Dan Goodin over at Ars Technica is reporting on a company called Babel Street and its Location X program.
From the article:
You likely have never heard of Babel Street or Location X, but chances are good that they know a lot about you and anyone else you know who keeps a phone nearby around the clock.
Reston, Virginia-located Babel Street is the little-known firm behind Location X, a service with the capability to track the locations of hundreds of millions of phone users over sustained periods of time. Ostensibly, Babel Street limits the use of the service to personnel and contractors of US government law enforcement agencies, including state entities. Despite the restriction, an individual working on behalf of a company that helps people remove their personal information from consumer data broker databases recently was able to obtain a two-week free trial by (truthfully) telling Babel Street he was considering performing contracting work for a government agency in the future.
Tracking locations at scale
KrebsOnSecurity, one of five news outlets that obtained access to the data produced during the trial, said that one capability of Location X is the ability to draw a line between two states or other locations—or a shape around a building, street block, or entire city—and see a historical record of Internet-connected devices that traversed those boundaries.
[...]
404 Media, another outlet given access to the data, reported that the trove allowed a reporter to zoom in on the parking lot of an abortion clinic in Florida and observe more than 700 red dots, each representing a phone that had recently visited the clinic. Location X then allowed the reporter to trace the movements of one specific device.That device—and by extension, the person carrying it—began the journey in mid-June from a residence in Alabama. The person passed by a Lowe's Home Improvement store, drove on a highway, visited a church, crossed into Florida, and finally stopped at the clinic where the phone indicates the person stayed for two hours before leaving and returning to Alabama. The data tracked the phone as having visited the clinic only once.
The technology making this vast data collection possible is, of course, tracking mechanisms built into Android and iOS and the apps that run on those operating systems. By default, Android assigns a unique ad ID to each device and makes it available to any app that has location permissions. iOS, by contrast, keeps its "Identifier for Advertisers" tracker private, but gives each installed app the opportunity to request access to it.
Some apps are given permission to access a phone's location and then sell the device's location to consumer data brokers. The data can also be made available through the web ad ecosystem. While an ad-supported page loads, the advertising network holds an auction in real time to sell a personalized ad to the highest bidder. A key piece of information bidders use to set a price is—you guessed it—the location of the device running the browser. Advertisers generate additional revenue by selling that history to the likes of Location X provider Babel Street.
TFA also provides information which can limit your exposure:
There are multiple settings that phone users must choose to close off the constant leaking of their locations. For users of either Android or iOS, the first step is to audit which apps currently have permission to access the device location. This can be done on Android by accessing Settings > Location > App location permissions and, on iOS, Settings > Privacy & Security > Location Services.
For most users, there's usefulness in allowing an app for photos, transit, or maps to access a user's precise location. For other classes of apps—say those for Internet jukeboxes at bars and restaurants—it can be helpful for them to have an approximate location, but giving them precise, fine-grained access is likely overkill. And for other apps, there's no reason for them ever to know the device's location. With a few exceptions, there's little reason for apps to always have location access.
Not surprisingly, Android users who want to block intrusive location gathering have more settings to change than iOS users. The first thing to do is access Settings > Security & Privacy > Ads and choose "Delete advertising ID." Then, promptly ignore the long, scary warning Google provides and hit the button confirming the decision at the bottom. If you don't see that setting, good for you. It means you already deleted it. Google provides documentation here.
So is this just good old American ingenuity at its best? An unacceptable invasion of privacy?
Speaking of such things, how (if at all) does this comport with the Fourth Amendment?
What say you, Soylentils?
(Score: 3, Insightful) by SomeGuy on Sunday October 27, @07:54PM (3 children)
Good luck tracking my 1990s desk "landline" telephone. I'll go ahead and tell you - it's sitting on my desk right next to me. Where it fucking stays.
Why people are OK with this kind of tracking just blows my mind.
Of course, then there are cameras every five feet these days recording your face and/or your car.
(Score: 2) by janrinok on Sunday October 27, @07:58PM
Same here - old fashioned landline to POTS. No spam, I only give the number to certain people.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 0) by Anonymous Coward on Sunday October 27, @08:08PM
I don't think they would be if they found out retailers are selling location information to these companies.
You just have to drive near them.
(Score: 4, Interesting) by looorg on Sunday October 27, @09:26PM
I don't have a landline anymore, after they removed the copper and made it telephone over ip then I figured why bother. I have two phones, one work phone and one private phone. The work phone is at the desk at work, the home phone is at my desk at home. According to tracking I'm either working around the clock and living beneath my desk or I have not left my home for about a decade. The work phone might move around a bit, but it's somewhat rare. I figure I'm at home, or I'm at work or I'm to busy to talk to you cause I'm doing something else, send an email or an SMS and I'll get back to you when I get back to either phone. I don't need or want any apps, I don't want to do any kind of computing on a 6-7" screen.
I still get tracked by other means. But it's not from my phones or any kind of apps-schmaps-bullshit.