Mind mumbles

Cerebral sprouts from the convoluted plain

Privacy, cell phones & the internet - down the rabbit hole we go

September 06, 2017 — Nalioth

Consumer metadata ( the "how", "what", "who with", "where", and "when" of the average person's day ) is a very lucrative business these days.

The question you should be asking is "how do these businesses gather this information in the first place?"

Let's talk about cell phones. The modern smart phone is the finest surveillance device ever invented - period. What other electronic devices do subjects citizens willingly carry with them everywhere they go, and aren't far from it at home?

With Siri, Alexa, Cortana, Bixby and Ms. Google, the phone is "always listening". With some less-than-honorable app creators out there, some apps randomly take pix and phone home with them.
. . . but I digress


Some technology points before we continue:

WiFi works by constantly staying in communication with a WiFi access point. It finds these by "pinging" and waiting for other WiFi devices to respond. Each ping carries the questing devices's MAC address and other device information.


Bluetooth is a short range communications protocol. It was invented to replace sync cables. You'd be hard pressed to find a current shipping cell phone without it. The automakers are starting to include a BT radio in every vehicle, as well ( whether the customer requests something involving BT or not ).
Like WiFi, it is constantly pinging about, looking for other BT devices. The pings carry the bluetooth radio's MAC address as well as other device information.

Cellular phones operate by scanning the airwaves for all available cellular service towers. As with the above protocols, the cellular radio's MAC address and other device info is sent with each ping. Carmakers have been including cellular radios in cars for years, and all domestic vehicles produced within the past few years have one ( regardless of the customer ordering OnStar or whatnot requiring a cellular radio ). These automobiles routinely "phone home" to upload reports about the vehicle's condition, and can include an access log of all the devices they've encountered since the last report.

In all of the above, each "ping" sent by the device ( regardless of protocol ) is recorded by the receiving device, along with the MAC address of the questing device, the other device info and the time & date and the duration & signal strength of the pinging.

Now, here's how corporate surveillance works these days:

Joe Citizen subscribes to Comcast, and runs all his WiFi devices through the wireless router Comcast provided him. Comcast knows about all of Joe Citizen's WiFi-enabled devices, and can identify him via their unique identifiers.

Joe Citizen gets up and gets ready for work. He leaves his house in his late model American car, heading for work

Joe Citizen's cellular radios ( phone & car ) are in contact with nearby cellular towers as soon as he starts the car. They will be in constant contact until he gets to work and parks the car.

The WiFi radio in Joe Citizen's cell phone is tracked by every wireless modem he passes in range of as he leaves his neighborhood. Comcast or AT&T or whoever operates these wireless modems now has a record of Joe driving through this neighborhood every work day around the same time. Comcast knows who Joe is, but the other ISP's devices keep track of him by his MAC addresses.

As Joe drives, his car's Bluetooth radio "greets" and "replies" to every other Bluetooth device that comes in range ( this can include other driver's cell phones & other vehicles )

Joe gets to the freeway entrance and gets on the highway. his progress is tracked by the Department of Transportation's traffic monitoring system [ this uses cellular radios in phones & cars to measure traffic density and flow ). The State DoT knows Joe drives along the same route about the same time every day.

Joe gets to work and goes to his desk. He passes by several wireless access points on his way, allowing any of his phone apps to track his position within a couple of meters ( these same apps kept an eye on Joe during his drive into work, too )

As Joe works, everyone who passes within range of his cell phone have their device info logged by Joe's phone, along with the duration of the contact. Joe's apps now have enough data to differentiate between "coworkers" and "visitors" and likely enough nformation to draw a map of who sits where in the office.

Joe goes to lunch with some friends who work elsewhere. Joe's location is set when he "checks in with FacebooK and his apps again register the device info of everyone in range. As part of these details include signal strength, Joe's friends may be easily identified. The restaurant's WiFi also records this information.

Joe returns to the office & finishes his workday

Joe leaves work and stops at a grocery store on the way home. Due to the Bluetooth beacons found in the shelves, the store managment can tell what products Joe looks at, and how long he looks at them. If Joe's phone has the store app, he may start seeing "special offers" for these items. Department stores also utilize this technology.

Joe returns home, his passage recorded by all interactive devices in range


So, a quick summation of all the companies keeping track of Joe and his interactions:

  • Andoid phones send all collected data to Google. This info is also sent to the cellular provider
  • Samsung, LG and other large Android phone manufacturers also get this data
  • Apple's iPhones send all collected data to Apple. This info is also sent to the cellular provider
  • Cellular providers & smart phone manufactuers keep track of who you call or who calls you, how long you talk, etc
  • Phone apps gather whatever info the installed OS allows them.
  • "Smart" devices, such as your internet-enabled television or refridgerator routinely send their access logs to their manufaacurers
  • Restaurant chains offering "free Wifi"
  • Department & grocery store chains
  • Local, state or federal government monitoring stations ( example: traffic monitoring points )
  • Any ISP who provides wireless equipment to the customer
  • Automobile manufacturers get regular data dumps from the car, including all the device info ( bluetooth, cellular ) of any device it has encuontered. Sometimes, this also includes GPS data. This info is also sent to the cellular provider.

When the primary recipients of all this gathered data are done with it, it is sold to corporate entities who can't directly gather user metadata.


At this point, many of you may be asking "so what?"

Well, the old saying "knowledge is power" has never been more apt than it is today. The more about you is publicly known, the more you can be manipulated. For example, if an insurance company purchases data records from your cellular provider and they find you eat at a "greasy spoon" every day for lunch, they may decide to raise your rates or not to insure you at all. Another example ( same insurance company ) could be that your device's locations are calculated to show you routinely getting from point "A" to point "B" much too fast to be obeying the speed limit. Consequently, the insurance company can raise your rates or drop your insurance totally.



Joe is not alone. Everyone has a cell phone & when you collate all the available information, the amount of available information is mind-blowing.

Tags: digital-privacy

Comments? Tweet  

Shopping at Amazon via this link helps support this blog & other Novarata services. Thanks!
If you are not human,
here is another forum for you to enjoy fortnight-latitude