back to article Boffins crack smartphone location tracking – even if you've turned off the GPS

Religiously turning off location services may not save you from having your smartphone tracked: a group of IEEE researchers have demonstrated it's possible to track mobes even when GPS and Wi-Fi are turned off. And, as a kicker: at least some of this data can be collected without permission, because smartphone makers don't …

  1. James 51 Silver badge
    Gimp

    Nokia 3310 keeps looking better and better.

    1. phuzz Silver badge
      Big Brother

      Is there any way to do encrypted comms on a 3310 though?

      Handwritten notes encoded with a one-time-pad are looking better and better...

      1. Dan 55 Silver badge

        There is a 4G version out this year. As 4G use on the phone will be limited, hopefully this means it's also got tethering.

      2. John Smith 19 Gold badge
        Unhappy

        IOW this is *not* secretely activating GPS. It's "inferred" location with *near* GPS accuracy

        Which is

        a) Quite clever

        b) Very f**king scary

        c) Only possible because of the clumsy security control on most phones. Phones IP address is not sensitive. WTF? I mean WTF?

        And yes I think every service on a "smart" phone should be user level controllable regarding what apps can access it. If you want it to be available to "all" then fine, but the default should be "none."

        Personally I'd prefer a "spoof" mode where apps that insist they can't run without access to your address book (why?) should be set to use the phones default app(s) which should then generate a limited amount of plausible BS.

      3. veti Silver badge

        You can do encrypted comms with a pen and paper, quite ordinary people have been doing it for centuries. Of course you can do them with a 3310.

  2. Lee D Silver badge

    Gosh, it's almost like if you let a piece of software collect lots of unnecessary data and then upload it to some random place on the Internet, that someone could use this against you in some way.

    Seriously... fine-grained permission control. Why are air pressure and heading not protected by a permission? Because there's no "you must ask for permission" blanket default before a "you must grant permission" user-authorised exclusion when that data is requested.

    And users are stupid and don't understand that a walking app doesn't need to know your air pressure.

    Honestly, any combination of more than 2 or 3 permissions is a warning sign, and things like "requires Internet access" isn't fine-grained enough. MAKE APP MAKERS SPECIFY TARGET DOMAIN NAMES.

    PC's are rapidly moving towards web-services contained within the browser DOM model on the local PC, apps are the equivalent of installing a Flash plugin. It's a backwards step.

    Sorry, but you get the bare minimum of permissions to do the task at hand, the default should be "no" for everything, and users should be able to say "Pretend I've given it the permission, but just send it fake data" (e.g. The flashlight app wants webcam access? Sure. Send it some white noise.). But, to be honest, rather than propagate the Vista UAC debacle into every mobile phone on the planet, let's just stop making programs that require those permissions and refuse them at the app-store. Literally force the writers to publish something like an SELinux capability report, down to port numbers, domain names, and format of information sent, individual permissions for everything (there should be no "you need to ask for camera access to turn on the flashlight" as is/was common), which is then audited for necessity, and any warning that pops up EVER on any phone that it's breaching those capabilities result in its being blacklisted as an app.

    Without it? You're in a blank sandbox filled with false info no matter what you request.

    1. ChrisC

      "And users are stupid and don't understand that a walking app doesn't need to know your air pressure."

      If it's just a simple step counter app then OK, no need for any sensor access beyond the accelerometer. But if the app is trying not just to count steps but also estimate calories burned as a result, then knowing if those steps resulted in you gaining, losing or maintaining elevation means the resultant estimation will be somewhat less inaccurate than a simple "1 calorie = x steps" conversion.

      Not that I disagree with the more general observation that users can and do completely ignore some utterly insane permission requests from apps, or that the current permissions model is a bit broken, but to suggest people are stupid if they allow an app to request a permission which isn't obviously out of scope for that type of app... bit harsh methinks.

      1. Mike Moyle Silver badge

        The impression that I got from the article is that users are never ASKED to authorize sharing of barometric data because handset/app makers don't consider that personally identifiable information. Hell, they may not even specifically intend to collect it, but simply don't NOT collect it along with temperature and other environmental data.

        So "clueless users" criticisms might be misdirected, in this case.

        Or, am I missing something...?

      2. JohnFen Silver badge

        "But if the app is trying not just to count steps but also estimate calories burned as a result, then knowing if those steps resulted in you gaining, losing or maintaining elevation means the resultant estimation will be somewhat less inaccurate than a simple "1 calorie = x steps" conversion."

        Technically true, however it's also true that step counters are horribly inaccurate in actually counting steps. The error introduced by that has got to swamp out whatever error might be introduced by changes in air pressure.

        Also, determining elevation by air pressure will only give a rough guess unless you have a way of comparing it to the air pressure at a known elevation in the same area.

        1. John Brown (no body) Silver badge

          "Also, determining elevation by air pressure will only give a rough guess unless you have a way of comparing it to the air pressure at a known elevation in the same area."

          Nah, you just need to measure changes. Of course, things may appear a little different if there's a big pressure change due to weather while out walking.

      3. eldakka Silver badge

        > hen knowing if those steps resulted in you gaining, losing or maintaining elevation means the resultant estimation will be somewhat less inaccurate than a simple "1 calorie = x steps" conversion.

        The app can calculate that locally from those inputs, but it doesn't need to send that raw data into the cloud.

  3. Steve Evans

    Curious...

    I thought elevation was only provided by the GPS... Is that available without location permissions?

    Even if it is, being a non-primary function of GPS, elevation is not really very accurate, which might be OK if you're tracking someone in the foothills of the Andes which dwarf the margin of error, but those is flatter areas are likely much harder to track...

    If paranoid move to the Netherlands.

    1. Len Goddard

      Re: Curious...

      They use the barometer. Combine air pressure with known atmospheric pressure in the region you are in and you get a pretty good estimate of altitude. Worked for the aviation industry for many years before GPS.

      1. Anonymous Coward
        Anonymous Coward

        Re: Curious...

        > Worked for the aviation industry for many years before GPS.

        And still does, being our altimetric datum.

        This *will* change but not in the next 15 years.

      2. Steve Evans

        Re: Curious...

        They use the barometer. Combine air pressure with known atmospheric pressure in the region you are in and you get a pretty good estimate of altitude. Worked for the aviation industry for many years before GPS.

        I did mean to mention that, how common is a barometer in smartphones these days? I realise I'm not cutting edge, still happily using a 3 year old phone, but I certainly don't have one.

        1. TRT Silver badge

          Re: Curious...

          You sure that's barometer and not bar-o-meter, the pub crawl app?

          1. quxinot
            Pint

            Re: Curious...

            "You sure that's barometer and not bar-o-meter, the pub crawl app?"

            Can't tell. The screen's all blurry....

        2. JohnFen Silver badge

          Re: Curious...

          My phone is nearly five years old and contains a barometer. Those sensors are tiny and dirt cheap, and so I expect that they're pretty common these days.

    2. Anonymous Coward
      Anonymous Coward

      Re: Curious...

      GPS elevation data is consistent, if not accurate, and therefore can be used for assumptions.

      Agree that all sensor information should have permission, and frankly should be more prominent in advance of app installation. Why would a torch app need ANY sensor information, for example, its either ad related or malicious (fine line sometimes...)

      data leakage of any kind is likely to result in some kind of matching data attack, although it is also likely that this will become a de-facto issue of having a smartphone at all. Organisations that you permit e.g. Strava can still have the TLA organisations tapping them on the shoulder or subverting their feeds regardless. Probably easier for them to simply open their own advertising shops though in a similar vein to creating their own TOR nodes...

      Most people outside the reg forums don't really know what tinfoil is for, let alone making hats out of it and broadcast their every movement, purchase and bank balances to all and sundry.

      If you really want to stay relatively hidden, the old phones are your friend, without all the clever sensors. (as well as being very cheap)

      1. James O'Shea Silver badge

        Re: Curious...

        "Agree that all sensor information should have permission, and frankly should be more prominent in advance of app installation. Why would a torch app need ANY sensor information, for example, its either ad related or malicious (fine line sometimes...)"

        There was the case, a few years ago, of the fine upstanding gentleman who murdered his wife and wanted to get rid of the body. This is Flori-duh, home to many lakes, rivers, streams, and canals inhabited by everyone's fav reptile, the American Alligator (as distinct from its cousins the Chinese Alligator and the American Crocodile; the Chinese 'gator lives in, well, China, while the American croc rarely ventures north of Miramar) and the nice, warm, welcoming, ocean has lots and lots and lots of assorted sharks and barracuda (the Flori-duh Tourist Board is now very upset with me). We're not quite up to Australia levels of wildlife hostility, but we're working on it. In any case, instead of just dropping the body into a convenient body of water, m'man decided to go out into the woods and dig a grave. At night. He turned on the flashlight app on his phone to shed some light on the process (why he needed light to dig a hole is another question...) and the flashlight app called home to Mama. When the cops investigated (those of us who watch Law&Order know that the first suspect is always the nearest and dearest) they called up the cellco and got pointers to go to the company which sold the flashlight app, who were only too happy to provide all kinds of data, including exact GPS readings on where the phone had been that night. This resulted in a little expedition into the woods, and a quickly located body.

        Moral of the story: if you want to get rid of the wife, leave the phone at home when you do. Or feed her to the gators. Or, at least, don't turn on the flashlight app.

        1. John Smith 19 Gold badge
          WTF?

          to the company..sold the flashlight app,..only too happy to provide..exact GPS readings

          A "Flashlight" app that calls home and dumps your co-ordinates to a central server?

          I'm thinking most of these apps should just be filed under the section of the app store marked "Trojans" since TBH that is exactlywhat they are, wheather or not they are actively trying to commit a crime with your phone. Violating your privacy for someone else profit so they can pimp the data out.

        2. Anonymous Coward
          Anonymous Coward

          Re: Curious...

          There was the case, a few years ago, of the fine upstanding gentleman who murdered his wife and wanted to get rid of the body....

          Moral of the story: if you want to get rid of the wife, leave the phone at home when you do. Or feed her to the gators. Or, at least, don't turn on the flashlight app. Or just don't murder wife.

          Just being very obvious.

      2. JimboSmith Silver badge

        Re: Curious...

        Personally I use a firewall (the root free variety) and block any apps from accessing the data connection that I don't think needs it. I downloaded one app a couple of years ago and it wanted access to everything despite the fact that it had no need for most of it. It was one of those word search apps and I only downloaded it to use on a long train journey. It was trying to reach a large number of IP addresses and was a vast majority of the access requests that the phone was making. It was caning the battery too (about the same as Candy Crush) and I deleted it shortly after I spotted this.

    3. Anonymous Coward
      Anonymous Coward

      Re: Curious...

      Sure... Then you enter the country by car, drive through those license plate registration ports at the border, continue your journey while traced by the traffic/ speed cameras which have been deployed in the Netherlands on a massive scale "to prevent road casualties". Realising this, you decide to move to public transport, and purchase an "OV Chip card" with your credit/ debit card (cheaper! Cash sale limited and more expensive!), swipe it at the station entrance to gain access to the platform and train/ bus/ tram/ metro you want to go on. The advantage of this of course it that "one card works everywhere!". Swiping your card to be able to leave the station again (not doing so will result in an automated fine, conveniently received in the comfort of your own mailbox at and @ home (email registration required for purchase OV card), you indulge in a bit of shopping the Dutch stores (which now massively use in store device tracking for marketing purposes) and pay with your BSN (Dutch general purpose "citizens number", registered for everything, think social security number, but also used for health insurance, bank details, booking a trip, getting a speeding ticket, applying for a job, paying taxes, buying a telly. Really handy!) coupled electronic payment method. Being "foreign", you grab your cash, and the store attendant asks "if you can't pay electronically, preferably the Dutch, BSN coupled, PIN method. After all, cash is only used by tax dodgers, terrrorists, and criminals. You say sorry, no, you're foreign, and have no Dutch accounts. You slip the € 100 bill across the counter. "Sorry, we don't accept these. Don't you have € 50 or smaller?" You turn up a few coins, but not enough. "Sorry", the attendant says, "but could you please go to a bank to change?" [...] Arriving at the bank, the person at the till asks you for your passport so she can give the change ... ... ...

      This is IRL Netherlands, no fiction. So I suppose it's safe to say they don't need terrain elevation...

  4. Anonymous Noel Coward
    Black Helicopters

    Joke's on them!

    I keep my smartphone wrapped in tin foil at all times to keep it fresh.

    1. Anonymous Coward
      Anonymous Coward

      Re: Joke's on them!

      I do the same with my head, you can never be to careful these days,

      1. Anonymous Coward
        Anonymous Coward

        Re: Joke's on them!

        > I do the same with my head, you can never be to careful these days,

        I do the same with... (never mind)

        1. DropBear Silver badge

          Re: Joke's on them!

          You've got nothing on me! I keep even my tin foil tightly wrapped in tin foil, only taking it out right before use, so it's fresh and not already soaked full of those evil mind control rays!

      2. Tim Seventh
        Coat

        Re: Joke's on them!

        I keep my smartphone wrapped in tin foil at all times to keep it fresh.

        I do the same with my head, you can never be to careful these days,

        That's an interesting way to keep you mind fresh.

  5. Anonymous Coward
    Anonymous Coward

    Bad idea

    How will the FBI illegally spy on Trump and hand info to the DNC if this gets fixed? I think The Register means to have this fixed... in 7 years.

    1. phuzz Silver badge

      Re: Bad idea

      I shouldn't feed the troll, I know, but...

      The FBI, or any other arm of a government, can go to the phone company and get the cell tower location records directly. The article describes a method that can be performed by pretty much anyone.

      Plus, if the FBI wanted to know Trump's location they could either ask the Secret Service, or just go to the nearest golf club that's next to a McDonalds.

    2. Tom 7 Silver badge

      Re: Bad idea

      Like its hard to tell where the loud-mouthed orange self publicist is at any moment in time.

    3. a_aramini

      Re: Bad idea

      In politics, the number of years it takes on paper to "achieve" any major long-term goal is always expressed as the number of years left in the politician's current term plus 1yr. Thus, a 4yr term = a 5yr plan.

    4. JimboSmith Silver badge

      Re: Bad idea

      How will the FBI illegally spy on Trump and hand info to the DNC if this gets fixed? I think The Register means to have this fixed... in 7 years.

      I was asked by one of my non technological friends when Obama became President how they would keep him safe when he had a phone on him. They'd heard that it was possible to track a phone and find someone that way. I said he wouldn't be in much danger of that as he was protected by an army of people dedicated to keeping him safe and healthy. What I'd do to increase that security if it was me was have the phone only connect to a WHCA (White House Communications Agency) picocell transmitter. Then install one of these at the White House/Camp David/in the planes likely to be get the call sign Air Force One, USSS Road Runner vehicles etc. The calls are then routed back to the White House via various methods certainly not using local cell towers. As the President is never (or shouldn't be) very far from one of these cells his phone should be operating on very low power as a result. That should help with people trying to scan for his phone as they'd have to get quite close and would probably look suspicious enough to alert the USSS. I would also have a bunch of phones that connect to these pico cells so that you couldn't pinpoint one of them as belonging to POTUS.

  6. Blotto Bronze badge
    Unhappy

    How do they get elevation information from a phone thats been on a flight?

    The iPhones mentioned have barometers in them so can sense elevation (much more accurate than GPS elevation which is 1 reason why aircraft do not use GPS for elevation), but in a pressurised cabin it won't tell you outside elevation. by the time the plane is on the ground cabin pressure should be close to that of local so how do they know if the phone has been in the air or are they trying to just match phone reported elevation with that of known airports?

    or are they suggesting the phone can regurgitate historical elevation data?

    1. werdsmith Silver badge

      Re: How do they get elevation information from a phone thats been on a flight?

      The phone app will have recorded the pressure data, showing that it was fluctuating at around the equivalent of 8000 feet for a period before equalising to the outside qfe pressure. The app would then send this recorded information.

    2. ChrisC

      Re: How do they get elevation information from a phone thats been on a flight?

      "or are they suggesting the phone can regurgitate historical elevation data?"

      From the article: "In the PinMe attack, the researchers went down the malicious app path" - if you're in control of the data collection process, then pretty much anything is possible provided the phone remains powered up...

  7. Anonymous Coward
    Anonymous Coward

    What about if airplane mode is on? Does that do anything?

    1. Keef
      Joke

      'What about if airplane mode is on? Does that do anything?'

      Yes, your phone flies away...

  8. Prst. V.Jeltz Silver badge

    So this 'hack' is that people are trackable due to the crap they post online ?

    It cant see it being anywhere near GPS accurate.

    I't'll probably report that I'm at Wetherspoons 24/7

    1. Craigie

      Did you even read the article?

      1. Rich 11 Silver badge

        He must be having a liquid lunch. Alone, with only his phone for company.

  9. Sandtitz Silver badge
    Joke

    Great!

    GPS has always sucked the life out of any battery so finally we can ditch it and have maps and routing where you don't need to worry about keeping the phone plugged all the time. Brilliant!

    1. Francis Boyle Silver badge

      Re: Great!

      For some time now Google has been asking me to review places I've visited despite the fact that I keep 'locaion' switched off (for power reasons). I assume they're using tower information but it's uncannily accurate.

      1. Tom 7 Silver badge

        Re: Great!

        I keep location switched off because I know where I am. I have yet to find an app that tells me something useful about my location that is anything other than fucking irritating.

        1. onefang Silver badge

          Re: Great!

          "I keep location switched off because I know where I am. I have yet to find an app that tells me something useful about my location that is anything other than fucking irritating."

          In all my years of owning a GPS capable smart phone, I've never once had to actually use it for figuring out where I am. I still turn on GPS regularly to use Google Daydream apps, coz Google insists, which wouldn't be so bad if they actually used that to figure out tho position of my head, instead of only using the rotation of my head. Google have no valid reason for needing GPS data in Daydream. Considering any VR app can drain my battery in a couple of hours, leaving the GPS turned off would be a good thing, the battery would last a little bit longer.

      2. Fihart

        Re: Great!

        Yes. I was puzzled when my phone displayed my postion on a map app even though GPS and Location were turned off. Cell towers will still show where you are. You could switch to Airplane mode -- but then you can't receive calls/texts.

        Slightly more worrying is the way Amazon etc calculate your street address via your IP address. And get it wrong. Careful when ordering or your neighbours may get your stuff.

        1. JohnFen Silver badge

          Re: Great!

          "Slightly more worrying is the way Amazon etc calculate your street address via your IP address."

          I've never has Amazon even try to do this for me. They must know that my IP address will only get you to within a 100 mile radius of my location.

        2. onefang Silver badge

          Re: Great!

          "Slightly more worrying is the way Amazon etc calculate your street address via your IP address. And get it wrong. Careful when ordering or your neighbours may get your stuff."

          Using my IP address to figure out where I am either results in the capital city of the Australian state to the south of me, or the data centre on the other side of the planet where my server lives, coz I proxy most web stuff through that server. IP to location data is only as accurate as your ISP tells the world, coz that's where the information comes from. If your ISP tells the world "all our customers IPs are located at our HQ in Sydney", tough luck. I wonder how many Amazon deliveries get sent there?

          1. StargateSg7 Bronze badge

            Re: Great!

            So I am assuming your server is either in Sydney, British Columbia, Canada or Sydney, Nova Scotia, Canada --- That's a 5000 km+ difference within Canada itself AND 12000 km+ difference from Sydney, Australia. Thank you for using our servers here in Canada....

      3. Throatwarbler Mangrove Silver badge
        Holmes

        @Francis Re: Great!

        You should also turn off Location History in Google Maps. I will spare you my rant about how Google have tied this feature pointlessly into location tracking, but it seems to be necessary in order to prevent the sort of prompts you've received.

        1. DropBear Silver badge

          Re: @Francis Great!

          Was your WiFi also turned off...? Because those other folks with turned-on GPS already informed Google what access points they can see at what signal strength whenever they are where you are now...

  10. Andrew Moore Silver badge

    So...

    the phone still needs to be transmitting some form of telemetry- how does this system work with the likes of the pressure sensor and the electronic compass switched off?

    1. TechnicalBen Silver badge

      Re: So...

      Cell tower data. With enough, you could correlate to other people who do have such data turned on.

      Other than that, if your not a target worth shadowing... then being a loner, removing the phone battery, and seeing who follows you is a dead giveaway. ;)

    2. JohnFen Silver badge

      Re: So...

      "the phone still needs to be transmitting some form of telemetry"

      Yes. This is why I use a firewall to block all outgoing traffic by default. No app (or the OS itself) gets to talk to the outside world without me giving permission. This is my backup safety measure -- if an app gets all sneaky-sneaky and collects data without my knowledge, it does no harm if it can't send it anywhere.

      1. Anonymous Coward
        Anonymous Coward

        Re: So...

        > This is why I use a firewall to block all outgoing traffic by default.

        AFWall+ is one of the first things that you want installed on an Android device.

        While the typical firewall use is to keep things from getting in, in this case and as the other poster says, the purpose is to keep things from going out. Kind of sad, isn't it?

        1. onefang Silver badge

          Re: So...

          "While the typical firewall use is to keep things from getting in, in this case and as the other poster says, the purpose is to keep things from going out. Kind of sad, isn't it?"

          Google apps totally ignore my "give fake GPS results to apps" app, I'm sure they'll totally ignore firewall apps to.

          I need to root my new phone some day soonish. Only thing that has stopped me so far is that rooting involves asking permission from Motorola, who will then void your warranty. sigh

          1. Tim Seventh

            Re: So...

            Google apps totally ignore my "give fake GPS results to apps" app, I'm sure they'll totally ignore firewall apps to.

            Most android non-root firewall are based on VPN connection. If you have a network monitoring log, you should see the connection getting blocked by the firewall. I do recommend getting one as it is the easiest way to keep some control of your phone.

            If you install a custom rom (android OS) like lineageOS, there are individual options for you to block network and gps permissions.

            I need to root my new phone some day soonish. Only thing that has stopped me so far is that rooting involves asking permission from Motorola, who will then void your warranty. sigh

            Rooting should have nothing to do with asking permission from Motorola. Unless you meant unlocking bootloader to install custom rooted rom, then you might need Motorola permission to unlock it. However regardless of rooting or installing custom rom, doing either will indeed void your warranty. This is straightly because the manufacture won't fix your rom if you broke it yourself.

            Nonetheless if there is a well community supporting your very-specific phone, you can more or less find ways to unroot your phone and/or re-lock the bootloader if you really need to use the limited warranty. Just don't forget to keep a backup copy of your OEM rom for that case.

            If you are rooting for the first time, I do not recommend doing this on a brand new expensive phone, since you can easily and accidentally soft brick your phone.

            1. Charles 9 Silver badge

              Re: So...

              There's also the issue of root- and custom-aware apps, especially after Android Marshmallow (6.0) with its system integrity checks.

            2. Anonymous Coward
              Anonymous Coward

              Re: So...

              > Unless you meant unlocking bootloader to install custom rooted rom, then you might need Motorola permission to unlock it

              Worth mentioning that a number of manufacturers of high-quality phones provide unlockable bootloaders. Just enable developer options and click on unlock.

              1. Charles 9 Silver badge

                Re: So...

                That still won't help much if the device runs Android 6+ since not just the bootloader but the entire system partition is hashed by Merkle tree to detect any kind of tampering. Plus there are the root- and custom-aware apps (which appeared before Android 6) who will balk on anything but a pristine system.

          2. JohnFen Silver badge

            Re: So...

            "Google apps totally ignore my "give fake GPS results to apps" app, I'm sure they'll totally ignore firewall apps to."

            If you're rooted and using something like (the excellent) AFWall+, then Google apps can't ignore the firewall. AFWall+ is just configuring the native Linux firewall all Androids have, and (barring a bug somewhere) can't be ignored. If an app wants to be malicious, it could rewrite the firewall rules, but that's detectable.

          3. Anonymous Coward
            Anonymous Coward

            Re: So...

            > Google apps totally ignore my "give fake GPS results to apps" app, I'm sure they'll totally ignore firewall apps to.

            AFWall+ is an iptables-based firewall. I am running a rather pure AOSP with no non-Android Google proprietary stuff, but even so I did do a long-running network capture on the router to validate the effectiveness of the firewall, and it does work as intended.

            Curiously, in the firewall logs, I see nothing Googlishy (unsurprisingly in light of what I've just explained), but I do see bits provided by OEM manufacturers (Samsung I think was one, and some Chinese company another, but this is from memory) that do try to call home. Those get blocked all right and the phone works very nicely.

  11. TechnicalBen Silver badge
    Black Helicopters

    Meta data...

    You can already do this given enough meta data with very little access. How? Correlation and a BIG data centre.

    If one person in a bus has GPS on, plus a secondary data set (almost anything "shared" with everyone else on the bus, cell signal, compass, air pressure, heading/gyro, sound, temperature etc), you can then correlate your low knowledge data set to your high knowledge data set...

    Then boom, you tracked the phone indirectly.

    You do though require a certain large data centre in a certain area with big fat pipes feeding it. I wonder who has that kind of kit... hint hint.

    1. Charlie Clark Silver badge

      Re: Meta data...

      This is what Google, Facebook, Apple, Amazon and world + dog are already doing. They sweeten the malware with some kind of network effect or promise not to do anything bad and people will happily install anything. For the rest: throw in the offer to get some thing for nothing and we'll nearly all sign up.

  12. sisk Silver badge
    Joke

    Oh no! Now they (whoever "they" are) can find out that I go from home to work to home to work and have no life! Whatever shall I do?

    1. 2Nick3 Bronze badge

      Or home to home to home to home to home and have no life, for those of us who work from home offices!

      1. Patched Out
        Black Helicopters

        It's that one time when your routine changes that will alert them to call in the black helicopters.

        1. Anonymous Coward
          Anonymous Coward

          to call in the black helicopters.

          Are they like black cabs, only with rotor blades instead of wheels?

        2. sisk Silver badge

          It's that one time when your routine changes that will alert them to call in the black helicopters.

          Black helicopters already fly over my house on a semi-regular basis. No, really, they do. I figure I must be on the flight path between the local airport and a military base or something.

          Good thing I'm not a conspiracy nutjob who believes that the black helicopters are spying on me. I know the ones watching me are the blue helicopters.

          1. TechnicalBen Silver badge
            Black Helicopters

            Black Helicopters?

            The insurance brokers/bankers use to fly lots of those. For some reason, I don't see as many around here now.

            1. Anonymous Coward
              Anonymous Coward

              Re: Black Helicopters?

              > The insurance brokers/bankers use to fly lots of those.

              You don't see many actuaries hanging off a gearbox though.

              > I don't see as many around here now.

              Cf. supra

  13. Anonymous Coward
    Anonymous Coward

    Truly wonderful, the mind of a child is.

    A child that can correlate several data sources, in real time, that is.

    1. Anonymous Coward
      Anonymous Coward

      Re: Truly wonderful, the mind of a child is.

      That's how they manage to raid the fridge to get the last yogurt when no one is looking!

      It's all in the correlation and data sponging and figuring out when everyone is occupied.

  14. oldrusty
    IT Angle

    Sooo Painful...

    You know watching this happen is extremely painful, only this morning my trusty Vaio got it's specter and meltdown patch, then promptly melted down. No post via display, checked the RAM all good, checked the PSU all good, unable to check the BIOS because all I get is a blank screen. Damn thing cost close to 2'000 new and it was made with quality bits from the best quality places like Taiwan and China and this is what I'm left with to show for it, a whiff of smoke from the vents! I feel your pain Linus I do... Well another PC bites the dust damn I've only got 5 left and those ones are not running windows and after that debacle they never will be.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sooo Painful...

      You know watching this happen is extremely painful, only this morning my trusty Vaio got it's specter and meltdown patch, then promptly melted down. No post via display, checked the RAM all good, checked the PSU all good, unable to check the BIOS because all I get is a blank screen.

      This is unfortunate for you, but did the keyboard light up at all? Did you get any sound? here's something you can do to check.

      Option 1: Plug in a keyboard with a caps lock light and a headphone to the headphone jack. If you get any response either keyboard light or sound from the headphone after boot, then it's just the monitor that is having problem.

      Option 2: Disconnect all bootable device and then boot up a linux usb. If the PC is old and it beeped at startup or you see the caps lock light working after you keyboard your way for the linux to booting up, then it's just the monitor with problem.

      If you still couldn't get any response and nothing is shown on the screen, then it might be the mobo. If you're lucky then it might be a disconnected RAM or something. If you're unlucky, then the mobo is indeed dead. If you really like your PC, you can probably find mobo parts and monitor for your PC replacement.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sooo Painful...

        > here's something you can do to check.

        Alternatively, use a hammer.

  15. Anonymous Coward
    Anonymous Coward

    Given that consumer electronics are all about capturing data about the user

    Then why is anyone suprised that apps ask for more permissions than they need.

    1. oldrusty

      Re: Given that consumer electronics are all about capturing data about the user

      Yeah but they're only capturing your data so they can write you a rude letter telling you about how you where found on a bit-torrent swarm or you where using TOR for privacy and the Microsoft persistent routes routed all your connections via redmond so they could write you the afore mentioned letter to whine about potential "infringement" there's something extremely retarded with these people if they think TOR and bit-torrent file sharing are the only way to share a file. People are going to start using alternatives soon enough if they're not already and those kind of alternatives require "Key's and Keyrings" and complex Vaults where the retarded people who have nothing better to do than steal your details and write you letters will get greeted by the message 401 - Unauthorized. Blockchain with Kerberos is invite only bitch!

  16. Anonymous Coward
    Anonymous Coward

    Nokia 3310 owner ...

    Track me, bitch!

    1. ZanzibarRastapopulous

      Re: Nokia 3310 owner ...

      Didn't they catch Mitnick by tracing his "dumb" phone?

      1. oldrusty
        Windows

        Re: Didn't they catch Mitnick by tracing his "dumb" phone?

        No... They caught Kevin with triangulation and broke the law to do it... Haven't you seen the movie?

        Best bit was when they social engineered the investigating agent in charges, Water and Gas supply, he's in the kitchen preparing a coffee as all the Water and Lights go off and all you hear out of him as it goes all dark is "Oh son of a bi***!"

        They told Mitnik about SAS - Switched Access Services which is the special southern service Bell offers to the FBI to listen to phone calls.

        The fact that we all, now know about SAS and the fact it's deeply rooted in Jewish Communism & Socialism is neither here nor there, but at least it bring's the issue sharply into focus for everybody!

        1. ZanzibarRastapopulous

          Re: Didn't they catch Mitnick by tracing his "dumb" phone?

          > "They caught Kevin with triangulation"

          That is a form of tracing...

        2. Anonymous Coward
          Anonymous Coward

          Re: Didn't they catch Mitnick by tracing his "dumb" phone?

          > The fact that we all, now know about SAS and the fact it's deeply rooted in Jewish Communism & Socialism is neither here nor there

          And there I was thinking it was all about shifty blokes hanging around Hereford with seventies-era porn-star moustaches.

      2. Adam 52 Silver badge

        Re: Nokia 3310 owner ...

        They "caught" the Omagh bombers by tracking cell phones. It's possible that this sort of academic work would have helped put a level of credibility on that evidence.

    2. Anonymous Coward
      Anonymous Coward

      Re: Nokia 3310 owner ...

      Easy. They triangulate you via the cell towers you use, which are required for your phone to operate.

  17. JohnFen Silver badge

    Sensitive data

    "because smartphone makers don't consider it sensitive."

    Why in the world aren't smartphone makers aware that all data on a device is sensitive?

  18. Cynic_999 Silver badge

    Magnetic heading?

    How can the phone's magnetic heading be determined? I can see that you could collect the bearing of magnetic north relative to the top or front of the phone, but how do you determine which side of the phone is pointing in the direction of travel?

    1. Charles 9 Silver badge

      Re: Magnetic heading?

      By the gyroscope. Both it and the magnetometer are tri-axial and can measure in three dimensions. The gyro tells the phone which way is up for auto-rotation and the like (VERY old hat, that). Given that, it's easy to interpret the magnetometer to orient a 3-D compass.

      1. onefang Silver badge

        Re: Magnetic heading?

        "By the gyroscope. Both it and the magnetometer are tri-axial and can measure in three dimensions. The gyro tells the phone which way is up for auto-rotation and the like (VERY old hat, that). Given that, it's easy to interpret the magnetometer to orient a 3-D compass."

        Except for the large amount of drift in those gyros. Gyros are used to track head rotation in VR headsets like Google Cardboard and Daydream, and drift a lot in a few minutes. Which is why Daydream has the built in "hold down the home button to line things up properly" function.

        1. Charles 9 Silver badge

          Re: Magnetic heading?

          That usually happens if you use it soon after power on as it lacks an orientation history. Flipping the phone on its axes a few times usually gives it enough to get a bearing, plus for checking the compass it only needs a ballpark estimate of its orientation to give the magnetometer enough data to lock onto magnetic north.

  19. oldrusty

    Re: Re: Didn't they catch Mitnick by tracing his "dumb" phone?

    Just look on the positive side, when they ask you what you know about Switched Access Services, just purse your lips, look thoughtful and reply. "That's when you decide you've had enough of using Microsoft products and you voluntarily make the Switch embracing Socialism and Communism ideals as you do it!" you see the irony is, that in a communist society, the government doesn't spy on its people, the people spy on there government!

  20. Anonymous Coward
    Anonymous Coward

    It seems the metal bags ground coffee comes in can block phone reception quite effectively

    Just saying. Make of that what you will.

  21. Andy 97

    Old news

    Vodafone could locate anyone to within a few meters years ago.

    Remember that “troubled” person arrested in the North East of England ... (Paul Gascoigne went to tease him out with a 6 pack of beer and fishing rods?)

    Guess how The Peelers located him.

    1. This post has been deleted by its author

    2. AlanB

      Re: Old news

      This doesn't just work if you've turned off the GPS, it works with saved data if you don't have cell connections to triangulate, for example in airplane mode.

      (Only if you later make a connection that the app can send data on, or your phone is seized, but if you never make a connection, why have a phone at all?)

  22. scrubber

    Anonymous information

    ANY details that you provide (continuously/regularly) will easily identify you, eventually. Even a single datum, when combined with all the publicly available info, may be enough to nail you.

    Still, as Bush, Obama, Blair, Cameron, May and maybe Trump would say, "if you've done nothing wrong..."

    1. Charles 9 Silver badge

      Re: Anonymous information

      Which I would counter with what that bishop (I think) said, "Give me six lines..."

  23. veti Silver badge

    This is great news!

    Finally, we can stop having those battery-sucking, sky-hungry GPS locators in every phone, and get almost the same level of service for a quarter of the battery hit!

    What do you mean, "not available to the user"?

  24. DougS Silver badge

    Barometer

    I completely forgot about how Android users used to brag about the barometer in some older Galaxy S phones back when the iPhone didn't have one (because they bragged about anything the iPhone lacked that some Android phone had) I also completely forgot that Apple added one (or more likely the supplier of their MEMs chip integrated one and they didn't bother to disable it in case someone found a use for it someday) starting with the iPhone 6.

    I've never used the barometer in my iPhone - don't even know what apps might access it - and can't think of anything useful to use it for. You can't use it to assess altitude, because air pressure is independent of altitude, and it probably isn't sensitive enough to detect changes of less than a thousand feet in elevation. If I need to know the barometric pressure I'll visit Accuweather.

    Maybe here's a good reason to disable the damn thing - as if anyone would ever notice!

    1. Anonymous Coward
      Anonymous Coward

      @DougS Not afuckingain

      Please mate, not yet another one of those idiotic pissing contests. Listen, I do not fucking care what brand of phone you use, what car, bicycle or helicopter you ride, what perfume you wear or what brand of toilet paper you use. I seriously do not give a shit, and I doubt whatever choices you make in that respect will make you better or worse than anyone else.

      So please, stop that idiocy. It is cringeworthy that anyone with the ability to read or write could fall victim to such base displays of tribalism.

      Fatuous my-brand-is-better-than-your-brand comments just make this site (or any other) a lot less interesting to read so I would appreciate if you could save that shit for the pub.

    2. Barrie Shepherd

      Re: Barometer

      "You can't use it to assess altitude, because air pressure is independent of altitude"

      Is it really? News to me (and probably the whole aviation industry), if it is.

      1. DougS Silver badge

        Re: Barometer

        What I meant was you can't look at a certain reading on your barometer and say "I'm at 500 meters in altitude". You might be at sea level in a low pressure system or 1000 meters in a high pressure system.

        1. Charles 9 Silver badge

          Re: Barometer

          Air pressure doesn't change that drastically due to weather; otherwise, airplanes couldn't use them for their altimeters. Yes, they do need calibrating before a flight, but the fact they can fly through different weather systems and not deviate that much indicates that a barometer is still useful to get a general idea, especially if bolstered by local data to give a reference altitude.

  25. simonadams

    Good news for hit men

    When I join the People's Liberation Front for the UK, this will be a big concern. Whilst the main tyranny of our government is the amount of taxes we pay, its not that likely.

    In the meantime, is this any different from all the leaky systems already tracking your number plate, facial recognition etc. Will we maybe just have to accept that some information is more open now, and if you want to go someone secretly you need to leave your phone at home ? Or just use "Airplane mode" ??

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019