Remember how you said it was cool if your mobe network sold your name, number and location? US mobile phone companies appear to be selling their customers' private data – including their full name, phone number, contract details, home zip code and current location to third parties – all in the name of security. Security researcher Philip Neustrom found and linked to demo sites run by two mobile authentication …
Google and the 'free in return for slurp' were the foot in the door.
Then some companies found they could get away with getting paid for the product and also get the usage and other personal data like it's a 20% extra free deal.
Now it's just a free for all - Governments are all at it, the regulatory bodies are mostly laughable or toothless or both plus a few more shades of useless.
If the phone buying masses ever become data aware, they'll be sims and broken phone screens in the streets...
You can't even choose just to let one company (e.g. Google) slurp now, now slurping is done at every layer of the network, operator, and services you consume and their ad-mongering overloads to fund them.
It's not really possible to read all these T&C in conjunction anymore.
Basically, if you want privacy, get off the grid.
If you want to give up privacy for some benefit to your own chosen provider, forget it, it's impossible.
If you don't care, then just go ahead and watch your data spread like oil on water!
"Google and the 'free in return for slurp' were the foot in the door."
They're just following in the footsteps of the old "fill in this survey and get a free widget" scams of yesteryear, or even "collect X tokens from promotional boxes of Y and send them to us along with your address and get a free Z".
Offering something for free in order to harvest someone's address has been working for years.
Target and Yahoo! and Sony and Experian et al said their customer's data and privacy were their highest priority....and then singularly failed to do very much to actually protect it. Not so much a police state as a commercial state. Lets face it, data on us is worth money to someone somewhere so is this latest revelation really news to us?
It's the new generation of Robber Barons. They're making hay while the sun shines until one day, eventually, it'll all come crashing down around their heads. Except by then, they won't care because they'll have all the money they could ever need anyway. Just like Carnegie, Morgan, Vanderbilt, Rockefeller etc did in their day.
The primary difference this time is that at least the last lot were, in general, producing useful output. The current lot don't seem to be producing anything. They just keep inventing new ways to skim a tiny little almost unnoticeable amount of other peoples transactions but on a massive scale and so get rich by doing pretty much no work at all, certainly nothing productive or useful.
Of course they can see. They just choose to ignore because - hey look, shiny !
Actually I doubt they even look much less see. Except for us IT types, most users haven't a clue what's going on or are even aware that their data is being slurped. Mainstream news isn't going to report because advertisers might just pull out. But then again, I doubt most users don't visit mainstream as much s getting their news filtered by FB.
Let's hope for once that our European overlords will bring us a modicum of privacy with the new GDPR laws. Lawyers are going to have a field day suing companies that don't adhere, class action law suits will bring many a CEO to his knees. Or am I just dreaming, well, I will continue to dream, at least here in Europe,
Unfortunately I can't image that those across the big pond are ever going to come close to establishing honest GDPR laws. At least not until Uncle Sam manages to find a way to shaft the users at the same time...
"Don't worry, the USA will ignore the GPDR."
The US itself might do, but it will be VERY expensive very quickly for any US company that does or any company that sends GDPR protected data to the US without obtaining specific informed consent. The potential fines are vast...
>Unfortunately I can't image that those across the big pond are ever going to come close to establishing honest GDPR laws.
Unfortunately, I can't see the current crowd at Westminster implementing honest GDPR laws either.
Yet, you can be sure they will want to be 'in' the European data market, in a deep and meaningful way, but not held to the rules...
The data we as individual citizens create, the data that we generate, the data that is an individual is owned by that individual. That is a basic right that cannot be signed away in fine print.
Yet the systems responsible for protecting our basic rights have instead been selling them out to the highest bidder. We can now see that in the many trade deals and failed promises from the 1980's to present. A time period in which the rich have gotten fantastically rich and Western citizens have struggled to make any gains not taken by taxes and higher costs.
This report and many other incidents are showing everyone that our present forms of governments do not, can not or will not represent the interest of citizens. As a result we cannot fix these issues by bringing in regulation. Regulations are "negotiated" with business and industry without anyone representing the rights of citizens at the table. Regulations made by the very agencies that sold us in the first place cannot be counted on to do anything but "manage the optics" or pacify the masses enough to ensure the fleecing continues.
Citizens are going to have to take action themselves if they want their rights protected. The question is how, where, when, and how to counter the measures in place to prevent such things.
This report and many other incidents are showing everyone that our present forms of governments do not, can not or will not represent the interest of citizens.
Well said; very well said actually. I just hope that nobody is particularly surprised at the statement because it's been bloody obvious for a long time.
In the history of democracy, or time, for that matter, when has a government, any government, of any economic or political doctrine, ever represented the interest of mere "citizens" ?
Thought so ...
Water at 277K is wet, those in power lazy & greedy, hello, that is why they are in power ...
Completely Agree but don't have the space or time to answer the questions in your final para
The short version is
1 Incentivise the use of private notarised personal data "wallets" securely stored in various devices and capable of providing the answer to some questions without revealing actual data (eg whether someone is above or below an age constraint can be revealed without revealing date of birth). Also capable - with the co-operation of couriers who buy into the idea in order to feed off the "privacy preferred" market - of supplying one time "address keys" which even the courier can expose only in sufficient detail for their current sorting requirements. (but the merchant or supplier never gets to see or store)
2 in the few instances where data really does need to be warehoused, compartmentalise it so that one warehouse may hold, for example, address data but not names or other private data; while another might hold dates of birth etc. (Only linkable with more one time keys etc)
3 impose strict video-logged access controls on such data warehouses so that if any human access the protected data, (publicly) trusted auditors will always be a) notified and b) able to discover exactly who, when, why and where they accessed the data (and, of course, have full legal rights to blow the whistle if they spot anything underhand).
A possible solution, at least in the US, is the creation of the 28th amendment. To be known as the Right to Own Your Data. And hope that it doesn't take as long as the 27th to be ratified.
But if we really want to solve it fast, it should go as a subset. Like 2a or something. Then we could have liberals and conservatives working together. ..and all of a sudden the universe stopped expanding...
It'd be nice to think that this was an isolated incident, but when you look at Global-Banking, EPA & Product Safety, Big-Pharma & Drug-Trials and most Trade agreements, the Dystopian future awaits!
Having intermittent live location data on just about everyone enables my .onion site to alert my customers when all members of a given household are >20 miles from the house, and will give the earliest possible time that any could get home. Premium paying customers can be alerted when *any* house within a given area is empty, and highlight houses where the last reported U.K. location of all members of the household was an airport.
All achievable by data-scraping. Obviously I cannot be held responsible for how anyone may choose to use such information.
Let's hope some effective legislation is put in place to tackle this and they are enforced.
I rate the chance as less than 50%. And the chances are lower in the US than EU.
An effective tactic to sabotage this behavior is to feed bad data into these systems. They have been designed around the principles of obtaining as much data as possible, and just assume that the data they collect is accurate. Then it is freely sold, shared, compiled between the data companies.
If 20% of the data was poisoned this would make intelligence drawn from the data too inaccurate to use. Correlation would produce significant numbers of false positives. The compilers of data wouldn't know which data was bad or when bad data started entering their systems. It would be unfeasible effort and time intensive to clean up the data.
Web tracking cookies, ad tracking, and email tracking are all vulnerable to spamming junk data into the databases.
A botnet would take this to another level with diverse geoip information spamming.
With Google there's a deal. We give you all these free shinies, and you pay in personal data. The shinies are actually pretty good, so we accept the price.
With Mobile Operators, I pay for the service already. The subsequent monetization of my PII is essentially theft.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
