Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.
Welcome back to Your Password Sucks, the Daily Dot newsletter that answers all your internet security-related questions.
Today, we’re here to share some important security advice after a major exposure of cell phone location data.
Hackers leak location data from major broker
In a fantastic scoop by 404 Media last week, it was revealed that hackers claimed to have stolen cell phone location data from a big-time data broker.
For those that don’t know, your cell phone has an advertising ID. Those IDs are unique identifiers assigned to mobile phones that help advertisers personalize their offers and track your activity.
The ID is supposed to help anonymize who you are. But it’s been proven countless times in the past that it is trivially easy to deanonymize someone by their location data.
For example, if you had access to location data and someone’s address, you could simply check which advertising IDs or devices visit that home. From there, you could see where the device goes to work to determine who owns that phone.
This information is purchased in bulk by everyone from private investigators to, most concerning, government agencies. Government bodies like the FBI, DEA, and even the IRS have purchased location data in the past, which allows them to track Americans without getting a warrant.
But the situation just got even worse. As I said above, hackers claim to have accessed years worth of location data from a firm known as Gravy Analytics. And to prove they breached the company, they shared a sample containing over 30 million location data points.
These data points show up everywhere––random homes, corporate offices, and even the White House. To make matters worse, the hackers are threatening to publish all the data they have, which could allow anyone with access to track where people were in the past.
The Daily Dot was able to examine the data, and with the help of Baptiste Robert, CEO of the tech firm Predicta Lab, we checked out some high-profile locations to see what the data would show. Luckily, the sample only covers a handful of recent days. Still, the issue is concerning and could get worse.
How to limit location data sharing
So, what can you do? Unfortunately, fully stopping online tracking is a near-impossible task. But there are steps you can take to limit how much your data, especially your location data, is collected by third parties.
If you have any Android phone, go to your Settings and click on Privacy. From there, find the option for Ads and select Delete advertising ID. Again, there are other ways you are tracked, but this will help with many of the apps on your phone that scoop up your data.
On iPhone, the steps are similar. Go to Settings, click Privacy, and then choose Tracking. Firstly, you want to make sure to switch OFF the option for Allow apps to Request to Track if you haven’t already. Next, go back to the Privacy menu and find Apple Advertising and switch off Personalized ads.
That’s it!
Of course, there are other things you can do as well: Use a good ad blocker and VPN, two topics we’ve covered in this newsletter before. Hopefully, this simple switch will help you claw back just a little bit of your privacy!
The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.
