Are you in a position where if your phone is hacked it could make criminal attackers easier to hack your company? From the story in Bruce Schneier’s blogpost about de-anonymization story: About how a priest data was taken and used to eventually fire him because of his movement with his phone. I call this a hack because someone downloaded all the data and used it against him.
The publication that revealed Burrill’s private app usage, The Pillar, a newsletter covering the Catholic Church, did not say exactly where or how it obtained Burrill’s data. But it did say how it de-anonymized aggregated data to correlate Grindr app usage with a device that appears to be Burrill’s phone.
The Pillar says it obtained 24 months’ worth of “commercially available records of app signal data” covering portions of 2018, 2019, and 2020, which included records of Grindr usage and locations where the app was used. The publication zeroed in on addresses where Burrill was known to frequent and singled out a device identifier that appeared at those locations. Key locations included Burrill’s office at the USCCB, his USCCB-owned residence, and USCCB meetings and events in other cities where he was in attendance. The analysis also looked at other locations farther afield, including his family lake house, his family members’ residences, and an apartment in his Wisconsin hometown where he reportedly has lived.
Bruce Schneier says: “Location data is not anonymous. It cannot be made anonymous. I hope stories like these will teach people that.”
Then I am sorry happy to say we need to opt out of the ad tracking or else…
Yes it is time we all opt out of advertising or as some have found out it can be used to hack you.
Here is Tmobile’s ad services webpage info:
PushSpring Mobile Services
T‑Mobile is the business owner of PushSpring, a service provider to the online advertising industry. PushSpring may share mobile device identifiers, device and service usage data, and demographics info with third-party advertising partners who may use data to serve ads for T‑Mobile and others.
For information on PushSpring’s data collection and use practices, please visit https://www.pushspring.com/privacy.html.
To opt out of PushSpring’s sharing and use of data for third party advertising, visit the PushSpring ad services opt-out page at http://www.pushspring.com/optout.html.
To make CCPA requests in connection with our PushSpring Mobile Ad services, visit PushSpring’s Your CCPA Rights page.
I downloaded the app appchoices and opted out of everything.
It is time all of you do the same.
Contact me to help with other cybersecurity items.