Slashdot Mirror
Carriers Selling Your Data: a $24 Billion Business (adage.com)
An anonymous reader writes: It goes without saying that cellphone carriers have access to tons of data about their subscribers. They have data about who you call, what sites you visit, and even where you're located. Now: "Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data." The article describes some of the ways this data is used by marketers: "The service also combines data from telcos with other information, telling businesses whether shoppers are checking out competitor prices on their phones or just emailing friends. It can tell them the age ranges and genders of people who visited a store location between 10 a.m. and noon, and link location and demographic data with shoppers' web browsing history. Retailers might use the information to arrange store displays to appeal to certain customer segments at different times of the day, or to help determine where to open new locations." Analysts estimate this fledgling industry to be worth about $24 billion to the carriers, and they project huge growth over the next several years. The carriers are trying to keep it a tightly held secret after seeing the backlash from the public in response to government snooping, which involves much less private data.
Of course all this private data lets the marketers profit from you. It's you that ultimately pay for this. If they couldn't milk more profit by buying this data, then it wouldn't be worth buying!
$2 billion will be spent on elections this cycle, and a lot of that will be buying up the private data of candidates, their campaigners, their families to look for what papers they've read, what facts they're reviewed, and so on. Choicepoint is still there under a different name, still analyzing your vote, and demographic and looking for ways to skew the vote. Now it has access to everything from your purchases to your movements, who you are with, etc.:
https://en.wikipedia.org/wiki/ChoicePoint
And the $10 billion dollar gorilla in the room.... the NSA. If you *consent* to the sale by clicking an EULA you never read, then who needs to redefine laws? They are simply buying the data just like Bob the sleezy marketer.
And if Congress wants to pass privacy laws.... all those actors will oppose it behind the scenes.
I heard that in a song. Then the cop pulls out his gun and shoots Danny Omerta six times in the head. Maybe that was Carlin. Anyway, not a problem. Make me feel good that I am so valuable.
I wrote up a way to solve this a long time ago. Too bad we as a society don't bother to fix things. Silly arguments like protecting existing companies business models seem to win over protecting people:
Phones connect to the nearest cell tower, and identify themselves. The matching of a phone's signal to a particular phone/SIM/person is done for 2 reasons: so they can be notified in the event of a call, or other incoming connection request, and for billing (only paying customers can use the service).
In short: if your phone is on, your cell network phone provider knows where it is.
Unfortunately, you can't just choose some network provider you trust: there are very few choices, and making new providers is inefficient and impractical. However, we can design a system where you don't provide them with nearly as much information.
First, consider a very common case: you have network access through some means other than the cell network. In this case, you should be able to shut down the cell radio, and use the other network (such as Wifi). Assuming basic privacy practices (or using a network you trust) you can get decent privacy this way. A simple approach would to to just start up a Tor hidden service, and wait to get notified over it for incoming calls. Texts and other small non latency sensitive data could be delivered directly that way. Connection requests for calls could be sent over the secured channel, and the end user could decide to open a direct (less private, but lower latency) connection. They would of course still want to encrypt that, but it could still reveal your location should you accept calls in that manner.
A similar approach can be used to use ephemeral IDs when connecting to cell phone towers (or even untrusted ISPs in general). When you connect, you provide a request which they can forward to a third party you specify in the request. This will be encrypted, and will ID you with your chosen third party, which will be billed for your connection, and in return will bill you for the data use. When someone wishes to contact you, they can send a request to said third party, which can record and forward their message, reject it, report you as unavailable etc. In the case of something like a phone call, they would forward the caller's information to the ISP currently providing your connection along with your current ephemeral ID. If you decide to accept the request, you can open a direct connection (with the privacy implications involved), reject it, or opt to open a proxied connection through said third party, which would provide an extra layer of encryption and destination hiding.
You could get new ephemeral IDs as frequently as desired, and perhaps even have multiple ones at once. This wont hide the location from which you connect, but it will help disassociate you from it.
The idea basically resembles dynamic DNS. You get a record published for how to find a service that will location you (The IP for your DNS server /third part ID system), and it can respond in a variety of ways, either directing traffic to you, through a proxy, to a offline responder/mailbox/voicemail or providing some error message. You then periodically check in with the server and update it on what to do with incoming requests. In the case or working with Cell providers and other ISPs, there may also be some billing implications that the server handles on your behalf and forwards later if appropriate).
If desired, there could be multiple levels of these services, which would basically amount to Tor hidden services.
Original on my site
When we hear about free services snooping on you, people are quick to say "Free service? You are the product" and "not surprised". Yet we pay our telcos (sometimes ridiculous sums of money), and we are STILL the product. And guess what? The degree to which we allow ANY company or government agency to snoop on us allows the rest to get away with more too. So if we want to take a stand to keep some shreds of privacy intact, we need to take a powerful pro-privacy stance. We need to punish ANY organization that goes too far invading privacy, and establish laws and regulations to give us teeth for when they violate that privacy. And we need to stop reacting to news of privacy violations with dull acceptance. We need to fight back and one of our best tools available is to campaign hard to regulate the industry.
Carriers get help also from their more traditional network partners:
"Nokia Ad Analytics opens up a new revenue stream for operators by offering value-add data to the advertising industry. It works in cooperation between operators, advertising companies and Nokia. The service extracts the right data from operator networks, anonymizes it, analyzes it according to target segments specified by the advertising agency, and enriches it with location data from maps and demographic data from public sources."
http://networks.nokia.com/portfolio/latest-launches/big-data-and-analytics
You agreed to the EULA. This isn't under any radar - It's what you agreed to.
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
When more and more people are becoming annoyed at Marketing and their lack of privacy being exploited by services they feel they require to be happy, this is a brilliant fucking idea.
Yes, arrange your store several times a day, no one like walking around stacks of shit in the aisle while someone is trying to do their job. It doesn't make them uncomfortable and turn them off browsing your wares to get away from that feeling.
the example in the summary is actually kind of interesting and sounds like a valid use for detailed yet anonymized data. the creepy stuff is when they use uber detailed stuff to serve you ads elsewhere in your life.
And we still pay more per customer than any country on earth for wireless service.
The latest software update for my phone was loaded with this kind of carrier (Virgin Mobile on Sprint) crap (yes, I have complained to VM, but no, they're not going to take it back). Fortunately, HTC has tools to delete things from the "ROM", so it isn't permanent on the phone I have.
They're going to wonder why I watch so much gilf tranny midget pr0n...
Even aggregate data has its malicious uses, but such data is rarely anonymous. Remember the AOL search history release?
https://en.wikipedia.org/wiki/AOL_search_data_leak
AOL released the "ANONYMIZED" search history of its users, only to find it was quite easy to datamine their identity... just from this one set of data. If you have multiple sets, it becomes trivial to do so. e.g. they visit the pizza ordering page, you have the customer list for the pizza place, so you know that that user's details, and by extension all of the other stuff, and if their searches contain "Herpes cures" and "Herpes Clinic", then I wouldn't share a pizza with them.
Even as aggregate data it can be misused. Recall Choicepoint?
http://www.theguardian.com/commentisfree/2006/jul/08/comment.mainsection4
They were the company that analyzed the voting roll in swing states for likely Democrat voters, then analyzed for matching names in other states to create "scrub lists", lists of people to be scrubbed from the electoral role on false claim of fraud. So if Bob Jones in Florida was likely to vote Democrat, they'd find another Bob Jones in another state, and add him to the scrub list to block his vote.
By analyzing the individual wards for bias, they could determine which wards should receive defective voting machines to swing the vote. Hanging chads were not randomly distributed. Those faulty machines were sent largely to black districts.
That was AGGREGATE data, they didn't know how an individual "Bob Jones" would vote, they knew the voting likelihood of his demographic.
One of the tricks used was to send "confirm your residency to be allowed to vote" letters out.... to students (students on *aggregate* vote Democrat) during the summer break requiring a signature from them on receipt. So the student was away on holiday, couldn't get the letter and wouldn't be allowed to vote. The vote was during term time, so they knew the student would be there for the vote, but not for the letter.
This data would let them fine tune such strategies, and often (see AOL) down to individuals.
From the article:
It "tells you where your consumers are coming from, because obviously the mobile operator knows their home location,"
SAP receives non-personally-identifiable, anonymized information from telcos,
If they know where you live, you aren't anonymous. This is yet another example of ineffective "token anonymization" so they can say its anonymized while laughing as they automatically de-anonymize it.
Course not. What kind of a thai chick with a dick has hair in her balls. That is so very insensitive of you tu suggest.
NO SIG
"What is your hypothetical administration going to do to end this nonsense of the federal government spying on it's citizens without a warrant when: ,turning the US into a "Surveillance State" where anyone with any level of technical sophistication wants nothing to do with contributing their expertise to the betterment of said society.
1- Historical information shows clearly that incidents of crime and terrorism have not been reduced in a credible way by warrantless wiretapping of citizens.
2- Warrantless wiretapping has lead to trials where the first and fourth amendment rights of the defendants has been largely ignored
3- Evidence collected by warrantless wiretapping of citizens has been used to support charges against said defendants despite their rights being violated.
4- Spying on citizens CLEARLY represents a waste of taxpayer dollars that could be spent on using said resources to fight terrorism.
5- Repeated spying on defendants such as Aaron Schwartz, has lead to situations where the very people who are experts that could contribute to the improvement of the use of surveillance where it is warranted in a fair and lawful way are victimized
And finally:
6- Any credible polling of the American public indicates that constituents of both major political parties clearly DO NOT WANT to live in a surveillance state?"
Ask Donald Trump, Ask Hillary Clinton, ask Bernie Sanders etc.. and watch them stumble and hone and haw or watch them go into some circular non-sequitur argument about "Well I love America and those people who have nothing to hide have nothing to fear and we are trying to prevent 9-11, thats right Nine Eleven! Nine Eleven was bad!" and other tired old clap trap.
This situation is unacceptable, and you don't stay in business by screwing over your customers.
Imagine I'm an employer and I buy the local set of phone location tracks, that are 'anonymous'.
I have my employees home addresses, a GIS database gives me the corresponding GPS coordinates, (data point1), I know the factory GPS coordinates (data point 2), so I can then filter that data using those two points to determine what 'anonymous' data corresponds to each of my employees.
Now I have effective tracking of my employees, and I can link in their search history, their friends, any hospitals, any bad habits... all can be de-anonymized easily.
Even if I didn't have their home address, they check in each data at the factory, so I have a time and location for many number of days, so I have many data points, to de-anonymize any data you give me.
There simply is no such thing as anonymous data. It's not meta data, its data.
If the old-school telephone companies hired people to listen in to your phone calls then sold the info to the highest bidder.
Or the post office routinely steaming open the envelopes of your letters and selling the info, or using it to extort you.
If this sh*t ain't against the law it should be.
They're a common carrier and nothing more. Get off my lawn.
Where are we going and why are we in a handbasket?
is the major difference between the evil and good corporations.
is MORE than the combined net revenues of every wireless carrier in the U.S, including their non-cellular based businesses (interconnects, short and long haul networks, wireline, cable tv, advertising, publishing, etc).
And how many complain? Relative those that use it? I reset my face!
http://news.slashdot.org/story/15/10/27/226226/us-senate-passes-the-cybersecurity-information-sharing-act-74-21
Aren't we supposed to be trusting these pricks like Verizon, Sprint, Microsoft, etc? I mean isn't all data just an ocean of data that everybody in the world just gets to swim around in? Why would we even want privacy? Don't we want to enhance our user experiences like Microsoft says? Shouldn't Target and Walmart and Amazon and Sears and Macy's and Safeway and Newegg and Rite Aid and Walgreen's and Motorola and IBM and Disney and Hostess and Hersheys you know.. everyfuckingbody... just all be sharing your data since they aren't people they are "real live corporations that you trust". Of course the government aren't a wide variety of some liars and some honest people.. c'mon it's the government you know they are just helping you. How hard is it really to get this?
Who dunnit? Money and propaganda is entirely a Jewish monopoly. From Federal Reserve to Hollywood. Not bad for a group that lives in a sand world shithole, denies Jesus Christ, and has a force field due to everlasting wars right? Iron Dome. Samson Option. They are getting stabbed and run over at bus stops on the daily. Could there EVEN be a reason for it? Is it anti-asianism? anti-africanism? anti-semitism? It has nothing to do with an -ism. The ism's are kool-aid. It's called subterfuge. Perfidy.
Striving for Commander in Chief of the USA now who do we have? Top gun of the best equipped most advanced and most powerful military in the history of Earth. Do you really think they are accidentally controlling all the news and Hollywood? How brazen are they? A republican debate for US President/Commander in Chief... subscription only?!
Also the TPP...
http://economixcomix.com/home/tpp/
https://encrypted.google.com/#q=eff+tpp
And a lot of other sneaks and spins going on right now. Don't buy into armchair quarterbacking the pre-selected candidates. You better be staring right into the eyes of the electoral college at some point between now and the election. Treason is punishable by death for too many reasons to list.
Can you hear me now? Cybersecurity and corporations selling consumer data are inseparably related.
If any one was wondering why google is pushing project Fi, behold! Google of course is best positioned not only to sell this data but correlate it across all your other tracking data. If you use their DNS or chrome or search hints at home or on their browser then they know every website you visit. Project Fi completes their mobile domination of your personal movement. No wonder the price of Project Fi is attractive.
Some drink at the fountain of knowledge. Others just gargle.
Stop the spying.
My type!
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Some how I feel like this is what CISA is all about, and not security.
"If any question why we died, Tell them because our fathers lied."
It aint your data. It is their private property. If you come into my floral shop, the video of you entering my shop, the bill for buying roses, the picture of the women who was on your arm, the record of merchandise I sold, is MY property, including the video of you driving away in your BMW. Your in MY private property. If you dislike it, leave, or better yet, live in a cave.
And I expect my comments to be completely ignored.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
All I see anymore is articles about how everyone is selling your information. Well Duh. Now all of a sudden another idiot wakes up to this fact and wants something done about it? Yea the best solution is to become a reclusive person, ditch the internet, cell phone, credit cards, anything remotely connected to the electronic age and then you might have limited privacy. I still don't get why everyone is so obsessed with their information being sold? I remember years ago signing up for those contests giving out my name, address, phone number. Never winning of course. But being hounded with junk mail for years and also telemarketing calls. So what, now they have moved on to a much easier and lucrative data gathering through our gadgets. Privacy died a long time ago and all you Facebook people should just stop with the whining about how your privacy is over.
You bring up an interesting but done to death point. Just like the response to SOPA, due to the actions of Aaron Schwartz, if the American people sent a loud message to the presidential candidates and congress and every part of the legislature that they are not going to tolerate being spied upon whether it is for financial gain or for political expediency or whatever reason and it is made illegal, the next time some company tries to bully someone and use spying as a tool to gather illegal evidence that will be used as "probable cause" to raid their house and take everything, the evidence will be thrown out and the appropriate fines, charges and restitution will be applied to that company and a proper example set of why you don't do that and expect to get away without getting burned!
I'll put it another way, If you hack into Jodie Foster's phone to find out where she is going to be because you are obsessed with her to the point that you think she is going to be your girlfriend if you could just get her to notice you.. and you stalk her.. you will go to jail if you do something weird or creepy enough and anyone finds out about the hack. (FYI she is gay anyway and has 0 interest in men, so she is the perfect example here.)
Why the actual fuck is it any different when Sprint or the NSA or Google does it to everyone who owns an internet connection or a smart phone? Seriously! That is fucking bullshit that should not now or ever be tolerated, no matter who is doing it or why (unless it can be proven in a credible way that a warrant was obtained and they knew that they knew that they knew that they knew that an actual crime was being committed that justifies the spying and stalking.)
I will put it a third way:
If you are Jodie Foster, how do you know that some employee at Verizon or Virgin or Sprint or AT&T or the NSA with access to the tracking info isn't stalking you right now, looking in your window.. thinking they are going to get some Nell? This situation is in no way OK!
What would happen if you only agreed to the EULA on the condition that they shared 99.9999999% of the profits they obtained from the use of your information and you charged them 300% interest for every day they don't pay their bill? I tell you that the practice would end for everyone except the NSA overnight!
but I'm on android 4.x and 4.x is marked 'wont fix' by google and their vpn (ipsec, I think; not sure which component is broken) just will not work.
https://code.google.com/p/andr...
hey google fans, care to try to defend google, here?
I'm not able to (easily) upgrade beyond 4.x on my phone and vpn is still broken. do you guys find this behavior (wontfix) acceptable?
I sure wish I could run my vpn again. funny that on my ancient nexus one (which is stuck on 2.2) runs the vpn software just fine. and I know that on a 5.x phone it also runs fine. why google ignores this show-stopper bug, I have no idea; but 'upgrade to a new phone' is never a good answer when its JUST a software fix that lazy-assed google refused to backport.
--
"It is now safe to switch off your computer."
'nuff said. They can all drown in a lake of fire.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Either we're paying clients and they don't do this shit or we get free services in exchange for the carriers being able to sell our data. There has to be laws against being able to do both.
Fight for your bitcoins!
I've always known posting as AC only gives me the illusion of anonymity online.
My name is Tom, nice to meet everyone. Thanks for the one time I got modded up.
Leave the phone at home. Alternate solution: buy something like this. http://www.popsci.com/gadgets/...
Once you're on the run because ATT planted the evidence they decided to frame you with and then anonymously tipped off the feds.......promise you'll use a display computer at Radio Shack or something to let the rest of us know what's going on. And don't waste time asking us to help....you know we won't be able to. Stick to stuff you think we'll find amusing, MEMEable or is sure to kick off a massive Google vs Apple vs MS flame war.