The ubiquitous phone feature has powered a surveillance technique used to catch suspected kidnappers and pedophiles. It's also fueled fears of a 'privacy nightmare' at a time when abortion is criminalized:
The alleged pedophile "LuvEmYoung" had worked to stay anonymous in the chatrooms where he bragged about sexually abusing children. A criminal affidavit said he covered his tracks by using TeleGuard, an encrypted Swiss messaging app, to share a video of himself last month with a sleeping 4-year-old boy.
But the FBI had a new strategy. A foreign law enforcement officer got TeleGuard to hand over a small string of code the company had used to send push alerts — the pop-up notifications that announce instant messages and news updates — to the suspect's phone.
An FBI agent then got Google to quickly hand over a list of email addresses this month linked to that code, known as a "push token," and traced one account to a man in Toledo, an affidavit shows. The man, Michael Aspinwall, was charged with sexual exploitation of minors and distribution of child pornography and arrested within a week of the Google request.
The breakthrough relied on a little-known quirk of push alerts, a basic staple of modern phones: Those tokens can be used to identify users and are stored on servers run by Apple and Google, which can hand them over at law enforcement's request.
[...] The data has become prized evidence for federal investigators, who have used push tokens in at least four cases across the country to arrest suspects in cases related to child sexual abuse material and a kidnapping that led to murder, according to a Washington Post review of court records. And law enforcement officials have defended the technique by saying they use court-authorized legal processes that give officers a vital tool they need to hunt down criminals.
Originally spotted on Schneier on Security.
(Score: 0, Troll) by Anonymous Coward on Sunday March 10 2024, @10:41PM
What they didn't tell you is it's the second case they worked this month.
The first one got tossed out because they decided it was in the "interests of justice" to not prosecute a senile old pedophile who couldn't remember his job title.
No seriously. It had *nothing* to do with his "high status". Oh, and he also isn't senile. But that's why it didn't get prosecuted.
But this second guy is a complete rando and actually did it. No political connections, no senility, no nothing. So we're going to make an example out of him.
(Score: 4, Insightful) by JoeMerchant on Sunday March 10 2024, @10:55PM (1 child)
If you can communicate to someone, there are always ways to "trace the call" and it is getting easier, not harder, with modern complex systems.
Best method to avoid a trace that comes to mind at the moment is two bought with cash burner phones setup as a relay in a self destructing box. Everything you send out goes through a relay, preferably one of a dozen relays setup around a metro area that is actually two metro areas away from where you usually communicate from.
Trusting some app provider is right up there with buying a burner phone yourself with your personal credit card.
🌻🌻 [google.com]
(Score: 2, Insightful) by Anonymous Coward on Monday March 11 2024, @01:05AM
> Best method to avoid a trace ...
Just don't use phones, or any public network for that matter, for things you don't want traced.
(Score: 2, Interesting) by Anonymous Coward on Monday March 11 2024, @01:48AM (1 child)
... but not in the Application Settings, locally. Turn them off in the app itself. If you just *hide* them on your device, then all that (profitable) user data is still going to Goggle.
The common root of the spying problem here is pretty commonly clear. The FBI isn't just sending warrants, with gracious responses from the Corporation -- the FBI is sending checks (the money kind, not balances) with those warrants, or at least monthly. Your tax dollars, straight to privacy-defeating mega-corps, so that criminals can be defeated for the actions at home, in their bedrooms. (Oh sure, they'll publish a story a few times a year that are probably *every single one* of the suspects they find outside their bedroom, but every single other one? Yeah. Your-own-bedroom crimes.)
(Score: 3, Informative) by Ox0000 on Tuesday March 12 2024, @05:39PM
One could also consider running a phone OS that does not have Google Play Services (which is the underlying infrastructure that enables things such as push notifications) or other equivalent things.
GrapheneOS [wikipedia.org] comes to mind.
A nice benefit from running such an OS is the quiet that you will experience, not being disturbed by all those childish little pings coming from your phone, begging for your attention.