- Joined
- 31.10.19
- Messages
- 922
- Reaction score
- 1,921
- Points
- 93
Part I: Remote Spying
Social Engineering
The simplest, yet often dusty method is to just ask! Yes, just like in an old-fashioned detective story. Call or message the phone owner under a plausible guise. Found on social media that the person loves sushi? Call from "their favorite sushi bar". The key to this method is a convincing legend. Think about how to ask "Where are you?" and what to answer to the inevitable "Who are you" and "Why do you need this?". They might tell you to fuck off, so this method requires acting skills at least at the level of amateur theater.
“Find My Phone”
Remember the built-in beacons from Google and Apple? If you know email and password (which are often extracted from leaked databases), you can go to google.com/android/find or icloud.com/find and see the phone on the map. But it must be online and the location service must be active. And most importantly, without the current password, this leash won’t work.
Geolocators
These are special "spy baits" - links or files. The victim bites and their coordinates are sent straight to the fisher. They are sent via SMS, email or messengers. Click it and you’ve essentially sent your location. The accuracy varies: GPS is a sniper, Wi-Fi is a good shooter, cell towers are like shooting at a target area and IP is like pointing a finger at a world map. But there are downsides. The victim must bite. Plus, modern operating systems and browsers often ask: "Hey, can this site access your geolocation?", making this yet another obstacle.
GEOINT
The most meticulous, yet sometimes very effective method is to piece together a puzzle from the digital crumbs of the person you’re looking for. Social media is a goldmine! Geotags on photos, phrases like "it’s so hot in Miami!" or photos from a local festival. Even photos without tags can reveal secrets, as smart AI or a keen eye can spot recognizable buildings, a 'Starbucks" sign, a house number or a distinctive landscape.
ADINT
This is an indirect and very cunning method. Imagine a wrongdoer setting up a super-narrow advertising campaign (in Google Ads, for example) say, only for visitors to a specific shopping mall or even a street. The ad is something unique and easily recognizable, like "100% discount on flights to the stratosphere ONLY for those who are NOW in the ‘MegaTrash’ mall”. If your phone (with the advertising ID enabled) is in that area and you see this ad - BINGO! This is an indirect signal: "He was here!". Telecom operators can also do such targeting.
Part II: When the Phone Got Your Hands
If the phone is in your hands for even a minute, much more powerful (and discreet) surveillance options open up. In this case, you need to act quickly and clearly.
Parental Control
Apps that parents install on their children to keep them from wandering off can also serve as spy software. You need to physically download and install such an app from the official store once, give it ALL permissions and set up an "observer" account. After that, Big Brother in the form of you can see where the device is located and even track its routes for the day. Convenient? For the parent - yes. For the victim of secret surveillance - terrifying! Operators also offer legal tracking services in the format of parental control. The parent connects it in their personal account and specifies the child's number. Confirmation from the child's phone is required (via SMS or USSD). After that, the parent can send requests and see the location on the map. Accuracy? It depends on the cell towers. In the city, it can be within tens of meters (possibly showing the house), while in rural areas it can be kilometers (showing a forest or field).
Real-Time Location Sharing
Messaging apps (Telegram, WhatsApp) and maps (Google Maps) have a feature to share geolocation in real-time. A wrongdoer can activate this on your phone and delete the message from your phone. Meanwhile, they will see your movements like a Formula 1 race on the map. Devious and unobvious!
Part III: How Not to Become a Victim of Surveillance?
Against Social Engineering
Activate your inner paranoid. If a stranger asks, "Where are you?" counter with questions: "Which department are you from?" or "What’s your employee number?". Don’t fall for the caller’s urgency - that’s a clear sign of social engineering! If you hang up, call back using the number from the official website (not the one they provided). And finally, share less personal information publicly - the less material for the spy’s legend, the better!
Against the "Find My Device"
Here, the key is passwords. Make them long, unique and complex. Never reuse passwords - it’s like having one key for all doors. Regularly check your email/phone on haveibeenpwned to see if you’ve been involved in any leaks. If a password is compromised - change it immediately!
Against Geolocators
Never click on suspicious links, even from acquaintances (their account might have been hacked). Check the URL: hover over it (on PC) or press and hold (on phone) - where does this “harmless” link actually lead? Be wary of typos (goggle.com), strange domains and shortened URLs.
Against GEOINT
Tighten your privacy settings on social media: who can see your posts, friends, photos? Disable geotags completely! Additionally, before posting photos/videos, check the background: are there recognizable places, signs, car numbers or addresses? And turn off GPS saving in photo metadata (camera settings).
Against ADINT
Check which apps you’ve granted access to your geolocation. Disable permissions for all unnecessary ones, especially suspicious or advertising-related apps. And opt out of advertising ID in your settings.
Against Physical Access
Protect your lock screen like Fort Knox (6+ digit PIN or complex password). Disable app installations from unknown sources (Android). And most importantly, regularly check app permissions: who has access to location, microphone, camera? Revoke all unnecessary permissions! Check connected services with your operator (via personal account or USSD). Delete everything you don’t recognize or didn’t enable yourself!
