New York Times analyzes a leaked set of location data from a private broker, sounds the alarm

Originally published at:


We promise to say we are sorry and say something that sounds like “we won’t do it again” but doesn’t actually mean that whenever we are noticed. Unless it is inconvenient.


Have I mentioned that this type of behavior, this lawless appropriation and reckless disregard for humans, is thoroughly discussed by Shoshanna Zuboff in her book The Age of Surveillance Capitalism?

[SZ] That’s the whole point. Now we have markets of business customers that are selling and buying predictions of human futures. I believe in the values of human freedom and human autonomy as the necessary elements of a democratic society. As the competition of these prediction products heats up, it’s clear that surveillance capitalists have discovered that the most predictive sources of data are when they come in and intervene in our lives, in our real-time actions, to shape our action in a certain direction that aligns with the kind of outcomes they want to guarantee to their customers. That’s where they’re making their money. These are bald-faced interventions in the exercise of human autonomy, what I call the “right to the future tense.” The very idea that I can decide what I want my future to be and design the actions that get me from here to there, that’s the very material essence of the idea of free will.<


I doubt that a real corporation would very make any kind of admission of culpability. :money_mouth_face:


It is one of the best pieces of journalism I’ve read all year, and I hope it serves as a wake up call to the majority of Americans. It’s not the government spying on you that we have to worry about right now, it’s the corporations and how the infinite well of data they’ve collected on you will be turned against you and weaponized to their advantage. Not to mention the inherent insecurity of almost every single corporation and the leaks that will inevitably put people’s lives in danger.

I’m seriously considering not getting another smart phone and going back to the boring old days of non-gps enabled flip phones. Paper maps work just fine.


Let’s be clear: the reason your location history is published like this is because you used apps provided by advertising companies, and they gave it to anyone with a couple of pennies because that is their job.

It’s not your fault for daring to own a smartphone, any more than being mugged is your fault for foolishly having money. The New York Times has a financial incentive to frame it that way, but it’s not true. Yes, owning a smartphone creates the possibility of an accidental leak of your GPS data. You can probably live with that kind of risk, just as you do by using email or having a bank account.

But when an advertising company “leaks” your data, that is not an accident. If you use a $4.99 non-ad-supported app to track your bike rides, yes, there is a chance your data might leak. But if you use a “free” app from a company that takes advertising dollars, your data will leak, because that is the whole point of them providing the app.

Ad-supported news outlets – which is basically all of them – will never join the dots for you on this. You aren’t going to see the words “Advertising Did This To You on Purpose!” flashing on a screen. But that’s the truth. Just, like, ask your brain.


I’ve been moving more and more to treating my smartphone as what it really is: a PDA. Most of the time I have cellular data turned off and connect using whatever Wifi is handy, and only make or take calls on it via VOIP.

Now of course, none of this prevents the carrier from keeping a record of which towers are pinged by the SIM card under my name. That’s the issue being discussed here, and the only solution available is strict legislation on data retention and access for the carriers, with strict punishments to match.

Unfortunately, there’s a lack of willingness by the GOP and the Dem establishment to do this, although this article may help scare some politicians and big donors into action.


Your location data is collected by much more than nasty apps harvesting GPS location. The Location Industry is like a magician. It waves a hand, and you focus on things you think you control. The reality is much of the data collection is NOT under your control.

For example, the Times story said the data included Carrier provided location. This is location info that is created as the Cell carriers track the location and movement of cellphones around their network. It can be very precise. It is created by measuring cellphone signal strength at multiple cell-towers. This type of data was the center of the recent Carpenter vs US court case. The Friends Of The Court briefings in Carpenter, provided a good overview of this data source. A cell provider to a modern, well-provisioned city can tell your location within a dozen meters or so. The only way to stop the collection of Carrier location data is to turn your phone off (and hope it stays off), use an effective Faraday cage, or leave your phone home.

Your phone can similarily locate itself by measuring the signal strength of surrounding cell-towers. It can also locate itself by measuring the signal strength of surrounding WiFi access points, bluetooth sources, and near-field sources. If your phone has the ability to sense FM, it could locate against known FM sources. Modern devices also do local communication via sound and light. Of course, all these various end-points have the ability to identify your cell-phone, track it’s location and collect info about you. Your phone constantly shouts it’s identity to the surrounding environment. As a result, we have things like stores that identify your cellphone and track you while you are near the store. You have no control over many of the sources of location tracking information.

It is almost impossible to keep location tracking information from being created. We should try, but ultimately we are doomed to failure. Our civilization requires constant interaction with others. Our best hope is probably:

  • Decrease the value of tracking information. Perhaps by causing it to incur regulatory (and possibly tax) expenses.
  • Reform the 3rd Party Doctrine. Currently, we have no influence after our info passes to a 3rd party. We need to override the 3rd Party Doctrine and retain control over any collected info that can be used to predict or manipulate us.

I created a couple YouTube videos to explain these issues to my security students:


dweller_below did a great job at replying, but for the TLDR; folks, you could buy a phone, never install anything, or browse anything and you can expect these same results…

1 Like

Location data is a main ingredient of what Zuboff calls Behavioral Surplus.

1 Like

But my point was that this is not the immediate problem. It’s impossible to keep your phone from creating information about who you called, but that doesn’t mean that by owning a phone you’re asking for your phone logs to turn up on the open market, or that you should assume they routinely will.

We expect that our call history is private, and it mostly is, and we’re still shocked if it ever isn’t. Why don’t we have the same expectation for other data? The obvious difference is that phone service has always been something we pay for, and everything else is commonly paid for by ads.

And of course, ad-funded media constantly tell us that we’re asking for our location and social media and fitbit data to be sold for peanuts – that if we want the internet, we must accept unfettered violation by the ad industry and we have no choice in the matter.

As you point out, carriers can track you even without your phone’s help. That is a separate crime. But as you also point out, when you use the ad industry’s software on your phone, that amplifies the value of the tower data. And, again, the carriers can do this with impunity because we’ve all been told it’s inevitable anyway.

Ultimately it will take an MP-5 and a brick wall regulation to fix this. But that won’t even start to happen so long as we believe there is no alternative. If more people just tried to not hemorrhage data, they’d (a) have some success and (b) realise specifically where they’re getting fucked.


Flip phones leak a decent amount of location since the way you’re ided is to look at home and work.

Threat model. For your model a landline is better since you care about location

This topic was automatically closed after 5 days. New replies are no longer allowed.