by Brandon Butler
NYT: Private Companies Are Legally Tracking Your Location Right Now, And It’s Not Anonymous or Secure 12/23/2019

From The New York Times Privacy Project, a multi-part report on the unregulated companies logging, storing, and selling your mini-by-minute location data: Twelve Million Phones, One Dataset, Zero Privacy:

The data reviewed by the Times Opinion didn’t come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies — and yet to anyone who has access to this data, your life is an open book. They can see the places you go every moment of the day, whom you meet with or spend the night with, where you pray, whether you visit a methadone clinic, a psychiatrist’s office or a massage parlor.

Keep reading. It gets worse. I’ve been reading this all weekend, and while I’m not remotely surprised or shocked at what the Times’ reporting found, I’m still incredibly angry and disgusted that this is legal. Personally, I am incredibly careful about the apps I install on my phone and the permissions I give them. For weather, I only use Apple’s built-in weather app, for instance, and if a new app grabs my attention I’m careful to inspect the developer and country of origin. But despite using Apple’s weather app and limiting my location data permissions, I know I’m not immune to having my location tracked and sold. It bothers me — a lot — that companies can profit from such highly personal information. Congress must act to stop this.

And you might be thinking, “But that’s too much to ask every average smartphone user to do.” Believe me, I work in IT, and I know a lot of people are extremely careless and willfully ignorant when it comes to the technology they use everyday. But I see people inspecting food labels at the grocery store; I see people inspecting clothing labels to determine where their shirts and pants were made; I see people reading the ingredients on their pet’s food; new parents learning how to hold and feed and bathe their newborns; people navigate the incredibly complex process of buying a house or signing up for health insurance or writing their wills; how is looking at the basic, non-technical details of an app any different?

The location data these companies log and store can be just as harmful as stray nuts to someone with a peanut allergy. The issue is the data hasn’t knowingly harmed anyone – yet.

You might think being anonymous is unnecessary, you don’t have anything to hide, right? Wrong:

Inauguration Day weekend was marked by other protests — and riots. Hundreds of protesters, some in black hoods and masks, gathered north of the National Mall that Friday, eventually setting fire to a limousine near Franklin Square. The data documented those rioters, too. Filtering the data to that precise time and location led us to the doorsteps of some who were there. Police were present as well, many with faces obscured by riot gear. The data led us to the homes of at least two police officers who had been at the scene.

These databases are going to become larger. They’re going to become easier to access. They’re going to leak data, either by inside sources or by hacks. It’s not hard to imagine some obsessed, dedicated stalker using this data to find and harm someone.

For many Americans, the only real risk they face from having their information exposed would be embarrassment or inconvenience. But for others, like survivors of abuse, the risks could be substantial. And who can say what practices or relationships any given individual might want to keep private, to withhold from friends, family, employers or the government? We found hundreds of pings in mosques and churches, abortion clinics, queer spaces and other sensitive areas.

We’re not anonymous in the world anymore, but it’s not a choice that anyone debated before giving it up, and that feels wrong.