If you aren't paying for the product then you are the product...oh, wait...
Remember how you said it was cool if your mobe network sold your name, number and location?
US mobile phone companies appear to be selling their customers' private data – including their full name, phone number, contract details, home zip code and current location to third parties – all in the name of security. Security researcher Philip Neustrom found and linked to demo sites run by two mobile authentication …
COMMENTS
-
-
Monday 16th October 2017 12:49 GMT Teiwaz
You are the product, and you are being watched like a soap opera.
Google and the 'free in return for slurp' were the foot in the door.
Then some companies found they could get away with getting paid for the product and also get the usage and other personal data like it's a 20% extra free deal.
Now it's just a free for all - Governments are all at it, the regulatory bodies are mostly laughable or toothless or both plus a few more shades of useless.
If the phone buying masses ever become data aware, they'll be sims and broken phone screens in the streets...
-
Monday 16th October 2017 14:31 GMT Anonymous Coward
Re: You are the product, and you are being watched like a soap opera.
You can't even choose just to let one company (e.g. Google) slurp now, now slurping is done at every layer of the network, operator, and services you consume and their ad-mongering overloads to fund them.
It's not really possible to read all these T&C in conjunction anymore.
Basically, if you want privacy, get off the grid.
If you want to give up privacy for some benefit to your own chosen provider, forget it, it's impossible.
If you don't care, then just go ahead and watch your data spread like oil on water!
-
Tuesday 17th October 2017 10:13 GMT phuzz
Re: You are the product, and you are being watched like a soap opera.
"Google and the 'free in return for slurp' were the foot in the door."
They're just following in the footsteps of the old "fill in this survey and get a free widget" scams of yesteryear, or even "collect X tokens from promotional boxes of Y and send them to us along with your address and get a free Z".
Offering something for free in order to harvest someone's address has been working for years.
-
-
Monday 16th October 2017 12:51 GMT JamesPond
"very rigorous framework of security and data privacy consent".
Target and Yahoo! and Sony and Experian et al said their customer's data and privacy were their highest priority....and then singularly failed to do very much to actually protect it. Not so much a police state as a commercial state. Lets face it, data on us is worth money to someone somewhere so is this latest revelation really news to us?
-
Monday 16th October 2017 23:46 GMT John Brown (no body)
Re: "very rigorous framework of security and data privacy consent".
It's the new generation of Robber Barons. They're making hay while the sun shines until one day, eventually, it'll all come crashing down around their heads. Except by then, they won't care because they'll have all the money they could ever need anyway. Just like Carnegie, Morgan, Vanderbilt, Rockefeller etc did in their day.
The primary difference this time is that at least the last lot were, in general, producing useful output. The current lot don't seem to be producing anything. They just keep inventing new ways to skim a tiny little almost unnoticeable amount of other peoples transactions but on a massive scale and so get rich by doing pretty much no work at all, certainly nothing productive or useful.
-
-
-
-
Monday 16th October 2017 16:51 GMT Mark 85
Re: Now Americans can see
Of course they can see. They just choose to ignore because - hey look, shiny !
Actually I doubt they even look much less see. Except for us IT types, most users haven't a clue what's going on or are even aware that their data is being slurped. Mainstream news isn't going to report because advertisers might just pull out. But then again, I doubt most users don't visit mainstream as much s getting their news filtered by FB.
-
-
-
Monday 16th October 2017 13:10 GMT Khaptain
Bring on GDPR - Vive l'Europe
Let's hope for once that our European overlords will bring us a modicum of privacy with the new GDPR laws. Lawyers are going to have a field day suing companies that don't adhere, class action law suits will bring many a CEO to his knees. Or am I just dreaming, well, I will continue to dream, at least here in Europe,
Unfortunately I can't image that those across the big pond are ever going to come close to establishing honest GDPR laws. At least not until Uncle Sam manages to find a way to shaft the users at the same time...
-
-
Monday 16th October 2017 23:27 GMT TheVogon
Re: Bring on GDPR - Vive l'Europe
"Don't worry, the USA will ignore the GPDR."
The US itself might do, but it will be VERY expensive very quickly for any US company that does or any company that sends GDPR protected data to the US without obtaining specific informed consent. The potential fines are vast...
-
-
Monday 16th October 2017 19:36 GMT Roland6
Re: Bring on GDPR - Vive l'Europe
>Unfortunately I can't image that those across the big pond are ever going to come close to establishing honest GDPR laws.
Unfortunately, I can't see the current crowd at Westminster implementing honest GDPR laws either.
Yet, you can be sure they will want to be 'in' the European data market, in a deep and meaningful way, but not held to the rules...
-
-
Monday 16th October 2017 13:35 GMT Anonymous Coward
Failure of democracy.
The data we as individual citizens create, the data that we generate, the data that is an individual is owned by that individual. That is a basic right that cannot be signed away in fine print.
Yet the systems responsible for protecting our basic rights have instead been selling them out to the highest bidder. We can now see that in the many trade deals and failed promises from the 1980's to present. A time period in which the rich have gotten fantastically rich and Western citizens have struggled to make any gains not taken by taxes and higher costs.
This report and many other incidents are showing everyone that our present forms of governments do not, can not or will not represent the interest of citizens. As a result we cannot fix these issues by bringing in regulation. Regulations are "negotiated" with business and industry without anyone representing the rights of citizens at the table. Regulations made by the very agencies that sold us in the first place cannot be counted on to do anything but "manage the optics" or pacify the masses enough to ensure the fleecing continues.
Citizens are going to have to take action themselves if they want their rights protected. The question is how, where, when, and how to counter the measures in place to prevent such things.
-
Monday 16th October 2017 15:14 GMT Commswonk
Re: Failure of democracy.
This report and many other incidents are showing everyone that our present forms of governments do not, can not or will not represent the interest of citizens.
Well said; very well said actually. I just hope that nobody is particularly surprised at the statement because it's been bloody obvious for a long time.
-
Monday 16th October 2017 15:34 GMT Hans 1
Re: Failure of democracy.
In the history of democracy, or time, for that matter, when has a government, any government, of any economic or political doctrine, ever represented the interest of mere "citizens" ?
Thought so ...
Water at 277K is wet, those in power lazy & greedy, hello, that is why they are in power ...
-
-
Monday 16th October 2017 15:51 GMT Harry Stottle
Re: Failure of democracy.
Completely Agree but don't have the space or time to answer the questions in your final para
The short version is
1 Incentivise the use of private notarised personal data "wallets" securely stored in various devices and capable of providing the answer to some questions without revealing actual data (eg whether someone is above or below an age constraint can be revealed without revealing date of birth). Also capable - with the co-operation of couriers who buy into the idea in order to feed off the "privacy preferred" market - of supplying one time "address keys" which even the courier can expose only in sufficient detail for their current sorting requirements. (but the merchant or supplier never gets to see or store)
2 in the few instances where data really does need to be warehoused, compartmentalise it so that one warehouse may hold, for example, address data but not names or other private data; while another might hold dates of birth etc. (Only linkable with more one time keys etc)
3 impose strict video-logged access controls on such data warehouses so that if any human access the protected data, (publicly) trusted auditors will always be a) notified and b) able to discover exactly who, when, why and where they accessed the data (and, of course, have full legal rights to blow the whistle if they spot anything underhand).
-
Monday 16th October 2017 18:40 GMT anoco
Re: Failure of democracy.
A possible solution, at least in the US, is the creation of the 28th amendment. To be known as the Right to Own Your Data. And hope that it doesn't take as long as the 27th to be ratified.
But if we really want to solve it fast, it should go as a subset. Like 2a or something. Then we could have liberals and conservatives working together. ..and all of a sudden the universe stopped expanding...
-
Monday 16th October 2017 23:19 GMT Anonymous Coward
'systems responsible for protecting basic rights have been selling them out to the highest bidder'
It'd be nice to think that this was an isolated incident, but when you look at Global-Banking, EPA & Product Safety, Big-Pharma & Drug-Trials and most Trade agreements, the Dystopian future awaits!
-
-
Monday 16th October 2017 18:11 GMT Cynic_999
Good for business
Having intermittent live location data on just about everyone enables my .onion site to alert my customers when all members of a given household are >20 miles from the house, and will give the earliest possible time that any could get home. Premium paying customers can be alerted when *any* house within a given area is empty, and highlight houses where the last reported U.K. location of all members of the household was an airport.
All achievable by data-scraping. Obviously I cannot be held responsible for how anyone may choose to use such information.
-
Monday 16th October 2017 23:36 GMT Richocet
Solutions
Let's hope some effective legislation is put in place to tackle this and they are enforced.
I rate the chance as less than 50%. And the chances are lower in the US than EU.
An effective tactic to sabotage this behavior is to feed bad data into these systems. They have been designed around the principles of obtaining as much data as possible, and just assume that the data they collect is accurate. Then it is freely sold, shared, compiled between the data companies.
If 20% of the data was poisoned this would make intelligence drawn from the data too inaccurate to use. Correlation would produce significant numbers of false positives. The compilers of data wouldn't know which data was bad or when bad data started entering their systems. It would be unfeasible effort and time intensive to clean up the data.
Web tracking cookies, ad tracking, and email tracking are all vulnerable to spamming junk data into the databases.
A botnet would take this to another level with diverse geoip information spamming.
-
Tuesday 17th October 2017 13:04 GMT Missing Semicolon
Google slurping is not the same as MNO slurping.
With Google there's a deal. We give you all these free shinies, and you pay in personal data. The shinies are actually pretty good, so we accept the price.
With Mobile Operators, I pay for the service already. The subsequent monetization of my PII is essentially theft.