When you consider the nagging privacy risks of online advertising, you may find comfort in the thought of a vast, abstract company like Pepsi or Nike viewing you as just one data point among millions. What, after all, do you have to hide from Pepsi? And why should that corporate megalith care about your secrets out of countless potential Pepsi-drinkers? But an upcoming study has dissipated that delusion. It shows that ad-targeting can not only track you at the personal, individual level, but that it doesn’t take a corporation’s resources to seize upon that surveillance tool—just time, determination, and about a thousand dollars.
A team of security-focused researchers from the University of Washington has demonstrated just how deeply even someone with modest resources can exploit mobile advertising networks. An advertising-savvy spy, they’ve shown, can spend just a grand to track a target’s location with disturbing precision, learn details about them like their demographics and what apps they have installed on their phone, or correlate that information to make even more sensitive discoveries—say, that a certain 20-something man has a gay dating app installed on his phone and lives at a certain address, that someone sitting next to the spy at a Starbucks took a certain route after leaving the coffeeshop, or that a spy’s spouse has visited a particular friend’s home or business.