Private Intel Firm Buys Location Data to Track People to their 'Doorstep'

A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples' phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their "doorstep." From a report: The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals. HYAS' location data comes from X-Mode, a company that started with an app named "Drunk Mode," designed to prevent college students from making drunk phone calls and has since pivoted to selling user data from a wide swath of apps. Apps that mention X-Mode in their privacy policies include Perfect365, a beauty app, and other innocuous looking apps such as an MP3 file converter. "As a TI [threat intelligence] tool it's incredible, but ethically it stinks," a source in the threat intelligence industry who received a demo of HYAS' product told Motherboard.

What about AMD

[Anonymous Coward]

What will AMD do to combat this?

If you don't like it, let it go.

[Brain-Fu]

You think you need those apps, but you don't. Don't let your life be ruled by an addiction.

Seriously, how terrible would it be if the ONLY times you signed in to Facebook were in the morning before work, and in the evening after you were back home? Twice a day, every day is already 730 times more than anyone actually needs, including you. And you can get this level of a fix without even owning a smartphone.

Same goes for playing candy crush. When you are on the bus or whatever, just take a moment to brea

Re:

[Actually, I do RTFA]

Alternatively, a phone OS could let me control what, if any, data an app can get on me. Maps need GPS, but few other other things do. Similarly, few things need access to contracts or even a network connection.

There is difference between optional and mandatory

[TuballoyThunder]

In theory, the argument that you agreed to the TOS holds true, thus to bad.

That said some services or apps are not optional or nice to have. For example, using your bank's app is rapidly becoming mandatory. Another example is cellphone service. IMHO, services/apps that have become mandatory should be regulated with stringent privacy requirements.

Where it becomes particularly annoying is when things happen and you have no say. For example, your mortgage can be sold to another company that has a shitty privacy policy and you have no say in the sale.

Re:There is difference between optional and mandat

[DogDude]

For example, using your bank's app is rapidly becoming mandatory.

I don't know what kind of shitty bank you use, but you should run, (don't walk) to your local credit union. I wouldn't ever access a financial account from a cell phone unless I was very broke and literally had nothing to lose.

Re:

[anegg]

"I don't know what kind of shitty bank you use, but you should run, (don't walk) to your local credit union. I wouldn't ever access a financial account from a cell phone unless I was very broke and literally had nothing to lose."

This, in spades. Using a mobile phone to access financial services is just plain stupid.

Re: There is difference between optional and manda

[TuballoyThunder]

My bank is fine in terms of not requiring app access--I'm speaking about the long term trend. As banks (and credit unions) close physical locations and shift to virtual banking, the reliance on web and app access increases.

Re: There is difference between optional and manda

[TuballoyThunder]

And credit unions have become just as bad as banks. Once upon a time telling people to use a credit union was good advice, now caveat emptor.

Re:

[DogDude]

They're not all great, no, but by their very definition of being non-profit, they tend to be much, much better than banks. I ran into one credit union that wasn't great, but it wasn't as malicious as banks. It was just poorly run.

Re:

[TuballoyThunder]

Which goes back to my statement "caveat emptor." I'm with you 100% on the theoretical advantage that credit unions had, but the large ones are essentially indistinguishable from banks. There are so many ways to fit under the "not for profit" rules that they can avoid distributing surplus funds to members.

I generally default to less regulation, but in areas where buffoonery can have large consequences, either government or industry (as in an independent body) regulation is necessary. One-sided contracts

Freedumb

[mspohr]

It's odd to see people get all bent out of shape about "big guvmt" when they don't seem to mind corporations tracking their every move.
Wake up, people. The threat is not the government. The threat is our corporate overlords.

Nobody ...

[PPH]

... is tracking me to my doorstep [youtu.be].

I look for the guy for the erotic relations.

[DianneWeby]

I look for the guy for the erotic relations. I will communicate to you.Adds to my friends =>> https://kutt.it/ggeK3p [kutt.it]

HYAS company

[Sebby]

Ah, So HYAS [hyas.com] is in the privacy raping business.

GTA (Guess That Acronym)!

[mADneSs]

HYAS = Here You Are, Sucker!

They ran "BorderlessInternet.com" DNS service

[Sebby]

The name HYAS sounded familiar - then I realized these are the guys that (pretended?) to run the (now defunct) BorderlessInternet [borderlessinternet.com] DNS service to bypass geolocation, etc. for getting access to services like Netfilx in 'other countries' than were you were.

So it seems they've been playing this cloaking game for a while now.