I have LONG suspected that governments buy commercial location data gathered from all kinds of mobile apps, from games to weather, and of course, it's happening.
WSJ reports that DHS, ICE and CBP bought access to data that maps the movements of millions: wsj.com/articles/feder…
WSJ reports that DHS, ICE and CBP bought access to data that maps the movements of millions: wsj.com/articles/feder…
According to the WSJ, this data:
- has been used to track immigrants and even to 'help identify immigrants who were later arrested' by DHS+ICE
- comes from a company that seems to be closely related to Gravy Analytics, a major player in digital marketing and mobile advertising
- has been used to track immigrants and even to 'help identify immigrants who were later arrested' by DHS+ICE
- comes from a company that seems to be closely related to Gravy Analytics, a major player in digital marketing and mobile advertising
WSJ writes:
"According to federal spending contracts, a division of DHS ... began buying location data in 2017 from Venntel Inc. of Herndon, Va., a small company that shares several executives and patents with Gravy Analytics"
ICE bought Venntel licenses in 2018, CBP in 2019.
"According to federal spending contracts, a division of DHS ... began buying location data in 2017 from Venntel Inc. of Herndon, Va., a small company that shares several executives and patents with Gravy Analytics"
ICE bought Venntel licenses in 2018, CBP in 2019.
WSJ's sources say that Venntel 'purchased the information from private marketing companies that sell the location data of millions of cellphones to advertisers', and that data is 'pseudonymised—meaning that each cellphone is represented by an alphanumeric advertising identifier'.
I've been investigating the commercial data industry for years. Most companies are very secretive. Some openly advertise how they gather+sell data, but it's never the full picture.
Recently, we examined how location data brokers receive data form apps:
Recently, we examined how location data brokers receive data form apps:
In the case of Venntel, there is hardly any info available. Their website is nearly empty.
According to this job posting, they claim to use '17+ billion commercially-available data points daily, covering billions of mobile devices globally each month':
jobs.lever.co/venntel/226282…
According to this job posting, they claim to use '17+ billion commercially-available data points daily, covering billions of mobile devices globally each month':
jobs.lever.co/venntel/226282…
In contrast, there's quite some information about Gravy Analytics on the web.
Interestingly, Gravy Analytics also uses the number of '17 billion records daily', according to this SlideShare presentation: slideshare.net/GravyAnalytics…
Interestingly, Gravy Analytics also uses the number of '17 billion records daily', according to this SlideShare presentation: slideshare.net/GravyAnalytics…
Gravy Analytics sells location data on millions via other data brokers. For example, Gravy is listed as a 'data provider' in Oracle's data directory:
oracle.com/us/solutions/c…
Gravy states to gather 'mobile device IDs and location signals' (=personal data) from 'multiple sources'.
oracle.com/us/solutions/c…
Gravy states to gather 'mobile device IDs and location signals' (=personal data) from 'multiple sources'.
Gravy is also listed as a data provider by LiveRamp, formerly known as Acxiom:
liveramp.com/partners/gravy…
Here they state that 'location signals' come from a 'nationwide base of opted-in, anonymous mobile devices'. Most likely, neither (informed) 'opt-in' nor 'anonymous' is true.
liveramp.com/partners/gravy…
Here they state that 'location signals' come from a 'nationwide base of opted-in, anonymous mobile devices'. Most likely, neither (informed) 'opt-in' nor 'anonymous' is true.
Also, Adobe (who runs a huge data business) resells Gravy data: adobe-audience-finder.com/data_partner/g…
According to this, Gravy's data sources include:
"Gravy’s own mobile app, Gravy’s SDK in other mobile apps, 3rd party SDKs collecting location data, in-app ad request data ... beacon data"
According to this, Gravy's data sources include:
"Gravy’s own mobile app, Gravy’s SDK in other mobile apps, 3rd party SDKs collecting location data, in-app ad request data ... beacon data"
Taken together, it's not very clear which mobile apps Gravy actually gets location data from.
In part, app vendors put Gravy's data collection software ('SDKs') into their apps. Gravy also receives data from other data 'partners'.
Even more interesting: 'in-app ad request data'
In part, app vendors put Gravy's data collection software ('SDKs') into their apps. Gravy also receives data from other data 'partners'.
Even more interesting: 'in-app ad request data'
On its website, Gravy Analytics states it receives data from 'multiple location data providers', who track 'tens of thousands of apps' via embedded software.
AND they state data also comes from 'trillions of bid requests in the advertising bid stream' (!)
AND they state data also comes from 'trillions of bid requests in the advertising bid stream' (!)
What's the 'bid stream'?
Every time you use a website or app your profile data is being sent to others and sold to the highest bidder. This can include location data + happens billions of times a day.
Much of today's digital advertising works like this.
brave.com/rtb-updates/
Every time you use a website or app your profile data is being sent to others and sold to the highest bidder. This can include location data + happens billions of times a day.
Much of today's digital advertising works like this.
brave.com/rtb-updates/
So, *IF* Venntel's data actually comes from Gravy Analytics, and this is not clear yet, then commercial location data from a) marketing spyware embedded in apps and from b) 'real-time bidding' in digital advertising is flowing to US government agencies such as DHS, ICE and CBP.
Oh, @dellcam found that "Venntel's domain was registered in 2017 by Gravy's founder and CEO using a Gravy devops email account":
@dellcam Here's an interview with a member of Gravy Analytics' advisory board, a former military intelligence officer.
He says 'marketing, security and payments/e-commerce' are 'converging' and sees location data being used for 'public safety and security' soon:
gravyanalytics.com/blog/interview…
He says 'marketing, security and payments/e-commerce' are 'converging' and sees location data being used for 'public safety and security' soon:
gravyanalytics.com/blog/interview…
@dellcam Anyway, Gravy Analytics is by far not the only company, who constantly gathers+trades data on everyone's movements and other behaviors.
I'm pretty sure governments also buy from other firms in marketing surveillance, and this is only one of several reasons why this has to STOP.
I'm pretty sure governments also buy from other firms in marketing surveillance, and this is only one of several reasons why this has to STOP.
@dellcam In our recent report, we observed Grindr sending exact GPS coordinates to 8+ companies. Other apps also sent location data to third parties:
Pervasive digital profiling is a systemic issue. To fix this, we need regulation (US) and its enforcement (EU).
Pervasive digital profiling is a systemic issue. To fix this, we need regulation (US) and its enforcement (EU).
@dellcam Ok, this is dynamite.
Gravy Analytics keeps its location data sources secret, yet their CEO said in this podcast they got their tech embedded into third-party apps to 'harvest' data, with 'partners like eBay, Marriott, USA Today, Gannett' (!)
From 22:40: soundcloud.com/acremades/ep-1…
Gravy Analytics keeps its location data sources secret, yet their CEO said in this podcast they got their tech embedded into third-party apps to 'harvest' data, with 'partners like eBay, Marriott, USA Today, Gannett' (!)
From 22:40: soundcloud.com/acremades/ep-1…
@dellcam He said this was 'prior to 2016'.
3 years ago, an academic study by @RDBinns et al observed the USA Today app sharing data with Gravy Analytics:
github.com/sociam/PROWISH…
Gannett is a Gravy Analytics investor:
washingtonpost.com/news/on-small-…
DID OR DO those apps send data to DHS/ICE?
3 years ago, an academic study by @RDBinns et al observed the USA Today app sharing data with Gravy Analytics:
github.com/sociam/PROWISH…
Gannett is a Gravy Analytics investor:
washingtonpost.com/news/on-small-…
DID OR DO those apps send data to DHS/ICE?
@dellcam @RDBinns "The bigger twist here is that, unlike in Carpenter, DHS isn’t subpoenaing location records; it’s buying them from Venntel, a data broker that according to the Journal has ties to Gravy Analytics, a major adtech company"
Indeed. wired.com/story/can-gove…
Indeed. wired.com/story/can-gove…
