It's more like a trillion dollar market. The actual players are Google, Facebook, and Apple... these startups are just location data gnats.
Location data is probably the single best demographic info to have to make money, and at least 3 companies in the world have basically everyone's phone bugged. Ads, maps, social... all totally dependent on location data from users.
When I lived in my car in SF a waymo would pass me right when I left and at many key intersections and at my destinations. I know it was not random but I don’t go down the rabbit hole of trying to figure out how they did it. If I get proof then I’d be vindicated. I tweeted about it as a human rights violation often, having no way to retreat. I long ago took it as a given that we have no privacy. I can only imagine where the data comes from and goes and how it is augmented.
Why would they care about me? Anti-terrorism, anti-competition, who knows. I tried not to think that much about it. I simply noticed the extreme regularity and improbability if it and thought in those terms and went about my limited life.
The vans are very menacing with their spinning sensors and black helmet, I’d hate to have been an actual criminal. Built charachter ignoring them.
I don't agree with the current directions of technology in terms of surveillance and data collection for private and powerful interests, but I find it far more likely that living in SF you'd be exposed to more mobile Waymo platforms that just happen to be collecting data regularly as part of engineering work, data collection, testing, and so on.
No offense but why would Waymo care about you in particular unless you were some significantly important/critical former disgruntled employee or risk/potential asset to their business?
They were just testing their equipment to track everyone better!
Absolutely surreal the mental gymnastics some are capable of convincing themselves to be comfortable with. Sometimes the problem is that the technology is being applied at all. The fact every techbro hides behind "Pfft, it ain't you we're interested in," doesn't quash the unspoken "it's everyone and you".
It's good that you are managing to ignore these. However, while is common knowledge that Google collects data on everyone, informed opinion seems to be that they do so on a wholesale basis rather than having their vans follow individuals, which would likely be prohibitively expensive. You may want to think about the possibility that you are having some symptoms of one of the mental health problems which cause paranoia. If so, it may be a good idea to get it checked out, as they can be really hard to deal with once set in.
I understand you went through a very difficult experience being homeless, but I can assure you that Google isn’t interested in you in particular. Google casts a wide net when it collects data, having Waymo vehicles and vans following you (or any other single person) would be rather expensive. They collect data on all of us, just not quite as actively as physical surveillance.
I’ve been in a survival frame of mind before and it can feel like the whole world is against you. It’s hard to trust anyone. Living in a car in SF (or any city) would give me massive anxiety, there’s no “safe place” where you can fully let your guard down.
I know you don’t want to hear this, and have probably heard it before, but your paranoia may be a sign of untreated mental illness. Stress can trigger mental health issues, and treatment may help. I also understand that the medications have some pretty bad side effect profiles, and being labeled mentally ill means you get treated completely different than everyone else (in healthcare in particular) I also understand that your experience of feeling surveilled felt very real to you, the hard part of treating the disorders is that it’s hard to accept what you experience isn’t real, since it’s very real to you.
I encourage you to consider seeking help, but understand why you’d be hesitant. Take care.
Yeah, me too; i have paid email, paid adblocking dns. I de-googled my life and ditched FB, insta, twitter. (Ok, that I also did for my own mental well-being)
But I'm, what, a 0.1% minority of global internet users?
Meanwhile I try to find suitable games for my kids to play or video's to watch, and 9 out of 10 things I find have monetize through some quality-reducing, interruptive, annoying ad-driven modus operandi.
It's not just services or software: consuming content is equally degraded by the expectation of limitless quantities of free shit.
That's not why people enter the race, in my experience.
I remember years back talking to friends and people I knew who all said things like 'think of the data we're collecting' - nobody thought about asking the end user if they wanted that data collected.
It's not about 'oh no, I have to spy on my users;' the users aren't considered at all. If they are, there are patterns built to prevent them noticing and limit liability. It's pretty vile.
Ethically, you should only try collect the data you reasonably believe your users would be ok with you collecting if they knew as much as you did about what a bad actor could do with it, and you should ask them first.
did our ancestors have GPS enabled phones when they started making trans-atlantic trips? What about my grandma in 1970 packing up 6 kids in a station wagon and driving somewhere on vacation? You can get by without google maps and google even.
It doesn't matter about what your ancestors got by with, but how close you are to baseline effectiveness as a human being in order to keep up with the society you live in.
If you are a weirdo who is not available to communicate with like everyone else, people stop being your friend, you economic opportunities reduce and so on. If your more late because you got lost more often, because you don't use gps, people don't want to associate with you as much and so on.
I'll chip in if it contains the unregistered ones in there.
I'd trade my flat for all transactions involving everyone in the medical field (in UK) for the past 4 years(including relatives and friends). If only location data is available... I'll do with that.
This is actually a great hacktivism idea! It could include all influential people who are enablers of today's system, such as regulators and politicians.
Is it legal to publicly disclose this data, or is it only legal to collect and sell it?
The one potential obstacle is that the shady 3p data brokers might refuse to sell it if they smell the purpose.
For someone as active on HN as you, I’m surprised you don’t know of the numerous stories in the past about carriers selling location data to advertising networks and the numerous cases where the raw data has leaked publicly via careless aggregators[0]. Like even Congress got fired up on it at the time because of leaks, but you can be assured it’s still happening[2] despite claims otherwise.
As to the precision argument, US cell carriers can locate you to within 150ft easily in a city / populated area (and are required to be able to by the FCC[1]). They don’t just depend on multiple tower triangulation, but use much more advanced techniques (can provide sources if asked). Back in 2017 multiple carriers were demonstrating to my then employer how they could generally even determine what floor you were on in a building within a range of 4-5 floors. Apparently now the FCC mandates it to be within 10ft[1] vertical accuracy now in the top 25 markets.
The same PRS system that tracks a UEs precise location for E911 / law enforcement / government use / etc is also used on tracking the general usage of any customer of the carriers all the time.
I wonder if it’s actually possible to prevent fingerprinting of a radio transmitter (aside from active measures like intentionally sending out noise broadcasts periodically): it seems to me that a clever enough adversary with two or three receivers could fingerprint all the devices in the area based on transmission patterns and locate/identify individuals. Combined with CCTV or other data, this could even be sufficient to pinpoint irl identities.
Carriers are a small fraction of the problem, Google, Apple and Facebook are the main part of it, and all three of them are outside of the jurisdiction where I live, where carriers are not allowed legally to sell this data to advertisers because of the lack of a legal basis for processing. That doesn't mean it doesn't happen but it does mean that doing so is illegal.
Emergency services and LE after properly executed warrants are the only parties that should have access to this information without your explicit consent to be used for advertising.
Just enabling 'Google maps' on your phone should not give Google, the advertising giant unfettered access to your location data just to give one example.
> How can I stop companies from getting my location data?
The steps they list only cover gps data. In my final year at uni, during the capstone fair, I recall one group built a tracking system that relied on Bluetooth or wifi or something (maybe cellular signals?) to identify and track people indoors. I think they pitched it to be used in malls or airports, but really could work anywhere. It was surprisingly robust.
There are other projects that track you by license plate on highways, or by facial recognition. All this is location data too. I don’t think a highly motivated person could avoid location tracking any more without living in the woods
You don't need to send location data to reveal it. E.g. WiFi signal strength of different devices and cell tower strength or switching are easy points to help locate someone. Google was already prohibited from collecting WiFi data in the EU (with streetview cars specifically, but what would stop them from using any android device...), you can bet they still do it in the rest of the world.
I once read that Apple and Google actively keep track of Wifi access points so they can map out interior spaces, and also geolocate you even if you have GPS location services disabled. I don't know if that's true, but I wouldn't put it past them.
Nice. I like how the opt-out is really intrusive, in order to discourage you from doing it. And of course being on a "_nomap" SSID is going to make you easily identifiable anyway, because nobody else is doing it.
You wouldn't let a Google rep come to your house and physically map out your home, or note down the MAC addresses of your Wifi access point. Yet people are totally OK with them doing it as long as someone physically doesn't show up to do it.
Your shoes could have embedded RFID tags (perhaps originally intended as a payment/anti-theft method by the store you bought them from) that can be used to fingerprint/track you everywhere.
For what it’s worth, I’ve been using their bluetooth addresses to track my flatmate’s and my Apple watches for about the last eighteen months (obvs with knowledge and consent from both of us), just to determine whether we’re inside or outside the apartment and trigger some home assistant scripts when we leave/arrive.
Our watches haven’t changed their their bluetooth addresses during that time.
(The detection is accomplished by having a raspberry pi periodically call `hcitool name <address>` and checking whether it gets a response)
Carrier geolocation is there whether you like it or not and at this point I think legislation is the only solution to making location logs illegal to keep for governments and companies. It's not really being created by your smartphone but more like observed by the carriers cell phone towers so they can do handoffs and a side effect of how the network layer works.
Also stuff like iBeacon is pretty much impossible to avoid, it still works even when bluetooth is completely turned off. I got an iBeacon based alert when I walked into an apple store with bluetooth turned off for example, and there is no setting to turn off iBeacon tracking.
Google is worse in other ways, it's incredibly infuriating.
Certainly the phone manufacturer (and OS provider if different) can have a go at anything they want.
I'm not sure what all counts as "getting data off" the phone, but some other methods of smartphone tracking:
- wifi (sometimes even if wifi is "off")
- EXIF on photos you take and share
- QR code usage
- public USB charging ports
Then there's cross-tracking by other means. It's likely someone has enough data to associate your phone with your credit or debit accounts, or a public transit card, or vehicle plate numbers & toll tags, or with your face and voice.
Most people connect to wifi at home and at work. Every app on your phone reports your current IP address. Even if you don't open an app, the app server can send it a silent push notification which wakes up the app and lets it send back your current IP address. Therefore every app knows where you live and work and when you are at those places. If you connect to wifi at friends' places or coffee shops or a hotel, they get that data, too.
This is missing from the article. It is a major omission.
iOS & Android could help reduce IP-address tracking. They could treat Internet Access as a privacy setting: require apps to ask for permission and let the user control when the app communicates (never, when in use, always). One can disable app notifications to reduce app wake-ups, but the OS does not teach users about this. Notifications are not listed under "Privacy". Also, apps can use other ways to wake up frequently and report the current IP address.
Additionally, iOS & Android could support hermetic proxy services. Currently, one can install a VPN app on iOS, but device traffic goes through the VPN only when the app is running and connected. All apps get direct access to the network (and your IP address) whenever the VPN connection is not enabled, which occurs during device restarts, VPN service outages, VPN app updates, and when switching between mobile & wifi. iOS has the ability to disable network access when the VPN is down, but setting it up is a complicated procedure which requires using a macOS device and wiping the iOS device. And there's no emergency-disable option.
Both Apple and Google ignore many easy things they could do to improve user privacy.
This is a layered problem; Apple and Google (for better and worse) are best positioned to deal with the app ecosystem.
But there's the mobile provider piece of this -- the tower knows where you are because currently it has to, and the network providers are part of this location data market, selling location data for everyone, whether they use leaky apps or not. This is worse with 5G due to smaller cells and thus finer-grained location data.
My personal understanding of this...... Show is that they never share my actual data but rather allow advertisers to target me based on these parameters, and if the advertiser is specific enough and get me to click I could potentially be identified by the ad.
For graphical ads, typically the advertiser can include beacons which can indicate membership in the targeted group, the same as a click. No interaction needed.
A trustless model in which the tower can provide a connection, know the relevant endpoint location on the tower hardware only, and prevent any access to that data except to law enforcement with a valid warrant. Providers don't need location data. Put in place lethal penalties for violating data privacy - if a company is caught harvesting data outside legal limits, they get fined into oblivion, and the money is split between victims and enforcement.
Being a service provider shouldn't mean an unlimited license to spy on your customers. Being a big corporation shouldn't mean you get to ignore the rules applied to individuals.
We need better laws, and we need to exclude megacorps and megamoney from the legislative process.
Yes, so make it illegal for providers to send location data anywhere other than the tower hardware, and make it corporate suicide to collect the data, except at the individual level with a specific warrant.
> Make it illegal for providers to send location data anywhere other than the tower hardware.
The entire planet's mobile telephone system would then stop working.
As far back as GSM, your approximate location is continually updated in the HLR/HSS database (and VLR) so the the system knows where to send the MAP SS7 paging message to tell your phone to ring when someone calls you (or where to deliver a SMS).
Its a mobile network - it needs to know where you are.
I've had fleeting interests in this area for a while now, but for a number of reasons have never managed to do much in it.
The standards are all open right, for modern mobile networks. Every time I see this topic come up there seems to be something about patents and entrenched oligopolies (i.e with Qualcomm). Is there any legal or IP issues raised from making open source modems for LTE/4G/5G/whatever networks.
If you're really worried about this the only thing you can really do is not carry a phone, or carry one with a hardware radio switch and only turn it on when you want to use it. Of course you won't receive calls or messages, but that's not the end of the world, it's just like going back to the 1980s.
The _only_ possible solution to this problem is government regulation. An open source radio on your phone does literally nothing when the phone networks are all hostile.
There’s regulation to protect human life, and then there’s regulation to protect business interests. The ”free market” advocates claim that the former are anti-competitive while they try their best to have the latter enacted.
It's possible for the state and big business to both be your enemy. In a country like the USA where big business owns the government that's often the case.
This is super cool. It's awesome to see someone trying to tackle this problem. I assume no carrier/mvno will adapt this but I'd be extremely happy to be wrong. I would instantly switch to a provider that made use of this tech.
LTE will give you a datapoint roughly every 2 minutes. Accuracy will depend on the density of the LTE towers (150m - 2km). So besides Google, FB, etc. Telecom operators also play a role in this space. Remember that GPS might not always be turned on while your phone pinging cell phone towers happens all the time.
With future 5G implementations this accuracy will be even further increased because the antenna range is short and the density will be much larger.
I would love to know if/when there's an MVNO with international roaming that implements PGPP. Any recommendations on the best sources or topics to follow to stay on top of this kind of news?
It's baffling that this information is worth so much. I'm curious as to what marketing is being custom sent to me based on the location data they get from me. I actually leave me phone at home most of the time if I'm going to the store or a nearby restaurant but I always take it with me when I go hiking. Even though I turn it off at the trailhead to save the battery in case I need it later, I'm sure I'm identified in some database somewhere as a person who goes hiking, but then what? I'm already an REI member. Maybe environmental groups could send me political and fund raising pleas (they don't but I guess they could).
I have heard it is used by some marketing firms, I have heard that some corporates use it for data on their own properties/competitors (the former may not be obvious, but some malls may do this to check on tenants, malls also usually have their own tracking stuff on site too btw) but the main user are hedge funds.
Not all of this data is useful by itself but it is useful once you integrate it with everything else (lots of firms have tried to use this data on it's own, and then complained it "doesn't work" when they employ no-one who actually understands the restaurant business, for example).
Also, I will say too...99% of this data is coming from free apps whose only purpose is to harvest data from the unwitting. I don't understand fully how this is possible because, presumably, it should be quite obvious to App Stores that a flashlight app does not need to know your location...but it keeps happening. Some of the big data aggregators are actually pretty creepy, I have seen some companies retailing personalised data on every person in the US, I don't think anyone knows where it is all coming from apart from them (I also wouldn't discount hacking tbh, there is so much money in this that I think they have to be doing it).
Imo, all this shit should be blocked. Even within hedge funds, you are seeing funds that are using this data, no-one knows where it comes from, how it was collected, and they making piles of money from it but no-one else can access it...they just call up a firm, tell them they will pay $50m/year if you don't sell this to anyone else, it is all very opaque.
Footfall for retail, property, also could be useful with commodities.
But they have other data: they have your bills, emails, app usage data...again, not sure how legal it is or whether some of this isn't hacked data (App Annie is a, presumably, legal source...but there are far more).
Speculation but they could geofence individual home addresses and stores and generate a list of customers/employees, use the phone locations at 3am to get home addresses and the location during business hours to predict whether (say) Walmart traffic was up or down vs Target. They could also figure out who works at Walmart/Target and track shift hours, headcount etc. and predict earnings.
> Modeling consumer behavior and forecasting future financial performance based on foot traffic and POI data;
> Evaluating and managing real estate asset portfolios based on migration patterns;
> Conducting trade area analysis for new investment opportunities;
> Leveraging property-level insights to build more specific insurance risk assessments; and
> Assessing sector and competitor performance.
Note that this is the words of the data broker itself. This one in particular doesn't appear to sell individual data, but rather aggregates by age/county/census group/income etc. It appears as most of their source data is mobile/app based.
I'd not be surprised if fraud is common among data miners and brokers - it'd be easy to inflate numbers in order to make more $.
Feeding the data miners with fake data would probably be relatively easy to pull off - say you just bought a house in a remote area and you want some new shops to open and the price of your house to go up..
103 comments
[ 3.4 ms ] story [ 172 ms ] threadLocation data is probably the single best demographic info to have to make money, and at least 3 companies in the world have basically everyone's phone bugged. Ads, maps, social... all totally dependent on location data from users.
Why would they care about me? Anti-terrorism, anti-competition, who knows. I tried not to think that much about it. I simply noticed the extreme regularity and improbability if it and thought in those terms and went about my limited life.
The vans are very menacing with their spinning sensors and black helmet, I’d hate to have been an actual criminal. Built charachter ignoring them.
I don't agree with the current directions of technology in terms of surveillance and data collection for private and powerful interests, but I find it far more likely that living in SF you'd be exposed to more mobile Waymo platforms that just happen to be collecting data regularly as part of engineering work, data collection, testing, and so on.
No offense but why would Waymo care about you in particular unless you were some significantly important/critical former disgruntled employee or risk/potential asset to their business?
They were just testing their equipment to track everyone better!
Absolutely surreal the mental gymnastics some are capable of convincing themselves to be comfortable with. Sometimes the problem is that the technology is being applied at all. The fact every techbro hides behind "Pfft, it ain't you we're interested in," doesn't quash the unspoken "it's everyone and you".
I’ve been in a survival frame of mind before and it can feel like the whole world is against you. It’s hard to trust anyone. Living in a car in SF (or any city) would give me massive anxiety, there’s no “safe place” where you can fully let your guard down.
I know you don’t want to hear this, and have probably heard it before, but your paranoia may be a sign of untreated mental illness. Stress can trigger mental health issues, and treatment may help. I also understand that the medications have some pretty bad side effect profiles, and being labeled mentally ill means you get treated completely different than everyone else (in healthcare in particular) I also understand that your experience of feeling surveilled felt very real to you, the hard part of treating the disorders is that it’s hard to accept what you experience isn’t real, since it’s very real to you.
I encourage you to consider seeking help, but understand why you’d be hesitant. Take care.
And for developers, you are forced to enter the spy-on-your-users rat race because everyone expects free shit.
I would happily pay for a quality product that respected my privacy.
But I'm, what, a 0.1% minority of global internet users?
Meanwhile I try to find suitable games for my kids to play or video's to watch, and 9 out of 10 things I find have monetize through some quality-reducing, interruptive, annoying ad-driven modus operandi.
It's not just services or software: consuming content is equally degraded by the expectation of limitless quantities of free shit.
I remember years back talking to friends and people I knew who all said things like 'think of the data we're collecting' - nobody thought about asking the end user if they wanted that data collected.
It's not about 'oh no, I have to spy on my users;' the users aren't considered at all. If they are, there are patterns built to prevent them noticing and limit liability. It's pretty vile.
Ethically, you should only try collect the data you reasonably believe your users would be ok with you collecting if they knew as much as you did about what a bad actor could do with it, and you should ask them first.
If you are a weirdo who is not available to communicate with like everyone else, people stop being your friend, you economic opportunities reduce and so on. If your more late because you got lost more often, because you don't use gps, people don't want to associate with you as much and so on.
I guess US is not as motivated as the EU, so, they'll follow, as usual.
I'd trade my flat for all transactions involving everyone in the medical field (in UK) for the past 4 years(including relatives and friends). If only location data is available... I'll do with that.
Is it legal to publicly disclose this data, or is it only legal to collect and sell it?
The one potential obstacle is that the shady 3p data brokers might refuse to sell it if they smell the purpose.
Yes, a couple of dollars per user is what is at the root of this privacy nightmare.
And guess who is ultimately paying this price anyway.
As to the precision argument, US cell carriers can locate you to within 150ft easily in a city / populated area (and are required to be able to by the FCC[1]). They don’t just depend on multiple tower triangulation, but use much more advanced techniques (can provide sources if asked). Back in 2017 multiple carriers were demonstrating to my then employer how they could generally even determine what floor you were on in a building within a range of 4-5 floors. Apparently now the FCC mandates it to be within 10ft[1] vertical accuracy now in the top 25 markets.
The same PRS system that tracks a UEs precise location for E911 / law enforcement / government use / etc is also used on tracking the general usage of any customer of the carriers all the time.
[0] one story among many from back then: https://www.engadget.com/2018-06-19-verizon-stop-selling-cus...
[1] https://www.fcc.gov/public-safety-and-homeland-security/poli...
[2] https://www.locationsmart.com/
Emergency services and LE after properly executed warrants are the only parties that should have access to this information without your explicit consent to be used for advertising.
Just enabling 'Google maps' on your phone should not give Google, the advertising giant unfettered access to your location data just to give one example.
Check out: CalyxOS GrapheneOS LineageOS AOSP
The steps they list only cover gps data. In my final year at uni, during the capstone fair, I recall one group built a tracking system that relied on Bluetooth or wifi or something (maybe cellular signals?) to identify and track people indoors. I think they pitched it to be used in malls or airports, but really could work anywhere. It was surprisingly robust.
There are other projects that track you by license plate on highways, or by facial recognition. All this is location data too. I don’t think a highly motivated person could avoid location tracking any more without living in the woods
Can't you just turn that off? Am I missing something?
You wouldn't let a Google rep come to your house and physically map out your home, or note down the MAC addresses of your Wifi access point. Yet people are totally OK with them doing it as long as someone physically doesn't show up to do it.
https://support.apple.com/en-ca/guide/security/secb9cb3140c/...
https://source.android.com/devices/tech/connect/wifi-mac-ran...
Our watches haven’t changed their their bluetooth addresses during that time.
(The detection is accomplished by having a raspberry pi periodically call `hcitool name <address>` and checking whether it gets a response)
If I disable location tracking then am I safe? I don't install crappy vendor apps on my smartphone to begin with.
Also stuff like iBeacon is pretty much impossible to avoid, it still works even when bluetooth is completely turned off. I got an iBeacon based alert when I walked into an apple store with bluetooth turned off for example, and there is no setting to turn off iBeacon tracking.
Google is worse in other ways, it's incredibly infuriating.
I'm not sure what all counts as "getting data off" the phone, but some other methods of smartphone tracking:
Then there's cross-tracking by other means. It's likely someone has enough data to associate your phone with your credit or debit accounts, or a public transit card, or vehicle plate numbers & toll tags, or with your face and voice.Most people connect to wifi at home and at work. Every app on your phone reports your current IP address. Even if you don't open an app, the app server can send it a silent push notification which wakes up the app and lets it send back your current IP address. Therefore every app knows where you live and work and when you are at those places. If you connect to wifi at friends' places or coffee shops or a hotel, they get that data, too.
This is missing from the article. It is a major omission.
iOS & Android could help reduce IP-address tracking. They could treat Internet Access as a privacy setting: require apps to ask for permission and let the user control when the app communicates (never, when in use, always). One can disable app notifications to reduce app wake-ups, but the OS does not teach users about this. Notifications are not listed under "Privacy". Also, apps can use other ways to wake up frequently and report the current IP address.
Additionally, iOS & Android could support hermetic proxy services. Currently, one can install a VPN app on iOS, but device traffic goes through the VPN only when the app is running and connected. All apps get direct access to the network (and your IP address) whenever the VPN connection is not enabled, which occurs during device restarts, VPN service outages, VPN app updates, and when switching between mobile & wifi. iOS has the ability to disable network access when the VPN is down, but setting it up is a complicated procedure which requires using a macOS device and wiping the iOS device. And there's no emergency-disable option.
Both Apple and Google ignore many easy things they could do to improve user privacy.
But there's the mobile provider piece of this -- the tower knows where you are because currently it has to, and the network providers are part of this location data market, selling location data for everyone, whether they use leaky apps or not. This is worse with 5G due to smaller cells and thus finer-grained location data.
With a colleague I've founded a startup, Invisv, to provide location privacy -- and more. FWIW, Wired wrote up our work on this several weeks back: https://www.wired.com/story/pretty-good-phone-privacy-imsi-w...
How does that help? If you do that the best you can do is obfuscate your location by a mile.
Please prove me right.
Being a service provider shouldn't mean an unlimited license to spy on your customers. Being a big corporation shouldn't mean you get to ignore the rules applied to individuals.
We need better laws, and we need to exclude megacorps and megamoney from the legislative process.
but doesn't that mean you can still pinpoint people at the cell level? With cells being smaller in 5g networks, the problem is going to get worse.
The entire planet's mobile telephone system would then stop working.
As far back as GSM, your approximate location is continually updated in the HLR/HSS database (and VLR) so the the system knows where to send the MAP SS7 paging message to tell your phone to ring when someone calls you (or where to deliver a SMS).
Its a mobile network - it needs to know where you are.
The standards are all open right, for modern mobile networks. Every time I see this topic come up there seems to be something about patents and entrenched oligopolies (i.e with Qualcomm). Is there any legal or IP issues raised from making open source modems for LTE/4G/5G/whatever networks.
These are the people who have been giving literally trillions of dollars to the wealthy in their spending bills.
What would they have to do to convince you they are not going to help you?
It's possible for the state and big business to both be your enemy. In a country like the USA where big business owns the government that's often the case.
Link to research paper: https://www.usenix.org/system/files/sec21-schmitt.pdf
Google and Apple have a much higher precision for your location, unless you are being very careful.
I have heard it is used by some marketing firms, I have heard that some corporates use it for data on their own properties/competitors (the former may not be obvious, but some malls may do this to check on tenants, malls also usually have their own tracking stuff on site too btw) but the main user are hedge funds.
Not all of this data is useful by itself but it is useful once you integrate it with everything else (lots of firms have tried to use this data on it's own, and then complained it "doesn't work" when they employ no-one who actually understands the restaurant business, for example).
Also, I will say too...99% of this data is coming from free apps whose only purpose is to harvest data from the unwitting. I don't understand fully how this is possible because, presumably, it should be quite obvious to App Stores that a flashlight app does not need to know your location...but it keeps happening. Some of the big data aggregators are actually pretty creepy, I have seen some companies retailing personalised data on every person in the US, I don't think anyone knows where it is all coming from apart from them (I also wouldn't discount hacking tbh, there is so much money in this that I think they have to be doing it).
Imo, all this shit should be blocked. Even within hedge funds, you are seeing funds that are using this data, no-one knows where it comes from, how it was collected, and they making piles of money from it but no-one else can access it...they just call up a firm, tell them they will pay $50m/year if you don't sell this to anyone else, it is all very opaque.
But they have other data: they have your bills, emails, app usage data...again, not sure how legal it is or whether some of this isn't hacked data (App Annie is a, presumably, legal source...but there are far more).
> Modeling consumer behavior and forecasting future financial performance based on foot traffic and POI data;
> Evaluating and managing real estate asset portfolios based on migration patterns;
> Conducting trade area analysis for new investment opportunities;
> Leveraging property-level insights to build more specific insurance risk assessments; and
> Assessing sector and competitor performance.
Note that this is the words of the data broker itself. This one in particular doesn't appear to sell individual data, but rather aggregates by age/county/census group/income etc. It appears as most of their source data is mobile/app based.
I'd not be surprised if fraud is common among data miners and brokers - it'd be easy to inflate numbers in order to make more $.
Feeding the data miners with fake data would probably be relatively easy to pull off - say you just bought a house in a remote area and you want some new shops to open and the price of your house to go up..
Does this exist, but require a boatload of money and contracts first?