Personal and Private Activity Up for Sale
When the Catholic newsgroup outed Jeffery Burrill, they did so by tracking his personal and private online activity — information that was publicly available and up for sale. The Pillar reported it obtained Burrill’s mobile phone history through a data vendor, a company that collects users’ app and location history after they consent to data collection. The company then aggregates that data together and typically sells it for marketing and advertising purposes. But with the US’s lax laws concerning data usage, companies are largely unregulated in how they can use these vast amounts of user information. After this week’s events, we’ve seen proof that almost anyone can use this data to track the online lives of individual users. The Catholic newsletter said that the data vendor didn’t provide user names, but assigned each mobile device a numerical identifier. According to The Pillar, it was able to correlate the vendor’s ID to Burrill’s device using timestamps, GPS coordinates and usage data. User activity showed that the device was often used in Burrill’s home, office, during meetings he attended, and near family members’ homes. The data also showed that between 2018 – 2020 the device regularly used the gay dating app Grindr, and they were able to track the device to well-known gay bars and a prominent gay bathhouse in Las Vegas. The Pillar said they contracted an independent data consulting firm to authenticate the findings.
Protect Yourself from Data Vendors
Though app usage and location tracking are generally used for advertising and marketing purposes, it seems that anyone with enough dedication could match a device to a person, and use their personal data with malicious intent. Cybercriminals could use personal online history to run smear campaigns or blackmail celebrities, politicians and business moguls, while tech-savvy cyberbullies could target the online habits of vulnerable teens.
Take steps to protect yourself from an invasion of privacy
Responses to the Investigative Report
Grindr called the report “unethical” and “homophobic” in statements to media and said that it didn’t “believe” it was the source of information. “The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur,” a Grindr spokesperson said to the Washington Post in a statement. “There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported.” Grindr does have privacy protection policies and settings in the app, but it’s on the user themselves to apply them. Since homosexuality is considered a sin in Catholic doctrine, the USCCB moved swiftly to respond to the claims. The National Catholic Reporter obtained a memo from Los Angeles Archbishop José Gomez, reading: “On Monday, we became aware of impending media reports alleging possible improper behavior by Msgr. Burrill. What was shared with us did not include allegations of misconduct with minors. However, in order to avoid becoming a distraction to the operations and ongoing work of the Conference, Monsignor has resigned effective immediately.” Shortly thereafter, the USCCB released a similar statement to media outlets.