1/ [thread] Just presented with Tor E Bjørnstad, from security firm mnemonic, at Sikkerhetssymposiet today. We talked about our work on #adtech and the out of control data collection & sharing event.dnd.no/siksymp/progra… #privacy #GDPR Image
2/ Tried to explain how tracking happens on our phone via our apps, with unique identifiers (such as Google ID) being passed on with other personal information to a wide range of actors. Details in our report is available here: forbrukerradet.no/out-of-control/ #adtech #privacy Image
3/ They combine this data with information taken from a large number of different sources. These profiles, which can be compared to a «digital twin» may have thousands of data points about who you are, what you like, how you feel, and how you are predicted to behave. Image
4/ This is now a billion-dollar industry that includes an enormous amount of companies, most of which we have never heard of. They all fulfill different roles in the ecosystem, although the lines between data broker, data supplier, and data user is often blurred. Image
5/ The data collected and profiles made about us, are then used to categorise us. Here are just some examples of categories advertisers can use to "reach" us. Or manipulate or discriminate us. Source: iabtechlab.com/standards/audi… Image
6/ mnemonic conducted the technical testing, with help from @WolfieChristl & @thezedwards. Some results:
- 135 identified advertising companies in the data
- 20 ad companies receiving GPS data
- 16 different situations where apps shared user data such as gender, age, sexual pref Image
7/ Many companies receive data from many apps. Google & Facebook very much present, but so are also lots of more "unknown" companies. This is line with findings with other research (eg: research by @acccgovau & @AppCensusInc accc.gov.au/system/files/1…). Just the tip of the iceberg Image
8/ For example: the technical analysis by mnemonic showed that @okcupid was sharing very personal information with a commercial third party. Image
9/ Another pretty shocking finding was the makeup app, @Perfect365 that:
- Shared data with 72 online advertising companies
- Shared the users location continuously

Location data is extremely sensitive data and the potential for misuse is enormous: nytimes.com/interactive/20… Image
10/ However, of the ten apps we researched, @Grindr, shared advertising ID, location data and in some cases sexual preferences, with commercial third parties. Needless to say, but most people want to keep such information private. Image
11/ What made matters worse, was their lack of proper consent & legal base for sharing. As an example, if you follow just one of the trails, this would be the potential sharing of this data Image
12/ Working with @maxschrems & @NOYBeu we filed legal complaints against @Grindr, @mopub, @OpenX @AppNexus @AdColony @Smaato for breaching the #GDPR - the adtech industry is #OutOfControl Image
13/ Also, we worked with 40+ consumer and civil rights groups from around the world, asking authorities to end these illegal activities: forbrukerradet.no/side/complaint…
14/ If you have read this far, I would also like to draw attention to the complaint on RTB by @johnnyryan @mikarv @jimkillock ++ brave.com/wp-content/upl… and updates: iccl.ie/human-rights/i…
15/ Needless to say, but this kind of data sharing & exploitation puts us all at risk of manipulation, discrimination and many other harms. Read more in our report, or see this recent study by @HKingaby
16/ Also, you should read the work by the excellent researcher @WolfieChristl - he has done a lot to document and expose this ecosystem: crackedlabs.org/en
17/ @privacyint has also done great research and litigation in this field:
18/ Also, want to call out the importance of international networks we are member of, making it possible to swiftly coordinate actions, such as @beuc @TACD_Consumers @Consumers_Int @anectweet

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Finn Lützow-Holm Myrstad

Finn Lützow-Holm Myrstad Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @finnmyrstad

7 Jul
A coalition of 14 companies is supporting our call to action on surveillance advertising! With companies such as @DuckDuckGo, @Vivaldibrowser, @Fastmail and many others: See more below: vivaldi.com/blog/letter-ba… #BanSurveillanceAdvertising 🧵
2. Your browser is your is key to internet experience. It also one of your keys to your privacy. @vivaldibrowser is a leading browser in this field, and they support #BanSurveillanceAdvertising
3. Private communications have been eroded by #BigTech the last 20 years. Alternatives are growing. Read post by Fastmail CEO, @BronGondwana. Fastmail is one of the 14 companies signing todays letter:
Read 11 tweets
26 Jan

Dating app @Grindr will be fined €10 million, 10% of global turnover for sharing personal data with commercial third parties in breach of the #GDPR, as a result of our legal complaint & report. forbrukerradet.no/news-in-englis… #privacy #adtech
2/ For context, see our work that led to this historic decision:
3 / working with, @noyb_eu & @MaxSchrems, we filed a complaint in January 2020. The decision by the DPA clearly states that Consent must be unambiguous, informed, specific and freely given. This is not the case with Grindr noyb.eu/en/gay-dating-…
Read 14 tweets
14 Jan 20
1. [thread] We are filing legal complaints against six companies based on our research, revealing systematic breaches to privacy, by shadowy #OutOfControl #adtech companies gathering & sharing heaps of personal data. forbrukerradet.no/out-of-control… #privacy
2. We observed how ten apps transmitted user data to at least 135 different third parties involved in advertising and/or behavioural profiling, exposing (yet again) a vast network of companies monetizing user data and using it for their own purposes. Technical testing conducted by cyber security firm, mnemonic. Technical report available here: https://fil.forbrukerradet.no/wp-content/uploads/2020/01/mnemonic-technical-report-out-of-control-v1.0.pdf
3. Dating app @Grindr shared detailed user data with a large number of third parties. Data included the fact that you are using the app (clear indication of sexual orientation), IP address (personal data), Advertising ID, GPS location (very revealing), age, and gender. With help from mnemonic and Zach Edwards of Victory Medium, we analysed the data flow and the role of the various actors involved with data sharing from Grindr.
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!