I work with Ad Data a lot in my job, and there's a lot of misconceptions about what this data that journalists love to propogate:
The location data in these networks is very inaccurate. Your OS and browser actually do a pretty good job of locking down your location data unless you give explicit permission. It's in the ad network's interests to lie about the quality of their data - so a lot of the "location" data is going to be a vaguely accurate guess based on your IP address.
But also, location data is really important to ads right now because, contrary to common perception, per user tracking is very, very hard. Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is unique. Which is why you are often served advertisements based on what other people on your network is searching - it's much easier to just blast everyone at that IP address than it is to find that specific user or device again in the data stream.
Bidstream data in particular is very fraught. You're only getting the active data at the point the add is served, but it's not easy to aggregate in any way. You'll be counting the same person separately dozens or hundreds of times with different identifiers for each. The data you get from something like Mobilewalla is not useful for tracking individuals so much as it's useful for finding patterns.
I think it's pretty telling from the few examples shared about how agencies actually use the data:
>"CBP uses the information to “look for cellphone activity in unusual places,” including unpopulated portions of the US-Mexico border."
>According to the Wall Street Journal, the IRS tried to use Venntel’s data to track individual suspects, but gave up when it couldn’t locate its targets in the company’s dataset.
>In March 2021, SOCOM told Vice that the purpose of the contract was to “evaluate” the feasibility of using A6 services in an “overseas operating environment,” and that the government was no longer executing the contract
Something is going to have to be figured out about this data - realistically the only way is a sunset on customized advertisements. However, I would personally not be worried (yet) that the government is going to be able to identify an individual and track them down using these public sources as they currently are.
I worked in ad-tech for a year before I left the tech industry as a whole. I've also done a fair bit of investigative journalism.
Let me share a thing:
Factual, a company that specializes in hyperlocal geofencing, uses geofencing much smaller than the self-regulation that their industry allows in their own rules. I learned this after a coworker quit because our company was allowing ad targeting to people using these smaller geofences. The whole company had an all-hands about it where the CEO of the company told everyone that we were not going to stop using Factual nor the smaller-than-allowed geofences because we, ourselves, were not the ones to produce those geofences. We were just a man in the middle helping to build a system to track people at high resolution.
Please try to reconcile with what your industry has and continues to destroy.
> Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is unique
You'd be surprised what can be done when data from different source is fused together.
Large-Scale Online Deanonymization with LLMs: https://news.ycombinator.com/item?id=47139716
Robust De-anonymization of Large Sparse Datasets: https://www.cs.cornell.edu/~shmat/shmat_oak08netflix.pdf
Neither the government nor an ad agency needs to know where I am, no matter how "rough" the data is. It's none of their business.
But dude... just think of all the optimal personalized mattres sales they can do with that data. I mean, people that use the bathroom at 3:57pm for seven minutes are 0.00138% more likely to buy a new mattress within the next six months. They need that data. Think of all the unsold mattresses.
Well, in the case of a company trying to market to you, it literally _is_ their business. It makes them money.
The problem is that we have markets where we: - Incentivize organizations to pursue profits at the expense of everything else, which includes social good and civic rights - Rarely hold bad actors accountable (and almost never in a timely manner)
Which means, given enough time, we're always going to trend to whatever makes the most money. Targeted advertising makes money, and will continue to do so unless or until we collectively decide to make it a greater risk to profits than it is today.
At this point, your device is not giving anyone your location without explicit permission. So it really just comes down to your IP Address, which services do need.
I think your is statement is inaccurate to the point of being intentionally misleading:
Many devices, when running, and in some cases even if turned off but connected to their battery, will ping cell towers (maybe even BLE/Wifi) and get triangulated by the network infrastructure (such as cell towers) without actively broadcasting the GPS location.
That's why I don't quite understand why the gubernment needs to have finer grained data (esp around the US/Mexican border). Precision location info would only be needed if you need to track people in densely populated areas.
Cell-site location information (CSLI) is not available to apps or adware and is protected by the Fourth Amendment.
It was freely sold up until a handful of years ago
Yes, but it is available to the gubernment ? Especially this gubernment?
That location information is not available to apps or ad networks without user consent. The government can access it from the carrier with a warrant, but that's not what we're discussing here.
Carriers have also sold customer location data, no search warrant required. Though we can rest assured that the FCC has slapped the carriers' wrists with the utmost seriousness.
And sold it to not just the government but anybody _claiming_ to be a bounty hunter (and some other professions).
I think that's very much what is discussed in this whole thread.
Couldn't you just maintain a list of cell tower IPs and figure it out with traceroute?
If you use Google Location Services, which is stock install on basically all Android devices, it absolutely is uploading "anonymized" GPS data all the time.
IP Address is all you need to get fairly accurate (town or neighborhood) location for most of North America.
But it is necessary to send it somewhere, otherwise the internet wouldn't work.
Unfortunately it seems to have become accepted for our devices to communicate constantly and often with services we never explicitly started communication with (like Ad networks used in Apps).
Permission systems on devices should care about Network connections just as much as Location. Ideally when installing an app you'd get the list of domains it requests to communicate with, and you could toggle them. Bonus points if the app store made it a requirement to identify which Domains are third parties and the category like an Ad service.
I think the issue here is one of informed consent. You might say, "OK, this makes sense" when agreeing to location data for a weather app. In the context of whether it's going to hail soon, location is reasonable. What you only see in those GDPR-type banners is that the data is being re-sold off to 1001 "partners", none of whom are important for my hail-to-head concerns. Never mind all the cases where it's re-sold on to all the governments and personal-level creeps through aggregators.
IPv6 addresses, particularly hardlines, are often accurate down to the block.
Then you are obligated to obscure that with a trusted no-log VPN too.
The government does need to know where the people building their lives on breaking the law are. Don't think CBP wants to know where you are.
1000% agreed with this