The New York Times Reveals How Completely Our Every Move Is Tracked
If it were up to me, I’d be nominating the New York Times article “Twelve Million Phones, One Dataset, Zero Privacy” for a Pulitzer Prize.
Anonymous sources provided the Times with a dataset from a single location data company that contained 50 billion pings from the phones of more than 12 million Americans over several months in 2016 and 2017. With the data, Times reporters Stuart A. Thompson and Charlie Warzel were able to track numerous people in positions of power, including military officials, law-enforcement officers, and high-powered lawyers. They were able to watch as people visited the Playboy Mansion, some staying overnight, and they could see visitors to the estates of Johnny Depp, Arnold Schwarzenegger, and Tiger Woods. Once they identified any particular phone, they could track it wherever it went. Imagine what that data could be used for in the wrong hands.
The Times has done an impressive job of showing both the scope of the data—with interactive images showing all the location pings at the Pentagon, for instance—and also diving down to the specifics, with a Microsoft employee who made an unusual visit to an Amazon office and a month later, took a job there. Might employers want to keep tabs on employees with access to confidential information? That’s just one example—the article includes others, some speculative, some not (like one random Los Angeles resident who was found traveling to roadside motels multiple times and staying for a few hours each time).
Go read the Times article and the additional pieces that the paper has published:
It’s a sobering look at just how little control we have over our privacy and how little oversight there is over an industry that knows more about us than our own families. Even if we assume good intent on the part of the companies collecting this data, there’s no guarantee it can be kept out of the hands of foreign governments or organized crime. The Times has put the spotlight on this industry; it’s up to us to make sure we convey our opinions of this situation to our elected representatives.
What You Can Do to Protect Your Privacy Now
In the meantime, go to Settings > Privacy > Location on your iPhone and set every app to Ask Next Time unless you know what it’s doing with the location data. For instance, the Camera app needs the While Using the App setting to geotag your photos, and Maps needs it to give you directions. The Ask Next Time setting ensures that you’ll get a chance to decide the next time you actually use the app. Also, set any apps you don’t (or shouldn’t) trust, like Facebook, to Never, and make sure no app is set to Always unless you trust it implicitly. You might be surprised by which apps want to track you and which are set to Always.
There’s no guarantee that restricting your location sharing settings will prevent these companies from tracking your location because there’s no way to know which apps are abusing their privileges (well, other than weather apps). The only way to be certain it’s not happening would be to turn off location services entirely, but that would severely reduce the utility of the iPhone. Even setting every app to Never would be problematic, eliminating Maps and Google Maps, Lyft and Uber, and photo geotagging in all camera apps. That’s why we recommend the approach above—everyone’s level of concern will differ, and only you can determine how perturbed you are by this tracking.
All this is really worrisome, perhaps more so than the Chinese government’s facial recognition program. At least you know what they are doing, this going on surreptitiously (until now, that is). I wonder, do Apple apps, like maps, also share data with the likes of Foursquare (see table of all logos in the article)? It seems this would contradict Apple’s professed concern for our privacy. I did a search for all pages with ‘location’ in Apple’s just published Apple Platform Guide, but could not extract anything with a bearing on this theme. Does anybody know?
This is what Apple says about Maps on their privacy page:
Nothing technical, but it suggests that Apple obfuscates any private information.
If you set an app to “ask next time”, and when next time comes you approve the access, does it remain until you turn it off again or does it ask every time?
Good question. You get three options:
Interestingly, it doesn’t appear that apps can ask for Always Allow in that dialog (or at least Google Maps, which does have that option in Settings > Privacy > Location Services, doesn’t ask for Always Allow).
I wonder how this affects the Fitbit app, and whether I should trust Fitbit. It’s the only app that I currently have set to “Always” (so it can access GPS data). Other apps are set to “Never” or “While Using”.
I don’t see any obvious complaints about Fitbit sharing location data. For what it’s worth, here’s their privacy policy:
https://www.fitbit.com/legal/privacy-policy
I do remember that the military forbade Fitbits on some level, since there is some sharing function and people could see were troops were located by Fitbit data.
And as Josh just reminded me, Google just bought Fitbit, so that previous privacy policy will presumably subsumed by Google’s privacy policy.
Yes, we touched on that in this ExtraBIT. I’ve also heard reports that service members headed to the Middle East (in response to tensions with Iran) haven’t been allowed to bring electronics with them.
This AppleInsider article suggests that iOS 13’s new privacy controls are significantly reducing the amount of location data available to the tracking companies. For some people, that may be an incentive to upgrade to iOS 13.
The latest scariness related to location tracking is that the US military is apparently buying access to location data from brokers. To my mind, the real issue here is that if we as a society are going to allow this information to be collected, of course it’s going to be sold to entities that may use it for purposes that we may not approve of.
Assume whatever you say or do could be made public.
Whether you get a “mulligan” for it, is another question.
David
Indeed scary. What I wonder is why we allow this kind of personal information to be collected without a person’s explicit consent in the first place.
If for example the law said your personal data is your personal property, then anybody logging and selling it without your prior consent would be committing theft and guilty of fencing.
If there is a legitimate reason to give somebody your data (for example your carrier needs to log how many GBs you’ve downloaded so they can bill you) they can be required to get your consent first and at that point also be required to store and use said data only for the expressed reason given in the consent (so the carrier can use your d/l volume for billing, but they can’t sell it to marketers).
Would migrating to such a system be so difficult? Or is there simply politically not enough push to reign in what has become a large industry with a business model based on cheap exploitation of ‘goods’ they are not entitled to but have somehow become accustomed to expect? Surely exceptions would need to be made (you obviously cannot refuse consent for your employer to send your wage data to the IRS to avoid paying taxes), but is formulating that so complicated? Or is it that Facebook et al. these days have so much pull that DC would not even consider such consumer protection?
These are all really good questions, and I wish I knew someone involved in policy work who could comment on them. I can’t imagine anyone (well, outside the intelligence agency/law enforcement world, perhaps) is really in favor of letting companies collect and sell granular location data.
I’ve long believed that personal information should be considered personal property.
If it would be profitable for a company or organization to do so, the big majority of companies would do so. The problem is that that the vast majority of consumers are willing to exchange personal data for membership or access to content and services that are free. Facebook’s average monthly revenue per user revenue globally per quarter is $7.89, up 9% over last year’s quarter. And it’s been growing significantly every year since Facebook began accepting advertising. Here’s more detail about the ARPU in the US, Europe and APAC:
“But there may be little space for ARPU improvements in the U.S. and Canada region, as Needham analysts pointed out in a note last week. ARPU there was already a whopping $39.63 last quarter, compared with $12.41 in Europe, $3.67 in Asia-Pacific and $2.22 in the rest of the world.”
if Facebook did not track and sell data gleaned from its 2.7 billion users across the globe, there is no way they could generate enough members to shell out enough money per month or year to keep them in business, and there’s no way they could maintain revenue growth. So many people I know here in the US just LOVE Facebook, but I’m sure none of them would shell out $40 per month for it, much less pay an increase every year. The same would be true true for just about every “free” digital service.
I’m nothing resembling a government policy wonk, or an intelligence or law enforcement officer, but I do know a lot about geofencing and location based advertising. Digital proximity marketing has been one of the most successful segments of the media business since the debut of internet enabled mobile devices.
There are many companies, such as this one, that target precisely enough that they can reach victims of auto accidents in emergency rooms, and because they know when someone leaves the ER, they can serve up ads for nearby repair services, etc.
Google is huge on geolocation as well as granular advertising, and they make it super easy to do so. This is used by hundreds and hundreds of millions of large and small businesses and organizations:
Here’s how super simple competitive bidding is to reach Facebook members in geolocated retail stores:
A friend who worked in stadium advertising says they can target people when they are lined up to buy snacks, t shirts, etc. And chances are they already know what kind of soda or beer you like. They track people entering and leaving the parking lots or to get on public transportation.
Oh sure, no question. The problem is that society allowing this sort of behavior is like allowing companies to pollute egregiously. It’s rational (in an ethically bankrupt sort of way) to base a business on a model that relies on externalized damages to society.
As you say, the populace doesn’t have the knowledge or understanding to vote with their feet. The question is, what’s the benefit for government in continuing to allow such anti-social behavior?
FWIW, iOS 14 has the Precise Location setting in Settings:Privacy:Location Services, for each app.
And just to add to the discussion, here’s what Apple says about privacy and location.
Overall, Apple seems to be making it a lot harder for apps to abuse our locational privacy, but we have to do our part and not give permission when it’s not necessary.
IMHO, and I do tend to be cynical, they benefit from corporate tax dollars, economic growth, good numbers from Wall Street and the ability to precisely and efficiently target their prospects for fund raising, getting people to vote, and advocacy.
It does create opportunities for individuals and government to interact. Geotargeting is especially excellent for localized crisis communications. We get weather and missing children and other very targeted alerts regularly from our local governments.
I’ll bet geotargeting is a critical element in the Apple/Google COVID 19 tracing app. And it could be possible when COVID 19 vaccines are released that age and other demographic groups can be geotargeted with info about where they can get shots, as well as how to set up appointments.
My thinking is that there are enormous opportunities for geotargeting to be used for the public good if governments decide to create them.