hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

10K
active users

@briankrebs I'm confused how they end up getting so much location data. Are mobile carriers colluding with adtech industry to link up information (port and IP address used for ads -> subscriber id -> carrier location info), or is it just that Google and Apple have such bad permissions defaults/UX that junkware is able to access location unless you lock it down?

@dalias It's basically the nature of the mobile ad ecosystem in general. When you visit a website with your mobile, in a microsecond the ability to place a certain ad in front of you is put out as an automated bid request to hundreds of ad networks that can all bid on the ability to show their ad. There is a robust market now of participants to this real-time bidding market that simply collect and resell all the live bidstream data, which can include the phone's unique ID, precise location coordinates, and enriched data from other marketing and advertising firms that provide more details about the user.

If you're really interested in learning more about how it all works, you could do a lot worse than to read my linked story, which explains it in more detail.

@briankrebs What I'm asking is the technical question of where the location data originates from.

Is the user's phone doxxing them due to defaults or poor ux tricking the user into letting the adtech libraries integrated into junkware apps access location api?

Or are they getting access to location from the carrier via some identifying info the carrier can resolve back to a subscriber id to dox them?

@dalias Some of this is from mobile apps which sell user location data. A lot of it is from mobile websites that share location data with advertisers

@briankrebs But none of those should have access to location to begin with. Unless they've exploited bugs or tricked the user (or exploited bad OS defaults) to have location permission.

@dalias Yeah you're asking good questions, but afaict they are answered in the story I wrote and linked to. I realize it's long, but that's because it's also complicated.

Cassandrich

@briankrebs I didn't see answers but I'll re-scan or read it in detail again and see if I can find it. Thanks.