'Anonymized Data' Is A Gibberish Term, And Rampant Location Data Sales Is Still A Problem

from the doing-nothing-helpful dept

As companies and governments increasingly hoover up our personal data, a common refrain is that nothing can go wrong because the data itself is “anonymized” — or stripped of personal identifiers like social security numbers. But time and time again, studies have shown how this really is cold comfort, given it takes only a little effort to pretty quickly identify a person based on access to other data sets. Yet most companies, many privacy policy folk, and even government officials still like to act as if “anonymizing” your data actually something.

That’s a particular problem when it comes to user location data, which has been repeatedly abused by everybody from stalkers to law enforcement. The data, which is collected by wireless companies, app makers and others, is routinely bought and sold up and down a major chain of different companies and data brokers providing layers of deniability. Often with very little disclosure to or control by the user (though companies certainly like to pretend they’re being transparent and providing user control of what data is traded and sold).

For example, last year a company named Veraset handed over billions of location data records to the DC government as part of a COVID tracking effort, something revealed courtesy of a FOIA request by the EFF. While there’s no evidence the data was abused in this instance, EFF technologist Bennett Cyphers told the Washington Post Veraset is one of countless companies allowed to operate so non-transparently. Nobody even knows where the datasets they’re selling and trading are coming from:

“A lot of these data brokers? existence depends on people not knowing too much about them because they?re universally unpopular,? Cyphers said. ?Veraset refuses to reveal even how they get their data or which apps they purchase it from, and I think that?s because if anyone realized the app you?re using ? also opts you into having your location data sold on the open market, people would be angry and creeped out.”

While a long list of companies continue to insist that the massive scale this data is bought and sold at is no big deal because the data is “anonymous,” experts (with mixed success) keep pointing out that’s not really true:

“If you look at a map of where a device spends its time, you can learn a lot: where you sleep at night, where you work, where you eat lunch, what bars and parks you go to,? Cyphers said. Because of that, he added, it?s extremely simple ?to associate one of these location traces to a real person.”

After major location data scandals at both Securus and wireless carriers, it looked like we might see actual reform on this front, but those efforts have largely stalled. Bills specifically targeting location data have gone nowhere. The occasional fines levied against such companies are a tiny fraction of the revenues made from the data in the first place. And our 20-year effort to have anything even vaguely resembling a useful federal privacy law for the internet era remains mired in gridlock thanks to a massive coalition of cross industry lobbying opposition with a near-unlimited budget.

Which means most of these companies are going to keep collecting and selling access to this data, while pretending they don’t sell access, that the data they collect is anonymous and harmless, and that absolutely any oversight or transparency requirements are unnecessary. And the parade of scandals, breaches, and abuse of this data will continue, until eventually there’s a scandal so large that the problem can no longer be cavalierly brushed aside.

Filed Under: , ,
Companies: veraset

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “'Anonymized Data' Is A Gibberish Term, And Rampant Location Data Sales Is Still A Problem”

Subscribe: RSS Leave a comment
TaboToka (profile) says:


You know if you asked these brokers/companies how they specifically anonymized the data, you would be a) ignored, b) lied to or c) denied due to ‘trade secrets’

If nothing else, I’d like to know how a data set is anonymized, what data fields are in the set and to be able to see my own ‘anonymized’ data records.

Anonymous Coward says:

There may be....

"a scandal so large that the problem can no longer be cavalierly brushed aside", but I doubt that there is a scandal so large that it cannot be forgotten, given enough time.

The abusers know this, so if such a scandal hits, they will orchestrate a massive "do something" runaround that doesn’t actually achieve anything and keep it going until we the people forget the original scandal.

sumgai (profile) says:

Re: Re:

The first thing I would’ve asked this clown was "Did your parents give you first and last names? Did they use these names throughout your childhood? And did you answer to either of those names because you knew you were being singled out from every one else….. i.e. identified?"

If you get a deer-in-the-headlights look, or more likely, a ration of "I’m in charge, don’t question me!", tell the people who hired this asshat that he’s incompetent. (Being as this was online, substitute "company" for "he" or "him".)

Thad (profile) says:

Re: Re: Re:

I’ve learned not to bother.

One company I worked at (okay it was GoDaddy) my first week I had to take this online security test which, among other things, recommended that you comply with the "mixed case plus symbols" requirement by starting your password with a capital letter and ending with an exclamation point.

I e-mailed the security team to let them know this was terrible advice. Never heard back.

That was…2013, I think? I’m sure they’re not using that test anymore (because it was Flash-based), but that doesn’t mean whatever test they’re using now is any better.

culturebomb (profile) says:


Now that sounds like an excellent way to make a “fraudulent” business which can’t actually be convicted of anything fraudulent.

Pretend you have way to correlate email addresses with consumption of various products. Refuse to reveal anything about the sources, only say you’re using generative AI to analyze the source data. In reality, the data is entirely fabricated.

If you manage to sell this to a data broker, good job you have made the world just slightly better.

ECA (profile) says:

wasnt long ago,

that the adverts I would see on Roku, and the internet, trying to show my location were off by over 40 miles, and farther in the past, it was around 100 miles.
At this time, they are within 10 miles, and even naming my town.
But who has released this data?
My router? Which has been registered in my name, and has a # in it specific to this device. which the ISP needs.

OR even the gov. forcing this data to Come out and matching all the random data. It has been shown over time that with enough Data, they can Finally figure out Enough about all of us.

What logic can we figure out that would interconnect us to the Whole system to be Easily identified. Between your router and modem, which both has a NICE intricate numbers, what would it take and Who to hack to get this?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...