Hacker News new | ask | show | jobs
by nrjames 2629 days ago
There’s a lot of scaremongering in here. I fully support giving users full privacy controls. However, both Android and iOS allow you to toggle off availability of your Advertising ID. That’s been in there for years. Turn it off and apps can’t grab it (they get 000000000). Each vendor gets a vendor-specific ID on iOS, shared between that vendor’s apps. Delete all vendor apps and it resets.

I’m not saying this is an ideal situation by any means. However, it’s just two small examples that are ignored by this article.
4 comments
everdrive 2629 days ago
There's much more to tracking than your phone's tracking/Advertising ID. A modern smartphone app can identify you and commit pervasive tracking whether or not this ID is set. Disallowing permissions partially solves this problem, except that an app can get quite far just by setting its own UUIDs and sharing them with other vendors.

Further, an Android phone with no 3rd party apps is already sending an enormous amount of tracking data to Google, where it can be purchased by 3rd parties. None of this requires an Advertising ID.

link
tokyodude 2629 days ago
Can you point me to where I can by this data Google is collecting? I'd like to see what data is available.
link
everdrive 2629 days ago
Here's a good resource:

https://digitalcontentnext.org/wp-content/uploads/2018/08/DC...

If you read through here, you'll get a sense for the various different IDs and tracking methods that Google is using. It's more than just the Advertising ID.

You'll also get a sense for the collection Google does about your environment. (nearby wifi, GPS position, etc.) And more troublingly, the fact that these services still collect data even when the user sets them to "off." A couple excerpts:

-----

"It’s hard for an Android mobile user to “opt out” of location tracking. For example, on an Android device, even if a user turns off the Wi-Fi, the device’s location is still tracked via its Wi-Fi signal. To prevent such tracking,Wi-Fi scanning must be explicitly disabled in a separate user action, as shown in Figure 4."

"Google can ascertain with a high degree of confidence whether a user is still, walking, running, bicycling, or riding on a train or a car. It achieves this by tracking an Android mobile user’s location coordinates at frequent time intervals in combination with the data from onboard sensors (such as an accelerometer)on mobile phones.Figure 5 shows an example of such data communicated with the Google servers while the user was walking."

"Google records the time and GPS coordinates for every photo taken."

-----

Anyhow, the fact is that much of this data is collected whether the user is accessing the phone, or not.

It's a bit complicated, and disabling the Advertising ID may limit some tracking in a few cases, but despite this extraordinarily prolific tracking is still occurring. There's a lot more detail in the document and frankly, it feels a lot like Facebook's privacy invasion in that:

- It's possible to mitigate some of the tracking, although this is intentionally made unintuitive the user.

- Conversely, the user will never be able to prevent a large portion of the tracking, and will have no intuitive sense of what is being collected by google at any different time, and;

- The default values and the data tracked will change over time, and the user will have to try to stay educated with every update about what has changed.

[edit]

Another decent resource:

https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb

"An AP investigation found that Google saves your location history even if you’ve paused “Location History” on mobile devices. This map shows where Princeton privacy researcher Gunes Acar travelled over several days, from data saved to his Google account despite “Location History” being off."

link
tokyodude 2629 days ago
my question is not "what data does Google collect". My question is "what data can I buy from Google" as op said that data is for sale
link
everdrive 2628 days ago
Sorry -- I missed the point of your question. I don't think individuals can just buy the data the same way a bounty hunter can simply buy cell tower tracker information on an individual basis.

I'm not very informed here, but I suspect those purchase arrangements are made by very large companies, and that by the time small companies or individuals are purchasing data it's been resold and transformed.

link
kennywinker 2629 days ago
That does not help if you’ve identified yourself to the app. E.g. if you logged in via facebook, then any in app trackers can link your activity to your facebook account.
link
mthoms 2629 days ago
I recently installed a dating App that required authentication via Facebook or SMS. I chose SMS (because screw Facebook). But lo and behold, it turns out the App developer uses Facebook's SDK for the SMS verification anyway. And since FB has my phone number from the two factor scam [1] it pulled, it really made no difference.

Not cool.

[1] https://techcrunch.com/2019/03/03/facebook-phone-number-look...

link
ignoramous 2629 days ago
This is relentless from Facebook. Consider the fact that they own WhatsApp, it is pretty much "no where to hide" scenario here even for folks who have no Facebook account. Jaque y mate.

Oh, how I wish WhatsApp was an independent company. I am sure Jan Koum and Brian Acton think so too [0], despite making billions off its sale.

[0] https://www.businessinsider.in/Heres-The-Inspirational-Note-...

link
skinnymuch 2629 days ago
I’m sure if they have to choose, they’ll still take the billions. No shame in that, but to pretend otherwise is silly. As if FB is pure evil and everyone else is amazing.
link
HenryBemis 2629 days ago
> FB is pure evil

Oh they definitely are and they keep reminding/proving this every chance they get.

> everyone else is amazing

Trackers and advertisers have built a cancerous nexus that we cannot shake. We have every right to think they are the scum of the earth, and if they want to prove that they are not, they should give OUR data back to us. But they don't. Scum of the earth. No words will change this, only actions. I am happy with GDPR because those scums are finally paying the price for their actions. I am not in favor of companies closing and people losing their jobs. I am also not in favor for scums to ab-use MY data.

link
archimag0 2629 days ago
So it actually turns out that on Android if you opt out of ads personalisation, the app still sends the advertising ID, but also sends in the JSON "advertising_tracking_enabled: false", which is not so reassuring. See Privacy International's talk here: https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_...
link
detaro 2629 days ago
Why do you assume the Advertising ID is the only tracking signal used?
link
kevsim 2629 days ago
What other signals are available on iOS across applications provided that you don’t do something that invites tracking (like logging in with FB, etc)?
link