This is absolutely incredible.
@NRKno tricked a data broker in to selling them 400 million "anonymized" location data points taken from SDKs that monetize mobile applications. NRK took a random row from the database, doxed the person and interviewed them.
Of course, this person had no idea that their phone had sent location data to this broker for 200 days the last year, showing intimate personal details for anyone who knew to look.
https://www.nrk.no/norge/xl/avslort-av-mobilen-1.14911685 (english: https://translate.google.com/translate?depth=1&nv=1&pto=aue&rurl=translate.google.com&sl=auto&sp=nmt4&tl=en&u=https://www.nrk.no/norge/xl/avslort-av-mobilen-1.14911685)
I've seen tables which grow at the rate of terabytes a week showing the users' movement, with the most basic of access control applied to it, available to nearly any engineer or data scientist who knew where to look.
Companies' data platforms rarely provide enough audit capabilities to truly secure this data, much less make an informed decision on what is valuable or invaluable to keep. which columns are queried here? you don't know? me neither. better not touch it.
And of course, when you stop and ask "what can I do about it?" the answer is that you can do very little except agitate for strong legislation with teeth, and wait. Neither NRK nor Karl were able to figure out which of his applications were spying on him.
@rrix Instead of just hoping and waiting for change, nerds can continue to embrace and evangelize FOSS and continue to use and develop anti-tracking technologies.
Everyone can vote with their wallets - immediately start finding alternatives to products that do not respect privacy.
The real problem is that when push comes to shove, most people simply do not care about their data or security or digital privacy.