Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Data Broker Hack Exposes Location Info From Millions of iPhone Users
- Thread starter MacRumors
- Start date
- Sort by reaction score
I am afraid this is not much help. You can be tracked via your sim card through the cellular towers. In addition, people need to share their location from time to time like when using GPS/maps, ordering food, or shopping online.
the problem is collecting and sharing the data.
The ad industry is incredibly valuable and adds a ton of value. It just isn't for you or I...
Check their website. They fire very little my guess they are sending it through back end servers which are now possible and much harder to tell what data is getting collected. Also my guess Apple has very strict cyber security policies preventing any keys to be generated that aren’t rotated requiring specific lowest access level requirements for service accounts etc.I wonder how long before someone finds a reason to sue Apple over this.
Not possible at this point. Many trackers use a subdomain think cloudcapi.apple.com that they forward data to then process with google cloud or Aws servers and send the data behind the scenes. It is very hard to block trackers either server to server signals these days.
Without ads how do sites like this operate? Doubt you’d pay $4 even a month for each useful website you use.
Bummer. Thanks for the info.
I don't use any of the apps listed, but it still sucks.
Ads =/= tracking. I see billboards everyday, which are ads, and they don't track me. I see TV ads on broadcast, and they don't track me. I hear ads on FM radio, and they don't track me.
The entire internet could be run on ads without tracking.
Ads is 1 thing. Tracking you all over the place and selling your data is another
When I was organizing and scheduling ads for my sports club I just payed ads for the right demographic. Why should I pay for random 100.000 views of unrelated people? I just payed for 5.000 ads and set all the filters and parameters and targeted just the small amount of people who might attend our games. Tracking is incredibly valuable for ad companies.
See my previous post. Internet ads are far more efficient when they are targeted for the right consumer group. TV ads and billboards cost millions and waste 99% of views.
One option is to see what phones are at a given home address. If you know the target address you check what phones are there over night. If the person is found to go shopping at 4pm it may be the wifes phone. If you see one of the phones being at school location than it’s probably a kids phone. If the phone is all day at an office location it may be one of the adults. Just connect the dots.
Or maybe you don’t know the targets home address. But you know his workplace? Or his kids school? His gym?
Google and Facebook are two of the biggest advertising companies in the world, and also two of the wealthiest companies in the world. I don't really care what their efficiency is. They are wealthy because they are invasive. I'm not going to support that, and if websites don't like it, it's their problem.
Additionally, I've bought billboard ads. They don't cost millions.
Last edited:
Right, this is why we need a real on-device firewall from Apple and not stupid work around solutions like fake VPNs. You can block subdomains with the more advanced solutions but you basically need to man-in-the-middle attack yourself to intercept the data.
As I said earlier in the thread, the overall situation is ridiculous and these stories are symptoms of a much larger sickness with the entire tech industry. Apple does “ok” but not nearly as much as they could.
Hopefully things improve year over year again as more of these stories start happening and people get a greater understanding of what data brokers are – I think it’s one cause that most people would get behind, virtually no end-user wants to be profiled so invasively.
There’s a reason a lot of crash analytics / bug reporting providers are worth a ton of money, and it isn’t because they are making software safe. That kind of thing still slips by Apple’s current options and toggles for the most part.
Until REAL FINES are levied...in the millions and 10s of millions of $$$$....nothing will change. CEO and executive bonuses will always trump Capex on security.
Data broker Gravy Analytics has been hacked, and location information from millions of iPhone and Android users is at risk, reports TechCrunch. Gravy Analytics' parent company Unacast disclosed the data breach earlier this month [PDF], and said that its AWS cloud storage environment had been accessed by an unauthorized person using a "misappropriated access key."
"Some files" were obtained, and preliminary findings suggest those files "could contain personal data" collected from users of third-party services that use Gravy Analytics. According to 404Media, hackers are claiming to have customer lists and location data from smartphones that shows peoples' precise movements, with millions of users affected. Some of that data, which does indeed include the historical location of smartphones, has been published on private forums.
Gravy Analytics says that it tracks more than a billion devices around the world daily, and security researchers that saw a sample of the data collected by Gravy Analytics confirmed that the information can be used to track a person's recent locations, with no anonymization.
In December, the United States Federal Trade Commission (FTC) prohibited Gravy Analytics and its subsidiary Venntel from selling, disclosing, or using sensitive location data in any product or service. The FTC warned that the two companies exposed consumers to privacy harms that could include disclosure of health information, political activity, and religious practices, and put people at risk of stigma, discrimination, violence and other harms.
The order required Gravy Analytics to delete all historic location data and any data products developed using data collected from consumers, but it was apparently too late because the company's systems had likely already been breached at the time.
Gravy Analytics collects location data through a real-time ad bidding process that allows companies competing to buy an ad to see customer IP address and more precise location data if enabled. Gravy Analytics' database had location data from iPhone apps that include FlightRadar, Grindr, and Tinder, and while the apps did not have a direct relationship with the data broker, user location information was collected through their ads.
Turning off app tracking in the Privacy and Security section of the iPhone's Settings app keeps ads from being able to obtain a unique device identifier to link location data to a specific device, and preventing apps from using precise location data is also a way to preserve more privacy.
Baptiste Robert, CEO of security firm Predicta Lab, told TechCrunch that iPhone users that had app tracking disabled did not have their data shared.
Article Link: Data Broker Hack Exposes Location Info From Millions of iPhone Users
I would hope it was encrypted and assumed it was.
Even if the encryption was something the NSA couldn't open up, they do store it for later use. Most companies though use standard encryption, which the NSA has had their hands in already. So, I wouldn't doubt them being able to open up and see this data.
And the NSA would have a quantum computer at their disposal or their own (years ago I knew there was 11 in the world but everyone only admitted to 5) but probably doesn't care too much about this kind of data to run it through, if this wasn't standard encryption that they already can get into.
The NSA have advanced over a decade since Snowden (and other whistleblowers) and have all the new systems and "programs" in place that upgraded, changed and replaced everything that was public. And out of all the data that was revealed by Snowden to date, it only accounts for about 1% of the information, from back then.
I also worked for an ad agency and booking thousands of billboards across the country plus tv commercials cost the customer millions.
And as a customer I don’t accept cookies. Yes I still get ads but they are not targeted. A company that sells ads targeting just the people who are interested instead of everybody makes financial sense.
Let me guess you don’t accept third party cookies and block ad trackers. Well for us unless you are blocking a non standard google tag a manager from our own domain and blocking first party cookies you are still getting tracked unless you reject all in our consent management. We have moved all tracking to server to server using google tag manager hosted on a custom domain.
Happens far too often. Hmmm from an outsiders persp. It sounds like it’s cheaper just to have the breach rather than day in day out implement security needed to avoid it
Interesting.
Never illegal. Too much $ then of course rhe all Powerful political donations. It’s blatant as can be, seemingly.
U Get what you pay for, age old tale. Subscription services would be great if you could like bundle your website into tiers and the ones you traffic the get biggest cut
Or relay is only via safari ?
As far as intelligence is concerned, from what I’ve heard others say either places like here or maybe a quick article or two, it seems apples privacy focus approach to AI is fairly unique in that sector…so that means intelligence IS privacy embodied..,