Who's selling the data is the far more serious issue here. Behind this is a remarkably well-structured syndicate.
The supply chain looks something like this: consumer apps embed ad SDKs → those SDKs feed location signals into RTB ad exchanges → surveillance-oriented firms sit in the RTB pipeline and harvest bid request data even without winning auctions → that data flows to aggregators who don't have any direct relationship with consumers → and from there it's sold to government agencies, among others.
The genius of this structure is that accountability dissolves at every layer. Each intermediary can claim they're just passing along "commercially available data." Nobody verifies whether consumers actually consented to their location data being collected and resold. The consent verification is always someone else's job.
The real problem is that this data is buyable at all, by anyone, through an opaque multi-layered supply chain specifically designed so that no single entity bears responsibility for the end result.
I think the pipeline needs to be plugged at both ends. We shouldnt allow this data to be sold without express consent. And we shouldnt allow the government to purchase this sort of data regardless of consent, protected under the 4th amendment. unless, iguess, express consent is given to be used by the government for investigative purposes, which no one would give since they dont have to under the 5th amendment
Specifically, these big companies revenue share with app companies who in turn increase monetization via selling your private information, esp via free apps. In exchange for Apple etc super high app store rake percentage fees, they claim to run security vetting programs and ToS that vet who they do business with and tell users & courts that things are safe, even when they know they're not.
It's not rocket science for phone OS's to figure out who these companies are and, as iOS / android os users already get tracked by apple/google/etc, triangulate to which apps are participating
The RTB thing has been around for over a decade at this point. What I’m not sure about is what’s being sold by car companies. I know they sell the data to insurance companies. I’m curious if the government can manage to get it as well commercially.
I find myself uninstalling every app unless I really need it and use it. It's amazing how many apps just sit around in your life over time. get them off your phone
Same here. I use Firefox for everything, and uninstall all the junk via adb. Also low power mode not only for battery efficiency, but to prevent most background services from running.
I wouldn't be surprised if we saw a headline in a few years when we find out other actors (e.g. China, Russia) have been buying this data en-masse too.
We can hold both accountable actually, its a workaround of our fourth amendment rights and also it should be illegal to do this for the companies involved.
For example you can have a truthful statement: “all of the apps that you have are constantly spying on you”
And the rejoinder is “ any given app is not specifically selling my data to specifically the FBI and so therefore it is not spying”
To which the response would be: “that is correct however the aggregate data is bundled and sold off to specifically the FBI or intelligence agencies and so there cannot be a logical differentiation between apps.”
By that point the person has downloaded another rewards app and added their drivers license to it.
I'd really like to just have legislation to treat location data like audio or video under wiretapping provisions. If you collect my location info and convey it to a third party without my consent or a reasonable good-faith belief that I would consent, that ought to be treated similarly to recording without consent.
And consent needs to be granted explicitly for each party that might get access to my location, you can't just get blanket consent to sell my location to anyone, especially not with real-time identifiable location data.
> Carpenter v. United States (2018) was a landmark Supreme Court case that held the government generally needs a warrant to access historical cell-site location information (CSLI) from cell phone carriers, as its acquisition constitutes a Fourth Amendment search
This is very different from buying your data from a company especially when the user consented to their location being tracked.
Too many people in these threads jumping to anti-Trump when the real issue is how quick we are to give up our our privacy to use technology and then quickly turn to shock in anger when it’s used against us.
> This is very different from buying your data from a company especially when the user consented to their location being tracked.
No, it's not 'very different'. When you sign a cellular contract you consent to all sorts of tracking and data collection, but it still requires a warrant for government to obtain.
If the SCOTUS case merely said "needs a warrant to access historical data"... it didn't say "only if acquired via specific means" (like a subpoena), right?
The three letter agencies have a long history of ignoring the constitution, long before the Trump administration, going back to their inception, including as recent as the Biden administration [1].
edit: downvoters, is this not true? this is a historic problem with the agencies. This doesn't mean it's not also a problem with this administration. Two things can be true at once. I like pancakes and waffles.
There was a great talk at the Chaos Computer Conference a few years ago how to diy this, sadly cant find it because web search seems dead nowaydays. If anyone knows, please chip in. It was a german researcher following german politicians who hilariously(scandalously?) related travel patterns
That's the job of the FBI - to investigate domestic crimes. But, why do private organizations so willingly participate in the tracking ecosystem? I suppose they're in the, "you have nothing to worry about if you're not doing anything illegal" camp! Hopefully they understand that they have the most to lose.
It's just business. Buy (your data) for a dollar, sell for two. It's all legal and the data brokers are mostly unknown or already-hated companies so I'd say they have nothing to lose.
Differential identification means you can be singled out based on profiles. Even if you don't have any accounts, big tech companies still have shadow profiles, and those shadow profiles can be linked to your offline identity, such that everything you've done that's been recorded, and everything you've done in (temporal, physical, or digital) proximity to other people who do have accounts results in a record of activities.
Sure, you can get a burner, but you have to make sure you never use it anywhere near anyone you know, that the sim is obtained anonymously, that you're never imaged by any of the ubiquitous cameras, etc. Merely having it powered on provides enough metadata to establish a shadow profile, and it's nearly impossible for a person to secure two separate identities. There's also the superman problem - the burner phone would only ever appear when anonymars is missing, and vice versa, creating a real and exploitable pattern if anyone like the FBI wanted to root around in your life. All they'd have to do is query which shadow profiles match the temporal gaps correlated with your disappearance from tracking.
There's really no escaping it. The only fix is legislation - outright banning mass surveillance, with lethal corporate penalties and long prison terms for C-Suite responsible for violations. Short of that, we live in a world that is implicitly compromised and insecure unless you have nation state level resources.
There's also the superman problem - the burner phone would only ever appear when anonymars is missing, and vice versa, creating a real and exploitable pattern if anyone like the FBI wanted to root around in your life. All they'd have to do is query which shadow profiles match the temporal gaps correlated with your disappearance from tracking.
This is nonsense. By your logic, people go 'missing' any time they are not using a computer, whether they're reading a book, in the shower, or asleep in bed.
What if an investigation is based on finding the same specific people near another specific person that they're tracking, but they only know about the one person, not the others.
And by doing this they stop a terror attack?
One more thought - if they buy just data for specific people related to an investigation, the seller of the data is tipped off. If they just buy all the data, then there is no potential tip-off to the target.
You get a "geofence warrant." They exist and are ubiquitous. You then go to Google or any other provider and you demand the data for a specific location in a specific time window. You then use the data to capture criminals. Any other data would not meet the standards of evidence and probably couldn't be used in court anyways. It's only function is for "parallel construction."
Then again, what I _really_ want is for the FBI to prevent crime. If their only solution is to let crime happen and then use a giant dragnet to put people in jail then they are less than worthless... they are actively dangerous to democracy.
For profit organizations are legally required to maximize shareholder value. Many of them will abuse the spirit of the law in order to squeeze profits where others won’t.
The FBI is violating the spirit and original intent of the 4A by creating an entire industry out of the “3rd party doctrine” bypass to the 4A. That doctrine was whole cloth created by SCOTUS and Congress has been too happy to avoid credit or blame for it to not enshrine it in statute.
It's also not new. The FBI has kept dossiers on people of interest and people in positions of power since it was founded. Easier now of course, which is a concern.
Many retail sites have a "find a nearby" store function. They often outsource this to a third party...for something as silly as geolocation and geographical lookups. This third party is the one that offers its services for a discount but also siphons up your location data to sell.
Believe it or not, not everyone is a prison abolitionist and some think that if you kill someone you should go to prison so you can’t go kill another person.
I know. It’s strange. I don’t agree with them. Generally, I think unless a judge and jury reliably witnessed a crime with their own eyes they shouldn’t convict and that prison is an evil place to dispossess the poor of what little dignity they have left after online advertising has raped their senses and datacenters have stolen their water (and don’t forget the atrocities in Gaza) but some other people have these views.
EDIT: why are you downvoting me, guys? I agree with you. Rittenhouse, Zimmerman et al. were good precedents. Trump’s presidential pardons are another thing that keeps free humans with dignity from prison but he hasn’t gone far enough. Regardless, his actions for Jan 6 protestors is one of the best actions for us to free people. These are all good things, even if they are incomplete and therefore imperfect.
How Legal Punishment Affects Crime: An Integrated Understanding of the Law's Punitive Behavioral Mechanisms (2025)
"This article explains what these 13 potential effects of punishment are and how they have been theorized. It further reviews the body of available empirical evidence for each of these mechanisms."
Am all for it if law enforcement were held to the same standards. Plenty of cases where LE murder is simply not enforced. Thus LE becomes a haven for those seeking impunity and ability to nefariously track anyone.
Perhaps we could overturn the third party doctrine. With legislation, preferably. And while we are at it, solve the underlying issue of pervasive data collection and sharing in the first place.
Another angle I think worth attention is product developers should build tools / platforms that don't even touch user data and be open about that so consumers can choose those more. I believe people will choose privacy when given the choice more often if the product is just as good or better.
The government shouldn’t be able to contract out anything it isn’t permitted to do directly itself. We should have this in the law, get rid of qualified immunity for everyone including lawmakers, and reign in the government.
Buying it just clears up the chain of custody as opposed to the NSA stealing it and reverse engineering your warrant -- OR -- using the good ole stingray.
A generation ago our leaders derided China (and Russia) for this kind of pervasive spying on it's citizens. In the US we did the same thing just increasing costs by enriching the private sector on the way. That's not better. That's worse.
I still remember people asking, "why people in [China], don't protest more actively against it?" as if they would do much better, some others arguing that it was in their "culture" not to protest, as if it would be in the US, they would do anything different: we now have our answer.
Kinda reminds me of when I saw footage online of a group of teens raiding a 7/11 store -- maybe during the BLM riots --, and a top comment was "heh, come try that in Texas ;)". Fantasizing, of course, that Texas has a unique bulwark against that behavior, probably having to do with gun ownership.
And then it turns out the video took place in Dallas.
We like to think there are all these barriers to bad things happening where we live. "I'm sure someone (not me) would stop that." But it turns out there isn't as much bulwark as we think. Or we're the bulwark, so if it isn't us, then there is nobody else.
It’s that sort of behavior— groups of perpetrators committing crimes— that allow people to justify enhanced surveillance tactics.
I think in years past people would have objected to sale of personal location data. But that was before people had videos of groups of lawbreakers overwhelming laws through organized efforts.
Who's selling the data is the far more serious issue here. Behind this is a remarkably well-structured syndicate. The supply chain looks something like this: consumer apps embed ad SDKs → those SDKs feed location signals into RTB ad exchanges → surveillance-oriented firms sit in the RTB pipeline and harvest bid request data even without winning auctions → that data flows to aggregators who don't have any direct relationship with consumers → and from there it's sold to government agencies, among others. The genius of this structure is that accountability dissolves at every layer. Each intermediary can claim they're just passing along "commercially available data." Nobody verifies whether consumers actually consented to their location data being collected and resold. The consent verification is always someone else's job. The real problem is that this data is buyable at all, by anyone, through an opaque multi-layered supply chain specifically designed so that no single entity bears responsibility for the end result.
I think the pipeline needs to be plugged at both ends. We shouldnt allow this data to be sold without express consent. And we shouldnt allow the government to purchase this sort of data regardless of consent, protected under the 4th amendment. unless, iguess, express consent is given to be used by the government for investigative purposes, which no one would give since they dont have to under the 5th amendment
Apple and Google are facilitating the data sales
Specifically, these big companies revenue share with app companies who in turn increase monetization via selling your private information, esp via free apps. In exchange for Apple etc super high app store rake percentage fees, they claim to run security vetting programs and ToS that vet who they do business with and tell users & courts that things are safe, even when they know they're not.
It's not rocket science for phone OS's to figure out who these companies are and, as iOS / android os users already get tracked by apple/google/etc, triangulate to which apps are participating
The RTB thing has been around for over a decade at this point. What I’m not sure about is what’s being sold by car companies. I know they sell the data to insurance companies. I’m curious if the government can manage to get it as well commercially.
I find myself uninstalling every app unless I really need it and use it. It's amazing how many apps just sit around in your life over time. get them off your phone
Same here. I use Firefox for everything, and uninstall all the junk via adb. Also low power mode not only for battery efficiency, but to prevent most background services from running.
I do this as well — I also have DNS level blocking via a NextDNS profile and prefer PWAs if possible.
I do this. I also block the ad ecosystems on the device (root, adaway).
I wouldn't be surprised if we saw a headline in a few years when we find out other actors (e.g. China, Russia) have been buying this data en-masse too.
The CIA buys this data to track Putin's chef so of course China and Russia are doing the same to us.
I'd much rather be tracked by China than by anything at all with a USA presence.
As if I had a choice.
As if politicians of any party care now, in a meaningful way.
As if news orgs were ever interested in security experts who sounded the klaxons (for years and years and years).
Do you have a source for this claim?
https://www.wired.com/story/how-pentagon-learned-targeted-ad...
Not sure about now, but geolocation data used to be available for purchase from: https://en.wikipedia.org/wiki/Skyhook_Wireless
There probably was a consent, buried on page 12 in the terms of use of the app they installed at the front of your chain.
I think that practice should be illegal... they know nobody reads those.
Even the "reasonable person" standard for court would probably conclude that most people would never read it.
We can hold both accountable actually, its a workaround of our fourth amendment rights and also it should be illegal to do this for the companies involved.
And it’s working precisely as designed
For example you can have a truthful statement: “all of the apps that you have are constantly spying on you”
And the rejoinder is “ any given app is not specifically selling my data to specifically the FBI and so therefore it is not spying”
To which the response would be: “that is correct however the aggregate data is bundled and sold off to specifically the FBI or intelligence agencies and so there cannot be a logical differentiation between apps.”
By that point the person has downloaded another rewards app and added their drivers license to it.
I'd really like to just have legislation to treat location data like audio or video under wiretapping provisions. If you collect my location info and convey it to a third party without my consent or a reasonable good-faith belief that I would consent, that ought to be treated similarly to recording without consent.
And consent needs to be granted explicitly for each party that might get access to my location, you can't just get blanket consent to sell my location to anyone, especially not with real-time identifiable location data.
The supreme court had a 5-4 decision related to this [1]. Was there something specific, in that decision, that leaves a loophole open?
[1] https://www.supremecourt.gov/opinions/17pdf/16-402_h315.pdf
> Carpenter v. United States (2018) was a landmark Supreme Court case that held the government generally needs a warrant to access historical cell-site location information (CSLI) from cell phone carriers, as its acquisition constitutes a Fourth Amendment search
This is very different from buying your data from a company especially when the user consented to their location being tracked.
Too many people in these threads jumping to anti-Trump when the real issue is how quick we are to give up our our privacy to use technology and then quickly turn to shock in anger when it’s used against us.
> This is very different from buying your data from a company especially when the user consented to their location being tracked.
No, it's not 'very different'. When you sign a cellular contract you consent to all sorts of tracking and data collection, but it still requires a warrant for government to obtain.
You don’t actually consent (per-se) in most cases. Hence the warrant.
If you consented, no warrant would be required.
Why is it different though? Who gets to say so?
If the SCOTUS case merely said "needs a warrant to access historical data"... it didn't say "only if acquired via specific means" (like a subpoena), right?
Yeah, the loophole is always "national security" and SCOTUS doesn't enforce the law.
The Trump admin has found a neat loophole where they ignore the supreme court when they don’t like what the ruling is
The three letter agencies have a long history of ignoring the constitution, long before the Trump administration, going back to their inception, including as recent as the Biden administration [1].
[1] https://ij.org/press-release/fbi-caught-trying-to-sweep-its-...
edit: downvoters, is this not true? this is a historic problem with the agencies. This doesn't mean it's not also a problem with this administration. Two things can be true at once. I like pancakes and waffles.
There was a great talk at the Chaos Computer Conference a few years ago how to diy this, sadly cant find it because web search seems dead nowaydays. If anyone knows, please chip in. It was a german researcher following german politicians who hilariously(scandalously?) related travel patterns
https://arstechnica.com/cars/2024/12/whistleblower-finds-une...
https://www.youtube.com/watch?v=iHsz6jzjbRc
That's the job of the FBI - to investigate domestic crimes. But, why do private organizations so willingly participate in the tracking ecosystem? I suppose they're in the, "you have nothing to worry about if you're not doing anything illegal" camp! Hopefully they understand that they have the most to lose.
It's just business. Buy (your data) for a dollar, sell for two. It's all legal and the data brokers are mostly unknown or already-hated companies so I'd say they have nothing to lose.
I wonder if we can still buy burner phones for cash at Mondo Mart
Differential identification means you can be singled out based on profiles. Even if you don't have any accounts, big tech companies still have shadow profiles, and those shadow profiles can be linked to your offline identity, such that everything you've done that's been recorded, and everything you've done in (temporal, physical, or digital) proximity to other people who do have accounts results in a record of activities.
Sure, you can get a burner, but you have to make sure you never use it anywhere near anyone you know, that the sim is obtained anonymously, that you're never imaged by any of the ubiquitous cameras, etc. Merely having it powered on provides enough metadata to establish a shadow profile, and it's nearly impossible for a person to secure two separate identities. There's also the superman problem - the burner phone would only ever appear when anonymars is missing, and vice versa, creating a real and exploitable pattern if anyone like the FBI wanted to root around in your life. All they'd have to do is query which shadow profiles match the temporal gaps correlated with your disappearance from tracking.
There's really no escaping it. The only fix is legislation - outright banning mass surveillance, with lethal corporate penalties and long prison terms for C-Suite responsible for violations. Short of that, we live in a world that is implicitly compromised and insecure unless you have nation state level resources.
There's also the superman problem - the burner phone would only ever appear when anonymars is missing, and vice versa, creating a real and exploitable pattern if anyone like the FBI wanted to root around in your life. All they'd have to do is query which shadow profiles match the temporal gaps correlated with your disappearance from tracking.
This is nonsense. By your logic, people go 'missing' any time they are not using a computer, whether they're reading a book, in the shower, or asleep in bed.
I can't tell if these The Wire references are deliberate or a coincidence.
No doubt.
You can buy almost anything for cash.
Hell, I can get you a toe by three o'clock this afternoon -- with nailpolish.
Your German girlfriend will not be happy about it. Give her "halbe Pfannkuchen"!
No it is not the job of the FBI to to conduct mass surveillance of citizens.
What if an investigation is based on finding the same specific people near another specific person that they're tracking, but they only know about the one person, not the others.
And by doing this they stop a terror attack?
One more thought - if they buy just data for specific people related to an investigation, the seller of the data is tipped off. If they just buy all the data, then there is no potential tip-off to the target.
You get a "geofence warrant." They exist and are ubiquitous. You then go to Google or any other provider and you demand the data for a specific location in a specific time window. You then use the data to capture criminals. Any other data would not meet the standards of evidence and probably couldn't be used in court anyways. It's only function is for "parallel construction."
Then again, what I _really_ want is for the FBI to prevent crime. If their only solution is to let crime happen and then use a giant dragnet to put people in jail then they are less than worthless... they are actively dangerous to democracy.
They can get a warrant.
And by doing this they stop a terror attack?
Fuck off. This is just trying to manipulate people with fear of undefined bad thing.
If something is bad when it's done illegally, it's worse when it's done legally, and even worse than that when it's done dutifully.
For profit organizations are legally required to maximize shareholder value. Many of them will abuse the spirit of the law in order to squeeze profits where others won’t.
The FBI is violating the spirit and original intent of the 4A by creating an entire industry out of the “3rd party doctrine” bypass to the 4A. That doctrine was whole cloth created by SCOTUS and Congress has been too happy to avoid credit or blame for it to not enshrine it in statute.
>For profit organizations are legally required to maximize shareholder value.
No:
https://www.nytimes.com/roomfordebate/2015/04/16/what-are-co...
It's also not new. The FBI has kept dossiers on people of interest and people in positions of power since it was founded. Easier now of course, which is a concern.
Lemme give you an example.
Many retail sites have a "find a nearby" store function. They often outsource this to a third party...for something as silly as geolocation and geographical lookups. This third party is the one that offers its services for a discount but also siphons up your location data to sell.
Believe it or not, not everyone is a prison abolitionist and some think that if you kill someone you should go to prison so you can’t go kill another person.
I know. It’s strange. I don’t agree with them. Generally, I think unless a judge and jury reliably witnessed a crime with their own eyes they shouldn’t convict and that prison is an evil place to dispossess the poor of what little dignity they have left after online advertising has raped their senses and datacenters have stolen their water (and don’t forget the atrocities in Gaza) but some other people have these views.
EDIT: why are you downvoting me, guys? I agree with you. Rittenhouse, Zimmerman et al. were good precedents. Trump’s presidential pardons are another thing that keeps free humans with dignity from prison but he hasn’t gone far enough. Regardless, his actions for Jan 6 protestors is one of the best actions for us to free people. These are all good things, even if they are incomplete and therefore imperfect.
How Legal Punishment Affects Crime: An Integrated Understanding of the Law's Punitive Behavioral Mechanisms (2025)
"This article explains what these 13 potential effects of punishment are and how they have been theorized. It further reviews the body of available empirical evidence for each of these mechanisms."
https://news.ycombinator.com/item?id=47266997
Am all for it if law enforcement were held to the same standards. Plenty of cases where LE murder is simply not enforced. Thus LE becomes a haven for those seeking impunity and ability to nefariously track anyone.
Perhaps we could overturn the third party doctrine. With legislation, preferably. And while we are at it, solve the underlying issue of pervasive data collection and sharing in the first place.
Another angle I think worth attention is product developers should build tools / platforms that don't even touch user data and be open about that so consumers can choose those more. I believe people will choose privacy when given the choice more often if the product is just as good or better.
Yikes. Why are private organizations so happy to participate in mass surveillance.
Should be obvious: lots of money in that. Corporations are amoral psychopaths.
I have to give my age to my OS.
Yet they can't write a law to make this basic practice illegal.
Why do I feel like I'm not being represented _at all_?
This should be a surprise to absolutely no one. I think it sucks, but I also don't think it's anything new.
Yeah, if you had any faith in these private companies to not bend over backwards for the feds, I have a bridge in San Francisco to sell you
The government shouldn’t be able to contract out anything it isn’t permitted to do directly itself. We should have this in the law, get rid of qualified immunity for everyone including lawmakers, and reign in the government.
They hate us for our freedom.
Also, isn't this breaking the constitution? It bypasses needing a warrant respectively having a objective suspicion.
> Also, isn't this breaking the constitution?
I don't think that's been of much concern as of late.
> Also, isn't this breaking the constitution? It bypasses needing a warrant respectively having a objective suspicion.
Nope.
Your personal information, when given to others, is now trash on the curb (in a literal sense, see: https://en.wikipedia.org/wiki/California_v._Greenwood )
Buying it just clears up the chain of custody as opposed to the NSA stealing it and reverse engineering your warrant -- OR -- using the good ole stingray.
A generation ago our leaders derided China (and Russia) for this kind of pervasive spying on it's citizens. In the US we did the same thing just increasing costs by enriching the private sector on the way. That's not better. That's worse.
I still remember people asking, "why people in [China], don't protest more actively against it?" as if they would do much better, some others arguing that it was in their "culture" not to protest, as if it would be in the US, they would do anything different: we now have our answer.
Kinda reminds me of when I saw footage online of a group of teens raiding a 7/11 store -- maybe during the BLM riots --, and a top comment was "heh, come try that in Texas ;)". Fantasizing, of course, that Texas has a unique bulwark against that behavior, probably having to do with gun ownership.
And then it turns out the video took place in Dallas.
We like to think there are all these barriers to bad things happening where we live. "I'm sure someone (not me) would stop that." But it turns out there isn't as much bulwark as we think. Or we're the bulwark, so if it isn't us, then there is nobody else.
It’s that sort of behavior— groups of perpetrators committing crimes— that allow people to justify enhanced surveillance tactics.
I think in years past people would have objected to sale of personal location data. But that was before people had videos of groups of lawbreakers overwhelming laws through organized efforts.
> groups of lawbreakers overwhelming laws through organized efforts
You're saying organized crime is new? Or videos of it?