The Decentralists

Hot Topix: X Marks The Spot

November 26, 2020 Mike Cholod, Henry Karpus & Chris Trottier
The Decentralists
Hot Topix: X Marks The Spot
Chapters
The Decentralists
Hot Topix: X Marks The Spot
Nov 26, 2020
Mike Cholod, Henry Karpus & Chris Trottier

The U.S. Military has been buying the location data of smartphone users like you.

As we all know, personal data is extremely valuable. Many app vendors have realized that selling data to brokers like X-Mode is the quickest way to drive revenue (50,000 users guarantees an app developer $1,500 a month). One of X-Mode’s customers is—wait for it...

 the U.S. Military. X-Mode’s Software Development Kit (SDK) is embedded in over 400 apps—including a Muslim prayer app that has nearly 98 million active users.

Why is the U.S. Military spying on smartphone users?

Why aren’t app developers transparent about what happens to the user data they collect?

Are “free” apps costing us our freedom?

When we download free apps, we aren’t informed how we will be tracked—are free apps really “free”?

Show Notes Transcript

The U.S. Military has been buying the location data of smartphone users like you.

As we all know, personal data is extremely valuable. Many app vendors have realized that selling data to brokers like X-Mode is the quickest way to drive revenue (50,000 users guarantees an app developer $1,500 a month). One of X-Mode’s customers is—wait for it...

 the U.S. Military. X-Mode’s Software Development Kit (SDK) is embedded in over 400 apps—including a Muslim prayer app that has nearly 98 million active users.

Why is the U.S. Military spying on smartphone users?

Why aren’t app developers transparent about what happens to the user data they collect?

Are “free” apps costing us our freedom?

When we download free apps, we aren’t informed how we will be tracked—are free apps really “free”?

Henry: Hey everyone, it's Henry, Mike and Chris of the Decentralists. Hot Topix time. This one is honestly, it's a bit unnerving. It seems as though the American military has been tracking citizens locations. Mike, you sent me an article and I'm hoping you can illuminate us about that and explain to me, what do you think is going on?

Mike: Well, Henry, I mean you know I guess it's time for another rant. You know, one of the things, you know, it is Friday after all. One of the things that was reported this week by vice is that an organization named motherboard was looking at a couple of app vendors. One's called Locate X and one's called X-Mode.

Henry: Okay. What does motherboard do?

Mike: Motherboard is basically one of these kind of tech, exposition exposure kind of companies where they look into different pieces of technology, whether it's hardware and software and dig underneath it and see what it's actually doing.

Henry: Nah, they try and keep people honest, try to keep people honest. Oh yeah. Yeah. I like it. Okay.

Mike: Okay. And so, one of the things that these guys Locate X do and X Mode do is they create an API for location tracking. So, we talked a little bit about this in a LinkedIn post this week.

Henry: Yeah.

Mike: So, you know, what an API is, is an application programming interface. It basically means that I can set up a little piece of code that is not meant to be an app on its own. Okay? But it's meant to be a service that other people who build apps can download, install this piece of code and it basically kind of generates a result. And in the case of these Locate X and X Mode guys, what they do is they track location data. Okay? And one of the things that most people don't think about when they think about all of this, you know we've talked a lot about fake news and you know, privacy violations and all of this stuff that happened in social media with our personal data. And a lot of times when I think, when you think about that and you hear about it, you think about things like, Oh, well, they didn't have my pictures and they know who I'm related to or who my friends are and maybe phone numbers and things like that, but not a lot of people think about location.

Henry: Yeah.

Mike: Right? And so, you know, what essentially this means is, is that, you know, these guys will create an app an API that will actually pay app vendors to install this code on their app. So, anything from they've been tracking Muslim prayer apps. They've been tracking black people dating apps. They've been tracking fitness trackers. They've been tracking kind of everything, each storm trackers. And the idea is, is you're an app guy and you're making an app and you say, I'm tracking storms and I think I'm going to make X amount of dollars off of this. And then these guys come along and say, just attach this API and we'll pay you 1500 bucks a month for every 50,000 users you send to us.

Henry: Oh, that's how they get people interested.

Mike: Totally. And so, I think I'm some, you know, innocent app vendor, or maybe not so innocent app vendor, who's looking to make revenue to survive. Right? In an already crowded marketplace of advertising and things like this. And so, I just take this API and I install it in my app. It's a few lines of code and I unbeknownst to me, or maybe innocently, I start sending location data. And so, this is everything, you know, all of our phones have GPS cause there's, we all know this because we access Google maps. And but it's even more nefarious. It gets down to the point where they're even tracking things like our Mac addresses, our gyroscopic positions, whether we're standing up or lying down things like this, and they're sending it to these third party, API people. Okay? People whose entire business is collecting location, tracking data. And so, they take this location tracking data and they sell it to the US military, to law enforcement and to other, let's say perhaps less legitimate, but let's say cash rich organizations. I mean, think about it.

Henry: Wow.

Mike: Seriously. Think about it like you download an app that represents your religion. Okay? And whether it's things like telling you where the closest churches or when to pray or what to say, this information, which is why you downloaded the app in the first place is also systematically targeting you so that you can have your location tracked 24 seven by somebody like the US military.

Henry: Well, you talk about big brother. Okay. Now, hold on. Hold on, hold on. Mike and Chris, you may know I myself on my iPhone, I never, ever, ever, ever, ever turn on location services and the privacy tab, because I mean, I might do it once every two months. If I need to orient myself on a map and then I turn it off five minutes later. Are they still tracking me?

Mike:            Oh, hell yeah. I mean, you know, without a doubt, Henry. You know, I mean, for example, there's...

Henry: Even if it's off?

Mike:            Even if it's off, there's a couple of things you've got to remember. Okay. So, the first thing is, is that, you know, do you use Google maps>

Henry: On my phone? Extremely rarely once a month for five minutes,

Mike: That's fine. But if you do, your location tracking has to be on. So, for a lot of these most popular services, you have to turn it on. Okay? So that's one thing. Second every time you update your operating system, they do things, weird little things to change the way the apps now work. So, one of the things I recently updated my iPhone to the latest version of iOS. Okay. And I don't know if you remember, but in the last version, like I always turn off Siri.

Henry: Yeah. I never have it on, I can't stand that.

Mike: I don't want Apple listening to me 24 seven. Right? Because they say it only responds to keywords but well if it can respond to a keyword, it's listening to you.

Henry: Of course.

Mike: It's a microphone. It's not a speaker. And so, you know, the idea is, is I went into my location settings. This was literally, or not my location settings, my Siri settings, because I was helping my dear old aunt Rita upload or update her iOS. Okay? And one of the things I noticed in the latest version is instead of just being able to use, to be able to turn Siri off, click, click, click, right? Three buttons. Now you turn Siri off three buttons, and then there's a list of every single application that you've got loaded on your phone, and you have to open every single one of them and they're all enabled for Siri, even if you've turned it off up top.

Henry: Oh.

Mike: So, you know, half the time, it's just so much of a pain in the butt to turn all these services off but the idea is, is at the very least Apple has all of your location data.

Henry: No, I'm sure. Chris, I know that you've got some insight into this.

Chris: Yeah. So, one thing that we always like to say here on the decentralist is that free is never free.

Mike: Correct.

Chris: Some way or another you're going to have to pay and unfortunately, with this Muslim prayer app, okay? Which is called, I believe Muslim pro 98 million users, active users.

Henry: Wow.

Chris: 98 million active users has a halo effect. Right?

Mike: Correct.

Henry: Because remember with Cambridge Analytica you know, it was only a few hundred thousand people who were using those quizzes, but they were able to get data on millions, upon millions of people. Right? So, you look at the, this Muslim prayer app, 98 million active downloads and active users, halo effect in you know, minimum hundreds of millions. Okay? It's a free app, unfortunately you know, some people potentially could pay with their lives.

Mike: And they have, I guarantee you, they have.

Chris: Now we think about the US military and we hope to God that the US military hasn't been utilizing these apps in an unethical way. But we, we don't know...

Mike: Ask Snowden.

Chris:            Exactly. Exactly, Mike. We don't know who else has been utilizing this data. Is it some far right Islamophobic organization?

Mike: Sure.

Chris:            Right.

Mike: Yep.

Chris:            We already saw what somebody in New Zealand did with just a little bit of data.

Mike: Correct.

Chris:            Right?

Henry: Oh yeah.

Chris:            So unfortunately, something's free. Well, you know nothing's completely free. I hate to say it, but you shouldn't have to pay with your life to do something as simple as know when to pray.

Henry: Okay. So, Mike, to your point, this X Mode and Locate X.

Mike: Yeah.

Henry: I mean, if they pay developers to add location tracking apps?

Mike: Right.

Henry: Does this make them complicit in any crimes committed with that data?

Mike: I think a hundred percent, a hundred percent. And more importantly, Henry, I think one of the things that we also should call out here, and this is to Chris's point, right. You know, they say that if the product's free, you're the product. And to me, this is one of the most egregious and nefarious illustrations of that point. You know, I hate it and most of us hate it, but I think it's fairly innocuous when the free equates to an ad. Okay. You know, if you download an app or a service and often this'll happen, whether it's a game or something, a fitness tracker. You'll download the free version, and they'll also be a paid version and they'll hit you, oddly enough, with an ad that says, pay 10 bucks and we'll remove the ads. Okay. That's a fairly innocuous way for these app people to make money it's right in your face. If you don't like it, you're getting rid of it.

Henry: Nothing to hide there.

Mike: Get rid of it. Right? The problem is, is I guarantee you, nobody who downloaded the free Muslim pro prayer app was informed that they were going to be trapped without their knowledge.

Henry: Of course not.

Mike: Okay. And so, this is the danger of the biggest danger of these free products is that you go in and you download this thing for free, and you assume that that means you're going to see ads. And if you're fine, you know, not paying for candy crush because you'll watch the ad banner at the bottom fine. But if what that thing is actually doing in the background is also tracking your location. Right? You're a candy crush person, Henry you clearly like casino, like video games. So maybe what we're going to start to do is track you and see if you're a gambler.

Henry: Right.

Mike: And try to influence you to maybe, you know, how hard would it be for you to look at your Google maps, right. To say you know, you look at a Google map and you you'll see the map and you'll see the streets. And then there's certain things like certain buildings and stuff that will already be pre-populated, even if you haven't searched for anything.

Henry: Yeah. Right.

Mike: You know what I mean? Well, how hard would it be for somebody to go in and buy your location data as a candy crush or an online poker stars player, and then make sure that every time you looked at a Google map to find your way to a restaurant, it clearly highlighted casinos.

Henry: Yeah. Yeah.

Mike: Right? This is the way that we can be manipulated. And this is not just advertising, manipulating us. We talk about this all the time. This is location data being used to profile you as a gambler, and then send you to those locations where you can now turn into an addict and lose your family, your house, your car, everything.

Henry: Well, you know, it's funny, you should say that. Here's a story from you know, a thousand years ago when I was starting my sales career long before the internet. I needed some money. I decided to take a job at one of those call centers for whatever they were selling. I would pick up the phone. I would make these calls and call people all across the States.

Mike: Sure.

Henry: And one of the things that we were selling well exclusively sold at that time was Canadian lottery tickets. Because at the time in America, there were no lottery tickets. There was no lottery, like six 49. They hadn't reached that point where it was legal and they could do it. And all that sort of thing but Canada had it.

Mike: You could win millions of dollars.

Henry: It to fund the government, but Canada had it. So here I am, I'm calling these people and getting them on the phone and selling them these lottery tickets.

Mike: Wow.

Henry: And I was doing this for a few weeks and then I find out talking to people in the room. I said, where do they get these numbers from? Because actually there are some people, I mean, you know, more than I expected are interested.

Mike: Right.

Henry: Well, it turns out they got a list or they get lists of, or they did, of people who were known gambling addicts.

Mike: Really?

Henry: So, I was calling these people to ruin their life further. I didn't know it, I quit the next day.

Mike: Good for you, Henry. Good for you. Right? And, you know, this is you know, this is just the shows you, the depths that people will go to. Right? I mean, one of the thing examples that happens as part of this, like, you know, this is just total craziness, but one of the things that happens is there's this kind of term called Bidstrem B I D S T R E M. Okay. And what Bidstream is, is it's kind of a service where almost in real time, like it's a big thing with Google ads, for example, where in almost real time, what they've got is all of the data coming off of our devices, like in real time milliseconds. Okay. Where, you know, here's Henry and he's here and he's close to a casino, or here's Chris and he's here and he's close to a shoe store. Okay. And they have this almost live bidding where you can go in and literally just, you know, hit buttons and buy that type of data to target ads.

Henry: Wow.

Mike: Okay. Well then you can also buy location data. And this stuff is like, literally anybody can go and sign up and basically say, I'm a business and I want to buy data and I'm willing to pay for it on like essentially a real-time basis. And they just go, no problem. Enter your credit card here, press a button whenever you want to make a bid.

Henry: Yeah.

Mike: I mean, you know, one of the things that is in, it seems to be in almost endless supplies on this planet, both legitimate and illegitimate is money. Okay. And so, if the only thing stopping anyone out there from being able to target, locate and track, any other person or group is money, we are in really, really, really big trouble.

Henry: Yeah, no kidding.

Chris: What are the things we should also remember Henry is that we don't need to use a smartphone for our locations to be tracked. I was at best buy just last week, you know, purchasing something, you know, fairly innocuous. It was just a flash drive. And when I was at the till a cashier asked me what my postal code was, I said to the cashier, Hey, do you actually need my postal code to make this purchase? And they said, no, but we would like to have it. Mike. Why do you think they want my postal code?

Mike: Absolutely. Hey, because now they know that you've got a USB stick, so you're clearly a techie and you've clearly got technology and they know where you live.

Chris: That's right.

Mike: And that's valuable information for an electronics retailer, shall we say?

Chris: Yeah, that's right. And Mike you correctly point out that money itself has done in short supply. But one thing that is in short supply is time and our attention.

Mike: Correct.

Henry: Yes.

Chris: Now at the end of the day, what everybody's trying to purchase is our time and attention. And so, this is why retailers like best buy whether we have smartphones or not. They're trying so hard to find everything they can about us/.

Mike: Yep.

Chris:            Because ultimately if they can get our time and attention, they can get our money.

Mike: Right. Absolutely. Absolutely. And it's also one of these things, Chris, where think about it, Hey, you know, postal codes are something that is, you know, they're fairly unique, right. I mean, it's not every single house has a postal code. Right. But like, your building has one postal code or you know, one block or something has a postal code. Okay? And you start to think about what does it mean when they have something innocuous, like a postal code or they call it a zip code in the States. Right? You could even do things like micro target those flyers that you get thrown in your mailbox.

Henry: That's exactly what they do, Mike. Yeah, of course. Okay. A question for both of you, and I know Mike, you had mentioned this previously. In the article that you said to me, they said that the location data gathered from, let's say the Muslim prayer app and the black dating app is only intended to be used to track people outside the United States. Now hold on. I don't get it. Why would that be? Is it valid? And would we believe in... First of all, what makes that more acceptable anyway?

Mike: Well, I mean, it's clearly not acceptable, "A". It's clearly not true "B", right? Because I think if you, I think Henry that, that quote was not exactly... Okay. That was kind of a weird quote because that was the location X people and the kind of X mode folks talking about the location data that they sold specifically to the US military, the CIA and those other secret organizations.

Henry: Okay.

Mike: Okay. And remember, this was one of the most like the, you know, a lot of people are familiar with Edward Snowden. Okay. And his, you know, bombshell revelations about the spying and stuff like this basically blew this whole thing wide open. Okay?

Henry: Right.

Mike: But one of the most integral and often forgotten points of Snowden's exposure was the fact that this data. So, in the United States, certain organizations, in fact, all the organizations that represent the federal government are not meant to use any of these things. The military, like wire taps, all of this type of stuff cannot be used on us citizens without a warrant. Right? So, the kind of, when you want to tow the politically correct line as a spokesperson for the Pentagon, you say, yes, we buy this data, but we do not buy or use data on citizens of the United States. And that's the piece of Snowden's allegations that were the most I want to say sensational was the fact that they were in fact using the data they were collecting through social media and through the internet to track American citizens. Okay. One of the organizations that uses these locate guys is the border patrol folks. Okay. And, you know, like Chris said, you've got a halo effect. If you're tracking somebody, you say I'm only tracking this person because I saw them, you know run across or break across the border illegally. Well, what if that person then goes in and has family, legitimate family in the United States that they now go and seek refuge with? Now that family is being tracked as well. And there's no way the halo effect isn't encompassing American citizens.

Chris: Exactly.

Mike: Right. And so, you know, but it's just the fact that they, it is actually in this kind of a little bit relates, is a segue into this whole section two 30 thing we've been talking about for months now, it seems. But the fact that a company can set itself up and create a technology that can be used without user's consent to track their locations. Okay? The fact that that's legal is the is a problem.

Henry: Oh yeah.

Mike: But the fact that they can also take that information and put it on an open market to the highest bidder is something that is almost to me...

Henry: Inconceivable.

Mike: ... as incredibly shocking and disturbing and wrong as the publisher exemption, that social media currently has under section 230.

Henry: Yeah. Yeah. There's no question about it. In fact, it's stunning the legal power and the laws lags so, so far behind technology and social media and the big tech that it's laughable now. I mean, there's so many things that should be illegal.

Chris: Absolutely. Yeah. So, Henry, that brings up an interesting point, which is the law will always like behind technology.

Henry: Yes. It always has to. Yeah.

Chris:            Because that's just how the legal framework has to work. Right? You can't prosecute a crime until a crime actually been committed.

Mike: Correct.

Chris:            Right. We're not living in the world of minority report where we have, you know, pre crime.

Henry: Not yet. I don't know.

Mike: I don't know I think this location tracking data is to me an indication that we might actually be in the minority report.

Chris:            We're approaching it, but we're not there yet.

Mike: Right.

Chris: Which brings me to my next point, which is if we want to fight this modern dystopia of everything being tracked, we have to build better technology to do it.

Henry: Yes. Oh, perfect. Yes,

Mike: Absolutely. It should not be a default position that just because you want to use a service, you have to give up this data. It should not be a default position that just because you want to use a service, you have to read a 78-page legal agreement. I mean, I don't know if you guys saw, I sent over an article that just this last week it was talking about these legal agreements. And it was saying that the legal agreement in Microsoft's team, like Microsoft teams, which is their kind of combos, zoom, you know, blah-blah, Slack kind of thing is like, I think 1100 pages. Right? I mean, this is completely ridiculous.

Chris:            Did get Leo Tolstoy to write that? Because that sounds like Korean peace.

Mike: Yeah, exactly. The Anna Karenina or something like this. I mean, seriously, it’s unbelievable. Like how were you supposed to interact with this? You know, like the default position cannot be that you have to be a freaking professor emeritus of law from MIT to be able to use Candy crush and to figure out whether you can use candy crush without getting your life tracked.

Henry: Yes. Yes. In fact, that's why, well, Chris, you said it, we need a new platform. We need new technology. And in fact, Mike it's so funny, but that's when I started sort of listening to you years ago, when you told me, you said to me, you know, it shouldn't be that we give our information, to all these 12 different people we want on the internet to enjoy their products. I should own my own identity and Dole it out where necessary and when necessary and then bring it back when I want it.

Mike: Correct.

Henry: And that's exactly what I think he called self-sovereign of course, but that's exactly what we need. And that's what makes me so excited about many one. And I know you're getting close with it.

Mike: Yeah. We are getting close and, you know, Henry, I mean, the thing that we've done, the thing that we've always, you know, it's always been kind of a central thing to what we've been building is what in Kevorkian, I think is her name. She used to be the privacy commissioner for Ontario and she calls it privacy by design. Yeah. Right. Very, very simple. Like, I mean, it's almost like mind, like you kind of go, mind-blowingly simple where she just says, it's simple. Privacy should be the number one aspect of any information systems design. And I'm like, it seems kind of too logical, right?

Henry: Yeah. Yeah, exactly.

Mike: Why wouldn't, it always be that? So, you know, the way to do that, or at least the way that we've looked at doing that is to use decentralization and basically say, you know what, the default position in all of our interactions with each other and with services and the internet, and you know, all of these things should be a completely private, you know, almost cut off from the rest of the world location where you can start by just connecting with things and people one by one. And the way you do that is you just remove yourself from the rest of this stuff you put up like, I like to say bubble wrap around yourself with a little plug-in cord and you just go, I'll touch that service. But I'll unplug, I'll use that service. And then I'll unplug, I'll talk to Henry, I'll talk to Chris. And this should all be within our control that's how you do it.

Henry: Exactly.

Mike: And we can do it. And we'll be there by the end of the year. We'll have an alpha by the end of the year,

Henry: I cannot wait. But you're exactly right. It's just like having a home by the, a farm, a house, a condo, an apartment you go in there, it's your sanctuary, you're safe.

Mike: Totally.

Henry: And you go out and you interact with the world when you wish.

Mike: It's time to stop making a mockery of our right to privacy. Everybody says we have one yet. This is a complete indication that we don't. So, it's time to take it back.

Henry: Right on. Thank you, Mike, Chris, again, thanks for your illuminating thoughts. And gentlemen, I look forward to the next one.

Mike: Thank you Henry. Thanks Chris.

Chris:            Thank you, Henry.