It was shocking when a mob stormed the U.S. Capitol on January 6th. In the aftermath of this event, data (mostly pictures and videos) from the social network Parler was used to create timelines for the activities of individuals and ultimately to identify them. But now another data set has emerged from a different source that can be used to identify even more persons.
Location Pings on the Capitol
This time, it is data from a company specializing in smartphone user tracking. The New York Times got it from an anonymous source. Using what is known in IT circles as “god mode“ the data shared with the New York Times contains more than 100,000 “location pings“. For a location ping a smartphone reports its location to a server along with an ID of the user. This method is used by data traders to collect data and sell it to other companies – mostly for advertising purposes. These pings creates a location trail of the whereabouts of users. And that’s all that you need to follow a user around. It is simply in the data if a user that attended the Trump ralley and was later found in the U.S. Capitol.
Data Traders and Privacy
Data traders like to emphasize that the information they collect of users is anonymized and there is no way to identify individuals. But earlier research has shown that is simply not the case. In 2019, a data set containing location data from 12 million devices was used by the New York times to identify people. It was not that difficult: locations like work and home naturally appear more often in such data sets. This data even posed a security threat, since Secret Service agents could be identified by this data.
This incident illustrates how wide spread this practise, also known as surveillance capitalism, is. It also shows how easy it is for single individuals of companies to get access to this kind of data (“god mode“). Both, Apple and Google, have increased their efforts to protect the privacy of their users. But there‘s still a lot to do. In the meantime, users have to pay more attention than ever to which apps they allow access to their information.