Reporters from BR and Netzpolitik.org say they have received a data set containing 3.6 billion location data from smartphone apps from an American data dealer. They probably come from several million people in Germany, some of which can be used to reconstruct precise movement profiles because each data point is linked to a “mobile advertising ID” (MAID). Companies use such data to analyze people’s behavior and send them targeted advertising.
Advertisement
In the data set, BR and Netzpolitik.org According to his own statement Probably also found were movement profiles of several tens of thousands of people who work in security-relevant sectors, for example in offices of federal ministries, defense companies, the Office for the Protection of the Constitution, the Federal Intelligence Service and the Federal Criminal Police Office as well as military establishments in Germany. Although the profiles are not linked to names, in many cases the journalists were able to identify people based on their place of residence and work and to understand their complete daily routines.
BR quotes Konstantin von Notz, chairman of the Bundestag’s parliamentary control committee (PKGR). He sees a “relevant security problem”. Hostile states could use such data for espionage purposes. Notz’s deputy in the PKGR also considers the risk of espionage “extremely high”.
Privacy Risks
The report states that in some cases, a Google search was enough to identify the people behind the movement profiles, as the accumulation of location data makes it easy to determine where a person probably lives and works. This is especially easy for people who live in single-family homes. Journalists found advertising IDs in specialist psychiatric clinics, swingers clubs, brothels and prisons. Anna Wegscheider, a lawyer for HateAid, sees movement profiles as a major threat for people affected by digital violence, for example from stalkers.
The data collection is a free sample spanning approximately eight weeks in late 2023 and the reporter According to his own statement Received it for free from a US dealer. He contacted the dealer through an online marketplace called Datarade, which is operated by a German company. On the platform, many data traders will state that they obtain location data from things like weather, navigation, gaming and dating apps. Companies buy such data to show personalized ads to users.
A small fraction of global data trading
The current research under the title “Databroker Files” by Netzpolitik.org and BR was based on a comparatively small part of global data trading. “But the insights are enough to make a new dimension of mass surveillance visible,” writes Netzpolitik.org. To check the authenticity of the data, the identities of the affected people were checked in random samples. Movement profiles can often be used to find out which person is behind the ID.
Data journalists Ingo Dachwitz and Sebastian Meineck of Netzpolitik.org reported at the 37C3 conference in December 2024 that apps, websites, all smart devices, bonus programs, payment services such as credit cards and MasterCard, as well as providers of surveys and competitions provided personal data, including cookies IDs and a mobile advertising identifier (MAID), to data brokers. They “created large containers for people with similar characteristics.” From this, they created different segments that advertising customers could use via auction platforms with real-time bidding and book targeted ads.
(Application)
