It's absolutely mind-boggling that they are allowed to sell phone location data in the first place without any real consent from their customers.
That's why it must really say something about these companies - Verizon especially - that them voluntarily stopping such a practice makes me imagine they have nefarious motives in mind.
Either that, or they just think net neutrality's death is going to be so much more profitable than this that it's not worth the man-hours anymore.
There is a saying, that if you pay for a service - you are a customer, and if you don't - you are a product. But in the US, it seems, you are a product, either way.
The root of the problem of all of this is the Quarterly Earnings Report. Every public company has to show growth every single quarter, otherwise investors will punish them. Therefore they have to do every dirty little thing they can to get money coming in.
Get rid of the quarterly reporting and let businesses get back to competing on customer service and you'll see this all go away.
It's standard profit maximization. If you can get a customer to pay $X, and then also sell their data on the side for $Y, then why wouldn't you do it?
The thing people don't seem to realize is that it's not just enough to pay money for what you use. You have to pay more than $X + $Y, i.e. you have to explicitly price yourself out of the price bracket of customers who are willing to put up with being the product.
This means that services where users are a product are going to continue to be the norm as long as a significant fraction of consumers are willing to put up with it.
It's standard profit maximization. If you can get a customer to pay $X, and then also sell their data on the side for $Y, then why wouldn't you do it?
Generally, people are prohibited from reselling the things the common items of our existence: electricity, internet service, food, and so on. Businesses have no such restrictions, even though like food, personally-attributable information can be put to harm.
You can only explicitly price yourself out if that's an option. If every player in the market sells your data regardless of their price points the only option is to not buy anything at all.
They're allowed because the customer agrees, right there in the privacy policy. I think this sucks however, because
1. You get hundreds of pages of contract to read about the phone and the service and billing and everything else. Who is going to spend a week doing a doc review to buy a phone?
2. It's opt out. GDPR got this right. Even if you do opt out, how do you know if they handle your PI correctly anyway? They get paid to abuse it and penalized to respect it.
3. And the big one is: there's no alternatives. IF all the carriers do this -- and why should we expect them to leave cash on the table -- then you can't shop by privacy. They're all take it or leave it, as disclosed in their PP.
It's not just that, they'll happily violate a policy if there's not going to be a huge backlash about it.
I remember when Verizon started booting Kyocera 7135 devices off their networks(even on contract) if they were under a "Minutes of use" data plan and offering an "upgrade" to Treos but only if you picked up a $50/mo data plan + renew your contract.
The ostensibly did this because the device was "causing compatibility issues", however no other carries with the same device did the same thing. Tons of posts on howardforums but not enough to cause a huge stir.
The whole process left such a sour taste in my mouth I'll never own a cell phone on Verizon again.
Note a big thing Verizon pushes now is the Verizon Up rewards program, which is opt-in, and explicitly permits them to sell your data. So they may be folding everything in the monetizing data category into that opt-in program now.
Which works fine for me, because I ain't ever opting in to that. And arguably, those who do opt-in are getting something for it. (Rewards.)
> Who is going to spend a week doing a doc review to buy a phone?
There are algorithmic methods available for estimating reading time. Taking 80% of that value (or whatever) could then be used as a conservative lower bound for how long someone must take reading a document before it can be reasonably asserted that someone could have "agreed" to anything. If you haven't spent at least some minimum amount of time reading the document, it should be assumed prima facie that a "meeting of the minds"[1] hasn't happened.
This would require much longer delays before sales/etc, which encourages companies to use shorter, easier to read legal documents.
When you open a bank account, they sometimes check the location of your phone and reference it to your address and browser location (Whenever banks mentioned this in their registration process, they don't seem to ask for copies of IDs).
It's sketchy how the banks get that data, but makes me feel slightly better nobody will get away with opening a bank account in my name without ID copies?
"When you apply, we may do a one-time check with your phone provider (cell and/or landline) to get billing info, geo-location, and/or device data. This helps us make sure your home address matches your phone's billing address. Your phone's physical location can also alert us to higher risk situations. For example, if you're applying for an account while in a foreign country, we want to make sure no one is impersonating you. Don't worry - we still open accounts for people who are on vacation, moving, etc. This is just one more clue to help us solve the puzzle of if it's you or someone impersonating you. Also, geo-location, billing data, and device info will only be used for fraud prevention; it won't be used for marketing, mailing lists, or anything else. Your data collected by us will be stored for the life of your account plus five years."
I remember HSBC requesting the same permissions but it's harder to find their account opening disclosure terms.
Verizon has a section of their site to turn off marketing and adjust privacy settings. Notably absent is the ability to turn off location sharing. I emailed the privacy department and they totally dodged my question. I still would like, and think it's important to have, an option to opt out of all location sharing. I don't care if it's for fraud prevention since that is easily abused by companies.
No, it is outside of the Operating System. This happens at a lower level, in the firmware of the chips with GPS and modem. Every 5 seconds your location data is sent to the cell tower. Even if you turn off all your connections and GPS, it will still happen anyway, it will only be presented as off to your Operating System.
Additionally, even if you could turn off GPS and other data services (i.e. a flip phone or similar) that data is still collected because you are always connected to a physical tower that has a physical location. So looking at these records, your location can be inferred, as well as all your usage data can be aggregated together and sold.
I’ve of heard such “faraday pouches”, I assume they exist.
I find it very unsatisfying that the phone in the pouch would be ramping up its radios to try and reach a tower, running its battery down.
I much prefer the approach of the Librem 5: put the whole baseband board on it’s own circuit, and have a hardware kill switch for power to the whole thing.
Was just wondering the same. What can we do as consumers? Trying to get laws changed is almost impossible and we don't really have much of a choice in providers. Even the smaller companies just resell att/verizon/tmobile.
I assume every apps that read your location data are selling them. Since no one wish to pay for apps, companies look for other ways to monetize. Some choose ads, some sell your data.
The issue at hand here isn't free apps that ask for location data, but paying mobile phone subscribers, whose location data is collected directly by the phone company.
That's why it must really say something about these companies - Verizon especially - that them voluntarily stopping such a practice makes me imagine they have nefarious motives in mind.
Either that, or they just think net neutrality's death is going to be so much more profitable than this that it's not worth the man-hours anymore.