3/4/2026 at 3:57:29 PM
by ece
3/4/2026 at 4:25:46 PM
https://archive.md/N3BZVby ece
3/5/2026 at 11:19:31 PM
I have never regretted my decision to aggressively block ads on every device I use, and to shun devices where I can't.by Zak
3/5/2026 at 11:50:04 PM
I am not sure that ad blocking is enough now or in the future as fingerprinting is extremely hard to fight while keeping a convenient web experience. Of course, continue blocking for convenience, but for privacy, more robust solutions are needed. Try to beat this: https://fingerprint.comby Cider9986
3/5/2026 at 8:41:12 PM
That's Scroogled (2007) by Cory Doctorow! Life imitates art, again.https://web.archive.org/web/20070920193501/http://www.radaro...
by orthoxerox
3/5/2026 at 11:25:20 PM
Not imitates but implements maybe.by nine_k
3/5/2026 at 11:14:58 PM
Thanks for that. Good story.by GaryBluto
3/5/2026 at 11:43:27 PM
[dead]by scroogedhard
3/5/2026 at 6:55:15 PM
I work with Ad Data a lot in my job, and there's a lot of misconceptions about what this data that journalists love to propogate:The location data in these networks is very inaccurate. Your OS and browser actually do a pretty good job of locking down your location data unless you give explicit permission. It's in the ad network's interests to lie about the quality of their data - so a lot of the "location" data is going to be a vaguely accurate guess based on your IP address.
But also, location data is really important to ads right now because, contrary to common perception, per user tracking is very, very hard. Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is unique. Which is why you are often served advertisements based on what other people on your network is searching - it's much easier to just blast everyone at that IP address than it is to find that specific user or device again in the data stream.
Bidstream data in particular is very fraught. You're only getting the active data at the point the add is served, but it's not easy to aggregate in any way. You'll be counting the same person separately dozens or hundreds of times with different identifiers for each. The data you get from something like Mobilewalla is not useful for tracking individuals so much as it's useful for finding patterns.
I think it's pretty telling from the few examples shared about how agencies actually use the data:
>"CBP uses the information to “look for cellphone activity in unusual places,” including unpopulated portions of the US-Mexico border."
>According to the Wall Street Journal, the IRS tried to use Venntel’s data to track individual suspects, but gave up when it couldn’t locate its targets in the company’s dataset.
>In March 2021, SOCOM told Vice that the purpose of the contract was to “evaluate” the feasibility of using A6 services in an “overseas operating environment,” and that the government was no longer executing the contract
Something is going to have to be figured out about this data - realistically the only way is a sunset on customized advertisements. However, I would personally not be worried (yet) that the government is going to be able to identify an individual and track them down using these public sources as they currently are.
by legitster
3/5/2026 at 11:41:06 PM
> Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is uniqueYou'd be surprised what can be done when data from different source is fused together.
Large-Scale Online Deanonymization with LLMs: https://news.ycombinator.com/item?id=47139716
Robust De-anonymization of Large Sparse Datasets: https://www.cs.cornell.edu/~shmat/shmat_oak08netflix.pdf
by dygd
3/5/2026 at 7:06:55 PM
Neither the government nor an ad agency needs to know where I am, no matter how "rough" the data is. It's none of their business.by ducttape12
3/5/2026 at 11:48:00 PM
But dude... just think of all the optimal personalized mattres sales they can do with that data. I mean, people that use the bathroom at 3:57pm for seven minutes are 0.00138% more likely to buy a new mattress within the next six months. They need that data. Think of all the unsold mattresses.by bigbuppo
3/5/2026 at 11:41:18 PM
Agreed, here is one use case where I love my phone being location aware: when I walk into Lidl, swipe for my apps, Lidl pops up so I can check the significant coupons. It's a tiny convenience, I know how it works at a high level, and it's great.This is on iOS, and Apple gets all kinds of crap, but if there were some kind of Nobel/Oscars for privacy, Apple would be a consistent winner. I kinda trust them.
I am relatively paranoid, I have location turned off for all apps, except while in use for GMaps, Uber/Bolt, etc.. I use the only decent VPN all the time, but I do have location services enabled in general, as ever since our mom had a health scare, we like to give her peace of mind with Find My.
If you have read all that, I am looking for a sanity check. Would you agree that I drew the line in the correct place? Can we at least have some nice things, or best not to?
by consumer451
3/5/2026 at 7:27:30 PM
At this point, your device is not giving anyone your location without explicit permission. So it really just comes down to your IP Address, which services do need.by legitster
3/5/2026 at 8:36:10 PM
I think your is statement is inaccurate to the point of being intentionally misleading:Many devices, when running, and in some cases even if turned off but connected to their battery, will ping cell towers (maybe even BLE/Wifi) and get triangulated by the network infrastructure (such as cell towers) without actively broadcasting the GPS location.
That's why I don't quite understand why the gubernment needs to have finer grained data (esp around the US/Mexican border). Precision location info would only be needed if you need to track people in densely populated areas.
by golem14
3/5/2026 at 11:16:06 PM
Cell-site location information (CSLI) is not available to apps or adware and is protected by the Fourth Amendment.by legitster
3/5/2026 at 10:18:32 PM
That location information is not available to apps or ad networks without user consent. The government can access it from the carrier with a warrant, but that's not what we're discussing here.by jonas21
3/5/2026 at 11:34:49 PM
Carriers have also sold customer location data, no search warrant required. Though we can rest assured that the FCC has slapped the carriers' wrists with the utmost seriousness.by techdmn
3/5/2026 at 11:49:48 PM
And sold it to not just the government but anybody _claiming_ to be a bounty hunter (and some other professions).by lesuorac
3/5/2026 at 9:54:52 PM
IP Address is all you need to get fairly accurate (town or neighborhood) location for most of North America.But it is necessary to send it somewhere, otherwise the internet wouldn't work.
Unfortunately it seems to have become accepted for our devices to communicate constantly and often with services we never explicitly started communication with (like Ad networks used in Apps).
Permission systems on devices should care about Network connections just as much as Location. Ideally when installing an app you'd get the list of domains it requests to communicate with, and you could toggle them. Bonus points if the app store made it a requirement to identify which Domains are third parties and the category like an Ad service.
by notnullorvoid
3/5/2026 at 11:03:19 PM
I think the issue here is one of informed consent. You might say, "OK, this makes sense" when agreeing to location data for a weather app. In the context of whether it's going to hail soon, location is reasonable. What you only see in those GDPR-type banners is that the data is being re-sold off to 1001 "partners", none of whom are important for my hail-to-head concerns. Never mind all the cases where it's re-sold on to all the governments and personal-level creeps through aggregators.by tlavoie
3/5/2026 at 11:25:43 PM
IPv6 addresses, particularly hardlines, are often accurate down to the block.by unethical_ban
3/5/2026 at 9:13:56 PM
Then you are obligated to obscure that with a trusted no-log VPN too.by tencentshill
3/5/2026 at 11:32:54 PM
The government does need to know where the people building their lives on breaking the law are. Don't think CBP wants to know where you are.by jojobas
3/5/2026 at 11:23:28 PM
1000% agreed with thisby cm2012
3/5/2026 at 9:49:17 PM
I have 26 apps on my phone. Of those, four are Safari extensions, one is a PWA and another I wrote myself. I use a restrictive nextDNS profile that also blocks Apple's native tracking (as best they can) and don't use social media. I feel like that's the best I can realistically do.by cdrnsf
3/5/2026 at 10:58:40 PM
And you do realize your cellphone is constantly sharing your location with your cell phone company which is more than willing to give it to the government without a warrant.Whatever you are doing is meaningless privacy theatre
by raw_anon_1111
3/5/2026 at 10:28:10 PM
...and the phone itself broadcasts your position to the cell towers with remarkable accuracy, 24 hours a day.by azalemeth
3/5/2026 at 10:46:08 PM
Hence the "realistically" qualifier.by cdrnsf
3/5/2026 at 11:32:37 PM
I run as few apps as possible, use Firefox / Ublock on my phone. I do play the odd card game (ad-supported), but only 1 or 2 times a month. I may just buy the app outright at some point.Does sharing location with family (Android) leak any data?
by hn_acc1
3/5/2026 at 11:15:49 PM
Is this something European style privacy laws would protect against? Though given the US political situation we are far from being able to enact any kind of anti-authoritarian protections...by dzdt
3/5/2026 at 11:19:33 PM
You can enact all the laws you want, but what do you do when the government in charge just ignores them?by paxys
3/5/2026 at 11:37:05 PM
You can increase your chances by crafting the laws differently, at least.A law that says the government can't ask for this stuff doesn't help very much. They'll ignore it when it suits them.
A law that says it's illegal for private companies to hand it over would be better. When caught between a request from the government and a law that says they're not allowed to honor that request, there's a good chance they'll obey the law rather than the rogue agency.
A law that says it's illegal for private companies to collect this data in the first place would be even better. It could still be worked around, but it's more likely to be uncovered, and they'd only get data after the point where they convinced a company to start collecting it.
by wat10000
3/5/2026 at 11:25:06 PM
“Would European-style privacy laws protect against this?” is the kind of question that sounds more clarifying than it actually is, because it collapses about five separate problems into one vague gesture at “Europe.”The issue here isn’t simply “lack of privacy law.” It’s:
1. apps collecting precise location data in the first place,
2. adtech infrastructure broadcasting that data through RTB,
3. brokers aggregating and reselling it,
4. government agencies buying it to avoid the constraints that would apply if they tried to collect it directly, and
5. regulators failing to stop any of the above in a meaningful way.
European law is relevant to some of that, but not as a magic shield. GDPR and ePrivacy principles are obviously more restrictive on paper than the US free-for-all, especially around consent, purpose limitation, data minimization, and downstream reuse. But “on paper” is doing a lot of work there. Europe has had years of complaints about RTB specifically, and yet the adtech ecosystem did not exactly disappear. That should tell you something.
So the real answer is: yes, a stronger privacy regime can help, but no, this is not a problem that gets solved by vaguely importing “European-style privacy laws” as a concept. If the underlying business model still allows mass collection, opaque sharing, and resale of location data, then state access is a policy choice away. Governments don’t need to build a panopticon if the commercial sector already did it for them.
Also, the most important legal question here is not just whether private companies should be allowed to collect/sell this data. It’s whether the government should be allowed to buy commercially available data to do an end-run around constitutional and statutory limits. That is a distinct issue. You need rules for both the commercial market and state procurement, otherwise the state just shops where the Fourth Amendment doesn’t reach.
In other words, the contrast is not “Europe = protected, US = authoritarian.” The contrast is between systems that at least attempt to constrain collection and reuse, and systems that let surveillance markets mature first and ask questions later. Even in Europe, enforcement gaps, law-enforcement carveouts, and institutional incentives matter enormously.
So if the goal is to understand the story, the useful question isn’t “would Europe stop this?” It’s “what combination of collection limits, resale bans, procurement bans, audit requirements, and enforcement would actually make this impossible in practice?” Anything short of that is mostly aesthetics.
by refulgentis
3/5/2026 at 11:38:10 PM
Very clearly put, and I'd only emphasise that without the final "enforcement" point of that, the other points become entirely irrelevant. While European regulators have imposed some significant sounding fines on prominent entities, they generally work out to be "less than the value gained by doing the thing in the first place" - or at least close enough to that for the entity to not consider it too negative/a future deterrent.Unless you have some body which is a) serious about enforcement, b) sufficiently toothful to make a dent and c) not undermined by wider geopolitical posturing or economic neutering, you can have all of the regulation you might want and still end up in the same place. I'm not arguing that we shouldn't try and control this, but that we have some extremely large genies to stuff back into bottles along the way.
by kolektiv
3/5/2026 at 11:30:21 PM
So if:- you always denied those popups
- .. including any hidden legitimate interest sections that are being treated as a second, opt-out "consent" for things that really don't actually qualify as legitimate interest
- and the companies actually followed it
Then in theory the companies won't have that data. But doing 1 is tedious, companies exercise dark patterns to avoid you doing 2, and it's hard to audit if they've done 3, so most people are probably in those data sets.
Also, a government likely to buy this data for purposes like in the original article, is unlikely to be the type of government that goes around slapping companies for not complying with privacy regulation on that data.
by Macha
3/5/2026 at 6:20:32 PM
Taxpayers' money used to track taxpayers and finance the advertising industry.by apopapo
3/5/2026 at 6:42:12 PM
I can’t respond directly to octoclaw’s dead comment (edit: embarrassingly this was an LLM), but I will just say I agree, it is ridiculous both how cheap this data is and how many people aren’t aware of it. It’s not just governments who can get access, either.This is another reason why you should not be carrying a phone everywhere except for times where you absolutely need one.
by iamnothere
3/5/2026 at 7:28:29 PM
From my experience this data is not cheap from an average consumer perspective.by ramoz
3/5/2026 at 7:51:21 PM
Not for consumers but cheap for the people (mis)using it in bulk.by iamnothere
3/5/2026 at 6:46:08 PM
It is dead because it is an LLM.by Luc
3/5/2026 at 7:03:25 PM
Wow, they are improving. None of the usual tells, fairly accurate. That’s a little concerning.by iamnothere
3/5/2026 at 9:06:22 PM
Still has the "it's not A, but B" rhyme, if not literally the pattern. But yes they are getting better.And it's a pretty new account.
by SoftTalker
3/5/2026 at 10:36:06 PM
>For years, the internet advertising industry has been sucking up our data, including our location dataFor years, people have been sharing everything they do, what they do, people they spent time with, where they live.
Advertisement industry just adds more info to complete your profile, what you buy, what you watch, what you speak online, etc.
by h4kunamata
3/5/2026 at 10:50:36 PM
People here complain that programmers aren’t engineers because real engineers can accidentally kill people and get sued if they mess an equation up. Instead of just breaking a build or something.I think it’s more concerning that programmers seem to have no care or shame about designing systems that works against the users’ interests. Did you share something intimate in our chat? Well it’s not E2E, moron, we have that now. How could you be this stupid?
I can’t think of another profession (except pure value extraction types) which revels in exploiting people for not having the time or care to arrange their digital lives around the booby traps that nerds set for them.
by keybored
3/5/2026 at 11:28:17 PM
As an old-school programmer who thought computers would improve people's lives back in the 80s when I was a wide-eyed teenager.. I am constantly appalled by the current generation of SV people who are very right-leaning and are happy to steal anything and everything they can. It didn't seem like this 20 years ago when I started. I hate the advertising industry with a passion.Anecdotally, it feels like it fits right in with the "if there's no cop around to give me a ticket, I can drive however I want" attitude I've seen post-Covid. People entering two-way turn lanes or HOV merge lanes to PASS people in the main lane. People going through stop signs without any stopping while I'm waiting for my turn. Using the HOV on-ramp lane with only the driver to merge onto the freeway where it's clearly marked "24 hour HOV lane", etc.
It's as if the entire social compact evaporated during/after Covid, and "everyone only out for themselves" is the norm now.
Or maybe I'm just more aware of it and more cynical.
by hn_acc1
3/5/2026 at 11:45:47 PM
It really cannot be both ways--the tech industry cannot both be producing critical infrastructure and be immune from liability. We've tried this experiment before, and millions suffered and died needlessly. We have electrical codes, building codes, automotive safety standards, etc., because many, many people died preventable deaths. With the amount of leverage tech has over the economy I don't think it's reasonable that we don't have software engineering codes and professional accountability. But I have absolutely no confidence we'll get there until there are multiple deadly catastrophes over a series of decades.by jcgrillo
3/5/2026 at 10:56:00 PM
A thief thinks everyone steals.by vasco
3/5/2026 at 11:34:42 PM
You can also use the ecosystem for useful stuff:"Jeffrey Epstein’s Island Visitors Exposed by Data Broker" - https://www.wired.com/story/jeffrey-epstein-island-visitors-...
by inaros
3/5/2026 at 10:21:11 PM
I am surprised the article does not mention obvious mitigation strategies, including network-wide DNS blacklists, browser ad blockers, and not using proprietary apps on phones.by drnick1
3/5/2026 at 9:13:19 PM
> What You Can Do To Protect Yourself> 1. Disable your mobile advertising ID
> 2. Review apps you’ve granted location permissions to.
I'm surprised they missed the most important step, which is blocking the advertisers from collecting your data in the first place. This is easily done in the browser with uBlock Origin and system-wide with DNS filtering.
by surround
3/5/2026 at 8:27:43 PM
There’s literally a flock camera at basically every street location that one suburb borders another where I live.There’s really not any legal practical way to avoid ALPRs.
I’m pretty sure the government knows where I am 24/7. I’m not going to worry about targeted advertising by the government anymore and just worry about it the people reselling it to non-governments for use.
by daft_pink
3/5/2026 at 7:25:43 PM
I worked closely to some of this. There were strict policies in place to never monitor US Citizens. That said i was focused in more kinetic warfare domains and not sure what would've extended past the borders by local law enforcements (DHS typically dictated no-us-soil policies). But, this is a money-hungry data pipeline of resellers and aggregators and they were always eager to sell more.by ramoz
3/5/2026 at 7:33:04 PM
How do they determine if the person is a US citizen? I've sometimes wondered if my Google account is caught up in mass surveillance of non-Americans because I created my main email address while living in Australia, though I am a US citizen and only a US citizen. I haven't checked in a while, but I know that even in the US, checking my email on the web it would show that it was connecting to an Australian domain.by zoklet-enjoyer
3/5/2026 at 7:51:44 PM
It was typically isolated in procurement, only buying data from "outside of the border" - data was packaged by geo regions typicallyby ramoz
3/5/2026 at 6:00:31 PM
So they say to turn of location permissions and stuff, but what about the network carrier? Any privacy focused cell services that are reasonably priced?by giantg2
3/5/2026 at 6:16:41 PM
Don't think so - they're all very expensive because cell networks are expensive. You can get a burner phone, only use it as a tethered internet connection for your laptop which runs VPN software.by pocksuppet
3/5/2026 at 6:37:30 PM
Phreeli seems to be the privacy promoting MVNO with the cheapest options. Not sure if it’s been audited or what its guarantees are, but anything is probably better than the big carriers.by iamnothere
3/5/2026 at 7:15:32 PM
Thanks! This looks like what I wantby giantg2
3/5/2026 at 10:28:45 PM
Silent.link, jmp.chatby drnick1
3/5/2026 at 6:22:42 PM
Turn off the phone entirely.by SoftTalker
3/5/2026 at 6:54:09 PM
Most have internal batteries and are still "on" to a certain extent unless the battery is completely discharged.by kirth_gersen
3/5/2026 at 10:55:30 PM
It's "on" enough to detect the activity needed to wake it back up. But will a powered-off phone still be pinging cell towers or making WiFi requests?by SoftTalker
3/5/2026 at 7:05:50 PM
Use one of the few phones with hardware kill switches or removable batteries.by iamnothere
3/5/2026 at 7:39:49 PM
If you cover your phone with an antielectrostatic bag it can't communicate; that is a Faraday cage.Since people around you will think you are also wearing a tinfoil hard, you had better stick to the phones with hardware switches as sibling comment mentions
by catlikesshrimp
3/5/2026 at 7:40:46 PM
I get that anything emitting can be tracked and stuff. I'm looking to take a baby step where I'm at least not having every possible detail recorded and sold. That Phreeli recommendation from another user seems like exactly what I want (paired with other things like a VPN of course).by giantg2
3/5/2026 at 9:50:13 PM
It always kinda amazes me how people panic about gov data use but barely blink at the private sector doing the exact same thing… except way less transparently.Like yeah, sure, governments collecting data deserves scrutiny. 100%. But at least in most democracies there are audits, oversight bodies, privacy commissioners, courts, access to information laws, etc. There are actual mechanisms where someone can ask “why are you doing this?” and force an answer.
Meanwhile we hand over our location, browsing habits, shopping patterns, sleep schedule, and probably our favorite pizza topping to dozens of private companies every day. Those companies can aggregate it, sell it, profile you, feed it into ad markets, train models with it, or ship it across borders… and most of the time nobody outside the company even knows it’s happening.
So yeah, data collection in general is worth debating. But the irony is wild when people lose their minds over the one place that at least has some governance and accountability, while the entire private ad-tech ecosystem is basically “trust us bro” with a 40-page terms of service nobody reads.
by theropost
3/5/2026 at 7:57:36 PM
Why we need to use pihole more aggressively.by Sparkyte
3/5/2026 at 6:08:30 PM
Israeli malware companies also use targeted ads to use drive-by exploits to infect people's devices using ad networks based on IP addresses:https://securitylab.amnesty.org/latest/2025/12/intellexa-lea...
The fact that we still just allow arbitrary 3rd party code to run through ad networks is bizarre.
by lyu07282
3/5/2026 at 6:32:23 PM
> The fact that we still just allow arbitrary 3rd party code to run through ad networks is bizarre.It's interesting to imagine how things would change if those ad-networks were legally liable for their role in spreading scams and malware.
by Terr_
3/5/2026 at 7:28:03 PM
I can't help but wonder how much is being spent.by blurbleblurble
3/5/2026 at 10:58:44 PM
Duh, what do you think we were building for the last 10 years? Does anyone with two brain cells think that corporate surveillance wasn't going to be co-opted by authoritarianism?The only people who didn't understand this were either delusional or being paid not to.
by tototrains
3/5/2026 at 11:00:53 PM
Well I didn't expect the leopards to eat _my_ face.by pelotron
3/5/2026 at 11:16:06 PM
Yes, some people really didn't expect that billionaires without any moral compass would do this...by coliveira
3/5/2026 at 11:08:31 PM
I’m not sure that’s fair, the majority of the American population are pretty dumb due to the poor education system. Most weren’t alive for WW2 so they’ve not come very close to an authoritarian threat in the past either.by hsbauauvhabzb
3/5/2026 at 11:16:44 PM
The poor education system is correct, but that is by design.by coliveira
3/5/2026 at 11:07:21 PM
[flagged]by CodeWriter23
3/5/2026 at 11:03:20 PM
I wonder how many people upset about this have ring cameras on their houses?by SV_BubbleTime
3/5/2026 at 6:07:17 PM
We can not trust many "governments". The financial incentives are just too powerful. There are cases of people becoming millionaires after they left politics. Post-retirement payback and kickbacks.by shevy-java
3/5/2026 at 8:21:13 PM
Yep, former prime ministers of Australia Kevin Rudd bought a house for $17 million. Do have to wonder were they got all that cash. And that is nothing exceptional, we see this in all manners of governments the world over.by HerbManic
3/5/2026 at 7:43:54 PM
After they left? Try 6 months in.by pessimizer
3/5/2026 at 11:04:56 PM
Yet another reminder that everyone everywhere should be blocking all ads all the time. I don't say that lightly as absolutes tend to not be the appropriate solution, but an absolute stance of blocking ads is appropriate.by hightrix
3/5/2026 at 11:12:55 PM
100%, this has been my soap box for years.A very easy, effective, multi-layer setup:
1. Browser adblocker
2. Pi hole running locally
3. Pi hole at your home network router level
And 4, not as easy but effective, a firewall like Little Snitch
Edit: the other good news is your old data loses value quickly, so starting today is still very effective: you haven’t missed the boat yet!
by derwiki
3/5/2026 at 11:44:53 PM
This doesn't cover in-app adds on phones over mobile data, which is probably the main vector for the tracking discussed in the article. For that:1. Adblocking via private DNS (e.g. https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)
2. Prefer websites over native apps wherever possible
3. Browser adblocker
Hosts file adblocking is also possible on a phone where you have root.
by Zak
3/4/2026 at 6:33:02 PM
Earlier: https://news.ycombinator.com/item?id=47240343by ChrisArchitect
3/5/2026 at 6:04:59 PM
[dead]by octoclaw