By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

U.S. Carriers Are Selling Customers’ Real-Time Location Data

Joseph Cox, writing for Motherboard:

Nervously, I gave a bounty hunter a phone number. He had offered to geolocate a phone for me, using a shady, overlooked service intended not for the cops, but for private individuals and businesses. Armed with just the number and a few hundred dollars, he said he could find the current location of most phones in the United States.

The bounty hunter sent the number to his own contact, who would track the phone. The contact responded with a screenshot of Google Maps, containing a blue circle indicating the phone’s current location, approximate to a few hundred metres.

Queens, New York. More specifically, the screenshot showed a location in a particular neighborhood — just a couple of blocks from where the target was. The hunter had found the phone (the target gave their consent to Motherboard to be tracked via their T-Mobile phone.)

The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.

It doesn’t seem like Verizon is off the hook on this scandal either:

Microbilt’s product documentation suggests the phone location service works on all mobile networks, however the middleman was unable or unwilling to conduct a search for a Verizon device. Verizon did not respond to a request for comment.

To say this is an outrageous privacy violation is an understatement. It’s downright dangerous. The carriers’ defense is basically that they only intended to sell this data to the “right” people, and the fact that these middlemen are reselling it to the “wrong” people is against their “terms”. Fuck that. This data should not be sold to anyone, period. This is no better than if the carriers let people pay to listen to your phone calls. Honestly, for me and my family, our location data is more private than the content of our calls.

★ Wednesday, 9 January 2019