US Senators Shocked To Learn IPs Can Be Used For GeoLocation

From LinuxReviews
Jump to navigationJump to search
Facebook.png

Senators Josh Hawley and Chris Coons were shocked and furious to learn that Facebook is able to show location-specific advertisements when smartphone users have turned location data off. They sent Facebook an angry letter to Facebook demanding a middle-school level introduction to how the Internet works. Facebook sent a 8 page long response letter on December 12th which outlines how they collect location data. The first three pages are public. The senators were not pleased with Facebooks response.

written by Öyvind Sæther. published 2019-12-18last edited 2019-12-18

Facebook-twitter-icons-on-mobile-phone.jpg

The letter demanding that Facebook explains how they know where their users are even if a smartphones location service is turned off was sent amid US congress hearings where US senators demanded that the technology giants Facebook, Google and Apple implement Secure Encryption With Government Backdoors - which is, of course, impossible to do since you can't have your cake and eat it too. Encryption is apparently not the only issue the not so technology-understanding US senators have a hard time understanding.

Facebooks Response

Facebook responded to US Senators Josh Hawley and Chris Coons letter with a eight page long letter (only the first 3 pages are public) which explains how they track and use location data even if a phones location services are turned off. Facebook explained that they pull location data off images that are uploaded to their platform. They also use data from other Facebook users to get data. Facebooks response admits that

"if someone responds to an event on Facebook for a local music festival, uploads a location-tagged post, or gets tagged by a friend in a check-in at a restaurant, these actions would give us information about that person's likely location. Similarly, a person might share where they live by setting a location in Marketplace or adding their address to their profile."

Facebook letter to Senator Coons and Senator Hawley, dated December 12th, 2019

Facebook also states that they are using location data based on their users IP addresses. Your IP is sent to all websites and Internet services you use; that's a fundamental part of how the Internet works. Turning a IP address into a rough location is trivial. Facebook and most, likely all, big tech websites will have turned your IP into an estimated location before the page is loaded.

Senators Josh Hawley was not pleased:

"Facebook admits it. Turn off “location services” and they’ll STILL track your location to make money (by sending you ads). There is no opting out. No control over your personal information. That’s Big Tech. And that’s why Congress needs to take action"

Senator Josh Hawley on Twitter December 17th, 2019

Android's "Location" Toggle Button Never Mattered

An example of the top secret technology used by Facebook to reveal a persons location based on their IP address, which is something all web browsers send to all the websites one visits, can be found in the "IP Intelligence" firm Marmind's GitHub GeoIP2-php repository. The GeoIP2 PHP module is licensed under the Apache 2.0 license. Their "GeoLite2" IP database, which is less accurate than their paid services, can be used relatively freely under the Creative Commons Attribution-ShareAlike 4.0 International License. MaxMind has several other modules available for other languages like java, python, javascript (node.js) and so on.

MaxMind's GeoIP database existed before smartphones were a thing. A smartphones location service providers more accurate data thanks to their built-in GPS. Finding out what city someone not using Tor or a VPN is in has been trivial since forever.

More To Come, Guaranteed

"The surveillance-based business model has created an architecture that has not only drastically shrunk and restricted the “private sphere”, but at the same time isolated people from one another, as each individual engages with their own highly personalised experience of the internet, uniquely tailored to them based on algorithmically-driven inferences and profiling. "

Amnesty International: "Surveillance Giants"
(SURVEILLANCE GIANTS POL3014042019ENGLISH.PDF)

Most of the advertisement on the Internet is personalized to a level which may be a bit shocking if you are relatively new to AdOps. Almost all of the advertisement space on Facebook and advertisement networks like Google is sold to "programmatic buyers". There is a whole industry, mostly unknown and unregulated, around "programmatic marketing". Here's how it works: You get an ID based on either a existing browser cookie or a combination of location data and other available data or just your IP when you visit a web page with advertisements. That ID and the page you visit are sent to a real-time auction system where advertisers place instant real-time bids on the particular advertisement slots on the page you are currently visiting. The advertisement agency with the winning bid, which is determined within a fraction of a second, gets to show you advertisements.

"Programmatic buying" is how and why Internet advertisements tend to be so personal. Contextual advertising, which means advertisements based purely on the web page you are visiting, accounts for a so small percentage of all web advertising it's barely measurable. Staggering amounts of money have been invested in systems which are able to match people to existing data based on IP, user-agent, screen resolution and other data. Facebook will be able to match you with your account there, if you have one, whether you are logged in or not.

The US Senators Chris Coons and Josh Hawley are not the only ones who have Facebook and the other technology-giants in their cross-hairs. There will be more antitrust and user privacy investigations in the near future. We can't wait to see how technology-illiterate US senators who are shocked to learn that IPs can be used to reveal location information react if they ever get a whiff of how the modern advertisement industry actually works.


Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.