Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy

The NSA's Guidelines for Protecting Location Data (cisa.gov) 30

American's National Security Agency (NSA) "has shared new guidance with U.S. military and intelligence personnel, suggesting they take additional precautions to safeguard their location data," reports Engadget. "The agency argues the information devices and apps collect can pose a national security threat."

Ars Technica reports: The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. "Location data can be extremely valuable and must be protected," an advisory stated. "It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations."

NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all. But these features come at a cost. Adversaries may be able to tap into location data that app developers, advertising services, and other third parties receive from apps and then store in massive databases. Adversaries may also subscribe to services such as those offered by Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity documented, respectively. Both companies either tracked or sold locations of customers collected by the cell towers of major cellular carriers.

Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a common class of website bug, but a Vice reporter was able to obtain the real-time location of a phone by paying $300 to a different service. The New York Times also published this sobering feature outlining services that use mobile location data to track the histories of millions of people over extended periods.

The advisory also warns that tracking often happens even when cellular service is turned off, since both Wi-Fi and Bluetooth can also track locations and beam them to third parties connected to the Internet or with a sensor that's within radio range.

Long-time Slashdot reader AmiMoJo shares some of the agency's other recommendations:
  • Enter airplane mode when not using the device
  • Minimize web browsing on your device and do not allow browsers to access location services
  • Use an anonymous VPN
  • Minimize location information stored in the cloud

This discussion has been archived. No new comments can be posted.

The NSA's Guidelines for Protecting Location Data

Comments Filter:
  • by marcle ( 1575627 ) on Sunday August 16, 2020 @10:45AM (#60406805)

    Did the NSA just back into the 21st century by accident? They've been exploiting these "features" for years, why decide to warn the public now? And anyway, location tracking is so baked into smartphone hardware and software that absolutely no one is going to pay attention to their "guidelines."

    • They heard Trump is considering pardoning Snowden. The really scary rumor is that Trump might appoint Snowden to be the head of the NSA. They figure a cleanup operation is a good idea at the moment.

      • About that rumor. I think even the most ardent Trump supporter would not be in favor of Snowden running the NSA. I can't figure it.

        Although, it would fit Trump's general practice of appointing leaders who hate and cripple the institutions that they are appointed to lead.
      • by dcw3 ( 649211 )

        Two things against that. 1. He'll never get a clearance again. 2. It's a military post.

    • Re:No kidding (Score:4, Interesting)

      by AmiMoJo ( 196126 ) on Sunday August 16, 2020 @11:33AM (#60406933) Homepage Journal

      It's hard to know what to do with this information. On the one hand yes a VPN is a good idea, as long as you understand the limitations of it. On the other the fact that the NSA recommends it suggests that they can mitigate the benefits of using a VPN with relative ease, if not en-masse.

      • I understand regarding the NSA's advice with a grain of salt because they are also talking to their adversaries in anything they say public, but they are also talking to their partners and customers in government.

        Our government and critical non-government sectors are MASSIVE, there is no secret channel for example to tell every young person in the military a secret trick to use on their smart phones. So nothing is perfectly secure, they probably have ways of attacking anything they recommend, but what they

  • by ugen ( 93902 ) on Sunday August 16, 2020 @10:48AM (#60406815)

    Mr. Foxe's guidelines for protection of poultry and livestock. Plausible and ostensibly well-meaning, to create some goodwill with the public, yet superficial enough not to cause Mr. Fox any actual inconvenience.

  • Itâ(TM)s about time devices were authenticated using ephemeral identifiers offering Perfect Forward Secrecy and for eSIMs to become the norm. The only entity that needs to know who and where I am is my service provider and guaranteeing that they get caught and prosecuted should they leak said data should be a priority.
  • Who's the threat? (Score:3, Interesting)

    by bitchtits ( 4000013 ) on Sunday August 16, 2020 @11:00AM (#60406849)
    So who do these Government Agencies want to protect their location data from? Is Google/Apple more of a threat than other Govenment Agencies?
  • by thegarbz ( 1787294 ) on Sunday August 16, 2020 @11:09AM (#60406873)

    If Location data is such a concern that you would disable most of the functionality of your smartphone (including evidently the ability to make calls) why not just ... not buy a smartphone.

    • In an emergency, you could use those features. I think that probably makes a good case for buying a *cheap* smartphone.
      • In an emergency a dumb phone would suffice. I can't say I've ever had an emergency Instagram influencing session,

  • "The NSA" and just "NASA". I just realized that when I first read it as "The NASA's"
  • Apparently they do sell RFID/Faraday bags and phone cases on Amazon.

    YMMV.

    • Apparently they do sell RFID/Faraday bags and phone cases on Amazon.

      And faraday cages are overrated. They're pretty bad at keeping energy in. Unless there's something energy-absorbing in there, just putting an anything-less-than-perfect faraday cage around something still lets much of the energy out - because it bounces around ("pumps resonances") and builds up, until the energy out the leak approaches the energy being emitted inside the cage.

      That can scramble the passband something fierce, with some narr

  • That advice sorta defeats the purpose of the feature, doesn't it?

    • by HiThere ( 15173 )

      Is that a real "off" button, or just a "pretend to be off until I want to use you" button? Most computer "off" buttons are the latter.

    • Not at all. You just need to understand how the features of phones work. For example on Samsung devices you can set a message on your lockscreen. I have mine set to: "To the thief who just stole my phone, can you please enable find my phone, the PIN is 0000 and the option is in the settings. Thanks."

  • iOS 14 has one new location feature: Limited precision. I want 100% precision when I get driving directions, much less precision looking for a nearby MacDonalds, even less precision for the weather. But that should be extended:

    Have an option in "Settings" where you can set a fake home location, fake journeys to work, by car or public transport, some fake holidays, and your iPhone's location data plays back that location data precisely. With some extra movement when you are at work, going to random nearby

How many hardware guys does it take to change a light bulb? "Well the diagnostics say it's fine buddy, so it's a software problem."

Working...