Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’ve been asking where the hell these companies are getting our data to begin with for awhile because it has to be through shady means, even if technically legal.

Tracking a user and selling that data should not be able to be slapped deep down in some TOS that grants intrusion into your life at that level. I wish laws would be changed to require explicit tracking requests for this type of data, that has to be conspicuous and separately authorized in addiction to any TOS.

I wonder if these are all shell companies to hide the “origin server” for this CDN of unauthorized surveillance data.

I’m also curious how many of these are just middle men that do nothing but markup and resell, vs how many of these companies do anything to enrich the data before flipping it.

Wouldn’t it be funny if someone were to use these systems to get the location information for the executives at all of these companies, and it ended up online everywhere? I wonder if they would change their opinions on technical loopholes allowing the tracking of people without consent



Our gerontocracy is unprepared to deal with issues related to technology and privacy. I don't think these data brokers need to hide at all. We already see how legislators (failed to) comprehend issues related to technology in the many of unproductive congressional hearings over the past few years (Google, Tiktok, Twitter, Facebook... all brought before congress with nothing to show for it now). I think issues of technology and privacy are moving too fast for our gerontocracy to possibly keep up.

And I think our legislators show their ass in the case of the Tiktok hearing; effectively stating oh it's fine if the data is being bought and sold by a US company (Oracle).


If our legal system isn’t prepared to properly handle such things then it should default to being illegal to collect and sell data until the legislation is created to properly protect the rights of those who put them in office and pay their salaries.

The default of “you will be violated until we get to it, if we are able to comprehend it” is a dystopia I hadn’t imagined, yet here we are.


The answer is in the comment you replied to, "directly from telecommunications services providers".


Still doesn’t answer my question of where my PII was acquired.


I don’t understand your question. Your telecom provider has your PII.


I’d like a definitive list which contains the source for each piece of data, the means that source acquired it, when they acquired it, and proof of my consent for it to be collected, stored, and sold to other parties who then sell it off to the highest bidder.

“It came from teleco companies” is not due diligence enough for me, and it shouldn’t be for you. That answer isn’t an answer and the lack of accountability is how the companies continue to violate our right to privacy and flourish.


> “It came from teleco companies” is not due diligence enough for

I never claimed this. I replied to the question about how a telecom provider would have PII. My mobile provider knows my legal name and other details. They obviously know which tower is closest to my phone at all times or my phone would not work. That it is terrible of them to sell this data was not in question.


Your cell phone company knows your name, address, and can infer where you've been based on the cell towers your phone checks in with. So that one's a given.

Here's a sampling of others:

Mastercard sells information on your purchases.[^1] (Based on the info Oracle had on me, I suspect they might be one of the sources for Oracle Advertising.[^2])

Equifax, who gets information from your bank, your car insurance company, your cable company, and loads of other places, makes a nice profit off selling your info.[^3][^4]

ISPs know who you are, can infer a lot about you from unencrypted DNS queries and HTTPS SNI snooping, and they're happy to sell information about you.[^5]

Then there are several tiers of companies that buy information from various other companies, aggregate it, and then sell that off. A veritable snowball rolling down a hill of privacy violation.

[1]: https://www.wired.com/2012/10/mastercard-data-mining-holiday...

[2]: https://datacloudoptout.oracle.com/request-your-data/verify-...

[3]: https://www.inc.com/associated-press/equifax-data-money.html

[4]: https://www.equifax.com/about-equifax/why-equifax/differenti...

[5]: https://www.vice.com/en/article/93b9nv/internet-service-prov...


And for completeness, here’s an article about the telecoms themselves: https://www.washingtonpost.com/news/the-switch/wp/2018/06/19...


Just to clarify my point I’m not condoning this at all, but the telcos themselves have been selling live location data of their subscribers to aggregator services for years.

It’s really infuriating to me that people say Google or Facebook are “selling their data” (they’re not, they hoard data and sell targeted ads) when Verizon, T-Mobile, and AT&T literally sell your live, personally identifiable, non-aggregated, location data to third parties, hiding behind their subscriber agreement legalese.


One of many sources: https://www.fiercewireless.com/regulatory/t-mobile-to-fight-...

Just google it, more examples are easy to find.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: