy duckduckgo… (nothing for sure about ddg as of my knowledge! ive seen that an *pple employee(?) suggested them to do so, but i hope they will get hit by a bloody meteorite raining before that would happen X’D k, better stop here for now X’D )

i wish all the bests to all of u folks!

What are you doing here??? You’re supposed to be working!

I have replies to your last input, but giving you space to finish that S project.

Anyway, no tin foil or gold foil for my hat - I just let those 5G rays sink in - it’s how I get a tan

~s~

stay indoors and wear a mask … that will keep the 5G from affecting your cell electro-magnetic-equilibrium … it will also keep those COVID like symptoms from manifesting and thus will allow you to escape a forceful insertion of an artificial lung respirator down your throat … because you’re ALREADY under house-arrest