Hi, I am trying to add the GPS/Localistion on/off trigger in the quick settings menu of my FP3, and did not find any way to do it. I know how to edit this menu, but the corresponding button is not listed. I can see other buttons like Wifi, Bluetooth, Do not disturb, etc, but not the Localisation one.
I am able to enable/disable the localisation by going into the settings menu of the phone, but I don’t find this very practical. My previous phone is offering this, and more than that, it disables the localisation as soon as the application which requires it is closed. Anything like that on the FP3 ?
This works for me.
The localization button (icon is the little you-are-here pin from google maps) is indeed not in the list of buttons of the pulldown menu by default.
If you pull the menu to full size, it shows more buttons, but it might still not be there yet (and/or hidden on page 2). However there’s a small “pencil” at the bottom to edit the menu, which when pressed expands the menu further.
In this expanded menu, one can scroll down to a second screen which exposes additional buttons currently not displayed at all.
I was able to add the Localization button to the menu this way.
5 Likes
See here for pictures, issue was a different one, but the “Location” icon can be seen, too …
2 Likes
Thank you ! That was it ! I just didn’t think to swipe UP in edit mode, I was always swiping down in this mode.
The Scroll down part in the edit mode can be obtained by swiping UP, which I was not doing.
Thks for the reply
Why?
(Post must be at least 20 characters.)
<strike></strike><strike></strike> is less characters and less visible than (Post must be at least 20 characters.) 
.
The question is: why would one want to (quickly) disable localization?
- because it draws unnecessary extra power?
- because you don’t want google search results and advertisements be affected by where you’ve been this afternoon?
- because you are a Journalist trying to meet a whistleblower and the paranoid bastard insisted that you turn it off before he shows you the material
- because you are on the run from the FSB after posting these compromising pics of Putin on Facebook and now they sent a contract killer after you?
- because you are on the run from the CIA after posting these compromising pics of Trump on Facebook and now they sent a contract killer after you?
…
1 Like
Is the hardware off when you toggle it? How much does it draw these days? What is the impact on battery life?
Don’t use Google search; DDG is good enough for most. It is even better in some circumstances (I’ve seen some OSINT examples).
GPS location off does not help against a state actor! The police and secret service are able to localize you via quite precisely via GSM triangulation. Together with a camera feed, its easy (plus, the camera feeds on Dutch train stations can see your PIN when you enter it!!).
If you don’t want the government to follow you, a reasonable choice to make is leave your (smart)phone home. A valid argument is that, yes, GPS localization is more accurate than GSM triangulation. However, it isn’t inaccurate enough. Especially not together with camera feeds or OSINT.
If we talk about applications, we need to give them access to location on a case-by-case scenario. One can give temporary access with an application called Bouncer.
Very good question. Most small scale GPS receivers use active antennas, which can have significant power drain, so they at least used to have their receiving amplifier turned off, but this technology also improved in recent years. Whats the power usage impact of GPS receiver and related CPU utilization on the FP3 ? I don’t know. Maybe should open a new thread for that. From a quick glance in AccuBattery I didn’t spot a significant impact, so this needs a long term test under controlled conditions.
still affects the adds in youtube though Haven’t found a good replacement for that yet.
I agree about the more privacy critical points you made. One probably shouldn’t take a cellphone, at least not one where the GSM modems can’t be completely disabled per software. Would having “Airplane mode” on a quick button be sufficient?
Once the battery benefit is correctly documented, you can make a valid case for disabling it.
The privacy one’s invalid. Sure, downloading GPS almanac for AGPS is an issue, but that’s separate. As soon as phone’s on, GSM triangulation works.
Honestly, I never even see those. Only sponsored (e.g. in LTT).
Other than that,
NewPipe.
(Though it could get you banned.)
Hardware kill switches, such as Librem 5 has. They have it individually. There might be situations where you want Bluetooth but no other. Or WLAN + Bluetooth. Or only GSM. Or only WLAN + GSM. Etc. So 3 kill switches makes sense. (Not sure what they do with NFC.)
Or simply use WLAN only. Though that can be tracked too. As can Bluetooth. Every radio can. But at least they have less range.
With cameras everywhere, I don’t see point of using PIN in public [1]. That’s a one way to hell. If you go to say a demonstration don’t use a cellphone, or use a burner (at least you got a camera then to record wrongdoings). Disadvantage is more waste/costs, but you could sell afterwards. Then again, an action camera might be suffice. Xiaomi Yi, for example. That, or use a feature FPs have: take the battery out. Advantage is also encrypted data can’t be accessed.
[1] I was at a privacy/security conference where Dutch police recommended using PIN instead of fingerprint. I 
ed. I mean, legally they can enforce you to give your finger(print) but not your PIN. They can still get your PIN via other means though…
2 Likes
Well the thing about pin vs fingerprint is an interesting topic.
-
You can change your pin easily if compromised. Changing your fingerprint is a bit trickier, and you leave them on every thing you touch.
-
In some countries, you can be forced by police to unlock your phone via fingerprint, but they can’t force you to reveal your pin/password. Similarly, an attacker can knock you unconscious and use your finger to unlock your phone. You can’t really prevent that. (Although some sensors at least don’t let you unlock it with a dead finger.)
-
Relying on the fingerprint really means relying on a cryptographic key stored on a hardware device (chip) integrated in the fingerprint sensor. A key stored ON a device can always be extracted with physical access and sufficient resources. (The fingerprint never IS the key. It’s too fuzzy, a print match only unlocks it. But it can also be unlocked through potential hardware backdoors/vulnerabilities and or by opening the chip and extracting the data with a probe)
The same goes for face-ID or similar.
(That being said, a regular 4, 6 or even 8 digit PIN would never withstand a bruteforce attack, so usually the actual decryption keys are also held within a TPM hardware device, in turn unlocked by the PIN which only allows a limited amount of tries.)
How secure is the TPM hardware on the FP3 ?
1 Like
If I intentionally turn off the localisation, doesn’t this mean that I don’t want any app to track me ?
Even though I know they can do it anyway by other means, if someone discovers that one of them is doing it, could’nt it be a very bad advertisement for the company ? Isn’t this even illegal ? Otherwise what is be the purpose of en/disabling the localisation authorization in the settings of each app ?
Sorry if that question seems too naive …
Another use of en/disabling localisation I just thought about: the stats (for runners, bicyclers, etc).
We’re at the point where, yes, it would be bad advertisement, but they do it anyway, and often get away with it. Software is riddled with trackers these days. Advertising does it as well. Sure, there is GDPR, but that’s about it.
Yes, this capability-based design is the right approach instead of the all or nothing approach.
Could you explain? I don’t follow.
An attacker can also use coercion.
My response to PIN vs fingerprint/FaceID is it is going to depend on implementation. Also, it does not have to be one or the other. If you use fingerprint, then you also use PIN. You always have the choice of using PIN. If I use my fingerprint in public transport (metro/bus/train), that is good enough. If I use my PIN, it is easy to leak such by bystanders and cameras, leading to that PIN being compromised, forever, for that adversary.
Hence, my reply to which one is better (apart from what you wrote) is also the above; ie. “it depends”.
Aarch64, recent Qcom, should be ARM TrustZone
1 Like
If I never turn the loc off, then the stats about my running perfs, or my bicycle itinerary, would include the times when I am at home, or going to the baker, grocery, etc. I had the experience today: I did not turn off the loc yesterday night, took my bicycle this morning to go to work and used a GPS app (other than Google Maps) to guide me. Then I went in Maps to check my route afterwards, and realized that my sleeping time was included in the stats.
I don’t know where those stats are saved, but with something like Strava (which is the main app runners use), you need to actively enable and disable it. Because you tell it that, “yes, you are now running” or “you quit running”. That Google Fit is clueless about such, sure. My advice is then: don’t use Google Fit for such. Though it should also detect when you walk, run, or bicycle.