Skip to main content

No Keeping Secrets from Our Devices

An illustration of an example IPv6 address
An illustration of an example IPv6 address (Photo credit: Wikipedia)
Visalia Direct: Virtual Valley
July 27, 2015 Deadline
September 2015 Issue

That convenient flashlight app knows where you are. So do your social media apps, your Web browser, your clock and many other apps on your phone, tablet and computer.

And there’s not much you can do to hide.

Many people don’t understand how their devices offer the functionality we love and worry upon hearing our devices and software track us constantly. And much of that information remains behind on our devices, or stored elsewhere beyond our control, because we agree to that in return for features, convenience and cheap (or free) apps.

When you download an application or operating system, you agree to various terms and conditions. For example, to use Adobe Creative Cloud or Microsoft Office365, you agree that your computer will connect to corporate servers weekly and verify your subscription is paid. Adobe and Microsoft servers ask your computer or tablet to verify it is the licensed device and they can collect a lot more information, if you’ve agreed to the license terms.

We might expect Adobe and Microsoft to verify subscriptions, but why would my flashlight app on a phone tell a company where I am?

The simple answer is that all data are valuable to someone. The Android flashlight app “Brightest Flashlight” was part of a Federal Trade Commission investigation in 2014. The publisher of the app was selling location data obtained through standard network protocols, GPS (Global Positioning Service), cellular triangulation and other techniques. In return for a free flashlight, users agreed that data could be sold to advertisers and market research companies.

When users downloaded the app, they agreed to the license terms. We all read those license terms, right?

When you take photos with a newer camera or computing device, lots of metadata are stored along with the images. Metadata include things like time, date, and location. Many of us add metadata to images, such as the names of people in photos. Online services analyze that metadata to learn more about us.

People mistakenly believe that if you disable “location services” on a phone or computer, then that information isn’t available in any form. That’s not quite the case. Your phone always has to know where you are, or it cannot communicate within a cellular or wireless network. Location data has to be sent and received for a phone to work, and for many online apps to work.

Every network device has at least one media access control (MAC) address. This unique identifier lets networks communicate. On top of the MAC address, our devices receive temporary IP addresses that connect to the Internet or our internal networks. Think of these numbers like phone numbers and street addresses. My phone number (MAC address) goes where I go, while my street location (IP address) changes. Together, these identifiers reveal where a device has been and when it was there.

Phones have one or more additional identifiers, the most obvious being your cell number. As you move from the range of one tower to another, the network follows your phone or calls would be impossible. There is no alternative to make this magic happen: cell networks must track devices. When the law enforcement and security agencies seek “metadata” from networks, this location data is what they receive. Voice calls and data exchanges via cell networks reveal who we call and what data services we use.

Even mundane features we take for granted share information about us.

For a simple example, consider how your devices keep the time accurate. Modern operating systems use the Internet or cellular networks to set time by verifying your current location. How do Apple, Microsoft and Google achieve this magic? Network addresses are assigned in blocks to service providers. When my MacBook Pro awakens, it sends a request via Network Time Protocol (NTP) to an Apple server. The request includes the current Internet Protocol (IP) address of my device or its network router, revealing where I am in the world. NTP guarantees my computer’s clock is accurate when I travel across time zones. In return, Apple could save a record of where my computer is.

Like many computer and phone users, I ask Apple to remember the locations of my devices. A mix of network protocols and unique identifiers lets me use “Back to My Mac” and “Find My Mac” from anywhere in the world. I can see my home computer’s screen from my iPad, thanks to these features. Apple’s services know where I am, and where my other devices are.

Is there a benefit to turning off location services on your tablet or phone? Maybe. I turn off location services and notifications for most apps on my phone and tablet.

If an application is honest and developed according to the guidelines of Apple, Google and Microsoft then turning off location services prevents that app from obtaining GPS or cellular location data. However, this does not prevent analysis of your IP address. It is impossible to use the Internet without an IP address, because that’s the address to which apps send the data you want to see or hear.

When you turn off the location services of a phone or tablet for a specific application, it can conserve battery power. Disabling location services also makes it less likely an app will publish your location data for others to see. Generally, this restricts what can be shared with advertisers, too.

As for the location and metadata stored on your phone, tablet or computer, it isn’t easy to erase data entirely. Secure deletion from the flash memory of a phone requires encrypting current data, deleting the newly scrambled data, writing new “dummy data” to the storage and then erasing data yet again. Department of Defense standard for secure deletion is to encrypt data, erase everything, write dummy data and repeat three times. Phones and tablets generally don’t offer secure wiping, but there are apps that can do this.

Erasing the history data from your phone or computer does not erase any location data stored by your cellular company, Internet service provider or operating system vendor. Sorry, but Google tells you they keep data, and you agree to that if you use a Google service.

Most of us like to “check in” at locations, tag photos and get map directions. We cannot do those things without location services. The convenience outweighs the loss of privacy, we have decided.


Popular posts from this blog

Slowly Rebooting in 286 Mode

The lumbar radiculopathy, which sounds too much like "ridiculously" for me, hasn't faded completely. My left leg still cramps, tingles, and hurts with sharp pains. My mind remains cloudy, too, even as I stop taking painkillers for the back pain and a recent surgery.

Efforts to reboot and get back on track intellectually, physically, and emotionally are off to a slow, grinding start. It reminds me of an old 80286 PC, the infamously confused Intel CPU that wasn't sure what it was meant to be. And this was before the "SX" fiascos, which wedded 32-bit CPU cores with 16-bit connections. The 80286 was supposed to be able to multitask, but design flaws resulted in a first-generation that was useless to operating system vendors.

My back, my knees, my ankles are each making noises like those old computers.

If I haven't already lost you as a reader, the basic problem is that my mind cannot focus on one task for long without exhaustion and multitasking seems…

MarsEdit and Blogging

MarsEdit (Photo credit: Wikipedia) Mailing posts to blogs, a practice I adopted in 2005, allows a blogger like me to store copies of draft posts within email. If Blogger, WordPress, or the blogging platform of the moment crashes or for some other reason eats my posts, at least I have the original drafts of most entries. I find having such a nicely organized archive convenient — much easier than remembering to archive posts from Blogger or WordPress to my computer.

With this post, I am testing MarsEdit from Red Sweater Software based on recent reviews, including an overview on 9to5Mac.

Composing posts an email offers a fast way to prepare draft blogs, but the email does not always work well if you want to include basic formatting, images, and links to online resources. Submitting to Blogger via Apple Mail often produced complex HTML with unnecessary font and paragraph formatting styles. Problems with rich text led me to convert blog entries to plaintext in Apple Mail and then format th…

Let’s Make a Movie: Digital Filmmaking on a Budget

Film camera collection. (Photo credit: Wikipedia) Visalia Direct: Virtual Valley
June 5, 2015 Deadline
July 2015 Issue

Every weekend a small group of filmmakers I know make at least one three-minute movie and share the short film on their YouTube channel, 3X7 Films.

Inspired by the 48-Hour Film Project (, my colleagues started to joke about entering a 48-hour contest each month. Someone suggested that it might be possible to make a three-minute movie every week. Soon, 3X7 Films was launched as a Facebook group and members started to assemble teams to make movies.

The 48-Hour Film Project, also known as 48HFP, launched in 2001 by Mark Ruppert. He convinced some colleagues in Washington, D.C., that they could make a movie in 48 hours. The idea became a friendly competition. Fifteen years later, 48HFP is an international phenomenon, with competitions in cities around the world. Regional winners compete in national and international festivals.

On a Friday night, teams gathe…