Skip to content

Archive for November, 2017

22
Nov

Google admits tracking users’ location even when location services are disabled

Big Brother is watching you. Even if you’ve told Big Brother Google you don’t want to be tracked.

Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card?

Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.

When confronted, Google claimed that the tracking was happening in part to improve message delivery, which Quartz rightly deemed to be a completely bogus explanation.

It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery. But the privacy implications of the covert location-sharing practice are plain. While information about a single cell tower can only offer an approximation of where a mobile device actually is, multiple towers can be used to triangulate its location to within about a quarter-mile radius, or to a more exact pinpoint in urban areas, where cell towers are closer together.

The practice is troubling for people who’d prefer they weren’t tracked, especially for those such as law-enforcement officials or victims of domestic abuse who turn off location services thinking they’re fully concealing their whereabouts. Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking. Each phone has a unique ID number, with which the location data can be associated.

Read the whole thing.

1
Nov

Google’s reCaptcha defeated again

NakedSecurity reports:

Researchers have created an automated system to solve Google’s reCAPTCHA auditory challenges.

Again.

Poor, poor prove-you’re-a-human reCAPTCHA tests – also known as Completely Automated Procedures for Telling Computers and Humans Apart – they get no respect!

The point of reCAPTCHA challenges is to act as a gate that lets humans through but stops or slows down bots (software robots), so a bot that can solve a CAPTCHA automatically defeats the whole object of reCAPTCHA. And yet, that’s precisely what keeps happening. There are three kinds, and they’ve all been automatically kicked over by researchers.

reCAPTCHA tests aren’t much of a hurdle for sophisticated spammers, but they definitely inconvenience and annoy users. Yet they are in widespread use all over the place. Time to get rid of them and replace them with something better.