US cell carriers are selling access to real-time phone location data
zdnet.comPreviously discussed 3 days ago: https://news.ycombinator.com/item?id=17046632
Despite the dupe factor, I support continuing to raise awareness about this. The fact that it happened at all and continues to be permitted is super messed up.
Shocking abuse of information on part of the carriers, data re-sellers, and ultimately bottom feeding scumbags who let the law run wild and unchecked.
I got the feeling something like this was going on when collection calls became responsive to my location changes the majority of the time. Imagine having no real enjoyment in life, being working poor, and each time you do leave the house you’re greeted with a reminder that you’re in debt and they’re watching you. I don’t doubt the depths of what we’ll find companies doing with access like this.
Can someone with a US phone see if this try-before-you-buy page works?
https://www.locationsmart.com/try/
It would be fucking unbelievable if you were able to track any US phone number like that, no ID, no court order.
Yes, it does work. The page reports its accuracy within 2.26 miles. Measuring on Google Earth, it was off by 0.42 miles, so well within its stated accuracy on the result.
It did require me to respond "YES" to an SMS before the website provided the detail. SMS text was:
LocationSmart: Reply YES or YES LS to confirm consent for cloud location & messaging demo. Reply HELP for help, Reply STOP to cancel. Msg&Data Rates may apply.
I just tested it with two phones in different states and it was within .54 miles.
An SMS consent was required first. (Reply YES to consent)
I just tried it, and It worked to within about 60m of where I'm sitting. I am not pleased.
Yes. It provided a radius, with the center ~6 blocks away from me.
Ugh...
Yes it works. it send you a sms which you have to reply yes to consent. It then gave me the correct location. yes it is unbelievable. crazy.
Works on my Canadian phone
Other responses indicate that the recipient/target has to opt into their location being shown via an SMS, so I fail to understand the outrage assuming the same requirement exists for the non-trial version.
You think consent is being asked for on the non-trial version? This is the service LEOs use to track down fugitives dumb enough to carry their phone. They aren't going to ask for any consent.
Yup, was able to track my phone to within a block.
Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government.
He called that loophole "one of the biggest gaps in US privacy law."
No shit.
I never turn location services on and I run on mobile data (rather than WiFi) almost every moment of the day.
My location was correctly determined within the specified range. sigh Ridiculous.
This doesn't involve location services. The more interesting question is if it works on dual SIM phones for both SIMs.
Turning off cell reception might mitigate it. They seem to use cell triangulation to determine where you are. But maybe also other techniques. That way to locate someone has been possible basically since the beginning of mobile phones - even before internet usage became a thing.
They've been doing that. You can even pay for access. (Marketing companies use it for when you sign up for "deal marketing" via the shortcodes)
Always reassuring to see visible HTML tags in tools like this.
While it does indicate that their QA efforts are underwhelming, it also shows that they at least know the importance of escaping strings...or are using a tool that does some of that for them.
That's a very good point.
You can choose not to carry a cellphone, but sometimes you have to use your car which has a lot of the same "features" as a cellphone. How can you disable all that stuff on a car?
This is unbelievable, wow!! So, when I sign up with a cell carrier, is it in their terms and conditions that they can sell my location data? How is this legal?
Is there anyone from EFF here take notice ?