So they say to turn of location permissions and stuff, but what about the network carrier? Any privacy focused cell services that are reasonably priced?
We can not trust many "governments". The financial incentives are just too powerful. There are cases of people becoming millionaires after they left politics. Post-retirement payback and kickbacks.
I can’t respond directly to octoclaw’s dead comment (edit: embarrassingly this was an LLM), but I will just say I agree, it is ridiculous both how cheap this data is and how many people aren’t aware of it. It’s not just governments who can get access, either.
This is another reason why you should not be carrying a phone everywhere except for times where you absolutely need one.
I work with Ad Data a lot in my job, and there's a lot of misconceptions about what this data that journalists love to propogate:
The location data in these networks is very inaccurate. Your OS and browser actually do a pretty good job of locking down your location data unless you give explicit permission. It's in the ad network's interests to lie about the quality of their data - so a lot of the "location" data is going to be a vaguely accurate guess based on your IP address.
But also, location data is really important to ads right now because, contrary to common perception, per user tracking is very, very hard. Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is unique. Which is why you are often served advertisements based on what other people on your network is searching - it's much easier to just blast everyone at that IP address than it is to find that specific user or device again in the data stream.
Bidstream data in particular is very fraught. You're only getting the active data at the point the add is served, but it's not easy to aggregate in any way. You'll be counting the same person separately dozens or hundreds of times with different identifiers for each. The data you get from something like Mobilewalla is not useful for tracking individuals so much as it's useful for finding patterns.
I think it's pretty telling from the few examples shared about how agencies actually use the data:
>"CBP uses the information to “look for cellphone activity in unusual places,” including unpopulated portions of the US-Mexico border."
>According to the Wall Street Journal, the IRS tried to use Venntel’s data to track individual suspects, but gave up when it couldn’t locate its targets in the company’s dataset.
>In March 2021, SOCOM told Vice that the purpose of the contract was to “evaluate” the feasibility of using A6 services in an “overseas operating environment,” and that the government was no longer executing the contract
Something is going to have to be figured out about this data - realistically the only way is a sunset on customized advertisements. However, I would personally not be worried (yet) that the government is going to be able to identify an individual and track them down using these public sources as they currently are.
> Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is unique
Aren't there many examples of these? For example IMEI, IMSI, phone number, etc?
Even without "unique" signals, isn't it fairly trivial to identify a user with a handful of "not very unique" signals? User-agent, a few recent IP addresses, browser capabilities, list of installed apps, device operating system properties, etc?
I worked closely to some of this. There were strict policies in place to never monitor US Citizens. That said i was focused in more kinetic warfare domains and not sure what would've extended past the borders by local law enforcements (DHS typically dictated no-us-soil policies). But, this is a money-hungry data pipeline of resellers and aggregators and they were always eager to sell more.
There’s literally a flock camera at basically every street location that one suburb borders another where I live.
There’s really not any legal practical way to avoid ALPRs.
I’m pretty sure the government knows where I am 24/7. I’m not going to worry about targeted advertising by the government anymore and just worry about it the people reselling it to non-governments for use.
> 2. Review apps you’ve granted location permissions to.
I'm surprised they missed the most important step, which is blocking the advertisers from collecting your data in the first place. This is easily done in the browser with uBlock Origin and system-wide with DNS filtering.
I have 26 apps on my phone. Of those, four are Safari extensions, one is a PWA and another I wrote myself. I use a restrictive nextDNS profile that also blocks Apple's native tracking (as best they can) and don't use social media. I feel like that's the best I can realistically do.
It always kinda amazes me how people panic about gov data use but barely blink at the private sector doing the exact same thing… except way less transparently.
Like yeah, sure, governments collecting data deserves scrutiny. 100%. But at least in most democracies there are audits, oversight bodies, privacy commissioners, courts, access to information laws, etc. There are actual mechanisms where someone can ask “why are you doing this?” and force an answer.
Meanwhile we hand over our location, browsing habits, shopping patterns, sleep schedule, and probably our favorite pizza topping to dozens of private companies every day. Those companies can aggregate it, sell it, profile you, feed it into ad markets, train models with it, or ship it across borders… and most of the time nobody outside the company even knows it’s happening.
So yeah, data collection in general is worth debating. But the irony is wild when people lose their minds over the one place that at least has some governance and accountability, while the entire private ad-tech ecosystem is basically “trust us bro” with a 40-page terms of service nobody reads.
I am surprised the article does not mention obvious mitigation strategies, including network-wide DNS blacklists, browser ad blockers, and not using proprietary apps on phones.
Duh, what do you think we were building for the last 10 years? Does anyone with two brain cells think that corporate surveillance wasn't going to be co-opted by authoritarianism?
The only people who didn't understand this were either delusional or being paid not to.
Yet another reminder that everyone everywhere should be blocking all ads all the time. I don't say that lightly as absolutes tend to not be the appropriate solution, but an absolute stance of blocking ads is appropriate.
Is this something European style privacy laws would protect against? Though given the US political situation we are far from being able to enact any kind of anti-authoritarian protections...
I run as few apps as possible, use Firefox / Ublock on my phone. I do play the odd card game (ad-supported), but only 1 or 2 times a month. I may just buy the app outright at some point.
Does sharing location with family (Android) leak any data?
45 comments
[ 3.3 ms ] story [ 69.6 ms ] threadhttps://securitylab.amnesty.org/latest/2025/12/intellexa-lea...
The fact that we still just allow arbitrary 3rd party code to run through ad networks is bizarre.
This is another reason why you should not be carrying a phone everywhere except for times where you absolutely need one.
The location data in these networks is very inaccurate. Your OS and browser actually do a pretty good job of locking down your location data unless you give explicit permission. It's in the ad network's interests to lie about the quality of their data - so a lot of the "location" data is going to be a vaguely accurate guess based on your IP address.
But also, location data is really important to ads right now because, contrary to common perception, per user tracking is very, very hard. Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is unique. Which is why you are often served advertisements based on what other people on your network is searching - it's much easier to just blast everyone at that IP address than it is to find that specific user or device again in the data stream.
Bidstream data in particular is very fraught. You're only getting the active data at the point the add is served, but it's not easy to aggregate in any way. You'll be counting the same person separately dozens or hundreds of times with different identifiers for each. The data you get from something like Mobilewalla is not useful for tracking individuals so much as it's useful for finding patterns.
I think it's pretty telling from the few examples shared about how agencies actually use the data:
>"CBP uses the information to “look for cellphone activity in unusual places,” including unpopulated portions of the US-Mexico border."
>According to the Wall Street Journal, the IRS tried to use Venntel’s data to track individual suspects, but gave up when it couldn’t locate its targets in the company’s dataset.
>In March 2021, SOCOM told Vice that the purpose of the contract was to “evaluate” the feasibility of using A6 services in an “overseas operating environment,” and that the government was no longer executing the contract
Something is going to have to be figured out about this data - realistically the only way is a sunset on customized advertisements. However, I would personally not be worried (yet) that the government is going to be able to identify an individual and track them down using these public sources as they currently are.
Eg by running standard Android? That doesn't have eg secure app spawning, so apps can profile app initialisation data AIUI
And probably 10 other things behind the scenes that GrapheneÓS plugs?
Aren't there many examples of these? For example IMEI, IMSI, phone number, etc?
Even without "unique" signals, isn't it fairly trivial to identify a user with a handful of "not very unique" signals? User-agent, a few recent IP addresses, browser capabilities, list of installed apps, device operating system properties, etc?
There’s really not any legal practical way to avoid ALPRs.
I’m pretty sure the government knows where I am 24/7. I’m not going to worry about targeted advertising by the government anymore and just worry about it the people reselling it to non-governments for use.
https://web.archive.org/web/20070920193501/http://www.radaro...
> 1. Disable your mobile advertising ID
> 2. Review apps you’ve granted location permissions to.
I'm surprised they missed the most important step, which is blocking the advertisers from collecting your data in the first place. This is easily done in the browser with uBlock Origin and system-wide with DNS filtering.
Like yeah, sure, governments collecting data deserves scrutiny. 100%. But at least in most democracies there are audits, oversight bodies, privacy commissioners, courts, access to information laws, etc. There are actual mechanisms where someone can ask “why are you doing this?” and force an answer.
Meanwhile we hand over our location, browsing habits, shopping patterns, sleep schedule, and probably our favorite pizza topping to dozens of private companies every day. Those companies can aggregate it, sell it, profile you, feed it into ad markets, train models with it, or ship it across borders… and most of the time nobody outside the company even knows it’s happening.
So yeah, data collection in general is worth debating. But the irony is wild when people lose their minds over the one place that at least has some governance and accountability, while the entire private ad-tech ecosystem is basically “trust us bro” with a 40-page terms of service nobody reads.
For years, people have been sharing everything they do, what they do, people they spent time with, where they live.
Advertisement industry just adds more info to complete your profile, what you buy, what you watch, what you speak online, etc.
The only people who didn't understand this were either delusional or being paid not to.
Does sharing location with family (Android) leak any data?