hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

10K
active users

@briankrebs I'm confused how they end up getting so much location data. Are mobile carriers colluding with adtech industry to link up information (port and IP address used for ads -> subscriber id -> carrier location info), or is it just that Google and Apple have such bad permissions defaults/UX that junkware is able to access location unless you lock it down?

@dalias It's basically the nature of the mobile ad ecosystem in general. When you visit a website with your mobile, in a microsecond the ability to place a certain ad in front of you is put out as an automated bid request to hundreds of ad networks that can all bid on the ability to show their ad. There is a robust market now of participants to this real-time bidding market that simply collect and resell all the live bidstream data, which can include the phone's unique ID, precise location coordinates, and enriched data from other marketing and advertising firms that provide more details about the user.

If you're really interested in learning more about how it all works, you could do a lot worse than to read my linked story, which explains it in more detail.

@briankrebs What I'm asking is the technical question of where the location data originates from.

Is the user's phone doxxing them due to defaults or poor ux tricking the user into letting the adtech libraries integrated into junkware apps access location api?

Or are they getting access to location from the carrier via some identifying info the carrier can resolve back to a subscriber id to dox them?

@dalias Some of this is from mobile apps which sell user location data. A lot of it is from mobile websites that share location data with advertisers

@briankrebs But none of those should have access to location to begin with. Unless they've exploited bugs or tricked the user (or exploited bad OS defaults) to have location permission.

@briankrebs I'm not asking this to be difficult or to blame users for installing junk apps and not locking down permissions right.

I'm trying to understand who the real culprits in leaking this data are, to know both who to target, and who is affected (like, are carriers doxxing us even if we have location properly locked down?).

@dalias @briankrebs You give location access to the app or site to get the weather, the embedded SDK passes the location to data brokers.

Cassandrich

@BucciaBuccia @briankrebs This seems like it's going to collect very limited data with a permission of "only while using the app".

@dalias @briankrebs Not difficult to persuade the user into giving background access “get notifications on important safety alerts”. It’s basically required to use an home screen widget effectively.