Statement: UnifiedNLP is critical infrastructure

Torsten · September 28, 2023, 10:29am

As often as I can I upload data to OpenCellID.org and Mozilla location services, using “Tower Collector” from F-Droid.

Ane thinking about this: Network Location detection is critical infrastructure!

Thats why GrapheneOS not allowing microG is such a problem.

I listen to a Discussion about SpaceX, Amazon, Alphabet, China, India, Europe etc. all competing about sattelites.

The likeliness of crashing sattelites will go up drastically, as well as the danger of getting dependend on those.

Location positioning is possible without GPS! But commonly its only done by Google and Apple.

It is very important for all privacy platforms to support UnifiedNLP with an independend Network location provider.

What do you think about this?

Regime6045 · September 28, 2023, 3:10pm

I agree that UnifiedNLP is an important puzzle piece. Hopefully GrapheneOS will support it or something similar soon. To quote Daniel Micay (highlighting from me):

By default, GrapheneOS uses GNSS as a network location provider whether or not sandboxed Google Play is installed. […] More options [will] become available, which is planned, but that’s the status quo already. Our emulation approach is the most private approach and should not be considered worse than sending the user’s location to a service by default whenever they enable location, which is what happens on some of those other operating systems by default.

Network-based geocoding and network location via services are a massive privacy issue. The operating systems using network location by default are significantly less private because they send the user’s location in real time to a service (network location) and send queries for locations like street addresses to a service (geocoding).

GrapheneOS hasn’t yet included an OS geocoding service because it’s less private than either not having one or using a local database. We plan to offer a local database download via our app repository and the option to use remote services but not by default. Not including network-based geocoding is as much of a feature as including it, with different tradeoffs. Most map apps have their own geocoding support and some may support doing it locally but most don’t.

We emulate network location to improve privacy over using a real network location service without breaking app compatibility with apps assuming there is one. GrapheneOS approach is far more private than sending the user’s location to a provider like Mozilla by default whenever the user enables location. From a privacy perspective, this is a bad feature and not one that should be enabled by default with a remote service as other operating systems are doing. From a privacy perspective, not doing that is a feature, and if it’s offered as a feature it should have a warning. SUPL as actually used in practice is a lot more private than this.

Torsten · December 11, 2024, 2:48am

There are a lot of updates!

beacondb.net and the libregeolocation.org organization were created. BeaconDB already serves as an MLS replacement
NeoStumbler is a great and modern app to collect wifi, bluetooth, cell and GPS data, to improve these databases
microG + UnifiedNLP can already use BeaconDB, just as geoclue on Linux
GrapheneOS is scraping tons of data and will implement their own app for network location, which will be able to use a local database

vayun · February 19, 2025, 4:57am

Hey I recently found out about BeaconDB and I put together this non-privileged app (runs on any Android phone, no need for MicroG) that uses the Mock Location option in the developer settings to set the phone’s location to the location provided by BeaconDB. App is available here if anyone wants to try it out:

SkewedZeppelin · February 19, 2025, 6:50am

@vayun

you should add a cache based on the wifi networks available and not resubmit if they haven’t changed

also check the current location to the previous location and increment a backoff if it hasn’t changed

vayun · February 19, 2025, 10:16pm

thanks for the feedback. I’ve just added the feature to not make a request until the wifi networks change, but I’m not sure what you mean in your second point by a backoff?

SkewedZeppelin · February 19, 2025, 10:54pm

@vayun
like this (java code from my old backend, you’ll have to adjust to kotlin):

    private final int minTimeout = 2000;
    private final int maxTimeout = 32000;
    private final int timeoutFactor = 2;
    private int curTimeout = minTimeout;
    private int getTimeout() {
        if (lastLocation != null && lastLocation.getLatitude() == curLocation.getLatitude() && lastLocation.getLongitude() == curLocation.getLongitude()) {
            if (curTimeout * timeoutFactor <= maxTimeout) {
                curTimeout *= timeoutFactor;
            } else {
                curTimeout = maxTimeout;
            }
        } else {
            curTimeout = minTimeout;
        }
        return curTimeout;
    }

then adjust your line delay(UPDATE_INTERVAL) to delay(getTimeout())