There is a legitimate problem with mass siphoning of location data by mobile applications. Provided with that information you can identify clusters of activity aligned with identified military activity and infer what is going on, building a model that can then process the location data to predict military activity. Even deliberately choosing to not be trackable is itself an interesting data point.
Strava managed to do most of this entirely by accident.
The big problem is that once you accept you want to control location data why can you justify the ongoing use of it by existing systems? (Google and FB, mainly, though far from exclusively). I once audited an SDK from a YC startup many moons ago that went as far as collecting the altitude and bearing of the user when viewing an advertisement - this stuff is incredibly widespread.
My personal view is a law is needed that bans central collection of location data. (Even anonymised would not be sufficient). It's fair game for a user (and their apps) to have access to encrypted logs of the location of their devices, but that should not be remotely accessible by anyone.
"Anomaly Six — also called A6 — claims it can track billions of devices in near real time. And Zignal Labs leverages its access to Twitter data streams to sift through hundreds of millions of Tweets per day, without restriction. The two combined would be an even more powerful surveillance tool.
During the presentation, A6 tracked the movements of the Russian army along the Ukrainian border, Chinese submarine positions, and even the American intelligence community. This was a bold idea: To demonstrate just how powerful its phone tracking capabilities are, A6 showed Zignal that they could spy on American spies.
On a satellite map of the U.S., A6 sales rep Brendon Clark drew digital boundaries around CIA and NSA headquarters. This is a technique known as geofencing. Within these boundaries, 183 dots appeared, representing GPS pings from phones that had visited both locations.
Lines radiated from each dot, showing where the phones had traveled. As Clark noted: “So, if I’m a foreign intel officer, that’s 183 start points for me now.”
Zeroing in on one dot, A6 showed how its software could reveal this individual’s movements as they traveled throughout the U.S. using the location data pulled from apps on their phone. In their demo, the person they were tracking traveled to a U.S. army base in Fort Bliss, Texas, an airfield in Jordan, and their likely home in suburban Maryland, close to NSA headquarters. The demo concluded with a Google Street View of the person’s house."
The issue is indeed legitimate, but it would be a systematic issue with all non-western/non-US apps, not just TikTok which is being singled out in an ad hoc manner. And it has as much to do with Google's store/android location data policies as it is with the apps.
>My personal view is a law is needed that bans central collection of location data.
Agreed.
...
UPD: I also suspect that preserving location data from state actors is a lost battle and modern SIGINT satellite constellations are already capable of pinpointing location of phones en masse, or will be capable of doing it in the coming years.
Strava managed to do most of this entirely by accident.
The big problem is that once you accept you want to control location data why can you justify the ongoing use of it by existing systems? (Google and FB, mainly, though far from exclusively). I once audited an SDK from a YC startup many moons ago that went as far as collecting the altitude and bearing of the user when viewing an advertisement - this stuff is incredibly widespread.
My personal view is a law is needed that bans central collection of location data. (Even anonymised would not be sufficient). It's fair game for a user (and their apps) to have access to encrypted logs of the location of their devices, but that should not be remotely accessible by anyone.