NNSquad - Network Neutrality Squad
[ NNSquad ] My Status / Location Tracking / SSH for Google Cr-48 Notebook Available
My Status / Location Tracking / SSH for Google Cr-48 Notebook Available
http://lauren.vortex.com/archive/000844.html
Hello all. As per "iPhone Location Tracking Brouhaha in Perspective +
Personal Status Note" ( http://j.mp/gmDr1X [Lauren's Blog] ) I have
had to scale back everything drastically for now. I do want to thank
everyone who sent notes of encouragement, and I apologize for not yet
responding to each of you.
There are a couple of loose ends I'd like to deal with now. The first
associated with location tracking issues, the second with some
software I have available for the Google Cr-48 Chrome notebook.
The new controversies regarding smartphone location tracking data
continue, and apparently there will be a Congressional hearing on the
topic early next month.
My current understanding is that iOS (iPhone, iPad, etc.) is keeping a
comprehensive unencrypted log of location data on the user devices,
perhaps at cell tower/site/sector granularity, and (according to some
reports at least) sending the data back to Apple at intervals (twice a
day?)
Android is reportedly (I have not dug into my own rooted device yet to
check this first hand) maintaining an overwriting cache (256 entries?)
of similar granularity location data, which is routinely sent up to
Google. In general, this represents a much less comprehensive source
of location data at the device itself (vs. iOS), since the cache is
constantly overwritten by new data. Also, the cache is only
accessible directly to users with rooted devices (or via various
forensic data extraction equipment). It is not clear to me at this
time if this Android location data collection is or is not
controllable by the user via the menu-based location options (and the
query about location data collection that users receive when they
initialize a new Android device).
My overall view on this all is that while I would prefer that users
have complete control over location data tracking on any devices and
regarding where that data is collected in the cloud, I think many
critics of this situation are missing some key points.
I believe that overall the iOS log on the devices is much more
dangerous than the Android cache, since the former is so
comprehensive. And in California and apparently some other states at
least, on-device data is subject to ad hoc extraction by authorities
and others without a warrant even being needed.
On the other hand, location data stored at central servers is at least
protected by the associated firms' privacy policies -- I assume for
example that Google would not release that data without a warrant or
other appropriate court order in most or all cases, which would be a
much higher standard than the very similar location data *collected
by the cellular carriers themselves*, and apparently frequently
released by those carriers with a nod and wink to authorities --
without a warrant in many situations.
This all suggests that viewing this issue in isolation in terms of iOS
or Android is a mistake -- that it is necessary to look more broadly
not only at carrier privacy policies but also the varying and
conflicting standards for protection of user data in different
contexts (local devices, "transient" storage at ISPs and other
services, "permanent" storage at those entities, and so on).
Ironically, this seems to be a situation where the "traditional"
stronger protections from government access to data on a local PC (vs.
the cloud) are reversed -- in this kind of tracking case the local
device can end up more vulnerable to such data extraction than the
cloud services.
Much of this points at the continuing urgent need for strengthening
and harmonization of laws regarding data protection in these areas,
which I know Google strongly supports. Unfortunately, it appears that
the Obama administration, like administrations before it, is resisting
key aspects of such efforts (for example, the Obama admin is now
actively fighting attempts to give all cloud-based email appropriate
protection from perusal by law enforcement with warrants), and results
from similar efforts to improve data protection in the EU appear mixed
and sometimes contradictory at best right now.
- - -
If you have a Google Cr-48 Chrome notebook and would like a
full-featured, browser-based (Java applet) SSH, please let me know.
Making this work on the Cr-48 turns out to be nontrivial since the
platform doesn't currently have integral support for Java applets.
However, this can be dealt with if your notebook is in "developer"
mode. Having a full-blown SSH with a variety of terminal emulation
modes, etc. in a browser tab (rather than having to use a text-based
virtual terminal) can be very useful. I don't have detailed
step-by-step install instructions written up yet, but I have it all
working. If anyone has interest I have the necessary resources
available for download and would of course pass along install notes.
Thanks as always. Take care, all.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
- PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://j.mp/laurenbuzz
Quora: http://www.quora.com/Lauren-Weinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com