Byron Tau’s article helped us understand how badly constructed apps not only give third party advert providers a free ride on our time & attention but can also compromise our privacy (and give away the most intimate details of our lives). The central protagonist of the article is a US government contractor-cum-techie, Mike Yeagley. Through his digital sleuthing, Mr Yeagley established that there was a particular app which was creating a major challenge for the US government:
“A popular dating and hookup app, Grindr relied on the GPS capabilities of modern smartphones to connect potential partners in the same city, neighborhood, or even building. The app can show how far away a potential partner is in real time, down to the foot.
In its 10 years of operation, Grindr had amassed millions of users and become a central cog in gay culture around the globe.
But to Yeagley, Grindr was something else: one of the tens of thousands of carelessly designed mobile phone apps that leaked massive amounts of data into the opaque world of online advertisers. That data, Yeagley knew, was easily accessible by anyone with a little technical know-how. So Yeagley—a technology consultant then in his late forties who had worked in and around government projects nearly his entire career—made a PowerPoint presentation and went out to demonstrate precisely how that data was a serious national security risk.
As he would explain in a succession of bland government conference rooms, Yeagley was able to access the geolocation data on Grindr users through a hidden but ubiquitous entry point: the digital advertising exchanges that serve up the little digital banner ads along the top of Grindr and nearly every other ad-supported mobile app and website. This was possible because of the way online ad space is sold, through near-instantaneous auctions in a process called real-time bidding. Those auctions were rife with surveillance potential. You know that ad that seems to follow you around the internet? It’s tracking you in more ways than one. In some cases, it’s making your precise location available in near-real time to both advertisers and people like Mike Yeagley, who specialized in obtaining unique data sets for government agencies.”
Mr Yeagley went on to show the US government that using Grindr data, a spy could figure out (sitting in the comfort of his home) which government officials were spending time with other Grindr users: “If the device spent most workdays at the Pentagon, the FBI headquarters, or the National Geospatial-Intelligence Agency building at Fort Belvoir, for example, there was a good chance its owner worked for one of those agencies. Then he started looking at the movement of those phones through the Grindr data. When they weren’t at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users—sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating….each of these intelligence and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look.”
Then Mr Yeagley went from the specific issue to the general issue – many other apps also do what Grindr does i.e. make data on your movements available at very low cost to anyone else who buys that data. In some cases, as in Grindr’s case, the app is owned by Chinese companies. Byron Tau’s excellent article then goes on to show just how easy it is to build apps which by design or by accident suck out from your phone the details of your lives and then sell it for a few cents to pretty much whoever wants it. Mr Tau points out that the people who want this data and not just companies wanting to sell shoes, groceries and knick knacks to you but also intelligence agencies:
“The CIA was interested in software that could analyze and understand the geographic movement of people and things. It wanted to be able to decipher when, say, two people were trying to conceal that they were traveling together…
After acquiring a data set on Russia, the team realized they could track phones in the Russian president Vladimir Putin’s entourage. The phones moved everywhere that Putin did. They concluded the devices in question did not actually belong to Putin himself; Russian state security and counterintelligence were better than that. Instead, they believed the devices belonged to the drivers, the security personnel, the political aides, and other support staff around the Russian president; those people’s phones were trackable in the advertising data. As a result, PlanetRisk knew where Putin was going and who was in his entourage.”
You should read Byron Tau’s minblowing piece in its entirety to appreciate just how vulnerable and how compromised our lives have become because of the technology embedded in our phones and why we should worry a little bit less about the companies trying to sell shoes & shampoos to us online and worry more about how much intelligence agencies – private & corporate – know about our lives. If, like us, you want to know more about this subject, Mr Tau refers you to his book, “Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State”.
If you want to read our other published material, please visit https://marcellus.in/blog/
Note: The above material is neither investment research, nor financial advice. Marcellus does not seek payment for or business from this publication in any shape or form. The information provided is intended for educational purposes only. Marcellus Investment Managers is regulated by the Securities and Exchange Board of India (SEBI) and is also an FME (Non-Retail) with the International Financial Services Centres Authority (IFSCA) as a provider of Portfolio Management Services. Additionally, Marcellus is also registered with US Securities and Exchange Commission (“US SEC”) as an Investment Advisor.