Hacker News new | past | comments | ask | show | jobs | submit login
Why do people keep coming to this couple’s home looking for lost phones? (fusion.net)
361 points by cremno on Jan 21, 2016 | hide | past | favorite | 255 comments



My money is on a wifi SSID that matches the one used by thieves or a heavily-trafficked location the victims all pass through.

My company moved ~5 blocks and it really screwed up the map on my phone (which I use to get around the city) for several months. My company had left the network SSID the same in the old location, so that no one had to re-configure their wifi. Even with GPS on, my phone was always convinced it was in the old location up the block, and this would persist even when I was out on the street, until I walked around a bit.

There are companies (presumably Skyhook is one of them) who drive around mapping SSIDs to physical locations. The problem is that SSIDs can move or be duplicated elsewhere.

The article says of one of the couple "at one point he reset their router, and changed the frequency at which it broadcasts; it didn’t solve the problem." It does not say if he changed the SSID.

Theoretically, location is often determined using not just one but several nearby SSIDs, a sort of triangulation. Another possibility here is that there are multiple nearby SSIDs around this home that match the SSIDs surrounding some other area tied to the victims.


It seems much more likely that there is some bogus location data set somewhere that improperly links SIDS and GPS coordinates or filters fail and result some index into a GPS table that happens to correspond to this couple's home.

If I were these two people, I'd contact the local police department every single time anyone shows up at their house and require that the PD fill out a report of some kind and keep it in a single case/incident/folder. Then put a sign on the door that says:

> Before knocking contact the police department at ###-###-#### and ask about incident #XYZ. The get off our property.

It's bullshit that police are coming to the door and dragging them outside while trying to determine if a search warrant is in order.


---> It's bullshit that police are coming to the door and dragging them outside while trying to determine if a search warrant is in order.

I think this is the biggest issue! Their rights where violated.


What rights are you referring to? The police seem to have done everything correctly. These were individuals who were being detained pursuant to an investigation of an ongoing crime. The police did not search the inside of the house without a warrant - though, it's unclear why not - if they had strong belief that there was a crime in progress, they had every legal right to do so.

I guess the only thing in question is whether "missing child" was precise enough to be upgraded to "crime" in this jurisdiction. I think that, given the evidence, the police did everything correctly; being detained pursuant to an investigation isn't a great inconvenience (though, some accommodation should be made to allow people to use washroom facilities if investigation is extensive - just obviously not in the house under investigation.)


Software that puts a blinking dot on a map should not be considered probable cause.


The findmyfriends feature on my iPhone has been 100% accurate in identifying where my friends are. If I had a child who went missing, and findmyfriends showed that they were in a house, I would absolutely hope that the police would go to the house and rescue my child.

I would also hope that the police would have enough sense to prevent any occupants from the house from going into the house and potentially destroying/hiding any evidence, and/or, powering down the iPhone.

As it was, I think the police showed restraint by not going into the house until they had a warrant.


The findmyfriends feature on my iPhone has been 100% accurate in identifying where my friends are

My wife and I use Find My Friends quite often to keep track of our children. I've used it for years, so I'm quite familiar with it. Our experience is quite the opposite of "100% accurate".

I provided more detail in this other post: https://news.ycombinator.com/item?id=10950107

Edit: just looked up the USA version of "probable cause" here: https://en.wikipedia.org/wiki/Probable_cause#United_States

In my opinion Find My Friends does not meet the standard of probable cause as defined by that Wikipedia article. I'd characterize its behavior be somewhere in between "reasonable suspicion" and "probable cause". I've seen the location be wrong and stay wrong for 1/2 hour or more. And I don't mean it can't find a location, I mean that it is repeatedly reporting the wrong location ("now") for an extended period of time.

Oh, and BTW following that Wiki link for "reasonable suspicion" says that it is sufficient for obtaining a warrant. IMO Find My Friends does meet that standard, at least as I understand it by a quick reading of Wiki.


Why do parents track their children? Kids are tougher than parents credit them for. It's unfortunate that new technology will let parents hover forever.

Luckily, they're resourceful. I wonder if it's possible to hack the app to send false location data? There are ways to jailbreak a phone that make it appear unjailbroken (e.g. to put a keylogger on it). Maybe this technique could be used to acquire freedom, by MITMing whatever findmyfriends is sending to their servers and modifying it in transit. The phone's location is probably a JSON field in the request. TLS provides no protection against an attacker with sudo privileges on the same box, so it seems possible.

Wanting to sneak out to see someone at 1 AM is a pretty powerful force, so this would be an amusingly effective way to get teens interested in hacking.


>Why do parents track their children?

Two reasons come to mind:

- parents spend a ridiculous amount of time worrying over ever-yet-more unlikely ways that their children will be maimed or murdered that very day

- it's not unknown for kids to have relatively poor reasoning and decision-making skills


> - it's not unknown for kids to have relatively poor reasoning and decision-making skills

Agreed. And one way to get better at decision making (if you're a kid) is having the opportunity to try and fail at it. So this isn't a good reason to track your kids after all, IMHO.


Why do parents track their children? Kids are tougher than parents credit them for. It's unfortunate that new technology will let parents hover forever.

That's me. I "stalk" my children. Here's the long story of why.

I live in a relatively safe area, the suburbs of Portland Oregon. There's a fair amount of petty property crime, which tends to be tolerated if not quite condoned.

Fortunately the region has generally investigated violent crimes quite aggressively, and the violent crime rate is relatively low compared to many parts of the country.

But that doesn't mean there aren't bad guys, violent sociopaths who live in the area. People like that live everywhere. E.g. here's something horrible that happened just a few miles away to two girls, one age 12 the other age 13: https://en.wikipedia.org/wiki/Ward_Weaver_III#Murders_of_Ash...

My girls were just about that age when they got iPhones. So, I try to keep an eye on them. There's a slight chance they'll run into some serious danger and I might be able to help.

But, more realistically, it helps kids stay out of trouble, because they know there's an increased probability that they will get caught. It's not perfect. E.g. my older daughter was only supposed to drive my car from home to high school and back. But she chose to drive off campus at lunch. And, since she was a very inexperienced driver, she got into a car accident. So, even when she knew that dad might be stalking her, she chose to be a free spirit. That's just how some kids are.

Certainly some kids will be resourceful enough to hack their phones. More power to them! But there are simpler ways. My older one simply turns off location services and then blames it on "Low Power Mode".


But, more realistically, it helps kids stay out of trouble, because they know there's an increased probability that they will get caught.

If my father knew I'd stolen his car to go see a girlfriend at 1 AM on a school day, he would have completely flipped out.

He'd have stopped me. And in doing so, would have deprived me of one of the best nights of my life.

I won't question your parenting methods. No one should, unless they have children.

But what you've described sounds like a meager existence. I hope your children can escape their taskmaster.

More likely, they'll grow up shaped into whatever form you decided suits them. Hopefully you're a tasteful architect.

Just know that this kind of thing can have long-term trauma effects. I wish I could paste the conversation from a physicist friend. I asked her how she's been, and she said completely miserable. "What?" "Well... Don't worry, I'm less miserable now than I was before."

This was alarming. She's nearing the end of grad school, and by all accounts is a successful physicist at the start of her career. She's worked very hard for four years to get there. Miserable? Isn't this what she's worked so hard to attain?

Turns out, she's never wanted to be a physicist. Her father coerced her into thinking she wanted to be. And now he's still pushing her to go into academia by pressuring her to get a PhD. She says that getting a real job is all she's dreamed about for years.

She's one of the smartest people I know. She's a brilliant mathematician, far better than I could ever hope to be. How could someone so smart end up with such a miserable life?

Because her parents decided that would be best, of course. I'm sure they meant well.

As you chip away with hammer and chisel, try to use a light touch. Therapists can't always reverse the damage.


> I won't question your parenting methods...

Ok, cool!

> But what you've described sounds like a meager existence. I hope your children can escape their taskmaster... More likely, they'll grow up shaped into whatever form you decided suits them... Therapists can't always reverse the damage.

Uhhhm...


It's not necessarily wrong to do any of that.

It had a profoundly bad outcome for me, but maybe that's a one-off. It's arguable whether it had a bad outcome for my physicist friend. After all, she is a successful physicist.

This was intended to highlight some things that may not be immediately obvious. Life is counterintuitive.

It is very easy to do terrible things by accident. Morals are subjective. Is it morally wrong to declaw a cat? Some are horrified and compare it to clipping off a finger. Others think it's good for the cat and perfectly normal.

If I sat here and said "What you're doing is wrong; stop this," what good would it do? Absolutely nothing.

Sharing data is a little different. No one has perfect information. They have to choose to do something, and I respect that. Highlighting unintended consequences of a decision isn't quite the same as judging it.


What percent of the time is the location totally wrong? Greater than 50% of the time? If not then it's totally justified.


Wait... you are saying you are willing to have a 49% chance that the police hold you in custody and search your house when you are totally innocent?!? Think about that.... there are LOTS of stolen phones and tablets, and if the police end up searching the wrong house nearly HALF the time that would be hundreds of innocent people. Fuck that I am SO not willing to live in a society where that happens.


It was a missing girl, not a random stolen phone. Yes I'd absolutely be willing to risk inconveniencing one person to save a kidnapped girl.

The 50% number was made up anyway, it's likely higher than that. GPS especially is pretty accurate, and these tracking systems probably use it when available.

For a single stolen phone, probably not. Though you can still go to their house and then call the phone right as they answer the door. If you hear ringing then that's probable cause.


Think of the children?

Either a location is enough for the police to search your place or it is not. Don't pull the kidnapped big eyed little girl card, please.


What are you talking about? The standards should definitely be lower for missing children. Finding your missing phone is a lot less important than finding a kidnapped girl. Are you really saying the police shouldn't have been allowed to do that search?


I'm saying that the same indicator ("location service claims this is the spot") should have the same result (probable cause?).

If crime1 w/ probable cause means you enter the building and crime2 w/ probable cause means you enter the building then there's no reason to bring up tiny girls or puppies.


Your argument works equally well against you. Most people agree the search is justified if it's a missing girl, therefore it should also be justified for any trivial crime as well.

But obviously there is a difference between trivial crimes and kidnappings. Inconveniencing a few people to save a life is acceptable. The expected utility is positive. It likely is not for more trivial crimes.


What percent of the time is the location totally wrong?

As I discussed in my other post, I'd say that:

10% of the time, no location at all

60% of the time, highly accurate location

30% of the time, accurate to a general area, a few hundred feet up to a few miles

2% of the time, totally haywire. Location jumps around randomly, or stays wrong for an extended period of time.

(Statistics are my SWAG, and don't total to 100%).


That it not how statistics work. Assume it is correct 90% of the time. There are 700 million iPhones worldwide. Assume 1% of them use the app, that is 7 million friends found, and 700k incorrect locations.


And only 1% of those users will have their phones stolen, and only 0.01% of those users will be suspected kidnapping victims. So only a handful of people would actually be actually be inconvenienced by such a policy.


The way this would work out in a proper world, is that the search would take place, they'd realize it was fruitless and that the location information provided was incorrect and then the phone manufacturer and the cell phone company would each cut a check for $1,000,000 to the person who was false accused. And this would happen each and every single time a person's civil rights were violated because some product developer did a shitty job. A 1% failure rate is pretty low quality.


You aren't owed a million dollars because your house was falsely searched. That's absurd. The police have a right to do searches if there is decent evidence or suspicion of a crime, and 99% is way more than enough for probable cause. A 1% failure rate is actually incredibly good and means it will be very very rare for innocent people to get searched at all.


There are a lot of things that are justifiable to rescue a possibly kidnapped child that are not justifiable to rescue a possibly stolen iPhone.


They were looking for a missing child.

"And sometimes, it’s not just a phone that’s missing, but a person. In June, the police came looking for a teenage girl whose parents reported her missing. The police made Lee and Saba sit outside for more than an hour while the police decided whether they should get a warrant to search the house for the girl’s phone, and presumably, the girl. "


They were searching for a possibly kidnapped child so what is your point?


"Probable cause" isn't even enough - all that does is let police go get a warrant.

To enter a house without needing a warrant (without the resident's permission), the situation needs to be much more compelling than just probable cause. For example, if police are in the middle of pursuing someone and they see that person flee into a house, then they can enter it immediately. See https://en.wikipedia.org/wiki/Exigent_circumstance


I too was thinking that a big laminated sign on their door or front porch that says "WE DO NOT HAVE YOUR PHONE", followed with a paper describing that their location is commonly given out when more accurate location is not available. Now that they've had some press, a pamphlet box (like realtors use) containing printouts of some articles would deter most people.

It might make some people more suspicious ('maybe this is how they cover it up'), but should send most people on your way. Your idea of having a police report on file and contacting the local police department is even better.


> If I were these two people, I'd contact the local police department every single time anyone shows up at their house and require that the PD fill out a report of some kind and keep it in a single case/incident/folder.

While I would want to do that, too, that's not how police departments work in Atlanta (or pretty much any urban area of the USA).


Well, BSSID, not the easily-changed ESSID (as commented below.)

Presumably some manufacturer of ultra-cheap wifi gear isn't properly setting a unique BSSID range into the units they make, and some stolen-phone operation has the same BSSID as these folks do.


You maybe getting the point there. This incident sounds a lot like an inaccurate Wifi locating result.

Or someone in a large stolen-phone operation has been using a randomly picked MAC address to confuse the Find-My-Phone softwares. That's a lot easier to do.

I bet someone at Google or Skyhook could look into the Mac address to see if there are any abnormalities for that particular one.

I really hope Sherlock Holmes will be there to resolve the mystery.


Yup, it's BSSID.

I took my router with me when i moved back home from university (and i changed the SSID first thing). For about a year my iPad would think it was still at university, and sometimes when i used it to chat with friends on Facebook they would reply "Oh, you're back in town?? Come visit!".


They are modifiable in software too...


An amusing example of this sort of problem shows up sometimes on airplanes with onboard WiFi. If the phone doesn't get a GPS lock right away (common when you're in a metal tube) then it may show the position based on the mapped location for the hotspot MAC address, which is often at a completely different airport.

Obviously, Skyhook isn't driving around mapping airliners, but I think these days they have the mobile devices themselves do the mapping, by phoning home with the WiFi hotspots it sees while out and about.


> I think these days they have the mobile devices themselves do the mapping, by phoning home with the WiFi hotspots it sees while out and about.

That thought is correct. Google has been doing this for years, popping up an agree-to-continue like screen on Android phones on which everyone clicks "sure, I just want to use GPS now" and then uploads every place they ever go to Google. Mozilla is working on their own version of this to create a variant of a more open nature: https://location.services.mozilla.com


And it’s horrible when no one activates it, and you’re the first to do so – every minute your phone will activate WiFi, scan, activate GPS, get a lock, and upload the data.

Battery is empty in a few hours.

But, after doing so for a few days in a row, your battery consumption goes down again, probably because it has mapped enough for now.


Or maybe because it's not seeing many new SSIDs because you mostly go to the same four or five places in the same routes.


That’s what I meant - it has mapped enough around my home that it doesn’t see new SSIDs anymore.

In the end, I turned off Google’s location service anyway.


Maybe the industry should assign a bit in the BSSID to indicate a mobile AP that shouldn't be used for mapping purposes.


You can opt out of some of them with _nomap (maybe not all). https://duckduckgo.com/?q=ssid+nomap


Yeah, that's a horrific abomination.

Why not "SSID_mappable"?


Because _nomap gets 99.999% coverage, and _mappable would get 0.001% coverage.


Maybe private data like BSSIDs shouldn't be used for mapping purposes in the first place.


> Maybe private data like BSSIDs...

Is it private when you're screaming it on the street corner for everyone to hear? If we're talking about vocal utterances, the law says "no".

It's... disappointing that the addition of a computer to a activity makes people lose sight of the similarities between that activity and very similar ones that have long-settled legal treatment.

Edit: To drive the point home: There are many jurisdictions that require you to affix your street number to the exterior of the building in which you live using numerals that are sufficiently large to be read clearly from across the street. Noone would honestly make the claim that the data provided by those numerals is in any way private information, and that broadcasting your street number to everyone who was walking or driving by is in any way a breach of privacy. :)


> Is it private when you're screaming it on the street corner for everyone to hear?

Yes, it is, if the screaming is between you and another person and not addressed at the public.

> If we're talking about vocal utterances, the law says "no"

Actually the law says "yes". At least in all the countries in which secrecy of telecommunications laws are in place. The general outline has been laid out by the ITU and the paraphrased rule is, that it is strictly forbidden to listen to communications to which one is not the intended communications partner and the signal is not addressed at the public. It's debateable if a SSID beacon is a public broadcast or not. But at least from most user's point of view their intention is not broadcasting to the general public if they set up an encrypted 802.11 access point.


> Yes, it is, if the screaming is between you and another person and not addressed at the public.

CPC 632 disagrees with you. California is a two-party consent state when it comes to recording of conversations, but it does not require consent of both of the communicating parties if "...the parties to the communication may reasonably expect that the communication may be overheard or recorded." [0]

I expect that you'd be hard-pressed to find a judge who would buy your theory that someone screaming out in public on the street corner would not reasonably expect that their communication might be overheard... regardless of to whom they were addressing their screams.

> Actually the law says "yes". At least in all the countries in which secrecy of telecommunications laws are in place. ... The general outline has been laid out by the ITU...

AFAIK, telecommunications law does not cover shouting-with-one's-vocal-cords-without-electronic-assistance-in-public. Do you have court decisions or rulings (that were not later overturned) that say otherwise?

[0] http://codes.findlaw.com/ca/penal-code/pen-sect-632.html


It's even more unfortunate that the committees designing these protocols don't think this way. People with an identifier number tattooed on their arm don't walk around continually reciting it. In fact, they generally wear long sleeves.


That's the most unexpected and off-the-wall Godwin I've ever seen.


Does being able to draw a parallel affect the validity of the point? Or is your memetic immune system misleading you?

FWIW despite what our modern religion emphasizes, the Nazis were hardly the only ones to track prisoners with tattooed numbers


The comparison between willingly assigned and transmitted MAC addresses and death camp tattoos is utterly absurd, both because it unnecessarily pulls Nazis into the conversation, and because they have no useful parallels purely from a technical point of view.


Calling them "willingly" transmitted is a bit of a stretch, given that people don't have much choice to turn just them off and defaults are a powerful thing.

The useful parallel is the general inventorying and tracking of people. Luckily we don't have the rest of totalitarianism (yet), but this cornerstone is well laid due to naive designers.

BTW you were the one who brought up the subject of Nazis.


Right, when you said "People with an identifier number tattooed on their arm" you weren't even thinking of Nazi concentration camp victims. Sure. Pull the other one.

Every router I've ever seen has a pretty clear setup option for creating a hidden network. I agree that defaults are powerful, but they don't make it any less "willing," they merely expose people's indifference.


Actually I was thinking of prisoners of the Japanese in WWII. As I said, the Nazis were hardly the only ones to number prisoners, and I suspect the phenomenon has more to do with technology than with the supreme evil tidily ascribed to losers of wars.

I'm making a general point about identifiers and protocols. The same thing applies to client MACs, which are obviously being used to track phone users with wifi on. Obviously MAC addresses can be cycled, but that takes active diligence. If the protocol had simply been designed to eschew and hide such identifiers in the first place, the entire issue wouldn't even exist.


> Actually I was thinking of prisoners of the Japanese in WWII.

I've never heard of this, and have family that served in the Pacific during WWII. I'm also having difficulty discovering any sources that mention the practice, let alone reliable ones.


Maybe I have my family history wrong? I certainly see plenty of references to "POW number" for various conflicts.


> I certainly see plenty of references to "POW number" for various conflicts.

AFAIK, it was never policy of the Allied forces to tattoo anything on captured POWs. I would be very surprised if captured Axis soldiers were not given some sort of uniform, unique tracking number.


Every router I've ever seen has a pretty clear setup option for creating a hidden network.

Hidden networks are even less private, because then every client device has to probe repeatedly to see if the network is there.


> It's even more unfortunate that the committees designing these protocols don't think this way.

So. How would you design a system to permit associated or unassociated stations to passively determine whether or not they were in range of a given AP? Remember that unassociated stations may never have ever interacted with the AP in question before this moment.


That's the easy part. If previous contact hasn't taken place, persistence is irrelevant. Simply envision the current system with a periodically changing BSSID as your proof of existence.

If the AP and client possess a shared secret (as in WPA2), then there's no reason for a third party to be able to deduce any identifying information.


> That's the easy part. If previous contact hasn't taken place, persistence is irrelevant. A periodically-changing ID would do.

Okay. How would you design a system to permit associated or unassociated stations to passively determine whether or not they were in range of a given AP? Remember that human-friendly names for a given AP are almost certain to collide.


First, for purposes of this comment I only need to address the situation where WPA2 is currently used (the majority of private APs). Second, I'm one person taking a few minutes to write a HN comment, not a design committee.

Simple protocol: The AP and client have shared secret K (similar to the present WPA2 key). We define the identity of a network as this secret key. The AP can change "BSSID" every hour, while broadcasting [BSSID, Hash(BSSID, K)]. An interested client runs through their database of known private networks, checking if the broadcaster is any they know.

This obviously has a number of shortcomings (eg our attacker is also known to groom people into uploading K to their silos), but it should illustrate the concept.


> An interested client runs through their database of known private networks, checking if the broadcaster is any they know.

That solves the problem for clients that have connected to that AP before. [0]

How do you propose to solve the problem for clients that have never interacted with that AP before?

[0] It probably actually doesn't, but I won't distract you with why at the moment. :)


As I said originally, just change the BSSID periodically. The network name is the network identity, and people deal with collisions just fine. Also, this is back to the case of non-WPA2 (otherwise the user would have to enter the secret K anyway, merely changing the process slightly).


> Also, this is back to the case of non-WPA2...

Okay, I'm a little confused, please bear with me.

Are you designing two half systems, one of which periodically changes BSSID but provides no other anonymity protection, and the other which hashes the BSSID with the WPA2 PSK?

Or are you designing one system with a rotating BSSID that transmits -in cleartext- the BSSID and the hashed BSSID?


I'm pointing out existence certificates of each independent property. View them as two systems, or assume they can be merged into one system.

It's obviously impossible to have a publicly-available network that hides its existence to the public (while a private network can obviously hide its existence to the public completely), so each problem will obviously have different ideal solutions.


> View them as two systems, or assume they can be merged into one system.

It's the merging and the details of the same that's the complicated bit, and the only thing worth talking about in this sub-thread.

You made the assertion that the "the committees designing [wireless communications] protocols don't think [that things screamed on the street corner are public data]". [0] This is simply not true. The folks who designed 802.11 had to make several key-management-complexity/computational-power/ease-of-use tradeoffs.

> ...while a private network can obviously hide its existence to the public completely...

Not if it's a relatively-high-performance radio network operating in a relatively tiny slice of spectrum, [1] it can't.

[0] https://news.ycombinator.com/item?id=10950276

[1] As 802.11b/g/n does


Merging them really only means merging the concepts for a common model of administration. Public and private are two completely different modes, and don't exist simultaneously.

A high-bandwith radio transmitter obviously gives its presence up, but that doesn't mean it needs to identify itself. Of course the FCC likes transmitters to do this, but that too is an anti-feature with respect to public-use spectrum.

There were obviously tradeoffs involved for 802.11, which is how we got WEP. I'd just be surprised if having a (semi-)fixed MAC address was ever questioned, given that it's the basis for 802.3 and leaking some associated identity is basically a forgone conclusion in today's world of license plates, etc. But with the obvious effects of mechanized tracking and aggregation, it really shouldn't be. So I stand by my assertion that the designers would have benefited from a perspective where being pushed to do the equivalent of continually shouting/showing one's identity is a very bad thing.


UK trains with WIFI causes similar issues confusing e.g. London and Manchester stations.


This seems like a stretch. SSIDs aren't whats stored here, its the mac address of the access point that's stored. There are millions of SSID called "Netgear" for example. You can't use the name as a unique value, so mac addresses it is.

Regardless, phones are smart enough to understand that GPS is authoratitive, AGPS second, and wifi/IP address as last. If GPS/AGPS says Chicago, but the wifi says Atlanta, the phone should consider Chicago authoritative. I also believe its not the access point youre near, but a relationship of access points nearby that gives you a location. So if you see three mac addresses, all three are looked up to do a lookup and act as a sanity check against people recently moving and taking their wifi router with them.

I imagine the real reason will be something more prosaic than some GPS shattering bug. Neighbors running a criminal ring perhaps, duplicate mac address, random idiots messing with these poor people, some bug in a popular 'find my phone' app, a geoIP bug, a local craigslist scammer using their address for whatever reason, etc.

Sadly, the article doesn't specify what service is being used to track the phones or really any technical details, so its difficult to really say whats going on here. They really should just buy a new access point to be safe (might help). Eventually you'll get a hothead that won't buy this story and that might turn out badly for them.

Can't wait for this mystery to be solved. Hopefully, someone from Google or Apple will reach out and investigate this from their end.


Minor nitpick: AGPS, or Assisted GPS is actually almost the same as GPS. The only difference is that it gets the Almanach data off the Internet, instead of the satellites themselves (the satellites are constantly broadcasting that data, but it takes a few minutes to download it all).


AGPS isnt similar to GPS... it is GPS.

Like you say the almanac (and ephemeris) data is preloaded over an IP network to provide for a better TTFF (Time-To-First-Fix).

Also since the locations of the currently associated mobile tower is known, that is used as a seed for the GPS fix (or even a crude triangulation based on the signal strength from multiple towers).


I thought it was the MAC addresses of routers which were used for mapping, not SSIDs. Duplicate SSIDs are very common.


The Google Maps Geolocation API only uses the access point's MAC address (aka BSSID).

https://developers.google.com/maps/documentation/geolocation...


The display name is often referred to as ESSID while the MAC address is also called the BSSID. Confusion!


Good point. My understanding is that both SSID and MAC address are typically used as inputs: https://en.wikipedia.org/wiki/Wi-Fi_positioning_system


I guess it's not exactly difficult for the likes of google to remove the millions of 'Netgear' SSIDs from their dataset.


I always wondered how it would handle lesser known systems, like the SSID "Train's on-board WiFi" (Dutch: "WiFi in de trein") that we have in the Netherlands. There are not a million trains, but they do appear in a million places. Like with airlines, I'd think they notice, or have a script to detect, "oh we have a bunch of locations many kilometers apart" and then remove them, but since I don't use WiFi location services (I don't agree to share my location with Google 24/7) I don't actually know.


I had this problem on a train in the US. My phone insisted that I was in Boston the whole trip, when I was actually several states away.


I'd guess MAC address is more important that SSID.

(If this were me, I'd want to somehow covertly install that router at Google/Apple/Skyhook/the-local-police-station, I suspect that'd pretty quickly get someone to give-a-shit enough to solve the problem...)


To my knowledge this is not done by SSID but by MAC. You could spoof the router with a wifi pineapple. Put it in a church.


Unfortunately, it's not likely that there is anything they can do to change this. This is just a record in a database somewhere now and until that record is changed (and propagated everywhere) this will continue to happen for them.


I was vaguely expecting the location to be somehow "significant", like this one that anybody who's ever done much geolocation/mapping work probably immediately recognises if they've used data without sufficient validation:

https://www.google.com/maps/place/0%C2%B000'00.0%22N+0%C2%B0...


Something similar happened to me. I moved maybe 5 blocks a couple years ago and for the first couple of weeks my location-based stuff would have trouble deciding where I was. Eventually the combination of GPS and cellular triangulation must've forced the SSID database to update but for a little while it was a minor annoyance.


I've lived on the same 200 acres for 22 years...remote, rustic...you cannot GPS me (find me) even if I give you the state, county, and mailing address...G-maps has roads and features mislabeled all around me...at one point part of the land I live on was labeled "Public Use", meaning open to hunters...that's the only thing I ever bothered to get changed...I sort of like things the way they are...

My point is, anything is possible...tech (especially apps) is still very new, despite what we think we coders think we've accomplished...

Would like to know how long they've lived in that house...don't think the article provided that info...

Spoofed IP > wifi network improperly linked, or worse, aggregated > lying in a database somewhere as a reference point...just a possibility...


Curious if your phone was Android or iOS?

I know that iOS dropped skyhook in 2010, and always assumed that their new database would self-correct faster due to feedback from phones that had GPS + wifi turned on.


Your smartphone is a sensor that collects and provides that data to Apple/Google.

For an iPhone, I would try doing a backup/restore to isolate the problem.


I had a similar experience about a month ago, when I thought I lost my iPhone 5s.

Logged onto "Find my iPhone" app and it told me it was about 1km away from my house. I thought I must've dropped it somewhere nearby.

So I got the address from Apple Map, drove there and knocked on the door to greet a rather defensive (obviously) lady who, of course, denied ever picking up an iphone that day.

I snooped around to see if there were any suspicious people around, maybe she has a wayward son who goes around and steals other people's phones.

I then went to the police office nearby and asked them what I could do. They told me they can't use the GPS tracking as an evidence for a search warrant - doh!

It was frustrating because the app was telling me that my phone was right there! At the back of this lady's house!

At this moment, I was going through all sorts of thoughts - such as "should I break into her house at night?", "should I go back and just barge into her house and locate my phone and shout 'AH HA! I KNEW IT! YOU THIEF"!

Feeling dejected, I came home, only to find my phone sitting on the top of my drawer.

2 seconds ago, I swear I thought she was the thief.

Apple - you disappointed me.


Find My Iphone has a ring option. Always try that first


When you went back home did you check and see if she was following you? Maybe she snuck in and replaced your phone.


out of curiosity, does it only show you a single point? Does it not show you the potential error?

I'm working on a mapping app that uses GPS data and the first thing we had to address was the fact that the data we got from the GPS units in the field are not perfect, they have error, hell they report their error, and our application shows that error as part of the map data.

based on the data we have gotten from mobile phones, when a phone approximates its position based on cell towers it spits out a large error. That surely is being shown, right?


Does it not show you the potential error?

I often use Find My Friends to keep track of the kids. I presume its location methodology is similar to Find My iPhone. Here's how it behaves:

About 10% of the time, it doesn't show a current location at all for the kid. It does remember the previous one, so it will show a location and say something like "46 minutes ago".

When it does display a location, about 60% of the time it's a single spot.

The remaining 30% of the time it is a spot enclosed by a tinted circle. That circle can be a few hundred feet in diameter, or it can be more than 5 miles in diameter. This is the potential error. However, I'd bet that 95% of the people looking at it don't understand the concept of "potential error". So to them, the enclosing circle doesn't exist.

Edit: forgot to add, about 2% of the time it will show an "exact" location, what I called a "spot", no "potential error" circle. Then a minute later it will show a different exact location a few miles away. Then a minute later yet a third exact location another mile or two away. So in other words, about 2% of the time it is really confused (the kid is stationary the whole time).


> The remaining 30% of the time it is a spot enclosed by a tinted circle.

That's the way I've always seen it, and I think it's a UX error. As you say, most people don't even see the circle as the potential error in accuracy. IMO it should be just the enclosing circle, otherwise people only see the point; with just a circle there's less ambiguity.


Thanks for the response, we've seen this behavior indoors. It may be that some applications will choose to show a single point if the error is below 20 meters or so. Looking through a record of our location updates, iPhones seem to have a habit of broadcasting 5 meters error, 10 meters, 20, and so on. Even when indoors.

We don't have as much data on android phones yet.

You're right about how the laymen might interpret potential error. The team I'm on is also concerned about that, but I know on the android that as the map tries to find your location through GPS, that it displays a large radius approximating your location through a cell tower, and I had always figured that would communicate the notion of "error" pretty clearly to most people. Maybe most people don't pick up on that?

By the way, The largest error we have received so far seems to be at 2015-11-17 23:11:11.421.

33149.68 meters large

"So I'm sooomewhere in this 33 kilometer radius"

Better than nothing I guess!


I found this particularly disturbing:

> In June, the police came looking for a teenage girl whose parents reported her missing. The police made Lee and Saba sit outside for more than an hour while the police decided whether they should get a warrant to search the house for the girl’s phone, and presumably, the girl. When Saba asked if he could go back inside to use the bathroom, the police wouldn’t let him. > > “Your house is a crime scene and you two are persons of interest,” the officer said, according to Saba."

The police shouldn't be able to detain someone for over an hour without probably cause and without arresting them.


Would not the location tracking telling them the girls phone was inside the house be probable cause? Seems more reliable than a dog alerting on a car.


Whoever said that the phone location tracking was anywhere near this level of reliable? IMHO, it's really only good as a sort of hint on where your phone _might_ be.


Which is more reliable than other pieces of evidence that meet the probable cause bar. Such as a police dog alerting.

Certainly seems to meet the (pathetically low) threshold to me at least.


That's probably not a fair description of the accuracy of the technology. Out of a random sample of 100 locations, how often would the technology yield the right house? I bet it's over 50%, which is definitely sufficient for probable cause.


"might be" absolutely constitutes probable cause.


I don't know.

Out of curiosity I just tried Find my iPhone on my own device which has been sitting in the same location in my house for about an hour completely untouched.

Apple's interface shows my iPhone about a half mile away in a house I've never visited or been in before. There is a big circle around my device (which doesn't even include the actual location) but the actual dot is somewhere I've never been before. I've refreshed it about 5 times now 2-3 minutes apart and it is absolutely convinced that I am at that location.

I avoided touching my iPhone during this experiment to mimic a real life scenario where the phone is out of reach.

If I were in a scenario where I believed a family member was taken against their will to a location I would absolutely want a search, but this experiment makes it pretty clear why Find my iPhone is not probable cause to me..

Still trying to figure out why multiple 'pinpoint location' requests are showing somewhere about a half mile away from my real location. I would think that that type of request would push something to the phone which would power up GPS for accuracy, but it doesn't appear to be so.


I am impressed that you were able to draw such a broad conclusion from a single experiment!


Was the phone within the tinted radius? The dot doesn't represent your location; it represents the center of a circle containing your phone.


No, it wasn't.


You must have missed the article where a judge ruled the police are not responsible for making sure technology is reliable, even drug tests: https://news.ycombinator.com/item?id=10814544

(Police plan and execute a SWAT raid based on a bogus field test of tea leaves. Judge ruled the police are not responsible for knowing that the tests are completely inaccurate.)


You don't need a certain conviction for a search warrant, you need probable cause.


They had probable cause: the last reported location of a missing teenage girl was their house.


Then they should have gotten a warrant, and it should not have taken them an hour to realize it was a mistake.


They were getting the warrant: that's what took an hour.


Reported by something that has <90% accuracy? Less than 99%? It matters...


'Probable cause' doesn't require 99% accuracy. It's a legal term with a well-defined definition.

'Probable cause' is slightly higher that 'reasonable suspicion' but much lower than 'beyond all reasonable doubt'.

Essentially, it boils down to: Would a 'reasonable man' (another technical term) suspect that something is the case? If yes, one has reasonable suspicion.


Reasonability breaks when the implementation requires technical knowledge to assess and has specific undisclosed issues in cases that matter.


The law isn't written to allow for a perfect implementation to exist.

It's there so on average, most people will agree that the police did the right thing.

If most people have no knowledge of the implementation details of technology, they'll happily allow said searches to continue.

On the whole, many laws are like this. They are made so we can all live together and nothing more.


What if it was only 51% accurate? It's still more likely than not that the address is correct. Assuming the police respond in a way that doesn't result in injury (financial, property, or person) I think it's reasonable for them to check it out. Go get the warrant and see if the person or phone are in there. No warrant? Piss off.

In this particular case, why can't the local PD/Sherrif/agency see the damn pattern, record the note, and proceed with meaningful caution? That's what would annoy me the most.


I would guess that the find my phone apps have greater than 99% accuracy. Just not 100%.

I'm disturbed by how anti-police HN is. Like even searching for a missing person is now some great abuse of power.


> I'm disturbed by how anti-police HN is. Like even searching for a missing person is now some great abuse of power.

Because police, be it in the US or anywhere else, has time and again proven that they are not to be trusted and any power the legislation grants them can and will be exploited or illegaly expanded.

Add to this that police (and most legislators, as well as most judges) don't have a fucking clue how computers work on a technical level, or at least not enough to be viewed as "reasonable".


That's fine, and has absolutely nothing to do with this case. The police were just doing their job searching for a missing girl and had strong evidence that her phone was in the house. And people here are outraged. It's absurd. The point of the fourth amendment is to stop excessive or abusive searches, not all searches ever.

Second I think some of the police hate is just availability bias. If you read nothing but articles on the Internet about police somewhere doing something bad, of course you will think they are all terrible. Like people that watch the news and think air travel is more dangerous than driving.


Second I think some of the police hate is just availability bias. If you read nothing but articles on the Internet about police somewhere doing something bad, of course you will think they are all terrible.

No, we think they're all terrible when we hear about one officer doing something bad, and an entire precinct closing ranks around him/her to cover it up. (Which accompanies the vast majority of instances of police misconduct.)


> The point of the fourth amendment is to stop excessive or abusive searches, not all searches ever.

"Stop and frisk" and "asset forfeiture" means anything to you?

And it's not just the US where police commonly fabricates evidence, in particular when it comes to drug or gun "offenses".


>"Stop and frisk" and "asset forfeiture" means anything to you?

And I agree that those are unconstitutional. But again it has nothing to do with this case.


And if we were to be anti-black, using the actions of the Baltimore rioters, Ferguson, and the Austin neighborhood of south Chicago to suggest that 'time and time again, blacks have XYZ..'

What you're doing is the exact same kind of justification. As far as cops not "having a fucking clue" I'm willing to bet you have an equal deficiency of clue about solving and preventing crimes or any number of technical systems used in law enforcement, or the legal and documentation requirements in law enforcement.

You're just the 'too cool' anti-cop 'hacker' fighting for a 'cause' that really doesn't exist to fit some idealized boogeyman-version of law enforcement reality.

When cops screw up, let's hold them accountable, but let's not automatically assume that cops are evil. You don't support racial stereotyping do you? This is no different. I have been robbed twice in my life at gunpoint by black people (I drove a taxi for a time during college.) Yet, I don't look at all black people with suspicion. Yet we are willing to apply a hatred and disdain towards cops based on perception of their 'badness.'

As far as legislators and cops, how about you educate them? Or become one? Since you're an expert, put your name on the ballot and run for office. Or go work as a legislative aid. Start a website called a Legislator's guide to tech or something. Go testify at Congressiinal hearings. Police and legislators represent us, we the people and they are us, we the people. You sitting in your basement drinking fair trade coffee isn't helping. You actually doing something -- that's how you create positive change. Hating the police is the wrong fight.


People tend to be pro-police right up until the day when they find themselves the target of a police officer who knows what they can get away with.


I'm not pro-police, I'm just not so absurdly anti police that I think everything they do is an abuse of power. Yes I know there are police that abuse their power. But they didn't do anything wrong in this case. They were just doing their job searching for a missing girl and had strong evidence that her phone was in the house.


"Reported by entirely fallible human beings" is usually enough.


Then they could get a warrant and there would be no question that they could enter the premises for a search.

They did not, so they could not.


Missing child...

https://en.wikipedia.org/wiki/Exigent_circumstance

"An exigent circumstance, in the criminal procedure law of the United States, allows law enforcement, under certain circumstances, to enter a structure without a search warrant or, if they have a "knock and announce" warrant, without knocking and waiting for refusal."


None of the criteria there would be satisfied. With them detained outside the house and not allowed to return inside, they can't harm the victim, escape, or destroy evidence.


In the eyes of the law, does a missing child automatically fulfill the "imminent danger" or "imminent destruction of evidence" parts of exigent circumstance? Or does there need to be some other evidence to support those reasons?

Further, does the law, as written, allow detainment of individuals while those reasons are decided?

Until someone can describe the legal link between the fact it's a missing child and the conclusion these are exigent circumstances from a legal perspective, I can only interpret the pointing out that it's a missing child as a plea to emotion at best and a thought terminating cliche at worst.


Stories like this further my conviction to simply never answer the door if it's a police officer unless they specify having a warrant. They can't detain you if you don't answer, and chances are the officer will escalate the situation on his own if he wants a reason to detain you. There is nothing to gain and everything to lose.


I've answered the door to police, they were there to return property of mine that I had no idea was missing. It took some work on their end to find me too.


I am sure they have your phone number too. They are welcome to call me, though I wouldn't necessarily answer any questions.


What? They did not have my phone number, thats why they came to my house. They tracked me down when they recovered my property but they didn't find a current phone number (only my old one) but did find my address.

It was something I did not even know was missing. I didn't go to them, I didn't file a police report, they came to me. They went out of their way to track down the owner of the property they recovered.


It seems unlikely there is no way for police to find a cell phone number attached to a physical address.


Civilized society depends on the cooperation of the law abiding populace. It's your civic duty to answer the door. It's a categorical imperative.


Civilized society depends on well-articulated laws that enable citizens to understand what is legal and what isn't, and allows Police to make use of force when it is appropriate, and prevents them from using force when it isn't.

"The legitimacy of policing in the eyes of the public is based upon a general consensus of support that follows from transparency about their powers, their integrity in exercising those powers and their accountability for doing so."

Edit: the principal is known as "Policing by consent", or the Peelian Principal [1], which is fairly common in the UK.

[1] https://en.wikipedia.org/wiki/Peelian_Principles


That's true! And while I certainly agree that we have some problems in this area, I don't think they rise to the level of "don't ever answer the door if the police knock on it."


> It's your civic duty to answer the door.

If and only if I can reasonably expect that the officer at the door is competent and adequately prepared to perform whatever task he is present to perform.

If an officer comes to the door, then -effectively- locks me out of my own house for an hour+ because he failed to prepare for the possibility that I would refuse to permit a warrantless search of my property, then his incompetence has done me a serious injury. (Especially if I have an urgent need to urinate!)

I am under absolutely no obligation to -as a courtesy- permit the police to waste my time with their incompetence. There is a system that every taxpayer pays for that provides at least a cursory double-check of an officer's search plan, and provides written certification that said plan has been approved. If an officer CBA to get such a certification and announce that he has one in his possession when he knocks at my door, I CBA to waste my time while he locks me out of my home for the time it takes him to get the certification that he should have gotten before he ever made the trip to my place.


You could also say civilized society depends on people providing reasonable aid to those who need it in emergency situations, but doing stuff like grabbing a child to prevent them from stepping in front of a car has lead to many child abduction charges. That isn't to say that I wouldn't help the child in that situation, but more to say there are situations where doing the right thing and not becoming a victim of the criminal justice system are not mutually exclusive. I will risk it to save a child, I will not risk it to open the door for a police officer whose sole intention is most likely to put me under his thumb.


> grabbing a child to prevent them from stepping in front of a car has lead to many child abduction charges

This is not true. I challenge you to find even a single instance of this happening.

You appear to have an overly paranoid view of how the world operates that's likely based on very little actual interaction with law enforcement.


I appreciate you calling me out on this - This is an anecdote I recall from over a decade ago but in Googling have no found any instances of it, so I will stop using it.

A better example is breaking a car window to save a child locked in a hot car during the summer. To be fair, many places create good Samaritan laws to protect this sort of behavior.

I agree I more alert than others on the topic, but I disagree that it's unfounded or paranoia. My beliefs may cause me some headache in the future but I will accept the high risk of headache over the small risk of severe injustice.


Obey at all costs!


Avoid engaging with the issue at hand, but instead respond with a witty catch phrase!


So civil disobedience is a detriment to society?


Sometimes it is. Sometimes it isn't.

I'm not sure if I understand the point of your question.


I think you can count yourself lucky if they bother knocking...


Now flip the situation around. If there was a missing girl being held there and the police didn't check it, how would people react? The chance of checking and making sure while in the process inconveniencing someone far outweighs the chance of not checking. Sure it sucks, but what are the other options? If you are the parent of this missing kid and the police tell you your child might be there but they can't look into it, you would be ok with that?


>what are the other options

Go to a judge, communicate the situation, and maybe get a warrant if the judge deems it appropriate. That's how the system is designed to work.

>The chance of checking and making sure while in the process inconveniencing someone far outweighs the chance of not checking.

>If you are the parent of this missing kid and the police tell you your child might be there but they can't look into it, you would be ok with that?

There are good reasons we don't let emotional parents head the investigations of their missing children.

The laws constraining law enforcement exist to stop harm that used to happen at their hands, but no longer does because those laws are in place (modulo lack of enforcement).

If there are situations where the law is an unreasonable constraint on law enforcement, then we should change the law to take that scenario into account, not argue for carte blanche to take whatever action is deemed maybe possibly useful.


>There are good reasons we don't let emotional parents head the investigations of their missing children.

And where did I suggest that? There is a huge difference between having a parent head an investigation and asking a police officer to check out a potential house where someone's kid may be held. And the couple was well within their right to not open the door to the police.

I'm not suggesting the police should have the ability to detain people indefinitely, but they do need some ability to carry out questioning / searches if there is a reasonable suspicion. I know, reasonable suspicion is really vague and abused but what is the alternative? Anytime a cop sees suspicious activity they need to head over to the court and get a warrant? They would never get anything done.


>having a parent head an investigation

You're right, I exaggerated for the sake of rhetoric. I should not have, and I apologize for doing so.

>And where did I suggest that?

By bringing this up

>>If you are the parent of this missing kid and the police tell you your child might be there but they can't look into it, you would be ok with that?

You're suggesting that the emotional state of parents of missing children validates detaining someone without probable cause (as the comment you originally replied to described).

>I know, reasonable suspicion is really vague and abused but what is the alternative?

This is not what you were originally saying. You wrote that on the basis of it being a missing child, and on the basis of the parents being not okay with inaction, detaining without probable cause was justified.

If that wasn't the message you wanted people to get from your comment, you should have written it differently.

>Anytime a cop sees suspicious activity they need to head over to the court and get a warrant. They would never get anything done.

It turns out there's a great deal of law and precedent that goes into great detail about what a cop can and can't do and when and why. Law and precedent that were decided in light of both the harm of abuse of power and the harm of impotent enforcement.

Saying cops should have more power without first addressing why the existing reasons for limiting that power should suddenly no longer apply loses you a lot of credibility. And if you don't know what those reasons are, rightfully so.

That said, do continue to share your opinion, I'm definitely not saying you should curb your speech, just saying that if you want it to be more effective, there's steps you can take.


The issue is that you're using a gigantically emotionally loaded situation as a basis for designing a legal system.

That often ends very, very badly.


> The police shouldn't be able to detain someone for over an hour without probably cause and without arresting them.

Once I got stopped and they decided they were going to get a drug dog, and then a warrant, for my car.

"Am I being detained?", I asked. "No, you're free to go." "Wait, I can just get in my car and drive away?" "Oh no, we're holding your car as evidence." I was in the middle of nowhere.

I don't know under what grounds they can do that (or if it was actually legal), but the grounds are presumably much less then actually detaining you. But it amounts to the same thing. I don't know on what grounds they could prevent people from going back in their home even if they aren't being detained (are you really going to leave and not observe whatever the cops are going to do to your home?).


IANAL, but my understanding is that you can't be detained (or rather a traffic stop cannot be extend) to wait for a drug dog [0]. Already you should have been able to leave.

Additionally, the "no, you're free to go" bit sounds like an officer trying to find a loophole, since the standard for whether or not you're being detained is if a reasonable person would assume they were free to go. Despite the officer telling you that you were free to go, I suspect most people in the middle of no where without a car would not assume they truly were.

Plus, calling your car "evidence" at that point is a bit... weird.

[0] http://www.supremecourt.gov/opinions/14pdf/13-9972_p8k0.pdf


Oh, he made it clear that I was able to go wherever I wanted, in the middle of nowhere, I just couldn't get in my car, let alone drive it anywhere.


> The police shouldn't be able to detain someone for over an hour without probably cause and without arresting them.

They can't. The police officer in question was wrong and they did not exercise their rights.


they have the right to detain those people on reasonable suspicion.


It appears (on the information given) that the police did neither: they didn't lawfully detain the suspects or control their actions through a legally authorized manner (e.g. arrest them, serve a warrant on them), but the police did restrict their actions (prevented them from entering the house).

It seems on the face of it that the police inhibited the victims' legal rights, without exercising a legally authorised reason to do so (or relied on misinformation to suppress the victims awareness of their legal right to choose to not comply with the police officers' requests).


they didn't lawfully detain the suspects

Why not?

The had a data point (albeit a poor one) that said a missing person was in their house. The officer told them to sit outside and not go back in. That's lawful detainment.


Yea, but it's unclear how the "find my iphone app" could ever lead to reasonable suspicion by itself. Among other things, they seemed to be cooperating, not resisting, and all the evidence is from a third party—no immediate evidence would have produced any reasonable suspicion. This is an abuse of police power from a position of ignorance.

Do you really think that would hold up in court? I sincerely hope not. The man should have been allowed to use his own bathroom.


yes it will hold up in court.

Police don't let suspects out of detention just because they complain they have to pee. High-tech state-of-the-art tracking technology from Google and Apple indicates that these people are somehow involved in the disappearance of a missing person. How dumb would the officer look if he let a suspect destroy evidence, escape, or otherwise pull something on the claim that they have to pee?


> High-tech state-of-the-art tracking technology from Google and Apple indicates that these people are somehow involved in the disappearance of a missing person.

It is rather odd that you insist on this when you know it to be false. The technology is not state-of-the art because it is missing the crucial feature of telling you how confident it is in its assessment. These people were clearly not involved and the tracking app was simply malfunctioning.

In my opinion this clearly shows how irresponsible it is to make an app like this which recklessly reports results without providing information on their accuracy and reliability. Of course the app will disclaim any sort of liability, but common sense tells you there will be life-and-death situations such as this where incorrect results will have consequences.


> How dumb would the officer look if he let a suspect destroy evidence, escape, or otherwise pull something on the claim that they have to pee?

There's a lot of ways in which the American system is deliberately set up to let some of the guilty go free and requires a certain degree of responsibility for those detained, charged, or imprisoned in order to preserve a set of rights that are important related to basic human dignity.

So yeah, particularly in situations like this, I'm comfortable saying sure, risk the possibility that (as yet established) evidence might be destroyed or that subjects of interest might escape detention. Strict detention practices should be sustained by meeting a high standard for suspicion.

But maybe better than that would be if we could have a system that included both reasonable pursuit of justice and a respect of basic rights. Seriously. Is it really impossible to give detainees and opportunity to urinate while protecting evidence? I doubt it. Search the damn bathroom, then search the detainee. Then, unless you've found anything that absolutely requires further undisturbed careful investigation and documentation, escort them to the bathroom for a reasonable amount of time. Part of the job. Particularly when you don't know that they're guilty of anything.


what the hell are you talking about?

no one cares how you think the laws should be. The laws are the way they are. The police can detain you if they have reasonable suspicion to believe you are involved in a crime in any way

this was 100% legal according to the laws. no one cares what your fantasy interpretation is


Since you're posting with a newly made account, I'll assume that you're new here and direct you to the comment guidelines: https://news.ycombinator.com/newsguidelines.html

TLDR - Please watch the tone of your comments (EDIT: here and in other comments on this topic). Thanks!

""" Be civil. Don't say things you wouldn't say in a face-to-face conversation. Avoid gratuitous negativity.

When disagreeing, please reply to the argument instead of calling names. E.g. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3." """


> no one cares how you think the laws should be. The laws are the way they are.

The laws are the way they're written, and the way they're read, and open to discussion and revision on both sides. If you're upset or threatened by that (and I can't see any other reason for some of the gratuitous hostility in your comment), perhaps your position isn't anywhere near as strong as you might like your bluster to communicate, and perhaps it would be better to find some less distressing activity with which to pass time than discuss it on the internet.

> the police can detain you if they have reasonable suspicion to believe you are involved in a crime in any way

This isn't the point of contention at all. That's whether it's reasonable and legal to deny detainees access to a toilet on the basis that they might escape or might destroy evidence.


I think this in itself proves that the technology is far from state-of-the-art.

Google and Apple are not in the business of providing canonical evidence and should not be.


There's nothing in the article to say that the residents were arrested. An arrest is the threshold for controlling someone's legitimate actions: if the police don't have enough evidence to arrest the person, then they shouldn't be limiting their movements. That is the whole point of arrest (and the related burden of proof required to make an arrest).

To restrict someone's actions without legal authority - such as arresting them - is illegal.


An arrest is the threshold for controlling someone's legitimate actions

No it's not. You can be legally detained.

For example, if a cop stops you for speeding, he won't arrest you, but you will be detained until he gets the information he needs and gives you a ticket.

That's why you're supposed to ask "Am I free to go?". If you are legally detained, the answer is "no".


That's a good point, thanks. I ended up having a look through the differences between detention and arrest (finding different thresholds, e.g. "reasonable suspicion" vs "probable cause"[1], and that "20 minutes or so is a reasonable timeframe for detaining someone" [2]).

[1] http://www.nolo.com/legal-encyclopedia/arrest-vs-detention-h... [2] http://criminal-law.freeadvice.com/criminal-law/arrests_and_...


[flagged]


We've banned this account for violating the HN guidelines.


There's no way it would hold up in court. Perhaps the court of public opinion but nowhere else.


If it was my daughter, yes ;)


My guess is that some IP-to-Geolocation service says nothing more specific than "Atlanta" and this couple happens to live in the geocenter of Atlanta.


This is roughly my guess as well, though I'd guess a ZIP code or some similar geographical construct (ZIP3, ZCTA, etc.) rather than a city name.


What's sad is how the local police seem to have some sort of learning disability or amnesia about this problem. They showed up there repeatedly and harassed the occupants.


Disclaimer: I agree with the intent of your comment but, as this is the second time I've seen this comment in this thread, I'll bite and play devil's advocate. Additionally, I have absolutely no knowledge of dispatch or any other law enforcement software.

Where would the knowledge of this phenomena be stored? Does the dispatch software have a notes field? If so, is it procedure to put that sort of information in place? Do cops have access to it? If so do they regularly look at it? If "no" to those points, how would a police force as large as Atlanta's maintain that knowledge? A lot of large organizations rely heavily on tribal knowledge, so that's a possibility. But only assuming officers always patrol/police the same areas and never quit or get fired, or if they do, they always pass on the entirety of their tribal knowledge to the successor.

So again, I agree with the general sentiment, but this doesn't have to be a matter of incompetent law enforcement personnel. It could easily be a problem of lacking software and a system prohibitively large to maintain that kind of granular information among all agents.


I would hope that the police do have a systematic method of correlating incidents with addresses. Such as, say, a history of reported domestic abuse. Or homes with residents that have been threatened with doxxing or swatting. And information such as whether the resident is a recorded gun-owner.

I would sincerely hope that information such as this would be available to any officer dispatched to an address.


> Where would the knowledge of this phenomena be stored?

In the same place where cops record false intruder alarms and give people a warning or fine for too many.


Good point - but there is potential incoming revenue to pay for that.

In this very remote use case, I doubt CAD (Computer Aided Dispatch) vendors are going to write this use case into their development plans.

Unless they saw this on HN...


I don't think it's too great an assumption that information on a location involved in a suspected crime is added to a database so that lookups concerning that location have a backlog of such information. That's got to be close to MVP for a police database surely.

The dispatcher who gives the officers the call to attend would then give the background information known - "Murder here 2 years ago - previous occupants; parking violations issued to this address; 53 unconfirmed reports of stolen phones, 47 of which were later found not to be stolen just giving wrong GPS info. Caller says their stolen phone is at this location according to GPS reports.".


> Where would the knowledge of this phenomena be stored?

Brian Krebs appears to have a local police force that knows how to perform this witchcraft: http://krebsonsecurity.com/2013/03/the-world-has-no-room-for... :) Search for the 'graph that starts: "I informed the responding officers that this was a hoax" and read through the one that starts: "One of the officers asked if it was okay to enter my house, and I said sure."


I have a friend who's been a cop in the area for a few years and I recall him complaining about some circumstance that caused him to have to visit a house several times over a weekend (I want to say it was a monitored alarm system on an unoccupied residence that was malfunctioning). He said that despite knowing with complete certainty that it was a false alarm, he was required to treat it as though a crime in progress could be happening.

I'm going to hazard a guess that a similar situation exists here -- a citizen complains and involves the police, they probably have no choice but to treat it as though "maybe this time the phone is really there". It may not be up to the local police, it could very well be a county/state regulation or law that causes that.


In the eyes of the police more such reports increases the credibility, when in fact the opposite should happen.

In other words, the more frequently someone reports that particular address as the one that 'stole their phone' the more likely the police are to believe that there really is something going on there, rather than that all those apparently independent reports are false.


So, get police to come out for X when you haven't done X. Then do X and police should ignore it cause last time they had evidence of X it turned out to be wrong?

Police should always investigate. They should have history of previous investigations, but that should not stop them from future investigations.


At the very least, they should handle it differently, and not with complete amnesia.


Now this is interesting. Presumably the coordinates of their house are significant in some way. The result of some kind of truncation perhaps? I can't see how a floating-point error could converge on a specific value like this, but I'm no expert in such things. If they could only post their address the answer would surely be found very quickly, but that would defeat the object somewhat.

I suppose it's fortuitous that nobody lives at 0,0...


Sorry, but it's actually really simple.

It's the same reason why on a Jet Blue flight, my phone shows me geolocated to Long Beach, CA for the entire flight (if I don't hold the phone up to the windows).

Phones prefer wifi positioning, and that's based on the base station mac addresses. If you are in a highly wifi dense area, moving one AP can auto-propogate its new location by phones reporting in bulk groups of mac addresses they scan at once back to your location provider. ("30 mac addresses detected are know to be in Dublin, but one mac address detected is known to be in New York. Let's update the New York mac address to be Dublin now.")

The auto-location-updating is one reason SkyHook wireless died. Once they did the initial scanning, the entire wifi location database can be made reasonably self-updating (and other correlative updates can happen with your drive-every-street-in-the-world mapping vans much less often.

Wifi position is more accurate than GPS positioning (plus, faster to locate and less power intensive), so it's always preferred first. GPS positioning is worse (accuracy/power requirements), so GPS tends to be a fallback if you're in a "broad location" category like cell tower only positioning or zero-location positioning (airplanes, mountain tops, etc).


GPS is definitely more power hungry and easily blocked, but when you get a solid signal it's far more accurate than WiFi positioning. GPS will pretty reliably nail down your location to within 2m or so, while WiFi positioning is probably an order of magnitude worse. The main use for WiFi positioning (besides devices that simply don't have GPS capability at all) is for indoor location, because GPS signals tend to penetrate buildings poorly.



There's a weather buoy there:

http://www.ndbc.noaa.gov/station_page.php?station=13010

Must be a hell of a crossing party associated with maintaining that.


Here's their site: http://nullisland.com/


I have pictures I take in Idaho turn up in Mongolia due to a sign error - these are taken with the default iOS photo app.


My guess is that there are probably tools used by criminals to trick anti-theft software into passing a false location. You can quite easily fake your geolocation.


Why would they all go to this one place though? Perhaps the sellers of the tool configured it with a default location. Now that would be cruel.


I wondered if they might live on an integer latitude/longitude coordinate, but checking street view on the few that are anywhere near a street in the Atlanta area seems negative.


It would be fascinating for someone to log into their Google Location History and see where the phone was right before it was at this house. It might provide a clue.

https://maps.google.com/locationhistory/b/0


Thanks for sharing this link, I had no idea Google had your location history so nicely accessible like this. I knew they kept track, but never once did it occur to me that I could see it.


Crazy idea: install a heavy, wood engraved sign in front of their house that says "No, your phone isn't here".


If I were a regular phone thief, I would do exactly that, no?


I'm gonna guess no.


Probably not


Print the article I just read, frame it by the doorbell.


Good idea. I would add on police contact info with a case number.


How about GPS spoofing?

There's a claim that it's been done before [1]. Maybe a criminal organization has the resources to build a GPS spoofing device that's used in their "holding facility" before they root the phone?

Can anyone with RF or GPS experience guess the difficulty?

[1] https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incid...


If I were them, I would try a non-technical (or at least mitigation) strategy: put a sign in their yard or on their front door that says "Sorry, we don't have your iPhone" and a description of the problem and screengrabs/URLs of articles like this.


Other options:

  -The name of the wireless in a database and picking up
   the first one, could not be fixable changing the router
   name or ip address as it is already recorded somewhere
    -Same for other routers or ip address in the neighbor
  -Maybe it's not their fault but someone else did it on 
   purpose, e.g. take the cell phone and manipulating it
   inside a room with stolen/faked/forged data somewhere
   else and wrapped in a metallic sphere to block signals
   so only the forged router can be used?
  -Even more crazier: put a router really close and put
   there a vpn/proxy?


Wouldn't hurt to change the MAC of the router (and the SSID while they're at it).


The problem is not that the router is currently broadcasting a BSSID that exists elsewhere. The problem is that a geo-wifi database contains an association between their address and a BSSID.

They can change the router, and eventually the problem should sort itself out (if it is indeed their router and not a neighbor's that is the issue), but it's going to take until the old record ages out of the database for it to happen. And that could be months or years.


The one thing people seem to be glossing over is, why or how do all these lost phones and people share the same geographic element between them?


Because they all use the same third-party database. Probably Skyhook or something similar.


Ah. Fair point.


They said they reset it, but I am surprised they didn't buy a completely new one to guarantee a different hardware fingerprint.


They might not understand the concept of a hardware fingerprint. The article mentions that they also "changed the frequency" of their ap which would seem to me extremely unlikely to make a lick of difference.


1) Their location is some form of null/zero or the default location 2) Their location is the dead center of some area, such as a zip code, city, county, or state 3) Some frequent error always returns the same bad value


You know, its not completely out of realm of the possible that these people are lying and really know much more then they are telling police.

I am not implying anything about these people, but I am just saying it isn't impossible.

I lived in Las Vegas for a couple of years and was involved with some people who, from the outside, seemed like very normal folk...in fact, in many ways, I was someone like that, too, due to issues I was fighting at the time.

We all have a different set of experiences in our lives, and, unfortunately for me I suppose, my experiences make me think about this in a different way then many here might.


Based on the article that would also mean they're kidnappers and/or murderers so it might be best to avoid playing the Devil's advocate on this one.


Or... They are involved with people who steal, buy or refurbish stolen phones.


I wish the article mentioned where all these people are coming from. If they're all local then that could lend credibility to that explanation. If they're from all over the country then that doesn't seem as likely. The thought did cross my mind.


One is an engineer, the other a journalist. Maybe they or their "friends" have the skill and the motivation to hack the system, generate false positivrs to get published. Maybe this is someone trolling them, like swatting.


The problem is likely that the location where these phones are really at is near the WiFi router that used to be at this address. No amount of messing with their router will help with fixing this, since those phones aren't there to begin with. The couple might have better luck hitting up the previous tenants/owners.

Based on this line from the article, I'm almost certain that this is the real answer:

> It started the first month that Christina Lee and Michael Saba started living together.


A teen in Canada tracked his lost cellphone to a home and was killed trying to get it back.

http://www.cbc.ca/news/canada/toronto/jeremy-cook-18-killed-...


I wonder if the couple could make a profit on this mishap by suing anyone who accuses them of stealing phones (i.e. on social media) after visiting their house.


The geolocation would probably be enough evidence for claims of libel to be ineffective.


Hence the after I deliberately emphasized. If they had already visited the house and not found their phone (especially if the police were there) then subsequent claims of theft against the couple would be much closer to libel.


So you're saying the couple would have to allow a stranger to go through all their person belongings until they were satisfied the phone wasn't there and then sue?

Doesn't sounds like something I'd want to do.


likely the company that provides the data source would be more liable


If this community can't pin point the problem together, then there is something up here. Clearly this warrants Google, Apple, the telcos and someone from an electronic forensic team each putting a part time expert into a team to figure this out for everyones benefit - themselves and this couple.

Of course the reality is that key Google and Apple staff know exactly what has caused this and don't have a ready solution so are keeping quiet.

In any case, if there are Google or Apple employees reading, perhaps you can suggest this idea to someone internally in the chance there may be some progress before someone innocent gets killed for 'stealing' a phone.


I know it is an inconvenience, but couldn't they just maybe get a new router and see if that fixes the problem? Surely a cheap router is better than getting your house ransacked by police?


It won't make any difference if it's caused by some random router being correlated with their physical address. Phones connecting to that router will still be reported as being located near the house, even if the family cut off electricity and wrapped the house in a Faraday cage.


There is an obvious and simple solution to this problem; although it's not up to this couple to implement it, but to all the developers building or using geo-location.

This is a problem caused by incorrect data representation. Everything the companies know about the location of the phones is an imprecise area, yet they are representing it with this: [1]

This absurdly precise representation doesn't convey the error margins of the information available, and it's what's convincing people that this couple's home is the point that they're looking for. The mapping companies are misleading their users by hiding the level of confidence about the information provided.

Please all front-end developers, don't use a map pin to represent a place in the map if you don't know their coordinates or exact address. A circle with a radius proportional to the uncertainty area is the best representation in that case.

[1] https://www.google.com/search?q=icon+map+pin&biw=790&bih=750...


I looked on https://maps.google.com/locationhistory at what google think my location is.

Usually it's pretty accurate. But several times a year there are major anomalies For example showing me traveling the 4 miles to work in London via a quick journey to Oslo.

It's pretty reliable but not 100%


What's shocking is the lack of a clear explanation by the so-called experts contacted in this article.

My explanation as to what is likely happening: "Every WiFi router has a special unique number - think of it as serial number - baked into the device by the manufacturer (known as a MAC address). Manufacturers request a range of these unique numbers from the IEEE, and are never meant to duplicate them. When you connect to a WiFi router, you connect to its friendly name (SSID), but also your phone receives a part of this special unique number (BSSID address) [1].

Companies like Apple, Google, and SkyHook, record the location of WiFi routers using this unique number. When a phone or other device has a strong GPS location and a strong WiFi signal, they can fairly reliably assume that this unique number is at this specific location.

However, not all manufacturers strictly follow the unique number allocation rule, as getting allocations can be a time consuming process. 999 times out of 1000, reuse of these numbers is not a big issue, and goes undetected. In this case, it is likely that the thieves are using, or are located near, a WiFi router with the same unique number as this couple. Changing this special unique number is sometimes possible on expensive enterprise grade WiFi routers by knowledgeable experts, but not possible or advisable on home routers. The couple should change their WiFi router."

Yes, I have conflated a number of terms there for simplicity. For technical accuracy: WiFi router -> access point.

Edit: added [1] https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Ho...

As BSSID is != MAC address.


"Avast’s software kept tracking the phones after the other programs were cleared with a factory reset"

Does anyone know how that works?


It should work only for those phones which came with Avast factory installed. After you do a factory reset and turn on phone, they send an SMS to contact their server. This gives them the phone number which can then be used by the server to send remote commands to the phone.

One of my phones had McAfee pre-installed with a similar setup. If you do a factory reset and they find that it is a different phone number now, the phone locks down (You can enter a pin to unlock). You can't even access the bootloader or do another factory reset.


A phone had McAfee on it? I can't imagine how slow and painful it was to use that.


Changing their router or even turning it off won't necessary help.

Here is a way to reproduce this issue and explain my point: if you are a thief, you could setup a GPS spoofer pointing to that house or have had your router in that house in the past so that some phones registered/verified it's MAC address to be at the house location. Now assume the thieves live in a location where they took this router with them and where there is no GPS signal or other router or cell signal, but only the thieves' router turned on. Now as soon as the thieves connect the stolen phones to their router, they will report being at the house.

My bet is that this is likely an intentional attack by the thieves and that they are aware of what they are doing. There is a small chance they could have been people living in the house before or drove by to setup their spoof as it would have been much easier than getting their hands on a GPS spoofer.


Given that people coming to them have their info from somewhere, there might be chance they could succeed through asking those visitors where exactly do they have the data from, and then trying to contact/file the complaint to this specific service/company/...


This is just a hunch, but does anyone know whether there is any connection / shared services between the phone finding system and the iMessage airline flight tracking system?

It may just all be coincidence, but that flight tracking feature is so wonky and jacked, giving false locations, legs, flights, and information on the regular. I am surprised it hasn't caused a massive outcry for just how horrible it is. It kind of makes me wonder whether there is some shared service or database or something because the flight lookup feature just smells of the same kind of failure.

I realize, most people don't know/recall that iMessage will auto-link flight numbers. Just message the full flight number.


The only way they are going to get this fixed is to sue the company making the locating software.

Kicking in their door is the least of it - some cop is going to shoot them when they scream or react the invasion.


I didn't finish the entire article, but my immediate thought was that this has something to do with these new phone drop spots that I've seen at grocery stores.

You apparently can just put a phone in one of these ATM-like machines and get money out, which immediately struck me as a clever way to buy stolen phones on the cheap from criminals, with indemnity... which would definitely lead to situations like this when those stolen phones are resold to unsuspecting consumers.


Based on my experience with a few phones I own, there's a few things that could be happening here:

It was mentioned the "SSID"/MAC address problem. It's possible that they have a home router with its default SSID and are encountering a MAC address collision (assuming MAC address is always taken into account, which I'm not sure that it is). Their router is likely part of some database that the GPS uses when the phones enter an area with WiFi but no cellular service or line of sight to the satellites. I had a similar failure every time I went indoors to an archery facility I visited weekly for three months. Both my wife's and my phone would think we were a clear 30 miles away in another city the second we got far enough into the building to lose cellular service. I dug into it and discovered it was using WiFi APs to get location. I think the archery place has another location in that other spot, so it's possible they swapped WiFi gear at some point, but it's anyone's guess.

Another possibility, hinted at in the article, is that there's no other location data available to the stolen phone (no mapped WiFi, no cellular service) but it has an IP address so the devices are falling back to Geo IP which is extremely inaccurate (my IP address changed recently and I am now a Canadian according to location services on my PCs with no GPS capabilities -- 200 miles off). It could be a circumstance of "that IP isn't known, but that block is owned by x ISP and here's a general location of where that is ... only the little dot happens to land on their house.

It would be really smart for apps that track location for theft purposes to keep a reasonable history. If it's a mobile phone, the last known high-accuracy reading from the GPS should be presented along with lower accuracy results to help in situations like this. I'd imagine it wouldn't be terribly difficult to correlate several readings over a period of time and discard ones that are clearly not sane (as would have been the case with my phone in the archery place). A bonus would be to perform other actions when the device is marked "stolen", like take photos at certain intervals and upload them to the cloud to make it easier to "prove" your phone is in the hands of someone it shouldn't be (one of the tools I had did something like this).


> It's possible that they have a home router with its default SSID

The guy is an engineer. I'm pretty sure their SSID has a silly in-jokey name.


I hear ya, but "Mechanic's Car"[1] sometimes comes into play. I recently installed a new AC router in my home. I took the time to install OSS firmware, customized all parts of the security, applied a few tweaks to the WiFi configuration via a shell script and ... my SSID? "OpenWrt"

I keep meaning to change it to something snarky ("Free Public Wi-Fi?") but then I know I'll have to enter my ridiculously complicated/long password into a bunch of devices without keyboards.

[1] ... usually doesn't run right


I had something similar happen when I was in college visiting a friend and the police show up asking who dialed 911, if she was alone, etc. This was before ssid based geolocation become popular. I had to spend some time explaining how inaccurate cell tower positioning is, most people just assume that if the cops say it came from inside the house it must have.


> Lekei said by email that the couple’s router could be causing the problem; if misconfigured, it could be broadcasting that it’s a different location than it actually is

Wait, what? Is my router broadcasting a location to someone? What technology is this, and how do I make sure my router isn't doing it?



Ignoring everything else - if it the phone that went missing, should the location at least be accurate to nearest base station. In case of missing child operator would provide triangulation results, right?


Once this is resolved, we might temporarily have a way to fool the 'illegal' surveillance gear used by law enforcement? Unless they use some completely different scheme to snoop on cell phone users?


$1 says it's some null value.

This is a good premise to an "off-by-one" parable where it turns out the neighbors are phone thieves.


I wonder how easy it would be to spoof the location of a device with WiFi gear that can broadcast multiple arbitrary BSSIDs?


Why do they keep answering the door?


Eugine Ionescu probably has the answer to that. You see, when the doorbell rings it means that there is somebody there waiting for the door to be opened. But not always.


[flagged]


Yes, let's bully someone because of their appearance.


Man-buns are lame, but beating the crap out of them seem a little extreme for sarcasm




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: