🥩 Case Study: Data Brokers

Who is collecting your data, what data they are collecting, and who are they selling it to?

To skip to the recommend privacy settings scroll to the bottom.

Consumers are now mostly aware of the fact that companies are collecting their data and selling it. But, this is a very abstract concept and most do not know the extent of how they are selling it, what they are selling, who is buying it and more. So lets look at a real example of this process.

Fog Data Science

• They are a “data broker” company who have been selling raw location data about individuals to federal, state, and local law agencies

• Started by 2 former U.S Department of Homeland Security officials

• There are 100s of companies that also do this, but Fog is the worst at selling individualized location data to law enforcement

Where they get your data from

• Shockingly they do not buy your data directly from Google or Cell Towers

• They buy it from 1000s of mobile app developers/companies

  • from huge apps like Wyze and Starbucks, to small random apps made by solo-developers

The data they are selling

• They are selling 15 billion of "near real time location" data points on over 250 million devices in the United States every day

  • There are approx 300 million total devices in the USA.

  • Chances are you are included in their data set

    

    Example of near real time data of a device “back at residential location“

• The cost to use their service is ~$7.5k - $10k a year and is thought as a “surveillance program on a budget. Though price is more as you use the service more.

  • Once you have access to their service you can do searches such as:

    • Area Searches: get all devices in a given area

    • Device Search: pin point a specific device

    • Fog is proud in their marketing brochures that the main purpose is to do a “pattern of life“ analysis to reveal where the owner sleeps, works, studies, worships, etc

      

Who is buying this data from Fog

• Local, state, and federal law enforcement agencies in the United States

• From a Freedom of Information Act request it is known that Fog has 40 contracts with 2 dozen agencies

• Here is the presentation material and contract Fog gave to a United States law agency: HERE

• Some say this violates the fourth amendment and could lead to unreasonable search and seizures but ALWAYS remember that due to Third Party Doctrine that as a user of an app you have “no reasonable expectation of privacy“

Recommended Privacy Settings (iOS)

• Settings → Privacy → Location

  • Switch every app to never (except for Find My iPhone I guess)

• Settings → Privacy → Tracking

  • Ensure it is shut off

• Settings → Privacy → Apple Advertising (IMPORTANT)

  • Shut off “Personalized Ads”

  • this settings is more than just “oh i like to get ads relevant to me“

• Delete Apps

  • go through every app on your phone and delete apps you do not use, or use very infrequently

• Convert some apps to “Progressive Web Apps (PWA)”

  • For instance, you can delete Twitter App, but then use the PWA version of twitter and it will look and function just like the Twitter App, just with less tracking

  • How to use a PWA: guide here

Further Reading:

• How the Federal Government Buys Our Cell Phone Location Data

• How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now