Tim investigated the precision of location data used for targeted advertising by requesting his own data from ad networks. He found that location information shared with these networks, often through apps on his phone, was remarkably precise, pinpointing his location to within a few meters. He successfully identified his own apartment and even specific rooms within it based on the location polygons provided by the ad networks. This highlighted the potential privacy implications of sharing location data with apps, demonstrating how easily and accurately individuals can be tracked even without explicit consent for precise location sharing. The experiment revealed a lack of transparency and control over how this granular location data is collected, used, and shared by advertising ecosystems.
In a detailed blog post titled "Everyone knows your location: tracking myself down through in-app ads," author Tim Schneeberger meticulously documents his personal investigation into the precision and potential invasiveness of location tracking within mobile advertising networks. He begins by establishing the premise that while most users are vaguely aware of being tracked for advertising purposes, the granular accuracy of this tracking often remains unappreciated. He then embarks on a self-experiment designed to illuminate the extent of this tracking by deliberately attempting to identify himself within the anonymized location data streams used by advertisers.
Schneeberger outlines his methodology, beginning with the selection of a highly specific and uncommon location: a secluded cabin nestled in the Swiss Alps, accessible only by a private road. He hypothesizes that the uniqueness of this location, coupled with the temporal element of his presence there, would make it identifiable within the aggregated location data available to ad networks. He then utilizes a custom-built Android application programmed to intercept and analyze bid requests – the process by which advertising networks auction off ad space within apps based on user demographics and location.
Over several days, Schneeberger meticulously records the bid requests generated by his device while at the cabin. He analyzes the geographic coordinates included in these requests, noting the remarkable precision with which his location is pinpointed, often within a few meters. He also observes fluctuations in the density of bid requests, speculating on potential correlations with his movements and activities within the cabin's vicinity.
The author then proceeds to demonstrate how this precise location data could be used to identify an individual. He posits that by cross-referencing the anonymized location data with publicly available information like property records or social media posts that might mention a stay at a remote cabin, it becomes increasingly feasible to de-anonymize the data and identify the individual associated with those coordinates. This, he argues, highlights a significant privacy concern, as even seemingly anonymized location data can be exploited to reveal sensitive information about an individual's whereabouts and activities.
Furthermore, Schneeberger explores the mechanics of location tracking within mobile apps, explaining how GPS coordinates, Wi-Fi network information, and cellular tower triangulation are utilized to determine a user's location. He also delves into the role of advertising identifiers, unique codes assigned to each device, which allow advertisers to track user behavior across different apps and websites. He emphasizes how this combination of precise location data and persistent identifiers creates a comprehensive profile of an individual's movements and preferences.
The blog post concludes with a discussion of the potential implications of this granular location tracking, highlighting the risks associated with data breaches, government surveillance, and the potential for discriminatory targeting. Schneeberger underscores the importance of greater transparency and user control over the collection and use of location data, advocating for stronger privacy regulations and increased awareness among mobile device users about the extent to which their movements are being monitored.
Summary of Comments ( 146 )
https://news.ycombinator.com/item?id=42909921
HN commenters generally agreed with the article's premise that location tracking through in-app advertising is pervasive and concerning. Some highlighted the irony of privacy policies that claim not to share precise location while effectively doing so through ad requests containing latitude/longitude. Several discussed technical details, including the surprising precision achievable even without GPS and the potential misuse of background location data. Others pointed to the broader ecosystem issue, emphasizing the difficulty in assigning blame to any single actor and the collective responsibility of ad networks, app developers, and device manufacturers. A few commenters suggested potential mitigations like VPNs or disabling location services entirely, while others expressed resignation to the current state of surveillance. The effectiveness of "Limit Ad Tracking" settings was also questioned.
The Hacker News post "Everyone knows your location: tracking myself down through in-app ads" generated a moderate amount of discussion with several insightful comments. Many commenters affirmed the author's findings, sharing their own experiences and concerns with the pervasive nature of location tracking in mobile advertising.
A recurring theme is the acknowledgment that this kind of precise targeting isn't news to those working in the ad tech industry or those technically savvy, but the article serves as a good illustration of the mechanics for a wider audience. Several users pointed out that while the author focuses on the "creepiness" factor, the real issue is the potential for abuse and the lack of meaningful control users have over their data. One commenter highlights this by suggesting that the ability to precisely target individuals opens doors for malicious actors to deliver personalized scams or disinformation campaigns.
Some comments delve into the technical details, explaining how techniques like bidstream data, precise location coordinates, and device fingerprinting enable this level of tracking. They discuss the role of data brokers and the complex ecosystem that facilitates the buying and selling of user data. One commenter, seemingly familiar with the ad tech industry, explains how these practices are often obscured by complex and opaque terminology, making it difficult for average users to understand the extent of data collection.
Another line of discussion focuses on the limitations of current privacy regulations like GDPR and CCPA. Commenters argue that these regulations, while well-intentioned, are insufficient to address the core issue of pervasive tracking. They point out the loopholes and workarounds employed by ad tech companies, including obtaining "consent" through confusing and misleading prompts.
Some users propose potential solutions, ranging from stricter regulations and enforcement to the adoption of privacy-focused technologies. One commenter suggests using a VPN or disabling location services, though acknowledges that these are imperfect solutions and can negatively impact the functionality of certain apps. Another commenter promotes the use of open-source operating systems and ad blockers as more robust methods to mitigate tracking.
Finally, a few comments express a sense of resignation, accepting this level of tracking as the inevitable price of "free" apps and services. However, even within this sentiment, there's an undercurrent of unease about the long-term implications of such pervasive surveillance.