Forwarded from Privacy Matters 🛡️
All the ways your Phone tracks your location.
📹 Watch it via:
YouTube || Invidious
📡 @howtobeprivateonline
#Surveillance #Location #Privacy #Guide
Your phone (Android or iPhone) is tracking your location even if you disable Location Services, turn on airplane mode, and disable Bluetooth. Learn how to stop it once and for all.
📹 Watch it via:
YouTube || Invidious
📡 @howtobeprivateonline
#Surveillance #Location #Privacy #Guide
Forwarded from Privacy Matters 🛡️
Media is too big
VIEW IN TELEGRAM
Your phone is LISTENING to you - Ultrasonic cross device tracking
📹 Watch it via:
YouTube || Invidious
📖 Bat in the mobile. An Study on Ultrasonic Tracking Read more...
📡 @howtobeprivateonline
#Surveillance #Ads #IOT #Tracking #Location
Ultrasonic cross-device tracking uses an inaudible, high-frequency sounds to link your devices − TVs, phones, tablets and PCs − so that advertisers can better track you.
📹 Watch it via:
YouTube || Invidious
📖 Bat in the mobile. An Study on Ultrasonic Tracking Read more...
📡 @howtobeprivateonline
#Surveillance #Ads #IOT #Tracking #Location
How the U.S. Military Buys Location Data from Ordinary Apps
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x
#US #military #intelligence #privacy #location #why
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x
#US #military #intelligence #privacy #location #why
Vice
How the U.S. Military Buys Location Data from Ordinary Apps
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.
Salaat First: Another Popular Muslim Prayer App Sells Location Data to FBI, ICE
Salaat First shared location data with a French firm Predicio which had customers including Venntel, a US government contractor.
The methods of surveillance have changed over time. Nowadays, government agencies do not need to follow someone to track their activities. Mobile phone users, unknowingly, hand over their privacy rights to the tech companies that in turn sell it to government contractors. A popular Muslim prayer app, named Salaat First, found selling users' location data to its partner that has customers with the US government agencies including the FBI and the ICE.
Salaat First, which reminds its users about Muslim prayer timings, has been downloaded over 10 million times on Android. To accurately tell users prayer times, Salaat First asks for permission to read precise location, has access to device ID, phone, media storage, USB storage and full network access. However, the app developer was selling the same user data to its partner, a French firm named Predicio.
https://www.ibtimes.sg/salaat-first-another-popular-muslim-prayer-app-sells-location-data-fbi-ice-54843
#US #France #FBI #ICE #surveillance #location #data
Salaat First shared location data with a French firm Predicio which had customers including Venntel, a US government contractor.
The methods of surveillance have changed over time. Nowadays, government agencies do not need to follow someone to track their activities. Mobile phone users, unknowingly, hand over their privacy rights to the tech companies that in turn sell it to government contractors. A popular Muslim prayer app, named Salaat First, found selling users' location data to its partner that has customers with the US government agencies including the FBI and the ICE.
Salaat First, which reminds its users about Muslim prayer timings, has been downloaded over 10 million times on Android. To accurately tell users prayer times, Salaat First asks for permission to read precise location, has access to device ID, phone, media storage, USB storage and full network access. However, the app developer was selling the same user data to its partner, a French firm named Predicio.
https://www.ibtimes.sg/salaat-first-another-popular-muslim-prayer-app-sells-location-data-fbi-ice-54843
#US #France #FBI #ICE #surveillance #location #data
International Business Times, Singapore Edition
Salaat First: Another Popular Muslim Prayer App Sells Location Data to FBI, ICE
Salaat First shared location data with a French firm Predicio which had customers including Venntel, a US government contractor.
USA terrorist group admits to buying citizens’ location data
https://www.theverge.com/2021/1/22/22244848/us-intelligence-memo-admits-buying-smartphone-location-data
#location #tracking #data #usa #gov #military #dia #why
https://www.theverge.com/2021/1/22/22244848/us-intelligence-memo-admits-buying-smartphone-location-data
#location #tracking #data #usa #gov #military #dia #why
The Verge
US Defense Intelligence Agency admits to buying citizens’ location data
It says it rarely uses the data.
⚠️Update Android A-GPS⚠️
A-GPS sends your IMSI and exact location to the supl server that is selected. On android, the supl.google.com server is standard selected when your Sim provider does not preconfigured its own supl server on android. This is the case in most non US countries. So your IMSI and location will be sent to google.
Do not use supl.vodafone.com, thanks to @ yova777 we know that it redirects to supl.google.com.
The method of changing / disabeling your supl server is different for each device.
You need to find a file like:
-system/etc/gps.conf
-vendor/etc/gps.conf
-vendor/etc/gnss/agps_profiles_conf2.xml
- or files alike where you can edit the supl server
You can use this command to find it, modify xyz:
- or you can try this module, but you should modify it, or it just points to Vodafone/Google by default:
https://github.com/PlqnK/magisk-supl-replacer
You can also use 'localhost' but this will take several minutes if AGPS is requested.
✌
PS
This method is not proven to be working yet!
Thanks @ sennaofficial
This is how some roms deal with it (thanks @ Rimana_a):
GrapheneOS
-Implement toggle for changing between carrier and Google SUPL server.
https://github.com/GrapheneOS/os-issue-tracker/issues/914
-Implement toggle for restricting device identifiers sent to SUPL server
https://github.com/GrapheneOS/os-issue-tracker/issues/915
DivestOS removes imsi
CalyxOS use system provided or network provided supl server. (xtracloud on Qualcomm phones). I couldn't find what fallback server is used.
Both Lineage OS and /e/ have Google's set as fallback.
#agps #gps #location #android
A-GPS sends your IMSI and exact location to the supl server that is selected. On android, the supl.google.com server is standard selected when your Sim provider does not preconfigured its own supl server on android. This is the case in most non US countries. So your IMSI and location will be sent to google.
Do not use supl.vodafone.com, thanks to @ yova777 we know that it redirects to supl.google.com.
The method of changing / disabeling your supl server is different for each device.
You need to find a file like:
-system/etc/gps.conf
-vendor/etc/gps.conf
-vendor/etc/gnss/agps_profiles_conf2.xml
- or files alike where you can edit the supl server
You can use this command to find it, modify xyz:
find / | grep xyz
- or you can try this module, but you should modify it, or it just points to Vodafone/Google by default:
https://github.com/PlqnK/magisk-supl-replacer
You can also use 'localhost' but this will take several minutes if AGPS is requested.
✌
PS
This method is not proven to be working yet!
Thanks @ sennaofficial
This is how some roms deal with it (thanks @ Rimana_a):
GrapheneOS
-Implement toggle for changing between carrier and Google SUPL server.
https://github.com/GrapheneOS/os-issue-tracker/issues/914
-Implement toggle for restricting device identifiers sent to SUPL server
https://github.com/GrapheneOS/os-issue-tracker/issues/915
DivestOS removes imsi
CalyxOS use system provided or network provided supl server. (xtracloud on Qualcomm phones). I couldn't find what fallback server is used.
Both Lineage OS and /e/ have Google's set as fallback.
#agps #gps #location #android
GitHub
GitHub - PlqnK/magisk-supl-replacer: Magisk module to replace the SUPL provider in gps.conf
Magisk module to replace the SUPL provider in gps.conf - PlqnK/magisk-supl-replacer
This media is not supported in your browser
VIEW IN TELEGRAM
⚠️Update AGPS mediatek devices⚠️
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. Reboot and enjoy.
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video!
All servers can be used:
#location #agps #gps
https://t.me/NoGoolag/64
https://t.me/NoGoolag/11136
https://t.me/NoGoolag/11293
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. Reboot and enjoy.
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video!
All servers can be used:
#location #agps #gps
https://t.me/NoGoolag/64
https://t.me/NoGoolag/11136
https://t.me/NoGoolag/11293
⚠️Update AGPS mediatek devices⚠️
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit, or any root text editor, and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else like the name or port, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. If you have set your NTP_SERVER to pool.ntp.org your new supl server might not work.
6. Reboot and enjoy
If you still want to use the supl.google.com server you can remove your IMSI from the message by disabling this option (set imsi_enable=false)
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video! This redirects to supl.google.com
https://t.me/NoGoolag/64
Qualcomm https://t.me/NoGoolag/11136
Mediatek https://t.me/NoGoolag/11308
#location #agps #gps #mediatek
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit, or any root text editor, and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else like the name or port, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. If you have set your NTP_SERVER to pool.ntp.org your new supl server might not work.
6. Reboot and enjoy
If you still want to use the supl.google.com server you can remove your IMSI from the message by disabling this option (set imsi_enable=false)
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video! This redirects to supl.google.com
https://t.me/NoGoolag/64
Qualcomm https://t.me/NoGoolag/11136
Mediatek https://t.me/NoGoolag/11308
#location #agps #gps #mediatek
Telegram
NoGoolag
UnifiedNLP Backends
MicroG needs some backends to get network Location.
I should take these two paragraphs to clarify that Network location is NOT GPS. MicroG has nothing to do with your GPS. Network Location is that hugely approximated wide-circle that…
MicroG needs some backends to get network Location.
I should take these two paragraphs to clarify that Network location is NOT GPS. MicroG has nothing to do with your GPS. Network Location is that hugely approximated wide-circle that…
#Google sued by DC and three states for ‘deceptive’ Android #location #tracking
https://www.theverge.com/2022/1/24/22898760/google-dc-washington-texas-indiana-attorneys-general-lawsuit-location-data-tracking
https://www.theverge.com/2022/1/24/22898760/google-dc-washington-texas-indiana-attorneys-general-lawsuit-location-data-tracking
The Verge
Google sued by DC and three states for ‘deceptive’ Android location tracking
Android’s interface is full of "misleading pressure tactics."
#usa #Target shop is tracking you and changing prices based on your #location. You could be charged more just for walking inside a store.
https://www.huffpost.com/entry/target-tracking-location-changing-prices_l_603fd12bc5b6ff75ac410a38
https://www.huffpost.com/entry/target-tracking-location-changing-prices_l_603fd12bc5b6ff75ac410a38
HuffPost UK
Target Is Tracking You And Changing Prices Based On Your Location
You could be charged more just for walking inside a store.
How #USA #gov buys our cell phone #location data
https://www.eff.org/deeplinks/2022/06/how-federal-government-buys-our-cell-phone-location-data
#stalking #surveillance
https://www.eff.org/deeplinks/2022/06/how-federal-government-buys-our-cell-phone-location-data
#stalking #surveillance
Electronic Frontier Foundation
How the Federal Government Buys Our Cell Phone Location Data
Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many
New documents reveal ‘huge’ scale of US government’s cell phone location data tracking
The Department of Homeland Security (DHS) used mobile location data to track people’s movements on a much larger scale than previously known, according to new documents unearthed by the American Civil Liberties Union (ACLU).
It’s no secret that U.S. government agencies have been obtaining and using location data collected by Americans’ smartphones. In early 2020, a Wall Street Journal report revealed that both Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) bought access to millions of smartphone users’ location data to track undocumented immigrants and suspected tax dodgers.
However, new documents obtained by the ACLU through an ongoing Freedom of Information Act (FOIA) lawsuit now reveal the extent of this warrantless data collection. The 6,000-plus records reviewed by the civil rights organization contained approximately 336,000 location points across North America obtained from people’s phones. They also reveal that in just three days in 2018, CBP obtained records containing around 113,654 location points in the southwestern United States — more than 26 location points per minute.
https://techcrunch.com/2022/07/18/homeland-security-cell-phone-tracking
#dhs #location #tracking
The Department of Homeland Security (DHS) used mobile location data to track people’s movements on a much larger scale than previously known, according to new documents unearthed by the American Civil Liberties Union (ACLU).
It’s no secret that U.S. government agencies have been obtaining and using location data collected by Americans’ smartphones. In early 2020, a Wall Street Journal report revealed that both Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) bought access to millions of smartphone users’ location data to track undocumented immigrants and suspected tax dodgers.
However, new documents obtained by the ACLU through an ongoing Freedom of Information Act (FOIA) lawsuit now reveal the extent of this warrantless data collection. The 6,000-plus records reviewed by the civil rights organization contained approximately 336,000 location points across North America obtained from people’s phones. They also reveal that in just three days in 2018, CBP obtained records containing around 113,654 location points in the southwestern United States — more than 26 location points per minute.
https://techcrunch.com/2022/07/18/homeland-security-cell-phone-tracking
#dhs #location #tracking
TechCrunch
New documents reveal ‘huge’ scale of US government’s cell phone location data tracking
In just one three-day span, DHS obtained over 113,000 location points — a fraction of the overall data it acquired without a warrant.
Blocking xtrapath1.izatcloud.net, xtrapath2.izatcloud.net & xtrapath3.izatcloud.net is great for privacy, #Qualcomm gathers a huge amount of user data.
https://github.com/jerryn70/GoodbyeAds/issues/160
Issue
Requests from these domains are needed for people that use their #GPS. I had many GPS issues and didn't find how to get rid of these... After noticing that these domains were making requests each 5 min, I found why I experienced these issues : A-GPS data was not updated at all.
What data is really collected ? Qualcomm official's website answers:
XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they're exclusively using that now...). Of course it should be blocked. But it's necessary to allow one of those 3 domains in order to make the GPS work properly.
So I whitelisted one of those domains for 5 min and once the request was done I blacklisted it again, GPS is now working as intended. But I know the issue will come back in about 7 days. (I think that I'm still moderately protected from Qualcomm's threat of privacy, because after less than 3 hours these domains were making requests again.)
I tested with Google maps, Waze, TomTom and Mappy, every time all of these apps were unable to refresh my position in real time, and after more than 3-4 months it was just not working at all.
Solution
Like for graph.facebook.com, add a notice to warn users about these GPS issues.
Sources :
https://wwws.nightwatchcybersecurity.com/tag/gps/
https://www.qualcomm.com/site/privacy/services
Also see https://en.wikipedia.org/wiki/Assisted_GPS
#agps #location #android
https://github.com/jerryn70/GoodbyeAds/issues/160
Issue
Requests from these domains are needed for people that use their #GPS. I had many GPS issues and didn't find how to get rid of these... After noticing that these domains were making requests each 5 min, I found why I experienced these issues : A-GPS data was not updated at all.
What data is really collected ? Qualcomm official's website answers:
XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they're exclusively using that now...). Of course it should be blocked. But it's necessary to allow one of those 3 domains in order to make the GPS work properly.
So I whitelisted one of those domains for 5 min and once the request was done I blacklisted it again, GPS is now working as intended. But I know the issue will come back in about 7 days. (I think that I'm still moderately protected from Qualcomm's threat of privacy, because after less than 3 hours these domains were making requests again.)
I tested with Google maps, Waze, TomTom and Mappy, every time all of these apps were unable to refresh my position in real time, and after more than 3-4 months it was just not working at all.
Solution
Like for graph.facebook.com, add a notice to warn users about these GPS issues.
Sources :
https://wwws.nightwatchcybersecurity.com/tag/gps/
https://www.qualcomm.com/site/privacy/services
Also see https://en.wikipedia.org/wiki/Assisted_GPS
#agps #location #android
GitHub
GPS not working properly · Issue #160 · jerryn70/GoodbyeAds
Blocking xtrapath1.izatcloud.net, xtrapath2.izatcloud.net & xtrapath3.izatcloud.net is great for privacy, Qualcomm gathers a huge amount of user data. Issue Requests from these domains are need...
Is This the End of Geofence Warrants?
Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult—if not impossible—for Google to provide mass #location data in response to a geofence warrant, a change we’ve been asking #Google to implement for years.
https://www.eff.org/deeplinks/2023/12/end-geofence-warrants
Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult—if not impossible—for Google to provide mass #location data in response to a geofence warrant, a change we’ve been asking #Google to implement for years.
https://www.eff.org/deeplinks/2023/12/end-geofence-warrants
Electronic Frontier Foundation
Is This the End of Geofence Warrants?
Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult—if not
Mozilla will be retiring the Mozilla #Location Service
https://github.com/mozilla/ichnaea/issues/2065
https://github.com/microg/GmsCore/issues/2237
Comments
#microg
https://github.com/mozilla/ichnaea/issues/2065
https://github.com/microg/GmsCore/issues/2237
Comments
#microg
GitHub
Retiring the Mozilla Location Service · Issue #2065 · mozilla/ichnaea
The accuracy of Mozilla Location Service (MLS) has steadily declined. With no plans to restart the stumbler program or increase investments to MLS we have made the decision to retire the service. I...