Slashdot Mirror

← Back to Stories (view on slashdot.org)

For Under $1,000, Mobile Ads Can Track Your Location (mashable.com)

Posted by EditorDavid on from the I'll-be-seeing-you dept.

"Researchers were able to use GPS data from an ad network to track a user to their actual location, and trace movements through town," writes phantomfive. Mashable reports: The idea is straightforward: Associate a series of ads with a specific individual as well as predetermined GPS coordinates. When those ads are served to a smartphone app, you know where that individual has been... It's a surprisingly simple technique, and the researchers say you can pull it off for "$1,000 or less." The relatively low cost means that digitally tracking a target in this manner isn't just for corporations, governments, or criminal enterprises. Rather, the stalker next door can have a go at it as well... Refusing to click on the popups isn't enough, as the person being surveilled doesn't need to do so for this to work -- simply being served the advertisements is all it takes.
It's "an industry-wide issue," according to the researchers, while Mashable labels it "digital surveillance, made available to any and all with money on hand, brought to the masses by your friendly neighborhood Silicon Valley disrupters."

13 of 52 comments (clear)

  1. And advertisers wonder... by Whatsmynickname · · Score: 5, Insightful

    ...why adblocking is so popular?

    1. Re:And advertisers wonder... by Z00L00K · · Score: 2

      But it's an added bonus.

      $1000 for locating a certain individual seems expensive if you follow what's in the article.

      I suspect that the cost of a single tracking is less than $1. It's the use of a tracking ad that costs $1000, but then you can target more than one individual, more likely 1000 individuals several times.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  2. Nothing To... Hmm... by mentil · · Score: 2

    Apps given access to your GPS can pass that data on to advertisers. Evil Stuff (tm) can then be done with that data. I would say "nothing to see here" but I'm surprised that ads can be customized to only be shown to devices with a specific ID at a specific GPS location. The chances someone will sniff your MAID, and know the ad networks of the apps you leave running that have location access, seems really low though. I imagine the more reputable (i.e. common) ad networks will/already prohibit such specific targeting.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    1. Re:Nothing To... Hmm... by jarkus4 · · Score: 2

      From the whitepaper:
      "Cookies/MAID. Every DSP allows targeting users based on cookies
      or mobile advertising ID (MAID). Either of these could be obtained
      by an ADINT attacker if the user ever clicks on their ad.
      They can also be obtained from sniffing network traffic. Finally,
      active ad content (see below) can be used to potentially acquire
      either identifier."
      Also Facebook allows targeting by email with minimum of 20 addresses.
      "(...) these minimums can be
      circumvented; we conducted a preliminary experiment and found
      uploading 19 entirely spurious email addresses (not even connected
      to fake Facebook accounts) allowed us to target ads at a test user"

    2. Re:Nothing To... Hmm... by phantomfive · · Score: 4, Insightful

      I imagine the more reputable (i.e. common) ad networks will/already prohibit such specific targeting.

      No. I've worked in ad-tech, and I can tell you the answer is no. There is absolutely no motivation for ad companies to even think about this problem beyond a token effort.

      Ad companies have every motivation, indeed they have people paying them to give them as much information about a person as possible. This isn't even a new thing: decades ago you could buy mailing lists with names, addresses, gender, and income.

      --
      "First they came for the slanderers and i said nothing."
  3. Re:HTML5 GEO Function can be abused? *GASP* by Z00L00K · · Score: 2

    And did someone pay attention to what happens to the URL of the linked article when you open it?

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  4. Ad-blockers can't prevent 'em from tracking you by Anonymous Coward · · Score: 2

    Believe it or not, they can track you _even_ if you have ad-blocker installed

    The ad does not have to appear fully on screen , (or be successfully downloaded in full)

    All it needs is to have the GEO function invoked (with the help of your smartphone's embedded GPS feature) to send back your _current_ location before the ad-blocker wakes up, and block it

  5. Re: How associate ad with someone? by lucm · · Score: 2

    Ip address of phone downloading the unviewed ad.
    Or nearest fell tower.
    Browser fingerprinting and cookies do the rest.

    The ip address, browser fingerprinting or cookies don't give the actual user location. As for the nearest "fell" tower, you don't get that information from ads.

    There's the HTML 5 api but it will pop in your face telling you that XYZ is asking for your location.

    So as it's indicated in the summary, the only context where this "hack" could work would be in native apps when the user has given permissions to get his location. If someone allows ad-supported apps to track them, they deserve to be stalked.

    --
    lucm, indeed.
  6. Re:You realize... by lucm · · Score: 3, Informative

    As for me, I think I'm going back to a dumb-phone, or at the very least, switching to airplane mode whenever I'm not actively using the internet.

    If you look at the F-Droid repo, you'll find plenty of open-source apps that can help you control this kind of thing. For instance: https://f-droid.org/en/package...

    --
    lucm, indeed.
  7. Tracking is totally the problem with ads by evanh · · Score: 4, Insightful

    Tracking in general is certainly the reason for me. Binning the actual ads is incidental except for the whole personalised aspect of ads. This is the tracking part in action of course.

    What's wrong with simply making the ads subject related rather than that who is looking? What the user is looked for/at at that moment should be more than enough to make a targeted ad without it being personalised.

  8. Re:The ideal "Age of Google" by drinkypoo · · Score: 2

    Everyone can watch everyone.
    These days we are closer to this than we are to ultimate privacy.

    We are no more meaningfully closer to one than the other. You cannot watch what the wealthy do, because they can hide behind a big wall of money. But they get to watch what you do, because they can literally afford to pay someone to bug your house.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  9. Re:And i wonder... by Mashiki · · Score: 2

    So they can market adult diapers and ensure to you of course.

    --
    Om, nomnomnom...
  10. Re:You realize... by esonik · · Score: 3, Interesting

    A lot of data leaks can be prevented by using a browser instead of apps. There are browsers that are made for users, not advertisers: https://www.mozilla.org/en-US/...
    Apps are basically trojan horses on your device. The purpose of the majority of apps is to collect data about their users. So, instead of the amazon app, use their mobile web page (it's actually good). Instead of Facebook app, use their web page (or better don't use fb at all), etc.

    When selecting a browser, try not to choose from a company whose main business is advertising. http://www.investopedia.com/ar...

    Practical tips:
    Some browser addons I consider a basic necessity:
    1) ad blocker (obviously)
    2) tracker blocker, like Ghostery (FF now comes with its own built-in tracker blocker)
    3) NoScript

    For messaging I recommend https://threema.ch/
    Yes, you pay 3 CHF, but only once.

    It has become difficult to find apps that don't sell your data. Since everybody wants apps for free the app developers have to resort to other revenue channels and selling your data is a fairly obvious one. https://www.go2mobi.com/sell-u...