> I often tell my friends I run an app on my phone that captures my location 24/7 [...] But then I tell them all my location data is not sent to anywhere on the Internet
Your phone is on the Internet.
It takes only one attack (for instance, someone sends you an image which exploits an RCE on the image decoder and then chains into a privilege escalation exploit), or a careless mistake (like marking the wrong folder to be synchronized), or even an automatic update of the app (which adds a helpful "sync across your devices through the cloud" feature or similar), to have all that saved location data copied elsewhere.
You can't leak what you don't have; if you never saved your location history, there's no risk of it being leaked after the fact.
>if you never saved your location history, there's no risk of it being leaked after the fact
Very Buddhist in principle. I still prefer having my GPX tracks though, because they're useful to me, as well as notes, journals, logs... Local security is a separate question, and it's light years apart from stuff like Recall.
You wouldn't rather have only some of your location recorded? I don't understand the appeal of saving all data all the time.
It's akin to going to a concert and recording the whole thing, versus recording a small bit that feels memorable, so you can enjoy the rest of the experience fully present.
as a total aside, how do you know what they're going to pay at the concert before they start playing and you know it's your favorite song? Wouldn't you miss the beginning of the song?
It's a good total aside, my analogy was not great.
I went on Sunday, and she announced what she was playing. Otherwise from the initial notes it's easy to spot what's coming. Of course you end up with an imperfect recording, but it's good enough for the memories, I guess.
(I actually wanted to record the 10-minute jam session via Apple's Voice Memos but didn't notice it wasn't recording, because there's no feedback to when you press the button, and red-on-dark is easy to miss.)
Wasn't there a HN post a few weeks ago, describing how your phone's location can be tracked without anything installed and without leaving any trace on your phone? I think it was an exploit of CSS7 protocol used by networks?
Your phone is on the Internet.
It takes only one attack (for instance, someone sends you an image which exploits an RCE on the image decoder and then chains into a privilege escalation exploit), or a careless mistake (like marking the wrong folder to be synchronized), or even an automatic update of the app (which adds a helpful "sync across your devices through the cloud" feature or similar), to have all that saved location data copied elsewhere.
You can't leak what you don't have; if you never saved your location history, there's no risk of it being leaked after the fact.