Discussion
CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements
tototrains: Duh, what do you think we were building for the last 10 years? Does anyone with two brain cells think that corporate surveillance wasn't going to be co-opted by authoritarianism?The only people who didn't understand this were either delusional or being paid not to.
hsbauauvhabzb: I’m not sure that’s fair, the majority of the American population are pretty dumb due to the poor education system. Most weren’t alive for WW2 so they’ve not come very close to an authoritarian threat in the past either.
coliveira: The poor education system is correct, but that is by design.
legitster: Cell-site location information (CSLI) is not available to apps or adware and is protected by the Fourth Amendment.
coliveira: Yes, some people really didn't expect that billionaires without any moral compass would do this...
dzdt: Is this something European style privacy laws would protect against? Though given the US political situation we are far from being able to enact any kind of anti-authoritarian protections...
orthoxerox: That's Scroogled (2007) by Cory Doctorow! Life imitates art, again.https://web.archive.org/web/20070920193501/http://www.radaro...
GaryBluto: Thanks for that. Good story.
hightrix: Yet another reminder that everyone everywhere should be blocking all ads all the time. I don't say that lightly as absolutes tend to not be the appropriate solution, but an absolute stance of blocking ads is appropriate.
derwiki: 100%, this has been my soap box for years.A very easy, effective, multi-layer setup:1. Browser adblocker2. Pi hole running locally3. Pi hole at your home network router levelAnd 4, not as easy but effective, a firewall like Little SnitchEdit: the other good news is your old data loses value quickly, so starting today is still very effective: you haven’t missed the boat yet!
unethical_ban: IPv6 addresses, particularly hardlines, are often accurate down to the block.
nine_k: Not imitates but implements maybe.
refulgentis: “Would European-style privacy laws protect against this?” is the kind of question that sounds more clarifying than it actually is, because it collapses about five separate problems into one vague gesture at “Europe.”The issue here isn’t simply “lack of privacy law.” It’s:1. apps collecting precise location data in the first place,2. adtech infrastructure broadcasting that data through RTB,3. brokers aggregating and reselling it,4. government agencies buying it to avoid the constraints that would apply if they tried to collect it directly, and5. regulators failing to stop any of the above in a meaningful way.European law is relevant to some of that, but not as a magic shield. GDPR and ePrivacy principles are obviously more restrictive on paper than the US free-for-all, especially around consent, purpose limitation, data minimization, and downstream reuse. But “on paper” is doing a lot of work there. Europe has had years of complaints about RTB specifically, and yet the adtech ecosystem did not exactly disappear. That should tell you something.So the real answer is: yes, a stronger privacy regime can help, but no, this is not a problem that gets solved by vaguely importing “European-style privacy laws” as a concept. If the underlying business model still allows mass collection, opaque sharing, and resale of location data, then state access is a policy choice away. Governments don’t need to build a panopticon if the commercial sector already did it for them.Also, the most important legal question here is not just whether private companies should be allowed to collect/sell this data. It’s whether the government should be allowed to buy commercially available data to do an end-run around constitutional and statutory limits. That is a distinct issue. You need rules for both the commercial market and state procurement, otherwise the state just shops where the Fourth Amendment doesn’t reach.In other words, the contrast is not “Europe = protected, US = authoritarian.” The contrast is between systems that at least attempt to constrain collection and reuse, and systems that let surveillance markets mature first and ask questions later. Even in Europe, enforcement gaps, law-enforcement carveouts, and institutional incentives matter enormously.So if the goal is to understand the story, the useful question isn’t “would Europe stop this?” It’s “what combination of collection limits, resale bans, procurement bans, audit requirements, and enforcement would actually make this impossible in practice?” Anything short of that is mostly aesthetics.
cm2012: 1000% agreed with this
paxys: You can enact all the laws you want, but what do you do when the government in charge just ignores them?
Zak: I have never regretted my decision to aggressively block ads on every device I use, and to shun devices where I can't.
bigbuppo: But dude... just think of all the optimal personalized mattres sales they can do with that data. I mean, people that use the bathroom at 3:57pm for seven minutes are 0.00138% more likely to buy a new mattress within the next six months. They need that data. Think of all the unsold mattresses.
jcgrillo: It really cannot be both ways--the tech industry cannot both be producing critical infrastructure and be immune from liability. We've tried this experiment before, and millions suffered and died needlessly. We have electrical codes, building codes, automotive safety standards, etc., because many, many people died preventable deaths. With the amount of leverage tech has over the economy I don't think it's reasonable that we don't have software engineering codes and professional accountability. But I have absolutely no confidence we'll get there until there are multiple deadly catastrophes over a series of decades.
Zak: This doesn't cover in-app adds on phones over mobile data, which is probably the main vector for the tracking discussed in the article. For that:1. Adblocking via private DNS (e.g. https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)2. Prefer websites over native apps wherever possible3. Browser adblockerHosts file adblocking is also possible on a phone where you have root.
consumer451: Agreed, here is one use case where I love my phone being location aware: when I walk into Lidl, swipe for my apps, Lidl pops up so I can check the significant coupons. It's a tiny convenience, I know how it works at a high level, and it's great.This is on iOS, and Apple gets all kinds of crap, but if there were some kind of Nobel/Oscars for privacy, Apple would be a consistent winner. I kinda trust them.I am relatively paranoid, I have location turned off for all apps, except while in use for GMaps, Uber/Bolt, etc.. I use the only decent VPN all the time, but I do have location services enabled in general, as ever since our mom had a health scare, we like to give her peace of mind with Find My.If you have read all that, I am looking for a sanity check. Would you agree that I drew the line in the correct place? Can we at least have some nice things, or best not to?
dygd: > Each SDK might be tattling on you, but unless you give them a key to match you across apps, each signal from each app is uniqueYou'd be surprised what can be done when data from different source is fused together.Large-Scale Online Deanonymization with LLMs: https://news.ycombinator.com/item?id=47139716Robust De-anonymization of Large Sparse Datasets: https://www.cs.cornell.edu/~shmat/shmat_oak08netflix.pdf
Cider9986: I am not sure that ad blocking is enough now or in the future as fingerprinting is extremely hard to fight while keeping a convenient web experience. Of course, continue blocking for convenience, but for privacy, more robust solutions are needed. Try to beat this: https://fingerprint.com
andai: Doesn't this just identify you as "that one guy who blocks fingerprinting"?It's similar to when you use Linux or an obscure privacy-preserving browser. You've made yourself way more unique just by doing that.(I'm not sure how the math works out though, vs. actually running all that nasty tracking stuff.)
some_furry: There are dozens of us!But, yeah, anti-fingerprinting is still a useful signal if less people do it. So more people should do it; especially if they're less likely to be targeted."More haystack" makes their job harder.
hn_acc1: As an old-school programmer who thought computers would improve people's lives back in the 80s when I was a wide-eyed teenager.. I am constantly appalled by the current generation of SV people who are very right-leaning and are happy to steal anything and everything they can. It didn't seem like this 20 years ago when I started. I hate the advertising industry with a passion.Anecdotally, it feels like it fits right in with the "if there's no cop around to give me a ticket, I can drive however I want" attitude I've seen post-Covid. People entering two-way turn lanes or HOV merge lanes to PASS people in the main lane. People going through stop signs without any stopping while I'm waiting for my turn. Using the HOV on-ramp lane with only the driver to merge onto the freeway where it's clearly marked "24 hour HOV lane", etc.It's as if the entire social compact evaporated during/after Covid, and "everyone only out for themselves" is the norm now.Or maybe I'm just more aware of it and more cynical.
techdmn: They say the fish rots from the head. I think the U.S. has been rewarding lawlessness at the top for quite a while now.I concur on missing the turn of the century optimism that tech could make a brighter future.
vjvjvjvjghv: [delayed]
jonas21: That location information is not available to apps or ad networks without user consent. The government can access it from the carrier with a warrant, but that's not what we're discussing here.
techdmn: Carriers have also sold customer location data, no search warrant required. Though we can rest assured that the FCC has slapped the carriers' wrists with the utmost seriousness.
lesuorac: And sold it to not just the government but anybody _claiming_ to be a bounty hunter (and some other professions).
kube-system: Cape is another option, supposedly a more complete tech stack of their own
drdaeman: I’m afraid you don’t understand humans. Yeah, if you completely strip every detail you get a picture like that, a very convenient one to blow all the righteous steam on some amorphous homogeneous “programmers” mass.> I can’t think of another professionThat’s because you framed the criteria so narrowly that it only includes programmers. And even then you still confused between management and implementors. And even then you’re forgetting the management, who’s definitely more to blame than workers.
tempaccount5050: Couldn't you just maintain a list of cell tower IPs and figure it out with traceroute?
kube-system: It was freely sold up until a handful of years ago
LPisGood: iPhone with private relay seems to defeat that
Zak: I beat it with Firefox, UBO, standard Firefox advanced tracking protection, and a VPN.It was able to track me as long as my IP address didn't change, but as soon as I switched VPN endpoints, it gave me a new identifier.
catlikesshrimp: If you cover your phone with an antielectrostatic bag it can't communicate; that is a Faraday cage.Since people around you will think you are also wearing a tinfoil hard, you had better stick to the phones with hardware switches as sibling comment mentions
kube-system: Most of those bags are total BS
golem14: I think that's very much what is discussed in this whole thread.
PostOnce: Beginning to wonder if convenience is the root of all evil, and not money. Money's just a proxy for convenience.More of us should learn to do things the hard way more often, and to be familiar with less-convenient things. There are life-changing advantages to doing things the hard way at least some of the time.
UltraSane: The Web is utterly unusable without uBlock Origin.
golem14: Yes, but it is available to the gubernment ? Especially this gubernment?
raw_anon_1111: And you do realize your cellphone is constantly sharing your location with your cell phone company which is more than willing to give it to the government without a warrant.Whatever you are doing is meaningless privacy theatre
Computer0: They are probably actively providing that information. At AT&T we still are working very closely with the NSA.
chaps: I worked in ad-tech for a year before I left the tech industry as a whole. I've also done a fair bit of investigative journalism.Let me share a thing:Factual, a company that specializes in hyperlocal geofencing, uses geofencing much smaller than the self-regulation that their industry allows in their own rules. I learned this after a coworker quit because our company was allowing ad targeting to people using these smaller geofences. The whole company had an all-hands about it where the CEO of the company told everyone that we were not going to stop using Factual nor the smaller-than-allowed geofences because we, ourselves, were not the ones to produce those geofences. We were just a man in the middle helping to build a system to track people at high resolution.Please try to reconcile with what your industry has and continues to destroy.
noosphr: The root of all evil is that we don't have a functioning micro transaction network and we don't know how to build one.For the user there is no way to pay the 0.0000001c that it takes to load a web page, for the web master there is no way to get paid the $10,000 it takes to serve the users. So we settled on advertising which can somewhat cover those costs since each individual add is basically worthless but an add campaign isn't.
jandrewrogers: There are multiple cues in the data stream that let you tag the person with a country of residence even when traveling internationally. It isn't perfect but it is likely more than adequate in most cases.The US government contracts with commercial data providers stipulate that all US data must be removed. There are quite a few regulatory controls that are adhered to.
titzer: If you use Google Location Services, which is stock install on basically all Android devices, it absolutely is uploading "anonymized" GPS data all the time.
godelski: It's a bit crazy how much we look back at that time and what people thought was tin foil haty. But that was written in 2007, still 6 years before Snowden. 7 years before the Director of the NSA (Hayden) told Congress they kill people based on metadata.The invasion of privacy has been slow, creeping, and just waiting for that Turnkey Tyrant. We fooled ourselves into thinking we'd never elect someone who would turn that key. But in reality the key has been slowly turning, until finally it opened the latch
allthetime: Don't use apps with ads. I can't think of a single necessary one.
gruez: >Please try to reconcile with what your industry has and continues to destroy.I don't see anything contradictory between your comment and the OP. Having an amoral CEO who condones breaking geotargeting self-regulation doesn't contradict OP's claim that it's hard to tie geotargeting data in bidstreams back to a particular person.
chaps: Sure, hard. But, um, lots of things are hard.For example, it was very hard for me to identify myself in an anonymized public dataset of vehicle trips, but I did. It was also hard to FOIA for the documents showing them writing SQL to spot my trip.. but I did.Hard doesn't mean impossible.
jmward01: I am evolving my views on personal privacy. I am, like many people, trying to passively defend myself. However, the environment today is more akin to people coming up and punching you than it is to just avoiding door to door sales people. We are being actively attacked, and real harm is being caused. People are loosing their entire livelihoods, or worse, to attacks on their privacy like this. At the moment all I see out there is sit there and take it. Nothing I do will keep my life private in a meaningful way. The best I can hope for is that companies wont tell me too loudly that they know when I go to the bathroom and how heavy I am, they will just show me targeted ads that prove they know those things and sell my data so corrupt agencies can decide how best to abuse it, legally. So, what options are left if the only tool you are given is sit there and take it but nobody is actually defending you?
trinsic2: Yeah I have been doing that for years now. I do most things the hard way. I forgot exactly how it started. I think it started when I decided I wanted to develop my own sense of discipline. I think right after I read the constructive living book by David K. Reynolds. The premise, as I understand it, is that depression is a direct result of not taking full responsibility and immediate action in your life.Looking back, I realize that started me on the path of not doing things the easy way. It was really hard a first, but over time it got easier. Most people in my line of work don't take accurate notes of what has transpired, don't keep a proper history of business exchanges and don't have clear agreements and contracts in place that spell out what is expected. Once I started this process of improving my life, I realized the more I made the effort to keep detailed track of everything I do/did, my life and business started to improve. I think you are right, taking to the most convenient path in life is a sure way to bring about pain and suffering.
giobox: The EFF's fingerprint test is nice in that it breaks down a lot of the bits of data used, and lets you know how you compare etc:> https://coveryourtracks.eff.org/
anjel: AI fixed that by calling it a token...
landgenoot: The lightning network supports transactions starting from 1 Satoshi.One Satoshi is currently worth $0.000713.
Aeglaecia: i feel like this is the same as voting independant. it's the right idea in theory, but given the fact that 99% of people don't do it , righteousness is decreased. in this case very literally as having a unique fingerprint is entirely counter intuitive to the idea of privacy
wat10000: You can increase your chances by crafting the laws differently, at least.A law that says the government can't ask for this stuff doesn't help very much. They'll ignore it when it suits them.A law that says it's illegal for private companies to hand it over would be better. When caught between a request from the government and a law that says they're not allowed to honor that request, there's a good chance they'll obey the law rather than the rogue agency.A law that says it's illegal for private companies to collect this data in the first place would be even better. It could still be worked around, but it's more likely to be uncovered, and they'd only get data after the point where they convinced a company to start collecting it.
kelvinjps: With the recent anthropic incident, even if unlawful, the company will accept the government request, fearing retaliation.
JumpCrisscross: > even if unlawful, the company will accept the government requestWhat demand did DoD make of Anthropic that the latter thought would put it in legal jeopardy?
trinsic2: Im not sure I understand your point. You can still work to protect your privacy and it will get better slowly over time IMHO.There are services out their that help you with the data that is already out there on you.
jmward01: You think privacy is getting better over time? Honestly? Is there any credible source that is documenting privacy in the US getting better?
SmirkingRevenge: Honestly, ublock isn't even enough anymore. DNS sinkholes are the next layer, since they work device-wide. I use nextdns.io, and it's good enough that I just keep ublock around in case I need to disable nextdns for some reason.
allthetime: What does "try to beat this" mean?I just opened it in another browser and got another ID. Did I win?For some reason using Microsoft Edge is deemed suspicious.
SmirkingRevenge: Fingerprinting generally tries to identify a unique browser, so a new browser will get a new identifier.But depending on the data tied to the fingerprints, identifiers can be linked together.
mothballed: Peaceful version of Kaczynski style Amish with just enough efficiency and tech to get health and dental care would be my nirvana, not sure if it's possible writ large although the Mennonites have struck something sort of close. If it weren't for the religious mumbo jumbo it would be tempting to join a super liberal sect of Mennonites or something.I've found a lot of latin american and middle east shitholes I've spent time in to also somewhat approximate this ... you can still get into a hospital or your tooth yanked but otherwise you're in a rural village doing most things the hard way except still cell phone coverage if you go up the hill.Slowly the main conclusion I've found is maybe if you change your amish year to be the 1960s or something like that, you could probably live the rest of your life jumping one step down the 3rd world civilization ladder every decade or so and get some comforts while not living in a surveillance dragnet. Of course once you pop out a kid you're basically locked into that level of economic output because child support imputed income calculations will put a ticking timer on your ability to jump to a lower income bracket in the lower civilization step to stay locked in the "1960s" or whatever time you're roughly targeting and instead you'll have to float upwards in time.
mulmen: [delayed]
mulmen: [delayed]
Scrounger: This is what I do... I use Mullvad VPN with NextDNS.io for DNS.
mulmen: [delayed]
Scrounger: > https://coveryourtracks.eff.org/I get "Our tests indicate that you have some protection against Web tracking, but it has some gaps." but nothing of too much importance I think.I use a VPN and NextDNS.io.
kyleee: Just another confirmation that everyone should be blocking ads as aggressively as humanly (and AI-ly) as possible
t0lo: Use Mullvad Browser or Brave (both require no extensions to block ads, with mullvad browser being modelled off of tor. Use data traffic fingerprint obfuscation even behind vpn (yes they can tell if you're messaging, watching a video, torrenting, etc 90% of the time even behind vpn) use mullvads daita (makes packets the same size) or nymvpn (mixnet with tor like routing and in built delays). Tor doesn't protect against traffic analysis at all.
Scrounger: > I know it's a cliché, but the road to hell is paved with good intentions."Kindly let me help you, or you will drown, said the monkey as it put the fish safely up a tree"—Alan Watts
Scrounger: > Beginning to wonder if convenience is the root of all evil, and not money.Self-deception is actually the root of all evil, not money nor convenience.
dakolli: Do not trust the EFF !!!
Mars008: In Tor got: "Our tests indicate that you have you have strong protection against Web tracking."In normal Firefox: "uBlock Origin has prevented the following page from loading:https://eviltracker.net/kcarter-reporting-nojs?a="In normal Firefox with 'real tracking company' ON (default): "uBlock Origin has prevented the following page from loading:https://trackersimulator.org/kcarter-reporting-nojs"Sort of failed?
giobox: The issue is avoiding a unique fingerprint - you can still have strong protection against web tracking AND have a unique fingerprint.
dakolli: How is DNS going to prevent javascript/css/tls fingerprinting? Its a good thing to do, but its not preventing you from being identified and tracked.
noosphr: So what's the transaction fees to make 1e9 one satoshi payments and how long until they clear?
lyu07282: Israeli malware companies also use targeted ads to use drive-by exploits to infect people's devices using ad networks based on IP addresses:https://securitylab.amnesty.org/latest/2025/12/intellexa-lea...The fact that we still just allow arbitrary 3rd party code to run through ad networks is bizarre.
Terr_: > The fact that we still just allow arbitrary 3rd party code to run through ad networks is bizarre.It's interesting to imagine how things would change if those ad-networks were legally liable for their role in spreading scams and malware.
MiddleEndian: Ad networks yes. Also the website operators and application developers.
dakolli: uBlock Origin does not protect you from this, this is a fingerprinting problem. You need to use a fingerprinting resistant browser. And even then, there are new fingerprinting methods emerging frequently and you can't prevent fingerprinting from inside apps on android/iOs..Most slop mobile applications, that many people have on their phones are basically spyware pretending to be games/whatever.Progromatic advertising technology was created for intelligence purposes, these companies and their methods are very sophisticated.
xannabxlle: Good, they should use everything at their disposal
guiambros: And how do you actually identify who should pay that $0.000713? And who should receive it? How do you make the process effortless, so the user doesn't have to spend 5 minutes registering on a website, just to send $0.000713?Now make it work 10,000 times per day, for every page you visit, posts, news, short form content you scroll, long form video you watch. And multiply this by billions of users.And once you've done that, how do you deal with spam, bots? How do you prevent invalid traffic? Fraudulent chargebacks? Differentiate quality between publishers (NYT probably wants to get paid more than my crappy personal blog).Transferring money is one small element of large and complex equation. That's why it hasn't been solved yet.Advertising is not perfect, but it's the best alternative for a free and open web I have seen in my 30+ years online. Subscription works for large ticket items (and for the affluent minority), but it doesn't solve the other 95% of cases.
trinsic2: Wrong parent?
godelski: I know it's a cliché, but the road to hell is paved with good intentions. People forget, most evil is created by good people trying to do good. The biggest trick the devil played was making us all believe evil is (always) easy to identify. But all the sayings are about how the devil is sly, tricks you, and sneaks up on you. All of that is to remind us how hard it is to do good. You don't have to be an evil person to create evil. Often you don't have to do anything at all, as inaction is still an action. Pull the lever or not, you've still made a decision.The problem is so complex that every action you take compounds and extends far beyond what you realize. Especially as we're living in such a connected world. Those ripples propagate through all the ponds we've connected together.I don't think it's money, convenience, or any of that. I think it's just that the world is getting more and more complicated. That our actions and inactions have larger and larger effects. We've done a lot of good, but we've also made it a lot easier to feel the flapping of a butterfly's wings on the other side of the planet.
not_kurt_godel: > most evil is created by good people trying to do goodCitation needed.
drnick1: I wouldn't call that meaningless privacy theater. For one, you can buy a SIM anonymously, and make the cell location data essentially useless. Second, protection at the DNS level prevents other types of data exfiltration (such as cross-site tracking by the Meta Pixel). By not using social media and communicating over secure apps like Signal, you can indeed achieve a high degree of resistance against tracking and profiling.Of course, you can do more, such as running only trusted software (i.e., free software) on your devices, not using Internet-of-Shit devices anywhere in your home, and making sure your car is not snooping on you through it's own cellular modem.
newscracker: > Try to beat this: https://fingerprint.comI don’t know, but it seems like it’s overselling its capabilities. I tried with Firefox Focus and it said I’m using incognito (private mode) and assigned a unique visitor ID. Immediately tried with a private tab in Safari on iOS and it said I’m not using incognito (private mode) and assigned a new unique visitor ID. Then I switched networks and tried. One more unique visitor ID.I’m not claiming that fingerprinting is not possible, but this website is not good at it. Seems like it uses plain cookies.
kube-system: Even easier, put any phone in the bag, call it. Does it ring? IME, yes.
spike021: i'm not confident they know where i am at all. i routinely get ads on social media for places (super random US states, cities, etc.) nowhere near where i live (SF Bay Area).
janalsncm: You may want to look into the Third Party Doctrine.If the government wants to tap your phone they need a warrant. If they want to buy it from a willing seller like Verizon they don’t.
janalsncm: I remember when the first article was posted. Their method requires two parallel corpuses e.g. people who write on LinkedIn (under their real name) and Reddit.Also, people who post under their real name are likely to write with their real voice:> Any deanonymization setup with ground truth introduces distributional biases. In our cross-platform datasets, the pro-files are likely easier to deanonymize than an average profile: the very fact that ground truth exists implies that the user may not have cared about anonymity in the first place. Similarly, two split-profiles of a single user are inherently alike, whereas two pseudonymous accounts of the same person (e.g., an official and a pseudonymous alt account) might expose more heterogeneous micro-data.
hahajk: It's unfortunate the Privacy Act included an exception for law enforcement. I imagine at the time it wasn't clear that every action taken by the govt would be called law enforcement.There is an ethical framework for handling personal data collected and maintained by the US govt called the Fair Information Practice Principles (https://www.fpc.gov/resources/fipps/).It really is too bad that "any legal purpose" is the stated boundary for our elected govt rather than a more noble appeal to public service.
throwaway85825: Laws aren't the problem here. If the data exists it will be abused, if not by the government then by corrupt insiders.
some_furry: It starts with you. Doesn't matter if others won't. You can't expect anything to chamge if you, yourself, are not willing to change.
majormajor: Only one person/company has to solve any given hard problem before they can sell it to interested parties. Who might lose it in a data leak, or package it up and re-sell it, etc, etc.
pabs3: "Enable JS to run the demo"
jonhohle: Reminds me of a farmer who found a snake one winter.
godelski: Look at your username then look at mine.You ask me to prove something essentially unprovable. Prove to me that most evil is created by people trying to do evil. It'll be equally as difficult to prove as you can't look in the minds of those doing evil. And you also can't trust what's coming out of their mouth.I gave you some evidence in indirect form. I'll give you another saying: "for the greater good." There's no doubt people doing wrong want to justify their actions so that they do not view themselves as evil. So go ahead and look at your username and look at mine, then follow the line of logic
gib444: > unless you give them a key to match you across appsEg by running standard Android? That doesn't have eg secure app spawning, so apps can profile app initialisation data AIUIAnd probably 10 other things behind the scenes that GrapheneÓS plugs?
UltraSane: Fingerprinting is insideous because the harder you try to prevent it the more unique you become. The best method is to try to create fake data to make the fingerprint useless.
UltraSane: I use Mullvad DNS with ad and malware filtering.
shepherdjerred: https://adnauseam.io/
ornornor: PSA: Firefox + uBlock origin (uBO is neutered in chromium and chrome now), along with NextDNS for your other devices blocks the vast majority of ads everywhere.
not_kurt_godel: Ok, since you don't care about evidence-based reasoning, I say: You are wrong. Most evil is created by people trying to do evil.
godelski: If you're going to troll, do better. You can't just pretend to be illiterate. You know I gave evidence lol
not_kurt_godel: Ah my apologies, I forgot to cite my source, which is the devil (just a coincidence it's the same as yours).
nerdsniper: Verizon and AT&T were literally selling the realtime location of your device without any ability for users turn it off. https://arstechnica.com/tech-policy/2025/09/court-rejects-ve...You're still that confident that no one else is selling your location data without your knowledge?
notepad0x90: If you build it, they'll come.
tolciho: Alas, but the body count usually must be worryingly high before the "hmm, well, maybe we should do something?" thing kicks into gear. Daylight unescorted bomber raids, for example, or a space shuttle departing itself most awkwardly, usually after the attrit rate is already out the barn door and up and over the third ridge is action taken. Fixes may also require a change of thinking, which may be awkward for some, especially where reputations are involved, or piles of Mammon so high that a Jesus himself would throw his back trying to turn those tables at Wall-street. The engineering on the space shuttle was near perfect, right? And then you need ongoing vigilance soas to help slow down the rate of repeats where, spoilers, o-rings were again involved in the almost-disaster that was the Starliner. Squick-worthy adtech? Meh, hasn't gotten enough killed. Yet.
Aeglaecia: I really want to be in a world where that's true. in the meantime we live in a zero sum survival of the fittest game where the powerful execute the weak for insubordination. in this world it is often necessary to take roundabout paths to reach the objective.for example, a constitutional representative in my country attempted to place restrictions on unfettered gambling advertisements. a single day later, photos emerged of that politician having dressed as a nazi for a costume party in his youth. that politician stood up for what was right and then got fired for it, by losing his job and his status in the court of public opinion, effectively achieving no change.exacting change isnt always such a simple process as embodying the end result.
kevincloudsec: the whole point of buying ad-tech data is that purchasing doesn't have the legal requirements that collecting does
danaris: That would be great—for about 0.3% of us, those who both care about privacy and have the knowledge and time to go through those sorts of listings.No; what we need is to ban this data collection entirely.
3RTB297: We're at a place where browser fingerprinting is what you have to defeat in order to not be tracked online, it goes a lot further than signing up for DeleteMe.All DeleteMe does is save you the time of manually making takedown requests, which is not that onerous in the first place. I've done plenty of my own. But that doesn't prevent online advertising databases from profiling me or you. And it's been happening for years - this isn't new at all.https://www.wired.com/story/how-pentagon-learned-targeted-ad...
arghwhat: First thing would be that a small geofence (i.e., a narrow church on available data) is entirely orthogonal to having high precision, high quality location data available.I won't claim with certainty that this is the case, but it seems likely that Factual was overselling their capabilities. That, or they relied specifically on having users grant high precision location data access and had nothing otherwise.Apps that already need location data are probably the most likely sources of collecting such data - food apps, dating apps, chat apps you have sent your location in, ...
3RTB297: A week after I started doing OSINT research, I realized how much very personal data I had online. Much more than I wanted. Years ago I went down the privacy rabbit hole and realized how bad all of this was. And that was before it took off around 2019 and really ramped up a year ago.It's not uncommon, but always disappointing to me, to see how out of touch most HN folks are when it comes to privacy and data. Usually privacy is dismissed as hyperbole, or tinfoil hat stuff, or only for people selling drugs on the darknet. It's not anymore. The minimum barrier to entry for simply not having your every thought and whim and search catalogued is high: Masking your IP address, masking your browser fingerprint, and simply not participating in a lot of parts of the internet.These are your thoughts, your personal life, being dissected and catalogued and sold in an attempt to, at BEST, shape your behavior. At worst, see exactly when you cross the line into becoming "an agitator." It's the step you need before getting to "thoughtcrime." Why is this acceptable to anyone??? In exchange for free email?We're all in the pot and the water is already starting to bubble. And I'm sure that the only replies I might get will be "Oh, but no, it's not anything like that." Sure.This is simply the first time you're seeing it on US soil. https://www.wired.com/story/how-pentagon-learned-targeted-ad...Yet two years ago, look how many people were incredulous, doubtful, or simply didn't care. https://news.ycombinator.com/item?id=39540738Maybe now is a good time to bring up KOSA? Or maybe we should discuss that two years from now when it's too late to change anything.https://www.eff.org/document/kids-online-safety-act-kosa https://www.eff.org/deeplinks/2025/05/kids-online-safety-act...
vvanpo: It sounds like there is a story here, have you written about this somewhere?
evolighting: privacy data it self is merely the case;The real problem is that tech giants only need to claim that their use of data is appropriate, and they can then feel free to use it to provide "better" services.After all, they should never have been allowed to do this from the very beginning. Users aren't fools—they can learn too. So what we need isn't automatic push, but easier ways to actively seek things out.
Terr_: > you can buy a SIM anonymously, and make the cell location data essentially uselessHow many phones spend their nights within 100m of your home, and spend workdays within 100m of your office?
pothamk: Even if individual signals are noisy, the aggregation layer is where things become powerful.Adtech infrastructure wasn’t designed to identify a single user with perfect certainty — it was designed to correlate large volumes of probabilistic signals across time. Once you combine location hints, device fingerprints, behavioral patterns, and repeated bidstream events, the system doesn’t need a perfect identifier to narrow things down dramatically.That’s why these datasets end up being useful for surveillance even if any single data point looks weak on its own.
tdeck: Is it just me or is this an AI comment?
chirau: How do you do the system wide DNS filtering?
tartuffe78: pihole is one way, though it's tricky to do it right
ece: Exactly, people are going to be logged into these apps with trackable identifiers. You can see it with tracker control on android, download a new app and see existing apps report things to new trackers, which seems to be happening at the sdk level.
daft_pink: I think it’s possible in large cities, but seems unlikely that all small suburbs in an area you can get each suburb and some are very small to remove them. And that is just “possible” in large cities not reality. Who has the time to go from small locality to small locality.
jojobas: The government does need to know where the people building their lives on breaking the law are. Don't think CBP wants to know where you are.
wat10000: The government wants to know that. They don't need to know.CPB doesn't care where I am. Unless they make a mistake and think I'm an illegal immigrant. Or they decide to teach a lesson to someone who's critical of them.
chaps: There definitely is and I've definitely pitched it to places. The Intercept had interest but told me that they wanted me to build the story out more to be less focused on Chicago. I understand where they were coming from (and the others who said the same thing) but it wasn't possible for me to continue doing freelance work, so no stories ended up being published about it at all.
chaps: "Apps that already need location data are probably the most likely sources of collecting such data"Yes, and many companies have access to both feeds.....
mulmen: [delayed]
rolandog: Honest question, wouldn't the Ad Topics proposal by Google have shifted away from all this data being leaked during bids? IIRC, advertisers would've received something like 4 words to specify your interests. Maybe I'm misremembering.
keybored: That’s a lot of text to say that I’m generalizing. Yes I’m generalizing.It doesn’t apply to all programmers. It’s very simple to figure out that it doesn’t apply to you, hypothetical gal who works on internal software tooling in London, OT. Very simple.There are enough programmers who have had very good wages and stock options. We read about them on this board. Plenty, plenty have had options. Their rationalization was presumably that enshittification paid better.You can also see that my generalization was in response to a luser-blaming comment. That’s the context; not from nothing. But maybe you don’t understand human communication.
Stancyhd8: I suspected my husband of cheating on me, and I reached Henryclarkethicalhacker at g mail com , and he helped me discover the truth. I could monitor his phone remotely without touching it, making the process easier and less time-consuming. The step-by-step guide was also very helpful, showing me exactly what I needed to do
