1/ [thread] Just presented with Tor E Bjørnstad, from security firm mnemonic, at Sikkerhetssymposiet today. We talked about our work on #adtech and the out of control data collection & sharing event.dnd.no/siksymp/progra… #privacy #GDPR
2/ Tried to explain how tracking happens on our phone via our apps, with unique identifiers (such as Google ID) being passed on with other personal information to a wide range of actors. Details in our report is available here: forbrukerradet.no/out-of-control/ #adtech #privacy
3/ They combine this data with information taken from a large number of different sources. These profiles, which can be compared to a «digital twin» may have thousands of data points about who you are, what you like, how you feel, and how you are predicted to behave.
4/ This is now a billion-dollar industry that includes an enormous amount of companies, most of which we have never heard of. They all fulfill different roles in the ecosystem, although the lines between data broker, data supplier, and data user is often blurred.
5/ The data collected and profiles made about us, are then used to categorise us. Here are just some examples of categories advertisers can use to "reach" us. Or manipulate or discriminate us. Source: iabtechlab.com/standards/audi…
6/ mnemonic conducted the technical testing, with help from @WolfieChristl & @thezedwards. Some results:
- 135 identified advertising companies in the data
- 20 ad companies receiving GPS data
- 16 different situations where apps shared user data such as gender, age, sexual pref
7/ Many companies receive data from many apps. Google & Facebook very much present, but so are also lots of more "unknown" companies. This is line with findings with other research (eg: research by @acccgovau & @AppCensusInc accc.gov.au/system/files/1…). Just the tip of the iceberg
8/ For example: the technical analysis by mnemonic showed that @okcupid was sharing very personal information with a commercial third party.
9/ Another pretty shocking finding was the makeup app, @Perfect365 that:
- Shared data with 72 online advertising companies
- Shared the users location continuously
Location data is extremely sensitive data and the potential for misuse is enormous: nytimes.com/interactive/20…
10/ However, of the ten apps we researched, @Grindr, shared advertising ID, location data and in some cases sexual preferences, with commercial third parties. Needless to say, but most people want to keep such information private.
11/ What made matters worse, was their lack of proper consent & legal base for sharing. As an example, if you follow just one of the trails, this would be the potential sharing of this data
12/ Working with @maxschrems & @NOYBeu we filed legal complaints against @Grindr, @mopub, @OpenX @AppNexus @AdColony @Smaato for breaching the #GDPR - the adtech industry is #OutOfControl
13/ Also, we worked with 40+ consumer and civil rights groups from around the world, asking authorities to end these illegal activities: forbrukerradet.no/side/complaint…
14/ If you have read this far, I would also like to draw attention to the complaint on RTB by @johnnyryan @mikarv @jimkillock ++ brave.com/wp-content/upl… and updates: iccl.ie/human-rights/i…
15/ Needless to say, but this kind of data sharing & exploitation puts us all at risk of manipulation, discrimination and many other harms. Read more in our report, or see this recent study by @HKingaby
16/ Also, you should read the work by the excellent researcher @WolfieChristl - he has done a lot to document and expose this ecosystem: crackedlabs.org/en
17/ @privacyint has also done great research and litigation in this field:
18/ Also, want to call out the importance of international networks we are member of, making it possible to swiftly coordinate actions, such as @beuc @TACD_Consumers @Consumers_Int @anectweet
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.