An undercover report this week accuses mobile carriers of selling your location data to brokers, some of which aren’t choosy about whom they resell it to (because of course they’re not).

Yes, they’re still at it. Despite already having promised US congresscritters that they’d stop selling location data, it’s still happening on a grand scale.

Geolocation for all

What’s the craic? Joseph Cox Gave a Bounty Hunter $300. Then He Located Our Phone: (https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile)

• He had offered to geolocate a phone for me, using a shady, overlooked service intended not for the cops, but for private individuals and businesses. … The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. [It] relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint.

• At least one company … is selling phone geolocation services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen. … Compounding that already highly questionable business practice, this spying capability is also being resold to others on the black market who are not licensed … to use it, including me.

• There’s a complex supply chain that shares some of American cell phone users’ most sensitive data. … Telecom companies … sell access to their customers’ location data to other companies, called location aggregators, who then sell it to specific clients and industries. … Armed with just a phone number, [they] can return a target’s full name and address, geolocate a phone in an individual instance, or operate as a continuous tracking service.
  Of course, mobile carriers themselves could prevent such privacy problems by not selling their customers' location data in the first place. … In June 2018, all four major US wireless carriers pledged to stop selling their mobile customers' location information to third-party data brokers.

• At the time, U.S. Sen. Ron Wyden (D-Ore.) urged all four major carriers to stop selling their customers' location data. They all said that they would, with limited exceptions: for example, [for] "important, potential lifesaving services like emergency roadside assistance."

Wyden said he's disappointed that carriers are apparently still selling location data to data brokers.

And you think this is just the vague location of the cell tower your phone is talking to? Think again

*The cell company has more information than just what tower you are hitting or which MSC you happen to be in … including a signal strength and apparent direction from the cell tower, from which they can make a pretty good estimate of your location.
…
These days cell towers have electronically steerable arrays for antennas, so they can better use their available spectrum space to service more phones.

But are there other ways to get your tower ID?

• You can take a SIM from the same provider, pop-it into a mobile modem, enable basic network tracing and call that number. As soon as the called number begins to ring, you'll get a packet back from the network listing among other stuff the CELLID where that phone is.
  …
  There are a bunch of websites where you can plug a CELLID which will show [the] "circle" where that cell's antenna has coverage.

The moral of the story?

This is horrific on so many levels. Privacy violation on this scale wouldn’t be remotely acceptable in any other civilized society. Why is America so different?