Researchers at the University of Southern California (USC) Viterbi School of Engineering and Princeton University have proposed a way to limit smartphone tracking from carriers. It’s called Pretty Good Phone Privacy (PGPP).
Pretty Good Phone Privacy
Even if you have GPS turned off there’s a good chance your carrier is still able to track your location. Our phones reveal personal identifiers to cell towers owned by major network operators. However, there is a software fix that could change that, dubbed Pretty Good Phone Privacy.
It decouples phone connectivity from authentication and billing by anonymizing personal identifiers sent to cell towers. Their new system works by breaking the direct line of communication between the user’s cellphone and the cell tower. Instead of sending a personally identifiable signal to the cell tower, it sends an anonymous “token.” It does this by using a mobile virtual network operator, such as Cricket or Boost, as a proxy or intermediary.
Barath Raghavan, an assistant professor in computer science at USC, an a co-author of this solution:
We’ve unwittingly accepted that our phones are tracking devices in disguise, but until now we’ve had no other option—using mobile devices meant accepting this tracking. We figured out how to decouple authentication from connectivity and ensure privacy while maintaining seamless connectivity, and it is all done in software.
Since the system works by stopping a phone from identifying its user to the cell tower, all other location-based services—such as searching for the nearest gas station, or contact tracing—still work as usual. The researchers hope the technology will be accepted by major networks as default, particularly with mounting legal pressure to adopt new privacy measures.
“Even if you have GPS turned off there’s a good chance your carrier is still able to track your location.”
Andrew: Are you implying that the carrier has access to GPS data?
Andrew:
Where we’re headed, it’s all about the software.
The only unknown here is how long it will take, assuming this solution gets deployed, before carriers respond, perhaps with a reciprocity software solution that denies location services to such devices. ‘Identify yourself, or we won’t tell you where you are or where you need to go’, a variant on what Netflix are doing with VPNs, retaliation.
This could get interesting, especially if PGPP users take the carriers to court.