‘They Stormed the Capitol. Their Apps Tracked Them.’

Charlie Warzel and Stuart A. Thompson, reporting for The New York Times:

A source has provided another data set, this time following the smartphones of thousands of Trump supporters, rioters and passers-by in Washington, D.C., on January 6, as Donald Trump’s political rally turned into a violent insurrection. At least five people died because of the riot at the Capitol. Key to bringing the mob to justice has been the event’s digital detritus: location data, geotagged photos, facial recognition, surveillance cameras and crowdsourcing. […]

While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data.

The source shared this information, in part, because the individual was outraged by the events of Jan. 6. The source wanted answers, accountability, justice. The person was also deeply concerned about the privacy implications of this surreptitious data collection. Not just that it happens, but also that most consumers don’t know it is being collected and it is insecure and vulnerable to law enforcement as well as bad actors — or an online mob — who might use it to inflict harm on innocent people. (The source asked to remain anonymous because the person was not authorized to share the data and could face severe penalties for doing so.)

I understand why the source asked to remain anonymous, but it sure would be interesting to know which apps were supplying this data. My best guess is that it come from a mobile ad network. But that’s just a guess. And if the data did come from just one ad network, how much data is being collected in the aggregate by all ad networks?

It’s really just flabbergasting what Warzel and Thompson were able to do with this.

Wednesday, 10 February 2021