Netzpolitik.org actually reported on what you can do with this type of data a while ago. They tricked a databroker into getting a free sample of geolocation data, 3.6 billion datapoints. They were able to build individual movement profiles for people and link that with real identities by putting just a little bit of work in. For a government with access to stuff like palantir this would mean a full movement profile for pretty much everyone with a phone.
German article about movement profiles: https://netzpolitik.org/2024/databroker-files-firma-verschle...
Broader article about their research into the databroker topic:
https://netzpolitik.org/2024/databroker-files-die-grosse-dat...
Wired article for English speakers: https://archive.ph/DmWrw
Wired frames this a little strange, around how the government is powerless to stop it and such, especially considering how they now actively admit this is in their interest.
I remember some journalists used (currently legal) meta-data from data brokers to track the movement of some politicians and later confronted them with it: they were now very much opposed to this being legal.
Now, it seems like someone would need to do that for capital hill .. and then make sure politicians are not voting a law that only exempts them from meta data collection and usage.
Someone really should put up a website that tracks US politicians' locations in real time. It's clear that our government only cares when directly and personally threatened.
The state of the art has advanced so far in doing this. I remember way back in 2017, 9 years ago now, at the Scaled ML conference, Claudia Perlich gave a presentation about using RTB data to target ads. When she got to slide 23 [1] my jaw hit the floor. This was a small ad targeting company, and again, 9 years ago. Here's what they publicly said they had:
Consumer Events:
• 100B DailyEvents
• 20+ data integrations
• Clickstream
• App usage
• Ecommerce sales
• Cash register sales
• Precise Location
Context Data:
• User
• Device
• Location
• URL
• IP
• 200 Million Devices Daily
Universal DataStore
• 50 Trillion Record Consumer History
That's about 150,000 datapoints on everyone in the U.S. For a small company. In 2017.
The personalization stuff is why I avoided ML like the plague - all these folks making huge money but all of it to build a surveillance state for advertisers. Already having value my privacy enough to never work for an ad revenue company, they all seemed beyond the pale.
But it doesn't need to be marketed in such a sinister fashion. In 2012 when Google Maps informed me of delays along my usual commute, complete with a GPS trace of my route home, completely unprompted, I started turning off location history (lol, yeah right). I didn't even know they were collecting that data, much less analysing it that hard.
These days, that would be considered a feature - not a dystopian hellhole, and you would be a Luddite for turning off this new smartphone augmented brain. The product will make you happy. [0]
Welcome, to City 17. You have chosen, or been chosen, to relocate to one of our finest remaining urban centers. It's safer here.
There was a great piece published back during the Patriot Act debates where a princeton or harvard professor used modern math techniques and tavern records to triangulate for arrest the early Patriots and their meeting spots. It was a great article.
OP had it slightly wrong though: it's not tavern records but membership lists of colonial Boston organizations, and the author is a sociology professor (Kieran Healy), not from Princeton or Harvard.
He uses basic social network analysis on historical membership data to identify Paul Revere as the key figure among 254 colonists using nothing but "metadata." The whole thing is written as a satirical report by a British intelligence analyst in the 1770s, which makes it a pretty effective commentary on the "it's just metadata" argument from the NSA debates.
Isn't he also making the point that's a very effective way to triangulate the leaders of an org? That's just going to reinforce the NSA's inclination to do so.
I think the argument is that NSA already knows exactly how valuable metadata is, while the average person significantly underestimates its importance without a concrete demonstration.
The same NSA that publicly states "We kill people over metadata"?
If that's the type of things they say publicly at conferences we can only imagine what a more sensitive comment would look like. How anyone can underestimate the importance of that is beyond me.
Not only is it likely very easy/possible to track everyone with a phone but it has now got to the point where "movement without a cellphone present" is a red flag.
"Hey...why is this guy suddenly deviating from his normal routine? License plate readers show him 100 miles out of his normal area. Why did he leave his phone at home?"
Just like social media. Not participating is considered suspicious.
Anyone with Govt. level access (or billionaire level access) can very easily put all this data together.
Buying commercially available location records from data brokers would be far less concerning without the capability to, per Anthropic’s CEO words, assemble from that data “a comprehensive picture of any person's life—automatically and at massive scale”. It’s a world of difference between when you have to work hard to construct (and keep up-to-date) such a picture for a single individual, and when someone can do it for an entire city with no effort.
Sure but the possession itself of that data without a warrant violates the spirit of the 4th ammendment. So its time that loophole was closed so its not a an issue anyway
I actually would be fine with the authorities having the ability to process this data to solve crime and stuff, but only as long as there were checks and balances and it was happening according to the constitution, which it is not right now
possession itself of that data without a warrant violates the spirit of the 4th ammendment
Does it? An 18th-century tavern owner could keep tabs on the comings and goings of their customers. It would have just prompted pushback when they started sharing that list.
No, the bar owner has a right know who's in his bar.
The local or federal government do not have the right, or need to know the whereabouts of the average law abiding citizen. There is no "free" information, all information has a cost, whether it be acquisition or storage. Currently the people are taxed to oppress themselves. There is no choice not to be taxed, there is no consent.
You've said shat I meant to say more eloquently. That's my point. The bar owner can possess the information about their own bar without problem. The issue is when they share it with others, voluntarily or under coercion.
The government, does not own the country, it's not "their bar"
Never mentioned the government. If I shop at a store and the store owner starts selling my information to everyone under the sun, I'm going to keep an eye out for alternatives. I don't mind them collating it. I do when they share it.
In this context, I believe the tavern is a metaphor for Facebook etc., and hence it's not one tavern but a business which tried to own all taverns, pubs, and restaurants, who has made the beer (and food) free because juicy gossip sells more opportunities for ad revenue, and all the governments want in on that.
Also, "monopoly on violence" is deputised in a lot of ways, including "Stand Your Ground" laws, and "Castle doctrine" (which may or may not include a workplace), and what's allowed for trespass and if trespass includes not leaving when told to.
(And even when it's more of a first amendment issue than a fourth, there's also occasional news stories about people getting sued for leaving negative reviews of a business because the business snuck in a no-disparagement clause into the terms and conditions).
There is a big difference between a tavern owner keeping tabs on the comings and goings of their customers and the government having 24/7 precise location monitoring on everyone in the entire country.
One does not violate the 4th and the other does (though they do it anyway).
I expected years ago that the government, at some point, would realize if they are interested in the data that they could purchase, other nation states would be as well and could use it against us. Therefore the logical conclusion would be to declare collection and sale of such data to be a matter of national security and strongly restrict it as such.
The detail I failed to understand at the time was just how much money there is in data collection and brokerage.
Not ironic, unfortunate reality. I'm annoyed npr and 474 use personal data for profit. It should be illegal. I'm terrified the government uses personal data without checks on the use case. Especially since it is illegal, and they just don't care about that. Or there's a loophole, or whatever, and they just don't care how The People will react to them using it, which is just as terrifying.
Whoops, I assumed it was a proper noun the way I read it. Like a company that does data collection or something. Whatever, I'm not gonna bother to look at it again, I'm quitting the internet.
Not enough people are talking about this. It seems to me like the vast majority of people just don't care, primarily because they don't understand the ways it could dramatically impact them in the future. Short term thinking is a scary phenomenon.
This statement is from those who don't understand what's possibly at stake and those who are afraid to find out. Who can say how bad this will be for the kids in high school now, in the future? (Or most likely sooner.)
While we in the US argue about politics, we ignore what's happening behind the curtain.
This story cones uo time and time again, people rail about the data buyer, but practically speaking any one or thing can buy that data and use it against you and yours. The very collection/assembly of life data is dangerous.
Listen, this is nothing new. You can find articles like that going back years and years. The truth is: convenience trumps privacy in practice in a lot of cases. Two examples:
1. Theoretically speaking, my (data) privacy is of a high value to me! -- Then you should stop using a smart phone. -- Well...
2. I don't want anyone to create a profile of my habits because it's none of their business! -- Hi, do you have a Walmart+ card? -- Sure, here you go!
And I actually like the concept of reward cards (although I don't use them) because it is pretty much the only way how you can make money off your data.
>convenience trumps privacy in practice in a lot of cases. T
I quite recently found that the "CRED" app works by requesting permission to access the user's WHOLE INBOX and reading their mails. The users apparently have no problems giving access to their all mails to some app that they don't have control or ability to scrutinize.
Governments betray the people. That is by definition betrayal.
In this context "age verification" must be seen as an extension of betrayal. Why does a government want to sniff after user data suddenly and make it a law?
I heard this on the radio this morning. The NPR story reported the danger as individual’s PII can be combined through the power of AI.
I remarked how curious it is that wondrous AI should be the technology people need to experience before they can imagine the dangers of Data Brokers and the Mother Of All Databases (MOAD).
Which is why Mazda torments me and disables my ability to remote start my car without "connected services" app installed on my phone.
I've said this ad nauseam, but their TOS says they sell to 3rd parties including law enforcement and insurance companies.
Nobody cares though. Main point. Like 80% of the public have no idea or interest knowing what connected services does. If you tell them. They still don't care (my parents).
People talk about this as if Snowden and the NSA stuff way back meant nothing. Why the hell would they need to BUY your data? They're the US Government ffs. They have, and they will, demand that data from companies regardless of financial compensation. These articles don't seem to convey that very well.
Hot take: It's about to become a lot more common and as strange as it may sound, I don't blame governments nor corporations - the people are to blame. Everyone with a functioning brain saw that coming decades ago: If the long haired 12 year old punk, that I was in the early 2000s, could see a problem, chances are, you don't need to have 20 PhDs to figure it out either. But most people ignored it and carried on sharing every single thing about them 24/7. I have a friend who is furious about it now and when I call him out, being constantly on facebook/instagram/whatever, he still refuses to accept that it's his fault. His argument is that he needs it cause he has a music band. Here's the kicker: he's had multiple over the nearly 2 decades that we've known each other. And the reality is, he's never made any living or money out of it and acknowledges that he never will and he's only doing it for fun while investing his own money into what is effectively a hobby. He's made a couple of hundred bucks at most and much of those have been from close friends of his as a form of support and personally in my case purely out of support since the music he makes is not my cup of tea. And yet, every time he farts, he posts it on some social media. "I'm sure we are not far being tracked on the roads and if we exceed the speed limit by 2km, we get a fine instantly". I'm genuinely starting to think that people are not capable of making the connection between cause and effect. Best case scenario, they see those as a coincidence. A few weeks ago I logged into linkedin from an anonymous account and I was horrified: random posts from people I've never heard of: "We created the best performing AI that can do {something}. Comment on this post and we will give you an early access to our product."
And dozens of comments underneath, as you might have thought. The company - one 19 year old kid running a node frontend on vercel. First comment - from a marketing manager at some FAANG. If this is not a sign that we are cooked, I don't know what is.
People keep sharing everything they do online, rely on cloud based llms which clearly collect their information. And everyone and their dog understands that AI companies operate at huge losses and promises they will never be able to fulfill. Sooner or later the investors will start asking questions. Governments are in this bizarre place where they are part of this on two fronts. At large because governments are lead by people in their 60's and 70's and have no goddamn clue what AI is beyond magic that can do anything (or so they are made to believe). So they are pouring money into AI companies to do some ridiculous tasks for them, while also pouring money into collecting data. To their minds, it's probably "we have the data and we have access to the all-seeing and all-knowing ai". And while that is happening, sloppers ask that same AI to write their code, where to buy dinner, use it as a therapist, relationship consultant and all that, adding more highly personal data into the bag of data that should remain personal. Forget how bad corporations have been at preventing data leaks. When the investors start knocking on the door, asking for their money and a government asking for a JSON containing your medical records, private information and whatnot, guess who won't think twice about it and happily take the briefcase full of cash.
Ultimately, Idiocracy was supposed to be a comedy, not a documentary but here we are.
I am a big personal privacy advocate. However, I'm also well aware of how much crime is happening online and on signals that don't sit clearly in public and private channels. If you worked with this stuff like I do, you'd understand gov't and le needs more regualted and responsible access to this data. At the same time, if you're in Brazil (FE) there is no need for Facebook to comply to your warrant request. So how do you stop romance scams, coordinated trafficking, everything that happens there (BTW META is a HUGE platform for this stuff) So sometimes, your only way access data is through purchasing it.
81 comments
Now, it seems like someone would need to do that for capital hill .. and then make sure politicians are not voting a law that only exempts them from meta data collection and usage.
Consumer Events:
• 100B DailyEvents
• 20+ data integrations
• Clickstream
• App usage
• Ecommerce sales
• Cash register sales
• Precise Location
Context Data:
• User
• Device
• Location
• URL
• IP
• 200 Million Devices Daily
Universal DataStore
• 50 Trillion Record Consumer History
That's about 150,000 datapoints on everyone in the U.S. For a small company. In 2017.
[1] https://cdn2.hubspot.net/hubfs/6212008/ScaledML%20Media%20Ar...
But it doesn't need to be marketed in such a sinister fashion. In 2012 when Google Maps informed me of delays along my usual commute, complete with a GPS trace of my route home, completely unprompted, I started turning off location history (lol, yeah right). I didn't even know they were collecting that data, much less analysing it that hard.
These days, that would be considered a feature - not a dystopian hellhole, and you would be a Luddite for turning off this new smartphone augmented brain. The product will make you happy. [0]
Welcome, to City 17. You have chosen, or been chosen, to relocate to one of our finest remaining urban centers. It's safer here.
[0] https://youtube.com/watch?v=5PZ73nLZaqc
OP had it slightly wrong though: it's not tavern records but membership lists of colonial Boston organizations, and the author is a sociology professor (Kieran Healy), not from Princeton or Harvard.
He uses basic social network analysis on historical membership data to identify Paul Revere as the key figure among 254 colonists using nothing but "metadata." The whole thing is written as a satirical report by a British intelligence analyst in the 1770s, which makes it a pretty effective commentary on the "it's just metadata" argument from the NSA debates.
Link: https://kieranhealy.org/blog/archives/2013/06/09/using-metad...
If that's the type of things they say publicly at conferences we can only imagine what a more sensitive comment would look like. How anyone can underestimate the importance of that is beyond me.
"Hey...why is this guy suddenly deviating from his normal routine? License plate readers show him 100 miles out of his normal area. Why did he leave his phone at home?"
Just like social media. Not participating is considered suspicious.
Anyone with Govt. level access (or billionaire level access) can very easily put all this data together.
I actually would be fine with the authorities having the ability to process this data to solve crime and stuff, but only as long as there were checks and balances and it was happening according to the constitution, which it is not right now
>
possession itself of that data without a warrant violates the spirit of the 4th ammendmentDoes it? An 18th-century tavern owner could keep tabs on the comings and goings of their customers. It would have just prompted pushback when they started sharing that list.
Possession isn’t the problem. Sharing is.
The local or federal government do not have the right, or need to know the whereabouts of the average law abiding citizen. There is no "free" information, all information has a cost, whether it be acquisition or storage. Currently the people are taxed to oppress themselves. There is no choice not to be taxed, there is no consent.
The government, does not own the country, it's not "their bar".
>
The government, does not own the country, it's not "their bar"Never mentioned the government. If I shop at a store and the store owner starts selling my information to everyone under the sun, I'm going to keep an eye out for alternatives. I don't mind them collating it. I do when they share it.
And even if they do, they don't automatically consent to all actions performed in their name.
Which was trivially not covered by the 4th amendment [1].
[1]: https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act
Also, "monopoly on violence" is deputised in a lot of ways, including "Stand Your Ground" laws, and "Castle doctrine" (which may or may not include a workplace), and what's allowed for trespass and if trespass includes not leaving when told to.
(And even when it's more of a first amendment issue than a fourth, there's also occasional news stories about people getting sued for leaving negative reviews of a business because the business snuck in a no-disparagement clause into the terms and conditions).
One does not violate the 4th and the other does (though they do it anyway).
The tavern owner is not the government. The bill of rights is about restricting the powers of the government, not of tavern owners.
The detail I failed to understand at the time was just how much money there is in data collection and brokerage.
"We and our 474 partners store and access personal data, like browsing data or unique identifiers, on your device."
474!!!
While we in the US argue about politics, we ignore what's happening behind the curtain.
[1] https://www.penguinrandomhouse.com/books/706321/means-of-con...
1. Theoretically speaking, my (data) privacy is of a high value to me! -- Then you should stop using a smart phone. -- Well...
2. I don't want anyone to create a profile of my habits because it's none of their business! -- Hi, do you have a Walmart+ card? -- Sure, here you go!
And I actually like the concept of reward cards (although I don't use them) because it is pretty much the only way how you can make money off your data.
> Listen, this is nothing new.
"Violations of your constitutional rights have been going on for decades now, so it's time to shut up about them" is certainly a take.
>convenience trumps privacy in practice in a lot of cases. T
I quite recently found that the "CRED" app works by requesting permission to access the user's WHOLE INBOX and reading their mails. The users apparently have no problems giving access to their all mails to some app that they don't have control or ability to scrutinize.
Governments betray the people. That is by definition betrayal.
In this context "age verification" must be seen as an extension of betrayal. Why does a government want to sniff after user data suddenly and make it a law?
I remarked how curious it is that wondrous AI should be the technology people need to experience before they can imagine the dangers of Data Brokers and the Mother Of All Databases (MOAD).
I've said this ad nauseam, but their TOS says they sell to 3rd parties including law enforcement and insurance companies.
Nobody cares though. Main point. Like 80% of the public have no idea or interest knowing what connected services does. If you tell them. They still don't care (my parents).
Example 2019 article https://www.lawfareblog.com/facebook-encryption-and-dangers-...
In reality nothing new.
And dozens of comments underneath, as you might have thought. The company - one 19 year old kid running a node frontend on vercel. First comment - from a marketing manager at some FAANG. If this is not a sign that we are cooked, I don't know what is.
People keep sharing everything they do online, rely on cloud based llms which clearly collect their information. And everyone and their dog understands that AI companies operate at huge losses and promises they will never be able to fulfill. Sooner or later the investors will start asking questions. Governments are in this bizarre place where they are part of this on two fronts. At large because governments are lead by people in their 60's and 70's and have no goddamn clue what AI is beyond magic that can do anything (or so they are made to believe). So they are pouring money into AI companies to do some ridiculous tasks for them, while also pouring money into collecting data. To their minds, it's probably "we have the data and we have access to the all-seeing and all-knowing ai". And while that is happening, sloppers ask that same AI to write their code, where to buy dinner, use it as a therapist, relationship consultant and all that, adding more highly personal data into the bag of data that should remain personal. Forget how bad corporations have been at preventing data leaks. When the investors start knocking on the door, asking for their money and a government asking for a JSON containing your medical records, private information and whatnot, guess who won't think twice about it and happily take the briefcase full of cash.
Ultimately, Idiocracy was supposed to be a comedy, not a documentary but here we are.