CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements

404media unveiled how severe the tracking via ads is:

The document 404 Media obtained is the first time CBP has acknowledged the location data it bought came from the advertising industry. Specifically, CBP says the data was in part sourced via real-time bidding, or RTB. Whenever an advertisement is displayed inside an app, a near instantaneous bidding process happens with companies vying to have their advert served to a certain demographic. A side effect of this is that surveillance firms, or rogue advertising companies working on their behalf, can observe this process and siphon information about mobile phones, including their location. All of this is essentially invisible to an ordinary phone user, but happens constantly.

This sort of surveillance can happen through all sorts of innocuous seeming apps, such as video games, news apps, weather trackers, and dating apps. 404 Media has previously linked RTB-based surveillance to games like Candy Crush and Subway Surfers; dating apps Tinder and Grindr; the social network Tumblr, and the popular fitness app MyFitnessPal. In many cases, the app developers themselves are likely unaware they are acting as a conduit for government surveillance because the data collection is not based on any code the app creators have included themselves. The end result is tools that can potentially track hundreds of millions of phones, often without a warrant.

And not having/deleting your AdID and using ad blockers seems the way to go:

“By refusing to cut off surveillance companies and sleazy data brokers, Big Tech companies are effectively collaborating with ICE’s lawless campaign of violence and terror. As a result, every internet ad on a website or app could be collecting location data that ICE will use for its next operation,” Senator Ron Wyden told 404 Media in a statement.
“Congress could put a stop to this by passing my bills to ban the government from buying our data and ban tech companies from using surveillance advertising. Until then, the best way for the public to protect themselves is to install ad blockers, disable their phone’s advertising ID, and enable the Global Privacy Control in their browser, which 12 states now enforce,” the statement added.

In other news water is wet? But I really appreciate 404media’s coverage of surveillance. A good privacy onramp for people who oppose ICE.

The RTB side-channel is the clearest example of why the surveillance problem in advertising is architectural, not behavioral. It doesn’t matter if the app developer has good intentions — the moment you plug into a real-time bidding network, you’re participating in infrastructure that was designed to broadcast location and behavioral signals to hundreds of bidders simultaneously. The “winning” bidder shows an ad. Everyone else just… keeps the data.

The only structural fix is an ad network where that broadcast never happens. Contextual matching based on page content, no user signal transmitted, no bidding process that doubles as a surveillance feed. It exists as a concept — the question is whether publishers will actually adopt it when the surveillance-based alternative still pays better