NSA and CIA spied on by using data harvesting advertiser networks

&gt; Pulling up a Google Maps-like satellite view, the sales rep showed the NSA’s headquarters in Fort Meade, Maryland, and the CIA’s headquarters in Langley, Virginia.<p>&gt; Clicking on one of dots from the NSA allowed Clark to follow that individual’s exact movements, virtually every moment of their life, from that previous year until the present.

Anyone with a seat on a prominent ad exchange gets access to the millions of requests per second that include IDFA&#x2F;AAID, a timestamp, the request source (e.g. app or web URL) and the likely location of the device to be used as a targeting option-- in some cases the device&#x27;s phone number may even be populated in requests. Anyone with the resources can store (probably violating exchange&#x27;s TOS) this firehose of data and do something similar. De-anonymizing the IDFA&#x2F;AAID is probably pretty trivial, so who knows who else has this information-- essentially anyone posing as a DSP or advertiser on an exchange.

Article title is &quot;AMERICAN PHONE-TRACKING FIRM DEMO’D SURVEILLANCE POWERS BY SPYING ON CIA AND NSA&quot;.<p>I think that&#x27;s much clearer than the submission title, which took me a few rereads to parse.

I would imagine this requires location access enabled for the app?<p>Credit to Apple for trying to rein in location access in apps. However, if location access is only enabled while using the app, it would then obviously get shared when positing and reading Twitter. That means even if you look at Twitter or Instagram once a day, then that builds a pretty good location history.<p>The real question is why would Twitter include GPS data in firehouse access? Seems like a serious privacy violation and obvious one at that. The President and other officials around the world look at Twitter. Seems like serious negligence on Twitter’s part.<p>We cannot count on people being paranoid about their location data like tech savvy people are. Maybe it’s time to limit location access to just Maps and any other app must justify location access, and also be verified not to share that data.

Android &#x27;improve location accuracy&#x27; seems to hunt for previously geocoded wifi beacons, to locate those people who have their phone GPS disabled. It&#x27;s surprising to me how people are willing to allow their phones to send this info to data brokers.

Someone in the industry once told me that it&#x27;s common knowledge that what the NSA and CIA does with this data is then being sold to Saudi Arabia. The money just goes around and around.

Title would be less confusing if it said &quot;were spied on&quot;

A taste of their own medicine, eh?