Commercial Location Data Used to Out Priest

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis:

The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual. A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information.

There is a whole industry devoted to re-identifying anonymized data. This was something that Snowden showed that the NSA could do. Now it’s available to everyone.

Tags: , , , , , ,

Posted on July 23, 2021 at 8:58 AM26 Comments

Comments

JonKnowsNothing July 23, 2021 9:45 AM

@All

What is curious, is how the person was targeted in the first place?

  • Either the person was SPOTTED at a known venue and then someone did parallel constructed for proof

or

  • Someone was just doing a whole lot of cross table matching with a whole lot of CPU cycles on huge data sets

Per the reports, it appears the Data Brokers were not aware of the true purpose or intended use for the data. Likely they don’t care much what you do with the data just as long as you pay for it.

But someone went to a lot of trouble and expense just the same. There are organizations that do target all kinds of persons, the “bounty hunter or entrapment” groups and some of them are well funded either privately or by LEAs.

Somebody had “An Axe To Grind”.

Winter July 23, 2021 9:56 AM

@Jon
From the link

Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don’t mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.

The Tech companies are lying. They know this is absolutely not true. Multi-dimensional data is never anonymous. Location data is the worst kind. The simple truth is, there can only be a few persons in a certain spot. If you know a few spots, you have a close to 100% certainty who that person was.

And if you want to know who it is by name, look at where the person is at night and at 9 AM. That will be home and work.

JonKnowsNothing July 23, 2021 9:59 AM

re: re-identifying anonymized data

iirc(badly)

Not too long back, the UK sold a hunk of their Health Services Data to Google, the reason given was that Googles Systems could help improve some part of their NHS system.

They were given just 3 parts of the UK zip-code system, so that no information could be re-identified or linked to a specific patient. That was a no-no.

Took a day or two but even though they agreed Not To Do That, They Did It. And now millions of UK health records are linked to the real person, in real time.

The UK is so desperate for funding, they are planning on selling off another batch of data. They have already mined the hospital records and part of their PCP/GP offices (where the data hookers went in with scanners). There is still something left for the UK government to sell.

In the USA, Doctor – Client private chats only last until the Doctor logs into the main system and begins to fill in all the tick boxes.

For some Health Care Systems this data is then forwarded to their Research Divisions. The data held there is worth a lot of zeros – some of these systems hold lifetime – cradle to grave data.

It’s all done in the name of research, the patents are just a side issue of course.

JonKnowsNothing July 23, 2021 10:08 AM

@Winter

re: If you know a few spots, you have a close to 100% certainty who that person was.

And if you want to know who it is by name, look at where the person is at night and at 9 AM. That will be home and work.

  • You have already selected a target and a location

Millions of people go to church or halls of worship. Millions of people are on the internet. N-Numbers use apps of all types. Millions of people go to work, on vacation, travel. Millions shop on-line, or swipe a card. There are millions of people with phones or other tracking devices (sports watches).

  1. Someone picked this guy for a target.
  2. Someone had a starting point or a starting issue.

It does not appear to be a “random outing”. There are groups that Dox folks the same as any other malware, spyware group does and some groups “force out” people of all orientations because they have “ELITE RIGHTS” to make “OTHERS KNOWN”. Some groups do it because of “PRIDE” and some groups do it because of “SHAME”.

It seems the latter group is at work here.

Clive Robinson July 23, 2021 11:53 AM

@ Bruce, ALL,

As I’ve pointed out repeatedly over the years, if the laws of physics alow, sooner rather than later someone will do it.

It’s not as though the warning signs have not been there lit up in multiple spotlights for all to see, but for some reason we just keep looking the other way with our fingers in our ears going “nah,nah,nah,nah” over and over as though some how it will stop it, it won’t and history has told us this over and over and over.

@Bruce once asked the readers of this blog if “collect it all was possible?” the resounding answer was not just “YES” but the technical details on how it coyls be done.

Even with Bluffdale visably being built and part of it’s purpose obvious people were still in denial.

Even when the Ed Snowden trove confirming what was technically “common knowledge” people kept being in denial.

Thus the real question I guess is not “Why are people doing this?” that much is fairly clear, but,

Why despite all the reliable data out there we are being data raped at every opportunity, do we stupidly persist in thinking people would not do it?

lurker July 23, 2021 12:05 PM

@Jon:
Someone picked this guy for a target.

Then he made it easy for them by
using a location-based hookup app

It only gets a headline because of his job. How many other nobodies are caught like this but don’t rate a MSM story?

SpaceLifeForm July 23, 2021 3:52 PM

@ JonKnowsNothing, ALL

What is curious, is how the person was targeted in the first place?

Because the target put a target on his back. He drew the attention. Idiot.

hxtps://boingboing.net/2021/07/22/catholic-priest-who-wants-to-prevent-biden-from-receiving-communion-resigns-in-sex-scandal.html

echo July 23, 2021 4:25 PM

@SpaceLifeForm

Oh he was one of those politically aggressive hypocrites? Then his outing was legitimate in my book.

Digging deeper through the BoingBoing article the power tripping of a self apointed cabal of priests questionable legal and ethical reasoning stand out not to mention questionable theology. No. The bigger scandal is how the Catholic church manages to get away with institutionalising such horrid dogma in this day and age.

The Catholic church has uncomfortably close links with far right extremists and terrorists. That would be one reason alone why someone may wish to target them for scrutiny and surveillance even if it’s just to fill in the pattern.

ADFGVX July 23, 2021 5:51 PM

lurker • July 23, 2021 12:05 PM

@Jon:
Someone picked this guy for a target.

Then he made it easy for them by
using a location-based hookup app

Oh really? How do you fellows know you aren’t using location based hookup app on your cellphones? All that NSO/Candiru malware observed connecting to sex chat lines, with downloaders and awareness install stagers making connections to sites known to host illegal content.

SpaceLifeForm July 23, 2021 6:50 PM

@ Clive, ALL

This is probably the most stupid rhetorical/troll question I’ve read in years.

s/hookup app//

How do you fellows know you aren’t using location based hookup app on your cellphones?

You don’t need an app for that.

RightSaidFred July 23, 2021 7:21 PM

This priest was almost certainly targeted. He was the highest ranking non-Bishop at the U.S. Bishops Conference. He was involved in outing Bishops and priests who were abusers or were gay. Someone went after this guy, and handed the information to the Pillar. They do not do investigative journalism.

And how did they connect his phone to the data? Someone had to hack into his phone. That seems to be the point of the third party company that the Pillar supposedly hired themselves for “authentication”. That was likely illegal.

MeAgain July 23, 2021 7:25 PM

Grindr said what was claimed was “technically infeasible”. Right, meaning it could not be done without some hacking added to the data set.

lurker July 23, 2021 10:03 PM

@ADFGVX: How do you fellows know you aren’t using location based hookup app on your cellphones?

Short answer, I don’t know.
I do have data service turned off until I need it; I do have an always on traffic load monitor which never shows anything to worry about; I always have gps turned off; the cell sites around my area are in the order of 10 – 15 km apart, so good luck pinning me down.

For the subject of this thread: his terms of employment include Leviticus 20:13, so his employer might have reasonable grounds in some jurisdictions to use whatever means to verify his compliance.

lurker July 23, 2021 10:22 PM

@CMYK
It’s called balanced reporting: last week we bashed the spyware merchants of Jerusalem; this week we bash the deviant servants of Rome. In the first case we have covert software surrepticiously spying on citizens going about their lawful business. In the second case open market software working like it says on the box is reporting activities of dubious moral or legal acceptability.

Winter July 24, 2021 4:34 AM

@echo
“Oh he was one of those politically aggressive hypocrites? ”

Don’t be dismissive of hypocrites. The world of religion and politics would hardly exist without them. How could we organise society without hypocrites?

echo July 24, 2021 5:51 AM

@Winter

Don’t be dismissive of hypocrites. The world of religion and politics would hardly exist without them. How could we organise society without hypocrites?

One simply needs to respect science and the law. I famously have no sense of humour when discussing philosophy, or science or law for that matter. Hypocrisy or merely reframing with gags are equally irrelevant. I don’t think your mind is fully engaged with or gets the seriousness of the topic.

Winter July 24, 2021 5:59 AM

@echo
“One simply needs to respect science and the law. ”

But society is not organised around law or science. Society is organised around religion and ideology. And ideology and religion are organised around ideals that are deeply inhumane and unreachable. Hence the need for hypocrites who act out this unreachable ideal.

RickRandom July 24, 2021 8:13 AM

@lurker
I do have an always on traffic load monitor which never shows anything to worry about

What do you use for traffic load monitoring?

lurker July 24, 2021 3:10 PM

@RickRandom
It comes built into the OS, a Chinese one, so may not be available in some markets…

JonKnowsNothing July 24, 2021 4:53 PM

While schadenfreude runs rampant about the accusations and doxing using supposedly “just found” geolocation data in a questionable situation of “a random surprise finding” of the relevant information rather than a “targeted doxing”, BKrebs has an article about a criminal group doing something similar.

The articles goes into length about the lengths people will go to for something as simple as a desirable internet handle and their increasingly violent attempts to extract the handle from the holder. Some of these include creating fake accounts with those handles in salacious groups or targeted policing databases and other forms of getting someone On A List and getting the cops to arrive with guns drawn and ready to shoot (SWATTING).

Being mindful that such activities are common on the internet and very few of us have any ability to prevent them. LEAs cannot prevent it, Internet providers cannot prevent it, Services of all types cannot prevent it, Governments cannot prevent it either.

It’s another source of kompromat.

It doesn’t have to be true to be of value. If true, it’s of greater value.

===

ht tps://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/

Serial Swatter Who Caused Death Gets Five Years in Prison 07 21 2021

ht tps://en.wikipedia.org/wiki/Schadenfreude

  • Schadenfreude is a complex emotion where, rather than feeling sympathy, one takes pleasure from watching someone’s misfortune, one takes pleasure from blaming, pin pointing, or hurting someone.

ht tps://en.wikipedia.org/wiki/Doxing

  • Doxing or doxxing is the act of publicly revealing previously private personal information about an individual or organization, usually through the Internet.[1][2][3][4][5][6] Methods employed to acquire such information include searching publicly available databases and social media websites (like Facebook), hacking, and social engineering. Doxing may be carried out for various reasons, including online shaming, extortion, and vigilante aid to law enforcement.[7][8] It also may be associated with hacktivism.

ht tps://en.wikipedia.org/wiki/Kompromat

  • damaging information about a politician, a businessperson, or other public figure, which may be used to create negative publicity, as well as for blackmail, often to exert influence rather than monetary gain, and extortion. Kompromat may be acquired from various security services, or outright forged, and then publicized by use of a public relations official

(url fractured to prevent autorun)

Who? July 25, 2021 2:00 PM

@ lurker, RickRandom, and anyone in this forum

GPS is not required these days; for more than a decade Google has been geolocating devices using access points (by means of its BSSID) consulting a huge database of identifiers captured by their “street view” cars.

Data gathered by cell phones can be locally stored until a data conection is available. No need to send it in real time.

Traffic load does not provide useful information in this case, as the amount of information submitted is minimal.

All this is considering expected communication channels only. Unexpected ones may include radio-to-base station messages, that may be broadcast even if cell phone is turned off, but latter should only be available to LEAs.

Babak July 25, 2021 9:48 PM

To protect yourself from Cellphone Tracking, use this:

1- Wrap your cell with aluminum foil

2- Wrap it with a plasticWrap

3- Wrap it again with Aluminum Foil

4- Wrap it again with Plastic Wrap

All Signals get blocked, wifi, cell signal, GPS and …

Babak

ADFGVX July 25, 2021 9:56 PM

@ Babak • July 25, 2021 9:48 PM

To protect yourself from Cellphone Tracking, use this:

1- Wrap your cell with aluminum foil

2- Wrap it with a plasticWrap

3- Wrap it again with Aluminum Foil

4- Wrap it again with Plastic Wrap

All Signals get blocked, wifi, cell signal, GPS and …

Babak

Or a prisoner on an ankle monitoring bracelet.

lurker July 26, 2021 12:54 AM

@Who?

…for more than a decade Google has been geolocating devices using access points (by means of its BSSID)…

When I use my phone as a hotspot I get geolocated to the telco’s gateway. It would be a pity for the drone strike aimed at me to take out a city block 300 kilometres away…

Untitled July 26, 2021 2:26 PM

It would be a pity for the drone strike aimed at me to take out a city block 300 kilometres away…

{shrug}  Collateral damage.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.