Mobile Phone Companies Appear To Be Selling Your Location To Almost Anyone (techcrunch.com) 149
An anonymous reader quotes a report from TechCrunch: You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers' traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily. The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)
There's no escaping it (Score:5, Insightful)
We ARE the product, and short of bloody revolution there's SFA we can do about it. Time to open that Facebook account I guess - the war has been lost, so I may as well get as much value as I can out of our corporate overlords in return for them raping my privacy.
Re: There's no escaping it (Score:5, Funny)
This is caused by all those pesky regulations. Verizon has been telling us for years that all we have to do is free their industry from regulations and they would immediately become more altruistic.
Loosening those privacy rules would immediately make all this better. For one, they wouldn't been in violation of said rules anymore.
Re:There's no escaping it (Score:5, Interesting)
Time to open that Facebook account I guess - the war has been lost...
TFS talks about some information being made available to all bidders, but it doesn't NEARLY approach the information collected by FB. I am a FB user and I do have location services turned on. I see some creepy shit. It asked me about my trip to a place where I'd stopped in the parking lot on my way home from work. It offered a friend suggestion for a person I'd had no online interaction with, but sat down with that day at Starbucks for an hour. I can only imagine what they know about me that they're not sharing.
Re:There's no escaping it (Score:5, Interesting)
I got an ad on facebook for an anti snoring aid. I did not say anything about that on facebook, nor did I shop for anything like that. The only way it would know such things is that it monitors the microphone on the phone. The facebook "lite" app I installed a couple of months ago was promptly removed from my phone.
Re:There's no escaping it (Score:5, Insightful)
Maybe snoring is so common that the makers of this aid just did as they did in the old days - they sent the ad to everyone?
Not ALL ads are completely tailor-made to each individual user.
Re: There's no escaping it (Score:2)
This is probably the correct answer. I asked my wife if she mentioned me snoring in a message to her friends,and she's said no. Regardless, the add creeped me out enough that it was the nudge i needed to delete the app and go over my account to look for leaks. A couple of minor things needed tweaked,but for the most part is pretty clean.
Re: (Score:2)
nor did I shop for anything like that [emphasis mine]
Does your wife use your computer? Which leads me to a good idea.... I should start searching for anti-snoring stuff on my wife's login, maybe she'd take a hint.
Re: (Score:1)
paranoid much?
Re: (Score:3)
Re: (Score:2)
Paranoid enough?
Re: (Score:2)
Facebook might not know you want anti-snoring things. It could be that the people they are selling the advertisement to (on offer, an ad to Sporkinum, bid now) know you would be interested in it.
Re:There's no escaping it (Score:4, Interesting)
Recognizing snoring seems like some perfect entry level tasking for phones and "assistants" There is quite a bit of valuable data to be gleaned from doing so.
Watch tv before you sleep? What channel? (Demographics info)
What time do you usually go down? (Scheduling/location)
Are there more than one of you? (Relationship status)
Breathing patterns and snoring (Health status)
Presence of animals (Pet info)
Each of these points is worth something to somebody, and that's just the top of the head stuff. It's also all pretty repetitive noises sampled every night, so simple for automated detection and such, so no real reason not to do something like this.
A few years from now, the shocking amount of data these things collect, correlate, corroborate, and index on everybody (not just the owner) is going to come out. It will barley even register on the outrage scale, there will be some congressional hearings, the big data merchants will answer some questions delivered in a stern voice, and nothing will change.
tl;dr=There's no money in NOT listening to you sleep.
Re: (Score:1)
Verizon also sells accelerometer data. I never get telemarketer calls when not handling the phone, but if I leave it idle for an hour or two and then pick it up there's at least a 50% chance of getting one before the phone gets into my pocket.
Re:There's no escaping it (Score:5, Interesting)
It offered a friend suggestion for a person I'd had no online interaction with, but sat down with that day at Starbucks for an hour.
I bet that friend got home and looked you up on Facebook to see more about you, browse through your photos etc. And that if they look you up, then they get suggested to you as a friend.
The difference is it's easy to not use Facebook (Score:2)
Re: (Score:3)
The difference is it's easy to not use Facebook
Just because you've never signed up for FB does not mean they're not tracking you. You're a FB user the same way you're an Equifax customer.
Re: (Score:2)
Holy fuck Batman! I always knew in the back of my mind that kind of thing was possible, but didn't really think about it too hard. Hearing your stories makes the whole 'opt-in for 24/7 surveillance' thing WAY creepier than I've always felt it to be. Thanks for sharing - guess I won't jump on that social networking bandwagon any time soon.
Re: (Score:1)
The data doesn't have to be verified per-say.
It is per se, meaning 'for itself'.
Re:There's no escaping it (Score:5, Interesting)
Or enjoy playing with them. Poison their data well. Create false information about yourself. Get creative and have exciting new hobbies. Have fun with it and explore the exiting world of being a product. Create a mail address for every possible occasion where you might need one and watch how it travels through the various places. Respond to their "quality assurance" test and enter as much false information as you can. Create 2, 3, 10 personas and let them gain a rich and interesting life. One of mine is for example a freeclimber and has shared many photos on instagram of his travels around the world. Google pix helps. Of course, photoshop it sufficiently to thwart algorithms trying to match it with the original. That's fairly easy and can be done by laymen by now. Create new and exciting landscapes in your back yard!
Not all is lost, and you can have a lot of fun duping corporations into trashing their data hive with your fakes. I don't know about you, but it sure entertains me to see corporations believe in the existence of a person that only exists in my head.
Maybe it's time to create a webpage dedicated to showing off how you could dupe data collectors into believing your forgeries.
Re: (Score:3)
You're just creating a data set to train distinguishing real vs fake profiles.
Sure you might avoid the bullet for a few years, but the value of a clearly real profile goes up, and soon they can guess which parts if you are real.
Better to hide as much as possible. Turn off, as in pop the battery of, your phone when not in use.
Re: (Score:3)
Oh, I actually only create fake profiles. I, myself, don't exist. At least as far as Facebook, Twitter and all the others are concerned.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Where does my ISP get the info from where I go from the VPNs and TOR?
Re: (Score:3)
Where does my ISP get the info from where I go from
Read TFA. From your cell phone vendor and geolocating your ISP, wifi hangouts etc. You may post pictures of rock climbing the Himalayas but they can see you doing it from your living room. (In your boxers if you have a web-cam, probably even if it's disabled in bios...)
Re: (Score:3)
Re: (Score:2)
Re: (Score:1)
Try doing a search sometime on your own name or your spouse or kids. Among the scores of pay sites you'll see listings that give just a hint of what they've found.
I see records of every place I've ever lived, prior to the Internet going back decades. Same for my wife and kids. About the only truly anonymous one in my house seems to be my cat...s**t no I see here PET-Meds must be selling information too.
Re: (Score:2)
Having a unique name, searching it provides me with joy, for that is of course also something I gamed, just in case some prospective employer wants to see what I'm up to. Me being close buddies with Bruce Schneier is getting old, though, I need a new BFF.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Seriously.
What Google and Bing are selling is aggregate data. You can actually buy it and find out for yourself; you don't even have to be a corporation to do so, but you can get better pricing if you're at least an LLC.
Look at the data you can buy from them, then come talk to me. I'd share, but I'd be in violation of the agreement I signed when I paid for access.
If you wanted a truly terrifying example, you should have used Facebook; but, then, they don't have anything on me that
Re: (Score:2)
...but they don't know whether Tulip and Blue are my cats or my kids.
The former I hope!
Two words: Harvey Weinstein (Score:2)
Or enjoy playing with them. Poison their data well. Create false information about yourself. Get creative and have exciting new hobbies. Have fun with it and explore the exiting world of being a product. [examples...]
Reminds me of the "defamation service" suggested by some people in the '80s. Idea was to hire a servince to spread lots of scandalous, but clearly false if examined closely, rumor about you, in order to discredit any other rumors about you later.
Problem is, that puts too high a bar on the rumo
Re: (Score:2)
I've been looking into randomly generating new faces, but that is turning out to be difficult. There are a few elements I can generate - but the face space of the resulting set is merely a million or so faces that are not clearly artificial.
We need to get this work automated so that various figments of the script's imagination can interact with each other independently of us.
Re: (Score:2)
I love this idea... have done similar things on a much much smaller scale. The question I pose to Slashdot is this... how the hell do I get this one annoying software company ad off my Slashdot phone profile? I is there every day in some form or fashion for a year. As much as I block ads on my PC, I haven't had luck running non-Safari browsers on my iphone so ads are making me crazier and crazier. Now I just want DIFFERENT ads.
Re: (Score:2)
It's entertaining. Sure, setup is a bit of a bore, but it's creative. Some paint, some sculpt, I create profiles. It's fun and we're a really awesome shared house by now, though Melissa is currently sick with the flu. We're all very worried, last night the fever went really high.
Defeatist crap trap (Score:1)
If the war is lost, why did they need to keep it secret??
Just buy up every celebrity location, politician, judge, tv presenter's data and do cross analysis on it.
Want to know who Hannity met just before he repeated that Russian "deep state" crap? Just pull his data, his families data and do co-location analysis to go see.
Want to know who Chairman Pai met just before he started on that attempt to kill Net Neutrality, well his location data will show where he was and who he met with, if it was a face to face
Follow the Phone (Score:2)
Re: (Score:3)
I escaped it.
I purchased a phone that could be rooted, and did so. Then I installed xPrivacy.
xPrivacy feeds false location information to all apps on the phone. So far as all of my apps are concerned I am standing on Chistmas Island. Similarly, I am also feeding my apps false advertising IDs and false phone ID numbers.
Re: (Score:2)
You're aware that just by following cell-tower protocols you're uniquely identifiable and trackable right? The cell network knows which towers you're connected to and the command sets are insecure and built to give control to the phone companies. Unless you're carrying around 10 different burn-phones and swapping them all out daily you're definitely still trackable.
You may have raised the bar just a bit for random website X to track you, but it's hardly a hiccup to your phone carrier.
Note: The X-UIDH head
Revoke their "common carrier" status. (Score:2)
If Verizon and AT&T are pathologically customer-hostile, then it is time for the electorate to emasculate them.
Tor is obviously not enough. Fine them into oblivion, then sell their assets at auction.
Re: (Score:2)
We ARE the product, and short of bloody revolution there's SFA we can do about it. Time to open that Facebook account I guess - the war has been lost, so I may as well get as much value as I can out of our corporate overlords in return for them raping my privacy.
If it were really so hopeless why would cell companies bother trying to scrub the evidence from the Internet? They were obviously AFRAID of something.
Do you not get a monthly bill from your cellular provider? You could just not pay it and instead take your business elsewhere. Consumers have all of the power in the world to affect change... assuming they are sufficiently motivated to get off their assess and stop crying about something they have the power to change.
Besides creating overlay networks on top
Re: (Score:2)
Consumers have all of the power in the world to affect change... assuming they are sufficiently motivated to get off their assess and stop crying about something they have the power to change.
They only have that power if they organize and act in concert. Individual consumers - and even groups of them that aren't a significant percentage of the whole market - have essentially zero power.
Besides creating overlay networks on top of IP is trivially easy. You could for example run TOR on your mobile or find/create a VPN service you have some reason to trust.
It has never been easier for people all over the world to communicate privately.
That's true, but pretty much irrelevant to the current discussion. My carrier knows who I am, by definition - and he also knows where I am to at least a reasonable degree of accuracy, (even when I have data and WiFi turned off), via cell tower triangulation. When third party commercial entities have access to my l
Re: (Score:1)
And now with the new trend of non-removable batteries, your phone is never truly off, even when you hit the power button, but instead goes into a very low-power hibernation mode due to E-911 law requirements.
Re: (Score:2)
Re: (Score:2)
Escape is simple. Don't use a mobile phone.
You can get along just fine without it. Remember what it was like to enjoy things with all of your attention?
You too can really be *done* with work at 5pm, just like your boss.
Privacy is still a thing, you just have to want it.
Re: (Score:2)
Escape is simple. Don't use a mobile phone.
The slippery slope argument is obvious and, I think, valid. For a true escape I need to disengage from the Internet altogether. But then there are those cameras everywhere, and increasingly facial recognition is being used on the images they capture - time to start wearing a disguise and altering my gait. Etcetera, etcetera.
You can get along just fine without it.
There are LOTS of modern conveniences that we can give up - cars, telephones, toasters, electric drills... If your electric drill was spying on you and any drill you purchased did the sa
You agreed to this (Score:1)
Re:You agreed to this (Score:5, Insightful)
Problem is, I don't know what of my currently innocent doings will be considered nefarious in a decade, and neither does anybody else.
But the information will still be out there.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
ToS terms don’t supercede statutory law which is why the FCC punished them. Unfortunately now that Shit Pai runs the FCC, enforcement against his corporate masters will probably never happen.
Almost? (Score:2)
Slackers, there's money to be made!
Re:Buy a Librem 5 phone instead (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
T.H. White said it best (Score:3)
Everything which is not forbidden is compulsory.
If a company isn't forbidden from selling it to make money they will find a way to do so.
Re: (Score:2)
This is why you'll see companies that pay their workers minimum wage come down in favor of raising the minimum wage.
You are 100% correct. The simplest solution is the easiest. Elect people that will outlaw this practice.
Re: (Score:2)
Re: (Score:2)
Like a good little corporate whore...
Re: That's why (Score:3)
Re: (Score:1)
I find the opposite.
I've never touched FB, and yet I feel I've missed nothing with regard to family and friends (and I have a lot of them spread throughout the US in all the places I've lived).
We keep in touch with group texts...emails, phone calls and (GASP) making it a point to get together whenever poss
Re: (Score:2)
Location services has fuck all to do with what Verizon was doing.
You can avoid some of it (Score:4, Interesting)
Don't use Facebook... or any social networking site. If you're going to post on a site like Slashdot, consistently fake a few personal details and simply never share others.
Don't use GMail, Hotmail, or any other such system. (I run my own mail server, which is probably not reasonable for most people... but there's also probably a market out there for a small appliance with a domain registration + DNS package that gives you your mail server without too much user effort).
I have friends 'IRL', which is where they belong. If I only ever catch up with you by reading your Facebook page... we're not friends anymore anyway.
You're still going to leave a trail through your credit or debit card, plus whatever government database you're in that is shared in any way, but you can significantly limit the data gathered on you.
Unfortunately, that's less true every day. Every photo you're in is subject to facial recognition and even if it's not location tagged... location recognition probably isn't far behind (I don't like being photographed and every year I let my kids' school know they're not authorized to publish their names or pictures except in the hardcopy yearbooks). Every text post you're mentioned in can be used to build a shadow profile of you. Other people are giving up your personal information for you whether you want them to or not. And, of course... your phone company is pimping you out to data miners like you're a $2 alley-dwelling crack whore.
Re: (Score:2)
I have a telephone (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Your PHONE is tracking you.
I thought I saw something duck into an alley when I looked over my shoulder while walking down the street last night.
Re: (Score:2)
Re: (Score:1)
Fake personal details? (Score:2)
I'm a 6'2'" wall of muscle with a string of romantic conquests, a PHD is Astrophysics and a collection of Star Wars action figures.
Ha! Only one of those things is true but good luck figuring out which with all your highfalutin statistics.
Suprise (Score:2)
run a vpn (Score:2)
As I understand this, it could be easily thwarted by running a VPN. My wife runs vpn on her phone constantly. It is easy enough.
Re:run a vpn (Score:5, Informative)
Re: (Score:2)
Verizon will still know your location, but they will not be able to share it with the advertiser.
It would help because, the way this works is that Verizon injects cookies into the HTTP request. Then the advertiser sees the cookies and goes "Oh, let me make a web service call to Verizon to get the location for the user with this cookie." They can also fall back to using their IP address. If you use a VPN, Verizon won't be able to MITM your browsing session, and your IP address will be the VPN's IP address
Re: (Score:2)
Well, odds are your browser self-identifies as a mobile browser. So they will know that. But it will protect the rest of your data.
Shitty voting (Score:2)
It's been going on for some time. (Score:2)
Well, duh (Score:2)
If a company has data about you, they are selling it to anyone willing to pay the fee.
There are exceptions, of course, but they are rare enough to safely ignore.
Re: (Score:2)
No, the exceptions are usually worse. Of course, by exceptions I mean Google, Facebook, etc. Those who prioritize collecting and monetizing all that data, and would never dream of selling such an asset.
Re: (Score:2)
I don't think of those as exceptions, but I guess technically they are. The reason I don't think of them as exceptions is because they're just cutting out the middleman while retaining the sort of behavior I object to.
For credit card / payment processing (Score:2)
Re: (Score:2)
I think the part that's concerning is that entities that aren't related to a transaction that you're conducting can buy that information.
Sigh, so tired of everyone selling us out (Score:2)
This is SO tiring. Everywhere there is someone looking for some way to sell us out for a quick buck. Here we go again, the carriers trying to get their pound of flesh and avoid being disintermediated by the Facebooks and Alphabets of the world.
Not really related, but last night I saw the 60 Minutes piece showing how Rep. Tom Marino, a Pennsylvania Republican, shepherded big-pharma-written legislation to prevent the DEA from prosecuting Fortune 500 companies which deliberately make opiates available for d
Looking in the wrong direction for "Big Brother" (Score:2)
Is anybody still under the impression that Orwell's "Big Brother" can only be a government?
The rise of "Big Brother" is being missed because everybody's convinced it can only come from the Government... and not from friendly corporations, who only have our best interests at heart.
That answers my question (Score:2)
After the eclipse while on vacation, I got spammed on my cell phone from a business I drove past. I wondered who outed me, guess it was my cell phone service.
Re: (Score:2)
Opt-in (Score:2)
Re: (Score:2)
Give me a break. It is 2017. If you are going to use your mobile phone like that, why carry one at all. And what is astonishing is someone posted this drivel on the Internet. If you are going to all this trouble, why are you using the Internet? The Internet is the biggest data collection machine of them all.
Re: (Score:2)
Re: (Score:2)
You couldn’t opt out of it. Verizon was doing it in secret.