Year was mid 2008. Targeted via geo, gender, and then finally interests. It got down to like "less than 100" which I think was more like 1. She lived in a rural area which probably made it easier.
Excellent article and the methods described are accurate. I was speaking extensively about this from 2017-2020 and the usual reaction when I talked about this was disbelief. I was not surprised when In-Q-Tel came calling. I pitched them a military grade privacy protocol but my suspicion was that they were more interested in spying on our users (a non-starter).
>Working with Grindr data, Yeagley began drawing geofences—creating virtual boundaries in geographical data sets—around buildings belonging to government agencies that do national security work.
Are you seriously telling me that government phones of national security employees allow for the installation of apps that track your location and/or these employees are allowed to bring personal cell phones into these buildings?
Employees are generally allowed to bring phones into federal buildings. There are areas within the buildings they may not be able to take them to, and there are some buildings with a total ban. In that case, though, the phones would still be left somewhere nearby, like the parking lot.
When we had to go into SCIFs, generally phones went into lockers. At some locations, phones stayed in cars. But that doesn't make it any harder to figure out.
Russia has the same problem, VKontakte has given away plenty of secret Russian military bases and troop positions over the past few decades. I've never read of this on Weibo or WeChat, but my guess is they have the same problem, just English language open source accounts are keeping it more discrete for now.
The WashPost about a week ago had an article about how at a recent NTC rotation out at Fort Irwin the OPFOR was trying to figure out how an Apache had gotten past their air defenses, so they looked up commercial cell phone tracking data and were able to spot how a phone had gone across the desert at 120 mph and plug the hole in their air defenses.[1]
Adtech on the cell phone we all carry in our pocket is better at surveillance than the best tools a military has. And it's one of those things where not being part of the surveillance can make you stand out too. Think about a spy operating under a real cover, how long is their Facebook (or Weibo or VK or TikTok or whatever is appropriate for the person they are trying to be) account history? If you found someone claiming to be a 45 year old woman living in an American suburb and she had a Facebook account that was three months old, wouldn't you investigate further?
Strava actually has extensive privacy controls that work well. Users can keep activities private by default and hide their tracks near sensitive locations. But of course if you don't use the privacy control and make everything public then obviously everyone can see exactly where you were.
When I was in the military cell phones were extremely new, but I honestly don't see why most commands don't say "leave phones and other electronics at home when coming to base" and then you just tell anyone who needs to contact you to call the command quarterdeck or whatever. Examples you just gave are good reasons to do this, much like how in the 90's during Desert Storm several people figured out (post-hoc, but still) that there were a buttload more pizza orders from government offices relating to the invasion of Iraq. I'm a former shithead officer, though, so it's easy for me to just say "ban the phones!" instead of trying to figure out a smarter solution. Maybe beepers will make a comeback, since you can't track a multicast, receive-only client?
> When I was in the military cell phones were extremely new, but I honestly don't see why most commands don't say "leave phones and other electronics at home when coming to base" and then you just tell anyone who needs to contact you to call the command quarterdeck or whatever.
Because soldiers will just go and take their phones anyway - they will want to keep in touch with their families.
The solution to this problem is to kill off the targeted ads market in its entirety. Maybe national security is the only way to actually make that go through.
If I were the shot caller I’d have it tunnel to an NSA data center via a proprietary protocol. Then the data center makes the request with IP/HTTP, then serves the data back to the client again in the proprietary protocol.
"Because soldiers will just go and take their phones anyway"
When there is a military order - refusing is not an option. And you can check if people have smartphones with them without searching them - quite easy, how they do it in airplanes, emf meters. They are quite cheap.
Also you don't have to ban them everywhere. But everywhere critial, yes. A ordinary mobile phone is basically a spying device in terms of security. I would not ask who maybe has access, but who has not.
"The solution to this problem is to kill off the targeted ads market in its entirety. Maybe national security is the only way to actually make that go through."
So I am sorry, but national security won't help get us rid of targeted ads, you probably also missed the part, where national security of course happily uses that data for themself. So for them it is way easier to just ban smartphones in more areas, than disrupt the internet ad market.
Because the 18 year old who really misses his girlfriend needs to have his phone on him? The operator's wife back at Bragg (excuse me, Fort Liberty now) wants to know that he's safe, to use the example from the original article about watching phones go from North Carolina to Syria and back.
The article I linked to in WP talked about how difficult the Ukrainian army is finding cellphone discipline, at the beginning of their third year of high intensity war (and a decade of low-intensity combat operations). Because even in a real shooting war zone this sort of stuff is hard to police.
The Ukrainian situation is especially interesting because to my mind it is the first cellphone war. We've gone from cellphones being used as passive electronic switches (as in, detonation systems for roadside bombs) to it being the control interface for innovative weaponry and tactics such as drones against infantry. I dont know that irregular or inexperienced troops will ever give up this level of capability, and I'm not sure that wealthier militaries have figured out how to mutate consumer cellphones into equally powerful portable tools without essentially dumbing them down back to tetra radios.
I think your instinct is well founded but at odds with the massive tech industry pushing the other way. This is the classic imbalance between offense and defense: for something like a building’s location, the defender has to do the right thing every time. You put out that order and most people follow it but over time someone’s going to make a mistake - they’ll forget their LTE AppleWatch counts as a phone, their spouse or kid will leave their phone in the car and Facebook will helpfully share that location belongs to people who like military pages, their cell provider helpfully links their vehicle’s integrated cellular device with the other devices on the account when selling data, etc. It feels like the solution might need to start with a significant data protection law making some of that data collection impossible and all of it requiring notification so someone could at least have the chance to know where they’d be breaking policy.
This is a scary thought. Not because I think I'm worthy of being targeted, but because I think in the future there'll be enough compute and incentives to automatically scan everyone for out-of-the-ordinary behavior via neural models.
Whether they take it into the building or not is irrelevant.
If they drive nearby and leave it in the car, you can find them.
If they drive nearby and turn it off then, you can find them (improve it by bracketing by the average 9-5 workday, add correlation of world events to late-night anomalies - i.e. the Washington pizza index[1]).
If they leave their phone at home and switch it off, then you can still find them by that data.
If they leave their phone at home, switched on, then this also applies - you filter by public holidays.
The key is that the "phone policy" is effectively public information - so you don't have to guess, you can just go find out what it is to set your search parameters.
- Prohibit all Federal employees from bringing a personal cellular radio to work.
- Build many parking structures for DC Federal employees across the region.
- Assign each employee a particular parking structure, ideally selected at random.
- Ensure each parking structure is served by public transportation infrastructure, dedicated shuttles, and a USGOV-run black car service to bring people to their workplace, potentially via an extra obfuscating hop to a different parking structure.
In an ideal world, all Federal employees would behave indistinguishably. That's impractical, but we can do a lot better than the status quo.
These would be the only people with movement patterns like that. They wouldn't blend at all: they'd stick out like a sore thumb on any type of large scale statistical analysis as anomalies.
"being really secret" doesn't work because the attempt to do so means you're doing a whole lot of stuff that no ordinary person does. That's a statistical anomaly - that's easy to find.
And again: all this information is public. It would be widely and well known that this is what is done, so what to look for would be well advertised. The locations of these buildings would then be well known. And since you've now added multiple intervening steps, nailing down who's going where is also easier - i.e. if someone drives into a known parking structure at time X, then you can draw a circle around that which is the mean transport time to get to any interesting federal buildings in the area before the work day starts. Map this across a few months and you'll pin down exactly which one they work at (I mean, you wouldn't bother if you were a foreign government though - a couple days worth of casual surveillance work would also grab every number plate and face you can see).
This is quite aside from the why of doing this: it would be a huge pain in the ass for the employees, who are not paid nearly enough to bother with it and become a hiring problem, for...what gain?
Even if not allowed in the building people will still want to carry a personal phone so it likely just stays in their car right outside the building in the parking lot.
This is why you don't let the weather app access your location. In fact, weather apps are one of the main offenders here.
ICE in the US has been known to use this same data to track down and harm undocumented migrants.
Personally, I have a de-googled Pixel running GrapheneOS. It has a sandboxed version of Google Play, but without the elevated system privileges. I am not signed in to Google at any kind of global device level. I can still install and run most apps, but without the tracking.
Apple doesn't need to buy a weather app on the iPhone (when it offers its own pre-installed weather app anyway) in order to get your location. Apple can get your location directly from the iPhone itself.
I think either visas should be renamed documents, or undocumented migrants should be renamed unvisa’d migrants. Because between tax-id-numbers, drivers licenses, bank accounts, cell phones, I am sure big brother has some data on them, weather you call that data: documents or visas.
> Entering the United States without being inspected and admitted, i.e., illegal entry, is a misdemeanor or can be a felony, depending on the circumstances
If the immigration laws were enforced 100% accurately today, the US economy would falter. Undocumented workers do work in farm, janitorial, restaurant, construction, and other sectors that is irreplaceable through any other reasonable means.
The immigration crisis of today is the result of a failure of legislative body to legislate (10% approval ratings are bad). Including other external factors such as corrupt governments/drug cartels and internal factors such as many companies happy to look the other way when people don't have legal work status.
If you watch videos on immigration seeing ICE, courts, and migrants interacting, the migrants get asylum and then encouraged to find work. It's all tongue-in-cheek. If anything the system could be intentional because without legislation, the executive branch can unilaterally set thresholds and targets for migration in step with economic goals. Even Trump didn't tighten the migration laws drastically until covid hit bringing an economic slowdown (no workers needed during recessions).
The social issues focused on in the media are minor compared to the economic benefits.
> Undocumented workers do work in farm, janitorial, restaurant, construction, and other sectors that is irreplaceable through any other reasonable means.
There is a fairly obvious reasonable means: Issue them work visas. But there is no lobby to do that because the people doing it prefer the status quo where they're cheating on their taxes and getting out of regulatory requirements companies who hire US citizens have to follow.
Enforcing the law is the best way to get the law to change.
There are huge lobbies supporting seasonal and temporary worker visas.
For one area you mention – farming – there is a specific H-2A seasonal worker visa, and industrial agriculture is a huge lobby.
Hotels, resorts, and other venues use the H-2B non-agricultural temporary worker visas. For example, Trump's properties (in)famously use them to staff up during busy seasons. These companies are also substantial lobbies in favor of guest worker visas.
But these are all temporary work visas, not visas allowing for permanent work and residence in the United States. So they would not cover permanent economic migrants who end up in the restaurant sector or in janitorial work.
> There are huge lobbies supporting seasonal and temporary worker visas.
Precisely. There are huge lobbies for the thing we already have and not for solving the problem that remains:
> But these are all temporary work visas, not visas allowing for permanent work and residence in the United States. So they would not cover permanent economic migrants who end up in the restaurant sector or in janitorial work.
People want cheap domestic labor but refuse to admit to it in writing. They want a "minimum wage" but not the higher prices that implies for common services that require unskilled labor. They want home values and their own corrupt industry's margins to stay high and blame Walmart for not paying a "living wage" under those conditions, while patronizing Walmart because they have lower prices.
You can't have two incompatible things at once and when you demand that, what you get is deception and rules that only exist on paper.
If the US economy would falter from that I think it deserves it. It’s immoral to have an economy that’s exploiting below-minimum wage workers who can’t complain or will get deported and it suppresses the wages of citizens who want to work in those fields.
There should be full enforcement of both illegal immigration and against the hiring of illegal immigrants.
Why is it better to punish everyone for past mistakes than it is to make the system better by allowing more workers to immigrate legally, and enforcing labor laws?
> Undocumented workers do work in farm, janitorial, restaurant, construction, and other sectors that is irreplaceable through any other reasonable means.
It's all replaceable, but only by improving wages and working conditions. I find it a bit unappealing to celebrate the economic benefits we gain by paying people so little to work in such terrible conditions.
That said, I agree it's mostly political theater. Both Democrats and Republicans look the other way when the people who employ migrant workers violate labor laws. If Rs were serious about controlling immigration, or Ds were serious about protecting workers, they would prosecute the employers.
Do you have this backwards? Any animal can be "undocumented", and there are in fact strict requirements for cattle documentation if they're to be used as food. But only humans can be criminals.
More relevant is perhaps the issue of accuracy - if a US citizen loses their ID, they are "undocumented". Meanwhile an illegal immigrant, even if they have all their papers and the authorities know who they are, i.e. they are fully "documented", is still not permitted to stay in the country.
I haven't read it yet, but I have "Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State" by Byron Tau in my cart and that feels related so.. maybe look it up.
One thing I've always been curious about, and have never been able to find a solid answer too, is what data is available to the various companies whose software I have on my phone?
What can AT&T/TMobile/etc... learn from my device as my carrier?
What can the apps I have installed decern from my device if I allow no access to anything settings?
How does this change if I use a vpn?
I have an idea of whats possible based on my career in tech, but I'd love a more solid answer. Happy to read any content answering the aforementioned.
Unfortunately that isn't a question you'll get an answer to. Anyone who actually knows and has access to sensitive sources and methods is under an obligation not to disclose them. Further nobody in the know wants to burn these sources - because it makes their job harder.
The general advice I can give is use an iPhone (turn on Lock Down mode if you believe you might be the target of well resourced attackers), use Google suite for your personal data (and turn on Advanced Protection), don't use commercially available VPNs (set up your own or just don't connect to wifi in untrusted places), and periodically delete third party apps you don't use (especially any that use location services).
Because most of the "common knowledge" around Google and privacy is hyperbole. Ask any ex-Google engineer how easy it is to get past a Security & Privacy launch review or how easily they can access personal customer data in prod.
You are more than welcome to try and secure your own stuff against nation state attackers. Or you can outsource that work to a company that has some of the best security minds in the world watching over your account 24/7.
Chances are yes. On Android, you can control 'some' of the permissions - the basic ones (contacts, calendar, location, etc.)
There are some though "view Wi-Fi connections", "have full network access", "view network connections", "query all packages", "advertising ID permission", and so on, that give the app (and it's creator) a good view of what's going on in your phone. I tend to (by trial & error) block everything with NoRoot Firewall. Those who want to be naughty though cannot be stopped, as they send both useful and telemetry through the same connection/target IP.
I am not sure if this is exactly what you are asking. Are you looking for aggregated data on yourself or methods to discover what is being transferred?
For the latter:
One thing you can do is install a man in the middle and "sniff" what is being transferred by your phone (at least on wifi).
I use a tool called Proxyman, it allows me to install a self signed certificate on my phone and this allows the decryption of SSL traffic by Proxyman. From there its kinda like Wireshark (If you have used that).
It basically shows you all the data going in and out of the device.
So with the pieces set up you then start a new sniffing session and then open up an app on your phone and use it. This will show you all the data that is being transferred.
A lot of apps are transferring all sorts of data. For myself its become so burdensome that I am trying to find a way to automate this analysis for all my apps so I can build a personal "web" of what data has left what app and keep a record of it.
Not all data is horrendous, for example every app I have tested transfers some sort of data on analytics for QA and app quality improvements. Things like app crash reports or other things of that nature. Thats not so bad compared to other data.
You can also try decompiling an app and seeing what libraries are used. Using these two things for example I learned about the 7-Eleven app and its usage of Bluetooth beacons so they can track were you are going when you are in their store.
"learn a dozen technologies to the point of being an expert on all fields and then waste 2 months of work on each app, which will update every three days"
I don't know of any carrier hypervisory capability, but there has been a lot of discussion about OnePlus phones and the data they exfiltrate. There's a bunch of vendor bloatware even on my factory-reset phones so it's not out of the question that a carrier-locked phone might have snuck something else in there.
Intelligence can be inferred at the carrier level even with paranoid privacy settings and all apps using HTTPS. CDNs in particular frequently serve content over regular HTTP, and there aren't too many reasons why you'd be communicating with Grindr's CDN. All of this is visible over the wire.
DNS requests betray a lot about you. VPNs are notoriously leaky when it comes to DNS as well. I'd expect that even with a VPN running you're not stopping anything, just changing the exfiltration route for some of your traffic.
Android lets you delete the advertising id that's mentioned in the article, as well as reset it. Does anybody who is in Adtech know what that does in terms of identifiability on brokers? Am I now "anon at location x,y", or am I "anon4321 at location x,y”?
One can be in process of making the most unfortunate or catastrophic decision or action, and their phone with adtech will only worry how to display them ad for a rope.
I don't work in the ad industry but am quite curious to learn the high level software components. For instance, I have heard of Audience Intelligence Platforms from the likes of Google and Adobe. Curious if anyone has come across a book, blog or lecture that lays out the landscape.
SnapChat does the same thing, we (not me technically, I am just a developer that worked with our ad team) set up Geofences around events to serve ads and we could continue to target those users for continuous remarketing as soon as they stepped foot into and out of a location of our choosing. In our case it was mostly a concert and car race. We knew -a lot- more than we probably should have. You could push filters, and all kinds of stuff within those custom geofences. Facebook & Google have similar, but it's not near as granular as what I saw with Snap. They might have changed it by now, this is when they first were getting into advertising. It honestly wasn't very effective, probably because of the demographic that uses SnapChat.
Tiktok was used to find and track/monitor Chinese dissident whereabouts a few years ago by the CCP in Hong Kong.
every ad network does this. right before the pandemic the new feature released on all big five was digital-out-of-home, which is the literal plot of dystopian movies... outdoors targeted to people passing by.
after that they all added targeting by weather (latest fine grained targeting under gdpr) and BT beacon tracking.
fun fact, google uses BT on your phone to mark of you entered a store after seeing an ad for it to get paid for the "conversion".
Ad serves up an image hosted by the advertiser. Phone makes an http get for the image and gives out its IP.
You can also target ads by geography and do a lat/long box over your target area and show a specific ad so you know how many unique users are in that area.
Baryshnikov & Ghrist, Target Enumeration Via Euler Characteristic Integrals (2009)
> We solve the problem of counting the total number of observable targets (e.g., persons, vehicles, landmarks) in a region using local counts performed by a network of sensors, each of which measures the number of targets nearby but neither their identities nor any positional information. We formulate and solve several such problems based on the types of sensors and mobility of the targets.
Just don't give it access to your location. Not like I've widely sampled all of them, but Apple's weather app I do currently use does not require location services. I can simply tell it the zip code I care about knowing the weather for, which may or may not be where I am physically located at the time.
Apple bought a weather company for this purpose. So probably Apple’s honestly. Everything else needs to make money somehow while freely giving you data.
Apple bought Dark Sky, ostensibly in order to incorporate it into their Weather app. But, that app is the same or worse than it was before, so I can't recommend it. Dark Sky was excellent.
+1 for Windy! Note that there are two apps named Windy, one with a red icon and one with a blue icon. The one you linked to has a red icon and lists its developer as Windyty, SE.
The one with the blue icon has a site at Windy.app. Their privacy policy is much more hand-wavy, with lines about how they “don’t sell” but “share” your personal information:
One of the techniques they list explicitly is to use the Meta pixel for targeted advertising. I’m not aware of any way to remove geo data from, for example, the Meta pixel and the auctions it sells into. It suggests to me that perhaps they’re thinking of your geo data as incidental to placing targeted advertising.
heh. this reminds me that google just last week updated all their system apps (maps, calendar, clock) to include mandatory, no way to disable, weather. now they can phone home every time you look at the time or set up an alarm even under GDPR.
More convenient, more location-accurate, can integrate with the OS like widgets.
What a terrible take. People like apps, we should make apps private I stead of telling people not to use apps. FWIW, websites can gain access to your location too, so plenty of people will still be tracked.
I found that OnePlus android allows you to toggle mobile data and WiFi data per app, by the way. Pixel and Samsung only allow that for mobile. Semi related.
Life360, like other apps that track location data, makes a significant portion of its annual revenue from selling this data -- about 20 percent in 2020.
A friend of mine had a girl he was dating drop him because she couldn't understand why he didn't text her all the time- never mind that he worked at a Navy facility that didn't allow cell phones.
