Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Privacy Advertising Cellphones The Almighty Buck Verizon

Carriers Selling Your Data: a $24 Billion Business ( 125

An anonymous reader writes: It goes without saying that cellphone carriers have access to tons of data about their subscribers. They have data about who you call, what sites you visit, and even where you're located. Now: "Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data." The article describes some of the ways this data is used by marketers: "The service also combines data from telcos with other information, telling businesses whether shoppers are checking out competitor prices on their phones or just emailing friends. It can tell them the age ranges and genders of people who visited a store location between 10 a.m. and noon, and link location and demographic data with shoppers' web browsing history. Retailers might use the information to arrange store displays to appeal to certain customer segments at different times of the day, or to help determine where to open new locations." Analysts estimate this fledgling industry to be worth about $24 billion to the carriers, and they project huge growth over the next several years. The carriers are trying to keep it a tightly held secret after seeing the backlash from the public in response to government snooping, which involves much less private data.
This discussion has been archived. No new comments can be posted.

Carriers Selling Your Data: a $24 Billion Business

Comments Filter:
  • Profit from you (Score:4, Insightful)

    by Anonymous Coward on Wednesday October 28, 2015 @12:41AM (#50815055)

    Of course all this private data lets the marketers profit from you. It's you that ultimately pay for this. If they couldn't milk more profit by buying this data, then it wouldn't be worth buying!

    $2 billion will be spent on elections this cycle, and a lot of that will be buying up the private data of candidates, their campaigners, their families to look for what papers they've read, what facts they're reviewed, and so on. Choicepoint is still there under a different name, still analyzing your vote, and demographic and looking for ways to skew the vote. Now it has access to everything from your purchases to your movements, who you are with, etc.:

    And the $10 billion dollar gorilla in the room.... the NSA. If you *consent* to the sale by clicking an EULA you never read, then who needs to redefine laws? They are simply buying the data just like Bob the sleezy marketer.

    And if Congress wants to pass privacy laws.... all those actors will oppose it behind the scenes.

    • by AHuxley ( 892839 )
      Re "And if Congress wants to pass privacy laws.... all those actors will oppose it behind the scenes."
      Yes the idea to remove "personally identifiable information" by “the extent feasible” was an amendment that failed.
      The US brands can collect all they want and sell in any form they want.. as collected.
      The other option was to try and secure personally identifiable information when it was collected/found/given to the US gov.
      That failed. The US gov can get and keep the personally identifiable
    • by frup ( 998325 )

      So you pay tax so that an entity that represents you can purchase what belongs to you off someone else? Sounds like a Ponzi scheme would be a better investment to be honest.

  • by Anonymous Coward

    I wrote up a way to solve this a long time ago. Too bad we as a society don't bother to fix things. Silly arguments like protecting existing companies business models seem to win over protecting people:

    Phones connect to the nearest cell tower, and identify themselves. The matching of a phone's signal to a particular phone/SIM/person is done for 2 reasons: so they can be notified in the event of a call, or other incoming connection request, and for billing (only paying customers can use the service).

    In short

    • by geggo98 ( 835161 )

      Your idea is theoretical feasible. Practically it doesn't fit to the existing network infrastructure. In the current networks there are lots of fixed IDs and the network can't deal at all with changes on this IDs. So you would have to exchange all the network elements on every layers, because they all use some fixed IDs. But when you change all the network elements, from the base stations over the network gateways up to the authentication and policy elements, than you are factually building a completely ne

    • Once you're on the run because ATT planted the evidence they decided to frame you with and then anonymously tipped off the feds.......promise you'll use a display computer at Radio Shack or something to let the rest of us know what's going on. And don't waste time asking us to know we won't be able to. Stick to stuff you think we'll find amusing, MEMEable or is sure to kick off a massive Google vs Apple vs MS flame war.

  • by ohnocitizen ( 1951674 ) on Wednesday October 28, 2015 @12:47AM (#50815067)
    When we hear about free services snooping on you, people are quick to say "Free service? You are the product" and "not surprised". Yet we pay our telcos (sometimes ridiculous sums of money), and we are STILL the product. And guess what? The degree to which we allow ANY company or government agency to snoop on us allows the rest to get away with more too. So if we want to take a stand to keep some shreds of privacy intact, we need to take a powerful pro-privacy stance. We need to punish ANY organization that goes too far invading privacy, and establish laws and regulations to give us teeth for when they violate that privacy. And we need to stop reacting to news of privacy violations with dull acceptance. We need to fight back and one of our best tools available is to campaign hard to regulate the industry.
    • by Anonymous Coward

      Actually, we quite like it when corporations have that data.
      -Your Government

    • Nah, with the new bills passing, and the government hand in hand with these companies, we're boned. No help is on the way. Nobody on your side, because you're not seeing things the right way. I hate to be a doomssayer but, historically we've been here before. You can't convince a guy who gets paid gratuitiously to use a hammer that people aren't nails. You're against it? Here's money. Still against it? I'm giving your competetors money. Still against it? Oh, you use Comcast or Verizon perhaps? It
      • Use a prepaid burner smartphone. Pay for the phone and each month's activation using cash. Give bogus contact information (here, the retailer can't ask to see ID).

        If everyone did this all "they" would have is a bunch of calls and texts from one anonymous number to another, and anonymous browser history. Throw in a bogus Facebook account, throwaway email account, and encrypted texts and emails, you're done.

        • There are two problems with what you suggest:
          1. Privacy is not most people's number one priority - using the communication device / data consumption device to do those things is the number one priority. Privacy is a nice benefit on top. This does not describe everybody obviously, but it is the mainstream. I prefer to use my phone to look at things that I'm interested in, and I don't care too much about privacy.
          2. It wouldn't work. Every month you would have to exchange new contact information with your soci

          • You wouldn't have to exchange new contact info every month. Once is enough. Just pay for the renewal in cash at the corner store or any other place that supports pre-paid plans. No ID required. And since the information in your client profile is false, browse anything you want - it isn't tied to the real-life you. And "social network"? You exchange the info off-line. Seriously, if you're that dependent on facebook and twitter to have a social life, you need to get out more anyway.
            • Ok, so say you buy an anonymous phone just once. How long will it remain anonymous? Everyone has a particular set of interests that could be mined from their traffic. That adds up to a signature over time. Physical location patterns refine that signature. Common overnight locations predict address. Common daytime patterns predict employment. Just because you did not explicitly register real contact info does not mean that it is not implied by usage.

              • All that still only points to an unknown person, unless you (1) live in a deserted neighborhood like parts of Detroit, (2) are the only one working at your place of employment, (3) only shop at stores when they are otherwise deserted (though the cops will want to talk to you about breaking into an empty store and seeing you on video) , etc.
                • Well... Perhaps your estimate of how much information is required to uniquely identify an individual is a little off. Consider this [] or any of the similar studies. Far less weakly identifying data is required than your estimate. Address (to within 30ft by tower triangulation), employer, typical shopping habits and a peak at somebodies browser history is more than enough. Traffic analysis of their frequent contacts pins down a lot of tricky cases.

                  And that is if you are just trying this on a single person. It

                  • You miss the point - all that data matches a non-existent person, since you can give a bogus name and address when you pay full price for a smartphone.

                    So what are they going to do with that bogus profile? It's worthless.

                    • No, I see the point. Just because the suplied name is bogus does not make the profile any less real. Labels are easy to fix.

                    • And in this case as easy to "unfix" as getting another burner phone. Do this every few years when you need a new phone. Prostitutes will sell their burner phones on craigslist or kijiji every few months and buy a new one using another bogus name for very obvious reasons.
                    • You seem to be under the illusion that changing the phone-number will change the profile. The profile is a mixture of location and interested based information mined from the way in the which the phone is used. If another phone is used the same way then it will generate the same profile. Switching burners is not a fix.

                    • That's like saying 2 32-bit hashes on different values will always be unique - and their techniques are nowhere near that fine-grained. Switch the phone when you move. Problem solved.

                      However, you miss the point - your profile isn't you. They would actually have to do some legwork to tie it to you as an individual, and advertisers aren't going to do that. And the government already knows who I am.

                      Really, advertisers tracking me is a waste of time. A TOTAL waste of time. The only problem I have with it i

                • Would it? What would happen the first time you logged into your reddit account. They could connect you with existing data, or data bought from some other data bank. Log into your brothers Netflix account, etc etc, it would either connect you with your real identity or create enough of a signature to serve you related ads anyway, accomplishing their goal either way.

                  • You create a new reddit account, duh! As for Netflix, don't need it, don't want it, never used it.
                    • OK, you may not need NefFlix, but there will be some service on the internet that you will use, undoubtedly. Even if you use different accounts for each one, at some point, you will log in to at least two from the same device, and bam, they combined disparate pieces to learn more about you.

                      Worse if one of those accounts is paid, where you have payment info saved that would include your real name and address. The cat is out of the bag, I think, and it's near impossible to escape this sort of big data harve

                    • Prepaid smartphones don't have to have your real name and address. No "the cat is out of the bag" there. They can generate profiles all they want, but it won't connect to the real you, just an internet doppelganger.
                    • It isn't the device you use. You can buy a laptop for cash, it would be just as anonymous. Logging into your usually services is what will start slowly giving you away. Unless you don't want to do anything online that has any retention of your data.

                    • It isn't the device you use. You can buy a laptop for cash, it would be just as anonymous. Logging into your usually services is what will start slowly giving you away. Unless you don't want to do anything online that has any retention of your data.

                      Not if you create new accounts ... which is really, really easy to do.

        • by Anonymous Coward

          The only reason to have a phone is to communicate with people you know. They don't really give a fuck what you say, your networks are already enough to put you on a targeted kill list.

          Buying burner devices won't cut it. Using bogus data will only elevate your profile.

          • Using bogus data won't elevate YOUR profile, because it's bogus data. Until they can connect it to you, who cares? Give your new number to people you know IN PERSON and you're all good. And if you don't know them in person, why talk to them? Just ignore it, same as other phone spam.
            • You should also instruct the people you gave your number to never use your name during a phone call. Also turn off your phone when you're not using it, you'd need to only power it when you're expecting a call, or simply use it for outgoing calls only. You'd also need a phone with no camera.

              Or the companies and the government could just not do all of this privacy invasion. But that's radical.
              • As long as they use the pseudonym, all is good - it just reinforces the existence of the bogus identity as "real." Check your texts - how many times has someone who has sent you a text referred to you by name in the body of the text? Mine is zero. Same for outgoing texts - each party already knows who they're communicating with.

                Serving ads? Ghostery, adblock, hosts, etc. Even grandmothers can use these with no difficulty.

    • If any one was wondering why google is pushing project Fi, behold! Google of course is best positioned not only to sell this data but correlate it across all your other tracking data. If you use their DNS or chrome or search hints at home or on their browser then they know every website you visit. Project Fi completes their mobile domination of your personal movement. No wonder the price of Project Fi is attractive.

      • by Holi ( 250190 )
        Thankfully the service sucks.
      • by Rob Y. ( 110975 )

        Then I suppose you concede that Android isn't already tracking every website you visit (the usual Google paranoic's rant). Because if it were, project Fi would add no new info to the mix.

        What we need is for the government to define the parameters of legal tracking. What the credit card companies already do is worse than what Google does. Selling personal info to anonymous third parties is over the line. Presenting ads for third parties anonymously to you is a different thing. You may not like it - and

      • Google of course is best positioned not only to sell this data

    • One quick and easy way would be apply copyright and other IP protections on individual data.
      After all it has worked so well for corporations why not give some benefit to individual with same rules.

      There it is, no need for any new legislation corporations have already provided solution for once.
  • by Anonymous Coward

    Carriers get help also from their more traditional network partners:
    "Nokia Ad Analytics opens up a new revenue stream for operators by offering value-add data to the advertising industry. It works in cooperation between operators, advertising companies and Nokia. The service extracts the right data from operator networks, anonymizes it, analyzes it according to target segments specified by the advertising agency, and enriches it with location data from maps and demographic data from public sources."


  • You agreed to the EULA. This isn't under any radar - It's what you agreed to.

    • was this in section 5.b.iv, on page 33, or section 8.e.xi, on page 64? I'm getting confused even though I read through the entire document in detail.

    • Actually no you didn't. That was pointed out in the article. So fuck off.
  • the example in the summary is actually kind of interesting and sounds like a valid use for detailed yet anonymized data. the creepy stuff is when they use uber detailed stuff to serve you ads elsewhere in your life.

    • by Anonymous Coward on Wednesday October 28, 2015 @01:23AM (#50815141)

      Even aggregate data has its malicious uses, but such data is rarely anonymous. Remember the AOL search history release?

      AOL released the "ANONYMIZED" search history of its users, only to find it was quite easy to datamine their identity... just from this one set of data. If you have multiple sets, it becomes trivial to do so. e.g. they visit the pizza ordering page, you have the customer list for the pizza place, so you know that that user's details, and by extension all of the other stuff, and if their searches contain "Herpes cures" and "Herpes Clinic", then I wouldn't share a pizza with them.

      Even as aggregate data it can be misused. Recall Choicepoint?

      They were the company that analyzed the voting roll in swing states for likely Democrat voters, then analyzed for matching names in other states to create "scrub lists", lists of people to be scrubbed from the electoral role on false claim of fraud. So if Bob Jones in Florida was likely to vote Democrat, they'd find another Bob Jones in another state, and add him to the scrub list to block his vote.

      By analyzing the individual wards for bias, they could determine which wards should receive defective voting machines to swing the vote. Hanging chads were not randomly distributed. Those faulty machines were sent largely to black districts.

      That was AGGREGATE data, they didn't know how an individual "Bob Jones" would vote, they knew the voting likelihood of his demographic.

      One of the tricks used was to send "confirm your residency to be allowed to vote" letters out.... to students (students on *aggregate* vote Democrat) during the summer break requiring a signature from them on receipt. So the student was away on holiday, couldn't get the letter and wouldn't be allowed to vote. The vote was during term time, so they knew the student would be there for the vote, but not for the letter.

      This data would let them fine tune such strategies, and often (see AOL) down to individuals.

      • by Anonymous Coward

        Imagine I'm an employer and I buy the local set of phone location tracks, that are 'anonymous'.

        I have my employees home addresses, a GIS database gives me the corresponding GPS coordinates, (data point1), I know the factory GPS coordinates (data point 2), so I can then filter that data using those two points to determine what 'anonymous' data corresponds to each of my employees.

        Now I have effective tracking of my employees, and I can link in their search history, their friends, any hospitals, any bad habits

        • by Anonymous Coward

          If you didn't want to be tracked, why did you buy a tracking device? Really, you guys are stupid. You complain about being tracked while you walk around with a device in your pocket that transmits your location regularly to a third party. Oh right, you *HAVE* to have a tracking device. The human race somehow lived without them before 2005.

          • by Cederic ( 9623 )

            Is it unreasonable to expect someone to track you only to the extent required to provide the service you're buying from them, and not to use that data for other abusive purposes?

            • by tnk1 ( 899206 )

              It's not unreasonable, it's just unrealistic. As long as they have the power to do so, someone is going to keep noticing that they have this data and try and make money off of it.

              Having said that, I'm not entirely certain how you'd stop that. Regulations and laws are nice and all, but if they can just put loopholes in those laws, it's almost worse because it's now not only allowed, but legalized.

              My only suggestion is to just understand that what you do on your phone and on the network is now, in many ways

      • by TheRaven64 ( 641858 ) on Wednesday October 28, 2015 @06:31AM (#50815639) Journal
        ChoicePoint is obviously evil. The more subtle one is one of the services that Facebook offers. In most elections, a large percentage of voters either won't vote, or will vote for a particular party and won't have their minds changed by anything. This means that the election is usually decided by the swing voters - the 5-10% who are undecided. Facebook can, fairly accurately, identify who the swing voters are and, for each one what issues they find most important. More than that, it is willing to sell this information and to sell targeted advertising space. You can buy ads to target swing voters in constituency X, who think that issue Y is important. They'll only see the ad showing that your candidate has strong views that align with theirs on that issue. Someone else will see ads showing that the most important issue for your candidate is the thing that they care about. This is far harder to detect than something as blunt as ChoicePoint. The people seeing the ads have no idea that they're targeted, they only know that a particular candidate looks as if he or she really understands the issue of importance to them.
        • by AmiMoJo ( 196126 )

          We really need to do away with having elected representatives deciding everything on our behalf. It made sense when an election was a big, expensive and difficult to organize event. These days there is no reason why we couldn't vote on individual issues regularly, at a cost far lower than what we pay to maintain all these representatives.

          • But there has to be some bigger picture thinking too. Individually, the polls for reducing taxes on medicine, reducing taxes in food, and increased spending on education might all get favourable response. But together they might not add up.

            If only revenue neutral proposals are polled, there needs to be someone to craft the proposal who will have a huge power which can be abused.

  • by Anonymous Coward

    And we still pay more per customer than any country on earth for wireless service.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      You appear to be confused. This is capitalism. The aim of capitalism is to maximize profits, not to minimize consumer cost.

  • by dltaylor ( 7510 ) on Wednesday October 28, 2015 @01:18AM (#50815129)

    The latest software update for my phone was loaded with this kind of carrier (Virgin Mobile on Sprint) crap (yes, I have complained to VM, but no, they're not going to take it back). Fortunately, HTC has tools to delete things from the "ROM", so it isn't permanent on the phone I have.

    • by AmiMoJo ( 196126 )

      Seems like adding spyware after you bought the device would be illegal. At the very least you should be presented with a new EULA, which you could then decline. Removing privacy features after you bought the device seems like tampering with your hardware and altering an agreed contract.

  • by Anonymous Coward on Wednesday October 28, 2015 @01:26AM (#50815151)

    From the article:

    It "tells you where your consumers are coming from, because obviously the mobile operator knows their home location,"

    SAP receives non-personally-identifiable, anonymized information from telcos,

    If they know where you live, you aren't anonymous. This is yet another example of ineffective "token anonymization" so they can say its anonymized while laughing as they automatically de-anonymize it.

  • by Anonymous Coward

    "What is your hypothetical administration going to do to end this nonsense of the federal government spying on it's citizens without a warrant when:
    1- Historical information shows clearly that incidents of crime and terrorism have not been reduced in a credible way by warrantless wiretapping of citizens.
    2- Warrantless wiretapping has lead to trials where the first and fourth amendment rights of the defendants has been largely ignored
    3- Eviden

    • by 0123456 ( 636235 )

      This situation is unacceptable, and you don't stay in business by screwing over your customers.

      You do, when the government makes you a monopoly and keeps competition out of the market.

    • by jbengt ( 874751 )

      Ask Donald Trump, Ask Hillary Clinton, ask Bernie Sanders etc..

      At least Bernie Sanders was against CISA.

  • by presidenteloco ( 659168 ) on Wednesday October 28, 2015 @02:23AM (#50815263)

    If the old-school telephone companies hired people to listen in to your phone calls then sold the info to the highest bidder.
    Or the post office routinely steaming open the envelopes of your letters and selling the info, or using it to extort you.

    If this sh*t ain't against the law it should be.

    They're a common carrier and nothing more. Get off my lawn.

    • by Anonymous Coward

      No it isn't. The old school telephone companies ALSO kept records of who called who. How do you think you were billed? The Post Office also kept records of what mail you sent, and who you sent it to. They ALSO *gasp* can attach that to your home address AND bank account (how else do you pay your bill)?

      Really this isn't a big deal. If you use their network, you can be tracked. If you care enough not to be tracked then use a burner phone, or *GASP* NO MOBILE PHONE AT ALL!

    • As much as we harp on NSA abuses what they do to the average person pales in comparison to how far up your ass with a flashlight corporations and allowed to go with just a check mark in the terms of service acceptance check box. I really feel PAID services should be required to offer a disagree check box that still allows you to purchase service while giving the provider zero rights to tread on your privacy. That of course would not stop data brokers from collecting info on everyone since they don't need co

  • by Anonymous Coward

    is MORE than the combined net revenues of every wireless carrier in the U.S, including their non-cellular based businesses (interconnects, short and long haul networks, wireline, cable tv, advertising, publishing, etc).

    • Should be the size of the yearly lawsuit to pay the people back the money earned off the snooping. You make 24 billion off me and my peers? I expect a fucking check. Who wants to start the lawsuit? Let's make a class. Where you at, lawyers?
  • by Anonymous Coward

    Aren't we supposed to be trusting these pricks like Verizon, Sprint, Microsoft, etc? I mean isn't all data just an ocean of data that everybody in the world just gets to swim around in? Why would we even want privacy? Don't we want to enhance our user experiences like Microsoft says? Shouldn't Target and Walmart and Amazon and Sears and Macy's and Safeway and Newegg and Rite Aid and Walgreen's

  • by koan ( 80826 )

    Some how I feel like this is what CISA is all about, and not security.

  • And I expect my comments to be completely ignored.
  • by TheGratefulNet ( 143330 ) on Wednesday October 28, 2015 @09:35AM (#50816301)

    but I'm on android 4.x and 4.x is marked 'wont fix' by google and their vpn (ipsec, I think; not sure which component is broken) just will not work. []

    hey google fans, care to try to defend google, here?

    I'm not able to (easily) upgrade beyond 4.x on my phone and vpn is still broken. do you guys find this behavior (wontfix) acceptable?

    I sure wish I could run my vpn again. funny that on my ancient nexus one (which is stuck on 2.2) runs the vpn software just fine. and I know that on a 5.x phone it also runs fine. why google ignores this show-stopper bug, I have no idea; but 'upgrade to a new phone' is never a good answer when its JUST a software fix that lazy-assed google refused to backport.

    • If you are not willing to design and fabricate your own SoC and build a phone around it then I guess you don't really care about privacy.

  • 'nuff said. They can all drown in a lake of fire.
  • Either we're paying clients and they don't do this shit or we get free services in exchange for the carriers being able to sell our data. There has to be laws against being able to do both.

    Fight for your bitcoins! []

  • by Anonymous Coward

    I've always known posting as AC only gives me the illusion of anonymity online.

    My name is Tom, nice to meet everyone. Thanks for the one time I got modded up.

  • Leave the phone at home. Alternate solution: buy something like this. []

"Even if you're on the right track, you'll get run over if you just sit there." -- Will Rogers