I just hopped on to see if this had been posted. I think this was the part I found most upsetting. I totally get the use for location data for companies like AAA and banking institutions, but if I...
I just hopped on to see if this had been posted.
There’s a complex supply chain that shares some of American cell phone users’ most sensitive data, with the telcos potentially being unaware of how the data is being used by the eventual end user, or even whose hands it lands in. Financial companies use phone location data to detect fraud; roadside assistance firms use it to locate stuck customers. But AT&T, for example, told Motherboard the use of its customers’ data by bounty hunters goes explicitly against the company’s policies, raising questions about how AT&T allowed the sale for this purpose in the first place.
I think this was the part I found most upsetting. I totally get the use for location data for companies like AAA and banking institutions, but if I want to utilize their location services and protections I'll just download their app and allow location permissions. Allowing ISPs to sell this data indiscriminately because it can come in handy for those who utilize specific services, is bullshit. It's obvious it's just another case of prioritizing profits over loyalty to their customers.
Microbilt buys access to location data from an aggregator called Zumigo and then sells it to a dizzying number of sectors, including landlords to scope out potential renters; motor vehicle salesmen, and others who are conducting credit checks. Armed with just a phone number, Microbilt’s “Mobile Device Verify” product can return a target’s full name and address, geolocate a phone in an individual instance, or operate as a continuous tracking service.
The lack of oversight and regulation is so astoundingly careless its laughable. This shouldn't be surprising to anyone who has been paying attention.
What can we even do about this? With every US carrier doing this, it looks basically unavoidable to me. A hackable smartphone (Librem 5) without a carrier, operating only on public WiFi through a...
What can we even do about this? With every US carrier doing this, it looks basically unavoidable to me.
A hackable smartphone (Librem 5) without a carrier, operating only on public WiFi through a VPN, with randomized MAC Addresses could do the trick, but it's wildly inconvenient.
Honestly, we need a population that values their online privacy and understands the importance to elect politicians who represent the best interest of the people. Short of another major scandal...
Honestly, we need a population that values their online privacy and understands the importance to elect politicians who represent the best interest of the people. Short of another major scandal like cambridge Analytica, I dont see people beginning to care in the coming years.
Perhaps, with all of the data breaches, more personalized scamming attempts will begin to freak people out? I thought things would change after the Equifax breach, but it didn't.
Airplane-mode by default would be enough for me. Essentially an outgoing-only mode. You can send texts but not receive them (until you manually check or send one yourself). You can make calls but...
Airplane-mode by default would be enough for me. Essentially an outgoing-only mode. You can send texts but not receive them (until you manually check or send one yourself). You can make calls but not receive theme.
I am involved in this industry to some degree and can maybe shed some light on this. The article is accurate but a bit over-the-top. There IS government regulation around this which deals with...
Exemplary
I am involved in this industry to some degree and can maybe shed some light on this. The article is accurate but a bit over-the-top.
There IS government regulation around this which deals with various reasons why a company might have a need for this sort of data (certainly fair to argue there is NOT enough regulation). Skip-tracers, bail bondsmen, or "bounty hunters" as the article states, have a defined need for this type of data under the law. I'm not a lawyer so I won't pretend to be able to answer detailed questions about the law, but I know this is legal (currently).
In theory, what should happen is that anyone selling this data should have the other party sign a contract stating the intended use and how it fits into the law - that's standard where I work. It sounds like if this was done by Zumigo that the folks downstream didn't adhere to it and that's NOT cool and potentially illegal I'd imagine (again not a lawyer).
Folks often want to ascribe malice to this type of practice, but used correctly this type of data brokering is helpful to society. It's used to prevent fraud (both private and in government), to conduct background checks, to determine whether potential loan customers are high risk or not, to find missing children, to track down debtors, and to keep large financial institutions compliant with federal law.
I want to be clear that I have my own concerns about privacy and if we want any of this to change it starts with our legislature, but my personal experience is that this data is sold and used responsibly.
EDIT: I asked someone at work about this who is much more in the know and they explained that in order to do this with phone location data the company is legally supposed to get verbal or written permission from the person's whose location they are pinging. The only way they're supposed to be able to do this without that permission is with a search warrant. I think that bail bondsman may be getting in trouble over this...
Is there anyway to safely have a smart phone? I know that you can replace google's android with lineage, but your carrier (and possibly even hardware backdoors) will always be taking your data.
Is there anyway to safely have a smart phone? I know that you can replace google's android with lineage, but your carrier (and possibly even hardware backdoors) will always be taking your data.
If you have a rooted android phone you can disable all of the location based services. This, however, would not prevent phone carriers from locating your approximate location using geometry and...
Exemplary
If you have a rooted android phone you can disable all of the location based services.
This, however, would not prevent phone carriers from locating your approximate location using geometry and transmission travel time.
In order to block that, you need to block your phones ability to receive a signal. Airplane mode would be an easy way to accomplish this.
However, in lieu of the fact that we absolutely need laws on this, because these practices are abhorrent and easily abused, you need to ask yourself how much risk does this truly pose to your life? I personally do not have any stalkers (that I know of) and the chances that some serial killer is stalking me or will use one of these services to locate me are extremely small - much smaller than the risk I run driving a car. While I don't like it, the trade-off right now is reasonable enough that it won't stop me from using my phone. I will, however, be contacting my representative and sending them this article and asking what they plan to do about it.
I just hopped on to see if this had been posted.
I think this was the part I found most upsetting. I totally get the use for location data for companies like AAA and banking institutions, but if I want to utilize their location services and protections I'll just download their app and allow location permissions. Allowing ISPs to sell this data indiscriminately because it can come in handy for those who utilize specific services, is bullshit. It's obvious it's just another case of prioritizing profits over loyalty to their customers.
The lack of oversight and regulation is so astoundingly careless its laughable. This shouldn't be surprising to anyone who has been paying attention.
What can we even do about this? With every US carrier doing this, it looks basically unavoidable to me.
A hackable smartphone (Librem 5) without a carrier, operating only on public WiFi through a VPN, with randomized MAC Addresses could do the trick, but it's wildly inconvenient.
Honestly, we need a population that values their online privacy and understands the importance to elect politicians who represent the best interest of the people. Short of another major scandal like cambridge Analytica, I dont see people beginning to care in the coming years.
Perhaps, with all of the data breaches, more personalized scamming attempts will begin to freak people out? I thought things would change after the Equifax breach, but it didn't.
Airplane-mode by default would be enough for me. Essentially an outgoing-only mode. You can send texts but not receive them (until you manually check or send one yourself). You can make calls but not receive theme.
I'd look for solutions through law, not tech on this one.
I am involved in this industry to some degree and can maybe shed some light on this. The article is accurate but a bit over-the-top.
There IS government regulation around this which deals with various reasons why a company might have a need for this sort of data (certainly fair to argue there is NOT enough regulation). Skip-tracers, bail bondsmen, or "bounty hunters" as the article states, have a defined need for this type of data under the law. I'm not a lawyer so I won't pretend to be able to answer detailed questions about the law, but I know this is legal (currently).
In theory, what should happen is that anyone selling this data should have the other party sign a contract stating the intended use and how it fits into the law - that's standard where I work. It sounds like if this was done by Zumigo that the folks downstream didn't adhere to it and that's NOT cool and potentially illegal I'd imagine (again not a lawyer).
Folks often want to ascribe malice to this type of practice, but used correctly this type of data brokering is helpful to society. It's used to prevent fraud (both private and in government), to conduct background checks, to determine whether potential loan customers are high risk or not, to find missing children, to track down debtors, and to keep large financial institutions compliant with federal law.
I want to be clear that I have my own concerns about privacy and if we want any of this to change it starts with our legislature, but my personal experience is that this data is sold and used responsibly.
EDIT: I asked someone at work about this who is much more in the know and they explained that in order to do this with phone location data the company is legally supposed to get verbal or written permission from the person's whose location they are pinging. The only way they're supposed to be able to do this without that permission is with a search warrant. I think that bail bondsman may be getting in trouble over this...
Is there anyway to safely have a smart phone? I know that you can replace google's android with lineage, but your carrier (and possibly even hardware backdoors) will always be taking your data.
If you have a rooted android phone you can disable all of the location based services.
This, however, would not prevent phone carriers from locating your approximate location using geometry and transmission travel time.
In order to block that, you need to block your phones ability to receive a signal. Airplane mode would be an easy way to accomplish this.
However, in lieu of the fact that we absolutely need laws on this, because these practices are abhorrent and easily abused, you need to ask yourself how much risk does this truly pose to your life? I personally do not have any stalkers (that I know of) and the chances that some serial killer is stalking me or will use one of these services to locate me are extremely small - much smaller than the risk I run driving a car. While I don't like it, the trade-off right now is reasonable enough that it won't stop me from using my phone. I will, however, be contacting my representative and sending them this article and asking what they plan to do about it.