NSA WARNING: Are You Being Tracked?

By 2rogan @ Adobe Stock

Who’s watching you? Recently, a location aggregator called Gravy Analytics was compromised by hackers, meaning many people just had their movements leaked to the outside world. Zak Doffman reports in Forbes:

Our phones know where we are and they know where we have been—the problem is they have a nasty habit of sharing that information with others. And the latest location tracking nightmare to hit phone users shows the threat remains, despite new protections built into our iPhone and Android devices. NSA has warned users how to stop this secretive tracking—and you need to make this change now.

As first reported by 404media, hackers have compromised location aggregator Gravy Analytics, stealing “customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements.” This has dumped a trove of sensitive data into the public domain.

This data is harvested from apps rather than the phones themselves, as EFF explains, “each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called real-time bidding’ (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of.”

This particular leak has spawned various lists of apps, allegedly “hijacked to spy on your location.” As Wired reports, these include “dating sites Tinder and Grindr; massive games such as Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo’s email client; Microsoft’s 365 office app; and flight tracker Flightradar24…. religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.”

Gravy Analytics parent Unacast isn’t commenting, other than to “acknowledge the breach, saying that its ‘investigation remains ongoing’.”

NSA warns that “mobile devices store and share device geolocation data by design…Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.”

And this warning was echoed by security researcher Baptiste Robert in the wake of the Gravy Analytics leak. “The samples,” he posted on X, “include tens of millions of location data points worldwide. They cover sensitive locations like the White House, Kremlin, Vatican, military bases, and more,” adding that “this isn’t your typical data leak, it’s a national security threat. By mapping military locations in Russia alongside the location data, I identified military personnel in seconds.”

Action Line: Your Survival Guy has warned you about the “virtual Panopticon,” threatening people’s privacy. Take some time to consider your own privacy protections and to mitigate your own exposure where possible. Click here to subscribe to my free monthly Survive & Thrive letter.