We live in a reasonably dense suburb. Police showed up at our front door and asked to speak with him. They just wanted to make sure he was doing OK. He asked them "how did you find me?" and their response was just "we pinged your phone".

Watching my security camera, they did not stop at any of my neighbors houses first. It was very direct to my front door. This leads me to believe whatever sort of coordinates they had were pretty spot on. His car was parked well down the block and not in front of our house so that was no give away.

This was five years ago and always struck me as a "Huh"

We aren't going to remove the security state. We should make all attempts to, but it won't happen. What needs to happen is accountability. I should be able to turn off sharing personal information and if someone tries I should be notified and have recourse. This should also be retroactive. If I have turned off sharing and someone finds a technical loophole and uses it, there should be consequences. The only way to stop the rampant abuse is to treat data like fire. If you have it and it gets out of control you get burned, badly.

If anyone wants to look at the future of 5G (well ORAN) here it is: https://gitlab.eurecom.fr/oai/openairinterface5g

When talking about the 5G system, cell towers can request a users estimated velocity which when combined with the towers own location combined with the physical radio (that is communicating with the phone (UE)) you can get a pretty good position estimation.

What is new is that network providers are trying to sell this tower/5G data to other companies.

I could be wrong but from my understanding 5G has always required precise tracking of every device connected.

It's a peer to peer network based on Lora. It really only allows text messaging but with up to 20km hops between peers coverage is surprisingly huge. Incredibly useful if you go hiking with friends (if you get split up you can still stay in touch).

See https://eastmesh.au/ and scroll down to the map for the Victoria and now more widely Australia network that's sprung up.

A supported carrier: Germany: Telekom United Kingdom: EE, BT United States: Boost Mobile Thailand: AIS, True

Turn limit precise location on or off

Open Settings, then tap Cellular.

Tap Cellular Data Options.

If you have more than one phone number under SIMs, tap one of your lines.

Scroll down to Limit Precise Location.

Turn the setting on or off. You might be prompted to restart your device.

It is tiring. I am doing something about it by making technical contributions. If you are able to do the same, please do.

This is all automatic and completely pervasive. Worrying about GPS and userspace computers in the smartphone is important but even if you protect that you've already lost. The baseband computer is announcing your position by the minute. Cell phones couldn't really work without the basestations deciding where you are and which will handle you.

This isn’t a new capability and shouldn’t be surprising.

As for this location stuff, I'm curious though into how this works and how Apple (and BOOST/DISH) somehow prevent it happening when the big 3 in the US don't. We all know Apple would have complete control over the modem they designed, that's not a surprise. T-Mobile at least it's possible to stay NR-SA connected, it's apparently not a feature limited to SA like resistance to IMSI catchers are. Is this an OpenRAN feature, which Boost uses?

At least in the past, towers had a piece of equipment called a LMU that is sometimes installed separately from the radio equipment and it's used for measuring the timing advance to triangulate where a device may be for 911. Here's a reddit thread I started years ago for a KML of all the T-Mobile LMU installs in the NYC market: https://www.reddit.com/r/cellmapper/comments/hq2h7u/kml_of_a... (I just found it leaked, it's not online anymore probably). An FCC doc on LMU's: https://transition.fcc.gov/pshs/services/911-services/enhanc... (this is all old tech now, we're doing LTE/NR now in 99.9% of circumstances in the US)

2017 Broadband Consumer Privacy Proposal

https://www.congress.gov/bill/115th-congress/senate-joint-re...

One day, I was waiting to pick up someone at the bus station and a crazy driver came roaring through the parking lot, jumped the curb and took out a stop sign, then backed up to free it from his car and careened off.

I got on the phone with 911.

I got put on hold, and while waiting on speaker I took a picture of the stop sign from the crash. later the call ended.

The next day I noticed that the photo I took had an embedded location.

location services was globally enabled on the phone during the call.

I wouldn't be surprised if all apps on your phone during 911 get your precise location.

Of course, this doesn't require having GPS location, just cell tower info is enough.

Almost every carrier can triangulate a handset in an area with multiple towers without help of the handset using relative signal strength to each seen towers and data processing. This is how most police in most jurisdictions are able to find an active handset within ~100m given only a phone number. Don't think carriers in some countries aren't constantly logging that approximate and precise queried location metadata and selling it to data brokers.

The only method to prevent continuously location tracking is to disconnect a handset from the cellular network by attenuating the signal with a blocking bag, antenna disconnection, or real power off. The lack cellular network connectivity may be extremely inconvenient by defeating the purpose of a phone. There are situations where someone doesn't want to power down their phone but does want to be RF clean where a Faraday bag would be a good idea(tm).

TL;DR, this is nothing new.

Carriers have offered location of your device for 911 calls for years now, through a set of metadata called Automatic Location Identification (ALI).

This is only provided to 911 (police & fire) by carriers alongside your 911 call.

Mobile Device Manufacturers can also provide "precise location" to 911 for the same calls, but that's a separate form of data and closely secured.

Bottom line - Carrier data has always been less precise, but more readily available. Device data (i.e. Apple and Google) is more precise, but harder to access.

https://en.wikipedia.org/wiki/Enhanced_911

NB: same applies for NB-IOT. NBB: this has actually SAVED lives source: I use to work as a core network archictect for tier1 carriers

https://www.rfwireless-world.com/terminology/cellular-tower-...

https://www.t-mobile.com/support/plans-features/t-mobile-fam...

It doesn't require any type of download or application on the target phone or device and doesn't give notice while giving an almost precise location with history of where the device has been.

It has been available for many years under different names. The ability to track any phone or device under the account.

It was purely based on triangulation based on which tower the cellphone was connected to, so not precise at all (narrow down to a few city blocks).

So at least back in 2018, precise location was not possible.

That said the baseband modem in the phone could certainly be updated to collect and automatically send GPS based location data (notwithstanding security on the device).

I bet that even the most well versed security researchers don't know it all.

The trivial examples like where users assume safety because they use HDD encryption and TLS but they run firmware they don't know about (like a whole parallel OS being ran by some CPUs) are just what is very visible.

In practice, we should assume that everything that is connected and everything we do online is unsafe.

With that being said, my 10th floor apartment has a 5g radio installed by one of the major carriers and I am still placed one block wrong when looking on Google Maps.

It is interesting that we let this happen. Modern phones are very useful devices, but they're not really mandatory for the vast majority of people to actually carry around everywhere they go, in many cases they merely add some convenience or entertainment, and act to consolidate various other kinds of personal devices into just one. If you wanted, you could more often than not avoid needing one. Yet, we pretty much all carry one around anyways, intentionally, and this fact is somewhat abused because it's convenient.

Having watched a fair bit of police interrogations videos recently (don't knock it, it can be addicting) I realized that police have come to rely on cell phone signals pretty heavily to place people near the scene of a crime. This is doubly interesting. For one, because criminals should really know better: phones have been doing this for a long time, and privacy issues with mobile phones are pretty well trodden by this point. But for another, it's just interesting because it works. It's very effective at screwing up the alibi of a criminal.

I've realized that serious privacy violations which actually do work to prevent crime are probably the most dangerous of all, because it's easy to say that because these features can help put criminals behind bars, we should disregard the insane surveillance state we've already built. It's easy to justify the risks this poses to a free society. It's easy to downplay the importance of personal freedoms and privacy.

Once these things become sufficiently normal, it will become very hard to go back, even after the system starts to be abused, and that's what I think about any time I see measures like chat control. We're building our own future hell to help catch a few more scumbags. Whoever thinks it's still worth it... I'd love to check back in in another decade.

https://en.wikipedia.org/wiki/Radio_resource_location_servic...

Until then, we must assume that using anything connected implies risks.

> Germany: Telekom > United Kingdom: EE, BT > United States: Boost Mobile > Thailand: AIS, True

So turning this "off" on other carriers results in GPS data still shipped off?

It’s also illegal to sell new cars without a cell modem in them.

The phones are the least of our worries.

It was 5 meters back in 2006 in urban areas.

How anyone could think this isn't a 4th Amendment violation is a mystery to me.

This has been the case since the e911 project in the 1990's and is mandatory. Prior to this I would reset the message waiting indicator on their phone continuously to see what cells and cell sectors they were moving through but that would basically just show what road or roads they may be on and what direction they are going very roughly. Assisting the FBI with tracking kidnappers or at least that is what they told me.

There are loads of other tags that can be set on someones phone. My favorites were priority override and caller-id blocking override. This was before SS7 spoofing was so prevalent.

Mobile carriers have so much information about you. They know exactly where you are, what you are doing (location combined with mapping tools) combined with who you are talking to.

They know when you are at home depot, when you are the grocery store, when you are at home, when you are awake, when you are asleep, etc.

In the U.S. there are very few laws stopping them from using all your data. In the E.U. you should definitely read up, as you aren't as protected as you think you are.

Forget Nation/State nonsense. You have an active relationship with a company who, by it's very existence and your business relationship, knows what you do all day long.

Don't even get me started about the rabbit hole surrounding 'incognito'/anonymous browsing.

EDIT: You've probably heard of Man-in-the-Middle attacks, right? They are the man in the middle. They will exploit this as best they legally can (and in certain cases, without regard to legality)

The best way to protect yourself is not to play the game at all. The same goes for your ISP, FWIW.

Why wouldn't carriers be able to ask your phone about what it thinks its location is?