🇺🇦Finn Lützow-Holm Myrstad Profile picture
Oct 30, 2020 18 tweets 14 min read Read on X
1/ [thread] Just presented with Tor E Bjørnstad, from security firm mnemonic, at Sikkerhetssymposiet today. We talked about our work on #adtech and the out of control data collection & sharing event.dnd.no/siksymp/progra… #privacy #GDPR Image
2/ Tried to explain how tracking happens on our phone via our apps, with unique identifiers (such as Google ID) being passed on with other personal information to a wide range of actors. Details in our report is available here: forbrukerradet.no/out-of-control/ #adtech #privacy Image
3/ They combine this data with information taken from a large number of different sources. These profiles, which can be compared to a «digital twin» may have thousands of data points about who you are, what you like, how you feel, and how you are predicted to behave. Image
4/ This is now a billion-dollar industry that includes an enormous amount of companies, most of which we have never heard of. They all fulfill different roles in the ecosystem, although the lines between data broker, data supplier, and data user is often blurred. Image
5/ The data collected and profiles made about us, are then used to categorise us. Here are just some examples of categories advertisers can use to "reach" us. Or manipulate or discriminate us. Source: iabtechlab.com/standards/audi… Image
6/ mnemonic conducted the technical testing, with help from @WolfieChristl & @thezedwards. Some results:
- 135 identified advertising companies in the data
- 20 ad companies receiving GPS data
- 16 different situations where apps shared user data such as gender, age, sexual pref Image
7/ Many companies receive data from many apps. Google & Facebook very much present, but so are also lots of more "unknown" companies. This is line with findings with other research (eg: research by @acccgovau & @AppCensusInc accc.gov.au/system/files/1…). Just the tip of the iceberg Image
8/ For example: the technical analysis by mnemonic showed that @okcupid was sharing very personal information with a commercial third party. Image
9/ Another pretty shocking finding was the makeup app, @Perfect365 that:
- Shared data with 72 online advertising companies
- Shared the users location continuously

Location data is extremely sensitive data and the potential for misuse is enormous: nytimes.com/interactive/20… Image
10/ However, of the ten apps we researched, @Grindr, shared advertising ID, location data and in some cases sexual preferences, with commercial third parties. Needless to say, but most people want to keep such information private. Image
11/ What made matters worse, was their lack of proper consent & legal base for sharing. As an example, if you follow just one of the trails, this would be the potential sharing of this data Image
12/ Working with @maxschrems & @NOYBeu we filed legal complaints against @Grindr, @mopub, @OpenX @AppNexus @AdColony @Smaato for breaching the #GDPR - the adtech industry is #OutOfControl Image
13/ Also, we worked with 40+ consumer and civil rights groups from around the world, asking authorities to end these illegal activities: forbrukerradet.no/side/complaint…
14/ If you have read this far, I would also like to draw attention to the complaint on RTB by @johnnyryan @mikarv @jimkillock ++ brave.com/wp-content/upl… and updates: iccl.ie/human-rights/i…
15/ Needless to say, but this kind of data sharing & exploitation puts us all at risk of manipulation, discrimination and many other harms. Read more in our report, or see this recent study by @HKingaby
16/ Also, you should read the work by the excellent researcher @WolfieChristl - he has done a lot to document and expose this ecosystem: crackedlabs.org/en
17/ @privacyint has also done great research and litigation in this field:
18/ Also, want to call out the importance of international networks we are member of, making it possible to swiftly coordinate actions, such as @beuc @TACD_Consumers @Consumers_Int @anectweet

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🇺🇦Finn Lützow-Holm Myrstad

🇺🇦Finn Lützow-Holm Myrstad Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @finnmyrstad

May 31, 2022
⚠️Today we are publishing a report on how the gaming industry exploits consumers using lootboxes

20 organizations in 18 European countries are joining us and call for better regulation of video games. 🎮

forbrukerradet.no/siste-nytt/loo…

#lootbox #gaming #darkpatterns #deceptivedesign
We have identified many problematic practices in an industry that is larger than Hollywood, and expected to grow massively in the years to come.

We need make gaming a safer & better experience for everyone.

Issues outlined below🧵
#lootboxes #lootbox #gaming Text: Dangers in gaming. Th...
Problem 1: Manipulative and deceptive practices are prevalent in digital environments, and are employed to make you spend more money on the game, and to keep you playing.

#lootboxes #deceptivedesign #darkpatterns #lootbox Image
Read 31 tweets
Jul 7, 2021
A coalition of 14 companies is supporting our call to action on surveillance advertising! With companies such as @DuckDuckGo, @Vivaldibrowser, @Fastmail and many others: See more below: vivaldi.com/blog/letter-ba… #BanSurveillanceAdvertising 🧵
2. Your browser is your is key to internet experience. It also one of your keys to your privacy. @vivaldibrowser is a leading browser in this field, and they support #BanSurveillanceAdvertising
3. Private communications have been eroded by #BigTech the last 20 years. Alternatives are growing. Read post by Fastmail CEO, @BronGondwana. Fastmail is one of the 14 companies signing todays letter:
Read 11 tweets
Jan 26, 2021
Historic!

Dating app @Grindr will be fined €10 million, 10% of global turnover for sharing personal data with commercial third parties in breach of the #GDPR, as a result of our legal complaint & report. forbrukerradet.no/news-in-englis… #privacy #adtech
2/ For context, see our work that led to this historic decision:
3 / working with, @noyb_eu & @MaxSchrems, we filed a complaint in January 2020. The decision by the DPA clearly states that Consent must be unambiguous, informed, specific and freely given. This is not the case with Grindr noyb.eu/en/gay-dating-…
Read 14 tweets
Jan 14, 2020
1. [thread] We are filing legal complaints against six companies based on our research, revealing systematic breaches to privacy, by shadowy #OutOfControl #adtech companies gathering & sharing heaps of personal data. forbrukerradet.no/out-of-control… #privacy
2. We observed how ten apps transmitted user data to at least 135 different third parties involved in advertising and/or behavioural profiling, exposing (yet again) a vast network of companies monetizing user data and using it for their own purposes. Technical testing conducted by cyber security firm, mnemonic. Technical report available here: https://fil.forbrukerradet.no/wp-content/uploads/2020/01/mnemonic-technical-report-out-of-control-v1.0.pdf
3. Dating app @Grindr shared detailed user data with a large number of third parties. Data included the fact that you are using the app (clear indication of sexual orientation), IP address (personal data), Advertising ID, GPS location (very revealing), age, and gender. With help from mnemonic and Zach Edwards of Victory Medium, we analysed the data flow and the role of the various actors involved with data sharing from Grindr.
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(