The “Location Off” switch on your phone is a lie.

If you’re going somewhere anonymously, or attending a politically unpopular protest, or visiting a sensitive client, you might want to turn Location Services to Off in your smartphone’s settings. Great – now you can go and do whatever it is without worrying.

Well, that would be the case if we lived in an ideal world, but that switch is more of a polite “please don’t” than an actual deterrent. There are many other ways of getting your location, some of which you may not have considered, but I’m going to focus on the biggest oversight I regularly see even privacy-focused people ignorant of. This will be nothing new for privacy experts, but… it’s your carrier.

Think about it. To join their network, you are literally logging in with your carrier account, which is (most likely) tied to your identity and also has your payment method attached. Maybe you were clever and got a prepaid card with cash, but that’s another step. But consider what happens next: If you are communicating with the network, your phone and the cell tower quickly become aware of how much time it takes for a message to go back and forth between them. Say, a few hundred nanoseconds. It doesn’t take much math, because the amount of time is consistent for the distance you add, to establish a radius for how far away you are. Add in two or three weaker towers in the area that aren’t as preferable when your phone is looking for a better signal, and the carrier’s got a pretty good idea of where you are.

Which, is also why buying prepaid with cash is overrated. All they have to do is look at where you are between 9PM and 5AM for most days, and they’ll have a pretty good idea of where you live. What’s the point of paying with cash if they can easily find your home address?

This is just one way that the carrier could find your location. And there’s nothing you can do about it. If you are thinking that downloading GrapheneOS and only using the stock apps makes you immune… no, it doesn’t. Every line of code could be handwritten by yourself, but the moment your phone talks to a cell tower, there’s no privacy.

If you want to learn more ways you may be identified, look into IMSI Catchers; and also consider that your phone regularly talks to cellphone towers even from other carriers if you don’t have a SIM card installed, to deliver E911 support. No phone in the US needs a cellular plan to call 911, but that means that even a SIM-free phone is still talking to towers.

Better to leave the phone at home. Or, at least in a Faraday cage you can remove it from if you are desperate.

Published by Gabriel Sieben

Gabriel Sieben is a software developer from St. Paul, MN, who enjoys experimenting with computers and loves to share his various technology-related projects. He owns and runs this blog, and is a traditional Catholic. In his free time (when not messing with computers), he enjoys hiking, fishing, and board games.

Join the Conversation

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *