Peter Eckersley

Do you own an Android device? Is it less than three years old? If so, then when your phone’s screen is off and it’s not connected to a Wi-Fi network, there's a high risk that it is broadcasting your location history to anyone within Wi-Fi range that wants to listen.

This location history comes in the form of the names of wireless networks your phone has previously connected to. This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi.

In Android we traced this behavior to a feature introduced in Honeycomb (Android 3.1) called Preferred Network Offload (PNO). PNO is supposed to allow phones and tablets to establish and maintain Wi-Fi connections even when they’re in low-power mode (i.e. when the screen is turned off).

The goal is to extend battery life and reduce mobile data usage, since Wi-Fi uses less power than cellular data. But for some reason, even though none of the Android phones we tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off.

Electronic Frontier Foundation is launching a new extension for Firefox and Chrome called Privacy Badger. Privacy Badger automatically detects and blocks spying ads around the Web, and the invisible trackers that feed information to them.

Privacy Badger is EFF's answer to intrusive and objectionable practices in the online advertising industry, and many advertisers' outright refusal to meaningfully honor Do Not Track requests.

Privacy Badger is a browser-add on tool that analyzes sites to detect and disallow content that tracks you in an objectionable, non-consensual manner. When you visit websites, your copy of Privacy Badger keeps note of the "third-party" domains that embed images, scripts and advertising in the pages you visit. If a third-party server appears to be tracking you without permission, by using uniquely identifying cookies to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third-party tracker.

Advertisers and other third-party domains can unblock themselves in Privacy Badger by making a strong commitment to respect Do Not Track requests. By including this mechanism, Privacy Badger not only protects users who install it, but actually provides incentives for better privacy practices across the entire Web.