In this article t least they’re only talking about the cell providers selling location information, and using a vpn wouldn’t help with that. You still need to connect to a cell provider, they still have a continuous detailed track of your location. While a vpn would help limit what they know about your online activity, it does not at all affect their ability to sell your location to a data broker.
And given the ubiquity and sneakiness of online tracking, I’m no longer convinced a vpn is effective at reducing knowledge of your activity. We need to think a little deeper about the threat: your cell provider seeing your activity is not the threat. The threat is every provider from cell to content dumping massive amounts of data including profiles and other pii with data brokers, so they can connect the dots and sell “better” data.
In this article t least they’re only talking about the cell providers selling location information, and using a vpn wouldn’t help with that. You still need to connect to a cell provider, they still have a continuous detailed track of your location.
Yes, but what I’m talking about in my comment is that there there doesn’t need to be an unbroken ID over a long period of time and they don’t need to have any direct link to your identity. They have an IMSI and an ICCD. They can link that to at least approximate location. But they don’t have to have data tying it directly to your identity, and that pair does not need to be linked to someone for many years, can be swapped out, even if most people do typically have that link today.
EDIT: And I’m not asserting that this is a hard guarantee that it’s impossible to link that to identity. I mention that it may well be possible to deanonymize that data by correlation through other databases. For example, let’s say that someone could correlate data from an airline’s flight data that is correlated with personal identity and a cell provider sells sufficient of their cell data to link location to air travel data. Two flights, if someone doesn’t leave their phone at a given location, is probably enough to deanonymize someone. ALPR data is probably another major way to harvest data that might be useful in cross-correlation with data like this, and at least in the US, there are no (national, dunno about state) laws against setting up an ALPR node wherever anyone who wants pleases. But it’s enough to ensure that a personal identity and the data that the cell provider has are not directly immediately linked.
In this article t least they’re only talking about the cell providers selling location information, and using a vpn wouldn’t help with that. You still need to connect to a cell provider, they still have a continuous detailed track of your location. While a vpn would help limit what they know about your online activity, it does not at all affect their ability to sell your location to a data broker.
And given the ubiquity and sneakiness of online tracking, I’m no longer convinced a vpn is effective at reducing knowledge of your activity. We need to think a little deeper about the threat: your cell provider seeing your activity is not the threat. The threat is every provider from cell to content dumping massive amounts of data including profiles and other pii with data brokers, so they can connect the dots and sell “better” data.
Yes, but what I’m talking about in my comment is that there there doesn’t need to be an unbroken ID over a long period of time and they don’t need to have any direct link to your identity. They have an IMSI and an ICCD. They can link that to at least approximate location. But they don’t have to have data tying it directly to your identity, and that pair does not need to be linked to someone for many years, can be swapped out, even if most people do typically have that link today.
EDIT: And I’m not asserting that this is a hard guarantee that it’s impossible to link that to identity. I mention that it may well be possible to deanonymize that data by correlation through other databases. For example, let’s say that someone could correlate data from an airline’s flight data that is correlated with personal identity and a cell provider sells sufficient of their cell data to link location to air travel data. Two flights, if someone doesn’t leave their phone at a given location, is probably enough to deanonymize someone. ALPR data is probably another major way to harvest data that might be useful in cross-correlation with data like this, and at least in the US, there are no (national, dunno about state) laws against setting up an ALPR node wherever anyone who wants pleases. But it’s enough to ensure that a personal identity and the data that the cell provider has are not directly immediately linked.