Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
AT&T Businesses Cellphones Communications Network The Almighty Buck The Internet Verizon

Mobile Phone Companies Appear To Be Selling Your Location To Almost Anyone ( 149

An anonymous reader quotes a report from TechCrunch: You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers' traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily. The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)
This discussion has been archived. No new comments can be posted.

Mobile Phone Companies Appear To Be Selling Your Location To Almost Anyone

Comments Filter:
  • by jenningsthecat ( 1525947 ) on Tuesday October 17, 2017 @09:06AM (#55382277)

    We ARE the product, and short of bloody revolution there's SFA we can do about it. Time to open that Facebook account I guess - the war has been lost, so I may as well get as much value as I can out of our corporate overlords in return for them raping my privacy.

    • by Anonymous Coward on Tuesday October 17, 2017 @09:15AM (#55382303)

      This is caused by all those pesky regulations. Verizon has been telling us for years that all we have to do is free their industry from regulations and they would immediately become more altruistic.

      Loosening those privacy rules would immediately make all this better. For one, they wouldn't been in violation of said rules anymore.

    • by gnick ( 1211984 ) on Tuesday October 17, 2017 @09:15AM (#55382305) Homepage

      Time to open that Facebook account I guess - the war has been lost...

      TFS talks about some information being made available to all bidders, but it doesn't NEARLY approach the information collected by FB. I am a FB user and I do have location services turned on. I see some creepy shit. It asked me about my trip to a place where I'd stopped in the parking lot on my way home from work. It offered a friend suggestion for a person I'd had no online interaction with, but sat down with that day at Starbucks for an hour. I can only imagine what they know about me that they're not sharing.

      • by Sporkinum ( 655143 ) on Tuesday October 17, 2017 @09:44AM (#55382427)

        I got an ad on facebook for an anti snoring aid. I did not say anything about that on facebook, nor did I shop for anything like that. The only way it would know such things is that it monitors the microphone on the phone. The facebook "lite" app I installed a couple of months ago was promptly removed from my phone.

        • by Calydor ( 739835 ) on Tuesday October 17, 2017 @10:05AM (#55382515)

          Maybe snoring is so common that the makers of this aid just did as they did in the old days - they sent the ad to everyone?

          Not ALL ads are completely tailor-made to each individual user.

          • This is probably the correct answer. I asked my wife if she mentioned me snoring in a message to her friends,and she's said no. Regardless, the add creeped me out enough that it was the nudge i needed to delete the app and go over my account to look for leaks. A couple of minor things needed tweaked,but for the most part is pretty clean.

        • by Pascoea ( 968200 )

          nor did I shop for anything like that [emphasis mine]

          Does your wife use your computer? Which leads me to a good idea.... I should start searching for anti-snoring stuff on my wife's login, maybe she'd take a hint.

        • paranoid much?

        • Facebook might not know you want anti-snoring things. It could be that the people they are selling the advertisement to (on offer, an ad to Sporkinum, bid now) know you would be interested in it.

      • by Anonymous Coward

        Verizon also sells accelerometer data. I never get telemarketer calls when not handling the phone, but if I leave it idle for an hour or two and then pick it up there's at least a 50% chance of getting one before the phone gets into my pocket.

      • by ljw1004 ( 764174 ) on Tuesday October 17, 2017 @10:32AM (#55382681)

        It offered a friend suggestion for a person I'd had no online interaction with, but sat down with that day at Starbucks for an hour.

        I bet that friend got home and looked you up on Facebook to see more about you, browse through your photos etc. And that if they look you up, then they get suggested to you as a friend.

      • getting by without a mobile phone is damn near impossible, especially in today's hyper-competitive job market.
        • by gnick ( 1211984 )

          The difference is it's easy to not use Facebook

          Just because you've never signed up for FB does not mean they're not tracking you. You're a FB user the same way you're an Equifax customer.

      • Holy fuck Batman! I always knew in the back of my mind that kind of thing was possible, but didn't really think about it too hard. Hearing your stories makes the whole 'opt-in for 24/7 surveillance' thing WAY creepier than I've always felt it to be. Thanks for sharing - guess I won't jump on that social networking bandwagon any time soon.

    • by Opportunist ( 166417 ) on Tuesday October 17, 2017 @09:15AM (#55382307)

      Or enjoy playing with them. Poison their data well. Create false information about yourself. Get creative and have exciting new hobbies. Have fun with it and explore the exiting world of being a product. Create a mail address for every possible occasion where you might need one and watch how it travels through the various places. Respond to their "quality assurance" test and enter as much false information as you can. Create 2, 3, 10 personas and let them gain a rich and interesting life. One of mine is for example a freeclimber and has shared many photos on instagram of his travels around the world. Google pix helps. Of course, photoshop it sufficiently to thwart algorithms trying to match it with the original. That's fairly easy and can be done by laymen by now. Create new and exciting landscapes in your back yard!

      Not all is lost, and you can have a lot of fun duping corporations into trashing their data hive with your fakes. I don't know about you, but it sure entertains me to see corporations believe in the existence of a person that only exists in my head.

      Maybe it's time to create a webpage dedicated to showing off how you could dupe data collectors into believing your forgeries.

      • You're just creating a data set to train distinguishing real vs fake profiles.

        Sure you might avoid the bullet for a few years, but the value of a clearly real profile goes up, and soon they can guess which parts if you are real.

        Better to hide as much as possible. Turn off, as in pop the battery of, your phone when not in use.

        • Oh, I actually only create fake profiles. I, myself, don't exist. At least as far as Facebook, Twitter and all the others are concerned.

      • That's a great (?) way to waste time. Personally I have better things to do with my life than playing hide and seek. Or running to the wilderness for guaranteed privacy. And by better things I don't mean Facebook of course.
      • by DogDude ( 805747 )
        Your ISP still sells all of your identifying info, so the big companies know that all of those characters are the same person.
        • Where does my ISP get the info from where I go from the VPNs and TOR?

          • by ebyrob ( 165903 )

            Where does my ISP get the info from where I go from

            Read TFA. From your cell phone vendor and geolocating your ISP, wifi hangouts etc. You may post pictures of rock climbing the Himalayas but they can see you doing it from your living room. (In your boxers if you have a web-cam, probably even if it's disabled in bios...)

          • by DogDude ( 805747 )
            They tie together your IP address, MAC address, time and date, along with all of the info from Google and Apple and Amazon and Facebook.
        • How does my ISP know how many people live in my house? They only know I exist, because I pay the bill; they might have some idea that my wife exists, but they don't know whether Tulip and Blue are my cats or my kids.
          • by Anonymous Coward

            Try doing a search sometime on your own name or your spouse or kids. Among the scores of pay sites you'll see listings that give just a hint of what they've found.
            I see records of every place I've ever lived, prior to the Internet going back decades. Same for my wife and kids. About the only truly anonymous one in my house seems to be my cat...s**t no I see here PET-Meds must be selling information too.

            • Having a unique name, searching it provides me with joy, for that is of course also something I gamed, just in case some prospective employer wants to see what I'm up to. Me being close buddies with Bruce Schneier is getting old, though, I need a new BFF.

            • Only about 5% of the information that comes up when searching my name actually pertains to me, and there are a great many holes in that data, as well. I can't piece together my story from what's there and I do know all of the details. Perhaps you should be more careful?
              • by DogDude ( 805747 )
                Google or Bing don't show you the information that is being bought and sold about you. It's not publicly available, hence companies *selling* your info.
                • Even if you buy it?


                  What Google and Bing are selling is aggregate data. You can actually buy it and find out for yourself; you don't even have to be a corporation to do so, but you can get better pricing if you're at least an LLC.

                  Look at the data you can buy from them, then come talk to me. I'd share, but I'd be in violation of the agreement I signed when I paid for access.

                  If you wanted a truly terrifying example, you should have used Facebook; but, then, they don't have anything on me that
          • by Whibla ( 210729 )

            ...but they don't know whether Tulip and Blue are my cats or my kids.

            The former I hope!

      • Or enjoy playing with them. Poison their data well. Create false information about yourself. Get creative and have exciting new hobbies. Have fun with it and explore the exiting world of being a product. [examples...]

        Reminds me of the "defamation service" suggested by some people in the '80s. Idea was to hire a servince to spread lots of scandalous, but clearly false if examined closely, rumor about you, in order to discredit any other rumors about you later.

        Problem is, that puts too high a bar on the rumo

      • I've been looking into randomly generating new faces, but that is turning out to be difficult. There are a few elements I can generate - but the face space of the resulting set is merely a million or so faces that are not clearly artificial.

        We need to get this work automated so that various figments of the script's imagination can interact with each other independently of us.

      • I love this idea... have done similar things on a much much smaller scale. The question I pose to Slashdot is this... how the hell do I get this one annoying software company ad off my Slashdot phone profile? I is there every day in some form or fashion for a year. As much as I block ads on my PC, I haven't had luck running non-Safari browsers on my iphone so ads are making me crazier and crazier. Now I just want DIFFERENT ads.

    • by Anonymous Coward

      If the war is lost, why did they need to keep it secret??

      Just buy up every celebrity location, politician, judge, tv presenter's data and do cross analysis on it.

      Want to know who Hannity met just before he repeated that Russian "deep state" crap? Just pull his data, his families data and do co-location analysis to go see.

      Want to know who Chairman Pai met just before he started on that attempt to kill Net Neutrality, well his location data will show where he was and who he met with, if it was a face to face

    • I escaped it.

      I purchased a phone that could be rooted, and did so. Then I installed xPrivacy.

      xPrivacy feeds false location information to all apps on the phone. So far as all of my apps are concerned I am standing on Chistmas Island. Similarly, I am also feeding my apps false advertising IDs and false phone ID numbers.

      • by ebyrob ( 165903 )

        You're aware that just by following cell-tower protocols you're uniquely identifiable and trackable right? The cell network knows which towers you're connected to and the command sets are insecure and built to give control to the phone companies. Unless you're carrying around 10 different burn-phones and swapping them all out daily you're definitely still trackable.

        You may have raised the bar just a bit for random website X to track you, but it's hardly a hiccup to your phone carrier.

        Note: The X-UIDH head

    • If Verizon and AT&T are pathologically customer-hostile, then it is time for the electorate to emasculate them.

      Tor is obviously not enough. Fine them into oblivion, then sell their assets at auction.

    • We ARE the product, and short of bloody revolution there's SFA we can do about it. Time to open that Facebook account I guess - the war has been lost, so I may as well get as much value as I can out of our corporate overlords in return for them raping my privacy.

      If it were really so hopeless why would cell companies bother trying to scrub the evidence from the Internet? They were obviously AFRAID of something.

      Do you not get a monthly bill from your cellular provider? You could just not pay it and instead take your business elsewhere. Consumers have all of the power in the world to affect change... assuming they are sufficiently motivated to get off their assess and stop crying about something they have the power to change.

      Besides creating overlay networks on top

      • Consumers have all of the power in the world to affect change... assuming they are sufficiently motivated to get off their assess and stop crying about something they have the power to change.

        They only have that power if they organize and act in concert. Individual consumers - and even groups of them that aren't a significant percentage of the whole market - have essentially zero power.

        Besides creating overlay networks on top of IP is trivially easy. You could for example run TOR on your mobile or find/create a VPN service you have some reason to trust.

        It has never been easier for people all over the world to communicate privately.

        That's true, but pretty much irrelevant to the current discussion. My carrier knows who I am, by definition - and he also knows where I am to at least a reasonable degree of accuracy, (even when I have data and WiFi turned off), via cell tower triangulation. When third party commercial entities have access to my l

        • And now with the new trend of non-removable batteries, your phone is never truly off, even when you hit the power button, but instead goes into a very low-power hibernation mode due to E-911 law requirements.

    • We can start by not electing shitheads like Trump who cripple the FCC and suck the telecoms dicks.
    • Escape is simple. Don't use a mobile phone.

      You can get along just fine without it. Remember what it was like to enjoy things with all of your attention?

      You too can really be *done* with work at 5pm, just like your boss.

      Privacy is still a thing, you just have to want it.

      • Escape is simple. Don't use a mobile phone.

        The slippery slope argument is obvious and, I think, valid. For a true escape I need to disengage from the Internet altogether. But then there are those cameras everywhere, and increasingly facial recognition is being used on the images they capture - time to start wearing a disguise and altering my gait. Etcetera, etcetera.

        You can get along just fine without it.

        There are LOTS of modern conveniences that we can give up - cars, telephones, toasters, electric drills... If your electric drill was spying on you and any drill you purchased did the sa

  • by Anonymous Coward
    You agreed to this in the ToS. This should not be a surprise to anyone. Turn the phone off when you do your nefarious deeds; or leave it someplace where you plan to have your alibi.
    • by mwvdlee ( 775178 ) on Tuesday October 17, 2017 @09:16AM (#55382309) Homepage

      Problem is, I don't know what of my currently innocent doings will be considered nefarious in a decade, and neither does anybody else.
      But the information will still be out there.

      • Get rid of your smartphone and deny them as much data as possible. Get a plain old telephone and turn it off when you're not using it or put it in airplane mode so there's no tracking your location. If you're electronically inclined then open it up, locate the GPS antenna, and short it to ground so there'll be no GPS tracking of your location possible except what cell tower you're connected to (when the phone is on that is). Now you're giving them essentially ZERO data and they can go pound sand if they don
    • Yea, yea, yea, first born something, surrender your immortal whatever, blah, blah blah. What's the point of reading something before signing?
    • ToS terms don’t supercede statutory law which is why the FCC punished them. Unfortunately now that Shit Pai runs the FCC, enforcement against his corporate masters will probably never happen.

  • Slackers, there's money to be made!

  • by H3lldr0p ( 40304 ) on Tuesday October 17, 2017 @09:27AM (#55382361) Homepage

    Everything which is not forbidden is compulsory.

    If a company isn't forbidden from selling it to make money they will find a way to do so.

    • by Boronx ( 228853 )

      This is why you'll see companies that pay their workers minimum wage come down in favor of raising the minimum wage.

      You are 100% correct. The simplest solution is the easiest. Elect people that will outlaw this practice.

  • by Baron_Yam ( 643147 ) on Tuesday October 17, 2017 @09:34AM (#55382395)

    Don't use Facebook... or any social networking site. If you're going to post on a site like Slashdot, consistently fake a few personal details and simply never share others.

    Don't use GMail, Hotmail, or any other such system. (I run my own mail server, which is probably not reasonable for most people... but there's also probably a market out there for a small appliance with a domain registration + DNS package that gives you your mail server without too much user effort).

    I have friends 'IRL', which is where they belong. If I only ever catch up with you by reading your Facebook page... we're not friends anymore anyway.

    You're still going to leave a trail through your credit or debit card, plus whatever government database you're in that is shared in any way, but you can significantly limit the data gathered on you.

    Unfortunately, that's less true every day. Every photo you're in is subject to facial recognition and even if it's not location tagged... location recognition probably isn't far behind (I don't like being photographed and every year I let my kids' school know they're not authorized to publish their names or pictures except in the hardcopy yearbooks). Every text post you're mentioned in can be used to build a shadow profile of you. Other people are giving up your personal information for you whether you want them to or not. And, of course... your phone company is pimping you out to data miners like you're a $2 alley-dwelling crack whore.

    • This has nothing to do with Facebook. Your PHONE is tracking you. Do you have a phone? If so, why do you care about Facebook?
    • Governments want to know everything about us. And all this is happening so that we are more secure. But we are not. We lose freedom without gaining anything in return.
    • That's a great idea. Let me get started:

      I'm a 6'2'" wall of muscle with a string of romantic conquests, a PHD is Astrophysics and a collection of Star Wars action figures.

      Ha! Only one of those things is true but good luck figuring out which with all your highfalutin statistics.
  • You are carrying a location tracking device in your pocket. Don't be surprised.
  • As I understand this, it could be easily thwarted by running a VPN. My wife runs vpn on her phone constantly. It is easy enough.

    • Re:run a vpn (Score:5, Informative)

      by 110010001000 ( 697113 ) on Tuesday October 17, 2017 @10:12AM (#55382553) Homepage Journal
      Nope. How would a VPN help? A mobile phone is a location tracking device. It is part of the network design and wouldn't work without it.
      • by MobyDisk ( 75490 )

        Verizon will still know your location, but they will not be able to share it with the advertiser.

        It would help because, the way this works is that Verizon injects cookies into the HTTP request. Then the advertiser sees the cookies and goes "Oh, let me make a web service call to Verizon to get the location for the user with this cookie." They can also fall back to using their IP address. If you use a VPN, Verizon won't be able to MITM your browsing session, and your IP address will be the VPN's IP address

  • Let's address the root of the issue: This is all 100% legal because the assclowns that most people vote for made it so. None of this should be legal. My ISP shouldn't be selling my info. My cell provider shouldn't be selling my info.
  • And I'm getting sick of strangers calling me.
  • If a company has data about you, they are selling it to anyone willing to pay the fee.

    There are exceptions, of course, but they are rare enough to safely ignore.

    • There are exceptions, of course, but they are rare enough to safely ignore.

      No, the exceptions are usually worse. Of course, by exceptions I mean Google, Facebook, etc. Those who prioritize collecting and monetizing all that data, and would never dream of selling such an asset.

      • I don't think of those as exceptions, but I guess technically they are. The reason I don't think of them as exceptions is because they're just cutting out the middleman while retaining the sort of behavior I object to.

  • From reading the blog post carefully, it looks like this is designed for credit card processing verification at the point of service. Allowing the gas station's credit card processor to verify you really are at the gas station your credit card is being used at. So in that use case, they would already have your location because they know where the POS terminal is located. This doesn't seem too concerning to me, but they should probably provide an opt-out.
    • I think the part that's concerning is that entities that aren't related to a transaction that you're conducting can buy that information.

  • This is SO tiring. Everywhere there is someone looking for some way to sell us out for a quick buck. Here we go again, the carriers trying to get their pound of flesh and avoid being disintermediated by the Facebooks and Alphabets of the world.

    Not really related, but last night I saw the 60 Minutes piece showing how Rep. Tom Marino, a Pennsylvania Republican, shepherded big-pharma-written legislation to prevent the DEA from prosecuting Fortune 500 companies which deliberately make opiates available for d

  • Is anybody still under the impression that Orwell's "Big Brother" can only be a government?

    The rise of "Big Brother" is being missed because everybody's convinced it can only come from the Government... and not from friendly corporations, who only have our best interests at heart.

  • After the eclipse while on vacation, I got spammed on my cell phone from a business I drove past. I wondered who outed me, guess it was my cell phone service.

  • We need a comprehensive law that requires for each and every bit of information to be collected written consent. First violation is 5% of annual revenue, second offense is 20% of revenue, third is the end of the entire corporation with top level managers being personally liable for any damages. Harsh, but will fix this rampant abuse in no time.

Help! I'm trapped in a PDP 11/70!