Disabling GPS is Not Enough: Cellular location leaks over the Internet
My paper Disabling GPS is Not Enough: Cellular location leaks over the Internet, written in collaboration with Hamed Soroush, Keen Sung, Erik Learned-Miller, and Brian Levine, has been accepted for publication in the proceedings of the Privacy Enhancing Technologies Symposium.
In this paper, we show that, given a cell phone and a remote party communicating over the Internet through 3G, the remote party can determine locational information without explicit GPS data. Specifically, we show that the path a cell phone and its owner take from or to a known location can be determined from remote observations of changes in TCP throughput. This determination is made possible by the relative ease of acquiring training data, given our attacker model (a streaming media service, or its data as subpoenaed by an investigator).