Yeah, I know. First post and all. Get over it - this is the first time I've been motivated to speak. And you all would be wise to listen.
First, let me say that I do not now, nor have I ever, worked at an "agency," nor do I have any clearance or any obligation not to speak (no NDA). So I'm free to speak.
In my past, I functioned as a consultant. At one point I was assisting a party that was contemplating making purchases of companies/technologies in a unique "space" and then merging the companies/technologies.
What space?
I want you to imagine that a great many of the engineers that created various aspects of Prism (yes, the Prism that Snowden told us about) went into private enterprise. I want you to further imagine that they started up various companies that created various platforms that were, say, metaphorically ten degrees off of Prism, and had applications that were commercial. This is not imaginary, friends. There's about a dozen such companies. And I looked at all of their platforms.
Before I advance, I can hear you object: "but I never heard of these companies or platforms."
Let me explain how they work: (1) the platforms require subscription access and are expensive; (2) the subscribers are all corporate; (3) the corporations have to explain who they are and why they want the subscription - money alone won't buy access; (3) then they audit the corporation and force it to create a room with controlled access, and they ensure that only people from within said room are permitted to access their platforms; and (4) all of the individuals within the aforementioned room are required to have an appropriate security clearance - those are the people accessing these platforms. Got it?
So, basically, I'm talking about a weird netherworld where it's not quite clear where the government ends and private business begins. But, technically, on its face, it's all private business.
The point is that I explored all of these platforms, and I know what they do. And they all have a common ancestor. Prism. So it's not too hard to form reasonable conclusions about its capabilities.
Now, on to True The Vote (TTV). Almost without a doubt, TTV has been assisted by the NSA with both: (i) datasets; and (ii) the platform used to analyze the datasets.
Let's start with the datasets. Because of a DIFFERENT "tour of duty" as a consultant, I can tell you with 100% certainty that it is not possible to buy datasets that permit inquiry into where devices (phones) were without massive gaps in either: (1) devices; or (2) timeframes. So you CAN buy information about devices and their locations, but the information will have huge gaps in it, and would not permit TTV to do what it did.
That said, here's what happened. Every 30 seconds, the WiFi transceiver in your phone is spinning up and looking for WiFi networks. On about the same timeframe, your cellular radio is spinning up and looking for cell towers. The information concerning the following is exported by the makers of the O/S of your device: (1) what WiFi networks are visible; (2) their respective signal strengths; (3) timestamps; (4) what cell towers are visible; (5) their respective signal strengths; and (6) timestamps. None of this is available to developers of apps, by the way. Apple deprecated access to all of this information LONG ago. Anyhow, by virtue of the O/S exporting this information, the NSA has this information for every device. And they use it to query a database, and what is returned is your location ("If at such-and-such time, these WiFi networks were visible with these strengths, and these cell towers were visible with these strengths, where was the device at such time?"). The government drives around metro areas recording WiFi networks, cell towers, and their strengths, and correlating that to location. And it works VERY well in urban areas - but like shit outside of urban areas. Anyhow, that's how TTV knows where the devices were with no gaps in timeframes or devices. They had access to this dataset. That also why TTV only "bought" datasets for urban areas. The dataset supplied to them by the NSA is only accurate in urban areas. As I said, this technique does not work at all outside of urban areas. (5G changes all of this, but that is another story for another post.)
Now, what you need to know is this. Those platforms I mentioned previously. They do, indeed, have geofiltering and geoanalysis capabilities. But that's about 5% of what they do. They mainly find connections between people. These platforms permit a user to seek out every message sent by any particular individual across essentially any messaging system. That's where this is going next.
Let me paint a picture.
Let's say TTV uses its platform to identify all devices that began life more than 100 miles from a given "crooked" nonprofit, and arrived at the non-profit within a travel span of, say, 2 days. Well, that's the driver of the truck that the trafficked the ballots. Where did the tuck start from? Well, that's the company responsible for trafficking the ballots. Who are its executives? Now use the aforementioned platforms to find all of their messages, to examine all wire transfers to and from them personally and their companies, to examine every suspicious activity report filed against their respective bank accounts, and so on.
You end up figuring out who printed ballots, who shipped the ballots, who filled out the ballots, and who financed it all. That's where this is going. And I'm not guessing about the capabilities of the platforms. I know their capabilities for certain, which means I know the capabilities of the NSA's platform that was undoubtedly furnished to TTV. And I'm not guessing about the datasets. With 100% certainty, TTV is being supported by elements within the NSA, who are probably sanitizing the delivery of the datasets and platform through intermediate "private" companies, so TTV can say that it did not get anything from the NSA.
Sorry - this is long, and probably both winding and confusing. I am typing this in a sort of flow-of-consciousness manner. If you care to, fire away with anything, and I'll respond as I can.
The locational framework available to SDK developers on iOS devices only (1) grabs approximate location, and (2) only about every 30-ish minutes, when the app in which the SDK is embedded is not actively executing. So, in general, looking across a fleet of iOS devices: (a) there'd be iOS devices that simply did not have a particular app installed that, in turn, had an SDK embedded within it that obtained geo-data; and (b) with regard to devices that did have such an app installed, most of the time that app would not be actively executing, which means that the locational information would only be approximate and occasional (every 30-ish minutes) during such periods.
Android devices work totally differently. The developer of an SDK can get locational information off of an Android phone from an app that is not executing. And it can do so continually and accurately. But, the Android operating system will shut down that background capability after about 4 or 5 days. So after that period expires, all of the information flow stops.
I'm somewhat glossing over some details, but that's the big picture.
Is it possible to reclaim some sense of our own privacy using an Android device if you shut down almost all of the google app data permission collection methods? Do you have any advice?
If that's a question for me, then my answer is:
(1) limiting permissions will definitely help your state of affairs.
(2) I am now referring to knowledge that is a few years old: when I was examining the logs of an Android device, I saw what appeared to my eyes to be a "whitelist" of about a dozen or so apps. Android will not shutdown services launched by these apps. This means that services launched by these apps evade the 4 or 5 day background execution limit. They collect data forever. I don't recall all the apps on the whitelist right now. Facebook and Twitter were definitely on the list.
If you are interested in exploring the whitelist, the first step is installing the Android Developer's Bridge on your computer, which will let you connect your phone to your computer and send it certain commands, including commands to stream the phone's logs to your computer. From there, you can store the logs and examine them. I can help you with that, if you're interested.