mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

336K
active users

Global mass surveillance, but based on data from digital advertising and mobile apps.

The system is operated by Bazze, a US federal contractor that sells to the US Dept of Defense, as reported by the WSJ in October 2023:
wsj.com/tech/cybersecurity/how

I came across software docs publicly available on the web that show how Bazze's clients can search for phones in certain areas, or for a person's location history by name, email, phone number, IMSI, IMEI, home address or social media profile.

Thread:

Bazze says it has access to personal information about a hundred million smartphones from 200 countries including Japan, Brazil and Australia, i.e. from everywhere except the US and Europe, at least this is what it claims.

The Bazze API docs describe in detail how security agencies and others can access records that contain mobile device IDs, GPS coordinates and other personal data:
bazze.io/docs/api
web.archive.org/web/2024021413

Clients can query the data in almost every way.

Bazze clients can search for location 'records' or 'users' in certain small or large geographic areas.

Conversely, they can query location records by "searching one or more selectors", such as:

- a mobile device's "advertising ID" (which Bazze refers to as the "user id")
- IP address
- Wifi SSID/BSSID

While the 'advertising ID' is a unique identifier that refers to the person who owns a mobile device, it is a *pseudonymous* identifier.

Conveniently, Bazze also allows to search for location records by name, email address, phone number, home address and social media profile.

Clients can get either the "real-time device location" or the "last known location" by phone number and even by IMSI.

In addition, the Bazze system even provides functionality to get "call data records" (CDR) by phone number, IMEI or IMSI.

This suggests that the system allows security agencies and other clients to link digital advertising data from the web and mobile apps with telco data.

The API also covers cell tower data.

The system's location taxonomy specifically focuses on places that are relevant for military operations such as industrial sites, power plants, harbors, military bases, radar sites etc, but also includes embassies and consulates.

This is kind of: NSA global mass surveillance but based on digital advertising data/infrastructure.

Will only the US military use this kind of commercial/advertising data?

No, it's easy to access for any kind of state actor, company or criminal organization.

Clients who use the Bazze API can also, for example, search for people who:

- visited two particular countries in certain time periods
- visited a particular embassy and military base

...or they can search for persons who visited whatever place in combination with whatever other place

It seems that Bazze is far from covering entire populations. But this still violates the rights of many million people. It is very likely that several actors access similar data at an even larger scale.

I briefly came across Bazze already in Sept 2020.

Back then, I took some screenshots. The API was already available, and Bazze stated to receive data from 100m devices daily in 'Africa, Middle East, Asia, Latin America and Eastern Europe' via 'numerous SDK location data vendors'.

The current Bazze website states that the firm has 'historical data' back from Jan 2019:
bazze.io/reviq-methodology

That would be 5 years worth of location history about 100m people across many regions in the world.

As Bazze obtained data from UberMedia, it probably did not only receive data from mobile app SDKs but also from the RTB bidstream in digital advertising.

UberMedia, which is now a Near subsidiary, stated in 2020 that it harvests bidstream data at scale:
twitter.com/WolfieChristl/stat

In 2022, the WSJ found that UberMedia was one of the data brokers who bought and sold data on Grindr users obtained via MoPub:
twitter.com/WolfieChristl/stat

X (formerly Twitter)Wolfie Christl (@WolfieChristl) on XHow do they obtain location data? From 62 mobile apps that embed UberMedia's data harvesting software, 400 apps that embed data harvesting software operated by other firms, and from 100,000 apps that constantly leak location data while displaying ads. https://t.co/WcNPrcA1sA

As stated, it is unlikely that only the US military uses this kind of commercial/advertising data. It's easy to access for shady firms, state actors or criminal organizations.

In November, we published a report about advertising data as a national security threat (there are two versions for Europe and the US):
iccl.ie/digital-data/europes-h
iccl.ie/digital-data/americas-

And I recently helped reveal a system similar to Bazze operated by a network of companies based in Israel:
mastodon.social/@wchr/11141059

Wolfie Christl

The US data broker Bazze secretly obtains location and identity data about a hundred million people via smartphone apps, digital advertising and consumer records and sells it to the US military.

NSA-like global mass surveillance, but based on commercial data.

Forbes has now a report about it:
forbes.com/sites/sarahemerson/