Profile picture
, 7 tweets, 4 min read
My Authors
Read all threads
"A threat intelligence firm called HYAS …is buying location data harvested from ordinary apps installed on peoples' phones around the world …and claims to be able to track people to their 'doorstep'."

Systemic misuse of data from apps and 'advertising': vice.com/en_us/article/…
"HYAS' location data comes from X-Mode, a company that started with an app named 'Drunk Mode,' designed to prevent college students from making drunk phone calls and has since pivoted to selling user data from a wide swath of apps"
According to an X-Mode spokesperson quoted by Vice, they 'obfuscate any user IDs' and they 'aggregate devices using generalization' when they sell location data gathered from apps. Whatever this means.
Why does X-Mode then sell individual-level 'raw' location data records on 25-60 million people via a data marketplace they proudly link to on their website, including personal identifiers (advertising ID, IP) and many other fields?
snowflake.com/datasets/x-mod…
xmode.io/snowflake-and-…
So, where's the 'aggregation' and 'obfuscation'?

According to its privacy policy, X-Mode shares location data including personal IDs and other info with at least 87 'customers', which it also calls 'trusted partners', listed here:
xmode.io/trusted-partne…
xmode.io/xmode-privacy-…
According to this list, X-Mode sells data to HYAS and to:

- giants like Facebook, Microsoft, Telefonica, Cisco
- well-known data brokers like LiveRamp, Nielsen, Lotame
- other location data brokers like Factual

…and to many firms I never heard of. And believe me, I know a lot.
Who are these companies?

For example, according to its list of 'trusted partners', X-Mode shares location data sourced from unknown mobile apps with Culmen, a defense contractor.
culmen.com/clients
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Wolfie Christl

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @WolfieChristl see all

Profile picture
Wolfie Christl
@WolfieChristl
Amazon is hiring 'intelligence analysts', who should work
on 'sensitive topics that are highly confidential, including labor organizing threats against the company' and spy on 'organized labor, activist groups, hostile political leaders'.

Via @jfslowik / amazon.jobs/en/jobs/102606…
Amazon's list of enemies, to be targeted by their corporate intelligence agency:

'hate groups, policy initiatives, geopolitical issues, terrorism, law enforcement, and organized labor'

...plus 'activist groups' and 'hostile political leaders'.
Here's another Amazon job listing with a similar description:
amazon.jobs/en/jobs/121361…

In both cases, 'preferred qualifications' include:

'Previous experience in Intelligence analysis and or watch officer skill set in the intelligence community, the military, law enforcement...'
Read 10 tweets
Profile picture
Wolfie Christl
@WolfieChristl
For more than a year, 1200+ apps installed on hundreds of millions of iPhones and iPads contained malicious software operated by a shady adtech/data company that spied on users in order to steal ad revenue from competitors, according to security firm Snyk:
snyk.io/blog/sourmint-…
App vendors integrated this software/SDK by Mintegral, a Chinese adtech firm owned by Mobvista, another adtech firm, to earn money through ads.

Many iOS apps are affected, from dating to games, also very popular ones like Helix Jump, Subway Surfers and PicsArt. And their users.
For more than a year, 1200 app vendors: 🙈🙉🙊

Mediation platforms including Twitter's MoPub, who helped embedding Mintegral 🙈🙉🙊

Apple: "no evidence that users have been harmed" 🙈🙉🙊

Industry associations: fighting against any regulation 🙈🙉🙊

forbes.com/sites/johnkoet…
Read 7 tweets
Profile picture
Wolfie Christl
@WolfieChristl
When the data industry is talking about sharing 'anonymized' profile data:

They do indeed not share email addresses, for example. But they share hashed versions of it, and they all use THE SAME hash function, and can thus still monitor and act on people across the digital world.
Calling this kind of personal data sharing 'anonymized' is corporate misinformation. A whole industry has been built on this lie.

Many still don't understand that.

Also, the question of whether or not you can reverse the hash is irrelevant, if everyone uses the same function.
Of course, hashed IDs can also be based on phone numbers or other data.

There are more complex versions of this, e.g. hashing the hashes, using temporary IDs and later match it to persistent ones, linking/matching chains of identifiers, using salted hashes for sub-purposes etc.
Read 20 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!