Ban the sale of precise geolocation (lawfaremedia.org)
558 points by hn_acker 9 hours ago
Johnbot 9 hours ago
A lot of geolocation data on the market is anonymized, following medium-lived unique IDs that aren't able to be mapped to other identifiers. The problem with that is that if you have precise locations, or enough samples that you can apply statistics to find precise locations, in many cases you can de-anonymize the IDs. You can purchase address and resident listings from a number of different data vendors, and by checking where the device returns to at night you can figure its home address. Then if you find information on the residents (work locations, schools, etc.), you see if said device goes where each resident of the home address is likely to go, and you now have a pretty good idea of exactly who the device belongs to.
rockskon 8 hours ago
There is no such thing as anonymized location data when you have the location of something where and when they sleep and work.
It's a rhetorical fiction the ad industry tells itself.
Terr_ 6 hours ago
Right, there's probably no other phone in the world that typically stops for hours within 1000 feet of my bed and typically stops on Monday-Friday within 1000 feet of my work-desk.
mapt 5 hours ago
abustamam an hour ago
I think this begs the question of what anonymous data means. Sure my visit to HN is "anonymous" in that it doesn't say "abustamam visited this site" but piece together all the other visits that have my "anonymous ID" then eventually it paints a pretty nice picture of who I am.
Forgeties79 8 hours ago
And with LLM’s now it’s easier than ever to piece the parts together. Companies were doing it before we even knew what LLM’s were capable of.
Edit: It's a rhetorical fiction the ad industry tells us.
teraflop 7 hours ago
We should have learned this lesson 20 years ago when researchers were able to deanonymize a lot of the Netflix Prize dataset, which contained nothing except movie ratings and their associated dates.
https://arxiv.org/abs/cs/0610105
If movie ratings are vulnerable to pattern-matching from noisy external sources, then it should be obvious that location data is enormously more vulnerable.
vovanidze 8 hours ago
exactly. calling it 'anonymized' is pure security theater once you have enough data points to map out someones daily routine.
waiting for legislation or eulas to fix this is a lost cause since adtech always finds a loophole. the fix has to be architectural. moving toward stateless proxies that strip device identifiers at the edge before they even hit upstream servers. if the payload never touches a persistent db there is literally nothing to de-anonymize. stateless infra is the only sane way forward
microtonal 8 hours ago
To be honest, I feel like this is where iOS and Android are failing us. Why is every app allowed to embed a bunch of trackers? Only blocking cross-app tracking on user request as iOS does is not enough (and data of different apps/websites can be correlated externally).
rolph 7 hours ago
CPLX 7 hours ago
chimeracoder 5 hours ago
uxhacker 6 hours ago
How is this legal under the GPDR? There is clear examples in the citizenlab document of a user been tracked inside of the EU from outside.
Is there not also a requirement for clean consent? Ie a weather app can’t track your precise location?
sroussey 8 hours ago
Companies exist that de-anonymize other data brokers data. Lets the other data brokers claim they have anonymized data while end end users get everything.
ImPostingOnHN 8 hours ago
you could probably run a anonymization company at the same time you run a de-anonymization company
gessha 6 hours ago
nzach 4 hours ago
> enough samples that you can apply statistics to find precise locations, in many cases you can de-anonymize the IDs
I think a lot of people don't realize the power of a big enough sample size. With enough samples even something pretty innocent looking like your daily step counter could make you identifiable.
As far as I know we don't have large enough databases to make this happen in practice, but I don't think this is impossible in the future.
jandrewrogers 4 hours ago
How large are you estimating is "large enough"?
ninalanyon 7 hours ago
In what sense can the latitude and longitude of my house be called anonymous data?
kube-system 7 hours ago
Ultimately, a map is anonymous data containing lat/lon of everyone's house
Alone, these points are not deanonymizing, it's when there's other data associated.
jandrewrogers 8 hours ago
Location and identity are inextricably linked. You can't destroy identity without also destroying location and location is critical for myriad purposes.
The analytic reconstruction of identity from location is far more sophisticated than the scenarios people imagine. You don't need to know where they live to figure out who they are. Every human leaves a fingerprint in space-time.
nickburns 8 hours ago
> and location is critical for myriad purposes.
It's not though.
Critical for myriad elective purposes? Sure.
jandrewrogers 7 hours ago
ramoz 5 hours ago
From what I've seen none of this is that complex, one could simply 'draw a circle around your house' and get all the "anonymized" device pings and just trace those.
1121redblackgo 8 hours ago
Yep. With side channel/one order of thinking above the laws, its trivial to get around said laws. Need better laws.
malfist 8 hours ago
> A lot of geolocation data on the market is anonymized
A lot isn't good enough.
ch4s3 9 hours ago
IMO we should ban gathering this data without a warrant or specific contractual agreement between the device owner and entity aggregating the data. As much as congress loves to claim the interstate commerce theory of everything, this seems like a slam dunk.
Dwedit 9 hours ago
Contractual agreement? Nobody reads things like EULAs or terms of service. It's probably in there already.
ch4s3 9 hours ago
I should have been a bit more clear. We should ban retention for any purposes where it is not explicitly required for the intended function and clearly agreed to by all parties. Think somethig like strava or asset tracking. You know it stores gps data, and why.
ryandrake 8 hours ago
teeray 6 hours ago
Instead of “I accept”, you’re given a quiz
toofy 9 hours ago
if it were up to me i’d require a hand signed contract that explicitly, up front and in plain english gives permission and is not transferable to any “partners”.
rubyfan 9 hours ago
Right, privacy terms are written to be vague and permissive. Even if you read them you can’t usually understand how the data will be used or opt out.
rubyfan 9 hours ago
I think we should make this type of tracking opt-out by default. We should also ban the sale of its use to third parties and its use for purposes other than the specific functionality which required it to be enabled in the first place.
gruez 9 hours ago
>I think we should make this type of tracking opt-out by default
That's opt-in, not opt-out.
nickburns 7 hours ago
wakawaka28 6 hours ago
Every EULA already covers this basically. The real problems are: people agree to it, and the government can do an end-run around the constitution by simply purchasing data or hiring contractors.
troupo 9 hours ago
> IMO we should ban gathering this data without
GDPR tried. And the narrative around GDPR was deliberately completely derailed by adtech.
Lack of enforcement didn't help either
ch4s3 9 hours ago
GDPR like all EU regulation is needlessly complicated and aimed at a compliance model that seems designed for SAP.
pocksuppet 8 hours ago
microtonal 8 hours ago
troupo 8 hours ago
KaiserPro 3 hours ago
The problem the USA has is that it has no concept of "private data" outside of some part of HIPAA.
Until that changes you're going to be stuck.
Something as simple as the data protections act 1998 (https://en.wikipedia.org/wiki/Data_Protection_Act_1998) would kneecap a lot of the shady shit that goes on in the USA.
treebeard901 5 hours ago
Once wealthy and powerful people realize how this can be used to track them they will start cracking down. One of many examples for how underrated access to location data is for unauthorized people, it is a primary way that the military locates and kills targets in foreign countries. It is surprising all of the data is so freely available with data brokers. Or in some cases from the app companies themselves, if you're willing to make it worth the trouble for them.
crummy 4 hours ago
Seems there’s an opening for an ElonJet-like tracker that operates on this data.
romaniv 8 hours ago
The problem with all these discussions about banning stuff is that privacy is always on the back foot. It's by design. People who want to surveil and manipulate us are actively investigating new ways of doing it, they get paid for it and they risk nothing in the long run. All of these discussions about specifics are just reactions. They aren't even reactions to the surveillance itself, but rather to a discovery by someone that a new surveillance machine has been constructed and launched.
So the current feedback process involves: construction → exploitation → reporting → public awareness → legislation. This is too slow. Moreover, operating in this environment is exhausting.
We need a different feedback loop altogether. I'm not sure which one would work best, but something different needs to be considered.
jjk166 6 hours ago
Yeah, abuse of privacy should be the crime, the same way theft is. How exactly the crime is committed shouldn't matter. Companies can have every right to make a compelling argument that what they did was not an abuse of privacy when they are defending themselves in court.
And critically, it is not someone becoming aware of private information that is the abuse of privacy, it is exploiting that private information which is the abuse. There may be countless legitimate technical reasons you need to collect data, but there can not possibly be a technical justification for selling it.
linkjuice4all 8 hours ago
Let’s just stretch copyright to cover movement/location as a protected creative expression. It’s somewhat ridiculous but we’ve already established case law and technology for handling/mishandling protected assets.
gruez 7 hours ago
Then they add a clause to the ToS with "you grant us and our affiliates a worldwide, non-exclusive, royalty-free, sublicensable and transferable license to your location..."
groos 5 hours ago
Most people don't realize how bad geolocated data is for a free society. I can buy data from a broker, geo-fence your house address, and then I'm able to see all the places where you went, who you associate with, and identify all you associate with by tracking them to addresses. All of this happens with anonymized device identifiers. It is the wet dream of a company such as Palantir and all governments who desire absolute control over their populations.
sciencesama 20 minutes ago
instead buy it and show the horror things ! may be focus on politicians who can be swayed with this data !
ButlerianJihad 4 hours ago
When I had the opportunity to peer into public records, I found some extremely intriguing stuff.
There was one person with a feminine name who showed up with a “home address” that would correspond to being my “neighbor” at home, at my clinic, at church, when I went to college, etc. All the years corresponded correctly, and the addresses were some residential place about a block or less away from the places where I went.
For all I know, this person was either fictional or an innocent bystander. She did appear to have a Facebook account or two. I was never able to directly contact her. But I found it very strange and I wondered what would be gained by doxxxing me in this manner?
Of course this has nothing directly to do with GPS coordinates, but imagine if the GPS began to be part of your public record as well, or on your credit report. Imagine if it was entered into the public record what coffee house you visited every morning, or if there were errors in this record.
GJim 2 hours ago
> GPS coordinates
* coordinates
There are many ways of establishing ones latitude and longitude without recourse to one particular GNSS system.
ButlerianJihad an hour ago
Excuse my colloquialism. All I meant was “universally recognized coördinate format”, okay?
uxhacker 9 hours ago
More details are available here, including screenshots of the tool.
https://citizenlab.ca/research/analysis-of-penlinks-ad-based...
victor22 2 hours ago
You cannot regulate anything anymore, everything is geotracked, be real
reenorap 6 hours ago
I'm of the opinion now that posting videos online without the explicit permission of EVERYONE in the video should be illegal. It's one thing to take a video and keep it on your phone but if you share it outside of your family and only your family, then it needs to have the expressed consent of everyone whose face is on it otherwise it should be a crime.
The previous views on privacy didn't take into account the fact that everyone now has video cameras and people are incentivized to violate privacy to make money as influencers. I think people's privacies need to be protected and I think that means making laws around it much, much stricter. This includes things like location data, it shouldn't be sold or exposed at all.
wakawaka28 6 hours ago
So, no videos of festivals or politicians speaking? How about legally recorded conversations or anything else exposing corruption? Body cam footage? Harassment is already a crime. Take care not to come up with oppressive laws to deal with a nuisance.
pnw 5 hours ago
The examples show Android devices. How does Webloc track iOS devices given Apple doesn't allow unique IDs and allows the user to disable the ad ID? I wish these articles would go into a bit more detail for the technical reader.
lifeisstillgood 7 hours ago
There needs to be a believeable legal framework behind this.
Imagine a option on your iPhone that says “Enable this to allow geo-location tracking for organisations registered under the NOADSJUSTPUBLICGOOD Act” - then any wifi endpoint could locate you as long based on signal strength etc and that data could only be made available to people registered under the act.
Would we see new understanding of how people move around in cities, would we see better traffic information, Inthink so - as long as people believe that there are real teeth to the laws and they enforced loudly and publically.
We should embrace the benefits of a society wide epidemiology experiment - the benefits for public health are incredible. (Add to that supply chain logistics on open ledgers and many of the new things that just were not possible before and the future of open transparent but well regulated democracies is bright.
Let me know if you spot one.
kidnoodle 6 hours ago
I had a theory that the way to solve this was a location intelligence data union which sold safely anonymised aggregates and shared the profits, while also litigating on behalf of members under available legislation to stop other people using their data.
Alas, I was stymied by not having any cash to work on it, and the unit economics were not very VC friendly (at least I assume that’s one of the reasons why I didn’t get any traction from VCs).
Terr_ 4 hours ago
"Get consent first" hasn't worked because the average consumer can't give informed consent to the kind of stuff going on behind the scenes.
What about: "If something bad happens because of the data your company shared or lost, it is criminally and financially liable?"
atmosx 4 hours ago
Both make sense. Depends on who you want to protect.
Eextra953 8 hours ago
Does anyone know of any groups that are organizing and lobbying to get things like this into law? I know about the EFF but they seem to be more focused on documenting and reporting instead of lobbying and getting things passed.
Cider9986 7 hours ago
Restore the fourth, Brennan Center, EPIC, Freedom of the press foundation.
dminor 8 hours ago
Senator Wyden has been pretty focused on it. I think it's going to take some changes in Congress before it happens though.
Cider9986 7 hours ago
Massie and McGovern in the house as well.
eptcyka 4 hours ago
I want geolocation to not be sold. Yet, I do not believe we have been successful in banning the sale of cocaine and elephant tusks. What makes us think this will be an easier problem to solve?
lionkor 4 hours ago
People get arrested for running large cocaine operations, that's the difference.
titzer 8 hours ago
These people really have no idea at the level of data collection from Google's rootkit on Android known as "Google Play Services".
glitchc 8 hours ago
How about we just ban the collection of precise geolocation? Wouldn't that be a better solution?
davebren 8 hours ago
You can have legitimate use cases where it's a core functionality of the application to store it, so the user obviously knows it's being collected and agrees by using it.
Mithriil 8 hours ago
I would expect such a law to be lobbied to death.
warkdarrior 6 hours ago
So you want to ban all mapping apps and all fitness apps?
ssl-3 3 hours ago
Nothing external needs my precise location to navigate with a map. An approximate location is sufficient to deliver to my device a map of an area I'm in, and of the overall route, and all of the details that are useful for navigation.
Fitness apps can be local. We have pocket supercomputers; certainly, we don't need help from the clown to keep track of how far (or how energetically) we biked or walked today, or where that took place.
kristianpaul 7 hours ago
Haven't read the article yet but having more NTRIP public endpoint could help a lot to this precise location
charcircuit 4 hours ago
I think it's fair for law enforcement to compensate the people collecting this data instead of forcing them to give it away for free.
erelong 6 hours ago
Alternatively, opt out of services that sell it
shevy-java 6 hours ago
Soon Geolocation will be tied to Age! Then you can meet locals and congratulate them on their birthday. The movie Minority Report was way too timid in its prediction here. Age up everything! \o/
lifestyleguru 9 hours ago
Smartphones, mobile apps, mobile networks, and WiFi stopped being your friends around 2015-2016. Now it's just a matter of how much data can be harvested from device sensors in real time until reaching a pain point which doesn't exist.
Cider9986 6 hours ago
WiFi isn't that bad, we have mac address randomization[1] and VPNs. Cellular is obscenely bad, though.
reorder9695 7 hours ago
If anyone's interested in this the book "The Age of Surveillance Capitalism" is rather revealing of the sheer scale of this.
mystraline 7 hours ago
Yep.
And the FLOSS/Linux phone hardware attempts have frankly sucked.
I was hoping that my PinePhone Pro would actually be usable. But no, its a PineDoorstop.
Proper Linux would be a great 3rd choice. But yeah. We've got a duopoly and not much we can do about it.
9991 6 hours ago
GrapheneOS is a proper Linux. The hardware isn't open, but otherwise it's quite nice and clearly designed for the end-user's benefit, in stark contrast to the more widely-adopted alternative mobile OSes.
troupo 9 hours ago
Don't you want random companies to store your precise location for 12 years? https://x.com/dmitriid/status/1817122117093056541
Swizec 9 hours ago
Screenshot in that tweet says 13 months FYI
mzajc 9 hours ago
> Lifespan: 13 Months
> ...
> Standard retention (4320 Days)
troupo 9 hours ago
[Cookie] Lifespan: 13 Months
Data Retention: Standard Retention (4320 days)
wolvoleo 9 hours ago
Just ban the sale of any kind of adtracking. That way we can get rid of the cookiewalls too.
Missed opportunity by the EU when they wrote GDPR.
GJim 6 hours ago
> Missed opportunity by the EU when they wrote GDPR.
Not really.
There are legitimate reasons why I might wish to be tracked or give my personal data to a company. As long as I'm asked to give clear, opt-in informed consent, this is perfectly fine. This is the very essence of the GDPR!
Instead, direct your ire to the scummy adtech industry who are constantly asking to invade my privacy and smell my knickers trying to work out what I ate for lunch. Another law to ban the adtech industry would be welcome from me, though would meet fierce resistance from the likes of Google.
The GDPR is well written.
wolvoleo 5 hours ago
> There are legitimate reasons why I might wish to be tracked or give my personal data to a company. As long as I'm asked to give clear, opt-in informed consent, this is perfectly fine. This is the very essence of the GDPR!
In these cases they don't even need to ask for your permission.
> Instead, direct your ire to the scummy adtech industry who are constantly asking to invade my privacy and smell my knickers trying to work out what I ate for lunch. Another law to ban the adtech industry would be welcome from me, though would meet fierce resistance from the likes of Google.
No, the EU should have done more to prevent this. They didn't want to kill a billions-of-euros industry. But they should have.
troupo 9 hours ago
GDPR literally prohibits the sale of user data and tracking without user consent (because yes, you want to give people the possibility to opt in for a variety of reasons).
GDPR has literally nothing to do with cookie popups. That was, and is, adtech
em-bee 8 hours ago
prohibits [...] without user consent
that's what causes the popups.
it should prohibit it outright, consent or not.
SoftTalker 8 hours ago
troupo 10 minutes ago
pocksuppet 8 hours ago
I think they are saying GDPR did not ban websites from noisily asking for consent and trying to trick you into giving consent.
wolvoleo 5 hours ago
lotu 8 hours ago
My job was building cookie walls in response to GDPR. It might not have been the “intent” but it certainly was the consequence of that law.