It probably comes as no surprise that government agencies have access to a lot of your data—in part because we hand some of it over to them directly, and in part because they are able to purchase it from data brokers that already exist to harvest, aggregate, and sell it to other companies. A recent report from 404 Media confirms that Customs and Border Protection (CBP) is among those buying and using location data collected via ads to track users’ movements.
Immigration and Customs Enforcement (ICE), the FBI, and a handful of other federal agencies have also purchased location data from brokers in recent years, but the internal document from the Department of Homeland Security obtained by 404 Media confirms that CBP has sourced its location tracking in part from real-time bidding (RTB), which is behind every online ad you are served.
The Electronic Frontier Foundation describes how this process exposes your location data, which happens within milliseconds each time you open an ad-supported app or visit a website. The app or website pings an ad tech company to figure out which ads to serve, and that company puts together a “bid request” using your data, including your device’s advertising ID, IP address, demographic information, GPS coordinates, and more. That bid request goes out to thousands of advertisers, and the highest bidder is the one that ultimately gets displayed.
In the meantime, both ad tech companies and advertisers receive all of your data, and organizations that purchase this data can connect movements to specific devices, facilitating surveillance over a period of time.
How to protect your location data against tracking
As EFF points out, law enforcement agencies in almost every state can purchase location data from data brokers without first obtaining a warrant, so the onus is largely on users to protect themselves against location tracking. (It’s worth noting that Apple devices generally have more privacy-forward settings than Android, as apps running on iOS are required to request access to advertising IDs, allowing users to more easily opt out.)
All of this means that you can (and should) take a few steps to minimize how your location is tracked and shared.
Disable ad IDs on your device
To delete ad identifiers on Android, go to Settings > Security & privacy > Privacy controls > Ads and tap Delete advertising ID.
What do you think so far?
On iOS, disable the advertising ID globally under Settings > Privacy & Security > Tracking and toggle off Allow Apps to Request to Track. Then, go to Settings > Privacy & Security > Apple Advertising and disable Personalized Ads to eliminate internal tracking for Apple’s native services.
Audit which apps have access to location services
You need to know which apps are using your location data, and disable permissions where it is not essential for the app to function. Alternatively, allow apps to access your location only when in use and turn off precise location sharing (so only your approximate location is visible).
On iOS, this is under Settings > Privacy & Security > Location Services, where you can select permissions and toggle off Precise Location for individual apps. On Android, go to Settings > Privacy & Security > Privacy Controls > Permission Manager.
Use airplane mode to stop real-time tracking
Airplane mode is a one-touch way to limit tracking—useful if you are headed to a protest or other sensitive location. Your device can still store and transmit this data later, but EFF notes that most apps aren’t that likely to do so.
