The NSA's Guidelines for Protecting Location Data (cisa.gov) 30
American's National Security Agency (NSA) "has shared new guidance with U.S. military and intelligence personnel, suggesting they take additional precautions to safeguard their location data," reports Engadget. "The agency argues the information devices and apps collect can pose a national security threat."
Ars Technica reports: The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. "Location data can be extremely valuable and must be protected," an advisory stated. "It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations."
NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all. But these features come at a cost. Adversaries may be able to tap into location data that app developers, advertising services, and other third parties receive from apps and then store in massive databases. Adversaries may also subscribe to services such as those offered by Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity documented, respectively. Both companies either tracked or sold locations of customers collected by the cell towers of major cellular carriers.
Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a common class of website bug, but a Vice reporter was able to obtain the real-time location of a phone by paying $300 to a different service. The New York Times also published this sobering feature outlining services that use mobile location data to track the histories of millions of people over extended periods.
The advisory also warns that tracking often happens even when cellular service is turned off, since both Wi-Fi and Bluetooth can also track locations and beam them to third parties connected to the Internet or with a sensor that's within radio range.
Long-time Slashdot reader AmiMoJo shares some of the agency's other recommendations:
Ars Technica reports: The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. "Location data can be extremely valuable and must be protected," an advisory stated. "It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations."
NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all. But these features come at a cost. Adversaries may be able to tap into location data that app developers, advertising services, and other third parties receive from apps and then store in massive databases. Adversaries may also subscribe to services such as those offered by Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity documented, respectively. Both companies either tracked or sold locations of customers collected by the cell towers of major cellular carriers.
Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a common class of website bug, but a Vice reporter was able to obtain the real-time location of a phone by paying $300 to a different service. The New York Times also published this sobering feature outlining services that use mobile location data to track the histories of millions of people over extended periods.
The advisory also warns that tracking often happens even when cellular service is turned off, since both Wi-Fi and Bluetooth can also track locations and beam them to third parties connected to the Internet or with a sensor that's within radio range.
Long-time Slashdot reader AmiMoJo shares some of the agency's other recommendations:
- Enter airplane mode when not using the device
- Minimize web browsing on your device and do not allow browsers to access location services
- Use an anonymous VPN
- Minimize location information stored in the cloud
No kidding (Score:3)
Did the NSA just back into the 21st century by accident? They've been exploiting these "features" for years, why decide to warn the public now? And anyway, location tracking is so baked into smartphone hardware and software that absolutely no one is going to pay attention to their "guidelines."
Re: (Score:2)
Re: (Score:2)
They heard Trump is considering pardoning Snowden. The really scary rumor is that Trump might appoint Snowden to be the head of the NSA. They figure a cleanup operation is a good idea at the moment.
Re: (Score:2)
Although, it would fit Trump's general practice of appointing leaders who hate and cripple the institutions that they are appointed to lead.
Re: (Score:2)
I do not support Trump myself, but I support your ideas. The PATRIOT ACT is an abomination.
Re: (Score:2)
Two things against that. 1. He'll never get a clearance again. 2. It's a military post.
Re:No kidding (Score:4, Interesting)
It's hard to know what to do with this information. On the one hand yes a VPN is a good idea, as long as you understand the limitations of it. On the other the fact that the NSA recommends it suggests that they can mitigate the benefits of using a VPN with relative ease, if not en-masse.
Re: No kidding (Score:2)
I understand regarding the NSA's advice with a grain of salt because they are also talking to their adversaries in anything they say public, but they are also talking to their partners and customers in government.
Our government and critical non-government sectors are MASSIVE, there is no secret channel for example to tell every young person in the military a secret trick to use on their smart phones. So nothing is perfectly secure, they probably have ways of attacking anything they recommend, but what they
Mr. Foxe's guidelines (Score:3)
Mr. Foxe's guidelines for protection of poultry and livestock. Plausible and ostensibly well-meaning, to create some goodwill with the public, yet superficial enough not to cause Mr. Fox any actual inconvenience.
All by design (Score:2)
Who's the threat? (Score:3, Interesting)
Better idea: (Score:3)
If Location data is such a concern that you would disable most of the functionality of your smartphone (including evidently the ability to make calls) why not just ... not buy a smartphone.
Re: (Score:2)
Re: (Score:2)
In an emergency a dumb phone would suffice. I can't say I've ever had an emergency Instagram influencing session,
Why is it... (Score:1)
Re: (Score:2)
Probably because people read "NASA" as a word rather than an initialism, and it's just treated as a name. People read "NSA" as an initialism (i.e. "en ess ay") and think of it as a contraction of the full name.
Re: (Score:2)
https://www.urbandictionary.co... [urbandictionary.com]
A quick FYI (Score:2)
Apparently they do sell RFID/Faraday bags and phone cases on Amazon.
YMMV.
Re: (Score:2)
Apparently they do sell RFID/Faraday bags and phone cases on Amazon.
And faraday cages are overrated. They're pretty bad at keeping energy in. Unless there's something energy-absorbing in there, just putting an anything-less-than-perfect faraday cage around something still lets much of the energy out - because it bounces around ("pumps resonances") and builds up, until the energy out the leak approaches the energy being emitted inside the cage.
That can scramble the passband something fierce, with some narr
Re: (Score:2)
Interesting. I used to work inside of one, that went through USAF Tempest testing, and seemed to work just fine.
Tempest-tested ones are not very leaky - and don't they also have some radio absorbing material (such as carbon foam) on the inside?
Yours definitely had something inside it that would absorb radio energy: You! B-)
Turn off "find my phone" until needed? (Score:2)
That advice sorta defeats the purpose of the feature, doesn't it?
Re: (Score:2)
Is that a real "off" button, or just a "pretend to be off until I want to use you" button? Most computer "off" buttons are the latter.
Re: (Score:2)
Not at all. You just need to understand how the features of phones work. For example on Samsung devices you can set a message on your lockscreen. I have mine set to: "To the thief who just stole my phone, can you please enable find my phone, the PIN is 0000 and the option is in the settings. Thanks."
Idea for a feature (Score:2)
Have an option in "Settings" where you can set a fake home location, fake journeys to work, by car or public transport, some fake holidays, and your iPhone's location data plays back that location data precisely. With some extra movement when you are at work, going to random nearby