Thinking about different aspects of location tracking in terms of
1. Your device figuring out where it is.
2. Others figuring out where your device is.
3. Your device telling others where it is.
1 would include GPS, or just listening for cell/wifi signals.
2 would include IP geolocation, or seeing which towers your calls go through, or tracking which map tiles you download while moving around.
3 would include telling a website, or an app uploading your location
1/
Pinging hotspots or cell towers is both 1 and 2, figuring out your own location while revealing clues.
So you’ve sort of got passive sonar, active sonar, communications metadata, and actual reporting.
As for tracking:
Passive sonar isn’t a risk
Active sonar’s risk is inherent to being active
Metadata’s risk is inherent to actually using a connection
You can obfuscate it by things like onion routing, vpns, extra requests, pulling location-specific info ahead of time, etc.
2/
And then there’s the issue of when your device explicity sends your location once it’s figured it out. Like when you search for the nearest coffee place or bank branch, or you’re using navigation software, or updating an online map in real time. Or when an app or website just wants the data.
Fortunately, OSes and browsers have decent access controls for letting apps and websites know your location (as determined by your device). But an app or website can still try to infer from other info
3/
An app with online ads could look at which CDN endpoint you end up connecting to. Or make connections to sites with known locations and see which is faster, just like a speed test app or site choosing the nearest server to make a proper test. It’s a lot less precise, but it’s not like the OS can block the upload as easily as it can just refuse to hand detailed location to the app.
And of course it can be correlated with other metadata like geolocation
4/
And of course anything you *intentionally* report — online navigation, check-ins, Pokestops you spin, the nearest ATMs on the bank site — you have to trust that the service at the other end isn’t going to misuse it.
Your bank isn’t going to care. They already know which branches and ATMs you visit.
I wouldn’t trust an ad network with a 10-foot pole.
Something big like Google or Microsoft or Amazon? That’s where you get into trade-offs.
5/
Offline maps & navigation definitely have an appeal to them. Especially if you aren’t sure you’ll have reliable network access where you’re going. It’s doable. The only downside is you can’t add live traffic info. You could probably download typical traffic per day/hour along with the map and get rough esimates, butof course not be able to know there’s a 10-mile slowdown because a truck jacknifed, fell over, spilled an entire load of cheese and caught on fire
6/
or maybe grab traffic data for a wide area, quantized so that it only reveals which large rectangles you’re passig through, not which roads. Like iNaturalist does with obscuring locations of observations.
Anyway, I don’t know why I’m still writing this. I just wanted to write down the active/passive sonar analogy, and i kind of rambled on from there.
7/7