How the NSA Says You Can Limit Location Data Exposure
The mitigations are designed for government officials, but the advice itself can be useful for many more people.
Location data can be one of the most valuable pieces of information for an attacker, and also arguably one of the hardest to protect. Smartphones are constantly providing such data through apps, the phone's operating system itself, or in virtue of just using telecommunications networks or being near other devices.
With that in mind, the National Security Agency (NSA) on Tuesday published its own guidelines for limiting the exposure of location data. The guidelines are geared more for government officials, but the advice itself can be useful for those hoping to stop sending so much location data to tech companies, ad firms, or apps that may then expose it later.
https://www.vice.com/en_us/article/v7gxv3/nsa-location-data-privacy
#us #NSA #privacy #location #data
The mitigations are designed for government officials, but the advice itself can be useful for many more people.
Location data can be one of the most valuable pieces of information for an attacker, and also arguably one of the hardest to protect. Smartphones are constantly providing such data through apps, the phone's operating system itself, or in virtue of just using telecommunications networks or being near other devices.
With that in mind, the National Security Agency (NSA) on Tuesday published its own guidelines for limiting the exposure of location data. The guidelines are geared more for government officials, but the advice itself can be useful for those hoping to stop sending so much location data to tech companies, ad firms, or apps that may then expose it later.
https://www.vice.com/en_us/article/v7gxv3/nsa-location-data-privacy
#us #NSA #privacy #location #data
Vice
How the NSA Says You Can Limit Location Data Exposure
The mitigations are designed for government officials, but the advice itself can be useful for many more people.
Los Angeles settles Weather Channel lawsuit, lets it keep selling location data to advertisers
The app will change how it notifies users about location-tracking
Los Angeles has settled its lawsuit against the operator of The Weather Channel app. The city filed litigation against the company in 2019, alleging that the app misled millions of people into granting access to their personal location data and sold that data to third parties.
While IBM is celebrating this moment by calling those original claims “baseless” in a statement to The Verge, it sounds like they were largely true — since the only thing the settlement requires is for The Weather Channel to proactively warn users that yes, your location data is for sale.
https://www.theverge.com/2020/8/19/21376217/los-angeles-the-weather-channel-app-lawsuit-settlement-location-data-selling
#US #LosAngeles #IBM #location #data #lawsuit #privacy
The app will change how it notifies users about location-tracking
Los Angeles has settled its lawsuit against the operator of The Weather Channel app. The city filed litigation against the company in 2019, alleging that the app misled millions of people into granting access to their personal location data and sold that data to third parties.
While IBM is celebrating this moment by calling those original claims “baseless” in a statement to The Verge, it sounds like they were largely true — since the only thing the settlement requires is for The Weather Channel to proactively warn users that yes, your location data is for sale.
https://www.theverge.com/2020/8/19/21376217/los-angeles-the-weather-channel-app-lawsuit-settlement-location-data-selling
#US #LosAngeles #IBM #location #data #lawsuit #privacy
How Your Phone Is Used to Track You, and What You Can Do About It
Smartphone location data, often used by marketers, has been useful for studying the spread of the coronavirus. But the information raises troubling privacy questions.
As researchers and journalists try to understand how the coronavirus pandemic is affecting people’s behavior, they have repeatedly relied on location information from smartphones. The data allows for an expansive look at the movements of millions of people, but it raises troublesome questions about privacy.
In several articles, The New York Times has used location data provided by a company called Cuebiq, which analyzes data for advertisers and marketers. This data comes from smartphone users who have agreed to share their locations with certain apps, such as ones that provide weather alerts or information on local gas stations.
https://www.nytimes.com/2020/08/19/technology/smartphone-location-tracking-opt-out.html
#phone #location #privacy #surveillance
Smartphone location data, often used by marketers, has been useful for studying the spread of the coronavirus. But the information raises troubling privacy questions.
As researchers and journalists try to understand how the coronavirus pandemic is affecting people’s behavior, they have repeatedly relied on location information from smartphones. The data allows for an expansive look at the movements of millions of people, but it raises troublesome questions about privacy.
In several articles, The New York Times has used location data provided by a company called Cuebiq, which analyzes data for advertisers and marketers. This data comes from smartphone users who have agreed to share their locations with certain apps, such as ones that provide weather alerts or information on local gas stations.
https://www.nytimes.com/2020/08/19/technology/smartphone-location-tracking-opt-out.html
#phone #location #privacy #surveillance
Private Intel Firm Buys Location Data to Track People to their 'Doorstep'
The data comes from hundreds of ordinary apps installed on peoples’ phones around the world.
A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples' phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their "doorstep."
The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals.
https://www.vice.com/en_us/article/qj454d/private-intelligence-location-data-xmode-hyas
#intelligence #firm #HYAS #data #location #privacy
The data comes from hundreds of ordinary apps installed on peoples’ phones around the world.
A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples' phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their "doorstep."
The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals.
https://www.vice.com/en_us/article/qj454d/private-intelligence-location-data-xmode-hyas
#intelligence #firm #HYAS #data #location #privacy
Vice
Private Intel Firm Buys Location Data to Track People to their 'Doorstep'
The data comes from hundreds of ordinary apps installed on peoples’ phones around the world.
Forwarded from Privacy Matters 🛡️
All the ways your Phone tracks your location.
📹 Watch it via:
YouTube || Invidious
📡 @howtobeprivateonline
#Surveillance #Location #Privacy #Guide
Your phone (Android or iPhone) is tracking your location even if you disable Location Services, turn on airplane mode, and disable Bluetooth. Learn how to stop it once and for all.
📹 Watch it via:
YouTube || Invidious
📡 @howtobeprivateonline
#Surveillance #Location #Privacy #Guide
Forwarded from Privacy Matters 🛡️
Media is too big
VIEW IN TELEGRAM
Your phone is LISTENING to you - Ultrasonic cross device tracking
📹 Watch it via:
YouTube || Invidious
📖 Bat in the mobile. An Study on Ultrasonic Tracking Read more...
📡 @howtobeprivateonline
#Surveillance #Ads #IOT #Tracking #Location
Ultrasonic cross-device tracking uses an inaudible, high-frequency sounds to link your devices − TVs, phones, tablets and PCs − so that advertisers can better track you.
📹 Watch it via:
YouTube || Invidious
📖 Bat in the mobile. An Study on Ultrasonic Tracking Read more...
📡 @howtobeprivateonline
#Surveillance #Ads #IOT #Tracking #Location
How the U.S. Military Buys Location Data from Ordinary Apps
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x
#US #military #intelligence #privacy #location #why
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x
#US #military #intelligence #privacy #location #why
Vice
How the U.S. Military Buys Location Data from Ordinary Apps
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.
Salaat First: Another Popular Muslim Prayer App Sells Location Data to FBI, ICE
Salaat First shared location data with a French firm Predicio which had customers including Venntel, a US government contractor.
The methods of surveillance have changed over time. Nowadays, government agencies do not need to follow someone to track their activities. Mobile phone users, unknowingly, hand over their privacy rights to the tech companies that in turn sell it to government contractors. A popular Muslim prayer app, named Salaat First, found selling users' location data to its partner that has customers with the US government agencies including the FBI and the ICE.
Salaat First, which reminds its users about Muslim prayer timings, has been downloaded over 10 million times on Android. To accurately tell users prayer times, Salaat First asks for permission to read precise location, has access to device ID, phone, media storage, USB storage and full network access. However, the app developer was selling the same user data to its partner, a French firm named Predicio.
https://www.ibtimes.sg/salaat-first-another-popular-muslim-prayer-app-sells-location-data-fbi-ice-54843
#US #France #FBI #ICE #surveillance #location #data
Salaat First shared location data with a French firm Predicio which had customers including Venntel, a US government contractor.
The methods of surveillance have changed over time. Nowadays, government agencies do not need to follow someone to track their activities. Mobile phone users, unknowingly, hand over their privacy rights to the tech companies that in turn sell it to government contractors. A popular Muslim prayer app, named Salaat First, found selling users' location data to its partner that has customers with the US government agencies including the FBI and the ICE.
Salaat First, which reminds its users about Muslim prayer timings, has been downloaded over 10 million times on Android. To accurately tell users prayer times, Salaat First asks for permission to read precise location, has access to device ID, phone, media storage, USB storage and full network access. However, the app developer was selling the same user data to its partner, a French firm named Predicio.
https://www.ibtimes.sg/salaat-first-another-popular-muslim-prayer-app-sells-location-data-fbi-ice-54843
#US #France #FBI #ICE #surveillance #location #data
International Business Times, Singapore Edition
Salaat First: Another Popular Muslim Prayer App Sells Location Data to FBI, ICE
Salaat First shared location data with a French firm Predicio which had customers including Venntel, a US government contractor.
USA terrorist group admits to buying citizens’ location data
https://www.theverge.com/2021/1/22/22244848/us-intelligence-memo-admits-buying-smartphone-location-data
#location #tracking #data #usa #gov #military #dia #why
https://www.theverge.com/2021/1/22/22244848/us-intelligence-memo-admits-buying-smartphone-location-data
#location #tracking #data #usa #gov #military #dia #why
The Verge
US Defense Intelligence Agency admits to buying citizens’ location data
It says it rarely uses the data.
⚠️Update Android A-GPS⚠️
A-GPS sends your IMSI and exact location to the supl server that is selected. On android, the supl.google.com server is standard selected when your Sim provider does not preconfigured its own supl server on android. This is the case in most non US countries. So your IMSI and location will be sent to google.
Do not use supl.vodafone.com, thanks to @ yova777 we know that it redirects to supl.google.com.
The method of changing / disabeling your supl server is different for each device.
You need to find a file like:
-system/etc/gps.conf
-vendor/etc/gps.conf
-vendor/etc/gnss/agps_profiles_conf2.xml
- or files alike where you can edit the supl server
You can use this command to find it, modify xyz:
- or you can try this module, but you should modify it, or it just points to Vodafone/Google by default:
https://github.com/PlqnK/magisk-supl-replacer
You can also use 'localhost' but this will take several minutes if AGPS is requested.
✌
PS
This method is not proven to be working yet!
Thanks @ sennaofficial
This is how some roms deal with it (thanks @ Rimana_a):
GrapheneOS
-Implement toggle for changing between carrier and Google SUPL server.
https://github.com/GrapheneOS/os-issue-tracker/issues/914
-Implement toggle for restricting device identifiers sent to SUPL server
https://github.com/GrapheneOS/os-issue-tracker/issues/915
DivestOS removes imsi
CalyxOS use system provided or network provided supl server. (xtracloud on Qualcomm phones). I couldn't find what fallback server is used.
Both Lineage OS and /e/ have Google's set as fallback.
#agps #gps #location #android
A-GPS sends your IMSI and exact location to the supl server that is selected. On android, the supl.google.com server is standard selected when your Sim provider does not preconfigured its own supl server on android. This is the case in most non US countries. So your IMSI and location will be sent to google.
Do not use supl.vodafone.com, thanks to @ yova777 we know that it redirects to supl.google.com.
The method of changing / disabeling your supl server is different for each device.
You need to find a file like:
-system/etc/gps.conf
-vendor/etc/gps.conf
-vendor/etc/gnss/agps_profiles_conf2.xml
- or files alike where you can edit the supl server
You can use this command to find it, modify xyz:
find / | grep xyz
- or you can try this module, but you should modify it, or it just points to Vodafone/Google by default:
https://github.com/PlqnK/magisk-supl-replacer
You can also use 'localhost' but this will take several minutes if AGPS is requested.
✌
PS
This method is not proven to be working yet!
Thanks @ sennaofficial
This is how some roms deal with it (thanks @ Rimana_a):
GrapheneOS
-Implement toggle for changing between carrier and Google SUPL server.
https://github.com/GrapheneOS/os-issue-tracker/issues/914
-Implement toggle for restricting device identifiers sent to SUPL server
https://github.com/GrapheneOS/os-issue-tracker/issues/915
DivestOS removes imsi
CalyxOS use system provided or network provided supl server. (xtracloud on Qualcomm phones). I couldn't find what fallback server is used.
Both Lineage OS and /e/ have Google's set as fallback.
#agps #gps #location #android
GitHub
GitHub - PlqnK/magisk-supl-replacer: Magisk module to replace the SUPL provider in gps.conf
Magisk module to replace the SUPL provider in gps.conf - PlqnK/magisk-supl-replacer
This media is not supported in your browser
VIEW IN TELEGRAM
⚠️Update AGPS mediatek devices⚠️
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. Reboot and enjoy.
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video!
All servers can be used:
#location #agps #gps
https://t.me/NoGoolag/64
https://t.me/NoGoolag/11136
https://t.me/NoGoolag/11293
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. Reboot and enjoy.
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video!
All servers can be used:
#location #agps #gps
https://t.me/NoGoolag/64
https://t.me/NoGoolag/11136
https://t.me/NoGoolag/11293
⚠️Update AGPS mediatek devices⚠️
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit, or any root text editor, and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else like the name or port, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. If you have set your NTP_SERVER to pool.ntp.org your new supl server might not work.
6. Reboot and enjoy
If you still want to use the supl.google.com server you can remove your IMSI from the message by disabling this option (set imsi_enable=false)
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video! This redirects to supl.google.com
https://t.me/NoGoolag/64
Qualcomm https://t.me/NoGoolag/11136
Mediatek https://t.me/NoGoolag/11308
#location #agps #gps #mediatek
The following method is now proven to work (on the note 8 pro).
1. Download QuickEdit, or any root text editor, and grant root access.
2. Go to /vendor/etc/gnss/agps_profiles_conf2.XML
3. Edit all the supl.google.com servers as shown in the pictures below. Do no edit or remove ANYTHING else like the name or port, if you do so the file will be ignored by the GPS app.
4. If you set a server that does not work, it will ping a mediatek server.
5. If you have set your NTP_SERVER to pool.ntp.org your new supl server might not work.
6. Reboot and enjoy
If you still want to use the supl.google.com server you can remove your IMSI from the message by disabling this option (set imsi_enable=false)
I have included a instruction video on how to do so.
PS
Do not use the vodafone server as in the video! This redirects to supl.google.com
https://t.me/NoGoolag/64
Qualcomm https://t.me/NoGoolag/11136
Mediatek https://t.me/NoGoolag/11308
#location #agps #gps #mediatek
Telegram
NoGoolag
UnifiedNLP Backends
MicroG needs some backends to get network Location.
I should take these two paragraphs to clarify that Network location is NOT GPS. MicroG has nothing to do with your GPS. Network Location is that hugely approximated wide-circle that…
MicroG needs some backends to get network Location.
I should take these two paragraphs to clarify that Network location is NOT GPS. MicroG has nothing to do with your GPS. Network Location is that hugely approximated wide-circle that…
#Google sued by DC and three states for ‘deceptive’ Android #location #tracking
https://www.theverge.com/2022/1/24/22898760/google-dc-washington-texas-indiana-attorneys-general-lawsuit-location-data-tracking
https://www.theverge.com/2022/1/24/22898760/google-dc-washington-texas-indiana-attorneys-general-lawsuit-location-data-tracking
The Verge
Google sued by DC and three states for ‘deceptive’ Android location tracking
Android’s interface is full of "misleading pressure tactics."
#usa #Target shop is tracking you and changing prices based on your #location. You could be charged more just for walking inside a store.
https://www.huffpost.com/entry/target-tracking-location-changing-prices_l_603fd12bc5b6ff75ac410a38
https://www.huffpost.com/entry/target-tracking-location-changing-prices_l_603fd12bc5b6ff75ac410a38
HuffPost UK
Target Is Tracking You And Changing Prices Based On Your Location
You could be charged more just for walking inside a store.
How #USA #gov buys our cell phone #location data
https://www.eff.org/deeplinks/2022/06/how-federal-government-buys-our-cell-phone-location-data
#stalking #surveillance
https://www.eff.org/deeplinks/2022/06/how-federal-government-buys-our-cell-phone-location-data
#stalking #surveillance
Electronic Frontier Foundation
How the Federal Government Buys Our Cell Phone Location Data
Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many
New documents reveal ‘huge’ scale of US government’s cell phone location data tracking
The Department of Homeland Security (DHS) used mobile location data to track people’s movements on a much larger scale than previously known, according to new documents unearthed by the American Civil Liberties Union (ACLU).
It’s no secret that U.S. government agencies have been obtaining and using location data collected by Americans’ smartphones. In early 2020, a Wall Street Journal report revealed that both Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) bought access to millions of smartphone users’ location data to track undocumented immigrants and suspected tax dodgers.
However, new documents obtained by the ACLU through an ongoing Freedom of Information Act (FOIA) lawsuit now reveal the extent of this warrantless data collection. The 6,000-plus records reviewed by the civil rights organization contained approximately 336,000 location points across North America obtained from people’s phones. They also reveal that in just three days in 2018, CBP obtained records containing around 113,654 location points in the southwestern United States — more than 26 location points per minute.
https://techcrunch.com/2022/07/18/homeland-security-cell-phone-tracking
#dhs #location #tracking
The Department of Homeland Security (DHS) used mobile location data to track people’s movements on a much larger scale than previously known, according to new documents unearthed by the American Civil Liberties Union (ACLU).
It’s no secret that U.S. government agencies have been obtaining and using location data collected by Americans’ smartphones. In early 2020, a Wall Street Journal report revealed that both Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) bought access to millions of smartphone users’ location data to track undocumented immigrants and suspected tax dodgers.
However, new documents obtained by the ACLU through an ongoing Freedom of Information Act (FOIA) lawsuit now reveal the extent of this warrantless data collection. The 6,000-plus records reviewed by the civil rights organization contained approximately 336,000 location points across North America obtained from people’s phones. They also reveal that in just three days in 2018, CBP obtained records containing around 113,654 location points in the southwestern United States — more than 26 location points per minute.
https://techcrunch.com/2022/07/18/homeland-security-cell-phone-tracking
#dhs #location #tracking
TechCrunch
New documents reveal ‘huge’ scale of US government’s cell phone location data tracking
In just one three-day span, DHS obtained over 113,000 location points — a fraction of the overall data it acquired without a warrant.
Blocking xtrapath1.izatcloud.net, xtrapath2.izatcloud.net & xtrapath3.izatcloud.net is great for privacy, #Qualcomm gathers a huge amount of user data.
https://github.com/jerryn70/GoodbyeAds/issues/160
Issue
Requests from these domains are needed for people that use their #GPS. I had many GPS issues and didn't find how to get rid of these... After noticing that these domains were making requests each 5 min, I found why I experienced these issues : A-GPS data was not updated at all.
What data is really collected ? Qualcomm official's website answers:
XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they're exclusively using that now...). Of course it should be blocked. But it's necessary to allow one of those 3 domains in order to make the GPS work properly.
So I whitelisted one of those domains for 5 min and once the request was done I blacklisted it again, GPS is now working as intended. But I know the issue will come back in about 7 days. (I think that I'm still moderately protected from Qualcomm's threat of privacy, because after less than 3 hours these domains were making requests again.)
I tested with Google maps, Waze, TomTom and Mappy, every time all of these apps were unable to refresh my position in real time, and after more than 3-4 months it was just not working at all.
Solution
Like for graph.facebook.com, add a notice to warn users about these GPS issues.
Sources :
https://wwws.nightwatchcybersecurity.com/tag/gps/
https://www.qualcomm.com/site/privacy/services
Also see https://en.wikipedia.org/wiki/Assisted_GPS
#agps #location #android
https://github.com/jerryn70/GoodbyeAds/issues/160
Issue
Requests from these domains are needed for people that use their #GPS. I had many GPS issues and didn't find how to get rid of these... After noticing that these domains were making requests each 5 min, I found why I experienced these issues : A-GPS data was not updated at all.
What data is really collected ? Qualcomm official's website answers:
XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they're exclusively using that now...). Of course it should be blocked. But it's necessary to allow one of those 3 domains in order to make the GPS work properly.
So I whitelisted one of those domains for 5 min and once the request was done I blacklisted it again, GPS is now working as intended. But I know the issue will come back in about 7 days. (I think that I'm still moderately protected from Qualcomm's threat of privacy, because after less than 3 hours these domains were making requests again.)
I tested with Google maps, Waze, TomTom and Mappy, every time all of these apps were unable to refresh my position in real time, and after more than 3-4 months it was just not working at all.
Solution
Like for graph.facebook.com, add a notice to warn users about these GPS issues.
Sources :
https://wwws.nightwatchcybersecurity.com/tag/gps/
https://www.qualcomm.com/site/privacy/services
Also see https://en.wikipedia.org/wiki/Assisted_GPS
#agps #location #android
GitHub
GPS not working properly · Issue #160 · jerryn70/GoodbyeAds
Blocking xtrapath1.izatcloud.net, xtrapath2.izatcloud.net & xtrapath3.izatcloud.net is great for privacy, Qualcomm gathers a huge amount of user data. Issue Requests from these domains are need...
Is This the End of Geofence Warrants?
Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult—if not impossible—for Google to provide mass #location data in response to a geofence warrant, a change we’ve been asking #Google to implement for years.
https://www.eff.org/deeplinks/2023/12/end-geofence-warrants
Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult—if not impossible—for Google to provide mass #location data in response to a geofence warrant, a change we’ve been asking #Google to implement for years.
https://www.eff.org/deeplinks/2023/12/end-geofence-warrants
Electronic Frontier Foundation
Is This the End of Geofence Warrants?
Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult—if not
Mozilla will be retiring the Mozilla #Location Service
https://github.com/mozilla/ichnaea/issues/2065
https://github.com/microg/GmsCore/issues/2237
Comments
#microg
https://github.com/mozilla/ichnaea/issues/2065
https://github.com/microg/GmsCore/issues/2237
Comments
#microg
GitHub
Retiring the Mozilla Location Service · Issue #2065 · mozilla/ichnaea
The accuracy of Mozilla Location Service (MLS) has steadily declined. With no plans to restart the stumbler program or increase investments to MLS we have made the decision to retire the service. I...