Welcome to “Ask a security trainer,” the column where the Digital Security Training team at Freedom of the Press Foundation (FPF) answers your burning questions at the intersection of journalism and security. Submit yours here! Let’s jump right into this week’s question.
Dear DST,
I have heard that my phone can be tracked in order to expose my presence at certain locations and events. Is this really possible? I’m a journalist and am frequently on scene covering protests or meeting with sensitive sources, and have been trying to wrap my head around how concerned I should be about this type of mobile tracking. Are there any steps I can and should take to protect my location information?
Signed,
Mystified On Mobile
Hello Mystified,
To answer the first part of your question: Yes, your mobile phone can expose information about where you are and where you’ve been to a range of actors. These can include your cellular service providers (e.g., Verizon, AT&T), the apps and websites you visit, owners of Wi-Fi networks or Bluetooth devices that you connect to, and other entities, such as law enforcement, that these actors may be compelled to share such information with.
Before worrying too much about technical details, though, it’s important to take a step back and think about your specific threat context. Ask yourself: Do I actually have a reason to keep my presence at a given location a secret?
While there is a lot of ambient concern around location tracking and no shortage of advice floating around social media about how to limit your likelihood of being identified at, say, a protest, this advice typically assumes that you have a need to not be connected to a specific event in the first place.
This column won’t address an average protester’s risk assessment, but as a journalist covering the event in question, you may want your presence to be known. Or, at least, have little need to keep the fact that you were present for and covering the event a secret. After all, if you plan to publish an article about the protest later that day or week, you will likely be making it clear that you were there anyway.
While there are plenty of digital and physical security considerations to keep in mind when covering potentially contentious events like protests, location tracking is less likely to be one of them. That said, it is important to keep in mind that your identity may impact your risk assessment. For example, your citizenship status may affect the level of risk you are willing to accept.
Your risk assessment related to location tracking can also change dramatically based on the journalistic activity you’re undertaking. Consider a sensitive story in which you are meeting a high-risk, anonymous source in person. Your adversaries could use location data to place you and the source in the same spot at the same time, leading to the possible exposure of the source’s identity.
Or perhaps you need to visit a particular location (e.g., a government building) that could put a given department or agency on notice that you are investigating them, in turn making the reporting process more challenging.
In situations like this, where it is undoubtedly advisable to limit who has access to your location information, you’ll want to consider how such information can be exposed.
When it comes to mobile device location tracking specifically, there are three key mechanisms through which your phone exposes your location: cellular tower triangulation, Wi-Fi and Bluetooth signals, and your device’s location services (which often bundle together data from the first two mechanisms, alongside GPS).
Our friends at the Electronic Frontier Foundation have an excellent primer that breaks down how these mechanisms work, so I won’t spend time on the technical details here, although I strongly recommend you check out that article.
The high-level takeaway is that each of these mechanisms has the potential to expose your location to different adversaries in different ways and, therefore, requires distinct (although at times overlapping) mitigations.
The source of mobile location information most widely distributed to third parties usually comes from your device’s location services. To mitigate the risk associated with location services, your best bet is to turn them off completely. If turning off location services completely seems daunting or too disruptive to your daily life, you can consider disabling them leading up to, during, and immediately after sensitive events. You can also turn off location services to specific third-party apps and services that you don’t trust and/or limit the precision of location data that individual apps receive.
Location data collected from cell tower triangulation can be seen by your cell service provider, and law enforcement can, with a warrant, force providers to share it with them as well. The best technical step you can take to prevent this type of tracking is to turn your device completely off. An alternative mitigation is to not take a device with you on sensitive assignments, or to use a device that is not connected with your identity (which is incredibly difficult to do effectively).
Law enforcement entities have also been known to set up portable, fake towers (known as cell site simulators) that attempt to connect to nearby devices to log their physical presence. This tactic, while used very rarely, can be deployed around specific events like protests. This article (also from EFF) breaks down mitigations if you are concerned about cell site simulators in particular.
Your device also emits Wi-Fi and Bluetooth signals that expose your MAC addresses, which are unique identifiers associated with your device. These can be collected by networks and devices you connect to, and potentially by others within range of these signals, and used to identify devices in a given area.
The simplest way to significantly reduce this risk is to disable Wi-Fi and Bluetooth, or turn off your device completely, when in a location where you don’t want to be tracked. It is worth noting that, in some rare circumstances, these signals can continue to emit even when a device is powered off, and it can be difficult to be certain whether your device is broadcasting.
So, if you are in a very high-risk situation and want to take no chances — and leaving your device behind is not an option — you may also consider placing your device in a Faraday bag to fully block these signals.
So, to recap: Not taking your device to an event is really the only foolproof method to stop mobile location tracking completely. But there are other mitigations like disabling Wi-Fi and Bluetooth, turning off your device, and limiting location services that can reduce this part of your digital footprint.
Before focusing too much on these mitigations, though, be sure to ask yourself if, when, and why location tracking is a concern for you, your sources, and your work.
Best,
Evan
