alt Hacker NewsWho's selling the data is the far more serious issue here. Behind this is a remarkably well-structured syndicate. The supply chain looks something like this: consumer apps embed ad SDKs → those SDKs feed location signals into RTB ad exchanges → surveillance-oriented firms sit in the RTB pipeline and harvest bid request data even without winning auctions → that data flows to aggregators who don't have any direct relationship with consumers → and from there it's sold to government agencies, among others. The genius of this structure is that accountability dissolves at every layer. Each intermediary can claim they're just passing along "commercially available data." Nobody verifies whether consumers actually consented to their location data being collected and resold. The consent verification is always someone else's job. The real problem is that this data is buyable at all, by anyone, through an opaque multi-layered supply chain specifically designed so that no single entity bears responsibility for the end result.
Replies
I think the pipeline needs to be plugged at both ends. We shouldnt allow this data to be sold without express consent. And we shouldnt allow the government to purchase this sort of data regardless of consent, protected under the 4th amendment. unless, iguess, express consent is given to be used by the government for investigative purposes, which no one would give since they dont have to under the 5th amendment
I find myself uninstalling every app unless I really need it and use it. It's amazing how many apps just sit around in your life over time. get them off your phone
That's a very accurate summary.
That stupid game you installed a year ago, that's what gets you.
If you have a smartphone keep a very sharp eye on your location services, and whether they're in the state you expect them to be in. Also a great way to save your battery.
The RTB thing has been around for over a decade at this point. What I’m not sure about is what’s being sold by car companies. I know they sell the data to insurance companies. I’m curious if the government can manage to get it as well commercially.
> Who's selling the data is the far more serious issue here.
Everyone who has it is selling that info, and nearly everyone who collects it is selling it. Until there are laws that actually protect us, we should stop giving companies our location data every chance we get and push for laws that prevent it from being unnecessarily collected in the first place.
I wouldn't be surprised if we saw a headline in a few years when we find out other actors (e.g. China, Russia) have been buying this data en-masse too.
All of it is legal, and incentivised. Is it any surprise?
Not sure about now, but geolocation data used to be available for purchase from: https://en.wikipedia.org/wiki/Skyhook_Wireless
There probably was a consent, buried on page 12 in the terms of use of the app they installed at the front of your chain.
We can hold both accountable actually, its a workaround of our fourth amendment rights and also it should be illegal to do this for the companies involved.
And it’s working precisely as designed
For example you can have a truthful statement: “all of the apps that you have are constantly spying on you”
And the rejoinder is “ any given app is not specifically selling my data to specifically the FBI and so therefore it is not spying”
To which the response would be: “that is correct however the aggregate data is bundled and sold off to specifically the FBI or intelligence agencies and so there cannot be a logical differentiation between apps.”
By that point the person has downloaded another rewards app and added their drivers license to it.
[dead]
Apple and Google are facilitating the data sales
Specifically, these big companies revenue share with app companies who in turn increase monetization via selling your private information, esp via free apps. In exchange for Apple etc super high app store rake percentage fees, they claim to run security vetting programs and ToS that vet who they do business with and tell users & courts that things are safe, even when they know they're not.
It's not rocket science for phone OS's to figure out who these companies are and, as iOS / android os users already get tracked by apple/google/etc, triangulate to which apps are participating