There are plenty of guides available on how to protect your data[1], how to secure yourself online[2], and how to stop digital snoops from tracking you[3] across the web and then profiting from that intrusion. (Sorry, “monetization”.) You should do these things. But if a cascading series of revelations this past week has taught us anything, it's that all of those steps amount to triage. The things you can control add up to very little next to the things you can’t.
It’s an obvious point, especially if you follow the privacy headlines. But a recent example of location-tracking gone wrong—in fairness, it rarely goes right—that unfolded over the last week or so underscores the severity of what you’re up against.
On May 10, a New York Times report[4] detailed a service, called Securus, that allowed a former sheriff to track people’s location, practically in real-time, without a court order. Securus technically requires legal documentation that authorizes use of its services. But senator Ron Wyden (D - Oregon) says[5] Securus told his office that the company “never checks the legitimacy of those uploaded documents,” and that it does not feel obligated to do so. It offers a rubber stamp, then, to letting people know where virtually anyone in the US is standing at any given moment.
On the heels of that report, ZDNet detailed[6] how all four major US carriers sell location data to companies you’ve never heard of, without your explicit permission. In this specific case, Securus bought its access from a location aggregator called LocationSmart, which in turn bought it from the telecoms. All of these relationships are arguably legal.
"We don’t really have federal laws that are focused on