The fundamental issue is that a cell service provider has a natural monopoly. There can never be many of them, so there isn’t going to be much competition.
It’s also a pain to switch identifiers — changing a phone number is painful — so a cell provider is in possession of a unique identifier linked to location spanning many years. That’s valuable data.
Both a SIM and the phone’s radio in which it is inserted have unique identifiers visible to a carrier.
If one gets prepaid service in cash, it’s possible to not directly link those identifiers to an identity.
You can probably get your phone service from an SIP provider, maybe route the SIP traffic and all other data service through a VPN. That’ll obscure most unique information from the cell provider, and the SIP provider won’t even have geolocatable IP information, just a VPN endpoint. The SIP and VPN market is competitive; no natural monopoly there.
It’s still probably possible to link a cell ID to identity if one can cross-reference enough databases that do contain one’s personal identity linked to a location at a given time. Maybe if one gets a sufficiently-cheap cell modem that it can be swapped along with the SIM at regular intervals, so that there’s only a year-long period or whatever over which over which a cell service provider has a unique identity. If the phone number is linked to the SIP provider instead of a cell provider, then the barriers to swapping cell service across accounts go away.
I suppose one has to deal with the risk that the firmware on the modem might phone home with location data.
And, of course, all bets are off if an app running on one’s computer or cell phone can just obtain a unique identifier and location at a given time and phone home with that and let the app vendor sell it.
In this article t least they’re only talking about the cell providers selling location information, and using a vpn wouldn’t help with that. You still need to connect to a cell provider, they still have a continuous detailed track of your location. While a vpn would help limit what they know about your online activity, it does not at all affect their ability to sell your location to a data broker.
And given the ubiquity and sneakiness of online tracking, I’m no longer convinced a vpn is effective at reducing knowledge of your activity. We need to think a little deeper about the threat: your cell provider seeing your activity is not the threat. The threat is every provider from cell to content dumping massive amounts of data including profiles and other pii with data brokers, so they can connect the dots and sell “better” data.
In this article t least they’re only talking about the cell providers selling location information, and using a vpn wouldn’t help with that. You still need to connect to a cell provider, they still have a continuous detailed track of your location.
Yes, but what I’m talking about in my comment is that there there doesn’t need to be an unbroken ID over a long period of time and they don’t need to have any direct link to your identity. They have an IMSI and an ICCD. They can link that to at least approximate location. But they don’t have to have data tying it directly to your identity, and that pair does not need to be linked to someone for many years, can be swapped out, even if most people do typically have that link today.
EDIT: And I’m not asserting that this is a hard guarantee that it’s impossible to link that to identity. I mention that it may well be possible to deanonymize that data by correlation through other databases. For example, let’s say that someone could correlate data from an airline’s flight data that is correlated with personal identity and a cell provider sells sufficient of their cell data to link location to air travel data. Two flights, if someone doesn’t leave their phone at a given location, is probably enough to deanonymize someone. ALPR data is probably another major way to harvest data that might be useful in cross-correlation with data like this, and at least in the US, there are no (national, dunno about state) laws against setting up an ALPR node wherever anyone who wants pleases. But it’s enough to ensure that a personal identity and the data that the cell provider has are not directly immediately linked.
In the US at least, porting (transferring) a number from one provider to another takes (usually) ~5 minutes. You can even do it to/from landlines. The carrier/customer service might balk and try to keep you but a little persistence and it’s done. It’s been this way years before I got my first phone number, and that was almost 20 years ago now.
Well…yes, but in that case, someone’s keeping a phone number, which uniquely identifies them and is most-likely even publicly tied to their identity (unless someone maintains multiple cell phones). Like, one cell provider may not have the data, but then multiple will, and if they’re both willing to sell information to a data broker…shrugs
In addition to that, unless you also swap out the hardware at the same time, there’s still the hardware identifiers spanning providers, and if someone has a plan, billing data spans providers and is accessible to the provider (though there may be legal restrictions by the state on cell providers on making use of personal billing data or merchant-account restrictions imposed by credit card vendors; not sure there).
The fundamental issue is that a cell service provider has a natural monopoly. There can never be many of them, so there isn’t going to be much competition.
It’s also a pain to switch identifiers — changing a phone number is painful — so a cell provider is in possession of a unique identifier linked to location spanning many years. That’s valuable data.
Both a SIM and the phone’s radio in which it is inserted have unique identifiers visible to a carrier.
If one gets prepaid service in cash, it’s possible to not directly link those identifiers to an identity.
You can probably get your phone service from an SIP provider, maybe route the SIP traffic and all other data service through a VPN. That’ll obscure most unique information from the cell provider, and the SIP provider won’t even have geolocatable IP information, just a VPN endpoint. The SIP and VPN market is competitive; no natural monopoly there.
It’s still probably possible to link a cell ID to identity if one can cross-reference enough databases that do contain one’s personal identity linked to a location at a given time. Maybe if one gets a sufficiently-cheap cell modem that it can be swapped along with the SIM at regular intervals, so that there’s only a year-long period or whatever over which over which a cell service provider has a unique identity. If the phone number is linked to the SIP provider instead of a cell provider, then the barriers to swapping cell service across accounts go away.
I suppose one has to deal with the risk that the firmware on the modem might phone home with location data.
And, of course, all bets are off if an app running on one’s computer or cell phone can just obtain a unique identifier and location at a given time and phone home with that and let the app vendor sell it.
In this article t least they’re only talking about the cell providers selling location information, and using a vpn wouldn’t help with that. You still need to connect to a cell provider, they still have a continuous detailed track of your location. While a vpn would help limit what they know about your online activity, it does not at all affect their ability to sell your location to a data broker.
And given the ubiquity and sneakiness of online tracking, I’m no longer convinced a vpn is effective at reducing knowledge of your activity. We need to think a little deeper about the threat: your cell provider seeing your activity is not the threat. The threat is every provider from cell to content dumping massive amounts of data including profiles and other pii with data brokers, so they can connect the dots and sell “better” data.
Yes, but what I’m talking about in my comment is that there there doesn’t need to be an unbroken ID over a long period of time and they don’t need to have any direct link to your identity. They have an IMSI and an ICCD. They can link that to at least approximate location. But they don’t have to have data tying it directly to your identity, and that pair does not need to be linked to someone for many years, can be swapped out, even if most people do typically have that link today.
EDIT: And I’m not asserting that this is a hard guarantee that it’s impossible to link that to identity. I mention that it may well be possible to deanonymize that data by correlation through other databases. For example, let’s say that someone could correlate data from an airline’s flight data that is correlated with personal identity and a cell provider sells sufficient of their cell data to link location to air travel data. Two flights, if someone doesn’t leave their phone at a given location, is probably enough to deanonymize someone. ALPR data is probably another major way to harvest data that might be useful in cross-correlation with data like this, and at least in the US, there are no (national, dunno about state) laws against setting up an ALPR node wherever anyone who wants pleases. But it’s enough to ensure that a personal identity and the data that the cell provider has are not directly immediately linked.
In the US at least, porting (transferring) a number from one provider to another takes (usually) ~5 minutes. You can even do it to/from landlines. The carrier/customer service might balk and try to keep you but a little persistence and it’s done. It’s been this way years before I got my first phone number, and that was almost 20 years ago now.
Well…yes, but in that case, someone’s keeping a phone number, which uniquely identifies them and is most-likely even publicly tied to their identity (unless someone maintains multiple cell phones). Like, one cell provider may not have the data, but then multiple will, and if they’re both willing to sell information to a data broker…shrugs
In addition to that, unless you also swap out the hardware at the same time, there’s still the hardware identifiers spanning providers, and if someone has a plan, billing data spans providers and is accessible to the provider (though there may be legal restrictions by the state on cell providers on making use of personal billing data or merchant-account restrictions imposed by credit card vendors; not sure there).