Scoop: AT&T, T-Mobile, Sprint all selling customers' real-time location; ultimately ends up in the hands of bounty hunters. I know, because I paid someone $300 on the black market to track us. Located to a specific part of New York. No hacking required https://t.co/0YtKw5LQwG
Telcos sell customers' real time location to one set of companies, that then sell it to an array of different industries: car rental, fraud detection, and yes, bounty hunters. The supply chain is so complex, the telcos don't even know who has your data https://t.co/0YtKw5LQwG pic.twitter.com/Y6LJvcHvJP
Any whispers of something similar in the EU, specifically without hacking or SS7 trickery?
Even if AT&T, Sprint, T-Mobile sell their location data to one company, it eventually trickles down to people not authorized to use it at all. Including me. Potentially stalkers, criminals too. "People are reselling to the wrong people," source said https://t.co/0YtKw5LQwG pic.twitter.com/x5WYhN6Ubx
Liam Bell @LiamJohnBell
Happens in the UK as the banks use it for fraud detection, I'm surprised this is a story as it's fairly well known, or so I thought anyway.
A bank doing fraud isn't me buying it on the black market
Here's what T-Mobile CEO @JohnLegere said the first time it was revealed his company sold customer location data. He said he personally intervened to stop selling to shady middlemen: https://t.co/PwqG97UFe5
We just bought that data from a shady middleman: https://t.co/0YtKw5LQwG pic.twitter.com/goUTYy0Ly1
I posed as a potential customer to the company selling phone location data for a wide array of businesses. I explicitly said I wanted to use it for bounty hunting. That wasn't a problem; gave a price list. Locate AT&T, Sprint, T-Mobile phones for $5 a pop https://t.co/0YtKw5LQwG pic.twitter.com/ISPjBtD05p
But that direct purchase from the company is not the worst bit. It's the black market that has emerged, with companies only being aware bounty hunters are reselling phone location data when we told them. Apt this happens in 2019, the year of Blade Runner https://t.co/0YtKw5LQwG pic.twitter.com/7Vza0x2dRb
When we sent the $300 to track the phone, the source responded with a Google Maps interface, showing the phone's (correct) approximate location. To be clear, the phone received no warning it was being tracked. No text message. People can do w/o consent https://t.co/0YtKw5LQwG pic.twitter.com/5BaFHcpvHh
Jᴀqᴇn H'ghᴀr @RealFacelessMan
this doesn't happen in the EU due to more robust privacy laws at the EU. I know because I've purchased these data sets before in the US for investment research (eg tracking customer shopping patterns and location data) but they are not available in the UK.
The company that provided the phone location data to our middleman had no idea their service was being abused. Only cut them off when we contacted them. T-Mobile, AT&T only cut off when we contacted. Sprint didn't say. https://t.co/0YtKw5LQwG pic.twitter.com/qmOT48ff6s
Ryan Lackey @octal
This is real journalism. Seriously impressed.
Jon Poole @jonpoole
I've seen it floated as part of free WiFi type deals, in eg civic space in UK, but v clearly opt in.
How this data of AT&T, Sprint, and T-Mobile phones trickles down is complex, and at each stage the telcos get less idea on how it's actually being used. But something I tried to highlight—they are ultimately the ones selling the data here. It's them https://t.co/0YtKw5LQwG pic.twitter.com/jNGpExtlis
Senator Ron Wyden on our findings that AT&T, T-Mobile and Sprint are ultimately selling phone location data to bounty hunters, as well as being sold to people not licensed to use it (like me): "the possibilities for abuse are endless."https://t.co/0YtKw5LQwG pic.twitter.com/V6QhuZarOg
Naturally I was pretty interested if the FCC was going to investigate AT&T, Sprint, and T-Mobile selling customers' location data down to bounty hunters. But because of the government shut down I have no idea https://t.co/0YtKw5LQwG pic.twitter.com/nzLCPdJBTv
We've covered how malware is used by abusers to track, stalk targets. Has led to sexual assault. With this phone data from AT&T, Sprint, T-Mobile, some bounty hunters have used it to track their girlfriends, I was told https://t.co/0YtKw5LQwG pic.twitter.com/1j3dnggeqU
If you're really concerned about this sort of thing, you can do something that is entirely impractical for 99% of people—ditch the mobile phone, and use a WiFi only iPod instead https://t.co/IgYhQm13Lm
im going to believe this in response to the piece https://t.co/ZCi7wIupLC