There is a piece in WSJ that discusses how one fund, two sigma, uses cell phone tracking data, as well as many other sources of data to build trading signals.
In fact, I think the biggest funds are putting more effort into this type of big data exploration from funds than they are into trying to glean more information out of the time series data provided by the exchanges data feeds.
10 years ago, being able to scrape the web was a competitive advantage for funds, 5 years ago it was real time sentiment analysis of news reports.
Today, its being able to consume 100's of disparate data feeds and build alpha generating signals from it.
Tracking A, B, and C-level executives should be very profitable. Who meets with whom is valuable info. Especially when you also have their phone call metadata. The activity in advance of a merger should be quite visible.
Tracking elected officials should reveal who influences whom, and who's bribing whom. It may be possible to detect bribery to the level of establishing probable cause for an investigation in that way.
> Tracking elected officials should reveal who influences whom, and who's bribing whom. It may be possible to detect bribery to the level of establishing probable cause for an investigation in that way.
The way political fundraising is done in the US, most bribes look like legitimate campaign finance money. In some states, it's even legal for a candidate to simply redirect whatever is in his campaign fund directly into his own bank account after the election. And even in states where that is illegal, 501(c)4 / SuperPACs allow politicians to do whatever they want with the money with no oversight.
With laws like that, why even bother to investigate bribery?
> No ...
How could you know that? I doubt anyone would reveal it, and I don't see why they wouldn't - for the unscrupulous (there are plenty of them), it could be very valuable. Remember the story about Uber tracking journalists, for example.
If you want to track CEOs, I'm guessing it would be much easier to track their private jets or the license plates of company cars.
I'm sure hedge funds track CEOs, but they're not using data from Verizon to do it.
satellite recon of walmart parking lot usage, to estimate business trends
Yes. Lookup "beacons"
This doesn't sound right. Any sources?
maybe it's ok as long as it's anonymous.
at least that's more demographic/general, in my opinion. what you suggest is bordering "creepy".
People are being tracked for trading advantage and that is not at all illegal? Not inside trading at all? How the hell did we get _here_?
How do they validate that this has any connection to reality? Or those who had budgets to spend doesn't ask such silly questions?
I took Yale's financial markets courses, so I know what ideas they might have. This is the Nobel laureate's course.
I doubt taking Yale's financial markets courses is sufficient to understand or be exposed to what is currently being used in quantitative finance. I took Stanford's financial markets and statistics classes, and those are far behind and unaware of what's currently being used in the industry (I've worked in two highly successful HFT groups since Stanford).
So there are 50 different signals before you even start up your servers for the day.
Since there is no one true currency market most HFT funds make their own currency signal from anywhere from 5 - 20 different feeds, lets call it 10 to bring our list of data feeds to 60 before we get into any futures and bond markets or to Europe and Asia.
Consuming the above mentioned brings us close to 100 already.
Add in feeds from
- google trends
- analytic s about consumer trends from say 5 different providers each covering say 5 demographics across 5 sectors
- twitter data feeds aplenty, following 2-300 different hash tags representing stock #APPL
- twitter following for news feeds, like AP, Reuters, etc to do sentament analysis.
- don't forget your machine readable news feeds
- now lets get into government data. FRED has 100's of data sets to parse to use as model inputs. See: https://research.stlouisfed.org/fred2/
What are we up to, 200-300 different signals and we haven't really broken a sweat yet.
What sort of source would you like me to provide other than what I see on my computer screen and do for a living?
* Tablet, or smartphone with baseband disabled.
* Cellular-wifi router (i.e., wifi hotspot), prepaid so the provider doesn't need your personal info.
* Android with per-app permissions controlled by user (e.g., user can enable/disable access to location data for particular apps). This could be a fork of Android or maybe there is security software that could be installed, such as on a rooted phone.
* VOIP app on phone
By decoupling the baseband from the handheld computer (i.e., by keeping the tablet and cellular connection on different devices), using the cellular service without providing identifying info, and sending only encrypted data over the cellular connection (via VPN), you would protect your confidentiality from the cellular provider.
Because your phone number is decoupled from your cellular service (because you use VOIP over a VPN), nobody can tie your phone number to your location.
Of course someone who is determined could track you down. Your identity needs to be tied to your phone number or nobody will know how to call you; and your VOIP vendor could point someone to your VPN provider, who could point them to your cellular provider, who could figure out which hotspot you use. But I think it does protect you from everyday mass surveillance.
Any thoughts on how practical or effective this would be?
Practically, this solution you've come up with is too fragile to be relied upon. It's only secure if you can maintain this level of care with every operation you perform on the phone. This is why the NSA's data collection is so insidious -- it only takes one slip-up to connect everything you ever did anonymously to your "profile".
With the type of data collection that is done today, it's nearly impossible to avoid unless you use the Internet in a very different way than the average person. Avoiding data collection through technical means is a futile exercise at this point -- if you object to the data collection, public policy is the best avenue to prevent it at this point.
It's reasonable to assume, that any network provider will, for billing, internal use (eg: document/fight network abuse) and/or as mandated by data tracking laws store IMEI, MAC and IMSEI numbers, along with connection meta-data (tower, exact location if available, timestamp etc).
I don't think it's possible to get meaningful privacy from an attacker that either a) is your service provider, or b) works with your service provider (eg: NSA, buyers of data for "advertising")?
You could use TOR - but you'd have to use it for everything -- which pretty much rules out real-time voice/video chat AFAIK. Perhaps a VPN that crosses jurisdictions and corporate ownership would help against "commercial" attackers (eg: the ad networks). I'm doubtful how effective such a "single-hop" defense would be against state actors.
Not that I necessarily think all threat models should try to circumvent illegal government wieretaps - just pointing out that if that is wanted in addition to just un-linking meta-data on data/communication from meta-data/data on shopping/banking -- the needed security measures are likely to be inconvenient.
Assuming the user can get an anonymous pre-paid service (which I agree isn't certain), why would they need to change SIMs? The cellular provider only sees an unknown person sending encrypted data to a VPN hosting service.
Let's take this a step further, they link your phone's location to when you leave the checkout line, now they know where you live and what your buying.
(1) They may or may not be doing this, but at a technical level it would be easy.
The probability that someone checks out and leaves the store at the same time that you do is high. But two times in a row? Lower. 5 times in a row? Extremely small.
Instead of being engineers and saying "ok, well just throw in a header X-911Location" or something simple, they gotta make shit complicated. It's ridiculous.
They also use this IETF designed address format. Which is rather ... comprehensive. All sorts of designation for streets and branches and so on. Except... none of the 911 systems actually use that. So they design this protocol with no care to how actual systems work. Or how actual street addresses in the US work. They basically made up their own idea of how address topographies could work.
But I'm guessing some of the larger companies doing VoIP probably have it sorted (like when you do a VoIP call on T-Mobile and there's no GSM just WiFi).
I don't think this is possible in the USA anymore. I tried with ATT Verizon and Tmobile but I'm sure they are smaller players. All required somewhat my personal info altho for prepaid Tmobile did not ask for SSN. All told me this is due to the fact you're getting equipment "practically free". When offered to actually pay for it, I was always told "we don't have option like that".
Europe is much simpler. I walked into Play store , put $60 on table, and got USB dongle with prepaid scratch card of 6GB on a 3G network. No IDs, no documentation, nothing. Refills are very simple - you purchase a scratch offs for 3/6/9 GB or more, over the counter, no ID required.
In 2010, I purchased a dumb phone/sim card for use on a prepaid plan. At the time it was the only way to get onto a super cheap prepaid plan since they wouldn't sell you a sim/the plan directly. I then put the sim into my own purchased smart phones(multiple nexus devices and a one plus one). For convenience reasons, I refill my account online with a cc but I technically could simply buy the t-mobile refill cards for cash then activate the time on them.
As far as I know, there's nothing stopping me from doing this fresh again with a new prepaid phone and then never associating my real identity in any way.
I work in the telecom industry, and this behavior exists because it's not explicitly illegal. This type of data mining is just scratching the surface of their capability -- turns out that a combination of about 30 seconds worth of data scraped off http traffic (not https, though even https can tell you something) and a location are enough to identify most individuals and link them to a profile in a DMP -- which can tell you all sorts of information like which products you've purchased recently (both online and in brick and mortar stores with a credit card), any relevant demographic information, and even what kind of porn you like.
The real restraint on this has been in the use of this information. Marketers have been remarkably conservative in using this information; likely for fear of scaring off customers with "creepy" data. But rest assured they know more about you than you do yourself.
> your telco can know your home address based on a week's worth of location data
How accurate is that location data, do you know? Within 10 yards? 100 yards?
AFAIK you shouldn't have to get a throwaway phone either. "SIM Card Kit" or "Bring your own phone/device" may be keywords to research -- you should be able to get a SIM that you can put in any GSM phone, and it will come with instructions about a website to visit, or phone number to call, to activate it. If they insist on names etc and it's prepaid, you could give a fake name since it will have no bearing on your ability to use it, although I'd be worried that it might be illegal for some stupid reason.
I didn't have a clear direction after that, so I proceeded with the works-right-now solution of Google Hangouts (with all of its associated proctology). I haven't done much else with it besides backslide a bit by getting a cheap SIM so that it would ring reliably (Hangouts is a flaky POS).
Location tracking is my biggest concern (Getting on the PSTN anonymously seems like a completely different problem, and I'm less interested in tackling it), but I don't see much way around it when you're using the cell network for backhaul. Unless you religiously shut off your wifi point, pay for a new wifi point + plan in cash every few weeks, and get enough people doing this that you can blend in.
IMHO all of these guides that talk about prepaid sims and burner phones really only work for exceptional situations where someone is willing to jump through many opsec hoops. They aren't congruent with people's standard expectations of cell phones. Any solution has to roughly work with people's expectations to be adopted, since most people only casually want to defend their privacy.
The proper privacy-preserving cell solution would use bearer tokens to pay for network access, and have no device identifier tokens. This is obviously a pipe dream. The only advance I see on the horizon is as more wifi points open up, ideally coupled with software control of your identifiable cell radio that would selectively allow tracking for checking in if it had been too long since seeing a wifi spot. Most people are probably only out of the range of wifi for an hour at most times, so if it was acceptable to delay reception of messages that long, a lot of every day privacy could be practically achieved.
If you had $100M perhaps it would be possible to start a privacy-preserving MVNO with devices that shuffled identifying information every day.
An unexpected obstacle about the privacy-protective MVNO that I heard about from someone who was investigating this is taxes on "telephone lines" that the MVNO is supposed to pay whenever it "activates" a "line". It may be difficult to reconcile this with changing subscriber identities every day (assuming you can get ahold of devices that change device identity every day).
Whenever I talk about this I say: it's too late to change the cell phone network cheaply now (though we should still be vocal about the problem and not give up: we shouldn't accept that there is someone who knows where almost everyone is almost all of the time, which is the case today). If you're designing a new communications system, make sure that it starts with privacy protection and user and device anonymity, and layers optional identity on top where needed, rather than the reverse! Let's not be saying in 2030 "oh, if only people in 2015 had thought about the privacy issues with this technology...".
I'd worry about the IMEI/etc becoming a secret token that could be reused after it was assigned to someone else's device. But even if the SIM's technology couldn't fix that, it could be fixed at a higher level after gaining network transit.
But yeah, I was teetering between $30M and $100M for my estimate, and the unknown unknown wtfs pushed me on up :>
it's too late to change the cell phone network cheaply now (though we should still be vocal about the problem and not give up: we shouldn't accept that there is someone who knows where almost everyone is almost all of the time, which is the case today). If you're designing a new communications system, make sure that it starts with privacy protection and user and device anonymity, and layers optional identity on top where needed, rather than the reverse! Let's not be saying in 2030 "oh, if only people in 2015 had thought about the privacy issues with this technology...".
If the cellular provider doesn't know who you are, why does it matter if they track your location? Under my proposed plan, they won't know who you are because the prepaid cellular service is anonymous and all your data on the wire is encrypted and going to the same VPN host.
> Getting on the PSTN anonymously seems like a completely different problem, and I'm less interested in solving it
Is there a VOIP service that will take bitcoin or some other anonymous currency? The problem is that you have to give people your name and phone number (unless you do only outgoing calls); inevitably they will become associated in many databases.
I guess they won't, so you'd defeat some commercial advertising. But the location information still gets dumped to government databases which will easily correlate your path to home/work/friends/CC etc and find an identity for that IMEI. It's similar to saying that Bitcoin is "anonymous" - sure, if you jump through a lot of opsec hoops you can achieve privacy for a particular transaction. But the system lacks the stronger property of untraceability, which is required for common casual users to retain their privacy.
Psuedononymous PSTN access doesn't actually seem that hard - a prepaid CC to some VOIP provider. It's just orthogonal to location tracking, so I haven't thought much about it.
But most times, I want to use the phone just to make/receive calls/text & have good battery. No need for a big display or other stuff.
Some commenters mentioned that you can still get burner SIMs in Europe, but last time I checked it was incredibly hard anywhere in the world (maybe I don't know where to look) - even in China they want your official documents to sell you a prepaid card. The reason I always been told, that sounds plausible to me, is that easy access to burner phones leads to too much mess with criminals using them for their criminal things, and with random pranksters calling in fake bomb alerts.
I was never asked for any sort of ID to get a SIM in Mexico or Vietnam. In any case, retail mobile store workers don't care enough / can't tell a real document from a fake one.
I'm not saying you shouldn't break the law to preserver your anonymity (at your own discretion) -- I'm just saying it's something to take into consideration. If you for example fear that you might get dropped in a black site, fed polonium or pushed down some stairs over your on-line activities -- a little document forgery might be just the ticket.
This is a built-in feature in Marshmallow .
Do you know happen to know a solution? I know there are many confidentiality utilities and Android forks which emphasize it, but I don't know enough to evaluate them.
Now I use a combination of blocking with the built-in app, running a custom ROM with root (which allows you to use many of the known privacy apps at their full potential), regularly changing my DeviceID with the help of yet another app and routing some of my device traffic through Tor via Orbot. It's definitely not perfect, but I feel like I'm at least partially thwarting the rampant collection/trade of my personal and private data.
So, sorry I can't be of more help, but you really have to just dig in and read the fine print with this sort of thing. Many of the apps only work with specific versions of Android, require root, might require ROM patching, ect. YMMV, unfortunately. Good luck.
I know that's outside the scope of your comment, but I wanted to point out that the baseband is not a thing the operating system really controls in any meaningful fashion.
permissions: Android Marshmallow has this bog standard, no root needed, so might have to watch to make sure it's available on whatever device you choose.
voip: google voice/hangouts can make this possible, also skype, hangouts, and a number of others.
VPN: basically anything android compatible.
It's not a terribly convenient thing to initially setup but it's not difficult either anymore, I actually did this for a few months when I broke my phone and just decided to go all IP instead of buying a new phone (had the tablet, and the hotspot device, previous phone didn't have data). It worked well enough in the Los Angeles area, but outside a city it was basically non-functional.
The other points about 911 and such are bigger issues than this.
* Regarding the VPN: Inevitably it adds an extra hop but with a VPN that provides sufficient bandwidth, low latency, and sufficient processing resources to decrypt/encrypt at wire speed -- I assume that either it will cost extra or will be something the user has to setup at a good hosting provider -- couldn't performance be sufficient for voice? IIRC, from long ago, voice needs ~80 Kbps.
* Regarding cellular data: Cellular connections are very widely used for voice, of course. Cellular data connections are used now (e.g., VoLTE). On one hand I'd have the same doubts you do; on the other it seems to work. Aren't there already VOIP apps?
"Attacks on packet length may be surprisingly good: Hookt on fon-iks":
That said, I suspect that eg: Ogg Vorbis at 64kbs CBR would be fine for voice, assuming you could keep the latency down.
Latency and drops would probably be the biggest issue. And you can of course prove, that latency sets a limit to the number of hops -- say if you'd want to hop through a European jurisdiction from the West Coast.
I'm actually planning to (try to) move to a pure data-oriented (not sure if there will remain a cellular part, or if I'll just use wlan) (probably) SIP for all my phone needs. That'll probably involve a SIP server on dedicated (rented) hw in Germany, and VPN from the phone/laptop. Not quite sure yet if it'll work out, or if it'll be good enough.
First there's state level surveillance.It's a hard technical challenge and I'm not even sure those steps would help.
Second , there's what this article talks about. Probably using VPN(and maybe some software that turns down 3G/4G connection unless it's strictly necessary) would neutralize most of this issue - because planting baseband malware and maybe risking exposure doesn't seems to be worth it just for ads.
If the state is determined to track or identify the user, I agree this doesn't help. It might delay them a little. But I don't mind the state investigating people for legitimate reasons (e.g., under a warrant); I'm not trying to protect criminals. Also this won't protect people persecuted by repressive states - that's a very valuable goal, but outside the scope of this idea.
For dragnet surveillance I suspect this would work, simply by adding enough complexity to the task that it's not worth it for one more data point among billions.
Of course anyone could make a social graph based on my phone calls and learn a lot that way, but I don't think anonymous phone calls are possible. If I want to receive incoming calls then I have to give out my phone number; my name and number inevitably become associated. (I can think of a few weak solutions, such as having many phone numbers, but that's imperfect and impractical.)
And if everybody do so(hard to believe), the state, since it seem to really value dragnets - would play another move in this probably infinite cat and mouse game.
I am glad this story is out, I have seen airsage data and it is easy to deanonymize. This company shouldn't be in business.
I think a more accurate adage would be that if companies can get away with ads (or gathering and selling personal data), then they will do so. Unfortunately it would appear that giving money directly to service providers does not actually protect you from such things, and I suspect the reason is fairly straightforward: All companies are driven to increase margins as much as possible, and will eventually feel financial pressure to try such measures. Unless consumers object strongly (i.e.: leave the service in numbers large enough to offset the benefits of a measure under consideration), such measures will in general find their way into use.
So what we're really saying is consumers need to pay companies more than the money would get otherwise. If consumers aren't willing to pay that price (and it shouldn't surprise us if they aren't---this can be a lot of money), then we shouldn't be surprised if such things show up, regardless of whether the service is paid or not.
That's mostly a myth. The original purpose of cable was to get TV signal in areas where broadcast didn't go. The first basic cable channels were TBS--which had advertisements--and Christian Broadcast Network--which probably didn't. The unfiltered cable stations, for the most part, had advertisements.
You are likely remembering HBO, Cinemax, The Movie Channel advertisements. They didn't have advertisements because you had to pay per channel.
And what will stop them from running ads on top of that anyway?
Now that it's a viable model, why would anyone choose to have N-1 revenue streams when they could have N? It's not like businesses always act on principle over profits.
Combine the consumer's low perceived value of privacy (thanks to intentional and unintentional actions of the businesses doing the surveillance), the fact privacy is largely a market for lemons, and the low number of options in the marketplace. Together you get service providers that rarely lose business for choosing to survival their customers.
Nothing the telcos might do would be amazing to me anymore.
What are you going to do? Go to a TelCo that doesn't? It's a gamble, but considering the limited alternatives it's not much of one.
If you ask me, I'd rather Amazon retarget a bag of chips at me via a 300x250 display ad than Verizon sell my location breadcrumbs to some unknown entity.
"The Contribute Plug-in enables your iOS device to use our free VPN service that helps to secure your mobile data. In exchange for providing you with this free service, we collect and analyze some of your mobile data that passes through our VPN to gain insights and understand how consumers like you use mobile apps and mobile devices. We may also combine profile data from your Contribute account with your mobile data."
Lets not forget who SM was tightly leaning in with...
I cant make the connection as to why I, as a user, would ever want to use that service from them....
edit: Yes, this seems to be the case:
"You can install the Contribute Plug-in on an iOS device (US only) to increase your contribution to participating charities from $0.50 to $1.00 each time you take a survey."
The location breadcrumbs ... well, it's not that I really want those shared. But at least it happens entirely in the background. I'm not even sure I care that much, given that I never even see the precision ad it theorectically enables.
Good thing Android isn't iOS and you can install whatever the hell you want, whether it's on the Play Store or not.
I'll link them here once I get home and off my throttled connection.
The other day I was in UK at a Tesco open doors event. They talked mainly about tribes and agile, but also demoed a couple of new technologies.
Turns out they have face tracking operational on all their petrol stations. And they have, in lab, cameras and software that does face recognition and eye tracking. They plan to send targeted ads and coupons, based on what shelve products caught customer's attention.
Edit: I got curious and it looks like fi excludes call data from being shared with other Google services. https://support.google.com/fi/answer/6181037?hl=en
Disclaimer: I work for Google (not of fi) so take my opinion with whatever size gain of salt you feel is appropriate.
Why is this story a surprise? I assumed it has been happening for a long time.
It's just such a useless statement. "Why is this a surprise?"
Well, first of all, I'm sure there are plenty of people who might not have had any idea cell data was being used this way and on this scale. Second, I'm willing to bet of the many who might have had a vague idea, this gives a more concrete background with rough numbers to solidify the idea. Third, It's not a surprise to those of us who have been paying attention, but the problem is when we have said something in the past it almost invariably has been ignored or dismissed as paranoid or crazy... At least until a good story or leak comes out and gets enough attention to grab enough media mindshare. Edward Snowden was a classic example of this at work. Sure, many of use knew about tempest and echelon and five-eyes, knew about cell tower metadata issues via watching ownership of said towers. Everytime with few exceptions though, publicly stating these things got us called "conspiracy theorists".
Maybe you just use this as a rhetorical and are one of us that have been paying attention, but this statement is not condusive whatsoever to intellectual discussion of a subject, and we need to address it's fallacy when we see it because it's too pervasive.
You left that pretty open so I took it where I wanted...
> It's well known that a very widely used strategy is to collect as much information as possible about end users by businesses for targeted sales and marketing
Yes, but it's usually limited to free services, or low cost services. It's rarely applied wholesale to a group who is already paying through the nose for crappy service.
Why would you expect that? There's nothing about increased privacy levels in ToS or in product marketing, nor there was ever in history an actual, significant demand for privacy services. It may change now, as all the stories broken over the years slowly make people care about tracking. But why would anyone assume that if you pay for something, you get special treatment? You get only the minimum required treatment that's spelled in the contract. That's how it always has been everywhere.
Why is it relevant whether the story is a "surprise"?
Expressing your blasé attitude does nothing but downplay the significance of this.
The type of people that express arguments like this are the reason that these sort of things continue to happen.
"Oh, the Iraq war was based on lies? Yeah, everyone knows that".
Just because it's an accepted reality does not mean that you should just let things get a free pass. That's how you allow the same things to keep happening.
Congratulations on not being surprised. Everyone is very impressed.
Sorry for the rant. This is probably my #1 pet peeve.
Carriers get into analytics, which is a strategic threat to google.
The headline is misleading- I think the carriers have been pretty upfront with their shareholders about their intention to get into this space.
In a world with facebook, google, et.al., writing an article like this without that context is incredibly cynical.
DJB's hilarious talk on this topic. ("I AM the man in the middle!")
For example Orange in Jordan adds an HTTP header with the phone number of the client to every connection. And there are technical people out there still saying HTTPS/TLS should not be mandatory…
e.g.: T-mobile? I have less hopes for AT&T...
But it should rarely be considered a "security boundary" so to speak.
Thanks for joining us here. I'd love to hear more.
That you can get an audience on Hacker News isn't surprising, but how much interest is there from the general public? My very limited experience with non-technical people I talk to is that they don't know anything about it, don't understand the implications, and don't want to bother to figure it out. I'm hoping your much broader experience is more encouraging!
By the way, if you post something to the top level of the discussion identifying yourself, you'll probably get plenty of feedback and interest (unless it's too late for this discussion). Where you posted is buried too deep to be found by most HN readers.
Telcos are dead and they don't want to admit it. I'd bet my money on super cheap mobile ISPs raising soon. Based on a completely different technology and making better use of the mostly empty spectrum.
Perhaps you deal only in cash, and never give your name to a commercial entity (Hotel, gun retailer, car rental or seller...) -- but for most people that isn't true.
I also don't see why anyone would need your exact address. The only use-case that comes to mind is to send you postal mail. If they have your SIM/IMEI/phone number/full name (see above) and behaviour patterns, if and when they want to approach you "in person" that would be easy?
[ed: come to think of it, pair this data with an archive of public web cams, and you could probably a) automatically pick out faces, and b) match recurring faces with location data, to c) pair faces with recorded data streams. Makes all those cameras in the UK seem even more creepy.]
It's safe to assume those several dozen people don't share your phone. And even if they did, that's a level of familiarity that means you are among a group of people that probably operate as an economic unit. Nobody is stealing you identity here: they are assigning you one.
Perhaps that's a bit conspiratorial, but it's hard to believe that people who otherwise have been unscrupulous would suddenly hesitate to use information about individuals. What about job applicants, competitors, the guy dating your daughter, etc.?