Every time you see a little banner ad at the bottom of an app, there’s an instantaneous auction to show you that ad space. Google forwards info to bidders, who calculate how much they will spend to show you the ad. This means even the losers of the auction get a firehose of data. There are companies set up right now whose purpose is to lose that auction but collect the data anyways.
It should not surprise you to learn, then, that In-Q-Tel (the non classified investment arm of the CIA) has invested in some of these analytics (read: digital surveillance) companies.
This link specifically says they get the data even if they don’t win the auction.
https://www.ftc.gov/news-events/news/press-releases/2024/12/...
> When Mobilewalla bid to place an ad for its clients on a real-time advertising bidding exchange, it unfairly collected and retained the information in the bid request, even when it didn’t have a winning bid, according to the complaint. The FTC’s complaint alleges that from January 2018 to June 2020, Mobilewalla collected more than 500 million unique consumer advertising identifiers paired with consumers’ precise location data. The raw location data Mobilewalla collected was not anonymized and the company doesn’t have policies to remove sensitive locations from the data set, meaning that such data could be used to identify individual consumers’ mobile devices and the sensitive locations they visited. The company sold access to this raw data to third-parties, including advertisers, data brokers and analytic firms.
That doesn't mention Google anywhere in it that I can find.
I think you meant to reply to someone who replied to me.
It was meant to reinforce your comment. :)
The ads customers do not see data. A handful of exchanges do.
Participating in header bidding gives you data similar to what you would see from operating a popular mobile website.
I don't know. It doesn't surprise me that In-Q-Tel makes investments in good arbitrage businesses like exchanges. I'm sure many good investors make good investments. It isn't some kind of cynical surveillance play.
> Participating in header bidding gives you data similar to what you would see from operating a popular mobile website.
A popular mobile website can only geolocate its own visitors based on IP and will have no idea what apps they have installed and what they do whenever they are not visiting that website.
The ad exchange gets information any time the users opens any of thousands of apps, without them ever interacting with the exchange.
"This device opened Grindr at this exact GPS coordinate, then Candy Crush at the church wifi, then a month later played Yahtzee for three hours near a military base in Afghanistan"
Then they package up that historical data and sell it. You can have years of location data for whatever purpose you can think of.
A thread on using this for surveillance from about a year ago:
https://news.ycombinator.com/item?id=38289337
As I commented there, while the antitrust case against Google is well-deserved, one effect of breaking their ad monopoly is opening up for even more actors to receive real-time header bidding data.
A look at the resolution of position data you can get:
https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i...
This will be correlated and joined with the geoip data from the apps without location data.
Mostly yes, but there is a detail to know.
RTB bidders are actually throtled based on the amount of traffic they purchase.
For example, if you win on average 100% of the time, you will get to see 100% of the traffic (for example, third-parties can see 100% of YouTube views, know which IP block has seen what videos, etc).
However, if you win on average 1% of the time, you may get only 1% of the requests.
Usually it's proportional to the amount you buy, to prevent such passive data collection.
Isn't the point of providing the data to give bidders a reason to bid (no point in bidding outside their market)? If so, that would give all data to any bidder, as claimed above.
Regarding proportionality, don't they always get the info of the bids they win? If so, what you're saying is that you only get the info of bids won.
> Isn't the point of providing the data to give bidders a reason to bid (no point in bidding outside their market)?
Yes
> If so, that would give all data to any bidder, as claimed above.
No, the big networks like Google or BidSwitch (which is an aggregator of traffic from other networks), they send you a randomized % of the requests.
The more you buy ("win-rate"), the more this % increase (so the number of requests per second you are allowed to receive.)
Some networks don't care or are too small, so they send you 100% all the time.
- [deleted]
It isn't some kind of cynical surveillance play.
The overwhelming experience of the contemporary internet says it always is.
> There are companies set up right now whose purpose is to lose that auction but collect the data anyways.
Which is against Google's terms, but of course they don't police it because it's their way of selling user data without explicitly selling user data.
If I understand this right, Google isn’t actually selling user data to auction losers because auction losers are collecting the data without spending any money.
They leak data that enables the marketplace they run and profit from. That's the indirection. They count on this obfuscation (lack of an explicit transaction for the bid request data) to keep people from thinking of them as selling data.
Collectively the participants use this data to optimize their future bids and other surveillance/marketing efforts outside the Google ecosystem.
I'm sure Google would prefer there not be any parties involved that are purely leeches. But they may not be able to or may not care enough to tell the difference between leeches and parties that are still working out their infrastructure and bidding strategy and will begin bidding eventually. Or perhaps making a certain number of low bids you don't intend to win is what keeps you in the game.
Google doesn't want the leeches, they throttle the buyers who don't win enough, and Google was forced by the law to make lot of privacy improvements.
For example, before the GDPR you would receive the full IP address of the user and the visited webpage URL.
123.456.123.456 https://www.youtube.com/watch?v=vNvlZg_zh1s
Now you receive only:
123.456.123.0 and more limited information about the context
Though this better privacy has a cost, because it means less revenue for Google, but also less revenue for the publishers, and less relevant advertising.
- [deleted]
How does one sign up for such a firehose? I was naively under the impression google did this bidding internally.
You need to get your ad platform technically certified and a very good reason to join (several millions in marketing budget will do the job), and a very good contact at Google, once this is done, this is what you have access to in real-time:
https://developers.google.com/authorized-buyers/rtb/download...
otherwise you can go through intermediaries like BidSwitch which are essentially resellers, it's much easier but you get less information
- [deleted]
Is this legal in Europe? Is it common practice?
In Europe it's a big no, but Israel is not politically in Europe, and yes it is a very common and widely accepted practice from companies there.
It started with the Download Valley where companies would monetize search ( https://en.wikipedia.org/wiki/Download_Valley ) and siphon personal data.
The same with location information, plenty of shady SDKs offer to pay you if you leak location of your users.
Again, mostly based in Israel, but sometimes New York.
One point I do not see addressed in the article is how the location is collected.
It'd be a little bit of a stretch to call IP geolocation as collecting location data as it is usually no more accurate than just procuring the geolocation yourself, so there's no need to get it from a broker. However, on an Android for example, both ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION require permission dialogs, so how does it exactly work?
At least some, if not the majority, is likely derived from the IP address used in the ad bidding process.
> Franaszek also says that “a significant amount of this geolocation dataset appears to be inferred by IP address to geolocation lookups, meaning the vendor or their source is deriving the user's geolocation by checking their IP address rather than by using GNSS [Global Navigation Satellite System]/GPS data. That would suggest that the data is not being sourced entirely from a location data SDK.”
These ad spaces are using the GMS services which is a default system app on every Google Android this app has virtually all access on your device including position and such. https://developers.google.com/android/reference/com/google/a...
Does this suggest permissions are a facade?
I think it means permissions work if the app owner is not participating in the ad-buy market, but if they are, then certain permissions (any covering data provided to bidders) are skirted by google.
And by that, who is not participating in the ad-buy market. It's nearly impossible to use the internet today without being forced into it.
It's a stretch to call out a game for tracking every IP use use and trying to location track you using that? A game should not be trying to track my location at all, not get a pass because technically it's not very accurate.
Tinder is location based, so probably through that.
Not sure about other apps.
where the CSV is downloaded from https://docs.google.com/spreadsheets/d/1Ukgd0gIWd9gpV6bOx2pc... in order to check the apps on your phone for any match.comm -12 <(cat gravy_app_list\ -\ count.csv| uvx --from csvkit csvcut -c 2 | rg '\.' | sort) <(adb shell pm list packages -3 | cut -f 2 -d ":" | sort)Two questions from looking at my list:
1. What do you replace PodcastAddict with? Will all ads traffic (not just the display of the ads on the screen) cease on a paid version?
2. How would MS Outlook get on the list in the first place?
> 1. What do you replace PodcastAddict with? Will all ads traffic (not just the display of the ads on the screen) cease on a paid version?
AntennaPod
I love AntennaPod. One app that does its job perfectly
This list is suspect. PodcastAddict doesn't even request location permissions[1]. How can it possibly get access to your location? If you read the article carefully, it caveats that the location might not even be sourced from gravy apps. At best, it's getting your ip location, which you're broadcasting to every website you visit anyways.
>Although this dataset came from an apparent hack of Gravy, it is not clear whether Gravy collected this location data itself or sourced it from another company, or which location company ultimately owns it or is licensed to use it.
[1] https://play.google.com/store/apps/details?id=com.bambuna.po...
Can it get the wifi SSID? Is that a permissioned property on Android/iOS? I believe there are companies that build databases of SSIDs and their locations by driving around, so if an app can get wifi info it could be pinpointed to a pretty specific location.
>Can it get the wifi SSID? Is that a permissioned property on Android/iOS?
It requires location permissions since forever ago, specifically because of the risk you described.
What about Bluetooth? I think it there are enough intentional and unintentional beacons around that it's possible to have some localization info with their MACs. Does this require permission?
Yes
I asked the developer of Podcast Addict about this and shared the article. This is their response verbatim:
"Hi,
I'm sorry but I don't understand your email. Of course every podcast app connects to 3rd party content to stream it and therefore hosting platforms and tracking services and ad services used by the podcasters will have access to your IP address. Sorry but saying that a podcast app leaks your IP address is as stupid as saying that a web browser does. It's just a tool that connects to 3rd party content, so yes unless you're using a VPN the server you connect to will always have access to your IP address The app doesn't have your location. As you can see it doesn't ask for location permission so the app doesn't have anything to share, but yes your IP will of course be public to any server you connect to
Xavier"
Podcast Addict has https://podcastaddict.com/premium and there it says that it's ad-supported in the free version. Seems like AdSense. When Podcast Addict requests an ad from AdSense, this happens: https://news.ycombinator.com/item?id=42651945.
I think my question still makes sense because from what I gather, the AdSense(?) SDK will get more info from the phone than just the IP address - make/model of the phone, unique IDs etc. But for now I happily did an OPML migration to AntennaPod - smooth sailing so far.
Easier just to block the ad servers at the DNS level. I use NextDNS [1] as it lets me configure it, but AdGuard [2] DNS probably also works well.
Even better if you have the hardware/bandwidth, setup a wireguard vpn and use adblocking on your home network. Then all your stuff is at least mildly encrypted while out and about, plus you get robust adblocking protection.
This also has the added benefit of encrypting DNS if you set that up. It's all relatively easy to setup. If your hardware is running linux there are simple configuration scripts you can run to get everything going in 5 minutes or so.
NextDNS is great.
I'm also a fan of 1Blocker on iOS (and macOS). It's another subscription, but it's not that expensive; updates its blocking lists frequently; and blocks trackers in apps.
1Blocker has been great for me so far as well. Nearly a year and happy to pay for it.
Less deps method: grep -f gravy_app_list\ -\ count.csv <(adb shell pm list packages -3 | cut -d":" -f2)
Advertising is a virus that will infect every ecosystem
There are still many mysteries to unravel about viruses, they may be more important to a functioning ecosystem than we realize, and there are useful tricks which only they can do.
I think it's more like lead poisoning.
lead poisoning does not evolve to fit into new ecosystems.
The industries that cause it do. I just think it's better to avoid equating it with a force of nature. We're doing this harm to ourselves. We could stop if we wanted. Viruses we're stuck with.
i did not ask for advertising on my TV home screen; it wasn't there when i bought it. my time on the web predates advertising. i have never once asked for a billboard to ruin a landscape, or an ad above my urinal.
It's more like the ideal vector for some nasty stuff. There's nothing inherently wrong with it but folks doing evil stuff love it.
Watch "the economics of happiness" if you think there's nothing wrong with advertising. Sure, maybe it can be done without manipulating people's self-image into thinking they're not good enough, not beautiful enough, not wealthy enough, but if you're into maximizing revenue you're not going to simply advertise "here's our invention, take it or leave it"
I believe there's nothing _inherently_ wrong with advertising.
> but if you're into maximizing revenue
In the space of ideas, there is a way for advertisement to exist without revenue. Even without money!
> manipulating people's self-image into thinking they're not good enough, not beautiful enough, not wealthy enough
You can do all of that _without_ advertising.
I can’t think of any positives of advertising that are not solely to the benefit of the advertiser.
That knife you bought because it looked cool, not the sharpest or most suited for your tasks. Cheerios aren’t really good for your heart. Dentists don’t universally recommend your flavored grain-infused fluoride paste.
It’s legalized lying where high end marketing companies are so good at it you might as well not try with a small budget. It’s not just bad from any angle, it’s also entrenched.
> You can do all of that _without_ advertising.
I want to double-emphasize this. Most advertising sucks, but the effect it has on people is not unique to advertising. Given your five senses, you are being consistently and constantly blasted with information people want to put in front of you in the hopes of effecting your future behavior in a way that makes you think that you’ve talked yourself into it.
But given a non-intrusive ad that isn’t trying to also surveil you and isn’t making demands on your attention, they can be informative. The problem is that non-intrusive ads that don’t make demands on your time and attention don’t support advertising-reliant companies with market caps as big as TV broadcasters, and if you want to also be as big as Google or Facebook, you also need the surveillance aspect of it, so if we ever get our shit together as a society and do something about that and they haven’t diversified their revenue streams sufficiently, they’re in for a very bad time.
> Sure, maybe it can be done without manipulating people's self-image into thinking they're not good enough, not beautiful enough, not wealthy enough, but if you're into maximizing revenue you're not going to simply advertise "here's our invention, take it or leave it"
Well, yes, that's it exactly. The problem is not advertising, it's trying to maximize revenue. That is the virus that is killing our world.
- [deleted]
> manipulating people's self-image into thinking they're not good enough, not beautiful enough, not wealthy enough
Unfortunately, social media is much more effective at ruining people's self-image and happiness than advertisers could ever dream to be
what is the type of social media you are citing but advertising by a different name?
I think there's something inherently wrong with it. At it's core is a fundamental disregard for consent which harms people after prolonged exposure. The consequences of turning control of over our technology to people with an incentive to degrade our sense of dopamine hygiene have been very bad and continue to worsen.
Whatever legitimate needs ads can meet we can find better ways to meet. That is, if we could only get a break from life in a Skinner box.
Language offers the same risks. People can talk stuff to me without my consent. That alone doesn't make it evil.
The goal of separating, conceptually, the vector from the virus, is to better understand how the virus works.
The greed and manipulation that took over the advertisement industry was not born from it and will not die with it. It's a thing that uses it, I want to make this thing more visible.
Well you have to draw a line somewhere. It's not evil to share your opinion to somebody who hasn't asked for it but there's a certain degree of amplification beyond which it's a problem.
The circumstances of evolution and the laws of physics have placed limits on how many people you can influence without help, so there's a handy line already drawn. The simplest way forward is to just use that line to define advertising.
Sure, the willingness to coerce transcends advertising, and I agree that exposing it in all it's forms is worth doing, but I'm a hacker not a priest or a politician, so I'm just trying to direct my efforts where they have a shot at being effective.
> The circumstances of evolution and the laws of physics have placed limits on how many people you can influence without help, so there's a handy line already drawn.
That line drawn by "nature" also place limits on a lot more stuff humans do, good stuff. I wouldn't want to go back to the laws of the wilderness. Unless we're being selective on what can cross the line or not, but that's would be an arbitrary line as much as any other.
You can fight advertisement all you want, I encourage it. I sometimes do it too. However, I am fully aware that it won't solve the issue of systematic greed and manipulation.
If you allow me to be cheesy for a moment, I would say that the fight against advertisement does not work as previously advertised.
I too would not want to accept nature's constraints in all cases, it's just the "get the word out" case where I think it's a well placed boundary.
One could still put a lot of work into crafting their message, but if propagation beyond earshot could only be achieved with the unpaidfor consent of the propagator... I think we'd find that the human way of doing it for a million years actually outperforms the internet in most areas that matter (that is, supposing that once the issue authentically had your attention you could then use the internet to confirm/correct whatever memetic mutations accrued and get the story straight--word of mouth for notification, computers for replication).
I don't expect it to solve greed, I just want to be able to hear myself think so that I can more clearly think about how I'll interfere with greed in non-advertising dimensions.
advertising by its nature is intended to manipulate. language is not.
Illusionism is also intended to manipulate, but it is very explicit about it. "This is a trick", and we humans enjoy the trick very much. Not inherently evil. The same techniques can be evil, and we humans do not enjoy when that's the case.
I want some of the stuff from advertisement. I want healthy competition between producers, I want information, and I don't mind innocent tricks.
What does healthy competition between producers have to do with advertising? If anything advertising is a way to withdraw from competition because building a great product is harder than telling stories to the market segment that your competition is ignoring.
I'm not against information, I just want to have gone looking for it rather than it having gone looking for me.
Yours is a very weak analogy:
Illusionism typically involves a tacit agreement between the the parties involved where one knows they are being manipulated and has asked to be.
Advertising typically does not involve that consent. Most people would rather not be exposed to it.
It is weak, but it was strong enough for you to change from an absolute claim to a more moderate "typically" claim. That's good enough for me.
They are different claims.
Still good enough for me.
- [deleted]
Imagine there is a cause, mission, or vision that you care deeply about.
And you want larger numbers of people to care about it, too.
And you're willing to pay someone to help you distribute the message that will persuade those people to care.
That's advertising.
There's a tobacco lobby. There's also an anti-tobacco lobby.
I understand that, but what's your point? It doesn't get less sleazy when it happens to be a cause that I like. Maybe I have terrible taste. Why should I be allowed to subject people to my terrible taste without their consent? Why should being rich increase my ability to do so?
If it's actually such a good idea it should be possible to spread it consensually--that is, unless the intervening space was weaponized against us by advertisers.
Imagine you're a small burger place that opened somewhere other than the center of town and you want people to at least know there's a new option besides slop from McDonald's.
In our world, where the advertisers are already making so much noise that the only way to be heard is to pay an advertiser to shout louder than the others... yes, that's probably what you have to do.
But in the absence of all of that noise in the first place, I think we could design something that does a much better job than ads do. As it is you have to pit your bank account against McDonald's and compete for attention, but think about how much money you could save (or spend on tastier things) if it was instead the quality of your burger that determined how widely known you ended up being.
I don't have the game theoretic secret sauce that would make that happen, but I believe that it's out there and that it would be cheaper and more effective than what we're doing if we just collectively stopped tolerating ads of any kind and focused on solving the where-can-I-get-a-good-burger type problems directly.
- [deleted]
In my experience nearly every decent product ive ever wanted I either sought out myself first or found through word-of-mouth, almost none of it through marketing materials which these days I completely disregard because it is 99.99% bullshit. And I believe word-of-mouth would be even more effective and useful if mass advertising simply didn't exist to pollute peoples thoughts and preferences with a bunch of deceptive marketing garbage. I firmly believe over 99% of marketing could be easily replaced by simple word-of-mouth if it wasn't drowned out by marketing materials and advertisements.
Agreed. If anything, excessive ads are an indication of a product whose design or implementation was neglected because it's easier to paper over the deficit with ads.
Stand on a corner and approach some people holding a big plate with tasty things. If those things are tasty enough, you will have some free advertising to their friends (almost like influencers, but more organic).
as if we don't have the internet for that. at this stage of communications development, advertising should all be on a pull-based, rather than push-based model.
And that person you pay fakes the numbers on your invoice, because everyone else does.
No, advertising is the nasty stuff. the vector is obviously our communications infrastructure. (of course, this doesn't mean that advertising itself cannot also be a vector.)
advertising is designed to manipulate without consent.
There is a difference in abstraction level between our discourses.
I am talking more abstractly, about a system and how it works. You're talking more specifically about one of the states of such system.
We both intend to change the state of that system, but we're going different ways about it.
I totally get your point. Maybe some day you'll get mine.
>I am talking more abstractly, about a system and how it works. You're talking more specifically about one of the states of such system.
Wao...such smart! Thank you for the mansplain!
>Maybe some day you'll get mine.
This made me barf in my mouth a little.
> more like the ideal vector for some nasty stuff
Advertising is mosquitoes. Fits.
Related FTC takes action against Gravy Analytics, Venntel for selling location data (194 points, 158 comments) https://news.ycombinator.com/item?id=42309429
The two app lists from the article:
https://docs.google.com/spreadsheets/d/1Ukgd0gIWd9gpV6bOx2pc...
https://gist.github.com/fs0c131y/f498b21cba9ee23956fc7d76292...
Personally I can't wait until tinder is hit by the government, absolutely ridiculous the sort of monopoly power their amalgamation of dating apps has.
People bitch and moan about negative externalities on society from the rise of the internet but for me it's hard to imagine few variables more imperative to a state's success over the longterm.
What about tinder exactly is the problem? Asking as someone who has never used it but assume it’s Facebook for sex basically. Is it any worse than Metas properties?
Do I understand correctly that these apps are able to bypass OS permissions of whether to allow location data?
I wonder if apps are abusing background app refresh to do this on iOS.
My understanding is that it isn't difficult to create a background task that can periodically make network requests. Just have a background task make a HTTP request including some unique identifier to some ad network server, then have the server handle IP geolocation.
While the accuracy won't be great on a lot of mobile networks, you can get pretty granular on wifi as some ISPs have their IPs as granular as a neighborhood.
I disable background app refresh for almost all apps in anticipation of this and haven't had a degredation in app experience.
I noticed something when using 1Blocker on iOS, which creates a dummy on-device VPN to block tracker IP requests. After I turned off background app refresh, I noticed that the number of blocked requests went down a lot. While some were innocuous diagnostics, like Sentry, the vast majority were not.
I'd appreciate if someone familiar with iOS development could weigh in on if this would be practical or not, given the all of the execution limits of background tasks.
> you can get pretty granular on wifi as some ISPs have their IPs as granular as a neighborhood
I’ve heard that this might be the case in some places in the USA. Meanwhile, I have not seen that level of granularity for residential IP addresses in Norway for example.
The MaxMind GeoIP databases include information about how accurate (granular) the location data is for each entry in their db according to https://support.maxmind.com/hc/en-us/articles/4407630607131-...
Has anyone done analysis on the MaxMind GeoIP data to see how the granularity of the data differs between different cities and countries and published anything about that online?
I'm in the US and my current IP address puts me in an area about 30 miles away currently. However, last year up until a few weeks ago my IP would place me in my current ZIP code (using ipinfo).
My city is comprised of several ZIP codes so you could have figured out where I live within a ~1.5 mile radius.
The granularity may not matter that much though. You can infer a fair bit of data. If you remove mobile network IP addresses, which tend to be quite vague here, you can sort of tell how often someone leaves the house, goes on vacation, or if they visit a friend/family member often.
>I'm in the US and my current IP address puts me in an area about 30 miles away currently. However, last year up until a few weeks ago my IP would place me in my current ZIP code (using ipinfo).
>My city is comprised of several ZIP codes so you could have figured out where I live within a ~1.5 mile radius.
How do you know that it accurately knows your location down to the zip code level, and not just that your zip code just happened to match up? After all, a broken clock is right twice a day.
>The granularity may not matter that much though. You can infer a fair bit of data. If you remove mobile network IP addresses, which tend to be quite vague here, you can sort of tell how often someone leaves the house, goes on vacation, or if they visit a friend/family member often.
That might be useful for stalker-ish reasons, but it requires work to implement, and it's unclear why advertisers would care about this sort of stuff. You go to work 9-5 and visit your friends on weekends, how can you turn that into money? "people with a job and friends" isn't exactly a very lucrative marketing demographic.
Meanwhile, working on legitimate GPS requests in an app, my fiber optic ISP has the GPS of my IP about 2 streets up from where I live. I took a stroll and sure enough there's a big ol' grey communications box there.
You know, I'm totally okay with that.
What app actually needs background refresh? I suppose messaging (sms, iMessage) and email. Assuming you want those async fetched and not pulled on app open. Curious what you’ve found you left enabled or had to enable because I agree with overly restricting apps.
"a significant amount of this geolocation dataset appears to be inferred by IP address to geolocation lookups, meaning the vendor or their source is deriving the user's geolocation by checking their IP address rather than by using GNSS [Global Navigation Satellite System]/GPS data. That would suggest that the data is not being sourced entirely from a location data SDK."
Probably it would use the location if the permission was enabled, otherwise fall back to IP geolocation
Real-time bidding is a privacy nightmare - basically spraying your actions in real-time to every ad provider, with a pinky promise that they won't abuse it.
Pinky promises from scoundrels. Pretty much with that group asking the pinky promise is to provoke abuse of it.
No. Wherever fine grained location data is available, users granted it.
I don’t know why Candy Crush would require fine grained data, but I am pretty confident CC doesn’t ask for it.
It's not even listed as a permission on the manifest, so it can't even request it: https://play.google.com/store/apps/details?id=com.king.candy...
A few notes:
Not sure how effective, but for certain suspicious Android apps, I configure them to not run in the background, and disable networking when using them. However, since Google's ad platform is involved, I can't rule out that there exists location tracking at the device level, let alone the telcos.
Interesting that Grindr allegedly stopped selling location data the same year they were divested from Chinese ownership.
Article seems to imply the current FTC doesn't like these companies misusing location data.
Possibly this data gathered from the Snowflake leaks attributed to UNC5537, or some similar method?
- [deleted]
> Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
This seems like a very misleading headline. These apps were (often for no user-beneficial reason) collecting location data. This code was put there deliberately by the app authors. The app authors are accomplices in leaking this data , they are not victims.
As I understand it, the story is not the advertising network getting the private data — we have all known that for a long time. The news is that even the unsuccessful real-time auction bidders can get a lot of this data.
Actually, location tracking was added on purpose..
It is capitalism that has been hacked.
Capitalism hasn't been hacked, it's working as designed. If there's a way to make money, it will be monetized. Decency and morality does not matter if it gets in the way of making more money.
Related:
See the Thousands of Apps Hijacked to Spy on Your Location - https://news.ycombinator.com/item?id=42651087 - Jan 2025
We'll merge those comments hither. Thanks!
- [deleted]
The truth is, majority of the population doesn't care. Telling people to value their privacy is exhausting because of a stupid argument of "I have nothing to hide". You deserve your data to be up for sale (let's also not forget data breaches) if you are too reckless to calculate the consequences of using these apps