404 Media has obtained material that explains how Tangles and Webloc, two surveillance systems ICE recently purchased, work. Webloc can track phones without a warrant and follow their owners home or to their employer.

A social media and phone surveillance system ICE bought access to is designed to monitor a city neighborhood or block for mobile phones, track the movements of those devices and their owners over time, and follow them from their places of work to home or other locations, according to material that describes how the system works obtained by 404 Media.

Commercial location data, in this case acquired from hundreds of millions of phones via a company called Penlink, can be queried without a warrant, according to an internal ICE legal analysis shared with 404 Media. The purchase comes squarely during ICE’s mass deportation effort and continued crackdown on protected speech, alarming civil liberties experts and raising questions on what exactly ICE will use the surveillance system for.

“This is a very dangerous tool in the hands of an out-of-control agency. This granular location information paints a detailed picture of who we are, where we go, and who we spend time with,” Nathan Freed Wessler, deputy project director of the American Civil Liberties Union’s (ACLU) Speech, Privacy, and Technology Project, told 404 Media.

  • ReallyActuallyFrankenstein@lemmynsfw.comEnglish
    74·
    2 days ago

    FYI, the most relevant information to avoiding your phone showing up in ICE’s rented databases is how they are getting the location data:

    The material does not say how Penlink obtains the smartphone location data in the first place. But surveillance companies and data brokers broadly gather it in two different ways. The first is from small bundles of code included in ordinary apps called software development kits, or SDKs. SDK owners then pay the app developers, who might make things like weather or prayer apps, for their users’ location data. The second is through real-time bidding, or RTB. This is where companies in the online advertising industry place near instantaneous bids to get their advert in front of a certain demographic. A side effect is that companies can obtain data about peoples’ individual devices, including their GPS coordinates. Spy firms have sourced this sort of RTB information from hugely popular smartphone apps.

    This includes a link to a prior 404 story that may have a list of apps, but it’s paywalled and none of the archive sites seem to have it indexed: https://www.404media.co/candy-crush-tinder-myfitnesspal-see-the-thousands-of-apps-hijacked-to-spy-on-your-location/

        • deliriousdreams@fedia.io
          1·
          4 hours ago

          I’m sure that app developers who want to sell user data because it is big business will find a way to do so, yes.

          Phones for the vast majority of people are a black box. Most of the users have no idea how their apps work or what data is going where and they don’t know how to check. People who work in cyber security, or the tech field (engineers, coders, developers etc) who’s jobs revolve around this type of thing know how to check and generally take steps to avoid apps and services that siphon up this kind of user data.

          I know little to nothing about the Linux phone. I haven’t tried it. I haven’t delved into what it can do and why it’s “not ready for prime time”.

          So all I can do is extrapolate from what we already know which is, these apps request permissions that a lot of people give them without thinking about it. People do this on windows and Mac too. Humans and their lack of understanding/preference for convenience are the main problem. That and there’s no regulations that hold these app devs accountable.

          These apps aren’t breaking the TOS of the Apps stores they’re on.

          My hope is that a lot of the Linux phone apps will be FOSS. That way the code can be independently audited. That would be better than the alternative.

        • deliriousdreams@fedia.io
          5·
          2 days ago

          404Media say that their list is a comprehensive list of both Android and iOS apps. So no as far as I know that is the list.

    • mmmac@lemmy.zipEnglish
      2·
      1 day ago

      Both of these sources seem like things that would be blocked by using a DNS sinkhole. I personally use technetium but pihole and adguard are more popular, but less feature rich and harder to set up as a recursive resolver.

      • AHemlocksLie@lemmy.zipEnglish
        1·
        1 day ago

        If they want to target more technologically capable users, they’ll just hard code the IP addresses so it doesn’t need DNS and make any IP changes in routine updates.