Yes, your location data is for sale

This week several journalists and news outlets published an in-depth look at a tool called "Location X", which is reportedly sold to governments to track individuals using location data. The article highlights how this data can be used to track a person to an abortion clinic - gasp! This is obviously a huge invasion of privacy but probably not surprising and really not that interesting because if your location data is for sale, you can be tracked (anywhere).

Inside the U.S. Government-Bought Tool That Can Track Phones at Abortion Clinics

Privacy advocates gained access to a powerful tool bought by U.S. law enforcement agencies that can track smartphone locations around the world. Abortion clinics, places of worship, and individual people can all be monitored without a warrant.

404 MediaJoseph Cox

Previously an investigation by Bayerische Rundfunk (BR) and netzpolitik.org looked at location data being sold to advertisers and how it can be used to track individuals who work at intelligence organisations. If you haven't read it, I highly recommend you do.

Under Surveillance

How Location Data Jeopardizes German Security

BRBR Data

It's clear from these investigations that the situation is probably worse than we thought. We knew that the likes of Meta and Alphabet (Google's parent company) have access to this data but looks like the data is also available in all it's glory to the highest bidder - be it the government or even an investigative journalist. But before you go and turn off your location services, let's take a look at some of the lesser known sources of location data.

GPS

Ok, this one is obvious. But just for completeness it's the "Global Positioning System" which uses satellites to provide coordinates of your phone's location (Wikipedia).

Wi-Fi

Yes, you read that right, Wi-Fi. Wi-Fi has been used to provide location services for a while now. Databases have been created that map out Wi-Fi networks around the globe. So if your device is connected to, or can simply see a particular Wi-Fi network then its location can be determined by using these databases.

Some of these databases are created by the public, such as the Wigle database, but others are created by your good friends at Meta, Apple, and Alphabet. An interesting side note, Google has been known to scan wi-fi networks using their Street View fleet.

Cellular Network

This one might be more well known, since you've probably heard in the news or police investigations about someone's mobile phone being tracked using cell towers. These days with the introduction of femtocells you could track someone using mobile networks very accurately even if they are in a subway or a shopping mall. As far as we know this data isn't being sold to advertisers but it could be easily accessed by law enforcement with a warrant.

Bluetooth

Apple, Meta, and Google all say they use Bluetooth for geolocation. Unlike Wi-Fi networks and cell towers, bluetooth devices usually move around so it isn't clear exactly how this works or is used. But if I had Zuckerberg (now in Street Style) mad that we can't track users who have turned off their wi-fi and GPS, how would I solve the problem for my overlord? Here's a possible solution:

1. All devices will scan for bluetooth devices and send the list including GPS coordinates to a database.
2. To locate a device that doesn't have location services turned on:
   1. Scan around for any bluetooth devices
   2. Check if any of the devices are in the database
   3. If yes, what were the latest GPS coordinates?

To make this even smarter, we could query the database for any bluetooth device that always reported the same or similar coordinates. Devices like that probably don't move around much and can give us a more accurate location like a TV or "smart" fridge.

If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and mobile phone towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and mobile phone tower locations.
https://www.apple.com/au/legal/privacy/data/en/location-services/

IP Address

After hearing all this you might be tempted to turn off location services entirely and go back to paper maps. Unfortunately, if you still want to use the internet or your smart phone, your location can still be determined. Your IP address (Wikipedia) can be used to geolocate your device. Usually this would be considered the least accurate geolocation method but that's assuming that your IP address was the only information available. Again, assuming our data hungry overlords are never satisfied and need better geolocation with IP addresses what could we do? Here's one option:

Assume I have my location services turned off - my device cannot determine my location using GPS, Bluetooth, Wi-Fi, or cellular. I am connected to a Wi-Fi network which will have it's own IP address. When I browse to a website, or ad-site like Google, the IP address of the network I am connected to will be known to the web server. At this stage if that's the only information the website has it could determine a rough geolocation, say to my state. However, if my friend, who has location services enabled, connects to the same wi-fi network and shares their GPS location with the website I am browsing to, then that website can correlate the IP address with an accurate GPS location. With that the server can now infer that anyone using that IP address is in the same vicinity - including me.

What now?

As you can probably see, using your smart device or even just the internet leaves you susceptible to being tracked. And while you can go and fix your Privacy settings to block certain apps from using your location, the truth is, some of the most popular apps need your location data and without them, our devices become a lot less useful.

So with that in mind, my recommendations are simple:

• Review your Privacy & Security settings related to location services - if you can't understand why an apps needs access remove it.
• Do NOT swap your mobile phone for a pager.
• Use a VPN if you want that warm fuzzy feeling of false privacy.

On a brighter note, it's not all doom and gloom. More and more people aren't happy with the way the internet is these days and the current state of surveillance capitalism. So people are building tools and platforms that are more privacy focused. If you know of any up and coming services that are privacy focused drop them in the comments.