NSA Warns of Location Data Accessibility

The National Security Administration (NSA) recently came out with a statement that warned against the location data from your internet-connected devices.

Immediately stating that "Using a mobile device—even powering it on—exposes location data." Referencing how mobile devices are designed to inherently trust cellular networks, providing a real-time data set back to providers.

This data has the potential to be compromised, as we have previously mentioned, and at the very least leads to advertisements rapidly pushed at you. At the extremes, people or groups with malicious intent can actively track you.

The NSA notes that simply turning off Cellular Data and GPS does not do the trick, as there is still potential to be tracked through WiFi and Bluetooth. Currently, one of the biggest security concerns is the widespread use of various applications and social media services that immediately ask for your location when using. They then can take this data set and sell it to the highest bidder.

If that cycle continues, there are many points along the way that a malicious actor can gain your whereabouts or more personal information to target you.

The NSA lists a number of steps, all of which we have talked about in length before, to limit the risk associated with using your device:

• Disable location services settings on the device.
• Disable radios when they are not actively in use: disable BT and turn off Wi-Fi if these capabilities are not needed.
• Apps should be given as few permissions as possible:
• Set privacy settings to ensure apps are not using or sharing location data.
• Avoid using apps related to location if possible, since these apps inherently expose user location data. If used, location privacy/permission settings for such apps should be set to either not allow location data usage or, at most, allow location data usage only while using the app. Examples of apps that relate to a location are traffic apps, apps for finding local restaurants, and shopping apps.
• Disable advertising permissions to the greatest extent possible:
• Set privacy settings to limit ad tracking, noting that these restrictions are at the vendor’s discretion.
• Reset the advertising ID for the device on a regular basis. At a minimum, this should be on a weekly basis.
• Turn off settings (typically known as FindMy or Find My Device settings) that allow a lost, stolen, or misplaced device to be tracked.
• Minimize web-browsing on the device as much as possible, and set browser privacy/permission location settings to not allow location data usage.
• Use an anonymizing Virtual Private Network (VPN) to help obscure location.

They also mention using airplane mode, but as we have noted, that still leaves you open to tracking.

We recommend using a Faraday Sleeve much in the same manner as they state to use devices:

• Determine a non-sensitive location where devices with wireless capabilities can be secured prior to the start of any activities. 
• Leave all devices with any wireless capabilities (including personal devices) at this non-sensitive location. Turning off the device may not be sufficient if a device has been compromised.

Now if we have talked about this at length before, why is this particular case important? Because it means that the Government is publicly stating what we have known. That our electronic devices DO NOT leave us with the Privacy, Security, and Health that we strive for in our daily lives.