Anyone who has ever granted a third-party app access to Location Services could be in a location-tracking database of 12 million phones, says a new report today. And while this database is the largest one yet examined, it represents just a small fraction of the location data bought and sold every day.
The report says that the privacy policies of many apps allow their developers to share your location with ‘trusted partners,’ which could be code for ‘companies who want to buy location data’…
The New York Times carried out a deep dive into the database, which included the locations of people in the Pentagon and White House, among other sensitive locations.
The paper says that the location-tracking database was sent to it by sources concerned by the practice of selling the data and alarmed by the potential for abuse. It notes that selling such data is perfectly legal.
Each piece of information in this file represents the precise location of a single smartphone over a period of several months in 2016 and 2017 […]
It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies — and yet to anyone who has access to this data, your life is an open book. They can see the places you go every moment of the day, whom you meet with or spend the night with, where you pray, whether you visit a methadone clinic, a psychiatrist’s office or a massage parlor […]
If you lived in one of the cities the dataset covers and use apps that share your location — anything from weather apps to local news apps to coupon savers — you could be in there, too.
If you could see the full trove, you might never use your phone the same way again.
The data is supposed to be anonymous, but a previous NY Times piece debunked this claim.
Today’s piece underlines just how easy it is to identify specific individuals.
[One phone] leaves a house in upstate New York at 7 a.m. and travels to a middle school 14 miles away, staying until late afternoon each school day. Only one person makes that trip: Lisa Magrin, a 46-year-old math teacher. Her smartphone goes with her.
An app on the device gathered her location information, which was then sold without her knowledge.
The paper proved this by identifying and tracking sensitive individuals.
Describing location data as anonymous is “a completely false claim” that has been debunked in multiple studies, Paul Ohm, a law professor and privacy researcher at the Georgetown University Law Center, told us. “Really precise, longitudinal geolocation information is absolutely impossible to anonymize.”
The paper was able to identify everything in the location-tracking database from people attending job interviews to those meeting up for a few hours at a time in motels.
We spotted a senior official at the Department of Defense walking through the Women’s March [and] to a high school, homes of friends, a visit to Joint Base Andrews, workdays spent in the Pentagon and a ceremony at Joint Base Myer-Henderson Hall with President Barack Obama in 2017.
Facebook recently admitted that it tracked user locations even when tracking was toggled off.
The full, lengthy NYT piece is well worth reading.
