• 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍
    link
    fedilink
    63
    edit-2
    10 months ago

    Years ago, I worked for a company that provided phone location for emergency services (fire, police, medical) to the big 3 cellular companies in the US. It required cell providers to install special hardware; back then, GPS was less ubiquitous, but it (still) suffers from accuracy in urban environments; it doesn’t take much to block GPS signals. Also, you don’t need access to anything more than the service provider’s logs to do trilateration; it’s harder to get GPS data from a phone without having software on the phone. In any case, Google pioneered getting around that by mapping wifi signals and supplementing poor GPS with trilateration, and it was good enough. Even back then, our lunch was being eaten by the cost of our systems, and work-arounds like wifi mapping.

    Anyway, fast forward a decade and I’m working for a company that provides emergency support for customers who are traveling, and we’re looking at ways to locate customers’ business phones to provide relevant notifications. One of the issues was that there are places in the world where data connections are not great, and it was not acceptable for us to just ignore clients without data connections. One of the things we explored was called zero-length SMS. It’s what it sounds like: an SMS message with zero-length does not alert the phone, but it does cause a ping to the phone. It was an idea that didn’t pan out, but that’s not relevant.

    Cell phones have a lot of power-saving algorithms that try to reduce the amount of chatter – both to reduce load on cell towers, but because all that cellular traffic is battery-intensive. So, if you’re a government trying to track a phone, and you’re working with a cell provider, and you don’t have a backdoor in the phone, then you will be able to see which cell tower the phone last spoke with, but that probably won’t give you very good location data and it may not update frequently. This is especially true in rural environments, where there’s low density and a single cell tower might have a service radius of 3 miles – that’s a lot of area.

    If you’re tracking someone by phone, a normal cell connection may not be granular enough. Sending SMSes to a phone can force the phone to ping the tower and give you more data points about where the phone may be, how it’s moving, and so on.If you’re lucky, you can get pings from multiple towers, which might allow you to trilaterate to within a dozen meters.

    Push notifications use data, but I wouldn’t be surprised if there’s some of that going on, too. It says “through Apple and Google’s servers” which means they’re talking about the push notification servers and not the phones. Android phones are constantly sending telemetry back to Google, so if that is what they’re doing sending push notifications is probably more useful to them for Apple phones.

    The article is light on details, but that’d be my guess. Forcing traffic to get more frequent cell tower pings and more data points for trilateration.

    • @cheese_greater@lemmy.worldOP
      link
      fedilink
      2110 months ago

      Fuckin metadata strikes again but also they likely have access to it all unless the app dev specifically and painstakingly implements it 🤯

        • @cheese_greater@lemmy.worldOP
          link
          fedilink
          11
          edit-2
          10 months ago

          Nah, it can be encrypted. Fuck this bullshit, we have the technology, I shouldn’t need to log into everything or open every 1/5000 apps to get quick cues/updates. Apple needs to fuck off with the spying bullshit, even the governmen itself (lawmakers like Wyden are saying fuck this shit and shining a light+exposing it) is saying enough in the way it can.

          Republicans/Democrats/humans who don’t want all their private data becoming endless Kompromat should be united on this, they have a hell of a lot more to hide than any of us singular private citizens

          Edit: 💡on second thought, I switched to Never for “Show Previews” and I kinda like the way it keeps me on my toes and attentive to what it could be (anticipatory and curious). Maybe its just as well. Time will tell

  • Possibly linux
    link
    fedilink
    English
    1010 months ago

    This is why I have always said you shouldn’t trust Apple. They have absolute power over you.

      • @trebuchet@lemmy.ml
        link
        fedilink
        1410 months ago

        You can de-Google an Android phone with a custom ROM and have a phone that you have control over and know nobody is spying on you by running a firewall on the phone.

        Can’t do that on an Apple.

          • @bamboo@lemm.ee
            link
            fedilink
            110 months ago

            It’s not quite the same though. With a custom android ROM, you can be pretty confident that everything kernel-and-up is not spying on you. On iOS and macOS, you don’t have the same level of verifiability, as the OS could just circumvent any VPN/firewall you might have configured. They might pinky promise not to, but without running another external firewall it’s not really verifiable.

    • @Cheradenine@sh.itjust.works
      link
      fedilink
      English
      310 months ago

      As the article says, Apple and Google both do it. Apple disclosed it, Google did not.

      How is your conclusion ‘I don’t trust Apple’?

      • @trebuchet@lemmy.ml
        link
        fedilink
        610 months ago

        The Ars article on this said Google had been disclosing this for the past decade already whereas Apple didn’t.

        • @Cheradenine@sh.itjust.works
          link
          fedilink
          English
          1
          edit-2
          10 months ago

          It said that Google put it in their aggregated report. Not that they disclosed it. There is a big difference between ‘we got 100 requests’ and ‘we got 10 requests for X info, 30 for Y info’.

          ETA: I just looked at the data again, it’s broken in to categories like FISA NSL etc, then it just gives a range of requests 0-1000 etc.

      • Possibly linux
        link
        fedilink
        English
        210 months ago

        Fine, I don’t trust google or apple. I don’t use any of there services anyway.

          • Possibly linux
            link
            fedilink
            English
            210 months ago

            I do? I don’t use google services at all. On my phone I run Lineage os and for file sharing I use self hosted nextcloud.

            • @jasondj@ttrpg.network
              link
              fedilink
              210 months ago

              You can’t really go anywhere on the internet without using Google in some capacity. Cookies and trackers in all the things. Ads aplenty, and blocking them is perpetually an arms race.