This is a most excellent place for technology news and articles.
Turning off our phones isn't the answer, prohibiting this invasive and predatory practice is the solution. They couldn't follow you around town and all the way home, and take note of your address without getting flagged for stalking, or at least a restraining order.
They shouldn't be able to stalk you electronically, any more than they can do it on person.
Shouldn't be able to but the vast majority of the public ceded their privacy to corporations long ago for discounts or features or content (or just no reason at all), corporations will always be buddy-buddy with the state, so here we are. The horses are out of the barn, the barn's been burned down, the horses have been cremated and the ashes snorted by Don Jr. I sure would like to see a return to pre-techno-dystopian values tho.
Everyone should be using an ad blocker for this reason exactly.
Ads are often the culprit of data for the location data brokers. Fuck the ads.
Important to note that it isnt just ads. Any app on your phone with location permission can share it, including some OEM aps qnd bloatware depending on the phone.
If you dont want to be seen, dont take your phone. About the only reasonable way to be sure your data isnt being collected is to not create the data in the first place.
Stay safe out there.
People get offended whenever I've said that even random app developers are part of the problem. They can't or won't see that what we have arrived at is a Kafkesque world. It has been death by millions of papercuts. The collective rush to make an "app for everything" was in net effect building a global surveillance dragnet. It was inevitable the aggregate of data would turned into an authoritarian system of oppression.
All you wanted to do was make a 99 cents a sale for your basic phone app. You blindly stuffed it with copy-paste analytics APIs that voraciously collect data from users without transparency at all. You insisted that these random data brokers are 100% super honest. Just trust them, bro. You ridiculed anyone of trying to warn people how reckless this is. Good job, guys.
The people should start buying this data to identify ICE personnel involved in incidents. It's not like you need to be law enforcement to get access to this. You just need money.
Pretty sure someone was able to pose as a PI and get paid access a while ago.
Darknet Diaries had an episode on it
I bet a nonprofit would have a reasonable chance of raising the funds to buy the data and publicly publish it.
We need to be more careful than that, no one wants to end up on a list when a non-profit is required to show its books.
Should be a very private and affordable for-profit with some reasonable way to keep payments off the books
Are nonprofits required to track who they receive donations from? I could be wrong, but I don't think they are. They have to have financial records, but I don't think that means maintaining a donor list.
It depends on the details of the non-profit. In the circumstances I see, you're not required to make it public, but you ARE required to provide the list to the government.
I can say, If you started a non-profit and used it to track ice, they most certainly would obtain a list of your doners if they had to go and take it from the hands of your payment provider. Even most crypto isn't fully safe because of banking reporting required
That's a good point, they'd definitely just subpoena your bank records. If crypto is used properly, it can be nigh impossible to trace, though. Bitcoin isn't very private at all on the blockchain, but if you send over lightning network, my understanding is that it becomes effectively impossible to track, unless your adversary controls enough lightning network nodes to track the payment as it bounces between nodes. They wouldn't need to control the whole path, but they would need to control nodes VERY close to origin and destination, ideally the adjacent nodes, and enough of those in the middle to be reasonably sure they can accurately follow the money. The lightning network doesn't leave a detailed ledger behind, so only way to trace a payment is to be involved in its processing, which means controlling the nodes the money passes through on its way to the recipient.
Of course, that's way too obscure and unknown for the vast majority of people, so I don't see a nonprofit succeeding that way these days. Maybe if crypto actually does get mainstream, but that's still a pretty big if.
but if you send over lightning network
Heh onion routing for bitcoin payments, that's pretty neat. The receiver ends up hanging a bit in the wind.
Maybe it could be a steam game or something with pausible deniablilty
The receiver ends up hanging a bit in the wind.
Actually, the way the payments are structured, no money moves AT ALL if ANYONE in the chain tries to back out. It maintains the trustless nature of crypto. I don't recall the specifics of how it's done, though.
No, hanging in the wind as being the receiver. Kinda like tor exit nodes can't hide. Unlike tor exit nodes (well for the time being) you can get hit for recieving the money and paying for something deemed illegal wiht it.
Ah, I see what you mean. Yes and no. The receiver does need to somehow communicate the destination to the sender, I believe typically through an invoice of some sort. Been a long time since I kept up, so the details are getting hazy. Anyway, there are only two times that lightning network usage requires a publicly visible blockchain transaction: when you want to put coins on the lightning network and when you want to take them back off to the blockchain. You open a channel with a node basically saying "I'll put X amount in this channel in if you'll put in Y amount (one of them can be zero, i.e. send or receive only), and here's a signed transaction you can publish on the blockchain to get your money back at any time." Any time you make a transaction over the lightning network, you rewrite that cashout transaction so the balance shifts by however much you're sending plus any fees you agree to pay, but you do it in such a way that you only really give them the signed transaction if they prove they're gonna pass on what you want to send to the next node, and this process repeats with every node in the chain until everyone agrees to move the money.
All that to say there's really no record of any transaction ever happening outside of however your balance changes between putting it on the network and taking it back off. There's no record of who sent what, how many transactions it took, what path any transaction took to get there, nothing at all except initial and final balance. Now, this does mean that if the money is withdrawn, there's evidence you've been paid, but not for what, by who, by how many people, over how many transactions, or a anything else but the final total amount from all transactions. If they just spent everything they received back over the lightning network, there's effectively no real evidence that any real transactions ever occurred.
Of course, this hypothetical nonprofit is almost certainly going to be paying a company that wants US dollars. They'll probably have to cash out in a highly traceable way, and actually buying the ICE data will require a highly traceable bank transfer or other conventional payment method. In that sense, you're right, the nonprofit gets left exposed. But they could completely mask who sent money.
It wasn't that long ago we had phones that couldn't leave the house. This choice does still exist for us.
Does it? It was possible a while ago, but in the last years, we saw train tickets going to apps. There is no ticket machine at my local stop. There are areas where you can only park your car with an app. I need 2FA to get into my accounts. Restaurants have QR code menus. So going to protests or just living your life without a phone is getting harder
just living your life without a phone is getting harder
This is a bigger problem than most realize. Consider the barrier-to-entry for phones, internet access, and charging. Then add cashless payment on top of that. Combined, it creates a new red-line between economic classes, and a rather ugly one at that. At some point, this mode of commerce is going to get selected not for the convenience it provides, but for whom it excludes.
I'll also add that getting access to a smartphone with total anonymity is impressively hard to do.
I lived without a cell phone for about 3 years (2022-2025), and once in a while there was a small hurdle but overall it was surprisingly easy. 2FA can be done via text/email, I never ran into an instance where I needed an app. Every ticket I bought could be printed at home, so it takes a little more forethought but not a deal breaker. Never ran into any parking stations that couldn't be paid via a kiosk/card, but YMMV.
These days I own a phone per request of one of my business clients, but it stays turned off at home unless I'm on a job. Once in a while I'll break it out to use the GPS but most places I drive to I can find by memory. There are many "middle" ground solutions out there too (like Graphene OS), but as a general rule, I would make a habit of leaving your phone at home when you can, and definitely when engaging in anything spicy.
The choice does exist, but it gets harder and harder to go without a phone
Many jobs expect us to be available at all hours. Younger generations cannot navigate without maps. Phones are also the primary way we record/observe ICE. They're also our calendar/organizer, notebook, and many other things
Sure, we can have an independent GPS, camera, calendar, and notepad, but the barrier keeps getting higher
We need to develop counter measures, and long-term pass strong laws banning this level of government surveillance
Public payphones in the streets and emergency phones alongside highways have also been removed (at least in my country). So yeah, our society expects us to have our own phones with us whenever we're away from home.
Your phone company is selling this data. Your tax dollars are then used to spy on you. But let's place the blame with the enablers. If the data wasn't being sold, ICE couldn't buy it with your money.
Privacy is a myth in the United States.
While you are right, sounds like they are mostly getting the data through location data brokers that use advertisement industry to track you.
There's plenty of blame to go around on this, no need to only go after one party in the whole chain that allows this to occur.
Privacy is a myth everywhere that you use social media, cellular connected GPS trackers (aka phones), drive around with unique number plates while OCR capable video cameras take continuous records of which plates passed by them and when. Yes, it's bad in the US. Is it better anywhere else?
US a surveillance regime as much as North Korea, China and Russia.
US surveillance is far more effective than North Korea or Russia's domestic surveillance
Only China is in the same realm in terms of ability to surveil citizens. They're just more open about using it for low-level offenses
Do not take your phone to protests/rallies/organized events. Do not turn it off and take it with you thinking it's okay, they will know when and where you turned it off. Jury is still out if modern phones truly turn off as well. Use a regular camera for taking pictures, take lots of them, get faces, IDs, anything if you can of ICE. Let them start the violence first.
It's worth adding that, if you are arrested, that phone is a treasure-trove of potential liability that will absolutely get used against you. Also, you're probably not getting it back, so you're better off without it. Carry cash, a map if you must, and coordinate rally points and fallback locations with your friends ahead of time.
A proper camera is a good tip, but make sure the camera memory and storage card are wiped ahead of time.
One of the best things about phones with batteries you can replace. You can take them out of the phone as well.
Yep, I miss removable batteries. Not just for the ability to replace the batteries (e.g. due to degradation) but also to be able to completely remove power from the device.
Pardon the pedanticness: Phones do NOT completely power down. The jury is out on if they are still traceable in "standby"/psuedo-powered off mode. The generally accepted advice is to treat them like they are still tracable.
If "Find my phone" still works when it's turned off, then yes, phones are definitely traceable when powered down.
Wasn't sure if they were or not, why I mentioned the jury was out on it. Regardless, leave your phone at home.
I thought this was going to say they were deploying Stingrays in neighborhoods. Pretty sure this is worse, because at least a Stingray requires something be physically present. Fuck all of this.
My guess is the get the phone info from protests and then use the data from location data brokers to track further.
Yeah, same. I setup an Orbic with RayHunter exactly for this reason. I took that with me when I've gone by protests just to see if there's one present. Then, if in the clear, shut down my personal devices and attended. I'm paranoid like that I guess...
Setup Meshtastic nodes too.
Having the ability to communicate without using cellular infrastructure is incredibly useful, especially during natural disasters (which ICE certainly qualifies).
Damn I'll check that out
Benn Jordan has some other ideas too(and a bit more detail on the mesh technologies/DIY options available): https://www.youtube.com/watch?v=W_F4rEaRduk
"This is wrong" — Lucius Fox, The Dark Knight
Prescient, and also an example of copaganda/how corporate media conditions the public to accept this shit because the "good guy" is the one using it.
FYI, the most relevant information to avoiding your phone showing up in ICE's rented databases is how they are getting the location data:
The material does not say how Penlink obtains the smartphone location data in the first place. But surveillance companies and data brokers broadly gather it in two different ways. The first is from small bundles of code included in ordinary apps called software development kits, or SDKs. SDK owners then pay the app developers, who might make things like weather or prayer apps, for their users’ location data. The second is through real-time bidding, or RTB. This is where companies in the online advertising industry place near instantaneous bids to get their advert in front of a certain demographic. A side effect is that companies can obtain data about peoples’ individual devices, including their GPS coordinates. Spy firms have sourced this sort of RTB information from hugely popular smartphone apps.
This includes a link to a prior 404 story that may have a list of apps, but it's paywalled and none of the archive sites seem to have it indexed: https://www.404media.co/candy-crush-tinder-myfitnesspal-see-the-thousands-of-apps-hijacked-to-spy-on-your-location/
Both of these sources seem like things that would be blocked by using a DNS sinkhole. I personally use technetium but pihole and adguard are more popular, but less feature rich and harder to set up as a recursive resolver.
If they want to target more technologically capable users, they'll just hard code the IP addresses so it doesn't need DNS and make any IP changes in routine updates.
This is the link to the full list provided in that article but it may also be paywalled by 404 Media which I am a subscriber to. It's also got more than ~~1K~~ 10K entries on it.
A lot of these seem to be mobile games, fitness apps, photo editing apps, and prayer apps though.
In July 2023, PenLink merged with Israeli surveillance contractor Cobwebs Technologies
Tangles is a web platform, originally developed and sold by Israeli firm Cobwebs Technologies, that scrapes data from the open web, deep web, and dark web, as well as allowing for the tracking of mobile devices within a user-designated area, in a process known as "geofencing," through an optional add-on feature called WebLoc.
Cobwebs and how the spying is going global.
Thanks for including the app list!
