Adrian Sanabria
Joseph CoxNew from 404 Media: CBP tapped into the online advertising ecosystem to track peoples' movements, according to an internal DHS document. Shows for the first time DHS tracked phones via process for putting ads in ordinary apps—video games, fitness apps, many more https://www.404media.co/cbp-tapped-into-the-online-advertising-ecosystem-to-track-peoples-movements/
Michael Santaly@josephcox Do we know if you pay to remove ads from an app if this is still a vulnerability you could face?
Chris Kletsch@wonkothesane @josephcox well, it reduces the risk for _one_ app - I suppose if your pay the developer, then yes, this API will not be called.
But you can't pay for every app. And you can't even be sure that it will never be called - perhaps the developer keeps parts for future reference, or forgets one subpage, or even other forms of usage tracking will become an additional source for the authorities.
Petra van Cronenburg@josephcox tip for the readers here: you can follow @404mediaco here!
Eggs now in different baskets.@josephcox The NRK did a similar investigation a couple of years ago here in Norway.
They bought "anonymised" data from brokers in London and then by analysing this data were able to identify the people the data was collected from.
Simply put, a device comes out of a given house every morning, drives, via a given school to a given place of work and then back home in the afternoon.
It does not take that much effort to work out who exactly that device belongs to.
@josephcox Run the story through your favourite machine translator or find a tame Norwegian/Dane/Swede or learn Norwegian.