Hackers Claim Massive Breach of Location Data Giant, Threaten To Leak Data (404media.co) 38
Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. 404 Media: The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples' precise movements, and they are threatening to publish the data publicly.
The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.
The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.
new law needed (Score:5, Insightful)
If you harvest data and sell or make money off of it, and it is breached the C-suite gets 10 years in prison.
Re: (Score:3)
New "Law" Needed: Cruise Missile up hackers' asses
Re: (Score:3)
Ukraine seems to be putting some of it to good use unaliving a lot of Russians...
Re: (Score:2)
Personally, I very much hope the hackers will post this data. Even knowing that my data may be there.
I think we all need to know just how much data these companies are grabbing and compiling. Perhaps once the invasive nature of this data is exposed, we can finally get some controls on its collection and use.
It would be interesting to see the location history on public figures as well as the common folk.
Balance Needed (Score:5, Interesting)
However, regardless of fault all companies should be held financially liable for the damage caused by any release of any data that they store and perhaps required to carry appropriate liability insurance. That will ensure they have an insurance company breathing down their necks to keep data secure in a way that's probably far more effective and far reaching than any criminal law could ever be.
Re:Balance Needed (Score:4, Insightful)
Apple + Samsung can fix this (Score:2)
1. Setting to block location data on a per app basis
2. Setting to provide generic location data on a per app basks such as always report the phone is in Grand Central Station, New York City
3. Setting to provide mostly randomized location data limited to a city, state, country or world
4. Envelope settings to isolate apps by what level of API calls related to location, phone specifics, internet ip address, dns server address, etc., log files, etc.
All could be implemented at the OS level with configuration in
Re: (Score:2)
Both iOS and Android support this.
iOS does prompt you when an app requests location data (or access to a data pool that can contain location data, e.g., photos), and you have the option to grant it, block it, or grant it only when the app is running. Though if you grant it, it apparently resets after 30 days to only when the app is running
Re: (Score:2)
Better law needed: "Do not collect data that is not necessary. Delete data when it is no longer necessary."
If it is collected, it will be leaked/stolen/sold and used against us.
Re: (Score:2)
That sounds like punishing the victim to me. "Your store was broken into by thieves, YOU go to jail!" Yeah, makes a lot of sense.
Re: (Score:3)
That sounds like punishing the victim to me. "Your store was broken into by thieves, YOU go to jail!" Yeah, makes a lot of sense.
"Your store was broken into by thieves because you were more interested in your stock price and personal bonuses than adequately protecting the private data you were trusted with. You go to jail."
There, fixed that for you.
Not that I realistically expect that to happen, not at least in the next couple of years. But currently C-suites are getting rewarded for cutting security (savings, better bottom line) rather than for investing in it. That's not how it should be, intuitively.
Re: (Score:2)
Your "fix" doesn't change a thing.
Let's refine the analogy, making the store a consignment shop. That means that the store is entrusted by many people with items they own and value. The consignment shop owner is only interested in his own profits and personal bonuses, and chooses not to install a strong security system because of the cost. Thieves break in and steal a bunch of the product, own by individuals, that was supposed to be safeguarded by the owner of the shop.
So, throw the consignment shop owner i
Data mining (Score:2)
You could get a lot of blackmail material with some smart analysis - find men and women with the same last name who are together most nights... Then look for hookups and massage parlour visits.
Or maybe look up crime maps (some police forces publish the data) and find people who seem to be at crime scene more than once. You'll get a list of cops and criminals, and from there where they live and who their friends are. Each list profitable in its own way.
Re: (Score:2)
Ah hell, who am I kidding, they will just mandate special opt-outs for themselves and fuck everyone else.
Re: (Score:2)
This is the way. The Bork Tapes led to the Video Privacy Protection Act.
Anyone know what it would cost, to hire Locate X (or something like it) to generate daily reports of the movements of everyone in Congress and SCOTUS?
Re: (Score:2)
This is the way. The Bork Tapes led to the Video Privacy Protection Act.
Anyone know what it would cost, to hire Locate X (or something like it) to generate daily reports of the movements of everyone in Congress and SCOTUS?
My guess is the Go Fund Me page for that one would make enough to cover it before the government forced it to be shut down.
Re: (Score:2)
You can also use the data to find gatherings, even underground ones, perhaps send someone as an agent provocateur to stir things up, so a quiet rally turns into a riot.
Extortion and blackmail definitely come to mind, especially if two people are found to have been in the same room at a hotel at the same time.
Don't forget physical job interviews. A lot of companies would love to know if someone takes a sick day and is off interviewing at UAC.
Problem is that if info is gathered, eventually it will be hacked
Re: (Score:2)
Finally that Jessica Fletcher will be exposed for "coincidentally" being at murder scenes time and time again.
No data in, no data out (Score:2)
That's why GPS is turned off unless I absolutely need it, and my cellphone spends 90% of its time in airplane mode.
The sumbitches can't lose data they don't have.
Re: (Score:2)
If you use Android, I believe Google was caught interpreting 'location services off' as 'cache it and do a burst transmission the next time the user turns the service on'.
Re: (Score:2)
Where would it get location information from with GPS off, wifi off and airplane mode?
Re: (Score:2)
If you have all those off, it would get nothing from them, of course. But it's a phone, right? You have mobile voice going, and that will produce location results. Usually worse than GPS, definitely garbage in rural areas, but location data nonetheless.
And since we're talking Android, we're talking smart phones... You're probably going to have the WiFi on at home and at the office at least. That may not be 100% of your time, but it is location data.
Re: (Score:2)
I keep my phone off on the move. I don't want people calling me when I drive anyway, so what's the point of broadcasting my position.
I come out of airplane mode when I'm sitting somewhere for some length of time. Then they get my position. So whoever is tracking me only sees only gets discrete points on the map.
And on the bus or onboard trains, there's free wifi - with VoIP working just fine - so no tracking there. No easy tracking anyway: the point isn't to be untraceable, the point is to make it not cost-
Re: (Score:2)
ok but how is the mcdonalds app going to know what mcdonalds I am at without GPS?
Re: (Score:3)
That approach kind of puts a damper on using the cellphone for things like...communication.
Re: (Score:2)
GPS is just icing on the cake. Any time your phone is (trying) to connect to the cell network, it's giving away its position. So every time you turn off airplane mode, even for just a moment, they've got your position.
Avoiding the cell network and using Wifi doesn't really help either. However, it's possible that turning off location services *might* stop your phone calling home and giving away your location. I doubt it's as simple as that though - but at least you're spreading your location data around to
Between a Rock and a Hard Place? (Score:1)
My first reaction is that these hackers are likely not domestic, the article requires a login and the readable portion without such does not credit a group behind this breach. If the hackers are not domestic, then my next thought is whether there should be an air-gapped solution separating risk sectors? A "Great Firewall" between
Location data collection should be illegal... (Score:2)
It should be illegal for companies to collect, store and (ab)use this kind of location data.
Re: (Score:2)
Why is location data a special category?
Location data has many legitimate uses, just like any other kind of data. It also has illegitimate uses, just like any other kind of data.
Re: (Score:2)
I can almost guarantee you will not want to publish your family members data to further prove you “right”.
Why? I go shopping, my kids go to school, I work from home.
While I might feel vaguely threatened if someone were following me, my location data itself is pretty boring.
Still, I don't have a Google account or any of Google's proprietary apps on my LineageOS-powered phone, nor do I have any apps that show ads, nor do any of my non-F-Droid apps get location permission.
Location data can make your internet history look like a diary you lost when you were 8 years old.
This makes me think there's something really weird about your life. Where the hell do you go?
app tracking protection (Score:2)
They get the location data from apps on your phone that periodically grab all the info they can get their hands on and export it to multiple tracking companies that pay money for it. I know this because it is blocked on my phone and I can see what they want to send and where it would go.
If you have an Android phone you can prevent the tracking. Install the duckduckgo app, go to settings and turn on application tracking protection. It instantiates a local VPN that filters all the network traffic and blocks t
Really (Score:2)
If they got the data they claim to have, they really should publish it at wide.
It's time to wake up the folks about what the private sector is doing to them.
Really , as a public service , they should follow in the footsteps of Edward Snowden and publish all they have,
This is not a joke. Publish.