I’m guessing you have a bunch of other people with their own cell phones doing things?

That’s the reason most other people are (fundamentally) going to struggle.

Idealist views like this get us nowhere either tho.

The reality is somewhat more murky. On a long enough time horizon your point makes sense, we might be able to get rid of the security state by slowly chipping away at ig over hundreds or thousands of years.

Most of us are going to be dead in about 40 years tho. Security state isn't going anywhere in that timeframe.

In the United States, qualified immunity is a legal principle of federal law that grants government officials performing discretionary (optional) functions immunity from lawsuits for damages unless the plaintiff shows that the official violated "clearly established statutory or constitutional rights of which a reasonable person would have known".

Under 42 USC § 1983, a plaintiff can sue for damages when state officials violate their constitutional rights or other federal rights.

https://en.wikipedia.org/wiki/Qualified_immunity

Qualified Immunity only sets the bar or threshold that you have to meet in order to sue.

Committing a crime and also abusing your authority to aid in the crime should be greater than the penalty for just committing that crime.

Qualified immunity is the only legal doctrine I can think of where piling on extra crimes reduces your liability.

Get rid of qualified immunity and enjoy no more fruit of the poisonous tree. I assume you are not familiar with the laws of evidence by your emotional position. One of the biggest problems the country faces is citizen literacy in all domains. If you improve citizen literacy across all domains you will solve all problems, until they take away our ability to vote. The "system" exploits those who cannot defend themselves.

> They aren't doing this for anyone's safety.

Strictly speaking, this is not completely true. When you call an emergency number, it’s very good that they can see exactly where you are. That was how this was sold 15+ years ago. But of course, that’s basically the only use case when this should be available.

> Our devices should generate _noise_. Huge crazy amounts of noise. Extraneous data to a level that pollutes the system beyond any utility. They accept all this data without filtering. They should suffer for that choice.

I like the idea on principle, but I'll like it far less when I'm getting charged with computer fraud or some other over-reaching bullshit law.

You people are so cynical.

Its simply made for 911 calls.

In the 2G era there was no compute space to just put in extra evil shit for fun

https://en.wikipedia.org/wiki/Radio_resource_location_servic...

Does it apply to the government like it applies to people? Is it enforced against governments like it is enforced against people and corporations? A core issue here is that laws, and the application and enforcement of laws, generally do not. Having said that I applaud the attempt and encourage pushing forward on the anti-surveillance aspects of GDPR while recognizing all laws are flawed.

This right is applied per entity.

If I send it to the company A, company B doesn't execute it unless they're a subsidiary of A (or A is their data controller) and my request was carefully crafted.

In the scenario you painted, that would mean that my _former_ friend has issued their request to me.

In that case? Fair. Poof if that's their wish.

Otherwise? How do you imagine it work?

I only recently discovered Reticulum, only to then learn that the developer has retired from working on it. Do you know if there's still any community members carrying the torch?

I just read gnutella page on Wikipedia, no mention of bad actors

Height is might.

I couldn't get ANYTHING on my first/test ESP32 (Heltec v2).

Anything. I didn't see any packets. Then I finally heard one station later when I held it high on the upper floor.

The I hanged it at the top of my roof and I currently have almost 130 repeaters and room servers.

In your scenario a couple of 5W handhelds woukd work better.

But I agree the usabity is very limited. This is why I think of hanging a couple of guerilla solar repeaters in my neighborhood :)

All telemetry is off by default, you have to explicitly tune it on and then optionally permit specific contacts to poll it.

The PKI is basic because these networks are tiny and merging. And running on tiny computers ($5 boards with no display)

Public channel is public and it uses the default encryption key because it's a default channel, so by definition everyone is invited to participate. Not sure what your critique is.

And no, it's not trying to be signal. It's also currently less reliable.

But it's still safer than Sms, by a country mile.

You aren’t reading this right. Gps sharing is off by default on meshcore.

I've been using the T-Deck Pro and T-Lora Pager, so the device is the app.

I agree, there's way too much going on in the firmware, just make a dumb Lora-bluetooth bridge. Hell, just integrate a Lora radio in a phone.

If its meshtastic, just keep sending traceroutes until you triangulate the node.

$20? These networks do not try to hide your location and triangulating known frequencies is trivial.

You could get a rough location for free. Every time you send a message, “observer” nodes connected to the internet publish the packet, and in the packet is the repeater path taken, repeaters have known locations and the first repeater is going to be near you.

Meshcore isn't, the firmwares are proprietary. Meshtastic is, but they whine about trademark stuff all the time and cry when anyone mentions Meshcore in their channels. LoRa radios themselves are all proprietary Semtech turf. I guess it's possible to run over 2.4ghz but the range predictably sucks compared to 900mhz.

What, protocol? Basic apps? Yes.

If you go hiking with a bunch of people into the backcountry, you don't want to rely on the cellular network.

Handheld radios, meshtatic (not meshcore), and in 5 minutes you're set up and good to depart. Or ideally inreach indeed.

Yeah just get inreach. It works even when you're out of range of anything.

There’s lots of YouTube videos about this but basically: you can specify routing.

Meshtastic has terrible defaults (every node rebroadcasts everything, every node sends telemetry), which makes sense in the backwoods but not anywhere close to civilisation.

Because they're terrible and fall apart if more than a few score people are on the same freqency at the same time.

It's because they aren't very resilient. More of an experiment than a purpose designed tool for the, uh, current environment.

The US one is called E911: https://en.wikipedia.org/wiki/Enhanced_911

>The 911 feature can be activated fully remotely

Source? Even if the phone isn't actively doing a 911 call?

Wait wait, so if I know the "secret" SMS format I can text someone's phone and get their coordinates back?

The hacker news guidelines forbid you from suggesting someone has not read the article. Please do not participate in this forum with such conduct.

Did you read the complete comment?

> Next is a text to your phone number, which is intercepted by firmware and sends gps coords back.

I believe they're talking about this feature (https://support.google.com/android/answer/9319337?sjid=18079...).

This is a system you can disable as a user, but it's not the on-modem feature discussed in the article.

Note sure: In my country exactly this feature is used by police & state enforcement to find locatin, because this "ping" message is not forwarded from the modem to the OS, so the OS is not aware of any of these messages

yeah, there always was. It's a service code, like getting your imei. But it was a weird long one, and manufacturer dependent. Now UI switches are created for it apparantly. Can't find it anywhere on the internet though. I don't work there anymore, so can't look it up.

AFAIK, other than maybe some 5G, Boost Mobile just resells service from AT&T.

It isn’t restricted to Boost Mobile. It is only available on devices with the C1 or C1X modem, though. I assume this is because of specifics with the third party modems that most models in the wild have vs what Apple is doing in-house with their C1(X). If you call emergency services it will still provide precise location.

The feature says it doesn't restrict the ability of 911 to locate you...

> We really have a societal problem in that we allow private entities to do things we don’t allow government to do.

Thats basically the foundational idealogy of the united states. Thats not the issue.

The real issue is your next sentence. The government can just loophole around their intentional limitations by paying private companies to work on their behalf.

> allow private entities to do things we don’t allow government to do. Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes. <

Somehow this reminds me about Blackwater / Xe Technologies? :-/

(Im betting 100 USD that soon we will find out that ICE also deployed "private financed forces" to "support state actions"?)

>We really have a societal problem in that we allow private entities to do things we don’t allow government to do.

It really isn't, given that the government literally has a monopoly on violence, and therefore it makes sense to have more guardrails for it. That's not to say private entities should have free reign to do whatever it wants, but the argument of "private entities can do [thing] that governments can't, so we should ban private entities too!" is at best incomplete.

>Furthermore, the issue is exacerbated by then allowing governments to bypass these issues by then just paying private entities to do the things it can’t do as a proxy for the same functional outcomes.

Again, this is at best an incomplete argument. The government can't extract a confession out of you (5th amendment). It can however, interview your drinking buddies that you blabbed your latest criminal escapades to. Is that the government "bypassing" the 5th amendment? Arguably. Is that something bad and we should ban? Hardly.

This is why I advocate for making selling location/identifying data illegal. If nobody is allowed to sell it then the government cannot legally buy it.

I agree completely with your first paragraph, but I'm not sure what privatization has to do with it. Also, I agree that more regulation of private parties is needed. Or even better, break up the private companies that are like multi-state governments in terms of power.

Why not vote for some law limiting the government’s buying of this data? After all, I expect a say in how the government is run, so that seems like the appropriate path. I don’t see why I should expect a say in how AT&T is run. AT&T can’t raise an army, or enter my house, or shoot me.

"Mobile phone (cell phone) microphones can be activated remotely, without any need for physical access"

https://en.wikipedia.org/wiki/Covert_listening_device#Remote...

And the linked sources are:

- Kröger, Jacob Leon; Raschke, Philip (2019). "Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping". Data and Applications Security and Privacy XXXIII. Lecture Notes in Computer Science. Vol. 11559. pp. 102–120. doi:10.1007/978-3-030-22479-0_6. ISBN 978-3-030-22478-3. ISSN 0302-9743.

- Schneier, Bruce (5 December 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Archived from the original on 12 January 2014. Retrieved 13 December 2009.

- McCullagh, Declan; Anne Broache (1 December 2006). "FBI taps cell phone mic as eavesdropping tool". CNet News. Archived from the original on 10 November 2013. Retrieved 14 March 2009.

- Odell, Mark (1 August 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 14 March 2009.

- "Telephones". Western Regional Security Office (NOAA official site). 2001. Archived from the original on 6 November 2013. Retrieved 22 March 2009.

- "Can You Hear Me Now?". ABC News: The Blotter. Archived from the original on 25 August 2011. Retrieved 13 December 2009.

- Lewis Page (26 June 2007). "Cell hack geek stalks pretty blonde shocker". The Register. Archived from the original on 3 November 2013. Retrieved 1 May 2010.

How that works is simple: there are regulations that force that the microphone used for calling is directly connected to the "baseband", which is under control of the carrier. It has to be, because of AT&T's argument: ONE misbehaving baseband can make cell phones inoperable in an area that's up to a kilometer in diameter. So AT&T's cell towers "need" to be able to send out a signal that permanently disables a phone's transmitter.

Regulations say the baseband MUST control: all wireless signals (including wifi and GPS), all microphones and speakers, and it must be able to disable the camera electrically. It must have a tamper-resistant identifier (IMEI number ... kind of).

Oh, it must allow calling the emergency services. If in this mode, during a call to the emergency services it MUST be able to send the exact GPS position (not just once, continuously) to the emergency services at the request of the emergency services (ie. NOT the user, and carriers must facilitate this)

By the way, it's worse: as you might guess from the purpose, it doesn't matter if your phone is on the "spying" carrier or not, other carriers can send commands to other carriers' phones' basebands (because "get off this frequency" is required: spectrum is shared, even within countries. Since phones may go from one tower to another and be required to vacate frequencies, you need this command). It doesn't even matter if you have a SIM in your phone or not (ever tought that if eSIM works, it must of course be possible for any provider to contact and send instructions to the phone, so it opens up an end-to-end encrypted connection to the javacard that the actual phone cpu cannot intercept). In some phones it doesn't even matter if the phone is on or not (though of course eventually it dies). So "meshtastic" or anything else cannot make a phone safe.

And in practice it's even worse. A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone). It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips). Oh and the regulations say: if there's a conflict over control over (most) peripherals, including the microphone and speaker, the baseband processor MUST be guaranteed to win that fight.

Oh and because governments demand this, but of course neither fund nor test these devices, they are old, bug-ridden and very insecure. This also means that despite the government requiring that these features be built into phones, governments, carriers and police forces generally do not have the equipment required to actually use these features (though I'm sure the CIA has implement them all). Not even carriers' cell phone towers: they have to pay extra to allow even just frequency sharing ...

Here is an article about baseband and baseband processors.

https://www.extremetech.com/computing/170874-the-secret-seco...

I wouldn’t be so confident. The article even references this. Apple has used third-party baseband devices in the iPhone since the beginning, which was from other manufacturers. All bets are off regarding security when this is the case. This does included microphone access.

The article touches on this by saying Apple is making the baseband/modem hardware now. Something they should have done since day one, and I’m not sure what took them so long. However, it was was clear they didn’t have the expertise in this area and it was easier to just uses someone else’s.

I empathize with the sentiment, but in reality Apple is as lazy as anyone else: https://www.technologyreview.com/2019/07/29/134008/apple-con...

Eh, no? How does your provider know all your bank accounts? If at all, then the one you are using for billing - but the 2FA apps do not expose such data to the provider? The Apps communicate via HTTPS calls in the background?

GrapheneOS only supports devices with isolated radios including but not limited to cellular. It's one of the hardware requirements:

https://grapheneos.org/faq#future-devices

The radios on the supported devices can't access the microphone, GNSS, etc.

GrapheneOS has never supported a device without an isolated cellular radio since that isolation was in place even with the initial Nexus 5 and Galaxy S4. However, some of the devices prior to Pixels did have Broadcom Wi-Fi/Bluetooth without proper isolation similar to laptops/desktops. Nexus 5X was the initial device with proper isolation for Wi-Fi/Bluetooth due to having SoC provided Wi-Fi from Qualcomm. Pixels have avoided this issue for integrating Broadcom Wi-Fi/Bluetooth. Nexus devices left this up to companies like LG, Huawei, etc. and anything not done for them by Qualcomm tended to have security neglected. Qualcomm has taken security a lot more seriously than other SoC vendors and typical Android OEMs for a long time and provides good isolation for most of the SoC components.

Don't believe everything you read about smartphone security and especially cellular radios. There are many products with far less secure cellular radios which are far less isolated but rather connected via extremely high attack surface approaches including USB which are claiming those are better. A lot of the misconceptions about cellular come from how companies market supposedly more secure products which are in reality far worse than an iPhone.

> If you have a phone, people that want your location have it and there is nothing you can do.

> False. You can: 1) Leave the phone at home

Then you dont have a phone, do you? Come on you are being pedantic for no reason.

>> Nothing can stop the tower equipment manufacturer like Ericsson from knowing the location of your phone

> False. You can: > 1) Leave the phone at home

If you're going to be pedantic, at least be pedantically correct. The tower (and carrier) would still know the location of your phone in that case. (It just wouldn't be with you.)

Also, run an OS that doesn't allow every running process to read your GPS location. And allows you to turn off your cell modem.

I think this feature is required for emergency calls if your specific carrier is not available/in reach - in emergency mode after the phone is restarted, it does connect to any carrier when calling 911, not only yours?

What is it’s a mentally ill person who is about to kill themself?

That’s the majority of uses for the system in the UK. People love to run away and waste police time.

You know about it because your regulatory body requires the system exist.

The cell network routinely does TDoA triangulation in order to help choose which tower should serve the client mobile device. Accuracy is about 20m, and may be better at 5G frequencies. 911 gets the location from the mobile network provider, but the network provider could provide it to anyone, and they do.

Tons of "free" and crapware apps are also recording location, and sending it to data brokers.

https://www.wired.com/story/jeffrey-epstein-island-visitors-...

You're thinking of Phase II E911 in the US.

That's true, but you can always be triangulated down a couple hundred meters by figuring out which towers you're connected to.

How would that work?

In the UK, it happens when you call 999 or 112. I don't think 911 is supported, although it probably should be (it'd be a mess to get everyone to agree to add it to their routing tables, but I bet there's a nonzero proportion of people who watch American TV programmes and think the emergency number is 911 - or, for that matter, American tourists).

When you dial 999 it forwards your phone's GPS location if it has a lock to the provider, who then forwards it on to one of the 999 call handling centres in the UK, who then in turn forward that on to the appropriate emergency service control room. All the various services use various different products for telephony and dispatch but they will show the incoming location, and often will prepopulate an incident with the location.

The system that does this is called "EISEC" - Enhanced Information Service for Emergency Calls - and has a lot of cool stuff defined in the spec (which is publically available! You can just go and read it! BT offer a "Supplier's Information Note" with the protocol and details of how the information is encoded) that also handles calls from landlines. These are easy - your telephone provider knows where you live. OMG! The phone company know where I live? Yes, dumbass, they pulled a wire right into your house, of course they know where it is. For VoIP the situation is a little different but you can notify your VoIP provider of the location that the number is being used at, and it'll inject that into the EISEC request.

You can do other cool stuff like if you've got fixed mobile telephone in a vehicle, you can assign the make, model, registration number, colour, and so on in the EISEC database, so given a call from a phone number they know what car they're looking for. No-one uses this.

The very great majority of calls coming in to 999 are from mobiles. It's extremely rare to get one from a landline.

None of the providers use triangulation for determining where a phone is, it's all GPS.

Those websites don't have my phone number.

Yeah it's a possibility if they matched up ad stuff with my home location and guessed at my phone number based on that.

But if they're trying to get me to answer the phone, calling from a local number actually makes me less likely to answer. Nobody would be calling my cell phone from the city I'm visiting. I'm more likely to pick up a call if the area code is from back home.

Pure Talk. Much cheaper than AT&T, and good customer service. But I found something that was cheaper on an unlimited basis. Between that and the sketchy calls I was getting, I decided to move.

I think the GPS antenna is either omnidirectional or very nearly so., since my phone can get location in many orientations.

So I don't think a single foil sticker would make much difference.

That’s when a person in distress is making the call. I was describing the situation where someone else is making the call.

In an emergency you might really want GPS precision.

Cell tower triangulation does not provide the same precision as GPS.

Triangulation does not provide granularity needed for emergency response.

You want EMS looking for a needle in a haystack while you are suffering a heart attack?

What makes you think cell tower triangulation is the only data point being exploited to minimize position error?

And at the end of the day if the location is a hundred meters off... it might still not matter because it's how you frame it with other evidence beyond a reasonable doubt.

Even the article mentions this.

> I have served on a jury where the prosecution obtained location data from cell towers. Since cell towers are sparse (especially before 5G), the accuracy is in the range of tens to hundreds of metres.

I've also personally witnessed murder cases locally where GPS location put a suspect to "100 meters away". The rest of the evidence still pushed the case forward to a guilty verdict, and the phone evidence was still pretty damning.

I did read the article fine, thanks for asking.

The crux of the argument seems to come from this

> It’s worth noting that GNSS location is never meant to leave your device. GNSS coordinates are calculated entirely passively.

OK so? The fact that GPS is calculated passively means nothing about the phone being asked what its position is after the fact.

The article admits this capability is no secret

> These capabilities are not secrets but somehow they have mostly slid under the radar of the public consciousness.

If the article just wants to say phones should block that ability, fine. But don't pretend this is some shady BS.

Please reread OPs comment

They never said "triangulate" but read phone for information. Your inner monologue swapped what was written with an already understood technical method.

And just because access to GPS has never been confirmed publicly before does not mean they previously only relied on tower triangulation.

Worked for Sprints network team before they bought Nextel. We had access to eeeeverything.

It's all in the small print or acquired by deception.

> but GPS data, wake my phone up, switch on the GPS radio, drain it's battery, send that data back... no. That wouldn't be legal where I live either, let alone expected.

Where does the article claim this turns on the GPS if off?