Google has been sued over its Android location tracking practices, days after a similar suit was brought against Apple. According to The Detroit News, two Michigan women have filled a $50 million class-action suit against the web giant, demanding that the company stop offering Android phones that can track a user's location. …
Isn;t it a legal requirement in the states for new fancy phones to be able to pin point your location?
Anyway give it up, privacy as it was once known is a thing of the past, a thin illusion we like to delude ourselves with, much like we pretend to children that the easter bunny, santa claus or tooth fairy exists.
Sure there's still the illusion of "privacy" as we currently know it, but at some point you'll need to reevaluate what it means, but the most obvious thing is anything you do in public space (real or virtual and all networks that arn't secured vpns with trusted parties are public) is likely to be added to a mass pubic record that anyone who wants to can find. Like it or not, privacy is a myth.
It will be with that attitude..
"Like it or not, privacy is a myth."
Actually, no, it is a Human Right. You have it automatically, and only someone who wants to break that right has to defend themselves - you should not even engage in explaining why you want it. The problem is that the state (UK, US et al) is attempting to paint their law enforcement needs as a right, which it isn't. In a democratic society, the state is granted a privilege to invade privacy for specific purposes, but it remains a privilege.
If you allow this to happen and even escalate without protest, well, you will truly get the privacy you deserve. None whatsoever.
if you want to use 911 emergency ..
.. effectively on a mobile, your location needs to be pinpointed .. not aware of a US law requiring any carrier or smartphone manufacturer to make your location available to any government agency without a court order ..
.. so it's a feature of the 911 emergency system once you've dialed 911, not that enforcement can track you without showing probable cause to a judge
.. several apps, such as navigation and local search also make use of your accurate location, and to expect that voluntary data is not being collected and personally identified .. is naive ..
.. IMHO, however, information that is not volunteered should be deleted within minutes of it's useful end .. at least in the US .. Eurosheep and companies operating there have to contend with data retention laws from what I understand .. and have no right to sue over data collected and saved against your personal will
@It will be with that attitude
to be accurate, there is no "right to privacy" as that is vague and hard to define .. though it should be a basic human right (were reasonably definable), and there is US case law under certain cases that invoke the concept
what is a limit on government power related to right of privacy in the US is:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
I've called 999 (uk) from my mobile several times over the years, they always know where you are the second you call from the cell info. I don't the resolution, but when I've called it's been pretty close and that's including calls from old 2g S40 Nokias with no wifi or gps.
For a company whose motto is 'Don't be evil' they certainly are good at being evil.
If you say so.
Evil is in the eye of the beholder!
Some would say that they are doing what they say and providing a service as offered.
Are you kidding?
There's a checkbox in Android that says, "Allow Google's location service to collect anonymous location data". If you choose to check that, you are opting to allow Google to build its location database, which is helpful for those times when you can't get a GPS fix. The point is to improve the service for the customer. Nothing evil about asking people if they want to help improve a service that they benefit from.
Evil would be "Lets see where Jim in marketing has been going...." *punches in two locations (Jim's home and work) to pull up all UIDs that fit both criteria* ... *crunch crunch crunch* .... Computer dumps out the obvious handful or less of UIDs that have sipped both work and home WiFi/cell towers on a frequent basis... Ok, now pipe that UID into a mapper to show plots of where he's been. Oh look, the neighborhood strip club on Tuesdays....now where's his number. Perhaps he's willing to give us a pint on Tuesdays to keep it from the wife. Which is likely this other UID....
What is it REALLY being used for?
Phone: I'm -70db for wifi: ActionTek MAC: 00-03-04-94-90-30 (yes, fake MAC), Where am I?
GoogleServer: Likely somewhere near 37.0625,-95.677068
Phone to User: You are HERE --->
All without having to GPS (sucks battery) or actually works (if indoors or otherwise blocked). WiFi wardriving is quite low power since your antenna is technically only in receiving mode. It's sending signals that drains power. If this information is cached in advance, your phone wouldn't even have to talk to a googleserver (which is what Apple does).
As for the UID bit, it's likely to prevent people from crap-flooding their records. If they get sprayed with crap data from a single UID, they know they can just purge all data from that UID from the system. If they get sprayed with crap data from randomly-generated UIDs, they know they can disregard the RNG UIDs since they don't belong to an activated device. It's a quality assurance thing. Unfortunately, they don't purge the UID after X days/weeks/months, which is how I would have implemented the system. "Sure, we collect UIDs for data-integrity purposes, but we sanitize even those after 3 months when we have validated the quality of the associated data."
>All without having to GPS (sucks battery)
GPS is receive only no transmitting so it is much easier on battery life than exchanging data with a server via wifi.
....no it isn't because WiFi is very intermittent whereas GPS requires constant battery drain to run the receiver and correlators as it has to receive all of the nav messages to maintain lock.
Well done sir...
thank you for explaining to the great unwashed how the data is used...
now they can STFU and go bleat on about something else or get back to playing on PSN...
I gotta say, the data should only be retained on the handset for a short time 24 to 36 hours max ... not like the apple 'Bugs' (read as mess)
I take it that you have not switched on the GPS location services on your phone and watch the battery drain?
My Blackberry also has an option labelled "Anonymously collects data to improve the speed and accuracy of future location services". It's enabled (by default I think, since I don't recall changing it).
So it looks like they all do it: I'm guessing the intent isn't particularly malicious, but whether the legal implications have been considered is another question?!
I'm surprised no one commented on:
"GoogleServer: Likely somewhere near 37.0625,-95.677068"
Yes, it's a real lat/long coord, purposely picked. Part of the joke that seems one step too far (having to look it up) to catch. :)
As for the battery-drain of a GPS, the previous commentator is correct: WiFi is intermittent, and can go several seconds (or longer even, depending on power saving mode and other software configs) between WiFi polling. GPS has to, nearly continuously, monitor and number-crunch streaming data from at least three (usually 4) satellites. (By "number-crunch" I mean calculate the satellite's current location via it's almanac of flight paths, update said almanac from satellite data [due to gravitational forces causing orbit shift], constantly adjust its internal quartz clock to account for inaccurate timing compared to atomic timekeeping, etc). This is orders of magnitude more intensive than processing a simple SSID beacon packet (and consequentially discarding all other unnecessary packets) during a finite window of time every few seconds (or more).
I'd prefer only a few days of local caching, or at the very least, having the cache purged (or securely "scrubbed" [which depending on the flash storage controller may be difficult]) when you disable location services. That way, if you're truly paranoid (or want to keep something from the snoopy <insert person/organization X here>) you can just flip the services off during/after and be fine. Now there's the pesky problem of potential records that cell towers can keep of what towers your SIM card has talked to and when.... Perhaps this is all a matter of just turning the phone off (pop the battery perhaps, just to be safe? Sorry iPhone users, you can't do this) so that you're "off grid" during your times of "required privacy."
Did you even read the full article?!
"According to Kamkar, Apple also continues to send cell tower and Wifi data back to its servers when location services are turned off. This is not the case with Google. When Android location services are turned off, Google stops sending data back to its servers."
They ask you right from the start if you want location services turned on. How exactly is that evil?!
This is all smoke and mirrors to take attention away from Apple's blunder.
How about collecting information from non-customers? Never has an Android phone been on my WLAN and yet the MAC's are in their (Google) system. Where is MY opt out?
I'm wondering how their system will handle duplicate MAC's. On my WLAN equipment I can change the MAC and then when an Android phone sees it, it will report back and possible overwrite the location of the other. Given then I have multiple WLAN's in multiple locations, it would be viewed as a roaming hotspot. AP/wireless router manufacturers should allow the consumer to change the MAC on the WLAN side. That would put an end to this tracking when only a few MAC's were in use.
NGC - Trillium Cinema?
Confused of .uk.
You have to agree for it to track you, if you later don't like the idea turn it off (Settings > location & Security > My location). So how you can sue because your phone is doing something you specifically agreed to is beyond me?
Go ahead, do the Menu, Settings, Location OFF. Then go to any app that would probably need location, e.g. maps (although even still, it should only need MY LOCATION if I then wanted points A to B directions). BINGO phone knows exactly where I am, even with Location OFF. I can drive down the road 20 miles, check again, Google knows exactly where I am.
I rarely do anything that requires knowing my location.
With Location OFF, I'd prefer the app (or phone OS) to say "the app you're trying to access/use requires Location details. Turn Location ON? Yes/No"
Make it so that 911 automatically turns Location OFF ... is that even do-able?
of course user would need to remember to turn Location OFF when done.
You Guess again
Yes even with location off it knows, roughly, where you are as it's using cell towers to place you but it isn't storing the info or looking at wifi networks to improve accuracy.
Luckily for those suing we don't live in an anarcho-capitalist shitopia yet.
"The location data...on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location."
Why does it need this? If it has an inbuilt GPS unit and gets details from the cell tower for A-GPS what does it need this cache for? My phone doesn't need the location of cell towers or hotspots as it is capable of detecting the presence of either.
"To quickly determine a user's location, Apple and Skyhook cache a portion of their location databases on phones."
What's the point of the GPS unit then? My iPhone clearly doesn't get a good location indication in a city until the GPS locks on - you can tell this from the size of the circle of uncertainty which shrinks after a minute or so which is clearly GPS resolution timeframe rather than 'speedy cached location data'. The cell triangulation will be giving it this initial location.
To get that GPS lock faster.
That is the point of the database.
Because of efficiency and speed of time-to-fix perchance?
Nice background info here ..
"Why does it need this? If it has an inbuilt GPS"
recently I went on holiday to the USA, after switching my satnav off in Manchester Airport and getting on an aeroplane, Sit there for 9 and a half hours, get off in Orlando international then try to find the pickup point for my hire car......
My phone, as soon as i switched wifi on in the airport knew exactly where i was !!! and could direct me to the car pick up point.... once I got to my car and I switched my satnav on and guess what? it took at least 10 minutes to get my location...
It is a phone right? It therefore has a connection yes? It has a GPS yes? Send to server a couple of beacon descriptions that it has to obtain anyway to use the database - WI-FI, cell towers etc - and get assistance response in return. Get location quicker. No need to cache a poxy location tracking database. Get it now?
The gps function in cell phones (in the US anyway) is required by law. Theoretically the ability to remotely fix the location of a phone during an emergency might save lives or ... what ever. Short of not having a battery in the phone, the location is always available to law enforcement - or a knowledgeable snoop.
Upon reading yet another article about people suing for an over the top amount of cash when no harm has befallen them I thought I should check my thoughts against El Reg's "House Rules" before posting them. I got as far as "Be polite".
"Google says that Android location services use an "opt-in" setup and that location data sent back to the company is "anonymized"."
FFS, when you first activate your Android, you're asked if you want to use Google's location services. It's not in the least bit shady, as you seem to be trying to suggest here. It's opt-in, not "opt-in".
Actually it is opt-out.
In that the selection is already checked. and it you simply continue (what most people do) the location services are activated.
At lest that is how it worked on the two Android devices I setup. But then again, Google uses a totally different definition for opt-in VS opt-out than the rest of the world. To them, simply asking a question is "opt-in".
According to the screenshot here:
you either hit 'agree' or 'disagree' - no tickbox involved. This may be a recent change, of course, I honestly don't remember from the last time I did an activation.
Whatever, Google/Android is completely upfront about it, and it's not like the situation with the non-optional location tracking bug on the iPhone.
Re Alan Twelve
So, you tick the opt-in to allow anonymised data to be sent to Google.
Your Android handset sends out data tagged with a unique, constant and persistent identifier.
Does the first mean you agreed to the second? Depends on how you define anonymouse and/or what Google do with it and how long the UID is kept and/or associated with the data.
As to UK and/or EU legislation on data retention, I don't think this type of data is covered anyway. IIRC, the only data retained for any length of time is destination websites, source and destination of emails and source and destination of phone calls.
I just did a factory reset on my Desire, you get asked enough times in the setup about location based services that there is no way you can say you didn't know, and you can opt out at any time, it's all there in the settings menu.
Of course, these people won't have looked in their phones settings, they probably just clicked okay on every page without reading a thing, too intent on getting facebook and twitter set up to care. The ironic thing is they have probably been happily signing into places on facebook and announcing where they are going on twitter.
While I agree with you in general, it bears pointing out that many stores activate the phone for the customer, as a service. Therefore the technology-clueless owner may never even see the warning.
So they both saved a few bucks when Skyhook had a less invasive technology that would have drawn less fire, and Skyhook would have taken the legal heat, while Google and Apple would have had plausible deniability.
These smart guys aren't always so smart.
Tripwire, Firewall, and Activity monitor...
I STILL want Google to provide its users the tools to irrefutably KNOW when their phone is remotely contacted, rummaged, and pilfered when those touched things are not related to the surfing. For example, i have a staging download folder. From there, I periodically relocate stuff to another folder. If i have a tool (a legit one, not one that Google/et al backdoor on behalf of some agency to lie to me) that tells me what folders got probed and sucked of information. If a website or app wants to edit cache or other files strictly in its own existence, maybe fine. But those apps should not be tallying things on my phone outside their own reason *I* chose to install the app.
THIS subterfuge is what Google is not answering up to. It is NOT providing us peace of mind, and is leaving up to us having accepted that an app may "delete or modify files on your phone..." WHAT FSCKING files? WHAT folders? WHICH ONES outside the app. HAVE they been vetted by google and given a clean bill and certified to be non-government, non-criminal backdooring tools.
One shouldn't be put in the FSCKING position of accepting being digitally raped merely because one gives in to buying and using a mobile device. Trespass on our homes could be met with woeful consequences for the trespasser who cannot be identified. The same should be allowed for users - to burn the britches of ANYone who rummages, roots, and takes from our phones. My phone is akin to my wallet, and if anyone on the street tried to accost me or shake me down or slice it out of my pocket, I HAVE the right to resist, and if struck, to strike back. I declare that my phone is off limits, and i lament that i do not have to power nor intelligence to smack and punish "malfeasers" muckign about with my phone. All I can do is bitch and hope the Cosmos amplifies my rage and sends some wicked bitch-slap karma their way. Yeh, they have jobs to do, but not until someone is a bonafide criminal or conspirator of/to a crime. Non-police crackers DEFINITELY don't have any layers of protection from a smacking. But, like the police, they can operate with impunity because they are difficult to find.
In the end, Google, Apple, and others won't learn unless TENS of millions of subscribers defy and excoriate them into giving us privacy that is real, not smoke and mirrors. As it is now, any pushed or accepted update we get could be a trojan from criminals or law enforcement, and 99.99999% of us would not know it.
Quick dssf turn all your FSCKING computers off, now!
Sell up, cut up your credit/debit cards, and move to the Amazon. Don't forget your FSCKING tin hat!
That's quite the infestation
What an awful lot of bugs Apple seem to have discovered that resulted in unpopular device behaviour.
The cache not getting flushed sounds like a fairly plausible bug, but continuing to transmit all the information when the feature is turned off sounds like more than a bug. And the combination of these things?
It could be the time to invoke Hanlon's razor, but it smells like too much of a convenient mistruth.
Who benefits from the bug?
A lot of suspicion has been aroused by Apple identifying bugs in the location cache management. As far as I can tell, the bugs allowed the cache to grow far indefinitely and failed to delete it if Location Services were disabled. If this isn't a bug, i.e. it was deliberately coded that way, who would benefit from that (and how)? It seems to me that it would do little more than waste space on your phone.
Fantastic!!! in the end the lawyers will get 30% and everyone else will get a buck if that.... Thanks for raising the cost for my next cell phone. Hope they lose~
30% blame to the 2 twits, 70% to the scumbags, err lawyers.
Not that we needed more proof of the need for tort reform. I can't wait to hear what damage they claim.
Apparently, women did not read the article that says...
"If Android location services are turned on..."
I have location services turned off on my HTC EVO 4G. Does that mean that I cannot sue Google? ;-)
Seems to me that the main point is if the data is actually anonymous. Why is there a unique identifier for each phone included? If this can ever be used to pinpoint the owner of the phone originating the data, then the opt-in to an anonymous service is totally invalid.
you appear to have a different idea on what anonymous means to what I do.
an unique identifier is just a random number to identify WHERE the data comes from. so long as that data is not attached to your phone number or IMMME number then the data is anonymous. once the data is confirmed as "valid" then the UI is dropped from the database.
At best, a if the data is analysed then it could pinpoint your location where you probably live or work, but it is within a range of addresses. the best my phone could do is pinpoint my address to a possible 40 or 50 addresses....
And where you work to another 40 or 50 addresses
And how many people do you reckon are in both?
Patent Trolls & Litigation Trolls
Unfortunately, in the States, there is a whole legal industry of Litigation Trolls whose sole purpose is these kinds of suits. Their goal is to get what is called "Class Action Status", where the lawyers get designated by the courts as representing all potential plaintiffs whether they want to be involved or not. The lawyers take a huge chunk of what is "won" or in the "Settlement". The members of the class (in this case, all Android owners) usually get nothing, or maybe a coupon for some small discount on a future purchase. The lawyers get rich and society basically gets taxed for the lawyers benefit. There have been cases in the States where the members of the class actually had to pay as the lawyers fees exceeded the winnings of the suit.
madness at an increasing level
those people claiming to sue just to make money have rather valid points.
if they don't ever want where they've been to ever be recorded/ traced- then they have all the rights. what are we under a police unit called the Apple?
US = Regulation by law suit
This is how the US works (sadly IMHO). There is relatively little regulation for most corporate behaviour - the threat of punitive law suits is what keeps most people (and organizations) from doing anything even remotely risky.
What always amazes me (after living and working in North America for 10 years now) is how repressed this actually makes corporations in real life - and yet how corporate behaviour is always seen as rapacious and uncontrolled. I guess the lawyers are happy to keep it this way since it helps them to whip up enough prospective plaintiffs for a class action suit, but the chances of losing when it comes to a jury are so high that most corporations fold and settle out of court, perpetuating the impression of wrongdoing.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs