The Trackers We Carry

A starting point for phone privacy.

In terms of privacy, cell phones are overwhelming. They store our lives, they contain cameras and microphones, they know our every location: cell phones track us.

This isn't (necessarily) done maliciously. Sometimes we need to determine a driving route; having a GPS in our pocket can be a lifesaver. But many times it's used for advertising. The major apps, especially ones owned by Facebook or Google, are notorious for this; unless one disables their data collection, they will scoop up as much as they can get. Just the other day, a friend and I were eating at Starbucks. Lo and behold, a few minutes later, a Starbucks ad appeared on her Instagram feed. She had let Instagram access her location data. Even cutting off location services doesn't necessarily prevent this. Many stores have Bluetooth beacons that track customers. As this New York Times article details, these stores recognize phones that enter by using Bluetooth technology. Any store-brand app, such as the Target App, will be able to identify someone once they enter a Target. But sometimes all a store needs is a customer to have a weather app installed; even third party apps hide tracking software in the code.

Beyond apps, the most obvious form of tracking is done through our Internet Service Provider. Since they connect calls and messages via cellphone towers, they know precise cellphone locations. This is necessary for making traditional phone calls and text messages; however, as discussed in previous blog posts, these are discouraged because they are not secure at all. Without an end-to-end encrypted messenger, one's calls and texts can be intercepted and read. The problems don't stop there. Most police departments, including those in North Texas, own IMSI catchers (also known as Stingray devices). These mimic cellphone towers, transmitting all information from the cellphones that connect to them to real cellphone towers. In the process, they store identifying information and location data from the phone, which can be used later to determine who was in the area. Occasionally, they can even intercept text messages. These are notorious for being used by police in response to protests; if attending a protest, it is always advisable to bring a burner phone or leave one's phone at home. For more information on their use in North Texas, check out our page here.

This is only the tip of the iceberg, and it already feels overwhelming. This is how privacy-invading companies win: they want customers to feel overwhelmed and give up the fight. The key is to run a marathon by taking a few small steps at a time. Slowly, over the months, these steps will become routine and one can build on top of them. So, without further ado, here is:

The Dallas Privacy Initiative's Simple Phone Tracking Prevention Guide

  1. 1. Download as few apps as possible. The more apps on one's phone, the wider the attack surface.
    More apps = more trackers (and more security vulnerabilities!)

  2. 2. Vet all apps. If using iOS, Apple introduced a new Privacy tab on every app. Read it. Go look at Facebook or Facebook Messenger. Scratch one's head and ask why a messenger app would ever need access to browsing history, health and fitness data, or "sensitive info." What even is sensitive info?!

  3. 3. Customize every app. Disable everything but the necessities. Do not give apps access to Bluetooth, location, photos - don't give them access to anything.

  4. 4. Turn of Bluetooth. Completely. Unless needed, keep it off.

  5. 5. Same for Wi-Fi and location data. Avoid connecting to any public Wi-Fi hotspots without proper VPN protection.

  6. 6. Invest in a Faraday bag. While airplane mode can disable some tracking, a Faraday bag ensures no one (hackers, governments, anyone) can locate a phone. Once a phone (or computer) is inside, everything is cut off. Wi-Fi, GPS signals, Bluetooth - none of it can get through. It's the best solution; keep all phones in the bag when not in use. Don't want to buy one? Build a custom Faraday bag!