Verizon and At&t are being scrutinized for allegedly creating mobile websites that extract personal info from its users. Without customer consent, the data is sold to the highest bidders in the private and public sector. Phillip Neustrom of Shotwell Labs blogged about it last week saying, “These services are using your mobile phone’s IP address to look up your phone number, your billing information and possibly your phone’s current location as provided by cell phone towers (no GPS or phone location services required).” This isn’t the first time Verizon has been caught in the crosshairs of privacy and business ethics. In 2014, Verizon was discovered running a Unique Identifier Header (UIDH) that was an “undeletable supercookie” able to track and record personal info. At&t quickly shut their version down after harsh customer disapproval. Verizon, on the other hand, didn’t come to terms with FCC’s demands until March of last year. They were now required to receive positive consent before they start collecting data. However, as Nuestrom found out, mobile providers are doing very little to verify consent and secure user data.
Information is shown in the danalinc.com demo interface. Shotwell Labs. blacked out some fields. Cell tower provided location data is also sometimes shown. Photo by Shotwell Labs.
Many of these platforms take visitors on their word that they either are the verified user or they received consent from the user to access their information. These tracker websites don’t even have a text or email verification which is the bare minimum of online security. These loose consent policies allow surveillance of any person to occur without proper oversight doing away with the obligation providers have to honor user privacy. And from the looks of it, there’s no telling how this data will be managed once captured. Nuestrom stressed in his blog that, “US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third-party services — not just federal law enforcement officials — who are then selling access to that data.”
For most, the reality of their personal info being hidden in plain sight is nothing new. Users are willingly taking a risk every time they surf the net or browse a site. Moreover, tracking activity has always and will continue to be a valuable tool if utilized for ethical purposes. For instance, Payfone allows customers to authenticate a mobile login attempt by accessing who and where the attempt occurred. The company’s CEO, Rodger Desai, replied to concerns regarding consent telling Tech Crunch, “There is a very rigorous framework of security and data privacy consent. The main issue is that with all the legitimate mobile change events fraudsters get in…”
Desai has a point given that mobile carriers update their systems all the time making it hard for apps to adapt. Meanwhile, telecommunications is becoming more and more sophisticated causing the value of customer privacy to get lost in translation. Of course, the tracker sites were taken down shortly after Nuestrom’s blog post, but they probably won’t be the last.
How do you feel about these deceptive sites and should mobile companies be held responsible? Let us know what you think!
##
Subscribe to our newsletter! We love hearing back from you and read your comments and suggestions.
Remember to follow The Scope Weekly on Twitter and Facebook and Instagram! We love hearing back from you and read your comments and suggestions.
If you would like to become a contributor to The Scope Weekly, read our submission guidelines, and apply. For product reviews, click here. We welcome your ideas and recommendations.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
